Malware Analysis Report

2025-05-06 00:50

Sample ID 241109-y6z3ks1gqb
Target notepadd++.exe
SHA256 33831a79387cf9f8ceae5481eb2f69b15b43be49ec2ab4ba50a0f0efcb009bcd
Tags
discovery persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

33831a79387cf9f8ceae5481eb2f69b15b43be49ec2ab4ba50a0f0efcb009bcd

Threat Level: Likely malicious

The file notepadd++.exe was found to be: Likely malicious.

Malicious Activity Summary

discovery persistence

Downloads MZ/PE file

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

Adds Run key to start application

Checks installed software on the system

Enumerates connected drives

Drops file in Windows directory

Drops file in Program Files directory

Unsigned PE

Browser Information Discovery

System Location Discovery: System Language Discovery

Enumerates physical storage devices

System Time Discovery

Suspicious use of SendNotifyMessage

Modifies data under HKEY_USERS

Modifies registry class

NTFS ADS

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-09 20:25

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-09 20:24

Reported

2024-11-09 20:32

Platform

win10v2004-20241007-en

Max time kernel

329s

Max time network

335s

Command Line

"C:\Users\Admin\AppData\Local\Temp\notepadd++.exe"

Signatures

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation C:\Windows\Temp\{40C3B9DB-A9C2-4C6E-B610-D523BFAFB536}\.cr\dotnet-sdk-8.0.403-win-x64.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Windows\Temp\{40C3B9DB-A9C2-4C6E-B610-D523BFAFB536}\.cr\dotnet-sdk-8.0.403-win-x64.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{c8a2ace2-6555-4192-bf52-f8dfb1eb7678} = "\"C:\\ProgramData\\Package Cache\\{c8a2ace2-6555-4192-bf52-f8dfb1eb7678}\\dotnet-sdk-8.0.403-win-x64.exe\" /burn.runonce" C:\Windows\Temp\{AA6B456E-A319-4B98-B051-0DD8188E0953}\.be\dotnet-sdk-8.0.403-win-x64.exe N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\sdk\8.0.403\ru\Microsoft.TemplateEngine.Orchestrator.RunnableProjects.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.403\Sdks\NuGet.Build.Tasks.Pack\Desktop\cs\NuGet.Build.Tasks.Pack.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.403\es\NuGet.Commands.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.403\Sdks\Microsoft.Build.Tasks.Git\tools\net472\cs\Microsoft.Build.Tasks.Git.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.403\FSharp\ko\FSharp.Build.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.10\PresentationFramework-SystemXmlLinq.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.10\zh-Hans\UIAutomationProvider.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk-manifests\8.0.100\microsoft.net.workload.mono.toolchain.current\8.0.10\localize\WorkloadManifest.ru.json C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.403\Microsoft\Microsoft.NET.Build.Extensions\net461\lib\System.Runtime.Extensions.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.403\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysislevelglobalization_7_default.globalconfig C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.403\Containers\tasks\net8.0\NuGet.LibraryModel.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.403\Sdks\Microsoft.Build.Tasks.Git\tools\net472\ja\Microsoft.Build.Tasks.Git.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.403\Sdks\Microsoft.NET.Sdk.Web.ProjectSystem\tools\net8.0\Microsoft.NET.Sdk.Web.ProjectSystem.Tasks.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.10\pl\WindowsBase.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.403\zh-Hant\NuGet.Build.Tasks.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.403\pt-BR\NuGet.ProjectModel.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.403\Microsoft.Build.Utilities.Core.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.403\DotnetTools\dotnet-watch\8.0.403-servicing.24469.19\tools\net8.0\any\BuildHost-net472\System.Buffers.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.403\pt-BR\Microsoft.DotNet.Configurer.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App\8.0.10\Microsoft.AspNetCore.Http.Features.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.403\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysislevelperformance_9_default_warnaserror.globalconfig C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.10\System.Windows.Input.Manipulations.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\packs\Microsoft.AspNetCore.App.Ref\8.0.10\ref\net8.0\Microsoft.Extensions.Primitives.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\packs\Microsoft.AspNetCore.App.Ref\8.0.10\ref\net8.0\Microsoft.AspNetCore.Authentication.Cookies.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.403\es\NuGet.Build.Tasks.Console.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.403\DotnetTools\dotnet-format\it\Microsoft.CodeAnalysis.CSharp.Features.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.403\DotnetTools\dotnet-watch\8.0.403-servicing.24469.19\tools\net8.0\any\middleware\Microsoft.AspNetCore.Watch.BrowserRefresh.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.10\zh-Hant\WindowsFormsIntegration.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\packs\NETStandard.Library.Ref\2.1.0\ref\netstandard2.1\System.Diagnostics.Debug.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.403\TestHostNetFramework\testhost.net472.arm64.exe.config C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.403\Containers\tasks\net472\Microsoft.Extensions.Primitives.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.403\DotnetTools\dotnet-format\zh-Hant\Microsoft.CodeAnalysis.VisualBasic.Workspaces.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.403\Containers\containerize\ko\System.CommandLine.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\packs\Microsoft.NETCore.App.Ref\8.0.10\ref\net8.0\System.Runtime.InteropServices.JavaScript.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.10\DirectWriteForwarder.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.403\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.ObsoleteReferences.targets C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.403\it\Microsoft.DotNet.Cli.Sln.Internal.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.403\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysislevelglobalization_8_default_warnaserror.globalconfig C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App\8.0.10\Microsoft.AspNetCore.SignalR.Common.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.10\System.IO.FileSystem.Primitives.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.403\TestHostNetFramework\System.Net.Sockets.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.403\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysislevelmaintainability_6_recommended_warnaserror.globalconfig C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.403\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysislevelusage_5_all.globalconfig C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.10\ja\Microsoft.VisualBasic.Forms.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.403\Sdks\Microsoft.NET.Sdk\tools\net8.0\cs\Microsoft.Deployment.DotNet.Releases.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.403\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysislevelusage_6_none_warnaserror.globalconfig C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.403\Sdks\Microsoft.NET.Sdk\tools\net8.0\pt-BR\Microsoft.DotNet.PackageValidation.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.403\DotnetTools\dotnet-watch\8.0.403-servicing.24469.19\tools\net8.0\any\pl\Microsoft.CodeAnalysis.Scripting.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.403\pt-BR\NuGet.Commands.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.403\zh-Hant\NuGet.Packaging.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.403\Microsoft\Microsoft.NET.Build.Extensions\net461\lib\System.Runtime.CompilerServices.VisualC.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.403\Sdks\Microsoft.NET.Sdk.Publish\tools\net8.0\Microsoft.Web.XmlTransform.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.403\Containers\containerize\Valleysoft.DockerCredsProvider.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.10\zh-Hans\UIAutomationTypes.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.403\Sdks\Microsoft.NET.Sdk.StaticWebAssets\targets\Sdk.StaticWebAssets.CurrentVersion.targets C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.403\Sdks\Microsoft.NET.Sdk.WindowsDesktop\tools\net472\System.Collections.Immutable.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.403\Roslyn\de\Microsoft.Build.Tasks.CodeAnalysis.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.403\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.PackTool.props C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.403\Sdks\Microsoft.NET.Sdk\tools\net8.0\es\Microsoft.DotNet.ApiCompat.Task.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App\8.0.10\Microsoft.AspNetCore.Authentication.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.10\zh-Hans\UIAutomationClient.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App\8.0.10\Microsoft.AspNetCore.Mvc.TagHelpers.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\packs\Microsoft.AspNetCore.App.Ref\8.0.10\ref\net8.0\Microsoft.AspNetCore.Mvc.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.403\Extensions\ru\Microsoft.TestPlatform.TestHostRuntimeProvider.resources.dll C:\Windows\system32\msiexec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Installer\MSI9CEE.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\63337BB296F4141479799EDBF63E89A0\CacheSize.txt C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIED0B.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{A7036CFB-B403-4598-85FF-D397ABB88173} C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{61DDF3F6-B199-45CB-9483-88C2A4BF8D8A} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI4FC5.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI6C4F.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e599bda.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\$PatchCache$\Managed\63337BB296F4141479799EDBF63E89A0\64.8.8795\fileCoreHostExe C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\$PatchCache$\Managed\63337BB296F4141479799EDBF63E89A0\CacheSize.txt C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIFA6D.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e599b8a.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e599bc5.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e599bde.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIEE64.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e599b94.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{62EAD19D-3122-3A47-9BB4-0B802B106314} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI3B4C.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI3C95.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e599bc1.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI235A.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e599b9e.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e599bc6.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e599bc6.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e599bcf.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e599b65.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\63337BB296F4141479799EDBF63E89A0\64.8.8795\fileCoreHostExe C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIE94.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI36B7.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e599bbc.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI7B0A.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIE856.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e599b85.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI1D5D.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e599b9d.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI81B3.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIB761.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIFD5C.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI72EA.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e599bd9.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e599bdf.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI375C.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e599b5c.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e599b66.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e599bca.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e599bd0.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{3A80EBC5-6B68-49B9-BEBD-E1A6C966B416} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e599b76.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e599b85.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e599bad.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e599bb7.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI5A86.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e599b66.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e599b71.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI1906.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e599bb6.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI565F.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI6682.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{EFB9E0CC-AA8A-4D24-8FDA-33E693C22688} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIC551.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIE671.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{614C9740-3FD4-4788-A277-7C35CB4C323B} C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e599b8e.msi C:\Windows\system32\msiexec.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Temp\{AA6B456E-A319-4B98-B051-0DD8188E0953}\.be\dotnet-sdk-8.0.403-win-x64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\dotnet-sdk-8.0.403-win-x64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Temp\{40C3B9DB-A9C2-4C6E-B610-D523BFAFB536}\.cr\dotnet-sdk-8.0.403-win-x64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A

System Time Discovery

discovery
Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3c C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2d C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\36 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2f C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\42 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\29 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\40 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\41 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2A C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3B C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\29 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3C C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\36 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\38 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\33 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\34 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3E C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\31 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\31 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\28 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2e C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\30 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\32 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\38 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\27 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2D C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3A C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3b C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2B C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\35 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\41 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3f C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2C C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3a C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\34 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\37 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3F C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2E C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\32 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\40 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2c C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\33 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\35 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\39 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\39 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3d C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\28 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3e C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2F C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\30 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\37 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3D C:\Windows\system32\msiexec.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\BFC6307A304B895458FF3D79BA8B1837 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\CB6FA83ADA53BCE43B6FA2F5A709084F\F_RegistryKeys C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\630BEA3FA8B452C44B2D5890449E904C\SourceList C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\776E3A688CE808043995BFECDA30C927 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NET.Sdk.Aspire,8.0.100,8.0.0-preview.1.23557.2,x64\ = "{F3AEB036-4B8A-4C25-B4D2-850944E909C4}" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\2C0D7B51902F82C4FAC1DF38624F5DA8\Version = "1076384842" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\windowsdesktop_runtime_64.40.21605_x64 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D91DAE26221374A3B94BB008B2013641\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{62EAD19D-3122-3A47-9BB4-0B802B106314}v8.0.10.24468\\" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\57E95FB650EB96C4C98453236BEDE05C\SourceList\Net C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\782729899778A74419E93720D8357F91\F_PackageContents C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.NET.Sdk.macOS,8.0.100,14.0.8478,x64 C:\Windows\Temp\{AA6B456E-A319-4B98-B051-0DD8188E0953}\.be\dotnet-sdk-8.0.403-win-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\630BEA3FA8B452C44B2D5890449E904C\PackageCode = "180A0EA5490D0D24685174214848B9AC" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\27F9D946C5261C532811A4C2C3741C5C\CB6FA83ADA53BCE43B6FA2F5A709084F C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E6BF6B9FE93264D4EB6009240F6B8478\SourceList\PackageName = "caafbc922987368d181973bdabc1d7de-x64.msi" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\2C0D7B51902F82C4FAC1DF38624F5DA8\SourceList\Media C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\DE1DC260C3A0C3848A17057123045C54\SourceList\Net C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\netstandard_targeting_pack_24.0.28113_x64\Dependents C:\Windows\Temp\{AA6B456E-A319-4B98-B051-0DD8188E0953}\.be\dotnet-sdk-8.0.403-win-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6F3FDD16991BBC544938882C4AFBD8A8\SourceList\Media C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NET.Sdk.macOS,8.0.100,14.0.8478,x64\Version = "14.0.8478" C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0D6FE611E8EAD6E40B8DFE1F54DC54AD\Clients = 3a0000000000 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\dotnet_apphost_pack_64.40.21578_x64_arm64\Dependents C:\Windows\Temp\{AA6B456E-A319-4B98-B051-0DD8188E0953}\.be\dotnet-sdk-8.0.403-win-x64.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D91DAE26221374A3B94BB008B2013641\InstanceType = "0" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D91DAE26221374A3B94BB008B2013641\SourceList\PackageName = "aspnetcore-targeting-pack-8.0.10-servicing.24468.4-win-x64.msi" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1CBD8D3B8681AC04980C00D291E34709\DeploymentFlags = "3" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\630BEA3FA8B452C44B2D5890449E904C\F_DependencyProvider C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\CC0E9BFEA8AA42D4F8AD336E392C6288\Assignment = "1" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\CC0E9BFEA8AA42D4F8AD336E392C6288\DeploymentFlags = "3" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\CBC511F81473AE24F8E28B0D6A53397D\DeploymentFlags = "3" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6F3FDD16991BBC544938882C4AFBD8A8\ProductName = "Microsoft .NET 8.0 Templates 8.0.403 (x64)" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\NetCore_Templates_8.0_32.10.55893_x64\Dependents C:\Windows\Temp\{AA6B456E-A319-4B98-B051-0DD8188E0953}\.be\dotnet-sdk-8.0.403-win-x64.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8E99F865D2F97D840AD56DC415B2A3DF\Version = "285221150" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E6BF6B9FE93264D4EB6009240F6B8478\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{F9B6FB6E-239E-4D46-BE06-9042F0B64887}v64.40.21578\\" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\630BEA3FA8B452C44B2D5890449E904C\AdvertiseFlags = "388" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\CC0E9BFEA8AA42D4F8AD336E392C6288\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{EFB9E0CC-AA8A-4D24-8FDA-33E693C22688}v32.8.55893\\" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\833A9D1B4BE26C530BC943D325F1845E\57E95FB650EB96C4C98453236BEDE05C C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.NET.Sdk.Maui,8.0.100,8.0.3,x64 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\DE1DC260C3A0C3848A17057123045C54 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5CBE08A386B69B94EBDB1E6A9C664B61\SourceList\Media\1 = ";" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Dotnet_CLI_SharedHost_8.0_x64 C:\Windows\Temp\{AA6B456E-A319-4B98-B051-0DD8188E0953}\.be\dotnet-sdk-8.0.403-win-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\CBC511F81473AE24F8E28B0D6A53397D\SourceList\Media C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A44EC839E2ED95B4DB7B5D514AA10A92\SourceList C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\E97D7325C1339393783BB0359BCD0AA1\9FB75A5BA7CF6AF4ABBE641E3789D63F C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8E99F865D2F97D840AD56DC415B2A3DF\ProductName = "Microsoft.NET.Sdk.tvOS.Manifest-8.0.100 (x64)" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E68A770D982022546A5387D31BBDE782\SourceList\Media C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\1CBD8D3B8681AC04980C00D291E34709\F_PackageContents C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.NET.Workload.Emscripten.Current,8.0.100,8.0.10,x64 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\DE1DC260C3A0C3848A17057123045C54\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{062CD1ED-0A3C-483C-A871-50173240C545}v64.40.21578\\" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0479C4164DF388742A77C753BCC423B3\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{614C9740-3FD4-4788-A277-7C35CB4C323B}v64.40.21605\\" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\NetCore_Templates_8.0_32.10.55893_x64\DisplayName = "Microsoft .NET 8.0 Templates 8.0.403 (x64)" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6F3FDD16991BBC544938882C4AFBD8A8\PackageCode = "4434B262F7819B948B06A6CCED9D0AA7" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\306051AD8B00B0139BD0579A2D71805E C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8E99F865D2F97D840AD56DC415B2A3DF\DeploymentFlags = "3" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\CB6FA83ADA53BCE43B6FA2F5A709084F C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\56E91FE16472EE73E9EC7BED95BDEBD6 C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E7ACC97FC6D734F459F18B0C7CF4788E\AuthorizedLUAApp = "0" C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6F3FDD16991BBC544938882C4AFBD8A8\Clients = 3a0000000000 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\2C0D7B51902F82C4FAC1DF38624F5DA8\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{15B7D0C2-F209-4C28-AF1C-FD8326F4D58A}v64.40.21578\\" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\DE1DC260C3A0C3848A17057123045C54\PackageCode = "EF66BBD9B7294B44CAD37BD1624CAE46" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\CBC511F81473AE24F8E28B0D6A53397D C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\dotnet_apphost_pack_64.40.21578_x64\Version = "64.40.21578" C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B068F02E296E4DD4287EF20FE6220213\Clients = 3a0000000000 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A44EC839E2ED95B4DB7B5D514AA10A92\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{938CE44A-DE2E-4B59-BDB7-D515A41AA029}v64.40.21578\\" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0D6FE611E8EAD6E40B8DFE1F54DC54AD\SourceList\Media\1 = ";" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1CBD8D3B8681AC04980C00D291E34709\SourceList\Media C:\Windows\system32\msiexec.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 339152.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Windows\Temp\{AA6B456E-A319-4B98-B051-0DD8188E0953}\.be\dotnet-sdk-8.0.403-win-x64.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\Temp\{AA6B456E-A319-4B98-B051-0DD8188E0953}\.be\dotnet-sdk-8.0.403-win-x64.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\Temp\{AA6B456E-A319-4B98-B051-0DD8188E0953}\.be\dotnet-sdk-8.0.403-win-x64.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\Temp\{AA6B456E-A319-4B98-B051-0DD8188E0953}\.be\dotnet-sdk-8.0.403-win-x64.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\Temp\{AA6B456E-A319-4B98-B051-0DD8188E0953}\.be\dotnet-sdk-8.0.403-win-x64.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\Temp\{AA6B456E-A319-4B98-B051-0DD8188E0953}\.be\dotnet-sdk-8.0.403-win-x64.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\Temp\{AA6B456E-A319-4B98-B051-0DD8188E0953}\.be\dotnet-sdk-8.0.403-win-x64.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\Temp\{AA6B456E-A319-4B98-B051-0DD8188E0953}\.be\dotnet-sdk-8.0.403-win-x64.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\Temp\{AA6B456E-A319-4B98-B051-0DD8188E0953}\.be\dotnet-sdk-8.0.403-win-x64.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\Temp\{AA6B456E-A319-4B98-B051-0DD8188E0953}\.be\dotnet-sdk-8.0.403-win-x64.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\Temp\{AA6B456E-A319-4B98-B051-0DD8188E0953}\.be\dotnet-sdk-8.0.403-win-x64.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\Temp\{AA6B456E-A319-4B98-B051-0DD8188E0953}\.be\dotnet-sdk-8.0.403-win-x64.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\Temp\{AA6B456E-A319-4B98-B051-0DD8188E0953}\.be\dotnet-sdk-8.0.403-win-x64.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\Temp\{AA6B456E-A319-4B98-B051-0DD8188E0953}\.be\dotnet-sdk-8.0.403-win-x64.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\Temp\{AA6B456E-A319-4B98-B051-0DD8188E0953}\.be\dotnet-sdk-8.0.403-win-x64.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Temp\{AA6B456E-A319-4B98-B051-0DD8188E0953}\.be\dotnet-sdk-8.0.403-win-x64.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\Temp\{AA6B456E-A319-4B98-B051-0DD8188E0953}\.be\dotnet-sdk-8.0.403-win-x64.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\Temp\{AA6B456E-A319-4B98-B051-0DD8188E0953}\.be\dotnet-sdk-8.0.403-win-x64.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\Temp\{AA6B456E-A319-4B98-B051-0DD8188E0953}\.be\dotnet-sdk-8.0.403-win-x64.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\Temp\{AA6B456E-A319-4B98-B051-0DD8188E0953}\.be\dotnet-sdk-8.0.403-win-x64.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Temp\{AA6B456E-A319-4B98-B051-0DD8188E0953}\.be\dotnet-sdk-8.0.403-win-x64.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\Temp\{AA6B456E-A319-4B98-B051-0DD8188E0953}\.be\dotnet-sdk-8.0.403-win-x64.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\Temp\{AA6B456E-A319-4B98-B051-0DD8188E0953}\.be\dotnet-sdk-8.0.403-win-x64.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\Temp\{AA6B456E-A319-4B98-B051-0DD8188E0953}\.be\dotnet-sdk-8.0.403-win-x64.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\Temp\{AA6B456E-A319-4B98-B051-0DD8188E0953}\.be\dotnet-sdk-8.0.403-win-x64.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\Temp\{AA6B456E-A319-4B98-B051-0DD8188E0953}\.be\dotnet-sdk-8.0.403-win-x64.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\Temp\{AA6B456E-A319-4B98-B051-0DD8188E0953}\.be\dotnet-sdk-8.0.403-win-x64.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\Temp\{AA6B456E-A319-4B98-B051-0DD8188E0953}\.be\dotnet-sdk-8.0.403-win-x64.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\Temp\{AA6B456E-A319-4B98-B051-0DD8188E0953}\.be\dotnet-sdk-8.0.403-win-x64.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\Temp\{AA6B456E-A319-4B98-B051-0DD8188E0953}\.be\dotnet-sdk-8.0.403-win-x64.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\Temp\{AA6B456E-A319-4B98-B051-0DD8188E0953}\.be\dotnet-sdk-8.0.403-win-x64.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3900 wrote to memory of 784 N/A C:\Users\Admin\AppData\Local\Temp\notepadd++.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3900 wrote to memory of 784 N/A C:\Users\Admin\AppData\Local\Temp\notepadd++.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 2964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 2964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 4308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 4308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 4308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 4308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 4308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 4308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 4308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 4308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 4308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 4308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 4308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 4308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 4308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 4308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 4308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 4308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 4308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 4308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\notepadd++.exe

"C:\Users\Admin\AppData\Local\Temp\notepadd++.exe"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://aka.ms/dotnet-core-applaunch?missing_runtime=true&arch=x64&rid=win10-x64&apphost_version=static&gui=true

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeaced46f8,0x7ffeaced4708,0x7ffeaced4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1980,11574126368652839805,11520712206432312302,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1992 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1980,11574126368652839805,11520712206432312302,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2580 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1980,11574126368652839805,11520712206432312302,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,11574126368652839805,11520712206432312302,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,11574126368652839805,11520712206432312302,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,11574126368652839805,11520712206432312302,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1980,11574126368652839805,11520712206432312302,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1980,11574126368652839805,11520712206432312302,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,11574126368652839805,11520712206432312302,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,11574126368652839805,11520712206432312302,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,11574126368652839805,11520712206432312302,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,11574126368652839805,11520712206432312302,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4076 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,11574126368652839805,11520712206432312302,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1980,11574126368652839805,11520712206432312302,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4976 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1980,11574126368652839805,11520712206432312302,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6080 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1980,11574126368652839805,11520712206432312302,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1256 /prefetch:8

C:\Users\Admin\Downloads\dotnet-sdk-8.0.403-win-x64.exe

"C:\Users\Admin\Downloads\dotnet-sdk-8.0.403-win-x64.exe"

C:\Windows\Temp\{40C3B9DB-A9C2-4C6E-B610-D523BFAFB536}\.cr\dotnet-sdk-8.0.403-win-x64.exe

"C:\Windows\Temp\{40C3B9DB-A9C2-4C6E-B610-D523BFAFB536}\.cr\dotnet-sdk-8.0.403-win-x64.exe" -burn.clean.room="C:\Users\Admin\Downloads\dotnet-sdk-8.0.403-win-x64.exe" -burn.filehandle.attached=576 -burn.filehandle.self=720

C:\Windows\Temp\{AA6B456E-A319-4B98-B051-0DD8188E0953}\.be\dotnet-sdk-8.0.403-win-x64.exe

"C:\Windows\Temp\{AA6B456E-A319-4B98-B051-0DD8188E0953}\.be\dotnet-sdk-8.0.403-win-x64.exe" -q -burn.elevated BurnPipe.{22444FC0-9205-4301-B31A-8E14C4E959D6} {6FF43A1E-EEAC-4CFD-A7F1-A716FAB714D6} 4948

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 64D9DF9E16176B88309EB06666B6EBDF

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 9BAE4F6255AD19856004DE956777A167

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding A5DB934814D0FBB4FDF5192E16EF89E9

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding FC149FD1FCD4C89538859168E62D7188

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding EBC2848E1909347A0CFCD7867D62BAB4

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding EABC49D088AF905833DF84B5E83B8DA8

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 1FF65355E042B5541035A9AD1C298F88

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 4F2F9DE896DCA2A792D4E7CB98C21FF2

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 1ABBAED76E866A8F81BD2E305982E0C8

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding CADC131721A14182553F4037F5A073A7

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding D2819795C79A2FA1813A4CD3F6C37E3D

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding FC91C90BFA3EA3E61E5BB530C63B1A5A

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 0CA91D06F32BF6874AFB794FAC3696E4

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 7C9C8B471C0C50C83927A4ED9B06DE65

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 628ECFE20B5EB52D01BFFC5E94B3CC06

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding C8DA444C61D312D3D88C7B681FE657DA

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding F881937F72C653BC3E49628245B71BF2

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding C59F6DB93BD39FF40E7D949091760857

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding E300DE40A61D6F489B1FDEA956FB17F3

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 89091A547235C021CF002080D4F4F516

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 23AC7AC2D5B6E98BB9D147C88F099CF9

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 80C90BBF37089516F16FC787D7AA1179

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding BE4D689025F33F16007612F8886D6752

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding CB84BD1FBB2F559E31EEEE2DA510B10F

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding FC2D201F2EC99104713AB275CC82A5C3

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 4358F6D2D4F0DC32A7F4C41D0EF5134C

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 8A86002E11C0A77FF9E96AB95E9AB8A6 E Global\MSI0000

C:\Program Files\dotnet\dotnet.exe

"C:\Program Files\dotnet\\dotnet.exe" exec "C:\Program Files\dotnet\\sdk\8.0.403\dotnet.dll" internal-reportinstallsuccess "C:\Users\Admin\Downloads\dotnet-sdk-8.0.403-win-x64.exe"

C:\Windows\system32\getmac.exe

"C:\Windows\system32\getmac.exe"

C:\Windows\system32\getmac.exe

"C:\Windows\system32\getmac.exe"

C:\Windows\system32\getmac.exe

"C:\Windows\system32\getmac.exe"

C:\Windows\system32\getmac.exe

"C:\Windows\system32\getmac.exe"

C:\Windows\system32\getmac.exe

"C:\Windows\system32\getmac.exe"

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding F8D49D7EBA40C77A680990815F773803

C:\Users\Admin\Desktop\notepadd++.exe

"C:\Users\Admin\Desktop\notepadd++.exe"

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Desktop\notepadd++.exe"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\notepadd++.dll

Network

Country Destination Domain Proto
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 68.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 aka.ms udp
IE 2.19.62.62:443 aka.ms tcp
US 8.8.8.8:53 dotnet.microsoft.com udp
US 8.8.8.8:53 62.62.19.2.in-addr.arpa udp
US 13.107.246.65:443 dotnet.microsoft.com tcp
US 8.8.8.8:53 65.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 js.monitor.azure.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 13.107.246.65:443 js.monitor.azure.com tcp
US 23.192.22.93:443 www.microsoft.com tcp
US 8.8.8.8:53 93.22.192.23.in-addr.arpa udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.65:443 wcpstatic.microsoft.com tcp
US 23.192.22.93:443 www.microsoft.com tcp
US 8.8.8.8:53 target.microsoft.com udp
US 8.8.8.8:53 microsoftmscompoc.tt.omtrdc.net udp
N/A 224.0.0.251:5353 udp
US 13.107.246.65:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 w.usabilla.com udp
IE 52.30.162.214:443 w.usabilla.com tcp
US 8.8.8.8:53 153.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 westus2-0.in.applicationinsights.azure.com udp
US 20.9.155.145:443 westus2-0.in.applicationinsights.azure.com tcp
US 8.8.8.8:53 d6tizftlrpuof.cloudfront.net udp
NL 18.239.15.45:443 d6tizftlrpuof.cloudfront.net tcp
US 8.8.8.8:53 214.162.30.52.in-addr.arpa udp
US 8.8.8.8:53 15.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 145.155.9.20.in-addr.arpa udp
US 8.8.8.8:53 45.15.239.18.in-addr.arpa udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 52.182.143.214:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 214.143.182.52.in-addr.arpa udp
US 52.182.143.214:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 download.visualstudio.microsoft.com udp
US 199.232.214.172:443 download.visualstudio.microsoft.com tcp
US 199.232.214.172:443 download.visualstudio.microsoft.com tcp
US 8.8.8.8:53 107.116.69.13.in-addr.arpa udp

Files

memory/3900-0-0x00007FF7FB790000-0x00007FF7FC0E9000-memory.dmp

memory/3900-2-0x00007FF7FB790000-0x00007FF7FC0E9000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e443ee4336fcf13c698b8ab5f3c173d0
SHA1 9bf70b16f03820cbe3158e1f1396b07b8ac9d75a
SHA256 79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b
SHA512 cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd

\??\pipe\LOCAL\crashpad_784_DCTYJNRMNOLVNGIU

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 56a4f78e21616a6e19da57228569489b
SHA1 21bfabbfc294d5f2aa1da825c5590d760483bc76
SHA256 d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb
SHA512 c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 39ae5673b7953d042defdf7b193ad4e9
SHA1 f70883002b3a50288e69d433ce6d459fd023c223
SHA256 f83b83a5abcb723b6367a01cdbf1763e3032fbf9e61c9f3a05ecf8f3b6b89f56
SHA512 9960c1033ef1d8a53293b9a921fb28b373a9c2186709df3cf991f2bc3b6f1edd74d266b3425f0fadf1140426bcc24cc87e5e1dcf18b6673dec532e31460120ef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e5c464ea20ab867852f3b6f0e2805475
SHA1 aaa26b08562fa47325e47dc9f38ffd26eb7e3598
SHA256 e41429f4b8b9da712f4a935529b37133d4b61be4271827bc3b3e80f24492f0ee
SHA512 135420a6e5db2c530d9077046605a5e40a6866f89e13d556d8fc40d6605839c17b535fa8e51aa542c435643e80130637d8ae697fcc8d68000ddd9a0680be7693

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7af9126c9c8d2eeeb3c24382acf0a019
SHA1 e895524c1cff2f02c388ce43ef0820916cb193cd
SHA256 5b98b3bc0622d663d7ba9866b4ce2789604bfb2f71326082f9d2178448dea377
SHA512 2327d81344d4b31b5d28bc57bcdb4e99bd11bf4dd07ecb77c977e8d658e5fce50ae07d291421510568c6e72c2dd35d1abac908375c6d11899e944a1e52f43d2b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 18e88684087a8f12cf6eeaf1311d541a
SHA1 9c9378bb816c38b78e5c5af460e5c1d7a9537c7a
SHA256 738079d17b25d05bf046074f1183e87f0e4d0b76a055f36a500383f8e15e3bdc
SHA512 95fe049508ea87ef13ee69248b2217b78423524753e678422ebebaa0a3a94154c692de76c2843a36a39aca497d5d7805633eb36da8db60fc423516a75d3fd6d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e2a518b4ced24e05928e58f738e3342b
SHA1 ac1e45d3e5c409aee3bc655f01110942186c53ae
SHA256 5f1b0120227c92a3427f889e351702da14eea24f0cb09602c96c96a502d97732
SHA512 81309cce0f0a931f8ae6c9fb9ff25df0a57c473b79b82fd180b1535457a1756be9020b48321f2b973a4bcabda56b91731350023716f284c679a3e40077b09b88

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58c956.TMP

MD5 1b667e15691ba451eac716d4fa4a997a
SHA1 2e118bddd3a140d9dfd67daa7e81e5d17bf774f5
SHA256 ff2d40a11e755b1e6d4d0b90f45e52c0d007bb58455ee9a996dbcd4ab7499f3b
SHA512 66bfcf34861a852ed4ec3f9dbd41fc372fa4eff244006372248bcb61ffe42045fb77c84544aa505bd17052a0c80264fc860dcc233c5109eed193eed06ac6ab37

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4e461385-616d-446b-a335-0b49432251d8.tmp

MD5 067f86d6cb16abdce03e64ba775ffdc0
SHA1 8124a1a20510d3bea354bf6de39fe58ef1b45bb9
SHA256 78dd4df2c67e96a4cd061fdc4cc41b5a86e4862d16698869430c7f51a59093b4
SHA512 e31fe00ccd207285cab0163a46c600e385e3d9631b12b79150a5c95aa5ff39938ff5b00bf4e2d2e93fcdc1807e181b45161be03f2020a08adaaca832f3a15eed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4782a8128ca1ab748e20e70b29e6c8a4
SHA1 7d614e27767e5546bb64d3fb545f4694a05b6627
SHA256 98f25e209b39f9eab0b898789e5ea349b36d9125fd47660613b7abeba3d2680a
SHA512 01c22deba66b90d8aad2d32517a20f14766eacdabb713debd84716532ebdd188b11f31d5cb37865bf2bcff0771afeb6b5c7713809da68aedb959bf0543881a80

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5c44003928b0ce1f59e1047aa5238b7c
SHA1 cdd9fa7a5a333f9563e8dd6a4b68a508b0810e28
SHA256 ef0ebe0b49a0244f7a49cebf4a25c230469b2625084b831f4c0ed4505ff8831f
SHA512 3730876f2548e6adde047c129205958d10bf6975386f2e4341c76367432156571ccea8306897fc1f3895d5c360d67dda568816119e3a8fbdfba9778a7bd28d5f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 618617aa4a9a28333606a791d0b39160
SHA1 8d018c7512cc8bedf39c8877b0d9844631cae25a
SHA256 37edde7cd88e6b7eab625585849afcf28c5c95471be3f9232d257fa198872495
SHA512 fb2601aacdb723d45044ea3073057d6f5db0b301f9f856b250459b9c7a5c33a162de2ac49965774211a83d65d68a091be94369583936f3cfbefa2967fb886795

C:\Windows\Temp\{40C3B9DB-A9C2-4C6E-B610-D523BFAFB536}\.cr\dotnet-sdk-8.0.403-win-x64.exe

MD5 7fa5713899bd98e0012e009acda9a617
SHA1 218fae69d36e56cfb34c47227f93d486935900fe
SHA256 a853f5d009f0083732a2b6c4352775d7b15ff3483a72c639cfb26847b6eba7d0
SHA512 d3d04235544e0065907beb047f51cf9c47f6ef65500b4f15deb19d0bf683dea5e0f8e56ba13462db445854de490d5cdc1c4848aba46f04b23d0be89d1698817d

C:\Windows\Temp\{AA6B456E-A319-4B98-B051-0DD8188E0953}\.ba\wixstdba.dll

MD5 f68f43f809840328f4e993a54b0d5e62
SHA1 01da48ce6c81df4835b4c2eca7e1d447be893d39
SHA256 e921f69b9fb4b5ad4691809d06896c5f1d655ab75e0ce94a372319c243c56d4e
SHA512 a7a799ecf1784fb5e8cd7191bf78b510ff5b07db07363388d7b32ed21f4fddc09e34d1160113395f728c0f4e57d13768a0350dbdb207d9224337d2153dc791e1

C:\Windows\Temp\{AA6B456E-A319-4B98-B051-0DD8188E0953}\.ba\bg.png

MD5 9eb0320dfbf2bd541e6a55c01ddc9f20
SHA1 eb282a66d29594346531b1ff886d455e1dcd6d99
SHA256 9095bf7b6baa0107b40a4a6d727215be077133a190f4ca9bd89a176842141e79
SHA512 9ada3a1757a493fbb004bd767fab8f77430af69d71479f340b8b8ede904cc94cd733700db593a4a2d2e1184c0081fd0648318d867128e1cb461021314990931d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 16a8ee25167a5b1faa64031bf52a88bf
SHA1 221102a4298c025300ba682aee5aa3132434ec86
SHA256 6b3e372ab7d50b710425fcfad3432e7d8100b5a25bc6dd40d14515ac720de19c
SHA512 01bbac2695f25bf7d620d70a50a47778645f63bd019d040da35f6bfad73e979e62e7292ea4047b6bcdf2ee2075c0b6ad61d6fa4ee22d94e808261484ec210347

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 180ba8f55fe98a6a41622f64ae625d5d
SHA1 adeb42d2249992ba1c418794f368a78e95fac680
SHA256 fc713d1c84ebbfe87463cecb3dc1c3cd080f0f80f9ae5a83f62bce8d1b3428f3
SHA512 3922722d863a69b427870e43ebd502c6781980377deb7d7fec5a26cf7bd50efad9a966be4e38e36a8517cbc6c202bf1848ccd0384f0014dff04dca132c727450

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8ceaa99fec1fff892c08a8c317a25b51
SHA1 f9f90ef72a3184317a4d3922767952a406d0b8e1
SHA256 4723d089847db45466ebc426d60e10b6cd0f1c3fa0ee7da2dd66fc80451233cf
SHA512 1d76a81d464c7202ca84c4c89f52f4dc48d67726471eee6172da5419f772db418d3d52a4168c5f1878db2ec1400cee7d5b256408c7f7d8a7e0b63f92bc3dcea7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1623ecf2-2542-452e-b692-0888ec82b85b.tmp

MD5 1260ee5913b8717fa674b9312f81b2b1
SHA1 dd02e1c444c0af979c093f6eab9e85fb6a5a83f0
SHA256 9c8965669b6e55c3a20af99e1a1e63f48e5ec9073f1a1199866818fe5c4cb641
SHA512 de8608a6d8ff387de754de98e8da1c9c2d476ce8fe8545cacf9de70919178c6deb8563523eb4997363163a4d63f38adea30b1c3ba553eb5b6afb5d786968a00e

C:\Windows\Temp\{AA6B456E-A319-4B98-B051-0DD8188E0953}\windowsdesktop_targeting_pack_8.0.10_win_x64.msi

MD5 d4c9727d69ce4dfd19193d1db9c374ec
SHA1 6f9e1d614608d80b6bf0561dcf9e453f4f0a86e1
SHA256 b04906b1d0eff2e70fd280771383a6662e8ba44010a6b3f1a649f95e4d39cc5f
SHA512 f7068f963842de2c1dd98f12ac34cde5326f0dd062368f6dbdf045c213272f1d95c99e0e556c1acc58e8c07f3694b5a97fdfdb3b1c784692add70a6238e47b8f

C:\Windows\Temp\{AA6B456E-A319-4B98-B051-0DD8188E0953}\Finalizer

MD5 09fdd7aed036ee40d0d6df6b1bc94ba7
SHA1 c15d3d0f6bea9e3e828792109379fee2599367ff
SHA256 d4f420879288b7e58c25dd44929d3c62b690c89bfe4605807c511d1b2d6d03ba
SHA512 16993dacc8f43da8ac104b7b937b17ed88f95ae68ca2c295cae61796f00169673a095c2abf5a6acb6e6b55c8a7cd1863426d89470f548cc95d8f3e61eb9155d1

C:\Windows\Temp\{AA6B456E-A319-4B98-B051-0DD8188E0953}\dotnet_runtime_8.0.10_win_x64.msi

MD5 3bcfd17c48bfcc5137f3f50d8821e7e8
SHA1 55070570acc7e35c88265ef918a20cd16af7e30c
SHA256 4ce2c04c89a8ad7dc03a7ae29ec1a703457c6ff2b50435f250502d7cf5e00219
SHA512 b31b87887e07dfcec7e1381806fc2d837c7e232fc214dd9a7032bde864a4cecf9d4b60e520c304cdbe95b32bf331399c989665f5d3056b0a84149337e9525164

C:\Windows\Temp\{AA6B456E-A319-4B98-B051-0DD8188E0953}\dotnet_hostfxr_8.0.10_win_x64.msi

MD5 93e8c3e371cbe28b13ae13f8d5c7a5e0
SHA1 381254533ad6d63154df46178abcfb22ba609a1e
SHA256 09c1e0ebd10b715b090cb4c2d00a264a28da3d23597b734c59128875efbc9f01
SHA512 7b5e475a5d6cf40188bf80037527717218384a25ca73c40f109a9d1844bd80e3c73e3b3fcc7bf35cda6536c58b89e2d343fc95d25e847dee6733d822ae18d031

C:\Windows\Temp\{AA6B456E-A319-4B98-B051-0DD8188E0953}\dotnet_host_8.0.10_win_x64.msi

MD5 45e3dbfa05670cd9ad05a87c03f80767
SHA1 7785fb6d4e010e2b8eeea4216fc34b14a756c2a0
SHA256 e84ce556c846e3a8098399d5b0f1897f8bc5c313bdd96bb23bf88b061ba60cd7
SHA512 ae9e2dc4d49ffbec56a348427054a13dbddb52e593b5d02a6ef7576998549f3daeea7c93834493d13ed71d1e63c54cf7d0d9438aa737a5ce97a402f961be0d2b

C:\Windows\Temp\{AA6B456E-A319-4B98-B051-0DD8188E0953}\windowsdesktop_runtime_8.0.10_win_x64.msi

MD5 685d357a0cb304cc073b75e069149155
SHA1 c63b913476494f49d8e903b58fac52b36effead4
SHA256 115f39d0f22ff31544d62a7b2282602408d8faec3f01e38ad5224a2c1fe1ecb7
SHA512 96fc385bf12f4b418a3ba4d64d9066129da8e659e555bb95d6ba8c087157c59e7fb14517ba3fb8c0540a87d8fdedc331d67d7ae5ea6e72bef3b7fd08bdf7513d

C:\Windows\Temp\{AA6B456E-A319-4B98-B051-0DD8188E0953}\netstandard_targeting_pack_2.1.0_win_x64.msi

MD5 450ee0e373b7adbc44caa4659ea77068
SHA1 18540ea52c4364e773a34b49c38142a35968b127
SHA256 8dd74c97a70a6496e56cbedd3d7100aa80c788654c3164f642099c14bd43caac
SHA512 3eba0e8265fd9fce82d1329929e70e467c8b34abed9f3baad4b5bdfa1ec8b05e02b7465de68ab465ffcfaa7ae6a739aeca841af0d7226a7ac847b265d35a0027

C:\Windows\Temp\{AA6B456E-A319-4B98-B051-0DD8188E0953}\dotnet_apphost_pack_8.0.10_win_x64_arm64.msi

MD5 c3aefca8f2dd0a2717d3a29660c9836c
SHA1 719c09b3eace1ff9171908f02be7e7c5ea630063
SHA256 e611399c6f24e914e62feb18f44061295e1b0f660de8413ad457bb878e00c2a3
SHA512 144f82bccd1b75a34fa424a804fb67666e30b56a7fc6097b42a02b53abe20209521cda7b93414888298d42883b861a99b77b457719382c6e394d0c25814d4aff

C:\Windows\Temp\{AA6B456E-A319-4B98-B051-0DD8188E0953}\dotnet_apphost_pack_8.0.10_win_x64_x86.msi

MD5 3c41d763bcb057c85effa9df067c7a5a
SHA1 e09f4521e0432bb337f1e314bc4585240b10b0c6
SHA256 b9ec061d755b382b178c97755ad6dba654d4588c0256a83dccbe3e80c6d99905
SHA512 5505cd8139832b2bc32e3da3fb1bd7fd3510fdcd9bfab3bd153a9c3846f90cb2437cb14f4eef8a062d7ac3fbc06417f13d4ac2e5c2aaef815a4547a7128d9ee0

C:\Windows\Temp\{AA6B456E-A319-4B98-B051-0DD8188E0953}\dotnet_apphost_pack_8.0.10_win_x64.msi

MD5 5c6b6ed6005194abd4dc9f82c5c5a2b1
SHA1 90b77b18d08aa466a1d0a1d5b97867da88fbc30d
SHA256 f618f7e7816ec425fc846df55231cbc56d846e7d470b99f451542a835f6f2147
SHA512 725263aeea7af3c14107d12106620d6709d499b8982a944c4181a4811df69178e30642fcbdaf039b19658247a70b1af8ab7df6b255a18afbe6a7e323cba1f62a

C:\Windows\Temp\{AA6B456E-A319-4B98-B051-0DD8188E0953}\dotnet_targeting_pack_8.0.10_win_x64.msi

MD5 31bc84b81c631039f4ac6d7633badf50
SHA1 2555482c503573943e7cc8b806abe718568b6bab
SHA256 785adbdba3ffc690c35e3d58744994c33c86394dd8ca5dec412ee341e0bbcf51
SHA512 021f3a0d2d37616b08858e077dc545a2c1724d5ba3f5efc8ce73afe96cb7d4ba624ad1538164b5271d09be49936e99efa4a5128281e191a6fc43273468e96ced

C:\Windows\Temp\{AA6B456E-A319-4B98-B051-0DD8188E0953}\_729ebc3a4ae248c9d9e33c8304329ec3_x64.msi

MD5 552a93c765b399f09e98be50bbf9afa4
SHA1 5f028f966501638bb44fb8c08f1d460bbcf1d673
SHA256 a3b2f9dbb07f1d91c686584915404d91471c17c9e9795ce5ac073b10b854fc94
SHA512 3017b78a00f05abef373c4589b00b079a0f44ec6ff61b2606580b59834e010a568f7cefeddfa98d706a37303b3f2daafcd434c5be3091f894dfa83e3831f93b5

C:\Windows\Temp\{AA6B456E-A319-4B98-B051-0DD8188E0953}\cd49ae2a7ed51c3023df6f387cb6a540_x64.msi

MD5 b51248cdbbeb3c4436ebe0bd64e624c4
SHA1 cbe4fd4e8c350ae0df8a76467da5db8d4c1852e6
SHA256 9d5ed3668f34542bf95e9495d148cb3b52e4b715a23fc957255bb41e9d63faac
SHA512 ce9dc671f83fb7dee18f7d0f3aada97574eeb987170131924e25cea033456a264592b7447e51cd082edacfeaa70930afa2f3fa9616de0d935647d6bb50bc57ec

C:\Users\Admin\AppData\Local\Temp\Microsoft_.NET_SDK_8.0.403_(x64)_20241109202728_000_dotnet_runtime_8.0.10_win_x64.msi.log

MD5 63425c164848d737325d4b24063c52e2
SHA1 9cc0028c6e762902716c69a0ba4f1a5a0cb8d171
SHA256 33d626a21582221cec20b01080c88bcc8368cc84d7cd2d08ba72775ef3d3b2f5
SHA512 21c24b837885112b18649a7d2113f78b0a49c7d857cb7fd52044d246a059342493fbf9763e461d97547e55eeb775c09a56f877cbf1385b176ae80c0ac0780e43

C:\Windows\Temp\{AA6B456E-A319-4B98-B051-0DD8188E0953}\caafbc922987368d181973bdabc1d7de_x64.msi

MD5 4e1dc37c7eea6f79dda21c686ea65632
SHA1 7d06d0dc46094ac4fb24b8a76a2d46c5d6af2225
SHA256 b8f703d87f4fed4d57befd402c2d501868f64ebbff512c4c19f5c6447e9b960c
SHA512 8cfc313dcbf3ab346ed53680a4f8dcdbf77f86dc7eeecb500e1b1e0191033d63ce55a93da70d0fbf07694fe9a819ed235b9fc3d25f5e6c608e800f95e43540d6

C:\Windows\Temp\{AA6B456E-A319-4B98-B051-0DD8188E0953}\f6a3645609cfef6d4f4c8e0e72ece840_x64.msi

MD5 5ec854b10ced2f1fef67f3424672bfd2
SHA1 1b601d32e8812a6e87e2a6c8b5e7cd9c4e516974
SHA256 43fb7836cd8f4e09c56f2c02fa69738bfea986c808b2e10a98483d189dac6cba
SHA512 edc26663b2549a0b623939b2fb38a89d4aed49c44d7e546a574130fd1cebad31cbcd6317839e495c5e09124fe5708a1354e7b13d664e1dccd6ee3cc5f806d3fb

C:\Windows\Temp\{AA6B456E-A319-4B98-B051-0DD8188E0953}\_3911224c0097a5c3cb085370d934e50b_x64.msi

MD5 a075d8ae3d7313ea7f292c620fc57094
SHA1 88e1311670ce6f89471a1813cc65b5e3c6955e87
SHA256 440095ccc200f901e82f2b400c5a06c79d1e675aced136f1ae513bd465ee74c3
SHA512 c9ca24f90d3af3fe39f2c53bba62b69adb5f6b2a8905d30c80a93bc6047bdd328ce3b43cf55a8ab8dc1412ba28f5d43bf89b335a0bd958ca10e387f94793b87d

C:\Windows\Temp\{AA6B456E-A319-4B98-B051-0DD8188E0953}\f84ee4f40b40598521064e7f07e7b5ab_x64.msi

MD5 40d95210a46a25542b8ec3d656c7131c
SHA1 9e6ff900d098927ee44f67ddd43706e6bb50d2e5
SHA256 04023fdd54d4d5a8d32e6fb3d113f85bac2713a6588db7c585f2635920ccc404
SHA512 4f5e869b235c775fe1e2cc66983a53e0607d0fbe84061a6e791ad09b5a120508d4b219f5e67146e45d2a185ba127c069b0858fb1aae74f1f2db25d80c08e939c

C:\Windows\Temp\{AA6B456E-A319-4B98-B051-0DD8188E0953}\_8138eff37f00314a1836e3df55faa930_x64.msi

MD5 e18c0aa1f8975bf3fd17d5701345addb
SHA1 963a38dd9e9dfd509384811345278c3ddc962e10
SHA256 cfb6bc550015105b083b43060610988be0a8090fc69877144816c8e18183d0e1
SHA512 d3a61b71b7aabd45fc2275a3462851dfe09d14e8cb9af94075038658f649888469406cb2f79445f52fe6bf831291adf9e22909e330d126507d26d554170850bf

C:\Windows\Temp\{AA6B456E-A319-4B98-B051-0DD8188E0953}\fbafa6938113eb2095e12092037bd5fe_x64.msi

MD5 cd6ac784936c592b5b90b83e89fac544
SHA1 960293e59db25f652bf8991a48ee5aa1c0df7033
SHA256 51f50093f7f449c9705c787bc3571c7ba534b27979941908a3539aa993326382
SHA512 d51a8c46d45cb48f755d06d37d2cc6f6d89fd23e9b81c9d3f019c2a0148a6ae8c3759770ca2a0d068bcf4c0a8b59c264ea60c38d8d636a9c6e5f4c384b23ce2f

C:\Windows\Temp\{AA6B456E-A319-4B98-B051-0DD8188E0953}\_24bb901c0e890ef24f6b95928cd093a1_x64.msi

MD5 99f79eae39ef995ada46f787f401493f
SHA1 677e655ab7f03f4e8177d0bf6d21b515acff717e
SHA256 d3f85f87fd0af2c2fe6c93f7e012ce10faf76ff54061ad7ae3e0d1815d4feb12
SHA512 c21268b710184c4e9568483fc5249cb07fca51cf6b88f32befe1bbf9a01316309c6d918a1b6530e4ac8af014260b8989c2b448ac143184c31d092f4fa5a66622

C:\Windows\Installer\MSI9D7E.tmp

MD5 60e8c139e673b9eb49dc83718278bc88
SHA1 00a3a9cd6d3a9f52628ea09c2e645fe56ee7cd56
SHA256 b181b6b4d69a53143a97a306919ba1adbc0b036a48b6d1d41ae7a01e8ef286cb
SHA512 ac7cb86dbf3b86f00da7b8a246a6c7ef65a6f1c8705ea07f9b90e494b6239fb9626b55ee872a9b7f16575a60c82e767af228b8f018d4d7b9f783efaccca2b103

C:\Windows\Temp\{AA6B456E-A319-4B98-B051-0DD8188E0953}\_4ab27be2a7a2a677d46caf9075f2248d_x64.msi

MD5 3828128aa976befb6792d9095b9342a5
SHA1 f12e3899775c3b5e916b1f9f91a1994ed0a769c4
SHA256 be30d3ea95eb2e56ae616086291ef565fc7474ac745441f69e1319f258a8b9ab
SHA512 7fbf2915ce68378a8986cca7b39a5469d2ff3e309f2eeb76946465826d01ab1c6cd0ed1cb8e9838f7749770077829951ab26ac074b399034664f2c0fca8fe0bb

C:\Windows\Temp\{AA6B456E-A319-4B98-B051-0DD8188E0953}\_28c86dc0e8d71959057ea0317b3698a3_x64.msi

MD5 0bb80f4c213f4b484cb3813caf58d94a
SHA1 ef4aa69c17b8d662aec7d8a83f4011d9750c921b
SHA256 737fa78efe8c6d07dff5cf99de9b3127ee9ccc59ab394e9e7c1e274f4b8c4c49
SHA512 f3c471126b1613e63498191c2018932d1d8db72ba66bf977d9fe2f85c7b294bd9c1840ab7ec1b66339eb46ed2cf4c70cf6359116f60dd520cd3fb5b61362af50

C:\Windows\Temp\{AA6B456E-A319-4B98-B051-0DD8188E0953}\ef05a2a0a7cab4628b9a106ebdf303e5_x64.msi

MD5 7c0a0712e3377b703a2bc22f90b6fd68
SHA1 b1cd6e82fbb7316e3dd4483ed9db3eb0d53d76b7
SHA256 c6357feb49da1a3e973229e502a3b26ab86b183a01f0f59be80c92c38bb87a79
SHA512 d93c8bb42c6fceaf2a48f01d282c4bb80516b095b9d5b614d767275ec0b95bf5969fa9bda681bb7bc2dda809dffcf5904016bd5e4fd95f3c06af7f2084928fc3

C:\Windows\Temp\{AA6B456E-A319-4B98-B051-0DD8188E0953}\f0a38d69b91da2c9cf4812140d614380_x64.msi

MD5 81f28e5946a58221ce9c0f26f1092b77
SHA1 ee8c50caa0ca9faa225af5af0227eb55db6f4d58
SHA256 35497652569c6f78c8fa6fee54dc1449896506c32fda2abd8944e9ac93008ecd
SHA512 730fe70fe4dfbd9f912f333a2611d130af77a630f3e954b77a11bae11f4c7b41ea515a60eecd3396783cb2508fb98dd27c664bb6a2423a5088168a40b64477d1

C:\Windows\Temp\{AA6B456E-A319-4B98-B051-0DD8188E0953}\dotnet_80templates_8.0.403_servicing.24474.13_win_x64.msi

MD5 f58d4f6434798a43f0ca8e0aed027e09
SHA1 d960ff405a594070d03ea8e2af9f420e81ed6dcf
SHA256 1307f91b50461719481081150698c364c8d4b439a05ff220cdd4059f4b413da8
SHA512 9a57e89f4fa88dd366c65f34a2f3c1b467200b5f408443281cdea39a9bd64121ac48188c5a1b1da920408e1a019a6cdee5e32f7f7cb16d554f0535183730f7c9

C:\Windows\Temp\{AA6B456E-A319-4B98-B051-0DD8188E0953}\aspnetcore_targeting_pack_8.0.10_servicing.24468.4_win_x64.msi

MD5 6b31d5ab5714c1604de6f2fa473762f7
SHA1 47a1a0600f9596985dd7d2a109eea9d1f87b0490
SHA256 8a102fb02cea3a72de74f7f1eafb057451dd76b25882d8a62d353b08d64bc61a
SHA512 afd407fd93401f6e65608db03373ab5f69708e45736cb0f54e7bbb66fa9b762f5fb06342383bf88e613855e522aec530ceff931d55624aa42c8f8c2dd6f20a88

C:\Windows\Temp\{AA6B456E-A319-4B98-B051-0DD8188E0953}\AspNetCoreSharedFramework_x64

MD5 1c59d1fe5a59ed2240d3d3ab15c1d70e
SHA1 7646a636dd350c828b4fdef675cde680ada24336
SHA256 66cce7c4018c00fcfce49f38911e30d6f4fbede872717a2d9347f4dfded97853
SHA512 f10afc995da40b2e26c0c4485ae61a68f87f71b141be9ec2923b04973689863bf20b55ba5af36f8f3a8aa3d2566db2eb86c25770ff0f1edba0fb7338c5949a14

C:\Config.Msi\e599b5f.rbs

MD5 98bb31d782e87454a3c54384d03d0b53
SHA1 02f68452cfaad2c7ed19619034ac00de939a4cf4
SHA256 62f5e8abd6a435e919123665e7c45d334f3f676e2bf333fc398ea1b121ae7eaf
SHA512 1d14606e5b24df888c78f97a71148d99e6d03764ad478cb6239f00f71cc8c2954b6d0b5eb25ce944853f85e16d65bedb79a3e510f9f963e5d48580572532a161

C:\Users\Admin\AppData\Local\Temp\Microsoft_.NET_SDK_8.0.403_(x64)_20241109202728_001_dotnet_hostfxr_8.0.10_win_x64.msi.log

MD5 2cface05a254ec27aabfc6f680529799
SHA1 f5ec4364ad798571b86527f4accbd34282f86823
SHA256 33b76bd1a0898ec0ec902267b44004129fddcba0124f392aac1de90d60a15448
SHA512 501f38b7ff12ce20ec8ecd74dd58bf270ea8ca48b4c6704936a93ed61d50b91bfe44bd65b53ee55c327ae9b79ffa133202aefc85c62981b8140069f6712be08b

C:\Config.Msi\e599b64.rbs

MD5 ee4bc76c1e12da9afde721b114571a07
SHA1 d2a70d9b40e420e48bcf82e0a68d2e2af3146de4
SHA256 288ec0e62aea4aaf81089b091e09998475076a1e85b7aee9fce1f492e48972cc
SHA512 7aa082e881906509bbdb33dc898a7958f36abfe87d81c6f42a0986d744ab8278b6e90596459217fbd6fbd9a9b85ab65c31c741596f3484a831b38819843615f8

C:\Users\Admin\AppData\Local\Temp\Microsoft_.NET_SDK_8.0.403_(x64)_20241109202728_002_dotnet_host_8.0.10_win_x64.msi.log

MD5 50fb39e46c1fab960f5165469450cfae
SHA1 7a2ad8e1d5f3369b6c59081cc12f5e0cd1843eb3
SHA256 07e8879c28ae5eb3c6ae4c2e79b94b347c0ab06b795361c3069315c3b0df182e
SHA512 fe404bbf633ee44a12bd1f91f0179aaa8e0acbe283eae146f2f24d3625f6993e3c67c6926834b460ab5ef7b2c05c9425312e3134156d9e921d742566598819f3

C:\Config.Msi\e599b70.rbf

MD5 21438ef4b9ad4fc266b6129a2f60de29
SHA1 5eb8e2242eeb4f5432beeec8b873f1ab0a6b71fd
SHA256 13bf7b3039c63bf5a50491fa3cfd8eb4e699d1ba1436315aef9cbe5711530354
SHA512 37436ced85e5cd638973e716d6713257d692f9dd2e1975d5511ae3856a7b3b9f0d9e497315a058b516ab31d652ea9950938c77c1ad435ea8d4b49d73427d1237

C:\Config.Msi\e599b6f.rbf

MD5 33b4c87f18b4c49114d7a8980241657a
SHA1 254c67b915e45ad8584434a4af5e06ca730baa3b
SHA256 587296f3ff624295079471e529104385e5c30ddc46462096d343c76515e1d662
SHA512 42b48b4dcd76a8b2200cfafddc064c053a9d1a4b91b81dee9153322c0b2269e4d75f340c1bf7e7750351fb656445efaf1e1fe0f7e543497b247dd3f83f0c86f9

C:\Config.Msi\e599b69.rbs

MD5 db22c6ad8a76fa79296437b3f77338d4
SHA1 7d04d2671cc547948fd0cbd1576577a3b80eb400
SHA256 e73ecc4add937911f78715603a4735157511185d467da96a0fdc5c7fb9acb7f5
SHA512 d5ba66f8b284764f4e582e2781eade9c6af87d2a264c18f78666cf70c3585f4b505800f75b97147c6e9f6a01907b5a08833eb4100bf652b0c5c427de9de0cc8e

C:\Config.Msi\e599b6e.rbs

MD5 eedf6f954348985da272260d78f7be9a
SHA1 00356caa07c284c5007d1d6daf65127635290528
SHA256 0d9504903f9237909ef8783440f4eb0d66ced78c912623053414915db34d827a
SHA512 cf5c0b36269ef77abfe2a4662b095ce88f0b59e0c4a74849bc33b8b7a0da321fded1f15249806fce0613f9ad2fcd62d85868f43cc054f62fdc6b8009dc3285fa

C:\Config.Msi\e599b74.rbs

MD5 31ac73348447299cab167f2b7cd0f4e1
SHA1 2ae50331213c6ae2652c1e2f4c5ed84d761b03f2
SHA256 3f82ceb545f440f09eae79eb6537ccdf379464733fe05cdd9e89f1e3c764ff9c
SHA512 49f0891563de04490472f97e8aa2a7fa3fc27df22a6f23b8ba272c766d1a8494c777a430778cd835199214a59631e0f7dc51b1b542487242b3d8d43a8eb1db73

C:\Config.Msi\e599b79.rbs

MD5 9e946d2d19761559818cc37bed3ccc9f
SHA1 221409f10346d76b59296965e1cbc716693c3683
SHA256 00f6886e4776131d7dc9dddc1cad46aa62ca35c54be480d563aa5ad6d362d006
SHA512 43e339f04696b85ed9f06555bbd937721fa3a7276ad3271a0defe54479f09ef48c69ede172736de306a119b549c61cf07d3adc5fcadaeb9666352ac628985173

C:\Config.Msi\e599b7e.rbs

MD5 ffab366c01bf19a89182408e589301ee
SHA1 5d58630020172c8c60362add0ac870d16dae937e
SHA256 e8966758afe86b5b7a9ecbd1090841858a370780659b4d44295b3ec2ead9363d
SHA512 ec89c1a0375355581ccb24a74d91940846973f1c3a3cc102fa015f33a72408e6d54ef4ad7a7bcfa3b3916243fad89d4b97915ea806ecd00662c93888367823af

C:\Config.Msi\e599b83.rbs

MD5 66fff5754fb8555e6cbbd68457d89098
SHA1 b92641c4d8960fd9cd168f9651ef32774397ed07
SHA256 2350d320a95c38792bff698f9d6bdf0ffd58eb2b693c354867a7b37076715049
SHA512 65ee8865e0563c3dd280e952fe1c6d621234a60dad100ca4ddf388d45b93bfe9b74d2edbfca3ca6b0bc3a95ab2be578315951a3557bd21e1efe9e0edcac84fe2

C:\Config.Msi\e599b88.rbs

MD5 d4a4dfb1d386875aec9f92077fbcf1fb
SHA1 fd26cf288147cdcb7880a1e90db53cc5ab723a4f
SHA256 5b4cd76c8f70f9620ab610f9e6de570b0ed08acac4010fe4f1f1c4e6f4b1e7bd
SHA512 7964b9921fb699a214ecf72e6c32382adb8f18b9f879556cbc810b9ee02f023d05fd0c8dd9118522ddaed51bb581cd1cf380df18e831a17d1df3fce1a4b605a1

C:\Config.Msi\e599b8d.rbs

MD5 b83b1f39923de5ad00811f6798f97c45
SHA1 c5fb8dbe9b9849cba8d00f0764dcfeff9a6a87a2
SHA256 2beee5180d99fe033d5b58ea0558d6ae7becc9b6e0c847e85343fcaada2b10bf
SHA512 7567586d1af5294348a0e49706a21752f795d58acc0b9c971aa79acb8008f86ca996b80e8a81a68584bcaf322c313d3241510838edadda975beb8ba421597d8a

C:\Config.Msi\e599b92.rbs

MD5 a2978876fc6d307de17be00c2d7e7d36
SHA1 34729745f33c5276245f3d6678cab67168356950
SHA256 e8e36dc39869bbdb2c31ef443f620ba23e6003de32addb77907388625b133cc9
SHA512 4ab018add68b9e3560d1e88e4e039540a8d148796c969e244210c3998dae6e9b26ecc9b19f651f369e59f93b96cf77a28e506e28da3539a3af9b83c3fd6d00a5

C:\Config.Msi\e599b97.rbs

MD5 f1738a9ffb8217d86c267c6f6334d029
SHA1 0fa36e26e48346843988c07e3ad15840838b5b94
SHA256 a809520b791a6b68660e8d9e9faffcc491624a19dbcd112211d71c8b1b3778db
SHA512 161de30935c1a2b829242fa7ad086528966fec3ec6a95fc42368c9f721f7601b9fcd344d9127d2ed7656ad1cba0f47a768bab07c8389ed3143e8d44287eedb24

C:\Config.Msi\e599b9c.rbs

MD5 d4f3c4650c022ceb791bfe6cc8da308c
SHA1 c6fb0a736257d95802b750b592fb0f3279d9744f
SHA256 fd5cc6d17e970840678ccf88a8cc22b2ba06a06223546adaab3c397cea0701d4
SHA512 8afdfa44be2d50ec3c1c13e7e2e00817eff1ccf6e4f5d01b63f36817448cdc4b8a820105d16ba7c44c0e8642af40ad28a96f2f709abb47b51ab35960dbd3a2ea

C:\Windows\Installer\MSI352F.tmp

MD5 d711da8a6487aea301e05003f327879f
SHA1 548d3779ed3ab7309328f174bfb18d7768d27747
SHA256 3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283
SHA512 c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

C:\Config.Msi\e599ba1.rbs

MD5 e6bc50215d55c8919288a3139d16b8be
SHA1 55da46ce860a00d58c88d691a2a632cb3d8c44f2
SHA256 308fe89eb5ea1393ad1e3ec567695a4fcfa875cc5a45135397c1db89c4675b6c
SHA512 04eb49f7fcdf0168bbce28e363450b7355cca968fa0a841e7f4da1654c30cebd42e01d7c5deca3e523162de4be2adae057c0c0ca485145132def86bdfec82915

C:\Config.Msi\e599ba6.rbs

MD5 e3c03f94eddc6294cf92edb244ee68a5
SHA1 03eecc7b854e2cceaecd43d43bfa136c7c6086ce
SHA256 518d417273b2173a93ce5a70befb122a42693c4107588293cf1f4baa5f50d8e2
SHA512 123493278243b06b36e61be3f1e09296ccec43c0833091c9f3f8659c4c3d7cdbfa1543834809b62abc7fbc3bac3d09866fd51c65d863b44a4170180a01f559f3

C:\Config.Msi\e599bab.rbs

MD5 cb95873d02302597b8824c21005fd0ec
SHA1 7d5dead3b80780530f860dd08355aebfd1cdaaa1
SHA256 31a16d1cdf879e54cea04348bfc53dbea538329cd6894c8f964ca68fd3212f3d
SHA512 6701578472d8d4f92a45a378e8ea31127b50985b1ed005d771df8673a39a2f2a21b299421638e65eab24a4e22548a29b19fa80989e1325937e5213844c5c54fd

C:\Config.Msi\e599bb0.rbs

MD5 fdd3c70cfb4a727d9e27d790e9f40ae8
SHA1 a04924b986bde8e6e93efeea6de6637c799dfa7f
SHA256 6fa7975eb4665552e49e7b7134849a21ba42eed67accd2fe3584ddff60885109
SHA512 48a9e65111e0517335b52b2a1488cde069b1f4b2291cf5e3f5d71b0d3d32a79ec45a0a6f9ad256ba730dd5472687f905d932dc0981a35fce990c0391fa1c91c9

C:\Config.Msi\e599bb5.rbs

MD5 984da25aee8a7b9e01239fb2ea34a5ba
SHA1 cb674569a6a752227bb280c81d7328fb4b0aca0c
SHA256 50fce5b64f0d1a0a46ba24771219089d4973d8dc54945473914823075a5c2ee0
SHA512 8a633bff4a54c485202a836bc911115290c12c538d9672deba8c7abddf6e24868c1f8e682a144f8ac206a3e179f872e03c3bc723821457e80addc4187f9b6c1e

C:\Config.Msi\e599bba.rbs

MD5 d04975078ba699631365ea424f9a13ea
SHA1 81b9b603f53258f2c9b22e9a1347dd2f3f49938c
SHA256 a84261fd4a06ea4ffa52e111c5db3584823dc5e78dc7ed5ee44b7b6ef2f58e48
SHA512 23dd176b559296bf21a3048c2c6fdeab8625863bc93b8b6463fc488003d8d41200ccb8e51a75ebf8e1d20f8c76db372676a22d0a2db4fa4a7b466299b9972ceb

C:\Config.Msi\e599bbf.rbs

MD5 1f69621eb7a39d9101813af5407a9fad
SHA1 6013bdcd720b21d545197ab016b8237e862be504
SHA256 e7f68fb855e945892faa591b325e98471f61cca97b29a9be3000243145830d30
SHA512 2d7ce8210f159a15414e777ee337efba38013fc332d10ff901d2e6c3689667bac6c071caf0e1afaf4696c805837cea17b7b84aee9a5f36d9af2d130e97f7cd52

C:\Config.Msi\e599bc4.rbs

MD5 592f3b17ca7a66b4a189b17b98fb7645
SHA1 71b3cd3a085a812e55c802dca586e945dc85c02d
SHA256 585a00f8e96902363dd12c0f028b8f1bd5e56749e5502569b3ec279490447e8c
SHA512 b0b627b2308e242ac94837649175cf372658844b43e0470618fa1afd07be516ec568cb7447c7396cee8300b38cbc2808b89137320539cea843769e02a4ff524d

C:\Config.Msi\e599bc9.rbs

MD5 1e1b3fe955da21b70a5714803354d2d1
SHA1 1ca1d9178bafe5586285e7f8dd693ce40167e67b
SHA256 413bf57e5893b68794078c55f4c37e692f5e3aa0025abe958897209e60c8a89c
SHA512 e944e4c4909bbad94f268c9116bbc84c6a3ebf3e50c34e1114f4e21ea29bb2f77815f15582256c651629647a1a667978b50f2412a8031e16f2d46dbae89e5a88

C:\Config.Msi\e599bce.rbs

MD5 1ad13baf01324225bdc621422af7ffca
SHA1 e69df12b426650aa86c1328cffcde0432918d155
SHA256 f7021cc64fc3d8f610601a72d84e4de211130bc9888369f18c0cf7223d851ff8
SHA512 551f51089abb773bfcf0bdb579f0af74d5fb2539d8af53ddd115307a75bde034fe8a47581c8adcb93ccba9d7db92c0b91a9eee590cbe7f72e6f76cf91b9ebe2f

C:\Config.Msi\e599bd3.rbs

MD5 5268bdf4a4cab9064358e8121754b3cf
SHA1 c062057f478092ba6b66fadcbe979138dea0b516
SHA256 7a2b504d41abb4f81a8192ec1d0f9ac5e10100ad2f44ed048fb78b11f39c83b0
SHA512 18b5e7ff53b941c5bcd4db16701e13b81a2ecaa8e8ee05c0ec5c583a9a454ff29cefe1cf300bfbb7547f07b49eea788b7bdebacd8248e9fac183e15be7758b75

C:\Config.Msi\e599bd8.rbs

MD5 4fbba45e424338bfee2f8363141fdc69
SHA1 483fca006704864a836378362c0e50b263c10956
SHA256 2ce80c61f6e5559bf476011b590e7c1b46f403ec97c326f319dfd696321cd9ee
SHA512 40b65975ec28d4233d608c1b6c006599aae854fdffd952ee2ea9cf89fab23f9ce5c516319196f610fcb114764f8d59227e7b18fc261515dd71ca51fa1b8e2aaf

C:\Config.Msi\e599bdd.rbs

MD5 7eb5dd1a69d6b16bd0b0d4f8de9b0ac7
SHA1 ba39039f8987b11736810a3548f887c48aa5200f
SHA256 447a34f8869a8b39a15d6aa79b91d36837daad7fbf41c126f67eb55dd95c7520
SHA512 d8c5ab074580f80cb11b2a3fd88825baf9a15425bfa5b84af8940db02a6a94c87760ad5d4181bc878b87b678fff0b08db9cfa0f922882767d6577e8d1f063bbe

C:\Program Files\dotnet\sdk\8.0.403\TestHostNetFramework\testhost.net472.x86.exe.config

MD5 a22cdd3374234d3a50c2ace2dc33a63f
SHA1 d71bb2417cb805c3da21ebcc0e1ae5a102823c9b
SHA256 b60b80763571c22739c4a688a46ee12c65bb66d1e9ac7d0933c2e4222e618874
SHA512 71d27f36a5b03c6b470f720196d3d67706f47f3b1d4f88f55960676b3a5024c9ceb1228e7dd6173d24270af556c0d3898fb5395e3823801691deac8ea6026d61

C:\Program Files\dotnet\sdk\8.0.403\Sdks\Microsoft.SourceLink.GitLab\buildMultiTargeting\Microsoft.SourceLink.GitLab.props

MD5 a5dcc9e5bf323d748b26652e11956905
SHA1 7f8c7a2523d1f4600e0f8bf347d10564cef36780
SHA256 2ddb662297ebfb51e70bc61ca7695dc62124a1edd342c82e87e6302cc03f016c
SHA512 79d324b12b375ccf888828fd64c303a669ab00657dbf6fe76bba522c7683b7aff8b0c216905fed00284ddf8841fabcf8e2bb64b6849956572d11bbbc8e1540ae

C:\Program Files\dotnet\sdk\8.0.403\Sdks\Microsoft.NET.Sdk\tools\net472\System.Numerics.Vectors.dll

MD5 aaa2cbf14e06e9d3586d8a4ed455db33
SHA1 3d216458740ad5cb05bc5f7c3491cde44a1e5df0
SHA256 1d3ef8698281e7cf7371d1554afef5872b39f96c26da772210a33da041ba1183
SHA512 0b14a039ca67982794a2bb69974ef04a7fbee3686d7364f8f4db70ea6259d29640cbb83d5b544d92fa1d3676c7619cd580ff45671a2bb4753ed8b383597c6da8

C:\Program Files\dotnet\sdk\8.0.403\DotnetTools\dotnet-watch\8.0.403-servicing.24469.19\tools\net8.0\any\ko\System.CommandLine.resources.dll

MD5 ea1fc85ccabec5aa1ae22452afbafac1
SHA1 8ea9da27d9335f80c76867837688218b78311148
SHA256 f3d814678daa95c4609d723548edef7a76bb87423a4e78a20e48fded87089483
SHA512 42a8c0fd58cad8765712b0379a9ea8adaabaabfa2fb5e2760756e0cac80c30484da491065634aa406ec6fd2ffef0dcb386fa6378e191afb6fcb48a7845c8c479

C:\Program Files\dotnet\sdk\8.0.403\dotnet.runtimeconfig.json

MD5 8457df74e898629c7262b02dbe4160f1
SHA1 cddcaac926ea7001edde155f9cb0732be9086081
SHA256 4426b99531f63472fef36c9ba4beb75986ed6b1a9915f46e507b698b7c6384e4
SHA512 1aaae31f79dcdbd9869101e8aa67897f2a439dc513ac8fa7dee4ece4d628d33d29308598a02519c718c9cf378ea93ca116f99bc6e3f28f193d4bcaf33ab6b82a

C:\Program Files\dotnet\sdk\8.0.403\Containers\tasks\net472\System.Text.Encodings.Web.dll

MD5 fa9d0d182c63c49a4c567f7c1652b6e6
SHA1 55ddfbe80762c02f9a9c65809f9ec3ef8f7f2ccc
SHA256 e9c4f5eed186cb129c527c4b8d67d163ea2f2396e9d8b96e30b5e7c12203ce84
SHA512 58f468c982ab66930ff37efb5a941db116e8c1aed66ebc23720a7b18f71bebe1e929bea76680294edb25f430c23d520b8a87e3a22064c5993d0396819a21cbe7

C:\Program Files\dotnet\sdk\8.0.403\Sdks\Microsoft.NET.Sdk.Razor\tasks\net472\System.Threading.Tasks.Extensions.dll

MD5 e1e9d7d46e5cd9525c5927dc98d9ecc7
SHA1 2242627282f9e07e37b274ea36fac2d3cd9c9110
SHA256 4f81ffd0dc7204db75afc35ea4291769b07c440592f28894260eea76626a23c6
SHA512 da7ab8c0100e7d074f0e680b28d241940733860dfbdc5b8c78428b76e807f27e44d1c5ec95ee80c0b5098e8c5d5da4d48bce86800164f9734a05035220c3ff11

C:\Program Files\dotnet\sdk\8.0.403\Sdks\Microsoft.NET.Sdk.StaticWebAssets\tasks\net472\System.Text.Json.dll

MD5 d7e1e8629da31f3482045f243edd50be
SHA1 d3ad7f529c0b9232206348842e31566ad7347135
SHA256 86c3f263ae9b4469ab1266c80471087082447eb4a38e6b97bf5e84de15c07a1d
SHA512 0ebfcae7cf17ca0c4299f6d1cd850f0f8959b49e6bbc05079fa6679838abff9eca3a09ad8158f7b0395dabb20a0b9a25efe1d8f645ca9ef69bedce45606a23d3

C:\Program Files\dotnet\sdk\8.0.403\de\System.CommandLine.resources.dll

MD5 e771e643a2f47b5d527aa4dd1e857aed
SHA1 ddb6ebbdc354122989c67ed9cc2555da640b16e5
SHA256 8c4a1a6e84875ae583fc032a723e934f0d8805d452b43a81b4eec624b5ea7e15
SHA512 14d17e82464fb813ff044b4e5dad1a429f0fd8fc5973ba2bcdb50edbef7e129048133d99b5c50f86a3f82d33b9faddbbeafff222d92b80e31ff963345c4b29e9

C:\Program Files\dotnet\sdk\8.0.403\Sdks\Microsoft.NET.Sdk.Publish\tools\net472\System.Memory.dll

MD5 f09441a1ee47fb3e6571a3a448e05baf
SHA1 3c5c5df5f8f8db3f0a35c5ed8d357313a54e3cde
SHA256 bf3fb84664f4097f1a8a9bc71a51dcf8cf1a905d4080a4d290da1730866e856f
SHA512 0199ae0633bccfeaefbb5aed20832a4379c7ad73461d41a9da3d6dc044093cc319670e67c4efbf830308cbd9a48fb40d4a6c7e472dcc42eb745c6ba813e8e7c6

C:\Program Files\dotnet\sdk\8.0.403\Sdks\Microsoft.NET.Sdk.Razor\tasks\net472\System.ValueTuple.dll

MD5 23ee4302e85013a1eb4324c414d561d5
SHA1 d1664731719e85aad7a2273685d77feb0204ec98
SHA256 e905d102585b22c6df04f219af5cbdbfa7bc165979e9788b62df6dcc165e10f4
SHA512 6b223ce7f580a40a8864a762e3d5cccf1d34a554847787551e8a5d4d05d7f7a5f116f2de8a1c793f327a64d23570228c6e3648a541dd52f93d58f8f243591e32

C:\Program Files\dotnet\sdk\8.0.403\cs\System.CommandLine.resources.dll

MD5 2f679e46823cf54660405eda0dbf0842
SHA1 29fdcbd753e36022b6308425dad9323e5f3472fb
SHA256 6c9e8a37d656c8ee738cb0db392d49e908505a82175266e072a4552a7c98adcf
SHA512 f07fac0e45c87ea34fd1e9354fbdcaeb61f0a52b23cfd993def3c71f8c5d7249f861dc8c2dab427fb93e2bfbcd156d2f0518faffb91853e70530e2ad71e4cef5

C:\Program Files\dotnet\sdk\8.0.403\Containers\containerize\fr\System.CommandLine.resources.dll

MD5 aa8eeb801d74a4e562fd8c044e03fa8c
SHA1 8653841bd62dc74f605f608ed8f354dd692faaa2
SHA256 7ad12924769e5e85266ebd510fb4be141cf5092f0f8988345f80f5bacce0479b
SHA512 388ad6fcb298ad170e45f214ea4b1d1e5844efc1612800341a4b1b651ee3ca25b4bcdf541bf2f8f0975a1da50dbe8f60ff8651c100f8675b9e3ce924b0f08db3

C:\Program Files\dotnet\sdk\8.0.403\DotnetTools\dotnet-watch\8.0.403-servicing.24469.19\tools\net8.0\any\zh-Hant\System.CommandLine.resources.dll

MD5 9101e8227a7ab83cafd27e4ec222ba10
SHA1 3a80807f7cd695bd9258eaaadf8b2d7dccefc125
SHA256 8508d85c0fcf1040b05d2a2f0c7e4f74ac476f9a46f414e05e8d47d565367e5e
SHA512 e017142f816299ea430a980db1b15298e4f45b4d8264b06160194061f7cb9c8cd3c9a1a8976eedee1f67d6a94b6a393583909c7c167e4407a5c47cb686f23412

C:\Program Files\dotnet\sdk\8.0.403\Sdks\Microsoft.NET.Sdk.Razor\tasks\net472\System.Buffers.dll

MD5 ecdfe8ede869d2ccc6bf99981ea96400
SHA1 2f410a0396bc148ed533ad49b6415fb58dd4d641
SHA256 accccfbe45d9f08ffeed9916e37b33e98c65be012cfff6e7fa7b67210ce1fefb
SHA512 5fc7fee5c25cb2eee19737068968e00a00961c257271b420f594e5a0da0559502d04ee6ba2d8d2aad77f3769622f6743a5ee8dae23f8f993f33fb09ed8db2741

C:\Program Files\dotnet\sdk\8.0.403\DotnetTools\dotnet-watch\8.0.403-servicing.24469.19\tools\net8.0\any\zh-Hans\System.CommandLine.resources.dll

MD5 c182eebde556be386ca5b656974993fa
SHA1 864aab5c6e71bc3537612c2541e7737d02e6f4c0
SHA256 d8682c24396dd5093f4e4bee6cc021148ed2558039b2682bebb60dbb95db56cd
SHA512 3613cf324c708564185f021404215202dc2fd5340890db115bd906716a9ce74900aba954c68ab13900c79bbe869b916739157e426a0196c1843426beb9d4ef52

C:\Program Files\dotnet\sdk\8.0.403\Sdks\Microsoft.NET.Sdk.Razor\tasks\net472\Microsoft.Bcl.AsyncInterfaces.dll

MD5 ff34978b62d5e0be84a895d9c30f99ae
SHA1 74dc07a8cccee0ca3bf5cf64320230ca1a37ad85
SHA256 80678203bd0203a6594f4e330b22543c0de5059382bb1c9334b7868b8f31b1bc
SHA512 7f207f2e3f9f371b465bca5402db0e5cec3cb842a1f943d3e3dcedc8e5d134f58c7c4df99303c24501c103494b4f16160f86db80893779ce41b287a23574ee28

C:\Program Files\dotnet\sdk\8.0.403\Sdks\Microsoft.NET.Sdk\tools\net472\System.Runtime.CompilerServices.Unsafe.dll

MD5 c610e828b54001574d86dd2ed730e392
SHA1 180a7baafbc820a838bbaca434032d9d33cceebe
SHA256 37768488e8ef45729bc7d9a2677633c6450042975bb96516e186da6cb9cd0dcf
SHA512 441610d2b9f841d25494d7c82222d07e1d443b0da07f0cf735c25ec82f6cce99a3f3236872aec38cc4df779e615d22469666066ccefed7fe75982eefada46396

C:\Program Files\dotnet\sdk\8.0.403\DotnetTools\dotnet-watch\8.0.403-servicing.24469.19\tools\net8.0\any\BuildHost-net472\System.Collections.Immutable.dll

MD5 af7880a90c02c0115cd169c7182ab378
SHA1 6e3ccf50bb1d30805dce58ab6bdd63e0196669e6
SHA256 d5ec0837bb176abf13dcd52c658c4e84c5264f67065b9c19679b6643f7d21564
SHA512 5377f83cfb8b9892727ed22ba0b9b1a75b2d4750caa6da04f4eeb0f6f9c0f75949226b2ca00876ad1f4c9de02f8ffb1cbcdb3048fbe6d26a6119148282e818a1

C:\Program Files\dotnet\sdk\8.0.403\Sdks\Microsoft.Build.Tasks.Git\buildMultiTargeting\Microsoft.Build.Tasks.Git.targets

MD5 5725a6d47308db618d015c3e55dd499c
SHA1 9b3e1ac8d62d522505f57fee89a249ac33325edd
SHA256 61af182d230365161e831fc573eaa7a2c9ea413e01ca2c446e3aa623e3ee37a1
SHA512 ab4ff2bd624295eb15d22377bf1c1bdee135f24e534cc40e86cb569d7af846c990552bd4947b32c2bc74bd92e6ec42bc775e4954fd2142af89c2dcc75fe5f798

C:\Program Files\dotnet\sdk\8.0.403\Containers\tasks\net8.0\pt-BR\System.CommandLine.resources.dll

MD5 c7f0f7e0a7562225d7b60b88459bde92
SHA1 96c432044ecf7d346e09c6c46f5ca163396d97f8
SHA256 516e73295a8c886807ef125de6dfdcc3b783133603655c7a105b38a953ca3353
SHA512 05cd9ad86c824d498ab7e0be7656c233cb051b056dabefd9d037923f7d3a1bb967182f575dee89896c47912fca4a2227c56f8f26f0c2949ee18a38d7e041b999

C:\Program Files\dotnet\sdk\8.0.403\DotnetTools\dotnet-watch\8.0.403-servicing.24469.19\tools\net8.0\any\ja\System.CommandLine.resources.dll

MD5 5d26652b0f420ca6ba2bfa00b84eea38
SHA1 8dc1d2a7cb6b857344c120544f842fccdaa97e79
SHA256 654efb9ccd7c39ce7992616f8aad94e5855f01a3b1ad5dbf21710b1b6d24f00c
SHA512 5e066b399ce519202f2dc8299787ad47bd37467e85598489489bd5f0f49c424518ed6c4e89cb6ea44c038ceec9a5169aa0c1afcccb0de55ea805e1e0641a7419

C:\Program Files\dotnet\sdk\8.0.403\pl\System.CommandLine.resources.dll

MD5 3f14df8e4be6100673090c43eb3c3476
SHA1 61c1e35aeb6cb477077416f050c344fb18f5f87b
SHA256 09eafe24bde0110f526b49001d97673e533ffd9d361d9be9c4b511eac4dd1bc2
SHA512 7988759407514f6a6d3792ce58c582420eba75bb1871d8392f0f018f403557bc99d665c7655f913c9021d6ed777f7bb8b3d12a52ba5869abf48ea29e7c2d977c

C:\Program Files\dotnet\sdk\8.0.403\Containers\containerize\es\System.CommandLine.resources.dll

MD5 79e57433e70b5a0a300303dfc5d759b4
SHA1 cfe5862964f3b389cbac01e157e9ade0031e45ef
SHA256 b58c35c328c383e3461c3ea2f1f0c46e7a48446d863f2c2c63f42aa466e002b8
SHA512 8f2ee3b02c4bee0483ed702d283bd9e513917044bb77aa4412dd85de501a8a52c966510df948a9f5f36177407bd111633047686d727fe32de14599e17b229de4

C:\Program Files\dotnet\sdk\8.0.403\DotnetTools\dotnet-watch\8.0.403-servicing.24469.19\tools\net8.0\any\tr\System.CommandLine.resources.dll

MD5 c9c8df325a05d227bc32a5d854713c4a
SHA1 cf9ea69ccebd1ef0bd46beff01254a02c5fb0131
SHA256 7a2ada59d84ae17791ca23ff010f1251d98a72df15d1c7355274557349c124bf
SHA512 fc38b3d241bb8315202d2b40821d9a8ca4075ad7ccffe60a97268805e9cb00e83e6136d872f248661843753415b6eee22858a7de829cf60affc4c89c3793dd97

C:\Program Files\dotnet\sdk\8.0.403\DotnetTools\dotnet-format\it\System.CommandLine.resources.dll

MD5 4e92ced559ff6f26d238fc5393dab39f
SHA1 400983302371c5a7ba38e3dba8fbc4c5f8192018
SHA256 37ab1ac8eafeb21cdca5418d01ee65671dacad3fe206f13e8ddb5b199e5ee471
SHA512 0c77f4392b804a0f47e6c535ac7497182cd4a47e19d1d437d15d73ccfc03bb8febe45ae01965eb9e70a77059ed271bcad210f5495998c75b4ec46c1858fc14c3

C:\Program Files\dotnet\sdk\8.0.403\ru\System.CommandLine.resources.dll

MD5 7717b3eae55b3ec74f40699c1b9896c0
SHA1 1483166af6059633de2e20545bc3f3cb6f035304
SHA256 8a24f850a71065e93ae80d3a62903653e1aaff9ff478e05831f288761e4bcc02
SHA512 c988f566875ee73f0e568fb90df423424d9f3f237ebc8cda6b19e6b685ac778435a4fc654ce923a70090579216f6afb14a5663381c505ceaa919ebdda97b239b

C:\Program Files\dotnet\dotnet.exe

MD5 01e656b7c01a9d6554af55b233fe7a6a
SHA1 aa06b39403728e1fa4fa059c973547773ef59dd6
SHA256 a81dda25c2193ca72f6cde2d8b1317a896ff0029387a15ae8e8c25b9d1886591
SHA512 fc15642088a847febb8aac225369b0b257b5e33be2466c2093e61e9bc4ae93e59d94723464c0ca9d760ff2b691bdd1997d418cddc5a01ca89e76b093a50cf852

C:\Users\Admin\.dotnet\TelemetryStorageService\20241109202921_a6ac22987d704415ae0ba140db36bff2.trn

MD5 17671d66ecca1a0f43f14e6c203e465b
SHA1 2972b1623d088df57bfb3f580af4d1cdd138e9c2
SHA256 fddb5224b83f97d0bbb63b921421d837e9ef338936c411300de15ce1e85c50a1
SHA512 6a62c357a661b52f3df81f26d8b25bd5792ec350c54ca135ee00a373193c1c0a0d4071dc0c97c5b36cd86fbd02759ccb02ba68c81fc127dcfa31c5ea9f682395

C:\Config.Msi\e599be2.rbs

MD5 4630e8bc608887d8cc82bed43a24d4e6
SHA1 dfdf7928682e7a5d738fae30fa8b383d5d27df88
SHA256 7e97996574bca41a0fbb76e68e48a5e6ab5d3223020701ccbc3731649cdb7e6d
SHA512 ece0963e9b81f90e069c16028b2df2790b19d14a67f1e6035049dccd0109f60065ae72667cb9d9655265db43d2af675760438cf98edf77f9250d5f2128de17c8

C:\Config.Msi\e599be7.rbs

MD5 62e8d44f1529038155ed4d3c2b63797f
SHA1 d61fc35950f805efebc296aa886ee83c1d18addf
SHA256 58bf02d9e94ccab3f6dc109ca1df19070dac2cff9b61b30e8828846fc1bd5d6a
SHA512 0ea78f5824d41f00bc90edd5b33af3ca413f40e895bb53b27e3769856f91786bd97d54d81cf5adffcc46d4bc063f6c18e77a6a2499d5290d13822fccb84837d8