Analysis Overview
SHA256
9f1ccb3a2f2878c4994260fb3bd901d765846bd515a505c1e1a8132acd380b14
Threat Level: Likely malicious
The file 3.2.2 was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Executes dropped EXE
Loads dropped DLL
Enumerates connected drives
Adds Run key to start application
Checks installed software on the system
Drops file in Program Files directory
Subvert Trust Controls: Mark-of-the-Web Bypass
Drops file in Windows directory
System Location Discovery: System Language Discovery
System Time Discovery
Enumerates physical storage devices
Browser Information Discovery
Suspicious use of SetWindowsHookEx
Modifies registry class
Suspicious behavior: EnumeratesProcesses
NTFS ADS
Modifies data under HKEY_USERS
Enumerates system info in registry
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-09 21:20
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-09 21:20
Reported
2024-11-09 21:26
Platform
win11-20241007-en
Max time kernel
316s
Max time network
317s
Command Line
Signatures
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\dotnet-sdk-6.0.427-win-x64.exe | N/A |
| N/A | N/A | C:\Windows\Temp\{2DE9528E-8E35-4BF8-85C7-A1AB1B41E3AF}\.cr\dotnet-sdk-6.0.427-win-x64.exe | N/A |
| N/A | N/A | C:\Windows\Temp\{315E96D6-881D-4229-95E2-90A0AB83B73D}\.be\dotnet-sdk-6.0.427-win-x64.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\R6Downloader_V3_2_2.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\R6Downloader_V3_2_2.exe | N/A |
Loads dropped DLL
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{da65d3c5-6c27-411f-a0e9-4b828d92a996} = "\"C:\\ProgramData\\Package Cache\\{da65d3c5-6c27-411f-a0e9-4b828d92a996}\\dotnet-sdk-6.0.427-win-x64.exe\" /burn.runonce" | C:\Windows\Temp\{315E96D6-881D-4229-95E2-90A0AB83B73D}\.be\dotnet-sdk-6.0.427-win-x64.exe | N/A |
Checks installed software on the system
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\dotnet\packs\Microsoft.NETCore.App.Host.win-arm\6.0.35\runtimes\win-arm\native\apphost.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\packs\NETStandard.Library.Ref\2.1.0\ref\netstandard2.1\System.Diagnostics.Contracts.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.35\zh-Hans\UIAutomationClientSideProviders.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App\6.0.35\Microsoft.AspNetCore.Components.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\6.0.427\FSharp\System.Security.Cryptography.Pkcs.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\6.0.427\TestHost\tr\Microsoft.TestPlatform.CoreUtilities.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\6.0.427\DotnetTools\dotnet-watch\6.0.427-servicing.24468.28\tools\net6.0\any\pl\Microsoft.CodeAnalysis.Workspaces.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\6.0.427\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.GenerateSupportedRuntime.targets | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\packs\Microsoft.AspNetCore.App.Ref\6.0.35\ref\net6.0\Microsoft.AspNetCore.Hosting.Abstractions.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\6.0.427\de\NuGet.PackageManagement.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\6.0.427\pl\NuGet.LibraryModel.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\6.0.427\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysislevelglobalization_6_none.editorconfig | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\6.0.427\Sdks\Microsoft.NET.Sdk.Worker\targets\Microsoft.NET.Sdk.Worker.targets | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\packs\NETStandard.Library.Ref\2.1.0\ref\netstandard2.1\System.Threading.Tasks.Extensions.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.35\zh-Hans\System.Xaml.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\6.0.427\Sdks\Microsoft.NET.Sdk.Publish\tools\net472\es\Microsoft.NET.Sdk.Publish.Tasks.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\6.0.427\tr\NuGet.CommandLine.XPlat.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\6.0.427\fr\dotnet.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\6.0.427\DotnetTools\dotnet-format\it\Microsoft.CodeAnalysis.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\6.0.427\DotnetTools\dotnet-watch\6.0.427-servicing.24468.28\tools\net6.0\any\tr\Microsoft.CodeAnalysis.CSharp.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\6.0.427\de\NuGet.Packaging.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Private.Xml.Linq.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\packs\Microsoft.NETCore.App.Ref\6.0.35\ref\net6.0\System.Xml.XDocument.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\6.0.427\TestHost\de\Microsoft.VisualStudio.TestPlatform.ObjectModel.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\packs\NETStandard.Library.Ref\2.1.0\ref\netstandard2.1\System.Runtime.Serialization.Formatters.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\6.0.427\TestHost\zh-Hant\Microsoft.TestPlatform.CoreUtilities.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\6.0.427\it\NuGet.Common.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\6.0.427\vstest.console.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\6.0.427\de\Microsoft.Build.Tasks.Core.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\6.0.427\ko\Microsoft.TestPlatform.CommunicationUtilities.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\6.0.427\DotnetTools\dotnet-format\ru\Microsoft.CodeAnalysis.CSharp.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\6.0.427\DotnetTools\dotnet-format\pt-BR\Microsoft.CodeAnalysis.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\6.0.427\cs\Microsoft.DotNet.TemplateLocator.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Cryptography.Csp.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.35\cs\System.Xaml.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\packs\Microsoft.AspNetCore.App.Ref\6.0.35\ref\net6.0\Microsoft.AspNetCore.Authorization.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\6.0.427\DotnetTools\dotnet-watch\6.0.427-servicing.24468.28\tools\net6.0\any\cs\Microsoft.CodeAnalysis.Scripting.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\6.0.427\TestHost\testhost.net461.x86.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\6.0.427\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysisleveldesign_6_all.editorconfig | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\6.0.427\DotnetTools\dotnet-watch\6.0.427-servicing.24468.28\tools\net6.0\any\de\System.CommandLine.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\6.0.427\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.Sdk.targets | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\6.0.427\Extensions\pl\Microsoft.TestPlatform.Extensions.EventLogCollector.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\6.0.427\Sdks\Microsoft.NET.Sdk\analyzers\build\analysislevelsecurity_5_recommended.editorconfig | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\packs\Microsoft.AspNetCore.App.Ref\6.0.35\ref\net6.0\Microsoft.AspNetCore.Mvc.Abstractions.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\6.0.427\FSharp\zh-Hant\FSharp.DependencyManager.Nuget.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\packs\Microsoft.NETCore.App.Ref\6.0.35\ref\net6.0\System.Net.WebSockets.Client.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\6.0.427\Sdks\Microsoft.NET.Sdk.Razor\targets\Microsoft.NET.Sdk.Razor.MvcApplicationPartsDiscovery.targets | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\6.0.427\de\System.CommandLine.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\6.0.427\Sdks\Microsoft.NET.Sdk\codestyle\cs\ja\Microsoft.CodeAnalysis.CSharp.CodeStyle.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\6.0.427\FSharp\fr\FSharp.Compiler.Interactive.Settings.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\6.0.427\DotnetTools\dotnet-format\pl\Microsoft.CodeAnalysis.VisualBasic.Workspaces.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Handles.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Reflection.Emit.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\6.0.427\TestHost\testhost.net452.x86.exe.config | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\packs\Microsoft.NETCore.App.Ref\6.0.35\ref\net6.0\System.Net.Http.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.35\pl\PresentationCore.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\6.0.427\Extensions\it\Microsoft.TestPlatform.Extensions.EventLogCollector.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\packs\Microsoft.AspNetCore.App.Ref\6.0.35\ref\net6.0\Microsoft.Extensions.FileProviders.Abstractions.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\6.0.427\Roslyn\bincore\es\Microsoft.CodeAnalysis.VisualBasic.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\6.0.427\FSharp\fsi.deps.json | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\6.0.427\zh-Hant\NuGet.Configuration.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App\6.0.35\Microsoft.AspNetCore.Metadata.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\packs\Microsoft.AspNetCore.App.Ref\6.0.35\ref\net6.0\Microsoft.Extensions.Configuration.CommandLine.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\6.0.427\DotnetTools\dotnet-format\runtimes\unix\lib\net6.0\System.Drawing.Common.dll | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Installer\MSIF275.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF33B0043D2E9DA33B.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DFFF04671164E72DA8.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF031.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DFF98BFC248FE9163B.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DFB156D1158C2EBA3F.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF0FDF463E7A83DB48.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5ad01b.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{8AA69679-CCD6-42D9-BCDA-99BE386D57B7} | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF68870D40740CA09C.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI651B.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIDD2A.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI105.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File created | C:\Windows\SystemTemp\~DFFFE1950BE1608A8D.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF806F73E69A161691.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI2976.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF984776595C1AC9C2.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{059C32BA-74D1-43F6-9C13-16CC9D5822CE} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF641.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{69B1631F-5F98-4C6C-B757-46B0ECC8EDBB} | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DFFE95E1317228DE98.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{A7036CFB-B403-4598-85FF-D397ABB88173} | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF57E89699101B1C71.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5ad02b.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5ad030.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF16453A10418E2FAF.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5ad025.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DFD7B83EFEB0A32ABE.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF97D39B023ACC38C9.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF1647AF7FBC46D91F.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5ad035.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5ad04e.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\1A10695CB177B6249A7FC6CAAC4CBDE4 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5ad007.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{B6D1CAAB-094D-44D4-A5E6-0377349AB364} | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{BBA9C60D-75E7-44EE-922D-069AA85C8EC1} | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DFA3AE5AC25B671021.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DFB73E60269E396C5D.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI1939.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DFFB999E18E16957A7.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5ad03a.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF589736F9318A291E.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIEE6A.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF67F53853BFC94935.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5acffe.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e5ad012.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI1CA8.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DFD485A869B485DB85.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI250F.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF30636F4B4182162A.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIE117.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF1E19EF887426F7D6.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF4484F33D20717123.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DFAE4462A9CFEAEFB5.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5ad049.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI1AE1.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF0A46118724D1F610.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5ad01c.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DFFDC38B312098B5B7.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\E39B69A3F3677E14587CF1C3CC73FE72\48.108.8828\fileCoreHostExe | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIEB79.tmp | C:\Windows\system32\msiexec.exe | N/A |
Subvert Trust Controls: Mark-of-the-Web Bypass
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\dotnet-sdk-6.0.427-win-x64.exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\R6Downloader_V3_2_2.exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\R6Downloader_V3_2_2.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\R6Downloader_V3_2_2.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Temp\{315E96D6-881D-4229-95E2-90A0AB83B73D}\.be\dotnet-sdk-6.0.427-win-x64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Temp\{2DE9528E-8E35-4BF8-85C7-A1AB1B41E3AF}\.cr\dotnet-sdk-6.0.427-win-x64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\dotnet-sdk-6.0.427-win-x64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
System Time Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\dotnet\dotnet.exe | N/A |
| N/A | N/A | C:\Program Files\dotnet\dotnet.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2f | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3C | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2c | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\33 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\37 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\36 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\38 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\29 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2F | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\35 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\35 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3c | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" | C:\Windows\system32\LogonUI.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\28 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2D | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\34 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\36 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\39 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2E | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\32 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432" | C:\Windows\system32\LogonUI.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\31 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\37 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3B | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3D | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00 | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\28 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2A | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\31 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent | C:\Windows\system32\LogonUI.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\39 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2C | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\33 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3b | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "183" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\32 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3d | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\27 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2d | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3e | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\34 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3a | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133756608789197868" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\29 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2B | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\30 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\30 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" | C:\Windows\system32\LogonUI.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\38 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3A | C:\Windows\system32\msiexec.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\68B90433AC5300042ACF459BDA4774C4\ProductName = "Microsoft .NET AppHost Pack - 6.0.35 (x64)" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NET.Sdk.macOS,6.0.300,x64\ = "{F590F859-2F6A-4559-9D09-A8FC442AF16B}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\windowsdesktop_runtime_48.140.21525_x64\Version = "48.140.21525" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\4964C5FEFCAA02234B5879E00AB47607\FT_ProductInfo | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Dotnet_CLI_HostFxr_48.140.21458_x64 | C:\Windows\Temp\{315E96D6-881D-4229-95E2-90A0AB83B73D}\.be\dotnet-sdk-6.0.427-win-x64.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1A10695CB177B6249A7FC6CAAC4CBDE4\Language = "1033" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\68B90433AC5300042ACF459BDA4774C4\InstanceType = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AB23C9501D476F34C93161CCD98522EC\Version = "814502866" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\2B53EE11CE34DE73B8AFF22272CCFD01\InstanceType = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1523682C7E700A442B8FC4E4A20F9873\DeploymentFlags = "3" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.AspNetCore.SharedFramework_x64_en_US.UTF-8,v6.0.35-servicing.24462.14\Dependents | C:\Windows\Temp\{315E96D6-881D-4229-95E2-90A0AB83B73D}\.be\dotnet-sdk-6.0.427-win-x64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E39B69A3F3677E14587CF1C3CC73FE72\SourceList | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\dotnet_targeting_pack_48.140.21458_x64\DisplayName = "Microsoft .NET Targeting Pack - 6.0.35 (x64)" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6088AB871FBA7ED43B4ADA0845887FA5\Clients = 3a0000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BFC6307A304B895458FF3D79BA8B1837\DeploymentFlags = "3" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\97696AA86DCC9D24CBAD99EB83D6757B | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1C11CBDE3F78C13418158D569EC47FA7\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{EDBC11C1-87F3-431C-8151-D865E94CF77A}v24.8.55382\\" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_HostFxr_48.140.21458_x64\DisplayName = "Microsoft .NET Host FX Resolver - 6.0.35 (x64)" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AB23C9501D476F34C93161CCD98522EC\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{059C32BA-74D1-43F6-9C13-16CC9D5822CE}v48.140.21458\\" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\C6F8C8E41039ADF38B6FB61094C722AC\2B53EE11CE34DE73B8AFF22272CCFD01 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1A10695CB177B6249A7FC6CAAC4CBDE4\PackageCode = "0B63644C19FCF324E8BB5E6C9CCC814A" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1A10695CB177B6249A7FC6CAAC4CBDE4\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{C59601A1-771B-426B-A9F7-6CACCAC4DB4E}v48.140.21458\\" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\68B90433AC5300042ACF459BDA4774C4\Clients = 3a0000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AB23C9501D476F34C93161CCD98522EC\SourceList\Media\1 = ";" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\97696AA86DCC9D24CBAD99EB83D6757B\SourceList\Net | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\958F095FA6F29554D9908ACF44A21FB6\F_PackageContent | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\12D856D4734A13D3AA983C20F81194EF\1523682C7E700A442B8FC4E4A20F9873 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.NET.Sdk.tvOS,6.0.300,x64 | C:\Windows\Temp\{315E96D6-881D-4229-95E2-90A0AB83B73D}\.be\dotnet-sdk-6.0.427-win-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\8DD668DCCC55D4A4D4D58E8AD1BA2D86 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\dotnet_apphost_pack_48.140.21458_x64 | C:\Windows\Temp\{315E96D6-881D-4229-95E2-90A0AB83B73D}\.be\dotnet-sdk-6.0.427-win-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\AB23C9501D476F34C93161CCD98522EC\MainFeature | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\2C195E4FD01863D44B9FCD550103911D\Clients = 3a0000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NET.Workload.Mono.ToolChain,6.0.300,x64\Dependents\{da65d3c5-6c27-411f-a0e9-4b828d92a996} | C:\Windows\Temp\{315E96D6-881D-4229-95E2-90A0AB83B73D}\.be\dotnet-sdk-6.0.427-win-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\6DD41E7F3A253045740E8D31C01180EE\CEE6F97CB2A3D7843A6BDE4F50B7E4B4 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1A10695CB177B6249A7FC6CAAC4CBDE4\ProductName = "Microsoft .NET Host - 6.0.35 (x64)" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BAAC1D6BD4904D445A6E307743A93B46\SourceList\PackageName = "dotnet-apphost-pack-6.0.35-win-x64_arm64.msi" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BFC6307A304B895458FF3D79BA8B1837\Clients = 3a0000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\87B1BED0628581A71197CC0DF90AF82C\C6DE619AECB150A48B0D73D88FD17B56 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1C11CBDE3F78C13418158D569EC47FA7\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{EDBC11C1-87F3-431C-8151-D865E94CF77A}v24.8.55382\\" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1523682C7E700A442B8FC4E4A20F9873\SourceList\PackageName = "Microsoft.NET.Sdk.Maui.Manifest-6.0.300.6.0.312-x64.msi" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\4964C5FEFCAA02234B5879E00AB47607\FT_AspNetCoreSharedFramework | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\810E5A11AA82BD3449439249C0277EAC | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\2B53EE11CE34DE73B8AFF22272CCFD01\PackageCode = "3A0F3EE46D945804D9D5C95AC9D67D31" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\CEE6F97CB2A3D7843A6BDE4F50B7E4B4\Clients = 3a0000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\852FDFC151B573E7472C4B08C5556089\6088AB871FBA7ED43B4ADA0845887FA5 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BAAC1D6BD4904D445A6E307743A93B46\AuthorizedLUAApp = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1A10695CB177B6249A7FC6CAAC4CBDE4\AdvertiseFlags = "388" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BFC6307A304B895458FF3D79BA8B1837\Language = "1033" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\97696AA86DCC9D24CBAD99EB83D6757B\PackageCode = "2E39810667D9F7249BA61BA142BE50B6" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1523682C7E700A442B8FC4E4A20F9873\SourceList | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\83F2FBF4089F7A0409369C6970340B1B\SourceList | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\dotnet_targeting_pack_48.140.21458_x64 | C:\Windows\Temp\{315E96D6-881D-4229-95E2-90A0AB83B73D}\.be\dotnet-sdk-6.0.427-win-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BAAC1D6BD4904D445A6E307743A93B46\PackageCode = "7B5B05168DBE3494AB3B85C2F8B361E1" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.AspNetCore.TargetingPack_x64_en_US.UTF-8,v6.0.35-servicing.24462.14\Dependents\{da65d3c5-6c27-411f-a0e9-4b828d92a996} | C:\Windows\Temp\{315E96D6-881D-4229-95E2-90A0AB83B73D}\.be\dotnet-sdk-6.0.427-win-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\2C195E4FD01863D44B9FCD550103911D | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F1361B9689F5C6C47B75640BCE8CDEBB\PackageCode = "CA0D1192069927A4E9B0E79E4F6D0EC8" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\EE3C3B8068D5BB24480D971EB747F9CB\Clients = 3a0000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_SharedHost_48.3.31210_x64\DisplayName = "Microsoft .NET Host - 6.0.35 (x64)" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1A10695CB177B6249A7FC6CAAC4CBDE4\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{C59601A1-771B-426B-A9F7-6CACCAC4DB4E}v48.140.21458\\" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\F1361B9689F5C6C47B75640BCE8CDEBB\F_DependencyProvider | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4964C5FEFCAA02234B5879E00AB47607\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{EF5C4694-AACF-3220-B485-970EA04B6770}v6.0.35.24462\\" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\CEE6F97CB2A3D7843A6BDE4F50B7E4B4\Version = "814502866" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\810E5A11AA82BD3449439249C0277EAC\AdvertiseFlags = "388" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\netstandard_targeting_pack_24.0.28113_x64\Dependents\{da65d3c5-6c27-411f-a0e9-4b828d92a996} | C:\Windows\Temp\{315E96D6-881D-4229-95E2-90A0AB83B73D}\.be\dotnet-sdk-6.0.427-win-x64.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\R6Downloader_V3_2_2.exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\dotnet-sdk-6.0.427-win-x64.exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\LogonUI.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\3.2
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe9d85cc40,0x7ffe9d85cc4c,0x7ffe9d85cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1764,i,12742299615116956718,2659825496964581581,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1760 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1616,i,12742299615116956718,2659825496964581581,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2096 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2180,i,12742299615116956718,2659825496964581581,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2196 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3068,i,12742299615116956718,2659825496964581581,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3228 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3148,i,12742299615116956718,2659825496964581581,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3280 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4440,i,12742299615116956718,2659825496964581581,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3064 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4632,i,12742299615116956718,2659825496964581581,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4636 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4712,i,12742299615116956718,2659825496964581581,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4724 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4588,i,12742299615116956718,2659825496964581581,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4880 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4900,i,12742299615116956718,2659825496964581581,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4884 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4880,i,12742299615116956718,2659825496964581581,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5060 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5084,i,12742299615116956718,2659825496964581581,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4644 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5064,i,12742299615116956718,2659825496964581581,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5116 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5124,i,12742299615116956718,2659825496964581581,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5052 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5228,i,12742299615116956718,2659825496964581581,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4568 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5328,i,12742299615116956718,2659825496964581581,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5364 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=868,i,12742299615116956718,2659825496964581581,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4988 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5376,i,12742299615116956718,2659825496964581581,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4636 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=4312,i,12742299615116956718,2659825496964581581,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3052 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4508,i,12742299615116956718,2659825496964581581,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4404 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5212,i,12742299615116956718,2659825496964581581,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5500 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5480,i,12742299615116956718,2659825496964581581,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5128 /prefetch:8
C:\Users\Admin\Downloads\dotnet-sdk-6.0.427-win-x64.exe
"C:\Users\Admin\Downloads\dotnet-sdk-6.0.427-win-x64.exe"
C:\Windows\Temp\{2DE9528E-8E35-4BF8-85C7-A1AB1B41E3AF}\.cr\dotnet-sdk-6.0.427-win-x64.exe
"C:\Windows\Temp\{2DE9528E-8E35-4BF8-85C7-A1AB1B41E3AF}\.cr\dotnet-sdk-6.0.427-win-x64.exe" -burn.clean.room="C:\Users\Admin\Downloads\dotnet-sdk-6.0.427-win-x64.exe" -burn.filehandle.attached=608 -burn.filehandle.self=756
C:\Windows\Temp\{315E96D6-881D-4229-95E2-90A0AB83B73D}\.be\dotnet-sdk-6.0.427-win-x64.exe
"C:\Windows\Temp\{315E96D6-881D-4229-95E2-90A0AB83B73D}\.be\dotnet-sdk-6.0.427-win-x64.exe" -q -burn.elevated BurnPipe.{49546B41-214D-48B2-A97B-D501EF853BE2} {F7C72383-62EA-44A6-81BC-53F52505540B} 3216
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 0202705D51ACDA6FD3DFD6578E86F7B7
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding CD06B780547BC7B39E0640194583EC5E
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 617E066464FA0BB3F8679A42C0622B48
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding ABD93D5355261375C6CC1BDD735C264C
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 0275BF51B8535F06D1A2F3FD7B9C40BA
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 1B6E4628FA0DE2EA854C8135E465B5A4
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding DD419FA8957AD06B79B8B6878A64317D
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 0D6D742DC1A62EF0765774C681257B11
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 1CD37A0E5C1006DBBE650EB43A6869FA
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 4993DE360B6A91CA1BA0E6FB3CDE06DA
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 60D1256C20145920BE6C14CFD5236112
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5424,i,12742299615116956718,2659825496964581581,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5792 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=5980,i,12742299615116956718,2659825496964581581,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6024 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6148,i,12742299615116956718,2659825496964581581,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5944 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6268,i,12742299615116956718,2659825496964581581,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6276 /prefetch:8
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 8FC999948243522F658D038876D49E98
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 32DA7CF9D7DCCBC9907C9C170A81B95A
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 71720F01CAF02A8547B99D3C0B73DDD1
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding F8E15F3D8FF1CFAD9AAD71305CC1CAF9
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding DB645E3D1927937487C348C26C38F789
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding F65AB62B18449AB2571A2573A2AEEDF4
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding E04CBB35B27F13EE08C1FCBF8F7A3ED4
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 4EE814CBDD648D455D7D63989BA853D6
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 69CCC1BCE9F291F1092646CA3C135E94
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding EB557350F5D6154EF389E7A6B720CA38
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 96AF23493F24F00E550E7F22F626B854
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=4892,i,12742299615116956718,2659825496964581581,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6560 /prefetch:1
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding DB4247C49CB6E49410B9D4917216602C E Global\MSI0000
C:\Program Files\dotnet\dotnet.exe
"C:\Program Files\dotnet\\dotnet.exe" exec "C:\Program Files\dotnet\\sdk\6.0.427\dotnet.dll" internal-reportinstallsuccess "C:\Users\Admin\Downloads\dotnet-sdk-6.0.427-win-x64.exe"
C:\Windows\system32\getmac.exe
"C:\Windows\system32\getmac.exe"
C:\Windows\system32\getmac.exe
"C:\Windows\system32\getmac.exe"
C:\Windows\system32\getmac.exe
"C:\Windows\system32\getmac.exe"
C:\Windows\system32\getmac.exe
"C:\Windows\system32\getmac.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=6752,i,12742299615116956718,2659825496964581581,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6576 /prefetch:1
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 18133574617DF114AE9FBF95336A313F
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6768,i,12742299615116956718,2659825496964581581,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6816 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6988,i,12742299615116956718,2659825496964581581,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7116 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6788,i,12742299615116956718,2659825496964581581,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6784 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6812,i,12742299615116956718,2659825496964581581,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3292 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5920,i,12742299615116956718,2659825496964581581,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5820 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6248,i,12742299615116956718,2659825496964581581,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6256 /prefetch:8
C:\Users\Admin\Downloads\R6Downloader_V3_2_2.exe
"C:\Users\Admin\Downloads\R6Downloader_V3_2_2.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\D955.tmp\D956.tmp\D957.bat C:\Users\Admin\Downloads\R6Downloader_V3_2_2.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" ECHO C:\Users\Admin\Downloads "
C:\Windows\system32\find.exe
FIND /C "OneDrive"
C:\Windows\system32\mode.com
MODE 100,50
C:\Program Files\dotnet\dotnet.exe
dotnet --version
C:\Windows\system32\findstr.exe
findstr /C:"8.0"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://dotnet.microsoft.com/download/dotnet/thank-you/sdk-8.0.400-windows-x64-installer
C:\Program Files\dotnet\dotnet.exe
dotnet --version
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffea0223cb8,0x7ffea0223cc8,0x7ffea0223cd8
C:\Program Files\dotnet\dotnet.exe
dotnet --list-runtimes
C:\Program Files\dotnet\dotnet.exe
dotnet --list-sdks
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1952,17577822651436901812,639026584042663575,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1980 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1952,17577822651436901812,639026584042663575,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1952,17577822651436901812,639026584042663575,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2560 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,17577822651436901812,639026584042663575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,17577822651436901812,639026584042663575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
C:\Users\Admin\Downloads\R6Downloader_V3_2_2.exe
"C:\Users\Admin\Downloads\R6Downloader_V3_2_2.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\166E.tmp\166F.tmp\1670.bat C:\Users\Admin\Downloads\R6Downloader_V3_2_2.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" ECHO C:\Users\Admin\Downloads "
C:\Windows\system32\find.exe
FIND /C "OneDrive"
C:\Windows\system32\mode.com
MODE 100,50
C:\Program Files\dotnet\dotnet.exe
dotnet --version
C:\Windows\system32\findstr.exe
findstr /C:"8.0"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://dotnet.microsoft.com/download/dotnet/thank-you/sdk-8.0.400-windows-x64-installer
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffea0223cb8,0x7ffea0223cc8,0x7ffea0223cd8
C:\Program Files\dotnet\dotnet.exe
dotnet --version
C:\Program Files\dotnet\dotnet.exe
dotnet --list-runtimes
C:\Program Files\dotnet\dotnet.exe
dotnet --list-sdks
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1808,8390634640148294508,5027648678434469580,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1856 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1808,8390634640148294508,5027648678434469580,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1808,8390634640148294508,5027648678434469580,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,8390634640148294508,5027648678434469580,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,8390634640148294508,5027648678434469580,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,8390634640148294508,5027648678434469580,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1808,8390634640148294508,5027648678434469580,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5476 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,8390634640148294508,5027648678434469580,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa39d4855 /state1:0x41c64e6d
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| GB | 142.250.200.42:443 | content-autofill.googleapis.com | tcp |
| GB | 216.58.201.110:443 | apis.google.com | tcp |
| GB | 142.250.200.42:443 | content-autofill.googleapis.com | udp |
| GB | 172.217.16.238:443 | play.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.178.14:443 | clients2.google.com | tcp |
| GB | 216.58.213.1:443 | clients2.googleusercontent.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | udp |
| GB | 142.250.200.42:443 | content-autofill.googleapis.com | tcp |
| US | 13.107.246.65:443 | dotnet.microsoft.com | tcp |
| US | 13.107.246.65:443 | dotnet.microsoft.com | tcp |
| US | 13.107.246.65:443 | dotnet.microsoft.com | tcp |
| US | 23.192.22.93:443 | www.microsoft.com | tcp |
| GB | 216.58.213.3:443 | beacons.gcp.gvt2.com | tcp |
| GB | 216.58.213.3:443 | beacons.gcp.gvt2.com | tcp |
| DE | 34.89.141.94:443 | e2c16.gcp.gvt2.com | tcp |
| GB | 172.217.169.35:443 | beacons.gvt2.com | tcp |
| US | 23.192.22.93:443 | www.microsoft.com | tcp |
| US | 13.107.246.65:443 | dotnet.microsoft.com | tcp |
| US | 13.107.246.65:443 | dotnet.microsoft.com | tcp |
| IE | 52.16.17.254:443 | w.usabilla.com | tcp |
| NL | 18.239.15.158:443 | d6tizftlrpuof.cloudfront.net | tcp |
| US | 20.9.155.145:443 | westus2-0.in.applicationinsights.azure.com | tcp |
| US | 20.189.173.13:443 | browser.events.data.microsoft.com | tcp |
| US | 20.189.173.13:443 | browser.events.data.microsoft.com | tcp |
| US | 20.189.173.13:443 | browser.events.data.microsoft.com | tcp |
| US | 20.9.155.145:443 | westus2-0.in.applicationinsights.azure.com | tcp |
| US | 20.189.173.13:443 | browser.events.data.microsoft.com | tcp |
| US | 199.232.214.172:443 | ctldl.windowsupdate.com | tcp |
| US | 199.232.214.172:443 | ctldl.windowsupdate.com | tcp |
| NL | 18.239.15.158:443 | d6tizftlrpuof.cloudfront.net | tcp |
| NL | 18.239.15.158:443 | d6tizftlrpuof.cloudfront.net | tcp |
| NL | 18.239.15.158:443 | d6tizftlrpuof.cloudfront.net | tcp |
| GB | 216.58.213.10:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| GB | 216.58.213.3:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 8.8.8.8:53 | westus2-0.in.applicationinsights.azure.com | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| GB | 216.58.204.74:443 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.16.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | tunnel.googlezip.net | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| GB | 216.58.204.74:443 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 2.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.34.239.216.in-addr.arpa | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| GB | 172.217.16.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | 154.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| GB | 216.58.213.10:443 | ogads-pa.googleapis.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| GB | 216.58.213.10:443 | ogads-pa.googleapis.com | udp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.113.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 185.199.110.133:443 | objects.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dotnet.microsoft.com | udp |
| US | 8.8.8.8:53 | dotnet.microsoft.com | udp |
| US | 13.107.246.65:443 | dotnet.microsoft.com | tcp |
| US | 13.107.246.65:443 | dotnet.microsoft.com | tcp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | js.monitor.azure.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 13.107.246.65:443 | js.monitor.azure.com | tcp |
| US | 23.192.22.93:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | dotnet.microsoft.com | udp |
| US | 8.8.8.8:53 | dotnet.microsoft.com | udp |
| US | 13.107.246.65:443 | dotnet.microsoft.com | tcp |
| GB | 88.221.135.17:443 | tcp | |
| US | 13.107.246.65:443 | dotnet.microsoft.com | tcp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 92.123.128.189:443 | r.bing.com | tcp |
| GB | 92.123.128.189:443 | r.bing.com | tcp |
| GB | 92.123.128.189:443 | r.bing.com | tcp |
| GB | 92.123.128.189:443 | r.bing.com | tcp |
| GB | 92.123.128.189:443 | r.bing.com | tcp |
| GB | 92.123.128.189:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 23.192.22.93:443 | www.microsoft.com | tcp |
| US | 13.107.246.65:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | target.microsoft.com | udp |
| US | 8.8.8.8:53 | microsoftmscompoc.tt.omtrdc.net | udp |
| US | 8.8.8.8:53 | 189.128.123.92.in-addr.arpa | udp |
| US | 23.192.22.93:443 | www.microsoft.com | tcp |
| US | 13.107.246.65:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | download.visualstudio.microsoft.com | udp |
| US | 199.232.210.172:443 | download.visualstudio.microsoft.com | tcp |
| US | 199.232.210.172:443 | download.visualstudio.microsoft.com | tcp |
| US | 8.8.8.8:53 | w.usabilla.com | udp |
| IE | 52.30.162.214:443 | w.usabilla.com | tcp |
| US | 8.8.8.8:53 | 163.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.162.30.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.39.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | d6tizftlrpuof.cloudfront.net | udp |
| NL | 18.239.15.158:443 | d6tizftlrpuof.cloudfront.net | tcp |
| NL | 18.239.15.158:443 | d6tizftlrpuof.cloudfront.net | tcp |
| NL | 18.239.15.158:443 | d6tizftlrpuof.cloudfront.net | tcp |
Files
\??\pipe\crashpad_4676_NIIJWIKILAOBRFFI
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Temp\scoped_dir4676_1808913169\5680edda-7fbc-473f-af57-2d14f370fcd9.tmp
| MD5 | da75bb05d10acc967eecaac040d3d733 |
| SHA1 | 95c08e067df713af8992db113f7e9aec84f17181 |
| SHA256 | 33ae9b8f06dc777bb1a65a6ba6c3f2a01b25cd1afc291426b46d1df27ea6e7e2 |
| SHA512 | 56533de53872f023809a20d1ea8532cdc2260d40b05c5a7012c8e61576ff092f006a197f759c92c6b8c429eeec4bb542073b491ddcfd5b22cd4ecbe1a8a7c6ef |
C:\Users\Admin\AppData\Local\Temp\scoped_dir4676_1808913169\CRX_INSTALL\_locales\en_CA\messages.json
| MD5 | 558659936250e03cc14b60ebf648aa09 |
| SHA1 | 32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825 |
| SHA256 | 2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b |
| SHA512 | 1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\dasherSettingSchema.json
| MD5 | 4ec1df2da46182103d2ffc3b92d20ca5 |
| SHA1 | fb9d1ba3710cf31a87165317c6edc110e98994ce |
| SHA256 | 6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6 |
| SHA512 | 939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\_locales\en_CA\messages.json
| MD5 | 07ffbe5f24ca348723ff8c6c488abfb8 |
| SHA1 | 6dc2851e39b2ee38f88cf5c35a90171dbea5b690 |
| SHA256 | 6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c |
| SHA512 | 7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | 1c533382c96c4bec57cc6b03e5466b9b |
| SHA1 | 5cca79d99e26b79cb002300615ae638b0ca12d29 |
| SHA256 | 7addab5c71b1c5e9633884017cd0ff56cf5389fd8221927977a142141c74a8c8 |
| SHA512 | 47f3086ab8b1d150bed0bca1840bbd74009e684248f8d6502097c0f2d09f88bd5b07e988ff007af0bb36dd3254ad6f1036fa602868b941a0b5bd97366cc7f740 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008
| MD5 | e579aca9a74ae76669750d8879e16bf3 |
| SHA1 | 0b8f462b46ec2b2dbaa728bea79d611411bae752 |
| SHA256 | 6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf |
| SHA512 | df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 6feb79b1248fa9afa49b1b490e7e0880 |
| SHA1 | 01d704ff9444b55e577a739f98c3531566c4539c |
| SHA256 | ade5062773141bbb295f00cfabd22b9da7451c13aae514dd7cf825756d65f92f |
| SHA512 | 2599d7fa4fa1c6ffdd040b3c6b582ef1c8f72f3e834bf1e62839c1aeca2b8d5bcd260d8cdb1a9011c735bd141499a8e0f769759d5c9774789c2c320ad3c55416 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | bde2ca8e03f4ea2cda0b203a5b2c543e |
| SHA1 | 2dd8e8a5a46ed4d9ad238206b0635b9539a625a0 |
| SHA256 | 5d9680d34eeac131d581e064f3d067c68983a853aa91f31abfc064aed166c325 |
| SHA512 | e45431c18c18e43ea4af037ea79db824f572826a17010afa1b4fffc1598896878494a2d8c9eb8baf6d918175abddd66552d06d5e200f668a0628daf29b9c3b4d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e9b692bcc81bd28dce887ab243a2068e |
| SHA1 | 1eee767190a12a5340addae636da37f05ad47b29 |
| SHA256 | 49b341d0543adfbce5617d294937b7ffd8a82ea3940b92fdea6bf282d792f568 |
| SHA512 | f779fc2e6664b9da33f122473d5bdf368f42aeb91409b2e956a969b7c8b8a0bae25aa741befc5f9ef842f60c7a1446cfcdf0a1940fa2e5d4842e0e6503b75d51 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | d2a6f5ffd26f18970b1284585e1f0e1e |
| SHA1 | 7199c71fbf185766d466c1c835d0e7b69bc79d5e |
| SHA256 | 5fe3124161ae3fe10a6e3a0d1cd4f37d3b73cdc0e39bcbc4a5e50e868ebe7bf1 |
| SHA512 | 8bacc92e6e28fb39482e0cd9455dac63f11d1e1f1ff9b3105035502759cd3831992e07571e01108f7ad39bea4dd9eb297e38f5197676dec382253492f74549ac |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 52f74b64a5f4da71d07b3f22cbf47fe6 |
| SHA1 | 5dd180b125695f81fb2d7103ae1c98604498c92a |
| SHA256 | 4e21b332183cafcfbb9a73c62ced9358a7b671a9b473ccb358d8978eb645fbc0 |
| SHA512 | 65734361e2f847243d0b1e217ffad3c68729867b263c3727a7cdb578d8beee0f6cf3d89aa6f3e3724846bca04c3c2b0f03b1bb28165e59bdbac21078abe4a63b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 352525e8ecb6a5dab0a3414545e71576 |
| SHA1 | d791649cbae33ca8e3e16183063dba60503fb4a8 |
| SHA256 | 910335d671bc508d94fdeca988cc33b451ec4fc3c0be9dc0a2f9cace3923ffa8 |
| SHA512 | 06da606e0d0a8d7208f5696de63c303fd078a1a76264379a8f30b53750fb2d9b73221e9164f64f49955081cfea783d6c99a5bbaf4282c4c74e921257008dac26 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 337d94de2a3b723154b461eb9da672b1 |
| SHA1 | 364e0fa2188b8df3455ef3cfbf4138e1f1e3f58e |
| SHA256 | a7d00fdad87192f2b75e37eb1d2066cd1535ad0b48252e908a9166155e898214 |
| SHA512 | 305d846c3270b372705d12170bb1754ce1f9da8be0fca8c356f95df0efec181afedd5510a0969a3f143cbd647fb7d5d049e8431e280a16443a71d85e29a611e9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 4cd2f617085a2e06a67717de6a2c6770 |
| SHA1 | d2b85bbd884ff9a39398f76a5bd2e298c2b6bc64 |
| SHA256 | c695128c27f98df62e1c32a9da0d7aee010e92f6eb6592c776aa13ed515dc6e2 |
| SHA512 | fa636888da902e6d2ac055aff66abc5c80e1cccc5484c223171173d4e7fa06bf23e9be9be27e4667cf0ff9b9954e0813fc7b997f926cf3898671d98e878f5ebb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e577ba8e1fb7633278a7abbdd9f0e6bc |
| SHA1 | 36e7f8c42e295a6173b893b5b45e5d6a20b514c4 |
| SHA256 | 22ae3731ee9a49d783dde48630887f1ec2c4c85077dfbd87045d1a3551b57893 |
| SHA512 | 020ddeb24db5641f8554b30e5af8fee789f3771af2d180a2f54745d1e63e1de4d73b5ded237c20108e0f00c3b89965f6d450734ab52cfb08cb1f2bd9c37e5d0c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d73a2ef5ee1218bff822a55a8792e1f6 |
| SHA1 | b4754c1e0d4cdf679db026b9fcfa1b932b1c34fb |
| SHA256 | 0b95f8fc0426a275e0075e5a47b4329f991de9e32ea5a38c9d6c7e6f87152ee0 |
| SHA512 | 4a553dd681024682304cd296864a15faf5e03c681b479034ee284039dd96f94e90ded4d8f91cdfb9e1f754081e408074858abf0bb5a7196c9b4ea6747116a10f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4d54a9e7acaedcc387b6ad4dc0a5e28c |
| SHA1 | 3ae949f6adbf0f6c5d37d9c2c0f713422b379088 |
| SHA256 | 39a961e208250da9c4db3c152fc59090e338c602aa621d4d636a1a0f7fa744a0 |
| SHA512 | 286d6e777ba2e888b3fe836fc52fc883bdd9cad9de7732e56969d537ca977c69d8105a6673d17c556801ab5277aa723b824b2809b5e04a398a2168d2a3732f85 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4556473f2778a39c3d3c2c280043eebe |
| SHA1 | b72aadb6c143ad9183ac73e1ef830296c5bd37dd |
| SHA256 | 8401d99688db1e9acb1fe9fa4036227b3a2516d098923caa90a6e5a63a4458c3 |
| SHA512 | 9e3a28612e838db5145b3484ba4df884a8dc0c5cdfd8a2a549222e1392b02ce81bd1bf60fb0f7c7f921081b16629714e99c89cd0fba167b662a198590ad9a61c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | fdd139ca52ecc7c313b550c9d4a1b2f6 |
| SHA1 | 4dab26e60dbb9caa334260baf51815eaa9d97b8f |
| SHA256 | 32bd2459fa28656182983a1bd25c404372fff784c713aa2722c2fe453e0664c4 |
| SHA512 | 812baa25e3c0274553bde189eead5522ec248fb35afe362d4eb48d5efc46e67e079f7610e79a33d1ff6d557f82a220de0479da3fd41e3cb87252f1b33bac78c3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1b48d9fd68c0cb40af0be7839431ccdd |
| SHA1 | 441985ec5124f5bdd60a549a8898efc04e4b1e7f |
| SHA256 | a55a2d1e15eb89411d555c8013f0ebd536102ce5fd9de466e33562bbfbb582a7 |
| SHA512 | 39dd31b85a9fa280fa1c72bbfde23e3e88578ad1014b12335a9ce78935e0a25bc4c319dd8af7d275591b39bf2fd6faf14e903ac88ed1ffddb6b910a74805be77 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a6415be994cd4aa7aba377b3fb07b4fe |
| SHA1 | a1003e451f69a5519a6b7c002e078f9d828629a7 |
| SHA256 | 0ec27ab192268a5aa7efdc10e02f144efced32e79b71126fd722571452eb861e |
| SHA512 | 54a6d5eed7d51986d9747c3e292e6857b1bfce730c5f8971ab6106bc15781a4b855a9e4d93ecd7df05b1c908a5fc49114f455cc882f0ab60cb60feafdf0cc654 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e5a8f6ee924e648af92c3378ee68a2b3 |
| SHA1 | 72b56800fcdff680831fb12ce7bbda08fe8e79fa |
| SHA256 | 221d49a10d654560d2b463e49fc12d35a9262985f7618c55a34b5ee841187d83 |
| SHA512 | 2898d27a269671d0db377a23dc2528dd377c0fc533275d0cff9c38e3accaebf008f87e3e24b7d06b9e07886567984ac1c8c378796f29313e413646cbfa135b35 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 64f9b606ba556e2d1501cb7ed4b2f883 |
| SHA1 | d613325962eebc491147f62d0564f9ee57d1177f |
| SHA256 | cb7d2bd07bde910a8686136a3f8d3b5aa298fc4ad5b0dff4508bf3de40933c6a |
| SHA512 | 6cf45b41e2d590c0db5ca519ecfd16402847c28222293397c260fd59bfd3e70936e4db2fb0870decf631d1a673d888926aea7ae8b3818aca5b375f23021012f4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 36964ba0862ecdd962f0a36e9faca7b3 |
| SHA1 | 347439f593fe1829feaf4dea0a637e26c25841cb |
| SHA256 | 15c4e3547043871a0e5261dca4440b45133886b6b6c03c96fb996659e721ffb5 |
| SHA512 | 410c258694be36817b121a62364bf46735f861f0ee18e723e7c0efe7d3c9068f1f451f88d9a51df58dccec448ade62125a0a0113903faea51e96430f7091987b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 325ae8539659fd52fbfbe2dd56d3cf35 |
| SHA1 | f04c30f6f7144a3d3f980658eaf5ba50ac0f8b5f |
| SHA256 | c1017dcf687b38b68e675a04f290d96b5087d2020cdc28ae9de61bddb25b8c41 |
| SHA512 | 7594d74a81ebc4c39b74a017e3bf064bdfca4c4ac64d71ff5a99d81c2bfa128a525a907bd1229337a15882d4ddb94e84a5d276d6cb828facdc76846f17d5e6de |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
| MD5 | f49655f856acb8884cc0ace29216f511 |
| SHA1 | cb0f1f87ec0455ec349aaa950c600475ac7b7b6b |
| SHA256 | 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba |
| SHA512 | 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8 |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
| MD5 | b5ad5caaaee00cb8cf445427975ae66c |
| SHA1 | dcde6527290a326e048f9c3a85280d3fa71e1e22 |
| SHA256 | b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8 |
| SHA512 | 92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
| MD5 | d222b77a61527f2c177b0869e7babc24 |
| SHA1 | 3f23acb984307a4aeba41ebbb70439c97ad1f268 |
| SHA256 | 80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747 |
| SHA512 | d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8c5f0b1767f455dac5e0ff43acf23864 |
| SHA1 | d0a0ffd83b769448195053a098cab7b1567b9dda |
| SHA256 | 84026960925c2cd3e0a985f02e8bb91c0f2b6fe73b858a0f9919ff56ab68e6e3 |
| SHA512 | 4f9d710d75ce23203c2ed763471a8a08d34d3d190358fb8276f23d1eb168bbbc5fdecc2b81a4b1fbe16b7ce9d7232a8ff7ee61e075c825778264350b6af4b2e1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 01111fc911e1366bdd6baefe1a53abe3 |
| SHA1 | 998032abce6b1626cb4673ab67e1b6c00aac4c65 |
| SHA256 | 9d369fc6f7000911178ae7cb39237d6d017eac89cadc88788979b490f7bcdbfb |
| SHA512 | 0c82e8370667cacaf22d83104b9887ff84b971a87dab0187e22dc3737141506a0eb15101e53f53b1ba52f0a48d2bd518baecb7382cdbc785d07f7f50b7c4dc83 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | bea0799effc66d7426fb8febb51144cb |
| SHA1 | d03c96b1adf9bcc0a568c68424709313bd8e5c05 |
| SHA256 | e520e32e192b45282283ffc44c25f98d3f0630f8b68eff6f0ec071d2a16bf310 |
| SHA512 | 3bab97a779bdae2aeb212318bc66ea007b0fa87c6bc8a129cd3e65ac13aa40af96f52b75abf1537a9a042c84f23930afdf190deaca83f5efc05edf5df9145a2d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5a388bb9f6d2e1faef6c46b497c5a2ad |
| SHA1 | f028f37b61d70bc86d7b476e9d3d40a6847503c2 |
| SHA256 | b4023a9d705d5ec52469b71ed8e37cf54b4dbb1c6347c44fda0bd1f76d4b9f11 |
| SHA512 | 8247beac0569d72ca56866e2d0f54dd11934ff885b98a0cc88e3583082ef5670bacf3b5892d3fd84bbf393e7175b9d37088796e085ed0ed4d1f06b903b4d287a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | fb8377531bf08aa3ef26c2f97887d1bb |
| SHA1 | f29f1e5b39ade52d590caa7f79f9ab8a2b544976 |
| SHA256 | d7b8148a18ed693836e8f0db5646398c435483345f826a408330f47e5c33e5f0 |
| SHA512 | cbd9e09ca9afe4b4b5d61a65c0832ae1dcd150b6790462e1e0ffe5ccba11cfbebb83db7e33be9a760df766b9efea2d4e852ea89d776f80f9aa00bd1cbdd16a22 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | cbb7010eb3b5fbfdf8544ad08ae38d0a |
| SHA1 | 01c77c9715ee23468f275ceef4bc091cfd1cc3f5 |
| SHA256 | 39905eecf87a55b7e647538bebeddc09d6cbd77866289a2564e1d243bc4618e3 |
| SHA512 | 7eaf3d5629b087e8f9c1073da59b81a5cc11af19027af589414fc9881f61745d9c01e76dbf8c4a2b7340b701c5908bb840b5cd645385e1cc87d5dd6391f239e1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | fd92b7e37a42c80b114a93a9a7a66154 |
| SHA1 | b42963cd42572d918b6e907e4f042ce37faa8644 |
| SHA256 | d5dc2fbc64639ee1838d8c917a52ac82bd1ff649d733392eccfdab6174bdc20f |
| SHA512 | 82624db0f4e0f4d7b68693eba525902b39f1fa1846f68a812a45f30a525a97e34be2e5e38315fcdaf1b7b4690cbe66b3ce74eb3637e000fb14d972d27fe28437 |
C:\Users\Admin\Downloads\dotnet-sdk-6.0.427-win-x64.exe:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b7cfea5d0fe657b32f441afbcad71e52 |
| SHA1 | 9e522830b03314b525e1a5775a95652c83ff6c20 |
| SHA256 | b8375d380a5df2dd5834a6ed43d642b2c32df72698d866e71d90d09ee9f1090b |
| SHA512 | 0e153c7f893130cae72a460eb31eaa9045911b6757494c35aee45ce180e5ee4765823654de4099580b1b8022dc346df6591a32533d7f3354fff0739023e46e48 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e07fedbfb70020d5e330d235dcba98e8 |
| SHA1 | 4ed59850cd38018a1741d59f9c2ba03a7737b0a4 |
| SHA256 | b85ac603d771cf61e89a3fb987efd2aaf768b62f7984ba0f2bf9a636f809a95a |
| SHA512 | 24aa8bd84f4268d5809041249e15ddf3a08bc8be286b269c4c61062a460214d42042f8032b50e993bcbfea9dd73490bb286287a82b9944a32c22b2ce658aff7c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 944f6fd8d886a00ffd9276a8020d70ac |
| SHA1 | bf9c69605d3e6efcaf8d1d14333e41ef15ce76b6 |
| SHA256 | 791108b820fd39d00cbaa6cdde33626138e72837a3b6aa17842723c42f751519 |
| SHA512 | c56931c00d37789c06351c03ea5e1f40774642f574c7fb5090e6079c3dda64b704222fd91167571f4c26e94a76e558083dd630de382d228752edb7f5889c9696 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 55522434ead8405c5d92043574b6b6ac |
| SHA1 | 221b22078e23a84dead130e46cb6cfb7ded046a6 |
| SHA256 | 560435dbb1292112022452f8b406f07bc284659fb18cc963e9c1ad0af115eda9 |
| SHA512 | 7018ea8cf8a8dc4380c548f3de2748a4a7f49efee6760c9316184f856b6da6f167924c2d85a5e9949bd445ec76a4f5edfdb829f13d048dfc89893ecca93ac23e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 882e9304790d7dfcdd016bf64640df0c |
| SHA1 | a93acb30615609042c59bcce58becaad9b034b6a |
| SHA256 | d442a745614cb42002eccc027bb0753f8b41875dfed0d0971aa87a69b6ee0806 |
| SHA512 | 407fe60ba09f6b813383c0d33cfd883fad897f95f7413e2c20a55907966553d5155de05d38174ba869f07c20d5e04a793b6228650029cbdb52e2bd1caab94091 |
C:\Windows\Temp\{2DE9528E-8E35-4BF8-85C7-A1AB1B41E3AF}\.cr\dotnet-sdk-6.0.427-win-x64.exe
| MD5 | 2aa39604e2759fe7e02856cb480a6b84 |
| SHA1 | f30f81a7bd13ef3f59e26e885954281379df484b |
| SHA256 | 612072d84c3172a2c39f9e46f2f2f67dcce21d1d307c26c3583de40f8a13df11 |
| SHA512 | caac312e645d990dc248d9b2b2fce62ee090b25caf9e5d7b5fe77f86fbce5e3aa442885072ca10bf79ae0cd412251f86e652ac7d5a751d33365c0e76ff38dd7a |
C:\Windows\Temp\{315E96D6-881D-4229-95E2-90A0AB83B73D}\.ba\wixstdba.dll
| MD5 | f68f43f809840328f4e993a54b0d5e62 |
| SHA1 | 01da48ce6c81df4835b4c2eca7e1d447be893d39 |
| SHA256 | e921f69b9fb4b5ad4691809d06896c5f1d655ab75e0ce94a372319c243c56d4e |
| SHA512 | a7a799ecf1784fb5e8cd7191bf78b510ff5b07db07363388d7b32ed21f4fddc09e34d1160113395f728c0f4e57d13768a0350dbdb207d9224337d2153dc791e1 |
C:\Windows\Temp\{315E96D6-881D-4229-95E2-90A0AB83B73D}\.ba\bg.png
| MD5 | 9eb0320dfbf2bd541e6a55c01ddc9f20 |
| SHA1 | eb282a66d29594346531b1ff886d455e1dcd6d99 |
| SHA256 | 9095bf7b6baa0107b40a4a6d727215be077133a190f4ca9bd89a176842141e79 |
| SHA512 | 9ada3a1757a493fbb004bd767fab8f77430af69d71479f340b8b8ede904cc94cd733700db593a4a2d2e1184c0081fd0648318d867128e1cb461021314990931d |
C:\Windows\Temp\{315E96D6-881D-4229-95E2-90A0AB83B73D}\windowsdesktop_targeting_pack_6.0.35_win_x64.msi
| MD5 | 4aeb83ee03aa3171cb0458a60f16ca29 |
| SHA1 | 41aa856e01dd180fb3d615f363d5b5d521e5e10f |
| SHA256 | 46dd825e5fa41203bbb751aefc9436881c6b1db9f3d03fe61631bd650186921f |
| SHA512 | 68a8ea6ab37fd36b5dba75db140a943813a2d008362227f38dceb4287a67a0bf2d5c10aae5a341650e89df6dbf51a88731a0619625b5e56ce1035028fcbde319 |
C:\Windows\Temp\{315E96D6-881D-4229-95E2-90A0AB83B73D}\Finalizer
| MD5 | ebc484479269d4ca95ee09517d7dedaf |
| SHA1 | 1a243d814aba2c5b0d36dbea7a9a454966279daa |
| SHA256 | 2062ad06f4ea7b79a3d89e0839f590c26cf59395116a378b68f414532fbee8eb |
| SHA512 | e1029f4dc13a41e44b517920e03c97e20c4af9874b5f135246469073a10f5c031b493c9c693898c462ab0c62638c2d60f29b89f7045356cf343e643b98948a7f |
C:\Windows\Temp\{315E96D6-881D-4229-95E2-90A0AB83B73D}\dotnet_runtime_6.0.35_win_x64.msi
| MD5 | d9f7ae6a57af83b652711426c4834045 |
| SHA1 | 98d255aecdbfd1bae9ff533d4c7e5dbe5d0e1833 |
| SHA256 | af1319821632f2ceb79c61b4ca6eb53a6341fba295c02716418216857af7f4e0 |
| SHA512 | 5c7db8c0617125deb27de37b056feeaeaf18585a12ad347a6e6c132ae438e1eb0f27180bc700bd8322e5d5a30e7cefa62b123e7b0b9cd85e1b8605c0b195be03 |
C:\Windows\Temp\{315E96D6-881D-4229-95E2-90A0AB83B73D}\dotnet_host_6.0.35_win_x64.msi
| MD5 | c06d2181660306ae33b8d5e37dd4e98d |
| SHA1 | 2b7f6a21bdb9e2414c3b13aa357c395512a86499 |
| SHA256 | d09c105d0c6e5d89d4e53499288135ff53aaac76ee1e11470ec1ae49cc4a485e |
| SHA512 | 96205082a1c94370d7d4da90c319a0d0e3af8fb53b2a33097c86a0d8ec14963745a940e38fb31b68394847aa80467e41ca1b5f83685f25b779521676dba1ea4c |
C:\Windows\Temp\{315E96D6-881D-4229-95E2-90A0AB83B73D}\dotnet_hostfxr_6.0.35_win_x64.msi
| MD5 | d8beafdedbd946a6a8fc665af000ed79 |
| SHA1 | 2bfe61eadb6172cb71cea0155a7304630b28b13e |
| SHA256 | 671e5ef4766cac4aa479e7445f52892d1807f63269bda8159a584c540fb56706 |
| SHA512 | 2774d5a5158bce463819dbc2ddc065da502a1c6c75a800a815beeb028c95000263f42b6e6012fc979a3a5ac51b9027b231685739f7a0d7043178762b1602a9b0 |
C:\Windows\Temp\{315E96D6-881D-4229-95E2-90A0AB83B73D}\dotnet_apphost_pack_6.0.35_win_x64.msi
| MD5 | a5bb43b5847175191b799330f7409455 |
| SHA1 | 07926697ee081e8fe999bff4ae27928aa2717e00 |
| SHA256 | adb41ce17141717018bbed70319987401d24e796ef0d129b4a2b77d017d39652 |
| SHA512 | f097d4b057b239d50339ac1806cb34dfb4aa82ed4ebd1827160953b184ec759310c17996f4c1a28d0103788c75b8807e37647d1f6c44e4cd107f90b206556af7 |
C:\Windows\Temp\{315E96D6-881D-4229-95E2-90A0AB83B73D}\dotnet_targeting_pack_6.0.35_win_x64.msi
| MD5 | ccbedc2d3d00e5ec38651e34c53e602a |
| SHA1 | 028a79260fcbeea167d6cd5ad13f48d368345c25 |
| SHA256 | a2bf0021c210422922728cee8d81eaccb8234f7945e8eb1e7c493e6700f6b4af |
| SHA512 | 0e5148a927e819bfcfb825e225b1efd47ede21c58f9deb23f863fa4a873d792743741b940b1535d6f0948a88c7cb23f3ecce96db1a8f0f1b206c4781176156bd |
C:\Users\Admin\AppData\Local\Temp\Microsoft_.NET_SDK_6.0.427_(x64)_20241109212440_000_dotnet_runtime_6.0.35_win_x64.msi.log
| MD5 | 2db00939337798165c27adc56e3f90b4 |
| SHA1 | 0a2b2492e2313d594966277385cab1ad13952d5c |
| SHA256 | 948d31eca02022b057d319b24c5423f0e892146a5bb0d411960ba7b4c3b8b9a0 |
| SHA512 | 56bdd91a79ebb5bed9d7daab6d83d42de24c90ae64f864090dc6a3e385114e01d6ab0f3e641798c4ec5572fd77652a04ea89e0fa1390462d29634ff493aafcc9 |
C:\Windows\Temp\{315E96D6-881D-4229-95E2-90A0AB83B73D}\dotnet_apphost_pack_6.0.35_win_x64_x86.msi
| MD5 | 8fa6156de45cbff763495a2b6b653cf7 |
| SHA1 | e76ac6b89a29af407dabf713a470b96d71a52d29 |
| SHA256 | 8345587c7c8bb023adb3709d62c144a6b81af3f15c356106f63edb133defe2a8 |
| SHA512 | b70edaa8a05f1cbf38d883c03b42d07c516d97690c1148e6aaa565c5bad405f0c3f562591d884cccec604ac931a764affee770e775bde9f5bed4aa17a5dd90f3 |
C:\Windows\Temp\{315E96D6-881D-4229-95E2-90A0AB83B73D}\dotnet_apphost_pack_6.0.35_win_x64_arm.msi
| MD5 | 9ec3b20d916b1823a30037d30ca022b7 |
| SHA1 | 6dc33f38b09004c68d833a58b6c8b48abdbd8cad |
| SHA256 | 60b4acd282314d0beea600ef269c82fdf4593c2d13e45721f2eef2ca68e6db5b |
| SHA512 | 6aee5e9bd9a8dbcf1c07e721c10c8be273e0211ba2b524623ba0b90ad987e616ac3c7c3738d3174abee0f2b25eb7fe68c84ad97a64e067fb6762e51c55b08cd0 |
C:\Windows\Temp\{315E96D6-881D-4229-95E2-90A0AB83B73D}\windowsdesktop_runtime_6.0.35_win_x64.msi
| MD5 | f81216716e35767b90250113a8a2895e |
| SHA1 | ddd4406a5ece9ece971499b4d8455abf8121751a |
| SHA256 | 617d1e7c0f26454fdd7ca8ed9c8d8e0d427814eb8798e7c5d6b9edb516955f6e |
| SHA512 | dc5c3aae3979d038ea927f6f09c29c53ddcbd4a595455039380a647fd84a69b6f23baf2190de88361ccee59840980ef52b526f8d2406a532de7771ec891a8f85 |
C:\Windows\Temp\{315E96D6-881D-4229-95E2-90A0AB83B73D}\dotnet_60templates_6.0.427_servicing.24469.2_win_x64.msi
| MD5 | 4e50a6e50b83ae51b03f463ed165e838 |
| SHA1 | 2b58b0c2689d0ba5eb626b9436ee403ebf51440a |
| SHA256 | e71f2f46d882bedc64a5f5eaac80c4ede72310d6dcc065f64c26c9781d606e97 |
| SHA512 | d0ed817e3e8c27eca9cd170def5c69902ea9379c9c72b8694a247727113d81c736241fbc40e8e9fbcf4af6a4b5d78be70fff872971639da042ece31796ea25f0 |
C:\Windows\Temp\{315E96D6-881D-4229-95E2-90A0AB83B73D}\Microsoft.NET.Workload.Emscripten.Manifest_6.0.300.6.0.35_x64.msi
| MD5 | d916bdf52e1f05943fa26ecfc5975363 |
| SHA1 | d50cb269c1490d645ca524b6b4935d8c41899914 |
| SHA256 | 861d8b6983e31d1e93d7a6c03c99a110e622b67e7faafcbd263c8a4ff3c00099 |
| SHA512 | 659e0f25eaeaf65b92303396e228201e9abc650ee83911130bf4e59eab94820b52ff1c03c8bd1164691c099531dc45ba74bab0fe0e4d4c57f952ebd30d239125 |
C:\Windows\Temp\{315E96D6-881D-4229-95E2-90A0AB83B73D}\Microsoft.NET.Workload.Mono.ToolChain.Manifest_6.0.300.6.0.5_x64.msi
| MD5 | 26565af76015155320a45f6fd3236069 |
| SHA1 | f207560ee9f31c1ef47ea1d568c6bd9bba8e85d4 |
| SHA256 | 021a9a3e846c9085d5c1fc1c9fe13221ac5c25638e72706a3910ca2be618eca1 |
| SHA512 | 48fe7f9b04350491c2e74cd9dc6dc40105aca34e0703f9d0cecaecb2ceafc514f00152b0fc23344aeeae01283d8b11c6b4f52a867691cac3163e1e4da7bef660 |
C:\Windows\Temp\{315E96D6-881D-4229-95E2-90A0AB83B73D}\Microsoft.NET.Sdk.tvOS.Manifest_6.0.300.15.4.303_x64.msi
| MD5 | f7a79532430e8158b65caf0c49588766 |
| SHA1 | 01a3bde4142b08be95f946603fa37791d611e5ec |
| SHA256 | f26c97754b5bda7cc4e4e9f27e3812586715925fb3d225db89e32c7abba6a922 |
| SHA512 | 31e62ddf6e2b4889880731136a319e5e03dc65e7752aa1506212633c3d5766055c105150cb8ba5f4df0b54d427db5b0dc57f95b95d93941be3419a7252ff813d |
C:\Windows\Temp\{315E96D6-881D-4229-95E2-90A0AB83B73D}\Microsoft.NET.Sdk.Maui.Manifest_6.0.300.6.0.312_x64.msi
| MD5 | f8aa09caa3258f8e0d7ca1d346fde082 |
| SHA1 | 2426161615e09bfcb21b04b03c710b8e25157e6f |
| SHA256 | ac5fee5e7e88b9334e2e30c4fe93b8fe4f827147d66abe2c997c46cdeb5abfe7 |
| SHA512 | 6cd26d52cd3ce3c2cff57bda34d8d9637e5bbcf6ee675888a82735de5ff5ac61ad877daac22de2911b7574b0dd392335b588e0acc5032480b0788d6de8cacd18 |
C:\Windows\Temp\{315E96D6-881D-4229-95E2-90A0AB83B73D}\Microsoft.NET.Sdk.macOS.Manifest_6.0.300.12.3.303_x64.msi
| MD5 | 776c57be624cf319ddec73537662ccd5 |
| SHA1 | 767fcdee22887a5289ebed43d2786c7f23778f05 |
| SHA256 | f1d939e8a4c013bdddf35b46c47f22610010fca15eecde27cedb870f02a625fa |
| SHA512 | 3e95d0f0132073d2a98977f9a512103b23622199a275f4f602f6718967595d73ac681e70772879ada3f41b981a127e4f59c4dd888d0f75dba5905bcdf644d03f |
C:\Windows\Temp\{315E96D6-881D-4229-95E2-90A0AB83B73D}\Microsoft.NET.Sdk.MacCatalyst.Manifest_6.0.300.15.4.303_x64.msi
| MD5 | 094cf38baaaaf33b6747250294d58e90 |
| SHA1 | d9a186a218a1b434a4c45ce7306706bde52d1de7 |
| SHA256 | 1190b705350d98644c7f6248494b28220443ef4c02ee9ba013dcdabbe2a0ea86 |
| SHA512 | 8ccc81e44d28535b23942244028930a4bb926020ad06bf0cbb259c062896dedd34f7210d22e0bcde5591990bbc0a61309750d7af548f4ed27a0821c9434aa990 |
C:\Windows\Temp\{315E96D6-881D-4229-95E2-90A0AB83B73D}\Microsoft.NET.Sdk.iOS.Manifest_6.0.300.15.4.303_x64.msi
| MD5 | a73e4f4b41dd452fe44b5fb198daf3a5 |
| SHA1 | 6c62877a38ce016bfc45e2a6e2d61af7f48d074f |
| SHA256 | b2a68b443ecfce157ac64a4780fba6b6b2cc3b8f351429c5e741a39a3699de73 |
| SHA512 | c994c87885f8816ef8b182fe6d9208ac8ea8cbe18adecc7ee95fc74f640f0f74b1227422a8badd98ca4634a7bcbcfd5386a152c9d2ee146816fad20580b22992 |
C:\Windows\Temp\{315E96D6-881D-4229-95E2-90A0AB83B73D}\Microsoft.NET.Sdk.Android.Manifest_6.0.300.32.0.301_x64.msi
| MD5 | f9d9f76c5b7a2ddbb42f20d8d88bbed7 |
| SHA1 | b6cad644516b541f3bcb910a527ab14e79d584f2 |
| SHA256 | 382434d14e2430330ae3fbaaae89cd57bb3f96e963f4f5591b4c685b4042ebb6 |
| SHA512 | 5727716f34abbdfc308de3ce5c9d80d63c3b42018ab896eb26c138ad7893a0a42e27efdd1326fe57c6fc97be8768640e7e614a5ae506f941d4cf6362a78d0d68 |
C:\Windows\Temp\{315E96D6-881D-4229-95E2-90A0AB83B73D}\aspnetcore_targeting_pack_6.0.35_servicing.24462.14_win_x64.msi
| MD5 | 46f720b7a97938ef8309489c4c82f89e |
| SHA1 | da9ae75c98a6952fa4fc58b6f2b7c924bb29f58d |
| SHA256 | 7abea5591f3d0f80f95cc3132d9262c7b0e2bd4d8293ec1317aab79d99fb9046 |
| SHA512 | f82f2c7adec7e38436e3770d52f6172e9d633ee2af18339f493140085d4e0cfe40cd20ddd02e9775d5ff056837081b690320742cf3e438df1db4091278207e82 |
C:\Windows\Temp\{315E96D6-881D-4229-95E2-90A0AB83B73D}\netstandard_targeting_pack_2.1.0_win_x64.msi
| MD5 | a150f1729e20563b6f429ecc571874ee |
| SHA1 | a9289ff03d746f6b9932f83eac4d99e333c9855c |
| SHA256 | f33347617bfdfea2c8750e0b259f4c01105e319946dff418a7641628846d83dd |
| SHA512 | 90c8885193130d6d0b1c184bfd38137f487a2499373633c4afa069cc5c7697dc7c069ef84f71eb18e814fe8e3493e7f15732d5217715742912e2fde59b93ff67 |
C:\Windows\Temp\{315E96D6-881D-4229-95E2-90A0AB83B73D}\dotnet_apphost_pack_6.0.35_win_x64_arm64.msi
| MD5 | 253ff78ac045489ac61b8e5d67162dec |
| SHA1 | 97e2240228c37c1acae1bf6e4a0439a32e7288e2 |
| SHA256 | d0faa2283ac20b0312a34861c048578b9df3a23c1624a0be473f97e711e741b8 |
| SHA512 | 1a8686baa066de5e2581b20ef56204f59b0c7998c5e90b3a56bdd674c4656fc433deda026fb513c06beb821efdfe6cad043d7525e8ee7c4828853099ad9d0de8 |
C:\Windows\Temp\{315E96D6-881D-4229-95E2-90A0AB83B73D}\AspNetCoreSharedFramework_x64
| MD5 | 6198cf649ab0117c21de84c0e321ff58 |
| SHA1 | 663b78d6ab354743f4fd9ae1abcdd3cffc075535 |
| SHA256 | adf526635ac283be216bb2bc41083e8816856f0fc67ce374101571bccdab49ce |
| SHA512 | 968dd42728c83dcc75da88b817bfa4d9c658c52ea0e0b09330af2f6f5f03e3861fde2b61f0914d3142ac35b0234c3fdaf2f5146bf4fe52f87f22ad681492e45c |
C:\Windows\Installer\MSID236.tmp
| MD5 | 60e8c139e673b9eb49dc83718278bc88 |
| SHA1 | 00a3a9cd6d3a9f52628ea09c2e645fe56ee7cd56 |
| SHA256 | b181b6b4d69a53143a97a306919ba1adbc0b036a48b6d1d41ae7a01e8ef286cb |
| SHA512 | ac7cb86dbf3b86f00da7b8a246a6c7ef65a6f1c8705ea07f9b90e494b6239fb9626b55ee872a9b7f16575a60c82e767af228b8f018d4d7b9f783efaccca2b103 |
C:\Config.Msi\e5acfe7.rbs
| MD5 | 8b3c02bb054fde0428a85438fa040f53 |
| SHA1 | d3fe97292055b34741a77913062c8b5e309cd087 |
| SHA256 | 1140c87fe47b6bf58b971193cb6591527a80391c8e86af918c38c8bd4ce0c4d4 |
| SHA512 | 3c8b791d96e08bfe4d44aadf5bb30d5e3a298389eb81131e56bf3168a083393faeaa52de28ba1deced8f69dc3f3edfdd2ad695ca8c13e6e54ab9011f571b9873 |
C:\Users\Admin\AppData\Local\Temp\Microsoft_.NET_SDK_6.0.427_(x64)_20241109212440_001_dotnet_hostfxr_6.0.35_win_x64.msi.log
| MD5 | 822c4f602f5d8343475bb226915e738f |
| SHA1 | ca0c3899ee3048737032557c8564cb8d59df7126 |
| SHA256 | e3022b93b58e4c48b2ee9214b0e6fe28413f9a78416ac209e4798e060e284dac |
| SHA512 | c216455cea8555b876a49e27c659ba066045a8515043d1c6a8be01dea94cab90dba9f3cefaf25417aae8c0d01288c1bc5a63478fe53f6f27ee59c55907a407b5 |
C:\Config.Msi\e5acfec.rbs
| MD5 | 6913dd0eb3081b6971e392c6322fb49b |
| SHA1 | d79e2872a217b8eb7c4888efd5d1b902f67bfb17 |
| SHA256 | 0fbc964d1e6546a5103481e95467d907ac7a64139d5ce59c87ac3e4b44c38f52 |
| SHA512 | 28b7d978d7cd13430c2df0be53a10a6d0deb08b27e5d940e5750cda5bd04f81ac4eedf9e39d18266926983d4ef0d348a3cd3c76bcde229e2f9df3cb1597d3e54 |
C:\Program Files\dotnet\ThirdPartyNotices.txt
| MD5 | f77a4aecfaf4640d801eb6dcdfddc478 |
| SHA1 | 7424710f255f6205ef559e4d7e281a3b701183bb |
| SHA256 | d5db0ed54363e40717ae09e746dec99ad5b09223cc1273bb870703176dd226b7 |
| SHA512 | 1b729dfa561899980ba8b15128ea39bc1e609fe07b30b283001fd9cf9da62885d78c18082d0085edd81f09203f878549b48f7f888a8486a2a526b134c849fd6b |
C:\Config.Msi\e5acff8.rbf
| MD5 | 21438ef4b9ad4fc266b6129a2f60de29 |
| SHA1 | 5eb8e2242eeb4f5432beeec8b873f1ab0a6b71fd |
| SHA256 | 13bf7b3039c63bf5a50491fa3cfd8eb4e699d1ba1436315aef9cbe5711530354 |
| SHA512 | 37436ced85e5cd638973e716d6713257d692f9dd2e1975d5511ae3856a7b3b9f0d9e497315a058b516ab31d652ea9950938c77c1ad435ea8d4b49d73427d1237 |
C:\Config.Msi\e5acff1.rbs
| MD5 | b9e05ad50c339d4d7f0f86810d83746f |
| SHA1 | 36cf98c0aa329b8dec226227f45975e2728d5ea3 |
| SHA256 | ee7e26ff9af73b947b5b8bc4f16aea1ea5439a67170080ed19f6603e62d01c1f |
| SHA512 | 52e11da6c41a794802e22a8c74fdd7eb77f452c9004a3f23e25f0cf71badde2bfd6762fbb31fbc1015ed3a949b864e7969e61a47347aaa626371c06f6c85d8ca |
C:\Config.Msi\e5acff6.rbs
| MD5 | 805a178f6d539f979fffeac8dd98357a |
| SHA1 | 773fed3da6673bf97dfb23fd832178ec9044b396 |
| SHA256 | 629df2d3b7f7babbeb7e417a0ee0cd164b5fbeb4c446c6f78557d518ad4af380 |
| SHA512 | dc50b2a678445e2a1cedf8d2897e6e63b84f5b38ea60da236982c9d978d8b47717641e16c1d980b1af5e03f022c2de43cc453302b372642fd31f965be712fcb2 |
C:\Config.Msi\e5acffc.rbs
| MD5 | 8f4dd1073b7431796e6d1c1ef6abdcc1 |
| SHA1 | 163bfaf1c02d2e7dc40536039544426a761d6618 |
| SHA256 | f3a3a0834ed0a011dd6e178aa391300c28e5841d5ab5c5aae259f112372ae404 |
| SHA512 | 3669b40d754828ab69770ec07093f07b762fa6849f77cae533853b43092ea2e2f2e47319741d4299535a57ec4b18511d4ab0bd1f06c5056f265b3bd8d58f1fd8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | dc8f35109dc28499e82655216077e39b |
| SHA1 | 5bb81a73190632ede4b2ba885e9552f71b10440e |
| SHA256 | 13a533a8bb3ad003cb079115a86404b9bbde82724253b7f9626a68d453d3bd76 |
| SHA512 | 290829fbe9194779395bfa2ae192084a52f6ac1714737d03e2f4787533bc4b97996b1f7ca879f53b44bf0950d9f27e5aefd95a2b30788165a640dbe630607f8a |
C:\Config.Msi\e5ad001.rbs
| MD5 | 0973cc8f3f4a99119d48e290ec98f64f |
| SHA1 | 21e70c8a157540355da86655abb396f81893016e |
| SHA256 | 256906cd39864c644d9103891b2b59c9bc34e4a551553495b0711972be08daa5 |
| SHA512 | ac0e3922fdc60de797cffc8faf04cba8b26e9877e2f2100238f120e034b4dded76fa4c93c0fab489562df94f1452b9cb4175fe1932190f5ddd9be783ebec5dbb |
C:\Config.Msi\e5ad006.rbs
| MD5 | 3af5d859618161c87e7f783641fb5869 |
| SHA1 | 62be0e55c04c0aab4519fa5732eac594189ed0bb |
| SHA256 | 2c98ce4d45d7f0a6c9350112e129a2b1a33efa1b471dad1d3ccdd42651771914 |
| SHA512 | e9c0c56a2b9d984941b5f8d1d95435d19b5e26d9be68cb7a3b84cfa5883b5f0b3e78a45d97d4b928a082508cba6177c7c237d45730f2d27a91869bd62914d72b |
C:\Config.Msi\e5ad00b.rbs
| MD5 | 050e97e90cd2500461c9a75beaed9387 |
| SHA1 | eb031aa9b93aa8922e2bcfd5673e62301352d56a |
| SHA256 | 0d07bc0ff0a8821bcd9b1834b125de3dff6225768099296722aba7c9ece30935 |
| SHA512 | c82a7bc589b8dbcb5321774a0acebd4584cc4aa0a5039b51767e7a75178303ae08f91487ceac7f72fe7da5d5304bcc45edbf7c3518bd6874f79b208d9b4c5c81 |
C:\Config.Msi\e5ad010.rbs
| MD5 | bc31e0d0583467e60aee1bb6be9457b6 |
| SHA1 | 3780837fbafc6941d5c903324849ca71d2db4b16 |
| SHA256 | ad81e2f2d06190b7d95fa9c95da4dadded308aef9bcf3927262d0b1c6cfe936f |
| SHA512 | 4b62b134497aaa50830fecf1effd5dfb2f2f3ccf26bfdd1a2c23ed53c040d395ddfae479264e8bead9abd8763d584bd704e32754ed39b3fdb187d8545fa1b3cb |
C:\Config.Msi\e5ad015.rbs
| MD5 | 3ca71fc7d04b65598b559b6d7ace8be9 |
| SHA1 | 2b489105945b887140474ffee3e92fe038f1e05e |
| SHA256 | fb9cd12738e91770d4d7d7f09e920d0064b278823cd21719c89a45677758bf66 |
| SHA512 | 6946658ccfca24ecc935e84f25551d7a705c91950bbe4fd6db9ef67a54355bfd66fa8feef501bcaa4aaff64bb893e141e770009643437861af32328fdad94849 |
C:\Config.Msi\e5ad01a.rbs
| MD5 | a365fd2e79c84e156ea1bf6f3ed3c6c8 |
| SHA1 | 0cf03a19dd5c7e98a6442211b7d5532a57d3c086 |
| SHA256 | d210be41fa4ea3bff8bb293004646bd56704e082df2e826a591f139a66777dd9 |
| SHA512 | 29e78f59722c6b7e21111442eaaaa7f74f0f5928b091ee3cd9c4622fcfc2d1b22491c4fe5b3d0a7f2ba3fccb88643a7a4b29cfcf4d7a07ae21145e129a2a5d5b |
C:\Config.Msi\e5ad01f.rbs
| MD5 | c4e52639ee0c37cfa5cb20bd84ec9c04 |
| SHA1 | bf4aa7cbf140e1ba47de8abb7a3da7c4455ed4c3 |
| SHA256 | c0e8a522723b8c660a238f2f7c5700c011d784fc4e52822af1323968e0d23421 |
| SHA512 | d7c3b7591a2841e5482284437eeafb38ca5f9a80a8cc147f5fd28a0e968c15fe9554f2675eb29352a3e754ddb1c8a4f173e31dbba4ac4f0ff4c85e54df743eff |
C:\Config.Msi\e5ad024.rbs
| MD5 | bc7026e9d63683b31c3490a59ce861f5 |
| SHA1 | dd22868dc342a3fd28f6da59829014c5617bbf36 |
| SHA256 | 4fe576adfe33e9550b900ed765f4855479c55659eb3647ca0932ea6ef3eb7d10 |
| SHA512 | a1fce896308bbcd5493215175493eb1649843e0dbbfbfdf6b5ab0cf62d76f7b1040fec530a230832030afe684b23d3fb0d0e25516a4b5bc07b4caf3f79c6ec4f |
C:\Config.Msi\e5ad029.rbs
| MD5 | 19f34845d7d84b17a57142d5fef29744 |
| SHA1 | 4e84156a2372a8bcfae813eb07d903665d8fb665 |
| SHA256 | 130b7068adb89a241cbf6dcc0e247b088acccc00b19e192f3563a2c99f1dcccc |
| SHA512 | d081ac7cb3713c6cf636d46c20b6e11983f82420098065018bf3b90e81d7d022fae265de23aee03a1ac7d91d58736159a8ea18d05d874f20ea14166f20bb4917 |
C:\Windows\Installer\MSI1939.tmp
| MD5 | d711da8a6487aea301e05003f327879f |
| SHA1 | 548d3779ed3ab7309328f174bfb18d7768d27747 |
| SHA256 | 3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283 |
| SHA512 | c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 572a2b08954e543456907a1181388d65 |
| SHA1 | 348a8c5835431f2b4d565665f92f0eacecf268ee |
| SHA256 | 05a0d36849c038d66dad1ab1995859b0dc0934bf37aae473b6c3fe08a3550c2f |
| SHA512 | f1d5b7517ca6543d45d48b3aacbbe82ca2e75b1f140300f63842bf24c282ca7f55c1bc710300ed549f196ae1fdeb69c42127adb379b8e02676158eaa8edf4ef2 |
C:\Config.Msi\e5ad02e.rbs
| MD5 | ab5e19460ff6ce1a3871993bd0ccfd85 |
| SHA1 | b797944214c2e2c2f84eff7871454f5d6e77d8ff |
| SHA256 | 0e9657a38f11f8d7a1669e17b4c7639424de9da92275d3f07bc9e185f093df7c |
| SHA512 | e4420d7b6e8ed80be0c9c86f2ea8d31d19fec928fbbcbfa44f52104b4374ced58347b40b58e8fd8e534b239f0d273f1b61cd70f95deed38188c52f9a683cf1e6 |
C:\Config.Msi\e5ad033.rbs
| MD5 | 6ffea9e89f7347b628b04e52ae7a532e |
| SHA1 | 6edbd2bdd312c44fc6ec0904792114b7403b62e0 |
| SHA256 | 9c5fdbbd1dbd53d342ed71fd6eaa3098a67889b4d05638a3d65a16ea3cedda31 |
| SHA512 | 7b5411d717b094f307083d794cdb1daf14abb0c37ff107c6fb220b0e5c8c7e9fdc3c66c6b59e94baaab6fbf44ba4f58b44d8370048138b577baecab4461c7b53 |
C:\Config.Msi\e5ad038.rbs
| MD5 | e7c66f1e40b236a50009eb946624cd41 |
| SHA1 | d05e651481ccbbb9d2924031ebe8b5dc7c9f936e |
| SHA256 | 1ebbde69ded880e18ef50f959186a4f402b4e562105e8a5953bab908704e660d |
| SHA512 | e4a22a8600d355aa220041b45b472f0046e06cceedeec5a29bd94db25dc13ff77225b60bede876cafa12f2c4492779eac46b13d35b8f93be3d1653373354eb92 |
C:\Config.Msi\e5ad03d.rbs
| MD5 | 19d4fa5aebbe9f079839804932c3ad8f |
| SHA1 | 4fbee3cd951b13d1d4d3d3b6b6c14c98849e0c46 |
| SHA256 | ec7f2156c063f3b90f79e97d76b5c15b8cd33b342a32b4094ce1d2ff0228adee |
| SHA512 | 7d02b5576d28b013774e315b2ee0fa55cfa0e1df302762482f6218950ae0ba790f16bec1173032962baada8ac910b6f434707e6e351cf9cfd99036a515a229a8 |
C:\Config.Msi\e5ad042.rbs
| MD5 | 1a2901d0cee5d5ac68a1a4c1359e228a |
| SHA1 | 62c1291beda5fbe2fcd25c5f8aa6dba3a50e2693 |
| SHA256 | affeefbaa3f1ab8bc7c4f1f650740cfb3b66f9788040e38c40635c6711c124c6 |
| SHA512 | 636dc685056aeeb5d6664897ccf2a3dfda9559f65a433b9197d021fb089ee4c05b3a031fcabae165243da6262d40ab4c417475eb2c31d47be95ab729462ff794 |
C:\Config.Msi\e5ad047.rbs
| MD5 | 552f25b86d1c6baff69a45bbd3dd367b |
| SHA1 | bf6930f0ccfa8d7478c625df845278baa013dedb |
| SHA256 | 4b8b091185215cc6ac51c2686a5c582a84972ffe2d885940d4f32a8a60c150cb |
| SHA512 | 50a15e9bcff4353552c83d273ff39d58b665bd06fee5e40d5427e19779d41cab09c5ab5832b6f2f93d55e2e35b64330a85f8253a23b7e945805e40a8f40b2d8a |
C:\Config.Msi\e5ad04c.rbs
| MD5 | 24e6a83dd509d1e1ceaffa91f3cbe101 |
| SHA1 | 46f24bbe9b141a933bc056a796fa832ebf001eb3 |
| SHA256 | e7e02baba0b5cf3e1e5018269646393b698eff44827ed2ee1869a3b09df7a9a1 |
| SHA512 | 887fb75dc03e4d50822d431b02fe92d4f127286c143a3026c6b9e6a92d3d610248370c15398510a01cfe123047f0630d6d968ac67010effb6206872798341832 |
C:\Config.Msi\e5ad051.rbs
| MD5 | 9971fa64833573a91b03a3151260b0b3 |
| SHA1 | 6a2a5c1667615ffcf84f7d7e05dc7fd86872e0d2 |
| SHA256 | 6a3d83cca26e41b80ae297c5e5911e3d6700cf5678e5d40fc473a8b9fe593aad |
| SHA512 | cb7978a7497f996e2267dcc93c365d565ecc8cadbe86a8fdd6bc3503e54b095aa7ed1069e75684830f0dcd3936b26c88a11937d6f6f26b38bb50a23a15697c55 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 02deceeb4415fec7acf0831b17b6de79 |
| SHA1 | e34f7d48a78e428a357ec13d0736762fec3c4412 |
| SHA256 | e5a1356324354d894ba33d885abb13dc6292444fea583497594cb999b2145fc1 |
| SHA512 | 700e23b3055e597408ebeb8796cb469b3fd3dafe5e63e6a79e7f8c32abfd0a9401ecea265a5952197c4847342aea5f29f8fef15c6ac2683b039dec076da4b52b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f1ed52fbf81ab05003fc66d0dee2ce56 |
| SHA1 | 59077c3ee3b20fea101afcb78c4ee3c5211eb790 |
| SHA256 | 795e156191809cec73bd0e6eb1026162a08f25dfb1ff42d80bf47cc55bdf1af4 |
| SHA512 | 021f0de84942785ad723acb9f5838892e3044e34f6ea07f379aa374a5f7bc11c816c0b006540c87c95b09e891633dd6b1144e305607bb629b44ac87a537130ba |
C:\Program Files\dotnet\sdk\6.0.427\TestHost\testhost.net452.exe.config
| MD5 | b0d3eb198fba676352e90e9ff7f48ae9 |
| SHA1 | f2065f68a58152ed774726d14a60004e86026416 |
| SHA256 | 1e2ec47aa9fe319ad598a2e6306f25f75b9fbb6edeee86a912d7ef5368c55478 |
| SHA512 | e061022562747f25cc9d60a1f98e3296e98e3930ebc403cafc4c1a743f59bee2c3858daafb9bcda420392c271310a345d204fb2059e846ae163f994b2898ee10 |
C:\Program Files\dotnet\sdk\6.0.427\NuGet.CommandLine.XPlat.runtimeconfig.json
| MD5 | a8edcc4a01d77b29f655e77e53a2630c |
| SHA1 | 0dc12229ecde9cb17bc9758985c669b3467895ae |
| SHA256 | 9f7286b0762691c4589e188731b86352b3b6ebb9198597005b56b2e9c09a47a8 |
| SHA512 | b0f23dcd74dde456337ba304337a6842bd4fa5a7a557fdcb553f70d384b040220c263edf40619f031a0f33a9709ea1d393ed96a2dd70643405d035799ca78b9e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1c760bff218f315f3c07a0d36a7ba675 |
| SHA1 | ca135e8b9dd43ed943bbb927b76eccf6e6ab1170 |
| SHA256 | 34fe8bca766ae57e30517fd0b1d3d3460a0a44cfb05adecea2bf8de0c34b27c3 |
| SHA512 | 79173c99b86502e01650cd058a6da88d2025f6a8e77e8244c3cbd346b68e627c46ef44ef6a1664c72ad3d000da2da5e5ac57146f1e4207e29e9742244600b695 |
C:\Program Files\dotnet\sdk\6.0.427\Sdks\Microsoft.NET.ILLink.Tasks\tools\net472\System.Numerics.Vectors.dll
| MD5 | aaa2cbf14e06e9d3586d8a4ed455db33 |
| SHA1 | 3d216458740ad5cb05bc5f7c3491cde44a1e5df0 |
| SHA256 | 1d3ef8698281e7cf7371d1554afef5872b39f96c26da772210a33da041ba1183 |
| SHA512 | 0b14a039ca67982794a2bb69974ef04a7fbee3686d7364f8f4db70ea6259d29640cbb83d5b544d92fa1d3676c7619cd580ff45671a2bb4753ed8b383597c6da8 |
C:\Program Files\dotnet\sdk\6.0.427\Sdks\Microsoft.NET.Sdk.Publish\tools\net472\System.Runtime.CompilerServices.Unsafe.dll
| MD5 | c610e828b54001574d86dd2ed730e392 |
| SHA1 | 180a7baafbc820a838bbaca434032d9d33cceebe |
| SHA256 | 37768488e8ef45729bc7d9a2677633c6450042975bb96516e186da6cb9cd0dcf |
| SHA512 | 441610d2b9f841d25494d7c82222d07e1d443b0da07f0cf735c25ec82f6cce99a3f3236872aec38cc4df779e615d22469666066ccefed7fe75982eefada46396 |
C:\Config.Msi\e5ad056.rbs
| MD5 | f27f99eaaf055ba5b393a3208f85a597 |
| SHA1 | 686ce2465e50d2296c52fbf2b13ceeb59194e6cb |
| SHA256 | 48dbe0f19e81af79264ccd2870d1126661cdb5f6440245fc78469c6bb0da3e91 |
| SHA512 | 6771171c4fb7029e5d88797938db900aaaa1720f8e8d0e9cd2dc092d034daeaea6c27bdcf22f3ac3761abdeb267dc0c93d87c1353740c8ac8ea8aaec9d7ce65e |
C:\Config.Msi\e5ad05b.rbs
| MD5 | 60e19b39bb9290c6dccb9b14c390fc4d |
| SHA1 | 1a63dd6eb5a3260ac67a5b60e4e765d76686e690 |
| SHA256 | 5f90612d13b9da1b1a6bd258112a334137820d3eb685478ce5ecfeb38a8352d2 |
| SHA512 | 618f83b8ffa5091899d600302808231107f9afb01cf8b222a0098d3eaeb53792aa8aa25592a9b3b3de67d7514a7a3d6255bb42c40ec9fe447c85a3ab983b8a90 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 20ef937df0fd5e7177b6b9a2a0f47c51 |
| SHA1 | 845bf77553c6c6250ad68937fd68736c850cd7b2 |
| SHA256 | a533acf2f4ebd9fc91c2190c1e04cf0c0a1724439e7c288d40accd696cd84f4b |
| SHA512 | 9f520eb056ccd65865e0f9e36f840b50f0dc449ec4a3b9cee0cc0b0f404f0034123e52d444167a3cc615bcf36fd375d1364208e46da66e01c24d90bad32230cf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 666fa93472e4a7c51728f83fce5ec318 |
| SHA1 | 44b6558852e6f3d6bd9be3ff4bc3f3e06860331e |
| SHA256 | 1bb1fb2fcc757830d4208c45c2ed39a81db6fff959fce774fccb1f74e2b9ea05 |
| SHA512 | 671c8b29e01c456e9facb75e17eeddde70e9b40f2533b86b71578d31e54ca027f56313a4154e7259f9d77ce9f67fdfbba0570596c7a27c6b5bb065380276d529 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ff7a6c6f31e902d7930bc87c0f479afd |
| SHA1 | ccd59961610759486c952356f925d3aafb00955d |
| SHA256 | 55650e25140f5dde083789b4aaecce6c9456eae3f8bf8c2ce9862921b844f313 |
| SHA512 | 134e99fa8debb1db64a40d4f5d9d1f7b768c45b32a67a915af58263106baf0d5624493c2dd7c3867a2e5f341112d9ed6fdedb9daada8f845b6a1a894508a367c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000045
| MD5 | 9463dbcd56592028debc45a2fb3a1710 |
| SHA1 | 63861e2ad09cc0bf3b053be9fbbdaeb1b0630168 |
| SHA256 | 0c09deb9ab5273ed9f069cea7da31c2a2aa4ae1a2cbfd4e98567c9b2ffd63a1d |
| SHA512 | d21240d494c1630c4cbab8e668caa19c7d010bf2ff134e71cf39c42958305a63f54df27ca3ab4a26a02da68ecebf19acc5e7a99f4f05d9503d97c93c548135cf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 36fb7370f8cf9329a166c81776e32177 |
| SHA1 | 9833ab8a5acb02ec29d0e70f00233cb0e153ffef |
| SHA256 | ec36bec2a5a30594f9e9a7f1b3e6dd20726d3c22a0a44968c7fe9118c03b45bb |
| SHA512 | 6d35e4a533504f1d9e79a759f23bb0fefcc74a607d3381debb8468a628577534ce47ecc150056c86b20e867c3a3286cbc336c0cec2738382d9f499418ac8fe9c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ce2454bf892e7f16a38bfc0c5a62ab89 |
| SHA1 | 158ea98346813b59fd8354877cee28a072130bc9 |
| SHA256 | 6f0f8df07d48dacdf0b017aebd0dc112195050939515c319bdcf71ff81cb6e2d |
| SHA512 | e5ad0d4e680e1c9ad857047c6969d7bacee150b0b0e5c23657db9ac8caa97efcb9156293074e1fe493d07144780eca5c10136bba7d80ac2d9f408cd48a0091e8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 575e321cdc7ca5a7dce804ade639adf8 |
| SHA1 | df4cc0b86c5fc86666f95d9a23f816cea757b599 |
| SHA256 | 2d4b0d6277092d4a1a0bc2e7fd3a878bb1cb52ff7b1faac1493453c3d039077f |
| SHA512 | 5e15042efa36c320c7e06e89581bbfd22296b2b2f1ce523bc8d7127ffc749579172fe9973b71573e724c89fe92ecbc940d2ddfd47b47fb7b647aba51aca9db53 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 46e6ad711a84b5dc7b30b75297d64875 |
| SHA1 | 8ca343bfab1e2c04e67b9b16b8e06ba463b4f485 |
| SHA256 | 77b51492a40a511e57e7a7ecf76715a2fd46533c0f0d0d5a758f0224e201c77f |
| SHA512 | 8472710b638b0aeee4678f41ed2dff72b39b929b2802716c0c9f96db24c63096b94c9969575e4698f16e412f82668b5c9b5cb747e8a2219429dbb476a31d297e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b06ce00a-5668-4f27-9724-009d9735213b.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | fdee96b970080ef7f5bfa5964075575e |
| SHA1 | 2c821998dc2674d291bfa83a4df46814f0c29ab4 |
| SHA256 | a241023f360b300e56b2b0e1205b651e1244b222e1f55245ca2d06d3162a62f0 |
| SHA512 | 20875c3002323f5a9b1b71917d6bd4e4c718c9ca325c90335bd475ddcb25eac94cb3f29795fa6476d6d6e757622b8b0577f008eec2c739c2eec71d2e8b372cff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1e3d76abd5ea72ec7698b03c3ea01e15 |
| SHA1 | eec56cbc457b8d77b21887459d841a5dd5d5eacf |
| SHA256 | 859cff79270f3399a49f1b6dec25935c1c3b1376340b9509c1b9f4e20991a402 |
| SHA512 | b50b25934a5a56704c387718700716ac51f03da118d91a75772aa139f759db99b22db05cf0a2aa55f06e8b06781c10034f3e3182499644d1efe59cafe896abb8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 123996f71190a915419b1fd1ea4de8f9 |
| SHA1 | f4d68a36f2275adae9e71ba4a66fca4a01ea56eb |
| SHA256 | fd57c4782e041566e425897bc28e864aafeb6c15a24c647ab69fca0db993519b |
| SHA512 | 88ca9bf636cd013f06a7350161248cda2dc95b24ef61a0e87caa744e22c075894c96e6c8003385d7c8b2e49d7352169182fa7c414a38021bff19d58129170b73 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f4df522de9c2e547d805430b549ad317 |
| SHA1 | 97b0f7b346294d9108ea1b14b38093f91b242c53 |
| SHA256 | 5418360b8004dcef57543d616a2162e9ee7ce81cf1b4851b8247100e6946b36f |
| SHA512 | bcc9a02cd14efe55847b7cd3fd80b51e9e57e4c00b0b74062dca7e2438653e3f2c18802bad3b26484990bb7b409a9387334a549998482d6eeb3cf8ebd2294519 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | faf560e2ec35703cf5ef89dacb96bb4c |
| SHA1 | 69569e7a793e413a4f9718e05a36217a5fcd9add |
| SHA256 | 0134920aff16cb2227cc1eba58ec9e1567faf8cb693bd2c7162255b922214b8d |
| SHA512 | df909fc329ca453965ec83dd516345f855176f0ca62063e76ac4772b7a63c33cf9db8ec8b3d9d6dc25c792c0584cafcc61f131aa71d54c457cc99f52bc86fe1d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5fa2e90b9b99161702559e8d9851865f |
| SHA1 | dd501e79b565fdd9f5680bb58d0f83624b68061d |
| SHA256 | 393effd41c772875680313bdc628fd9a710d1651392b6a52dc352698f2f10ed7 |
| SHA512 | d8ae9a7c963ee69fac0e6e03d2caeeacda9e27e629b948808b561ac01b8eba9685914585ad88738a1c6b4868db88111273e854542fef2ccbef61cd4685ddab5a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e41fcf0a0cd894ba42470726640c3e3f |
| SHA1 | 870d81b9fcce7d01dd142c0a356c55bce3c91a64 |
| SHA256 | 4560b00e1c5bd47c6e6143fc4b7a40f55964cbab93cc7023ff5f199574d294ee |
| SHA512 | a71d69fb7e3fe57dcea1562cf6fc9820b427bad9edd5e860a01d7a41684526d35c7ab4cacada567d4066b532e31b3dc5deec237604aa170e1e5744a13c701bb8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 9f141d8e3c70f1dfbab1045095880e01 |
| SHA1 | 74ec489f4b739471823fd124d4623516db4aa82f |
| SHA256 | 47de9fec9ccdf21385a4bc80de6d1dd541645d50dcbc402c77cbc85e3e732ec4 |
| SHA512 | 398225d88241e22b8ca49dac34d983c392bbcb4f72a597b16e3be337802dc4f163181c852c1dcdc1372d7a45f2456082dadd9da70dc1f3f6ba69d97d197a9a86 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 00de88f288a17663a922fd267f3e4a45 |
| SHA1 | 34cd50c50169cf48cd447bcd751f9635ac894196 |
| SHA256 | 5b2244028924c17e8f193d272d891b8007e1488226496c9321f27465ebee19ef |
| SHA512 | 8775804f9826ecdf8047a6c9e509573a853cc7ef149bb10d23907b0e276bf5c2bb14e388588966260de303a41c7f50a593767c4151fcfd8a795f010271941089 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9b939349-46b2-402a-b39d-2c1b2d0115b3.tmp
| MD5 | 304d47e7d847b9c46e6e521fd477fb7b |
| SHA1 | a0c6ac5e6afd76ec0cf82c333e6cd0e63da5c572 |
| SHA256 | 325c0ad67be5b5b4a74f3fd8aaab0f3028bc829c251551889b1b4ebd1948ae90 |
| SHA512 | e68500d083ea818be06664a2ff02b124ceadf5d839a91548e0567e30faf871488cf97f05c1285218734ccf82036529899c0a5a1780cd9f6911e1472bec10ee01 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 45fa36d5d03a1bc5cba948ae126f70db |
| SHA1 | 5729d7da312d60cc01729d0f30bc4e227b49032b |
| SHA256 | 708da47bae5e485dc80de546da7c372c4ee709c127f02eda62c304894f90babc |
| SHA512 | 5528ab054d2baf7b2ac4f6ba04e9eaf208ee2068dd544481ac008a1fdcdb9d16943fd40f21cae1192c4f848a1c6def054497cf9cba9861941448276e989d1d16 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c
| MD5 | 5ad67628093b90d7b09f19fea57ebe1d |
| SHA1 | c983290e8692fe0d4a5a6f7354c27ad4c61a0221 |
| SHA256 | 4c79b51c58fa56da28c18b94f01cd86596fcceeabe3f7e624cfd355bb966b63c |
| SHA512 | 77831e58cad399009e784dca517836ed2a27237890f5ab63dda6409b528952313c33f76b689076162f239d3de2da1aa96d369c19a3a328da431ce712642574b8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 90bb75432e88c703469a3b4a1b6ac3fe |
| SHA1 | 5711ab7339153a6daabfd43b71d73fcb09be1611 |
| SHA256 | 6522c5b2c6b730e2c16c2e3b0d623b36aec0be9a1158504cc59fa4a12da056e1 |
| SHA512 | beff67b3189270f71ea447ad5379a3b5c8873a8ec5f699b8b007adf02bc1d0e86a76b8eb8de45489361dbb0b560c2a10ef64b6c70748945ef50e2a7180614a79 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 6b4443639aae0a25e09f0ea0ba257a26 |
| SHA1 | 1598405281f621d091b4830d5e3d94b43708cc7a |
| SHA256 | f92cd4c19704b5816bf0d3c734839c46e79352e78e6a242ceb8198f80c02ccba |
| SHA512 | 04440c8b1193b9273a25b71f97b6fab604ed04b5dadf9e2918281f95d628b8a4a25f6a90bb270b1b928bdc5c9ab619c9368d3a32e534e073a4f70bb4d05a9145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6c9374a05f30bce5840d6b3a9cbe8526 |
| SHA1 | 9a419a3d719c90f5a6d8c063ad15f913722ed303 |
| SHA256 | dfecb1cb09cda5b41465c44a2d1b432b4f4f044208013aab97e4a8cc37f3a180 |
| SHA512 | 15d3dd2dc6f9b13f89efe2147ca03e1409335eff1c2a2b16870651bf5f4691816166bbcfd02552d90f3ff1b7cbaf78cb0de31ecc0d60c216a685f95ca904a17a |