Malware Analysis Report

2025-05-06 00:24

Sample ID 241109-z61vjs1qew
Target 3.2.2
SHA256 9f1ccb3a2f2878c4994260fb3bd901d765846bd515a505c1e1a8132acd380b14
Tags
defense_evasion discovery persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

9f1ccb3a2f2878c4994260fb3bd901d765846bd515a505c1e1a8132acd380b14

Threat Level: Likely malicious

The file 3.2.2 was found to be: Likely malicious.

Malicious Activity Summary

defense_evasion discovery persistence

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

Enumerates connected drives

Adds Run key to start application

Checks installed software on the system

Drops file in Program Files directory

Subvert Trust Controls: Mark-of-the-Web Bypass

Drops file in Windows directory

System Location Discovery: System Language Discovery

System Time Discovery

Enumerates physical storage devices

Browser Information Discovery

Suspicious use of SetWindowsHookEx

Modifies registry class

Suspicious behavior: EnumeratesProcesses

NTFS ADS

Modifies data under HKEY_USERS

Enumerates system info in registry

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-09 21:20

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-09 21:20

Reported

2024-11-09 21:26

Platform

win11-20241007-en

Max time kernel

316s

Max time network

317s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\3.2

Signatures

Downloads MZ/PE file

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Windows\Temp\{2DE9528E-8E35-4BF8-85C7-A1AB1B41E3AF}\.cr\dotnet-sdk-6.0.427-win-x64.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{da65d3c5-6c27-411f-a0e9-4b828d92a996} = "\"C:\\ProgramData\\Package Cache\\{da65d3c5-6c27-411f-a0e9-4b828d92a996}\\dotnet-sdk-6.0.427-win-x64.exe\" /burn.runonce" C:\Windows\Temp\{315E96D6-881D-4229-95E2-90A0AB83B73D}\.be\dotnet-sdk-6.0.427-win-x64.exe N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\packs\Microsoft.NETCore.App.Host.win-arm\6.0.35\runtimes\win-arm\native\apphost.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\packs\NETStandard.Library.Ref\2.1.0\ref\netstandard2.1\System.Diagnostics.Contracts.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.35\zh-Hans\UIAutomationClientSideProviders.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App\6.0.35\Microsoft.AspNetCore.Components.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\6.0.427\FSharp\System.Security.Cryptography.Pkcs.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\6.0.427\TestHost\tr\Microsoft.TestPlatform.CoreUtilities.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\6.0.427\DotnetTools\dotnet-watch\6.0.427-servicing.24468.28\tools\net6.0\any\pl\Microsoft.CodeAnalysis.Workspaces.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\6.0.427\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.GenerateSupportedRuntime.targets C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\packs\Microsoft.AspNetCore.App.Ref\6.0.35\ref\net6.0\Microsoft.AspNetCore.Hosting.Abstractions.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\6.0.427\de\NuGet.PackageManagement.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\6.0.427\pl\NuGet.LibraryModel.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\6.0.427\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysislevelglobalization_6_none.editorconfig C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\6.0.427\Sdks\Microsoft.NET.Sdk.Worker\targets\Microsoft.NET.Sdk.Worker.targets C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\packs\NETStandard.Library.Ref\2.1.0\ref\netstandard2.1\System.Threading.Tasks.Extensions.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.35\zh-Hans\System.Xaml.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\6.0.427\Sdks\Microsoft.NET.Sdk.Publish\tools\net472\es\Microsoft.NET.Sdk.Publish.Tasks.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\6.0.427\tr\NuGet.CommandLine.XPlat.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\6.0.427\fr\dotnet.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\6.0.427\DotnetTools\dotnet-format\it\Microsoft.CodeAnalysis.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\6.0.427\DotnetTools\dotnet-watch\6.0.427-servicing.24468.28\tools\net6.0\any\tr\Microsoft.CodeAnalysis.CSharp.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\6.0.427\de\NuGet.Packaging.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Private.Xml.Linq.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\packs\Microsoft.NETCore.App.Ref\6.0.35\ref\net6.0\System.Xml.XDocument.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\6.0.427\TestHost\de\Microsoft.VisualStudio.TestPlatform.ObjectModel.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\packs\NETStandard.Library.Ref\2.1.0\ref\netstandard2.1\System.Runtime.Serialization.Formatters.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\6.0.427\TestHost\zh-Hant\Microsoft.TestPlatform.CoreUtilities.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\6.0.427\it\NuGet.Common.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\6.0.427\vstest.console.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\6.0.427\de\Microsoft.Build.Tasks.Core.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\6.0.427\ko\Microsoft.TestPlatform.CommunicationUtilities.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\6.0.427\DotnetTools\dotnet-format\ru\Microsoft.CodeAnalysis.CSharp.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\6.0.427\DotnetTools\dotnet-format\pt-BR\Microsoft.CodeAnalysis.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\6.0.427\cs\Microsoft.DotNet.TemplateLocator.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Cryptography.Csp.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.35\cs\System.Xaml.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\packs\Microsoft.AspNetCore.App.Ref\6.0.35\ref\net6.0\Microsoft.AspNetCore.Authorization.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\6.0.427\DotnetTools\dotnet-watch\6.0.427-servicing.24468.28\tools\net6.0\any\cs\Microsoft.CodeAnalysis.Scripting.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\6.0.427\TestHost\testhost.net461.x86.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\6.0.427\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysisleveldesign_6_all.editorconfig C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\6.0.427\DotnetTools\dotnet-watch\6.0.427-servicing.24468.28\tools\net6.0\any\de\System.CommandLine.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\6.0.427\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.Sdk.targets C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\6.0.427\Extensions\pl\Microsoft.TestPlatform.Extensions.EventLogCollector.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\6.0.427\Sdks\Microsoft.NET.Sdk\analyzers\build\analysislevelsecurity_5_recommended.editorconfig C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\packs\Microsoft.AspNetCore.App.Ref\6.0.35\ref\net6.0\Microsoft.AspNetCore.Mvc.Abstractions.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\6.0.427\FSharp\zh-Hant\FSharp.DependencyManager.Nuget.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\packs\Microsoft.NETCore.App.Ref\6.0.35\ref\net6.0\System.Net.WebSockets.Client.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\6.0.427\Sdks\Microsoft.NET.Sdk.Razor\targets\Microsoft.NET.Sdk.Razor.MvcApplicationPartsDiscovery.targets C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\6.0.427\de\System.CommandLine.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\6.0.427\Sdks\Microsoft.NET.Sdk\codestyle\cs\ja\Microsoft.CodeAnalysis.CSharp.CodeStyle.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\6.0.427\FSharp\fr\FSharp.Compiler.Interactive.Settings.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\6.0.427\DotnetTools\dotnet-format\pl\Microsoft.CodeAnalysis.VisualBasic.Workspaces.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Handles.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Reflection.Emit.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\6.0.427\TestHost\testhost.net452.x86.exe.config C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\packs\Microsoft.NETCore.App.Ref\6.0.35\ref\net6.0\System.Net.Http.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.35\pl\PresentationCore.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\6.0.427\Extensions\it\Microsoft.TestPlatform.Extensions.EventLogCollector.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\packs\Microsoft.AspNetCore.App.Ref\6.0.35\ref\net6.0\Microsoft.Extensions.FileProviders.Abstractions.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\6.0.427\Roslyn\bincore\es\Microsoft.CodeAnalysis.VisualBasic.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\6.0.427\FSharp\fsi.deps.json C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\6.0.427\zh-Hant\NuGet.Configuration.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App\6.0.35\Microsoft.AspNetCore.Metadata.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\packs\Microsoft.AspNetCore.App.Ref\6.0.35\ref\net6.0\Microsoft.Extensions.Configuration.CommandLine.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\6.0.427\DotnetTools\dotnet-format\runtimes\unix\lib\net6.0\System.Drawing.Common.dll C:\Windows\system32\msiexec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Installer\MSIF275.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF33B0043D2E9DA33B.TMP C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DFFF04671164E72DA8.TMP C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIF031.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DFF98BFC248FE9163B.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DFB156D1158C2EBA3F.TMP C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF0FDF463E7A83DB48.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5ad01b.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{8AA69679-CCD6-42D9-BCDA-99BE386D57B7} C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF68870D40740CA09C.TMP C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI651B.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIDD2A.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI105.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created C:\Windows\SystemTemp\~DFFFE1950BE1608A8D.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF806F73E69A161691.TMP C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI2976.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF984776595C1AC9C2.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{059C32BA-74D1-43F6-9C13-16CC9D5822CE} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIF641.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{69B1631F-5F98-4C6C-B757-46B0ECC8EDBB} C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DFFE95E1317228DE98.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{A7036CFB-B403-4598-85FF-D397ABB88173} C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF57E89699101B1C71.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5ad02b.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5ad030.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF16453A10418E2FAF.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5ad025.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DFD7B83EFEB0A32ABE.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF97D39B023ACC38C9.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF1647AF7FBC46D91F.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5ad035.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5ad04e.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\1A10695CB177B6249A7FC6CAAC4CBDE4 C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5ad007.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{B6D1CAAB-094D-44D4-A5E6-0377349AB364} C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{BBA9C60D-75E7-44EE-922D-069AA85C8EC1} C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DFA3AE5AC25B671021.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DFB73E60269E396C5D.TMP C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI1939.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DFFB999E18E16957A7.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5ad03a.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF589736F9318A291E.TMP C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIEE6A.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF67F53853BFC94935.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5acffe.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e5ad012.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI1CA8.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DFD485A869B485DB85.TMP C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI250F.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF30636F4B4182162A.TMP C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIE117.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF1E19EF887426F7D6.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF4484F33D20717123.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DFAE4462A9CFEAEFB5.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5ad049.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI1AE1.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF0A46118724D1F610.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5ad01c.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DFFDC38B312098B5B7.TMP C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\E39B69A3F3677E14587CF1C3CC73FE72\48.108.8828\fileCoreHostExe C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIEB79.tmp C:\Windows\system32\msiexec.exe N/A

Subvert Trust Controls: Mark-of-the-Web Bypass

defense_evasion
Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\dotnet-sdk-6.0.427-win-x64.exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Users\Admin\Downloads\R6Downloader_V3_2_2.exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\R6Downloader_V3_2_2.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\R6Downloader_V3_2_2.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Temp\{315E96D6-881D-4229-95E2-90A0AB83B73D}\.be\dotnet-sdk-6.0.427-win-x64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Temp\{2DE9528E-8E35-4BF8-85C7-A1AB1B41E3AF}\.cr\dotnet-sdk-6.0.427-win-x64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\dotnet-sdk-6.0.427-win-x64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A

System Time Discovery

discovery
Description Indicator Process Target
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2f C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3C C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2c C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\33 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\37 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\36 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\38 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\29 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2F C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\35 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\35 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3c C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" C:\Windows\system32\LogonUI.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\28 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2D C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\34 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\36 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\39 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2E C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\32 C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432" C:\Windows\system32\LogonUI.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\31 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\37 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3B C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3D C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268" C:\Windows\system32\LogonUI.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00 C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\28 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2A C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\31 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent C:\Windows\system32\LogonUI.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\39 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2C C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\33 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3b C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "183" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\32 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3d C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\27 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2d C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3e C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\34 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3a C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133756608789197868" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\29 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2B C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\30 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\30 C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" C:\Windows\system32\LogonUI.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\38 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3A C:\Windows\system32\msiexec.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\68B90433AC5300042ACF459BDA4774C4\ProductName = "Microsoft .NET AppHost Pack - 6.0.35 (x64)" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NET.Sdk.macOS,6.0.300,x64\ = "{F590F859-2F6A-4559-9D09-A8FC442AF16B}" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\windowsdesktop_runtime_48.140.21525_x64\Version = "48.140.21525" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\4964C5FEFCAA02234B5879E00AB47607\FT_ProductInfo C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Dotnet_CLI_HostFxr_48.140.21458_x64 C:\Windows\Temp\{315E96D6-881D-4229-95E2-90A0AB83B73D}\.be\dotnet-sdk-6.0.427-win-x64.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1A10695CB177B6249A7FC6CAAC4CBDE4\Language = "1033" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\68B90433AC5300042ACF459BDA4774C4\InstanceType = "0" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AB23C9501D476F34C93161CCD98522EC\Version = "814502866" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\2B53EE11CE34DE73B8AFF22272CCFD01\InstanceType = "0" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1523682C7E700A442B8FC4E4A20F9873\DeploymentFlags = "3" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.AspNetCore.SharedFramework_x64_en_US.UTF-8,v6.0.35-servicing.24462.14\Dependents C:\Windows\Temp\{315E96D6-881D-4229-95E2-90A0AB83B73D}\.be\dotnet-sdk-6.0.427-win-x64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E39B69A3F3677E14587CF1C3CC73FE72\SourceList C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\dotnet_targeting_pack_48.140.21458_x64\DisplayName = "Microsoft .NET Targeting Pack - 6.0.35 (x64)" C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6088AB871FBA7ED43B4ADA0845887FA5\Clients = 3a0000000000 C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BFC6307A304B895458FF3D79BA8B1837\DeploymentFlags = "3" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\97696AA86DCC9D24CBAD99EB83D6757B C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1C11CBDE3F78C13418158D569EC47FA7\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{EDBC11C1-87F3-431C-8151-D865E94CF77A}v24.8.55382\\" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_HostFxr_48.140.21458_x64\DisplayName = "Microsoft .NET Host FX Resolver - 6.0.35 (x64)" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AB23C9501D476F34C93161CCD98522EC\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{059C32BA-74D1-43F6-9C13-16CC9D5822CE}v48.140.21458\\" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\C6F8C8E41039ADF38B6FB61094C722AC\2B53EE11CE34DE73B8AFF22272CCFD01 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1A10695CB177B6249A7FC6CAAC4CBDE4\PackageCode = "0B63644C19FCF324E8BB5E6C9CCC814A" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1A10695CB177B6249A7FC6CAAC4CBDE4\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{C59601A1-771B-426B-A9F7-6CACCAC4DB4E}v48.140.21458\\" C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\68B90433AC5300042ACF459BDA4774C4\Clients = 3a0000000000 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AB23C9501D476F34C93161CCD98522EC\SourceList\Media\1 = ";" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\97696AA86DCC9D24CBAD99EB83D6757B\SourceList\Net C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\958F095FA6F29554D9908ACF44A21FB6\F_PackageContent C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\12D856D4734A13D3AA983C20F81194EF\1523682C7E700A442B8FC4E4A20F9873 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.NET.Sdk.tvOS,6.0.300,x64 C:\Windows\Temp\{315E96D6-881D-4229-95E2-90A0AB83B73D}\.be\dotnet-sdk-6.0.427-win-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\8DD668DCCC55D4A4D4D58E8AD1BA2D86 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\dotnet_apphost_pack_48.140.21458_x64 C:\Windows\Temp\{315E96D6-881D-4229-95E2-90A0AB83B73D}\.be\dotnet-sdk-6.0.427-win-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\AB23C9501D476F34C93161CCD98522EC\MainFeature C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\2C195E4FD01863D44B9FCD550103911D\Clients = 3a0000000000 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NET.Workload.Mono.ToolChain,6.0.300,x64\Dependents\{da65d3c5-6c27-411f-a0e9-4b828d92a996} C:\Windows\Temp\{315E96D6-881D-4229-95E2-90A0AB83B73D}\.be\dotnet-sdk-6.0.427-win-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\6DD41E7F3A253045740E8D31C01180EE\CEE6F97CB2A3D7843A6BDE4F50B7E4B4 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1A10695CB177B6249A7FC6CAAC4CBDE4\ProductName = "Microsoft .NET Host - 6.0.35 (x64)" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BAAC1D6BD4904D445A6E307743A93B46\SourceList\PackageName = "dotnet-apphost-pack-6.0.35-win-x64_arm64.msi" C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BFC6307A304B895458FF3D79BA8B1837\Clients = 3a0000000000 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\87B1BED0628581A71197CC0DF90AF82C\C6DE619AECB150A48B0D73D88FD17B56 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1C11CBDE3F78C13418158D569EC47FA7\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{EDBC11C1-87F3-431C-8151-D865E94CF77A}v24.8.55382\\" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1523682C7E700A442B8FC4E4A20F9873\SourceList\PackageName = "Microsoft.NET.Sdk.Maui.Manifest-6.0.300.6.0.312-x64.msi" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\4964C5FEFCAA02234B5879E00AB47607\FT_AspNetCoreSharedFramework C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\810E5A11AA82BD3449439249C0277EAC C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\2B53EE11CE34DE73B8AFF22272CCFD01\PackageCode = "3A0F3EE46D945804D9D5C95AC9D67D31" C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\CEE6F97CB2A3D7843A6BDE4F50B7E4B4\Clients = 3a0000000000 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\852FDFC151B573E7472C4B08C5556089\6088AB871FBA7ED43B4ADA0845887FA5 C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BAAC1D6BD4904D445A6E307743A93B46\AuthorizedLUAApp = "0" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1A10695CB177B6249A7FC6CAAC4CBDE4\AdvertiseFlags = "388" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BFC6307A304B895458FF3D79BA8B1837\Language = "1033" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\97696AA86DCC9D24CBAD99EB83D6757B\PackageCode = "2E39810667D9F7249BA61BA142BE50B6" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1523682C7E700A442B8FC4E4A20F9873\SourceList C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\83F2FBF4089F7A0409369C6970340B1B\SourceList C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\dotnet_targeting_pack_48.140.21458_x64 C:\Windows\Temp\{315E96D6-881D-4229-95E2-90A0AB83B73D}\.be\dotnet-sdk-6.0.427-win-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BAAC1D6BD4904D445A6E307743A93B46\PackageCode = "7B5B05168DBE3494AB3B85C2F8B361E1" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.AspNetCore.TargetingPack_x64_en_US.UTF-8,v6.0.35-servicing.24462.14\Dependents\{da65d3c5-6c27-411f-a0e9-4b828d92a996} C:\Windows\Temp\{315E96D6-881D-4229-95E2-90A0AB83B73D}\.be\dotnet-sdk-6.0.427-win-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\2C195E4FD01863D44B9FCD550103911D C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F1361B9689F5C6C47B75640BCE8CDEBB\PackageCode = "CA0D1192069927A4E9B0E79E4F6D0EC8" C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\EE3C3B8068D5BB24480D971EB747F9CB\Clients = 3a0000000000 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_SharedHost_48.3.31210_x64\DisplayName = "Microsoft .NET Host - 6.0.35 (x64)" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1A10695CB177B6249A7FC6CAAC4CBDE4\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{C59601A1-771B-426B-A9F7-6CACCAC4DB4E}v48.140.21458\\" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\F1361B9689F5C6C47B75640BCE8CDEBB\F_DependencyProvider C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4964C5FEFCAA02234B5879E00AB47607\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{EF5C4694-AACF-3220-B485-970EA04B6770}v6.0.35.24462\\" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\CEE6F97CB2A3D7843A6BDE4F50B7E4B4\Version = "814502866" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\810E5A11AA82BD3449439249C0277EAC\AdvertiseFlags = "388" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\netstandard_targeting_pack_24.0.28113_x64\Dependents\{da65d3c5-6c27-411f-a0e9-4b828d92a996} C:\Windows\Temp\{315E96D6-881D-4229-95E2-90A0AB83B73D}\.be\dotnet-sdk-6.0.427-win-x64.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\R6Downloader_V3_2_2.exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Users\Admin\Downloads\dotnet-sdk-6.0.427-win-x64.exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\LogonUI.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4676 wrote to memory of 1216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4676 wrote to memory of 1216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4676 wrote to memory of 5060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4676 wrote to memory of 5060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4676 wrote to memory of 5060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4676 wrote to memory of 5060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4676 wrote to memory of 5060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4676 wrote to memory of 5060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4676 wrote to memory of 5060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4676 wrote to memory of 5060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4676 wrote to memory of 5060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4676 wrote to memory of 5060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4676 wrote to memory of 5060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4676 wrote to memory of 5060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4676 wrote to memory of 5060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4676 wrote to memory of 5060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4676 wrote to memory of 5060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4676 wrote to memory of 5060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4676 wrote to memory of 5060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4676 wrote to memory of 5060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4676 wrote to memory of 5060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4676 wrote to memory of 5060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4676 wrote to memory of 5060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4676 wrote to memory of 5060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4676 wrote to memory of 5060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4676 wrote to memory of 5060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4676 wrote to memory of 5060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4676 wrote to memory of 5060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4676 wrote to memory of 5060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4676 wrote to memory of 5060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4676 wrote to memory of 5060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4676 wrote to memory of 5060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4676 wrote to memory of 1488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4676 wrote to memory of 1488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4676 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4676 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4676 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4676 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4676 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4676 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4676 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4676 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4676 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4676 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4676 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4676 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4676 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4676 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4676 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4676 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4676 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4676 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4676 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4676 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4676 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4676 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4676 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4676 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4676 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4676 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4676 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4676 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4676 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4676 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\3.2

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe9d85cc40,0x7ffe9d85cc4c,0x7ffe9d85cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1764,i,12742299615116956718,2659825496964581581,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1760 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1616,i,12742299615116956718,2659825496964581581,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2096 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2180,i,12742299615116956718,2659825496964581581,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2196 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3068,i,12742299615116956718,2659825496964581581,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3228 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3148,i,12742299615116956718,2659825496964581581,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3280 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4440,i,12742299615116956718,2659825496964581581,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3064 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4632,i,12742299615116956718,2659825496964581581,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4636 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4712,i,12742299615116956718,2659825496964581581,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4724 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4588,i,12742299615116956718,2659825496964581581,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4880 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4900,i,12742299615116956718,2659825496964581581,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4884 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4880,i,12742299615116956718,2659825496964581581,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5060 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5084,i,12742299615116956718,2659825496964581581,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4644 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5064,i,12742299615116956718,2659825496964581581,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5116 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5124,i,12742299615116956718,2659825496964581581,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5052 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5228,i,12742299615116956718,2659825496964581581,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4568 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5328,i,12742299615116956718,2659825496964581581,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5364 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=868,i,12742299615116956718,2659825496964581581,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4988 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5376,i,12742299615116956718,2659825496964581581,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4636 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=4312,i,12742299615116956718,2659825496964581581,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3052 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4508,i,12742299615116956718,2659825496964581581,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4404 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5212,i,12742299615116956718,2659825496964581581,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5500 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5480,i,12742299615116956718,2659825496964581581,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5128 /prefetch:8

C:\Users\Admin\Downloads\dotnet-sdk-6.0.427-win-x64.exe

"C:\Users\Admin\Downloads\dotnet-sdk-6.0.427-win-x64.exe"

C:\Windows\Temp\{2DE9528E-8E35-4BF8-85C7-A1AB1B41E3AF}\.cr\dotnet-sdk-6.0.427-win-x64.exe

"C:\Windows\Temp\{2DE9528E-8E35-4BF8-85C7-A1AB1B41E3AF}\.cr\dotnet-sdk-6.0.427-win-x64.exe" -burn.clean.room="C:\Users\Admin\Downloads\dotnet-sdk-6.0.427-win-x64.exe" -burn.filehandle.attached=608 -burn.filehandle.self=756

C:\Windows\Temp\{315E96D6-881D-4229-95E2-90A0AB83B73D}\.be\dotnet-sdk-6.0.427-win-x64.exe

"C:\Windows\Temp\{315E96D6-881D-4229-95E2-90A0AB83B73D}\.be\dotnet-sdk-6.0.427-win-x64.exe" -q -burn.elevated BurnPipe.{49546B41-214D-48B2-A97B-D501EF853BE2} {F7C72383-62EA-44A6-81BC-53F52505540B} 3216

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 0202705D51ACDA6FD3DFD6578E86F7B7

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding CD06B780547BC7B39E0640194583EC5E

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 617E066464FA0BB3F8679A42C0622B48

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding ABD93D5355261375C6CC1BDD735C264C

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 0275BF51B8535F06D1A2F3FD7B9C40BA

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 1B6E4628FA0DE2EA854C8135E465B5A4

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding DD419FA8957AD06B79B8B6878A64317D

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 0D6D742DC1A62EF0765774C681257B11

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 1CD37A0E5C1006DBBE650EB43A6869FA

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 4993DE360B6A91CA1BA0E6FB3CDE06DA

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 60D1256C20145920BE6C14CFD5236112

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5424,i,12742299615116956718,2659825496964581581,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5792 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=5980,i,12742299615116956718,2659825496964581581,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6024 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6148,i,12742299615116956718,2659825496964581581,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5944 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6268,i,12742299615116956718,2659825496964581581,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6276 /prefetch:8

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 8FC999948243522F658D038876D49E98

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 32DA7CF9D7DCCBC9907C9C170A81B95A

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 71720F01CAF02A8547B99D3C0B73DDD1

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding F8E15F3D8FF1CFAD9AAD71305CC1CAF9

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding DB645E3D1927937487C348C26C38F789

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding F65AB62B18449AB2571A2573A2AEEDF4

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding E04CBB35B27F13EE08C1FCBF8F7A3ED4

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 4EE814CBDD648D455D7D63989BA853D6

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 69CCC1BCE9F291F1092646CA3C135E94

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding EB557350F5D6154EF389E7A6B720CA38

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 96AF23493F24F00E550E7F22F626B854

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=4892,i,12742299615116956718,2659825496964581581,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6560 /prefetch:1

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding DB4247C49CB6E49410B9D4917216602C E Global\MSI0000

C:\Program Files\dotnet\dotnet.exe

"C:\Program Files\dotnet\\dotnet.exe" exec "C:\Program Files\dotnet\\sdk\6.0.427\dotnet.dll" internal-reportinstallsuccess "C:\Users\Admin\Downloads\dotnet-sdk-6.0.427-win-x64.exe"

C:\Windows\system32\getmac.exe

"C:\Windows\system32\getmac.exe"

C:\Windows\system32\getmac.exe

"C:\Windows\system32\getmac.exe"

C:\Windows\system32\getmac.exe

"C:\Windows\system32\getmac.exe"

C:\Windows\system32\getmac.exe

"C:\Windows\system32\getmac.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=6752,i,12742299615116956718,2659825496964581581,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6576 /prefetch:1

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 18133574617DF114AE9FBF95336A313F

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6768,i,12742299615116956718,2659825496964581581,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6816 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6988,i,12742299615116956718,2659825496964581581,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7116 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6788,i,12742299615116956718,2659825496964581581,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6784 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6812,i,12742299615116956718,2659825496964581581,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3292 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5920,i,12742299615116956718,2659825496964581581,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5820 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6248,i,12742299615116956718,2659825496964581581,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6256 /prefetch:8

C:\Users\Admin\Downloads\R6Downloader_V3_2_2.exe

"C:\Users\Admin\Downloads\R6Downloader_V3_2_2.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\D955.tmp\D956.tmp\D957.bat C:\Users\Admin\Downloads\R6Downloader_V3_2_2.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" ECHO C:\Users\Admin\Downloads "

C:\Windows\system32\find.exe

FIND /C "OneDrive"

C:\Windows\system32\mode.com

MODE 100,50

C:\Program Files\dotnet\dotnet.exe

dotnet --version

C:\Windows\system32\findstr.exe

findstr /C:"8.0"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://dotnet.microsoft.com/download/dotnet/thank-you/sdk-8.0.400-windows-x64-installer

C:\Program Files\dotnet\dotnet.exe

dotnet --version

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffea0223cb8,0x7ffea0223cc8,0x7ffea0223cd8

C:\Program Files\dotnet\dotnet.exe

dotnet --list-runtimes

C:\Program Files\dotnet\dotnet.exe

dotnet --list-sdks

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1952,17577822651436901812,639026584042663575,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1980 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1952,17577822651436901812,639026584042663575,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1952,17577822651436901812,639026584042663575,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2560 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,17577822651436901812,639026584042663575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,17577822651436901812,639026584042663575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1

C:\Users\Admin\Downloads\R6Downloader_V3_2_2.exe

"C:\Users\Admin\Downloads\R6Downloader_V3_2_2.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\166E.tmp\166F.tmp\1670.bat C:\Users\Admin\Downloads\R6Downloader_V3_2_2.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" ECHO C:\Users\Admin\Downloads "

C:\Windows\system32\find.exe

FIND /C "OneDrive"

C:\Windows\system32\mode.com

MODE 100,50

C:\Program Files\dotnet\dotnet.exe

dotnet --version

C:\Windows\system32\findstr.exe

findstr /C:"8.0"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://dotnet.microsoft.com/download/dotnet/thank-you/sdk-8.0.400-windows-x64-installer

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffea0223cb8,0x7ffea0223cc8,0x7ffea0223cd8

C:\Program Files\dotnet\dotnet.exe

dotnet --version

C:\Program Files\dotnet\dotnet.exe

dotnet --list-runtimes

C:\Program Files\dotnet\dotnet.exe

dotnet --list-sdks

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1808,8390634640148294508,5027648678434469580,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1856 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1808,8390634640148294508,5027648678434469580,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1808,8390634640148294508,5027648678434469580,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,8390634640148294508,5027648678434469580,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,8390634640148294508,5027648678434469580,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,8390634640148294508,5027648678434469580,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1808,8390634640148294508,5027648678434469580,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5476 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,8390634640148294508,5027648678434469580,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x4 /state0:0xa39d4855 /state1:0x41c64e6d

Network

Country Destination Domain Proto
GB 142.250.179.228:443 www.google.com tcp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
GB 142.250.200.42:443 content-autofill.googleapis.com tcp
GB 216.58.201.110:443 apis.google.com tcp
GB 142.250.200.42:443 content-autofill.googleapis.com udp
GB 172.217.16.238:443 play.google.com tcp
N/A 224.0.0.251:5353 udp
GB 142.250.178.14:443 clients2.google.com tcp
GB 216.58.213.1:443 clients2.googleusercontent.com tcp
GB 142.250.179.228:443 www.google.com udp
GB 142.250.200.42:443 content-autofill.googleapis.com tcp
US 13.107.246.65:443 dotnet.microsoft.com tcp
US 13.107.246.65:443 dotnet.microsoft.com tcp
US 13.107.246.65:443 dotnet.microsoft.com tcp
US 23.192.22.93:443 www.microsoft.com tcp
GB 216.58.213.3:443 beacons.gcp.gvt2.com tcp
GB 216.58.213.3:443 beacons.gcp.gvt2.com tcp
DE 34.89.141.94:443 e2c16.gcp.gvt2.com tcp
GB 172.217.169.35:443 beacons.gvt2.com tcp
US 23.192.22.93:443 www.microsoft.com tcp
US 13.107.246.65:443 dotnet.microsoft.com tcp
US 13.107.246.65:443 dotnet.microsoft.com tcp
IE 52.16.17.254:443 w.usabilla.com tcp
NL 18.239.15.158:443 d6tizftlrpuof.cloudfront.net tcp
US 20.9.155.145:443 westus2-0.in.applicationinsights.azure.com tcp
US 20.189.173.13:443 browser.events.data.microsoft.com tcp
US 20.189.173.13:443 browser.events.data.microsoft.com tcp
US 20.189.173.13:443 browser.events.data.microsoft.com tcp
US 20.9.155.145:443 westus2-0.in.applicationinsights.azure.com tcp
US 20.189.173.13:443 browser.events.data.microsoft.com tcp
US 199.232.214.172:443 ctldl.windowsupdate.com tcp
US 199.232.214.172:443 ctldl.windowsupdate.com tcp
NL 18.239.15.158:443 d6tizftlrpuof.cloudfront.net tcp
NL 18.239.15.158:443 d6tizftlrpuof.cloudfront.net tcp
NL 18.239.15.158:443 d6tizftlrpuof.cloudfront.net tcp
GB 216.58.213.10:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
GB 216.58.213.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 8.8.8.8:53 westus2-0.in.applicationinsights.azure.com udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com udp
GB 216.58.204.74:443 ogads-pa.googleapis.com udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.16.238:443 play.google.com udp
US 8.8.8.8:53 tunnel.googlezip.net udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 216.58.204.74:443 ogads-pa.googleapis.com udp
US 8.8.8.8:53 2.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 157.34.239.216.in-addr.arpa udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 172.217.16.238:443 play.google.com tcp
US 8.8.8.8:53 consent.google.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.109.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 154.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.109.199.185.in-addr.arpa udp
GB 216.58.213.10:443 ogads-pa.googleapis.com tcp
GB 20.26.156.215:443 github.com tcp
US 140.82.113.22:443 collector.github.com tcp
GB 216.58.213.10:443 ogads-pa.googleapis.com udp
US 185.199.111.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 22.113.82.140.in-addr.arpa udp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 185.199.110.133:443 objects.githubusercontent.com tcp
US 8.8.8.8:53 133.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 dotnet.microsoft.com udp
US 8.8.8.8:53 dotnet.microsoft.com udp
US 13.107.246.65:443 dotnet.microsoft.com tcp
US 13.107.246.65:443 dotnet.microsoft.com tcp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 js.monitor.azure.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 13.107.246.65:443 js.monitor.azure.com tcp
US 23.192.22.93:443 www.microsoft.com tcp
US 8.8.8.8:53 dotnet.microsoft.com udp
US 8.8.8.8:53 dotnet.microsoft.com udp
US 13.107.246.65:443 dotnet.microsoft.com tcp
GB 88.221.135.17:443 tcp
US 13.107.246.65:443 dotnet.microsoft.com tcp
US 8.8.8.8:53 r.bing.com udp
GB 92.123.128.189:443 r.bing.com tcp
GB 92.123.128.189:443 r.bing.com tcp
GB 92.123.128.189:443 r.bing.com tcp
GB 92.123.128.189:443 r.bing.com tcp
GB 92.123.128.189:443 r.bing.com tcp
GB 92.123.128.189:443 r.bing.com tcp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 23.192.22.93:443 www.microsoft.com tcp
US 13.107.246.65:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 target.microsoft.com udp
US 8.8.8.8:53 microsoftmscompoc.tt.omtrdc.net udp
US 8.8.8.8:53 189.128.123.92.in-addr.arpa udp
US 23.192.22.93:443 www.microsoft.com tcp
US 13.107.246.65:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 download.visualstudio.microsoft.com udp
US 199.232.210.172:443 download.visualstudio.microsoft.com tcp
US 199.232.210.172:443 download.visualstudio.microsoft.com tcp
US 8.8.8.8:53 w.usabilla.com udp
IE 52.30.162.214:443 w.usabilla.com tcp
US 8.8.8.8:53 163.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 214.162.30.52.in-addr.arpa udp
US 8.8.8.8:53 83.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 d6tizftlrpuof.cloudfront.net udp
NL 18.239.15.158:443 d6tizftlrpuof.cloudfront.net tcp
NL 18.239.15.158:443 d6tizftlrpuof.cloudfront.net tcp
NL 18.239.15.158:443 d6tizftlrpuof.cloudfront.net tcp

Files

\??\pipe\crashpad_4676_NIIJWIKILAOBRFFI

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Temp\scoped_dir4676_1808913169\5680edda-7fbc-473f-af57-2d14f370fcd9.tmp

MD5 da75bb05d10acc967eecaac040d3d733
SHA1 95c08e067df713af8992db113f7e9aec84f17181
SHA256 33ae9b8f06dc777bb1a65a6ba6c3f2a01b25cd1afc291426b46d1df27ea6e7e2
SHA512 56533de53872f023809a20d1ea8532cdc2260d40b05c5a7012c8e61576ff092f006a197f759c92c6b8c429eeec4bb542073b491ddcfd5b22cd4ecbe1a8a7c6ef

C:\Users\Admin\AppData\Local\Temp\scoped_dir4676_1808913169\CRX_INSTALL\_locales\en_CA\messages.json

MD5 558659936250e03cc14b60ebf648aa09
SHA1 32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825
SHA256 2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b
SHA512 1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\dasherSettingSchema.json

MD5 4ec1df2da46182103d2ffc3b92d20ca5
SHA1 fb9d1ba3710cf31a87165317c6edc110e98994ce
SHA256 6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6
SHA512 939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\_locales\en_CA\messages.json

MD5 07ffbe5f24ca348723ff8c6c488abfb8
SHA1 6dc2851e39b2ee38f88cf5c35a90171dbea5b690
SHA256 6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c
SHA512 7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 1c533382c96c4bec57cc6b03e5466b9b
SHA1 5cca79d99e26b79cb002300615ae638b0ca12d29
SHA256 7addab5c71b1c5e9633884017cd0ff56cf5389fd8221927977a142141c74a8c8
SHA512 47f3086ab8b1d150bed0bca1840bbd74009e684248f8d6502097c0f2d09f88bd5b07e988ff007af0bb36dd3254ad6f1036fa602868b941a0b5bd97366cc7f740

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

MD5 e579aca9a74ae76669750d8879e16bf3
SHA1 0b8f462b46ec2b2dbaa728bea79d611411bae752
SHA256 6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf
SHA512 df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 6feb79b1248fa9afa49b1b490e7e0880
SHA1 01d704ff9444b55e577a739f98c3531566c4539c
SHA256 ade5062773141bbb295f00cfabd22b9da7451c13aae514dd7cf825756d65f92f
SHA512 2599d7fa4fa1c6ffdd040b3c6b582ef1c8f72f3e834bf1e62839c1aeca2b8d5bcd260d8cdb1a9011c735bd141499a8e0f769759d5c9774789c2c320ad3c55416

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bde2ca8e03f4ea2cda0b203a5b2c543e
SHA1 2dd8e8a5a46ed4d9ad238206b0635b9539a625a0
SHA256 5d9680d34eeac131d581e064f3d067c68983a853aa91f31abfc064aed166c325
SHA512 e45431c18c18e43ea4af037ea79db824f572826a17010afa1b4fffc1598896878494a2d8c9eb8baf6d918175abddd66552d06d5e200f668a0628daf29b9c3b4d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e9b692bcc81bd28dce887ab243a2068e
SHA1 1eee767190a12a5340addae636da37f05ad47b29
SHA256 49b341d0543adfbce5617d294937b7ffd8a82ea3940b92fdea6bf282d792f568
SHA512 f779fc2e6664b9da33f122473d5bdf368f42aeb91409b2e956a969b7c8b8a0bae25aa741befc5f9ef842f60c7a1446cfcdf0a1940fa2e5d4842e0e6503b75d51

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 d2a6f5ffd26f18970b1284585e1f0e1e
SHA1 7199c71fbf185766d466c1c835d0e7b69bc79d5e
SHA256 5fe3124161ae3fe10a6e3a0d1cd4f37d3b73cdc0e39bcbc4a5e50e868ebe7bf1
SHA512 8bacc92e6e28fb39482e0cd9455dac63f11d1e1f1ff9b3105035502759cd3831992e07571e01108f7ad39bea4dd9eb297e38f5197676dec382253492f74549ac

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 52f74b64a5f4da71d07b3f22cbf47fe6
SHA1 5dd180b125695f81fb2d7103ae1c98604498c92a
SHA256 4e21b332183cafcfbb9a73c62ced9358a7b671a9b473ccb358d8978eb645fbc0
SHA512 65734361e2f847243d0b1e217ffad3c68729867b263c3727a7cdb578d8beee0f6cf3d89aa6f3e3724846bca04c3c2b0f03b1bb28165e59bdbac21078abe4a63b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 352525e8ecb6a5dab0a3414545e71576
SHA1 d791649cbae33ca8e3e16183063dba60503fb4a8
SHA256 910335d671bc508d94fdeca988cc33b451ec4fc3c0be9dc0a2f9cace3923ffa8
SHA512 06da606e0d0a8d7208f5696de63c303fd078a1a76264379a8f30b53750fb2d9b73221e9164f64f49955081cfea783d6c99a5bbaf4282c4c74e921257008dac26

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 337d94de2a3b723154b461eb9da672b1
SHA1 364e0fa2188b8df3455ef3cfbf4138e1f1e3f58e
SHA256 a7d00fdad87192f2b75e37eb1d2066cd1535ad0b48252e908a9166155e898214
SHA512 305d846c3270b372705d12170bb1754ce1f9da8be0fca8c356f95df0efec181afedd5510a0969a3f143cbd647fb7d5d049e8431e280a16443a71d85e29a611e9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 4cd2f617085a2e06a67717de6a2c6770
SHA1 d2b85bbd884ff9a39398f76a5bd2e298c2b6bc64
SHA256 c695128c27f98df62e1c32a9da0d7aee010e92f6eb6592c776aa13ed515dc6e2
SHA512 fa636888da902e6d2ac055aff66abc5c80e1cccc5484c223171173d4e7fa06bf23e9be9be27e4667cf0ff9b9954e0813fc7b997f926cf3898671d98e878f5ebb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e577ba8e1fb7633278a7abbdd9f0e6bc
SHA1 36e7f8c42e295a6173b893b5b45e5d6a20b514c4
SHA256 22ae3731ee9a49d783dde48630887f1ec2c4c85077dfbd87045d1a3551b57893
SHA512 020ddeb24db5641f8554b30e5af8fee789f3771af2d180a2f54745d1e63e1de4d73b5ded237c20108e0f00c3b89965f6d450734ab52cfb08cb1f2bd9c37e5d0c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d73a2ef5ee1218bff822a55a8792e1f6
SHA1 b4754c1e0d4cdf679db026b9fcfa1b932b1c34fb
SHA256 0b95f8fc0426a275e0075e5a47b4329f991de9e32ea5a38c9d6c7e6f87152ee0
SHA512 4a553dd681024682304cd296864a15faf5e03c681b479034ee284039dd96f94e90ded4d8f91cdfb9e1f754081e408074858abf0bb5a7196c9b4ea6747116a10f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4d54a9e7acaedcc387b6ad4dc0a5e28c
SHA1 3ae949f6adbf0f6c5d37d9c2c0f713422b379088
SHA256 39a961e208250da9c4db3c152fc59090e338c602aa621d4d636a1a0f7fa744a0
SHA512 286d6e777ba2e888b3fe836fc52fc883bdd9cad9de7732e56969d537ca977c69d8105a6673d17c556801ab5277aa723b824b2809b5e04a398a2168d2a3732f85

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4556473f2778a39c3d3c2c280043eebe
SHA1 b72aadb6c143ad9183ac73e1ef830296c5bd37dd
SHA256 8401d99688db1e9acb1fe9fa4036227b3a2516d098923caa90a6e5a63a4458c3
SHA512 9e3a28612e838db5145b3484ba4df884a8dc0c5cdfd8a2a549222e1392b02ce81bd1bf60fb0f7c7f921081b16629714e99c89cd0fba167b662a198590ad9a61c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 fdd139ca52ecc7c313b550c9d4a1b2f6
SHA1 4dab26e60dbb9caa334260baf51815eaa9d97b8f
SHA256 32bd2459fa28656182983a1bd25c404372fff784c713aa2722c2fe453e0664c4
SHA512 812baa25e3c0274553bde189eead5522ec248fb35afe362d4eb48d5efc46e67e079f7610e79a33d1ff6d557f82a220de0479da3fd41e3cb87252f1b33bac78c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1b48d9fd68c0cb40af0be7839431ccdd
SHA1 441985ec5124f5bdd60a549a8898efc04e4b1e7f
SHA256 a55a2d1e15eb89411d555c8013f0ebd536102ce5fd9de466e33562bbfbb582a7
SHA512 39dd31b85a9fa280fa1c72bbfde23e3e88578ad1014b12335a9ce78935e0a25bc4c319dd8af7d275591b39bf2fd6faf14e903ac88ed1ffddb6b910a74805be77

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a6415be994cd4aa7aba377b3fb07b4fe
SHA1 a1003e451f69a5519a6b7c002e078f9d828629a7
SHA256 0ec27ab192268a5aa7efdc10e02f144efced32e79b71126fd722571452eb861e
SHA512 54a6d5eed7d51986d9747c3e292e6857b1bfce730c5f8971ab6106bc15781a4b855a9e4d93ecd7df05b1c908a5fc49114f455cc882f0ab60cb60feafdf0cc654

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e5a8f6ee924e648af92c3378ee68a2b3
SHA1 72b56800fcdff680831fb12ce7bbda08fe8e79fa
SHA256 221d49a10d654560d2b463e49fc12d35a9262985f7618c55a34b5ee841187d83
SHA512 2898d27a269671d0db377a23dc2528dd377c0fc533275d0cff9c38e3accaebf008f87e3e24b7d06b9e07886567984ac1c8c378796f29313e413646cbfa135b35

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 64f9b606ba556e2d1501cb7ed4b2f883
SHA1 d613325962eebc491147f62d0564f9ee57d1177f
SHA256 cb7d2bd07bde910a8686136a3f8d3b5aa298fc4ad5b0dff4508bf3de40933c6a
SHA512 6cf45b41e2d590c0db5ca519ecfd16402847c28222293397c260fd59bfd3e70936e4db2fb0870decf631d1a673d888926aea7ae8b3818aca5b375f23021012f4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 36964ba0862ecdd962f0a36e9faca7b3
SHA1 347439f593fe1829feaf4dea0a637e26c25841cb
SHA256 15c4e3547043871a0e5261dca4440b45133886b6b6c03c96fb996659e721ffb5
SHA512 410c258694be36817b121a62364bf46735f861f0ee18e723e7c0efe7d3c9068f1f451f88d9a51df58dccec448ade62125a0a0113903faea51e96430f7091987b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 325ae8539659fd52fbfbe2dd56d3cf35
SHA1 f04c30f6f7144a3d3f980658eaf5ba50ac0f8b5f
SHA256 c1017dcf687b38b68e675a04f290d96b5087d2020cdc28ae9de61bddb25b8c41
SHA512 7594d74a81ebc4c39b74a017e3bf064bdfca4c4ac64d71ff5a99d81c2bfa128a525a907bd1229337a15882d4ddb94e84a5d276d6cb828facdc76846f17d5e6de

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

MD5 f49655f856acb8884cc0ace29216f511
SHA1 cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA256 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

MD5 b5ad5caaaee00cb8cf445427975ae66c
SHA1 dcde6527290a326e048f9c3a85280d3fa71e1e22
SHA256 b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8
SHA512 92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

MD5 d222b77a61527f2c177b0869e7babc24
SHA1 3f23acb984307a4aeba41ebbb70439c97ad1f268
SHA256 80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747
SHA512 d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8c5f0b1767f455dac5e0ff43acf23864
SHA1 d0a0ffd83b769448195053a098cab7b1567b9dda
SHA256 84026960925c2cd3e0a985f02e8bb91c0f2b6fe73b858a0f9919ff56ab68e6e3
SHA512 4f9d710d75ce23203c2ed763471a8a08d34d3d190358fb8276f23d1eb168bbbc5fdecc2b81a4b1fbe16b7ce9d7232a8ff7ee61e075c825778264350b6af4b2e1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 01111fc911e1366bdd6baefe1a53abe3
SHA1 998032abce6b1626cb4673ab67e1b6c00aac4c65
SHA256 9d369fc6f7000911178ae7cb39237d6d017eac89cadc88788979b490f7bcdbfb
SHA512 0c82e8370667cacaf22d83104b9887ff84b971a87dab0187e22dc3737141506a0eb15101e53f53b1ba52f0a48d2bd518baecb7382cdbc785d07f7f50b7c4dc83

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 bea0799effc66d7426fb8febb51144cb
SHA1 d03c96b1adf9bcc0a568c68424709313bd8e5c05
SHA256 e520e32e192b45282283ffc44c25f98d3f0630f8b68eff6f0ec071d2a16bf310
SHA512 3bab97a779bdae2aeb212318bc66ea007b0fa87c6bc8a129cd3e65ac13aa40af96f52b75abf1537a9a042c84f23930afdf190deaca83f5efc05edf5df9145a2d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5a388bb9f6d2e1faef6c46b497c5a2ad
SHA1 f028f37b61d70bc86d7b476e9d3d40a6847503c2
SHA256 b4023a9d705d5ec52469b71ed8e37cf54b4dbb1c6347c44fda0bd1f76d4b9f11
SHA512 8247beac0569d72ca56866e2d0f54dd11934ff885b98a0cc88e3583082ef5670bacf3b5892d3fd84bbf393e7175b9d37088796e085ed0ed4d1f06b903b4d287a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 fb8377531bf08aa3ef26c2f97887d1bb
SHA1 f29f1e5b39ade52d590caa7f79f9ab8a2b544976
SHA256 d7b8148a18ed693836e8f0db5646398c435483345f826a408330f47e5c33e5f0
SHA512 cbd9e09ca9afe4b4b5d61a65c0832ae1dcd150b6790462e1e0ffe5ccba11cfbebb83db7e33be9a760df766b9efea2d4e852ea89d776f80f9aa00bd1cbdd16a22

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 cbb7010eb3b5fbfdf8544ad08ae38d0a
SHA1 01c77c9715ee23468f275ceef4bc091cfd1cc3f5
SHA256 39905eecf87a55b7e647538bebeddc09d6cbd77866289a2564e1d243bc4618e3
SHA512 7eaf3d5629b087e8f9c1073da59b81a5cc11af19027af589414fc9881f61745d9c01e76dbf8c4a2b7340b701c5908bb840b5cd645385e1cc87d5dd6391f239e1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fd92b7e37a42c80b114a93a9a7a66154
SHA1 b42963cd42572d918b6e907e4f042ce37faa8644
SHA256 d5dc2fbc64639ee1838d8c917a52ac82bd1ff649d733392eccfdab6174bdc20f
SHA512 82624db0f4e0f4d7b68693eba525902b39f1fa1846f68a812a45f30a525a97e34be2e5e38315fcdaf1b7b4690cbe66b3ce74eb3637e000fb14d972d27fe28437

C:\Users\Admin\Downloads\dotnet-sdk-6.0.427-win-x64.exe:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b7cfea5d0fe657b32f441afbcad71e52
SHA1 9e522830b03314b525e1a5775a95652c83ff6c20
SHA256 b8375d380a5df2dd5834a6ed43d642b2c32df72698d866e71d90d09ee9f1090b
SHA512 0e153c7f893130cae72a460eb31eaa9045911b6757494c35aee45ce180e5ee4765823654de4099580b1b8022dc346df6591a32533d7f3354fff0739023e46e48

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e07fedbfb70020d5e330d235dcba98e8
SHA1 4ed59850cd38018a1741d59f9c2ba03a7737b0a4
SHA256 b85ac603d771cf61e89a3fb987efd2aaf768b62f7984ba0f2bf9a636f809a95a
SHA512 24aa8bd84f4268d5809041249e15ddf3a08bc8be286b269c4c61062a460214d42042f8032b50e993bcbfea9dd73490bb286287a82b9944a32c22b2ce658aff7c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 944f6fd8d886a00ffd9276a8020d70ac
SHA1 bf9c69605d3e6efcaf8d1d14333e41ef15ce76b6
SHA256 791108b820fd39d00cbaa6cdde33626138e72837a3b6aa17842723c42f751519
SHA512 c56931c00d37789c06351c03ea5e1f40774642f574c7fb5090e6079c3dda64b704222fd91167571f4c26e94a76e558083dd630de382d228752edb7f5889c9696

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 55522434ead8405c5d92043574b6b6ac
SHA1 221b22078e23a84dead130e46cb6cfb7ded046a6
SHA256 560435dbb1292112022452f8b406f07bc284659fb18cc963e9c1ad0af115eda9
SHA512 7018ea8cf8a8dc4380c548f3de2748a4a7f49efee6760c9316184f856b6da6f167924c2d85a5e9949bd445ec76a4f5edfdb829f13d048dfc89893ecca93ac23e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 882e9304790d7dfcdd016bf64640df0c
SHA1 a93acb30615609042c59bcce58becaad9b034b6a
SHA256 d442a745614cb42002eccc027bb0753f8b41875dfed0d0971aa87a69b6ee0806
SHA512 407fe60ba09f6b813383c0d33cfd883fad897f95f7413e2c20a55907966553d5155de05d38174ba869f07c20d5e04a793b6228650029cbdb52e2bd1caab94091

C:\Windows\Temp\{2DE9528E-8E35-4BF8-85C7-A1AB1B41E3AF}\.cr\dotnet-sdk-6.0.427-win-x64.exe

MD5 2aa39604e2759fe7e02856cb480a6b84
SHA1 f30f81a7bd13ef3f59e26e885954281379df484b
SHA256 612072d84c3172a2c39f9e46f2f2f67dcce21d1d307c26c3583de40f8a13df11
SHA512 caac312e645d990dc248d9b2b2fce62ee090b25caf9e5d7b5fe77f86fbce5e3aa442885072ca10bf79ae0cd412251f86e652ac7d5a751d33365c0e76ff38dd7a

C:\Windows\Temp\{315E96D6-881D-4229-95E2-90A0AB83B73D}\.ba\wixstdba.dll

MD5 f68f43f809840328f4e993a54b0d5e62
SHA1 01da48ce6c81df4835b4c2eca7e1d447be893d39
SHA256 e921f69b9fb4b5ad4691809d06896c5f1d655ab75e0ce94a372319c243c56d4e
SHA512 a7a799ecf1784fb5e8cd7191bf78b510ff5b07db07363388d7b32ed21f4fddc09e34d1160113395f728c0f4e57d13768a0350dbdb207d9224337d2153dc791e1

C:\Windows\Temp\{315E96D6-881D-4229-95E2-90A0AB83B73D}\.ba\bg.png

MD5 9eb0320dfbf2bd541e6a55c01ddc9f20
SHA1 eb282a66d29594346531b1ff886d455e1dcd6d99
SHA256 9095bf7b6baa0107b40a4a6d727215be077133a190f4ca9bd89a176842141e79
SHA512 9ada3a1757a493fbb004bd767fab8f77430af69d71479f340b8b8ede904cc94cd733700db593a4a2d2e1184c0081fd0648318d867128e1cb461021314990931d

C:\Windows\Temp\{315E96D6-881D-4229-95E2-90A0AB83B73D}\windowsdesktop_targeting_pack_6.0.35_win_x64.msi

MD5 4aeb83ee03aa3171cb0458a60f16ca29
SHA1 41aa856e01dd180fb3d615f363d5b5d521e5e10f
SHA256 46dd825e5fa41203bbb751aefc9436881c6b1db9f3d03fe61631bd650186921f
SHA512 68a8ea6ab37fd36b5dba75db140a943813a2d008362227f38dceb4287a67a0bf2d5c10aae5a341650e89df6dbf51a88731a0619625b5e56ce1035028fcbde319

C:\Windows\Temp\{315E96D6-881D-4229-95E2-90A0AB83B73D}\Finalizer

MD5 ebc484479269d4ca95ee09517d7dedaf
SHA1 1a243d814aba2c5b0d36dbea7a9a454966279daa
SHA256 2062ad06f4ea7b79a3d89e0839f590c26cf59395116a378b68f414532fbee8eb
SHA512 e1029f4dc13a41e44b517920e03c97e20c4af9874b5f135246469073a10f5c031b493c9c693898c462ab0c62638c2d60f29b89f7045356cf343e643b98948a7f

C:\Windows\Temp\{315E96D6-881D-4229-95E2-90A0AB83B73D}\dotnet_runtime_6.0.35_win_x64.msi

MD5 d9f7ae6a57af83b652711426c4834045
SHA1 98d255aecdbfd1bae9ff533d4c7e5dbe5d0e1833
SHA256 af1319821632f2ceb79c61b4ca6eb53a6341fba295c02716418216857af7f4e0
SHA512 5c7db8c0617125deb27de37b056feeaeaf18585a12ad347a6e6c132ae438e1eb0f27180bc700bd8322e5d5a30e7cefa62b123e7b0b9cd85e1b8605c0b195be03

C:\Windows\Temp\{315E96D6-881D-4229-95E2-90A0AB83B73D}\dotnet_host_6.0.35_win_x64.msi

MD5 c06d2181660306ae33b8d5e37dd4e98d
SHA1 2b7f6a21bdb9e2414c3b13aa357c395512a86499
SHA256 d09c105d0c6e5d89d4e53499288135ff53aaac76ee1e11470ec1ae49cc4a485e
SHA512 96205082a1c94370d7d4da90c319a0d0e3af8fb53b2a33097c86a0d8ec14963745a940e38fb31b68394847aa80467e41ca1b5f83685f25b779521676dba1ea4c

C:\Windows\Temp\{315E96D6-881D-4229-95E2-90A0AB83B73D}\dotnet_hostfxr_6.0.35_win_x64.msi

MD5 d8beafdedbd946a6a8fc665af000ed79
SHA1 2bfe61eadb6172cb71cea0155a7304630b28b13e
SHA256 671e5ef4766cac4aa479e7445f52892d1807f63269bda8159a584c540fb56706
SHA512 2774d5a5158bce463819dbc2ddc065da502a1c6c75a800a815beeb028c95000263f42b6e6012fc979a3a5ac51b9027b231685739f7a0d7043178762b1602a9b0

C:\Windows\Temp\{315E96D6-881D-4229-95E2-90A0AB83B73D}\dotnet_apphost_pack_6.0.35_win_x64.msi

MD5 a5bb43b5847175191b799330f7409455
SHA1 07926697ee081e8fe999bff4ae27928aa2717e00
SHA256 adb41ce17141717018bbed70319987401d24e796ef0d129b4a2b77d017d39652
SHA512 f097d4b057b239d50339ac1806cb34dfb4aa82ed4ebd1827160953b184ec759310c17996f4c1a28d0103788c75b8807e37647d1f6c44e4cd107f90b206556af7

C:\Windows\Temp\{315E96D6-881D-4229-95E2-90A0AB83B73D}\dotnet_targeting_pack_6.0.35_win_x64.msi

MD5 ccbedc2d3d00e5ec38651e34c53e602a
SHA1 028a79260fcbeea167d6cd5ad13f48d368345c25
SHA256 a2bf0021c210422922728cee8d81eaccb8234f7945e8eb1e7c493e6700f6b4af
SHA512 0e5148a927e819bfcfb825e225b1efd47ede21c58f9deb23f863fa4a873d792743741b940b1535d6f0948a88c7cb23f3ecce96db1a8f0f1b206c4781176156bd

C:\Users\Admin\AppData\Local\Temp\Microsoft_.NET_SDK_6.0.427_(x64)_20241109212440_000_dotnet_runtime_6.0.35_win_x64.msi.log

MD5 2db00939337798165c27adc56e3f90b4
SHA1 0a2b2492e2313d594966277385cab1ad13952d5c
SHA256 948d31eca02022b057d319b24c5423f0e892146a5bb0d411960ba7b4c3b8b9a0
SHA512 56bdd91a79ebb5bed9d7daab6d83d42de24c90ae64f864090dc6a3e385114e01d6ab0f3e641798c4ec5572fd77652a04ea89e0fa1390462d29634ff493aafcc9

C:\Windows\Temp\{315E96D6-881D-4229-95E2-90A0AB83B73D}\dotnet_apphost_pack_6.0.35_win_x64_x86.msi

MD5 8fa6156de45cbff763495a2b6b653cf7
SHA1 e76ac6b89a29af407dabf713a470b96d71a52d29
SHA256 8345587c7c8bb023adb3709d62c144a6b81af3f15c356106f63edb133defe2a8
SHA512 b70edaa8a05f1cbf38d883c03b42d07c516d97690c1148e6aaa565c5bad405f0c3f562591d884cccec604ac931a764affee770e775bde9f5bed4aa17a5dd90f3

C:\Windows\Temp\{315E96D6-881D-4229-95E2-90A0AB83B73D}\dotnet_apphost_pack_6.0.35_win_x64_arm.msi

MD5 9ec3b20d916b1823a30037d30ca022b7
SHA1 6dc33f38b09004c68d833a58b6c8b48abdbd8cad
SHA256 60b4acd282314d0beea600ef269c82fdf4593c2d13e45721f2eef2ca68e6db5b
SHA512 6aee5e9bd9a8dbcf1c07e721c10c8be273e0211ba2b524623ba0b90ad987e616ac3c7c3738d3174abee0f2b25eb7fe68c84ad97a64e067fb6762e51c55b08cd0

C:\Windows\Temp\{315E96D6-881D-4229-95E2-90A0AB83B73D}\windowsdesktop_runtime_6.0.35_win_x64.msi

MD5 f81216716e35767b90250113a8a2895e
SHA1 ddd4406a5ece9ece971499b4d8455abf8121751a
SHA256 617d1e7c0f26454fdd7ca8ed9c8d8e0d427814eb8798e7c5d6b9edb516955f6e
SHA512 dc5c3aae3979d038ea927f6f09c29c53ddcbd4a595455039380a647fd84a69b6f23baf2190de88361ccee59840980ef52b526f8d2406a532de7771ec891a8f85

C:\Windows\Temp\{315E96D6-881D-4229-95E2-90A0AB83B73D}\dotnet_60templates_6.0.427_servicing.24469.2_win_x64.msi

MD5 4e50a6e50b83ae51b03f463ed165e838
SHA1 2b58b0c2689d0ba5eb626b9436ee403ebf51440a
SHA256 e71f2f46d882bedc64a5f5eaac80c4ede72310d6dcc065f64c26c9781d606e97
SHA512 d0ed817e3e8c27eca9cd170def5c69902ea9379c9c72b8694a247727113d81c736241fbc40e8e9fbcf4af6a4b5d78be70fff872971639da042ece31796ea25f0

C:\Windows\Temp\{315E96D6-881D-4229-95E2-90A0AB83B73D}\Microsoft.NET.Workload.Emscripten.Manifest_6.0.300.6.0.35_x64.msi

MD5 d916bdf52e1f05943fa26ecfc5975363
SHA1 d50cb269c1490d645ca524b6b4935d8c41899914
SHA256 861d8b6983e31d1e93d7a6c03c99a110e622b67e7faafcbd263c8a4ff3c00099
SHA512 659e0f25eaeaf65b92303396e228201e9abc650ee83911130bf4e59eab94820b52ff1c03c8bd1164691c099531dc45ba74bab0fe0e4d4c57f952ebd30d239125

C:\Windows\Temp\{315E96D6-881D-4229-95E2-90A0AB83B73D}\Microsoft.NET.Workload.Mono.ToolChain.Manifest_6.0.300.6.0.5_x64.msi

MD5 26565af76015155320a45f6fd3236069
SHA1 f207560ee9f31c1ef47ea1d568c6bd9bba8e85d4
SHA256 021a9a3e846c9085d5c1fc1c9fe13221ac5c25638e72706a3910ca2be618eca1
SHA512 48fe7f9b04350491c2e74cd9dc6dc40105aca34e0703f9d0cecaecb2ceafc514f00152b0fc23344aeeae01283d8b11c6b4f52a867691cac3163e1e4da7bef660

C:\Windows\Temp\{315E96D6-881D-4229-95E2-90A0AB83B73D}\Microsoft.NET.Sdk.tvOS.Manifest_6.0.300.15.4.303_x64.msi

MD5 f7a79532430e8158b65caf0c49588766
SHA1 01a3bde4142b08be95f946603fa37791d611e5ec
SHA256 f26c97754b5bda7cc4e4e9f27e3812586715925fb3d225db89e32c7abba6a922
SHA512 31e62ddf6e2b4889880731136a319e5e03dc65e7752aa1506212633c3d5766055c105150cb8ba5f4df0b54d427db5b0dc57f95b95d93941be3419a7252ff813d

C:\Windows\Temp\{315E96D6-881D-4229-95E2-90A0AB83B73D}\Microsoft.NET.Sdk.Maui.Manifest_6.0.300.6.0.312_x64.msi

MD5 f8aa09caa3258f8e0d7ca1d346fde082
SHA1 2426161615e09bfcb21b04b03c710b8e25157e6f
SHA256 ac5fee5e7e88b9334e2e30c4fe93b8fe4f827147d66abe2c997c46cdeb5abfe7
SHA512 6cd26d52cd3ce3c2cff57bda34d8d9637e5bbcf6ee675888a82735de5ff5ac61ad877daac22de2911b7574b0dd392335b588e0acc5032480b0788d6de8cacd18

C:\Windows\Temp\{315E96D6-881D-4229-95E2-90A0AB83B73D}\Microsoft.NET.Sdk.macOS.Manifest_6.0.300.12.3.303_x64.msi

MD5 776c57be624cf319ddec73537662ccd5
SHA1 767fcdee22887a5289ebed43d2786c7f23778f05
SHA256 f1d939e8a4c013bdddf35b46c47f22610010fca15eecde27cedb870f02a625fa
SHA512 3e95d0f0132073d2a98977f9a512103b23622199a275f4f602f6718967595d73ac681e70772879ada3f41b981a127e4f59c4dd888d0f75dba5905bcdf644d03f

C:\Windows\Temp\{315E96D6-881D-4229-95E2-90A0AB83B73D}\Microsoft.NET.Sdk.MacCatalyst.Manifest_6.0.300.15.4.303_x64.msi

MD5 094cf38baaaaf33b6747250294d58e90
SHA1 d9a186a218a1b434a4c45ce7306706bde52d1de7
SHA256 1190b705350d98644c7f6248494b28220443ef4c02ee9ba013dcdabbe2a0ea86
SHA512 8ccc81e44d28535b23942244028930a4bb926020ad06bf0cbb259c062896dedd34f7210d22e0bcde5591990bbc0a61309750d7af548f4ed27a0821c9434aa990

C:\Windows\Temp\{315E96D6-881D-4229-95E2-90A0AB83B73D}\Microsoft.NET.Sdk.iOS.Manifest_6.0.300.15.4.303_x64.msi

MD5 a73e4f4b41dd452fe44b5fb198daf3a5
SHA1 6c62877a38ce016bfc45e2a6e2d61af7f48d074f
SHA256 b2a68b443ecfce157ac64a4780fba6b6b2cc3b8f351429c5e741a39a3699de73
SHA512 c994c87885f8816ef8b182fe6d9208ac8ea8cbe18adecc7ee95fc74f640f0f74b1227422a8badd98ca4634a7bcbcfd5386a152c9d2ee146816fad20580b22992

C:\Windows\Temp\{315E96D6-881D-4229-95E2-90A0AB83B73D}\Microsoft.NET.Sdk.Android.Manifest_6.0.300.32.0.301_x64.msi

MD5 f9d9f76c5b7a2ddbb42f20d8d88bbed7
SHA1 b6cad644516b541f3bcb910a527ab14e79d584f2
SHA256 382434d14e2430330ae3fbaaae89cd57bb3f96e963f4f5591b4c685b4042ebb6
SHA512 5727716f34abbdfc308de3ce5c9d80d63c3b42018ab896eb26c138ad7893a0a42e27efdd1326fe57c6fc97be8768640e7e614a5ae506f941d4cf6362a78d0d68

C:\Windows\Temp\{315E96D6-881D-4229-95E2-90A0AB83B73D}\aspnetcore_targeting_pack_6.0.35_servicing.24462.14_win_x64.msi

MD5 46f720b7a97938ef8309489c4c82f89e
SHA1 da9ae75c98a6952fa4fc58b6f2b7c924bb29f58d
SHA256 7abea5591f3d0f80f95cc3132d9262c7b0e2bd4d8293ec1317aab79d99fb9046
SHA512 f82f2c7adec7e38436e3770d52f6172e9d633ee2af18339f493140085d4e0cfe40cd20ddd02e9775d5ff056837081b690320742cf3e438df1db4091278207e82

C:\Windows\Temp\{315E96D6-881D-4229-95E2-90A0AB83B73D}\netstandard_targeting_pack_2.1.0_win_x64.msi

MD5 a150f1729e20563b6f429ecc571874ee
SHA1 a9289ff03d746f6b9932f83eac4d99e333c9855c
SHA256 f33347617bfdfea2c8750e0b259f4c01105e319946dff418a7641628846d83dd
SHA512 90c8885193130d6d0b1c184bfd38137f487a2499373633c4afa069cc5c7697dc7c069ef84f71eb18e814fe8e3493e7f15732d5217715742912e2fde59b93ff67

C:\Windows\Temp\{315E96D6-881D-4229-95E2-90A0AB83B73D}\dotnet_apphost_pack_6.0.35_win_x64_arm64.msi

MD5 253ff78ac045489ac61b8e5d67162dec
SHA1 97e2240228c37c1acae1bf6e4a0439a32e7288e2
SHA256 d0faa2283ac20b0312a34861c048578b9df3a23c1624a0be473f97e711e741b8
SHA512 1a8686baa066de5e2581b20ef56204f59b0c7998c5e90b3a56bdd674c4656fc433deda026fb513c06beb821efdfe6cad043d7525e8ee7c4828853099ad9d0de8

C:\Windows\Temp\{315E96D6-881D-4229-95E2-90A0AB83B73D}\AspNetCoreSharedFramework_x64

MD5 6198cf649ab0117c21de84c0e321ff58
SHA1 663b78d6ab354743f4fd9ae1abcdd3cffc075535
SHA256 adf526635ac283be216bb2bc41083e8816856f0fc67ce374101571bccdab49ce
SHA512 968dd42728c83dcc75da88b817bfa4d9c658c52ea0e0b09330af2f6f5f03e3861fde2b61f0914d3142ac35b0234c3fdaf2f5146bf4fe52f87f22ad681492e45c

C:\Windows\Installer\MSID236.tmp

MD5 60e8c139e673b9eb49dc83718278bc88
SHA1 00a3a9cd6d3a9f52628ea09c2e645fe56ee7cd56
SHA256 b181b6b4d69a53143a97a306919ba1adbc0b036a48b6d1d41ae7a01e8ef286cb
SHA512 ac7cb86dbf3b86f00da7b8a246a6c7ef65a6f1c8705ea07f9b90e494b6239fb9626b55ee872a9b7f16575a60c82e767af228b8f018d4d7b9f783efaccca2b103

C:\Config.Msi\e5acfe7.rbs

MD5 8b3c02bb054fde0428a85438fa040f53
SHA1 d3fe97292055b34741a77913062c8b5e309cd087
SHA256 1140c87fe47b6bf58b971193cb6591527a80391c8e86af918c38c8bd4ce0c4d4
SHA512 3c8b791d96e08bfe4d44aadf5bb30d5e3a298389eb81131e56bf3168a083393faeaa52de28ba1deced8f69dc3f3edfdd2ad695ca8c13e6e54ab9011f571b9873

C:\Users\Admin\AppData\Local\Temp\Microsoft_.NET_SDK_6.0.427_(x64)_20241109212440_001_dotnet_hostfxr_6.0.35_win_x64.msi.log

MD5 822c4f602f5d8343475bb226915e738f
SHA1 ca0c3899ee3048737032557c8564cb8d59df7126
SHA256 e3022b93b58e4c48b2ee9214b0e6fe28413f9a78416ac209e4798e060e284dac
SHA512 c216455cea8555b876a49e27c659ba066045a8515043d1c6a8be01dea94cab90dba9f3cefaf25417aae8c0d01288c1bc5a63478fe53f6f27ee59c55907a407b5

C:\Config.Msi\e5acfec.rbs

MD5 6913dd0eb3081b6971e392c6322fb49b
SHA1 d79e2872a217b8eb7c4888efd5d1b902f67bfb17
SHA256 0fbc964d1e6546a5103481e95467d907ac7a64139d5ce59c87ac3e4b44c38f52
SHA512 28b7d978d7cd13430c2df0be53a10a6d0deb08b27e5d940e5750cda5bd04f81ac4eedf9e39d18266926983d4ef0d348a3cd3c76bcde229e2f9df3cb1597d3e54

C:\Program Files\dotnet\ThirdPartyNotices.txt

MD5 f77a4aecfaf4640d801eb6dcdfddc478
SHA1 7424710f255f6205ef559e4d7e281a3b701183bb
SHA256 d5db0ed54363e40717ae09e746dec99ad5b09223cc1273bb870703176dd226b7
SHA512 1b729dfa561899980ba8b15128ea39bc1e609fe07b30b283001fd9cf9da62885d78c18082d0085edd81f09203f878549b48f7f888a8486a2a526b134c849fd6b

C:\Config.Msi\e5acff8.rbf

MD5 21438ef4b9ad4fc266b6129a2f60de29
SHA1 5eb8e2242eeb4f5432beeec8b873f1ab0a6b71fd
SHA256 13bf7b3039c63bf5a50491fa3cfd8eb4e699d1ba1436315aef9cbe5711530354
SHA512 37436ced85e5cd638973e716d6713257d692f9dd2e1975d5511ae3856a7b3b9f0d9e497315a058b516ab31d652ea9950938c77c1ad435ea8d4b49d73427d1237

C:\Config.Msi\e5acff1.rbs

MD5 b9e05ad50c339d4d7f0f86810d83746f
SHA1 36cf98c0aa329b8dec226227f45975e2728d5ea3
SHA256 ee7e26ff9af73b947b5b8bc4f16aea1ea5439a67170080ed19f6603e62d01c1f
SHA512 52e11da6c41a794802e22a8c74fdd7eb77f452c9004a3f23e25f0cf71badde2bfd6762fbb31fbc1015ed3a949b864e7969e61a47347aaa626371c06f6c85d8ca

C:\Config.Msi\e5acff6.rbs

MD5 805a178f6d539f979fffeac8dd98357a
SHA1 773fed3da6673bf97dfb23fd832178ec9044b396
SHA256 629df2d3b7f7babbeb7e417a0ee0cd164b5fbeb4c446c6f78557d518ad4af380
SHA512 dc50b2a678445e2a1cedf8d2897e6e63b84f5b38ea60da236982c9d978d8b47717641e16c1d980b1af5e03f022c2de43cc453302b372642fd31f965be712fcb2

C:\Config.Msi\e5acffc.rbs

MD5 8f4dd1073b7431796e6d1c1ef6abdcc1
SHA1 163bfaf1c02d2e7dc40536039544426a761d6618
SHA256 f3a3a0834ed0a011dd6e178aa391300c28e5841d5ab5c5aae259f112372ae404
SHA512 3669b40d754828ab69770ec07093f07b762fa6849f77cae533853b43092ea2e2f2e47319741d4299535a57ec4b18511d4ab0bd1f06c5056f265b3bd8d58f1fd8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 dc8f35109dc28499e82655216077e39b
SHA1 5bb81a73190632ede4b2ba885e9552f71b10440e
SHA256 13a533a8bb3ad003cb079115a86404b9bbde82724253b7f9626a68d453d3bd76
SHA512 290829fbe9194779395bfa2ae192084a52f6ac1714737d03e2f4787533bc4b97996b1f7ca879f53b44bf0950d9f27e5aefd95a2b30788165a640dbe630607f8a

C:\Config.Msi\e5ad001.rbs

MD5 0973cc8f3f4a99119d48e290ec98f64f
SHA1 21e70c8a157540355da86655abb396f81893016e
SHA256 256906cd39864c644d9103891b2b59c9bc34e4a551553495b0711972be08daa5
SHA512 ac0e3922fdc60de797cffc8faf04cba8b26e9877e2f2100238f120e034b4dded76fa4c93c0fab489562df94f1452b9cb4175fe1932190f5ddd9be783ebec5dbb

C:\Config.Msi\e5ad006.rbs

MD5 3af5d859618161c87e7f783641fb5869
SHA1 62be0e55c04c0aab4519fa5732eac594189ed0bb
SHA256 2c98ce4d45d7f0a6c9350112e129a2b1a33efa1b471dad1d3ccdd42651771914
SHA512 e9c0c56a2b9d984941b5f8d1d95435d19b5e26d9be68cb7a3b84cfa5883b5f0b3e78a45d97d4b928a082508cba6177c7c237d45730f2d27a91869bd62914d72b

C:\Config.Msi\e5ad00b.rbs

MD5 050e97e90cd2500461c9a75beaed9387
SHA1 eb031aa9b93aa8922e2bcfd5673e62301352d56a
SHA256 0d07bc0ff0a8821bcd9b1834b125de3dff6225768099296722aba7c9ece30935
SHA512 c82a7bc589b8dbcb5321774a0acebd4584cc4aa0a5039b51767e7a75178303ae08f91487ceac7f72fe7da5d5304bcc45edbf7c3518bd6874f79b208d9b4c5c81

C:\Config.Msi\e5ad010.rbs

MD5 bc31e0d0583467e60aee1bb6be9457b6
SHA1 3780837fbafc6941d5c903324849ca71d2db4b16
SHA256 ad81e2f2d06190b7d95fa9c95da4dadded308aef9bcf3927262d0b1c6cfe936f
SHA512 4b62b134497aaa50830fecf1effd5dfb2f2f3ccf26bfdd1a2c23ed53c040d395ddfae479264e8bead9abd8763d584bd704e32754ed39b3fdb187d8545fa1b3cb

C:\Config.Msi\e5ad015.rbs

MD5 3ca71fc7d04b65598b559b6d7ace8be9
SHA1 2b489105945b887140474ffee3e92fe038f1e05e
SHA256 fb9cd12738e91770d4d7d7f09e920d0064b278823cd21719c89a45677758bf66
SHA512 6946658ccfca24ecc935e84f25551d7a705c91950bbe4fd6db9ef67a54355bfd66fa8feef501bcaa4aaff64bb893e141e770009643437861af32328fdad94849

C:\Config.Msi\e5ad01a.rbs

MD5 a365fd2e79c84e156ea1bf6f3ed3c6c8
SHA1 0cf03a19dd5c7e98a6442211b7d5532a57d3c086
SHA256 d210be41fa4ea3bff8bb293004646bd56704e082df2e826a591f139a66777dd9
SHA512 29e78f59722c6b7e21111442eaaaa7f74f0f5928b091ee3cd9c4622fcfc2d1b22491c4fe5b3d0a7f2ba3fccb88643a7a4b29cfcf4d7a07ae21145e129a2a5d5b

C:\Config.Msi\e5ad01f.rbs

MD5 c4e52639ee0c37cfa5cb20bd84ec9c04
SHA1 bf4aa7cbf140e1ba47de8abb7a3da7c4455ed4c3
SHA256 c0e8a522723b8c660a238f2f7c5700c011d784fc4e52822af1323968e0d23421
SHA512 d7c3b7591a2841e5482284437eeafb38ca5f9a80a8cc147f5fd28a0e968c15fe9554f2675eb29352a3e754ddb1c8a4f173e31dbba4ac4f0ff4c85e54df743eff

C:\Config.Msi\e5ad024.rbs

MD5 bc7026e9d63683b31c3490a59ce861f5
SHA1 dd22868dc342a3fd28f6da59829014c5617bbf36
SHA256 4fe576adfe33e9550b900ed765f4855479c55659eb3647ca0932ea6ef3eb7d10
SHA512 a1fce896308bbcd5493215175493eb1649843e0dbbfbfdf6b5ab0cf62d76f7b1040fec530a230832030afe684b23d3fb0d0e25516a4b5bc07b4caf3f79c6ec4f

C:\Config.Msi\e5ad029.rbs

MD5 19f34845d7d84b17a57142d5fef29744
SHA1 4e84156a2372a8bcfae813eb07d903665d8fb665
SHA256 130b7068adb89a241cbf6dcc0e247b088acccc00b19e192f3563a2c99f1dcccc
SHA512 d081ac7cb3713c6cf636d46c20b6e11983f82420098065018bf3b90e81d7d022fae265de23aee03a1ac7d91d58736159a8ea18d05d874f20ea14166f20bb4917

C:\Windows\Installer\MSI1939.tmp

MD5 d711da8a6487aea301e05003f327879f
SHA1 548d3779ed3ab7309328f174bfb18d7768d27747
SHA256 3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283
SHA512 c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 572a2b08954e543456907a1181388d65
SHA1 348a8c5835431f2b4d565665f92f0eacecf268ee
SHA256 05a0d36849c038d66dad1ab1995859b0dc0934bf37aae473b6c3fe08a3550c2f
SHA512 f1d5b7517ca6543d45d48b3aacbbe82ca2e75b1f140300f63842bf24c282ca7f55c1bc710300ed549f196ae1fdeb69c42127adb379b8e02676158eaa8edf4ef2

C:\Config.Msi\e5ad02e.rbs

MD5 ab5e19460ff6ce1a3871993bd0ccfd85
SHA1 b797944214c2e2c2f84eff7871454f5d6e77d8ff
SHA256 0e9657a38f11f8d7a1669e17b4c7639424de9da92275d3f07bc9e185f093df7c
SHA512 e4420d7b6e8ed80be0c9c86f2ea8d31d19fec928fbbcbfa44f52104b4374ced58347b40b58e8fd8e534b239f0d273f1b61cd70f95deed38188c52f9a683cf1e6

C:\Config.Msi\e5ad033.rbs

MD5 6ffea9e89f7347b628b04e52ae7a532e
SHA1 6edbd2bdd312c44fc6ec0904792114b7403b62e0
SHA256 9c5fdbbd1dbd53d342ed71fd6eaa3098a67889b4d05638a3d65a16ea3cedda31
SHA512 7b5411d717b094f307083d794cdb1daf14abb0c37ff107c6fb220b0e5c8c7e9fdc3c66c6b59e94baaab6fbf44ba4f58b44d8370048138b577baecab4461c7b53

C:\Config.Msi\e5ad038.rbs

MD5 e7c66f1e40b236a50009eb946624cd41
SHA1 d05e651481ccbbb9d2924031ebe8b5dc7c9f936e
SHA256 1ebbde69ded880e18ef50f959186a4f402b4e562105e8a5953bab908704e660d
SHA512 e4a22a8600d355aa220041b45b472f0046e06cceedeec5a29bd94db25dc13ff77225b60bede876cafa12f2c4492779eac46b13d35b8f93be3d1653373354eb92

C:\Config.Msi\e5ad03d.rbs

MD5 19d4fa5aebbe9f079839804932c3ad8f
SHA1 4fbee3cd951b13d1d4d3d3b6b6c14c98849e0c46
SHA256 ec7f2156c063f3b90f79e97d76b5c15b8cd33b342a32b4094ce1d2ff0228adee
SHA512 7d02b5576d28b013774e315b2ee0fa55cfa0e1df302762482f6218950ae0ba790f16bec1173032962baada8ac910b6f434707e6e351cf9cfd99036a515a229a8

C:\Config.Msi\e5ad042.rbs

MD5 1a2901d0cee5d5ac68a1a4c1359e228a
SHA1 62c1291beda5fbe2fcd25c5f8aa6dba3a50e2693
SHA256 affeefbaa3f1ab8bc7c4f1f650740cfb3b66f9788040e38c40635c6711c124c6
SHA512 636dc685056aeeb5d6664897ccf2a3dfda9559f65a433b9197d021fb089ee4c05b3a031fcabae165243da6262d40ab4c417475eb2c31d47be95ab729462ff794

C:\Config.Msi\e5ad047.rbs

MD5 552f25b86d1c6baff69a45bbd3dd367b
SHA1 bf6930f0ccfa8d7478c625df845278baa013dedb
SHA256 4b8b091185215cc6ac51c2686a5c582a84972ffe2d885940d4f32a8a60c150cb
SHA512 50a15e9bcff4353552c83d273ff39d58b665bd06fee5e40d5427e19779d41cab09c5ab5832b6f2f93d55e2e35b64330a85f8253a23b7e945805e40a8f40b2d8a

C:\Config.Msi\e5ad04c.rbs

MD5 24e6a83dd509d1e1ceaffa91f3cbe101
SHA1 46f24bbe9b141a933bc056a796fa832ebf001eb3
SHA256 e7e02baba0b5cf3e1e5018269646393b698eff44827ed2ee1869a3b09df7a9a1
SHA512 887fb75dc03e4d50822d431b02fe92d4f127286c143a3026c6b9e6a92d3d610248370c15398510a01cfe123047f0630d6d968ac67010effb6206872798341832

C:\Config.Msi\e5ad051.rbs

MD5 9971fa64833573a91b03a3151260b0b3
SHA1 6a2a5c1667615ffcf84f7d7e05dc7fd86872e0d2
SHA256 6a3d83cca26e41b80ae297c5e5911e3d6700cf5678e5d40fc473a8b9fe593aad
SHA512 cb7978a7497f996e2267dcc93c365d565ecc8cadbe86a8fdd6bc3503e54b095aa7ed1069e75684830f0dcd3936b26c88a11937d6f6f26b38bb50a23a15697c55

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 02deceeb4415fec7acf0831b17b6de79
SHA1 e34f7d48a78e428a357ec13d0736762fec3c4412
SHA256 e5a1356324354d894ba33d885abb13dc6292444fea583497594cb999b2145fc1
SHA512 700e23b3055e597408ebeb8796cb469b3fd3dafe5e63e6a79e7f8c32abfd0a9401ecea265a5952197c4847342aea5f29f8fef15c6ac2683b039dec076da4b52b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f1ed52fbf81ab05003fc66d0dee2ce56
SHA1 59077c3ee3b20fea101afcb78c4ee3c5211eb790
SHA256 795e156191809cec73bd0e6eb1026162a08f25dfb1ff42d80bf47cc55bdf1af4
SHA512 021f0de84942785ad723acb9f5838892e3044e34f6ea07f379aa374a5f7bc11c816c0b006540c87c95b09e891633dd6b1144e305607bb629b44ac87a537130ba

C:\Program Files\dotnet\sdk\6.0.427\TestHost\testhost.net452.exe.config

MD5 b0d3eb198fba676352e90e9ff7f48ae9
SHA1 f2065f68a58152ed774726d14a60004e86026416
SHA256 1e2ec47aa9fe319ad598a2e6306f25f75b9fbb6edeee86a912d7ef5368c55478
SHA512 e061022562747f25cc9d60a1f98e3296e98e3930ebc403cafc4c1a743f59bee2c3858daafb9bcda420392c271310a345d204fb2059e846ae163f994b2898ee10

C:\Program Files\dotnet\sdk\6.0.427\NuGet.CommandLine.XPlat.runtimeconfig.json

MD5 a8edcc4a01d77b29f655e77e53a2630c
SHA1 0dc12229ecde9cb17bc9758985c669b3467895ae
SHA256 9f7286b0762691c4589e188731b86352b3b6ebb9198597005b56b2e9c09a47a8
SHA512 b0f23dcd74dde456337ba304337a6842bd4fa5a7a557fdcb553f70d384b040220c263edf40619f031a0f33a9709ea1d393ed96a2dd70643405d035799ca78b9e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1c760bff218f315f3c07a0d36a7ba675
SHA1 ca135e8b9dd43ed943bbb927b76eccf6e6ab1170
SHA256 34fe8bca766ae57e30517fd0b1d3d3460a0a44cfb05adecea2bf8de0c34b27c3
SHA512 79173c99b86502e01650cd058a6da88d2025f6a8e77e8244c3cbd346b68e627c46ef44ef6a1664c72ad3d000da2da5e5ac57146f1e4207e29e9742244600b695

C:\Program Files\dotnet\sdk\6.0.427\Sdks\Microsoft.NET.ILLink.Tasks\tools\net472\System.Numerics.Vectors.dll

MD5 aaa2cbf14e06e9d3586d8a4ed455db33
SHA1 3d216458740ad5cb05bc5f7c3491cde44a1e5df0
SHA256 1d3ef8698281e7cf7371d1554afef5872b39f96c26da772210a33da041ba1183
SHA512 0b14a039ca67982794a2bb69974ef04a7fbee3686d7364f8f4db70ea6259d29640cbb83d5b544d92fa1d3676c7619cd580ff45671a2bb4753ed8b383597c6da8

C:\Program Files\dotnet\sdk\6.0.427\Sdks\Microsoft.NET.Sdk.Publish\tools\net472\System.Runtime.CompilerServices.Unsafe.dll

MD5 c610e828b54001574d86dd2ed730e392
SHA1 180a7baafbc820a838bbaca434032d9d33cceebe
SHA256 37768488e8ef45729bc7d9a2677633c6450042975bb96516e186da6cb9cd0dcf
SHA512 441610d2b9f841d25494d7c82222d07e1d443b0da07f0cf735c25ec82f6cce99a3f3236872aec38cc4df779e615d22469666066ccefed7fe75982eefada46396

C:\Config.Msi\e5ad056.rbs

MD5 f27f99eaaf055ba5b393a3208f85a597
SHA1 686ce2465e50d2296c52fbf2b13ceeb59194e6cb
SHA256 48dbe0f19e81af79264ccd2870d1126661cdb5f6440245fc78469c6bb0da3e91
SHA512 6771171c4fb7029e5d88797938db900aaaa1720f8e8d0e9cd2dc092d034daeaea6c27bdcf22f3ac3761abdeb267dc0c93d87c1353740c8ac8ea8aaec9d7ce65e

C:\Config.Msi\e5ad05b.rbs

MD5 60e19b39bb9290c6dccb9b14c390fc4d
SHA1 1a63dd6eb5a3260ac67a5b60e4e765d76686e690
SHA256 5f90612d13b9da1b1a6bd258112a334137820d3eb685478ce5ecfeb38a8352d2
SHA512 618f83b8ffa5091899d600302808231107f9afb01cf8b222a0098d3eaeb53792aa8aa25592a9b3b3de67d7514a7a3d6255bb42c40ec9fe447c85a3ab983b8a90

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 20ef937df0fd5e7177b6b9a2a0f47c51
SHA1 845bf77553c6c6250ad68937fd68736c850cd7b2
SHA256 a533acf2f4ebd9fc91c2190c1e04cf0c0a1724439e7c288d40accd696cd84f4b
SHA512 9f520eb056ccd65865e0f9e36f840b50f0dc449ec4a3b9cee0cc0b0f404f0034123e52d444167a3cc615bcf36fd375d1364208e46da66e01c24d90bad32230cf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 666fa93472e4a7c51728f83fce5ec318
SHA1 44b6558852e6f3d6bd9be3ff4bc3f3e06860331e
SHA256 1bb1fb2fcc757830d4208c45c2ed39a81db6fff959fce774fccb1f74e2b9ea05
SHA512 671c8b29e01c456e9facb75e17eeddde70e9b40f2533b86b71578d31e54ca027f56313a4154e7259f9d77ce9f67fdfbba0570596c7a27c6b5bb065380276d529

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ff7a6c6f31e902d7930bc87c0f479afd
SHA1 ccd59961610759486c952356f925d3aafb00955d
SHA256 55650e25140f5dde083789b4aaecce6c9456eae3f8bf8c2ce9862921b844f313
SHA512 134e99fa8debb1db64a40d4f5d9d1f7b768c45b32a67a915af58263106baf0d5624493c2dd7c3867a2e5f341112d9ed6fdedb9daada8f845b6a1a894508a367c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000045

MD5 9463dbcd56592028debc45a2fb3a1710
SHA1 63861e2ad09cc0bf3b053be9fbbdaeb1b0630168
SHA256 0c09deb9ab5273ed9f069cea7da31c2a2aa4ae1a2cbfd4e98567c9b2ffd63a1d
SHA512 d21240d494c1630c4cbab8e668caa19c7d010bf2ff134e71cf39c42958305a63f54df27ca3ab4a26a02da68ecebf19acc5e7a99f4f05d9503d97c93c548135cf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 36fb7370f8cf9329a166c81776e32177
SHA1 9833ab8a5acb02ec29d0e70f00233cb0e153ffef
SHA256 ec36bec2a5a30594f9e9a7f1b3e6dd20726d3c22a0a44968c7fe9118c03b45bb
SHA512 6d35e4a533504f1d9e79a759f23bb0fefcc74a607d3381debb8468a628577534ce47ecc150056c86b20e867c3a3286cbc336c0cec2738382d9f499418ac8fe9c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ce2454bf892e7f16a38bfc0c5a62ab89
SHA1 158ea98346813b59fd8354877cee28a072130bc9
SHA256 6f0f8df07d48dacdf0b017aebd0dc112195050939515c319bdcf71ff81cb6e2d
SHA512 e5ad0d4e680e1c9ad857047c6969d7bacee150b0b0e5c23657db9ac8caa97efcb9156293074e1fe493d07144780eca5c10136bba7d80ac2d9f408cd48a0091e8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 575e321cdc7ca5a7dce804ade639adf8
SHA1 df4cc0b86c5fc86666f95d9a23f816cea757b599
SHA256 2d4b0d6277092d4a1a0bc2e7fd3a878bb1cb52ff7b1faac1493453c3d039077f
SHA512 5e15042efa36c320c7e06e89581bbfd22296b2b2f1ce523bc8d7127ffc749579172fe9973b71573e724c89fe92ecbc940d2ddfd47b47fb7b647aba51aca9db53

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 46e6ad711a84b5dc7b30b75297d64875
SHA1 8ca343bfab1e2c04e67b9b16b8e06ba463b4f485
SHA256 77b51492a40a511e57e7a7ecf76715a2fd46533c0f0d0d5a758f0224e201c77f
SHA512 8472710b638b0aeee4678f41ed2dff72b39b929b2802716c0c9f96db24c63096b94c9969575e4698f16e412f82668b5c9b5cb747e8a2219429dbb476a31d297e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b06ce00a-5668-4f27-9724-009d9735213b.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 fdee96b970080ef7f5bfa5964075575e
SHA1 2c821998dc2674d291bfa83a4df46814f0c29ab4
SHA256 a241023f360b300e56b2b0e1205b651e1244b222e1f55245ca2d06d3162a62f0
SHA512 20875c3002323f5a9b1b71917d6bd4e4c718c9ca325c90335bd475ddcb25eac94cb3f29795fa6476d6d6e757622b8b0577f008eec2c739c2eec71d2e8b372cff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1e3d76abd5ea72ec7698b03c3ea01e15
SHA1 eec56cbc457b8d77b21887459d841a5dd5d5eacf
SHA256 859cff79270f3399a49f1b6dec25935c1c3b1376340b9509c1b9f4e20991a402
SHA512 b50b25934a5a56704c387718700716ac51f03da118d91a75772aa139f759db99b22db05cf0a2aa55f06e8b06781c10034f3e3182499644d1efe59cafe896abb8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 123996f71190a915419b1fd1ea4de8f9
SHA1 f4d68a36f2275adae9e71ba4a66fca4a01ea56eb
SHA256 fd57c4782e041566e425897bc28e864aafeb6c15a24c647ab69fca0db993519b
SHA512 88ca9bf636cd013f06a7350161248cda2dc95b24ef61a0e87caa744e22c075894c96e6c8003385d7c8b2e49d7352169182fa7c414a38021bff19d58129170b73

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f4df522de9c2e547d805430b549ad317
SHA1 97b0f7b346294d9108ea1b14b38093f91b242c53
SHA256 5418360b8004dcef57543d616a2162e9ee7ce81cf1b4851b8247100e6946b36f
SHA512 bcc9a02cd14efe55847b7cd3fd80b51e9e57e4c00b0b74062dca7e2438653e3f2c18802bad3b26484990bb7b409a9387334a549998482d6eeb3cf8ebd2294519

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 faf560e2ec35703cf5ef89dacb96bb4c
SHA1 69569e7a793e413a4f9718e05a36217a5fcd9add
SHA256 0134920aff16cb2227cc1eba58ec9e1567faf8cb693bd2c7162255b922214b8d
SHA512 df909fc329ca453965ec83dd516345f855176f0ca62063e76ac4772b7a63c33cf9db8ec8b3d9d6dc25c792c0584cafcc61f131aa71d54c457cc99f52bc86fe1d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5fa2e90b9b99161702559e8d9851865f
SHA1 dd501e79b565fdd9f5680bb58d0f83624b68061d
SHA256 393effd41c772875680313bdc628fd9a710d1651392b6a52dc352698f2f10ed7
SHA512 d8ae9a7c963ee69fac0e6e03d2caeeacda9e27e629b948808b561ac01b8eba9685914585ad88738a1c6b4868db88111273e854542fef2ccbef61cd4685ddab5a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e41fcf0a0cd894ba42470726640c3e3f
SHA1 870d81b9fcce7d01dd142c0a356c55bce3c91a64
SHA256 4560b00e1c5bd47c6e6143fc4b7a40f55964cbab93cc7023ff5f199574d294ee
SHA512 a71d69fb7e3fe57dcea1562cf6fc9820b427bad9edd5e860a01d7a41684526d35c7ab4cacada567d4066b532e31b3dc5deec237604aa170e1e5744a13c701bb8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 9f141d8e3c70f1dfbab1045095880e01
SHA1 74ec489f4b739471823fd124d4623516db4aa82f
SHA256 47de9fec9ccdf21385a4bc80de6d1dd541645d50dcbc402c77cbc85e3e732ec4
SHA512 398225d88241e22b8ca49dac34d983c392bbcb4f72a597b16e3be337802dc4f163181c852c1dcdc1372d7a45f2456082dadd9da70dc1f3f6ba69d97d197a9a86

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 00de88f288a17663a922fd267f3e4a45
SHA1 34cd50c50169cf48cd447bcd751f9635ac894196
SHA256 5b2244028924c17e8f193d272d891b8007e1488226496c9321f27465ebee19ef
SHA512 8775804f9826ecdf8047a6c9e509573a853cc7ef149bb10d23907b0e276bf5c2bb14e388588966260de303a41c7f50a593767c4151fcfd8a795f010271941089

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9b939349-46b2-402a-b39d-2c1b2d0115b3.tmp

MD5 304d47e7d847b9c46e6e521fd477fb7b
SHA1 a0c6ac5e6afd76ec0cf82c333e6cd0e63da5c572
SHA256 325c0ad67be5b5b4a74f3fd8aaab0f3028bc829c251551889b1b4ebd1948ae90
SHA512 e68500d083ea818be06664a2ff02b124ceadf5d839a91548e0567e30faf871488cf97f05c1285218734ccf82036529899c0a5a1780cd9f6911e1472bec10ee01

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 45fa36d5d03a1bc5cba948ae126f70db
SHA1 5729d7da312d60cc01729d0f30bc4e227b49032b
SHA256 708da47bae5e485dc80de546da7c372c4ee709c127f02eda62c304894f90babc
SHA512 5528ab054d2baf7b2ac4f6ba04e9eaf208ee2068dd544481ac008a1fdcdb9d16943fd40f21cae1192c4f848a1c6def054497cf9cba9861941448276e989d1d16

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

MD5 5ad67628093b90d7b09f19fea57ebe1d
SHA1 c983290e8692fe0d4a5a6f7354c27ad4c61a0221
SHA256 4c79b51c58fa56da28c18b94f01cd86596fcceeabe3f7e624cfd355bb966b63c
SHA512 77831e58cad399009e784dca517836ed2a27237890f5ab63dda6409b528952313c33f76b689076162f239d3de2da1aa96d369c19a3a328da431ce712642574b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 90bb75432e88c703469a3b4a1b6ac3fe
SHA1 5711ab7339153a6daabfd43b71d73fcb09be1611
SHA256 6522c5b2c6b730e2c16c2e3b0d623b36aec0be9a1158504cc59fa4a12da056e1
SHA512 beff67b3189270f71ea447ad5379a3b5c8873a8ec5f699b8b007adf02bc1d0e86a76b8eb8de45489361dbb0b560c2a10ef64b6c70748945ef50e2a7180614a79

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6b4443639aae0a25e09f0ea0ba257a26
SHA1 1598405281f621d091b4830d5e3d94b43708cc7a
SHA256 f92cd4c19704b5816bf0d3c734839c46e79352e78e6a242ceb8198f80c02ccba
SHA512 04440c8b1193b9273a25b71f97b6fab604ed04b5dadf9e2918281f95d628b8a4a25f6a90bb270b1b928bdc5c9ab619c9368d3a32e534e073a4f70bb4d05a9145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6c9374a05f30bce5840d6b3a9cbe8526
SHA1 9a419a3d719c90f5a6d8c063ad15f913722ed303
SHA256 dfecb1cb09cda5b41465c44a2d1b432b4f4f044208013aab97e4a8cc37f3a180
SHA512 15d3dd2dc6f9b13f89efe2147ca03e1409335eff1c2a2b16870651bf5f4691816166bbcfd02552d90f3ff1b7cbaf78cb0de31ecc0d60c216a685f95ca904a17a