Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

Xbox Achie....1.exe

windows10-1703-x64

8

Resubmissions

28/12/2022, 22:15

221228-16b2vsbg53 8

28/12/2022, 22:14

221228-155yjsbg49 6

28/12/2022, 22:11

221228-14aq1sbg46 8

Analysis

  • max time kernel
    300s
  • max time network
    302s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-es
  • resource tags

    arch:x64arch:x86image:win10-20220812-eslocale:es-esos:windows10-1703-x64systemwindows
  • submitted
    28/12/2022, 22:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Xbox Achievement Unlocker 1.4.1.exe

  • Size

    2.2MB

  • MD5

    b31e4faa516447ada1d619b228bba545

  • SHA1

    1ae515c22cf51f10dce259c69456788bd3c64ca7

  • SHA256

    e6555cb6c0d1fe378fcbded709d1b4bd063fdb6a5c130b2572c00893a130ebd9

  • SHA512

    1ff2921966137b3c9ace78eb1ca2b26d05e22827d9f39ceb9f5b02c38490e9acf5faf91c80a76e7afac65dcaf3bc69dedae66bf240f5c0a29c471b2a8d59104d

  • SSDEEP

    24576:KXpb1zoC9C8jG254xWLIxJULeHA62LASkG4ZjPSduVNTpm7PppZy6o3qB7jW5JMc:KjsC9CMU6AA6PvAo3qB7jRtBohaK

Score
8/10
microsoftdiscoverypersistencephishing

Malware Config

Signatures

  • Downloads MZ/PE file
  • Executes dropped EXE 3 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 9 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 24 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Detected potential entity reuse from brand microsoft.
    phishingmicrosoft
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 35 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 3 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 9 IoCs
  • Modifies registry class 64 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: MapViewOfSection 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 7 IoCs
  • Suspicious use of SendNotifyMessage 5 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Xbox Achievement Unlocker 1.4.1.exe
    "C:\Users\Admin\AppData\Local\Temp\Xbox Achievement Unlocker 1.4.1.exe"
    1⤵
    • Checks computer location settings
    PID:3852
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
    1⤵
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:4336
  • C:\Windows\system32\browser_broker.exe
    C:\Windows\system32\browser_broker.exe -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • NTFS ADS
    • Suspicious use of WriteProcessMemory
    PID:4628
    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\windowsdesktop-runtime-6.0.12-win-x64.exe
      "C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\windowsdesktop-runtime-6.0.12-win-x64.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:2328
      • C:\Windows\Temp\{DBF3D89E-6B90-407A-AE53-61B9726B5215}\.cr\windowsdesktop-runtime-6.0.12-win-x64.exe
        "C:\Windows\Temp\{DBF3D89E-6B90-407A-AE53-61B9726B5215}\.cr\windowsdesktop-runtime-6.0.12-win-x64.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\windowsdesktop-runtime-6.0.12-win-x64.exe" -burn.filehandle.attached=524 -burn.filehandle.self=528
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of WriteProcessMemory
        PID:2804
        • C:\Windows\Temp\{D4B61B39-F465-49CD-B45A-EE2A6B45E864}\.be\windowsdesktop-runtime-6.0.12-win-x64.exe
          "C:\Windows\Temp\{D4B61B39-F465-49CD-B45A-EE2A6B45E864}\.be\windowsdesktop-runtime-6.0.12-win-x64.exe" -q -burn.elevated BurnPipe.{087CB7D1-7B89-43DE-9512-8599AF6E5F58} {1DA99249-F3D6-4169-B53A-CC0F1FFC558A} 2804
          4⤵
          • Executes dropped EXE
          • Adds Run key to start application
          • Modifies registry class
          • Suspicious use of AdjustPrivilegeToken
          PID:5024
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4344
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    PID:3752
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
      PID:4928
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      PID:4744
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      PID:1316
    • C:\Windows\system32\msiexec.exe
      C:\Windows\system32\msiexec.exe /V
      1⤵
      • Enumerates connected drives
      • Drops file in Program Files directory
      • Drops file in Windows directory
      • Modifies data under HKEY_USERS
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1596
      • C:\Windows\syswow64\MsiExec.exe
        C:\Windows\syswow64\MsiExec.exe -Embedding 5CE746532957582655697719F9610873
        2⤵
        • Loads dropped DLL
        PID:2192
      • C:\Windows\syswow64\MsiExec.exe
        C:\Windows\syswow64\MsiExec.exe -Embedding 25C5E539F51AF531F548FA4218B9DC5D
        2⤵
        • Loads dropped DLL
        PID:4500
      • C:\Windows\syswow64\MsiExec.exe
        C:\Windows\syswow64\MsiExec.exe -Embedding BB8DE8CF62BB21029F1BE01AFE43AE56
        2⤵
        • Loads dropped DLL
        PID:4968
      • C:\Windows\syswow64\MsiExec.exe
        C:\Windows\syswow64\MsiExec.exe -Embedding 9DFA19B876C0E2BAD56A5774E8C4E783
        2⤵
        • Loads dropped DLL
        PID:2416
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:1704
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        2⤵
        • Checks processor information in registry
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:4556
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4556.0.912663281\2102965305" -parentBuildID 20200403170909 -prefsHandle 1512 -prefMapHandle 1504 -prefsLen 1 -prefMapSize 220115 -appdir "C:\Program Files\Mozilla Firefox\browser" - 4556 "\\.\pipe\gecko-crash-server-pipe.4556" 1624 gpu
          3⤵
            PID:4424
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4556.3.205892013\586991034" -childID 1 -isForBrowser -prefsHandle 2200 -prefMapHandle 2192 -prefsLen 156 -prefMapSize 220115 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 4556 "\\.\pipe\gecko-crash-server-pipe.4556" 2356 tab
            3⤵
              PID:2804
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4556.13.1031442074\697481286" -childID 2 -isForBrowser -prefsHandle 3468 -prefMapHandle 3464 -prefsLen 6938 -prefMapSize 220115 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 4556 "\\.\pipe\gecko-crash-server-pipe.4556" 3448 tab
              3⤵
                PID:4948
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4556.20.1350046477\285742236" -parentBuildID 20200403170909 -prefsHandle 4376 -prefMapHandle 4396 -prefsLen 8538 -prefMapSize 220115 -appdir "C:\Program Files\Mozilla Firefox\browser" - 4556 "\\.\pipe\gecko-crash-server-pipe.4556" 4840 rdd
                3⤵
                  PID:4024
            • C:\Windows\system32\AUDIODG.EXE
              C:\Windows\system32\AUDIODG.EXE 0x428
              1⤵
                PID:4344

              Network

              MITRE ATT&CK Enterprise v6

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\windowsdesktop-runtime-6.0.12-win-x64.exe
                Filesize

                54.6MB

                MD5

                2f6601588695b2dc2d2f6dcd1c1c55f5

                SHA1

                5ba48036da7448858d1f7e36f2e6d04c074572d0

                SHA256

                39072097c2f6a8adb0a989e12a8d850cd04285045470173a64c2be66c211792c

                SHA512

                7a827acfb4c982b05734db73a1e46f8f50536bc34e9b57abff46e5b907adf5dcf67331764cbe17ba17a1bf9dcce598f7c88605bf3dbed7111ad5a1ef1bcad42e

                Download Submit

              • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\windowsdesktop-runtime-6.0.12-win-x64.exe
                Filesize

                54.6MB

                MD5

                2f6601588695b2dc2d2f6dcd1c1c55f5

                SHA1

                5ba48036da7448858d1f7e36f2e6d04c074572d0

                SHA256

                39072097c2f6a8adb0a989e12a8d850cd04285045470173a64c2be66c211792c

                SHA512

                7a827acfb4c982b05734db73a1e46f8f50536bc34e9b57abff46e5b907adf5dcf67331764cbe17ba17a1bf9dcce598f7c88605bf3dbed7111ad5a1ef1bcad42e

                Download Submit

              • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\windowsdesktop-runtime-6.0.12-win-x64.exe.p6nrt4p.partial
                Filesize

                54.6MB

                MD5

                2f6601588695b2dc2d2f6dcd1c1c55f5

                SHA1

                5ba48036da7448858d1f7e36f2e6d04c074572d0

                SHA256

                39072097c2f6a8adb0a989e12a8d850cd04285045470173a64c2be66c211792c

                SHA512

                7a827acfb4c982b05734db73a1e46f8f50536bc34e9b57abff46e5b907adf5dcf67331764cbe17ba17a1bf9dcce598f7c88605bf3dbed7111ad5a1ef1bcad42e

                Download Submit

              • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\E763EBEZ\windowsdesktop-runtime-6.0.12-win-x64[1].exe
                Filesize

                112KB

                MD5

                c6d4f099850832197e993c1c08c7ef1d

                SHA1

                3f9f5effd16f02786db218737521836c826e3b9a

                SHA256

                0dc7b81bd6eda332bfb155ae37413df74c586ddd3367d31227ce12a47a9d768a

                SHA512

                55b3fe71857277e77e0644f139659ede4a208636599df27b25d81fd7b5cb9ce19b6a4ca582b3d662423f24c05d44368f051cb45ee3157d942e35886100ea2403

                Download Submit

              • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\69C6F6EC64E114822DF688DC12CDD86C
                Filesize

                779B

                MD5

                d6fd968ad12be8b6712bcc2fcb9b182d

                SHA1

                2877a105c623fe90532435dd82885722ad614589

                SHA256

                f8fc85cfab6b17c60e0a72fa05770b45f2e0b289c7736657195660d17e64f122

                SHA512

                309f7775bc3ab7786001699a51bb19db6229fa545006edf25d1774f3a26272cf68df00bc7271520f4a7fb511c4dc0b4b66ea01ab2bea9998708698d7a3b42adf

                Download Submit

              • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\69C6F6EC64E114822DF688DC12CDD86C
                Filesize

                246B

                MD5

                e649ecf01c94f0d49e5a7cb25a0ad162

                SHA1

                746ef5b27f53e49aaec8a264b1db4ac0a282dd48

                SHA256

                6f3136e5c956ae575e5e25ab0e682f8baeddcb297686327af3130596ba26904c

                SHA512

                066fabf9d50d33393f7e8af027420f2494c8efcdf60dc07bc0b949a9e62c4717c1c00ab990686b045fd84233afae548bfa1aa323a05b4636038e6f576f273264

                Download Submit

              • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\Windows\3720402701\2219095117.pri
                Filesize

                207KB

                MD5

                e2b88765ee31470114e866d939a8f2c6

                SHA1

                e0a53b8511186ff308a0507b6304fb16cabd4e1f

                SHA256

                523e419d2fa2e780239812d36caa37e92f8c3e6a5cd9f18f0d807c593effa45e

                SHA512

                462e8e6b4e63fc6781b6a9935b332a1dc77bfb88e1de49134f86fd46bd1598d2e842902dd9415a328e325bd7cdee766bd9473f2695acdfa769ffe7ba9ae1953d

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_6.0.12_(x64)_20221228231721_000_dotnet_runtime_6.0.12_win_x64.msi.log
                Filesize

                2KB

                MD5

                c49e079d8e69bd364df71219f38d5589

                SHA1

                40bc96fd1bbe3733b2149579e09843b9c253c2b1

                SHA256

                4ce8a58a1521700b45314a7b06889510afbe07725883f6b3f3c2a1f07856dcd1

                SHA512

                be38c585ecd131ad84b8b4bb713ac22d5e64adabb76c1208cea5eed415d3476adc139f2a63311829a729f10bfefbbc942027f79f6a3a3d3f77bcc4a9b8a2cba4

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_6.0.12_(x64)_20221228231721_001_dotnet_hostfxr_6.0.12_win_x64.msi.log
                Filesize

                2KB

                MD5

                e91fa4f0b5e85d66fe3cc232c3dfeff8

                SHA1

                4a30fbdfefe51dc96e175abcf5b2f5a02860f83f

                SHA256

                fde9a14d88fbf57163862830bd390f00adfc6077bc10da605862569c32e15070

                SHA512

                07171007707dc9dc3151363b4cad412e43dec68913135a85ee5a84a787b89fa24347b8f4bf7604ecdb08db4793cf550c88e39e61f621b1b97f195a14a658234b

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_6.0.12_(x64)_20221228231721_002_dotnet_host_6.0.12_win_x64.msi.log
                Filesize

                2KB

                MD5

                8035351938f999e4489d629656abbf7e

                SHA1

                2f3c0f2b614ebc31a4214a089b48e9958e8feaeb

                SHA256

                525b1b5b32999cf57bfbfd98332448842ddb584a89890e2186766a4960a45c02

                SHA512

                3436a8b2b4e17de8e8034feed4c47cc5ba9c15f72bd88b9215656f672a1f255664560a5e9ff46425831faf726794d8c1b41fd00c4cff4ca28a027e53ddb4b550

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_6.0.12_(x64)_20221228231721_003_windowsdesktop_runtime_6.0.12_win_x64.msi.log
                Filesize

                2KB

                MD5

                085c2ebc358b8020c063525c84da33d7

                SHA1

                f1464ea7aabae10052427244b3429b9e1a3ed989

                SHA256

                f85f1f9cd1d64b42ed25834a5f48bb32742e63b2e6615d4fb5308c44f7d663f3

                SHA512

                5c4a86933ee7420e475fe8da2882f408f8ad4ccfa0be8576e9a5a258882e0e3e43ad1943861632f77f99cd39e1bd833600b655631a06939c2fe4deef3d43ac20

                Download Submit

              • C:\Windows\Installer\MSI1551.tmp
                Filesize

                225KB

                MD5

                d711da8a6487aea301e05003f327879f

                SHA1

                548d3779ed3ab7309328f174bfb18d7768d27747

                SHA256

                3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

                SHA512

                c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

                Download Submit

              • C:\Windows\Installer\MSI17E2.tmp
                Filesize

                225KB

                MD5

                d711da8a6487aea301e05003f327879f

                SHA1

                548d3779ed3ab7309328f174bfb18d7768d27747

                SHA256

                3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

                SHA512

                c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

                Download Submit

              • C:\Windows\Installer\MSI1EAD.tmp
                Filesize

                225KB

                MD5

                d711da8a6487aea301e05003f327879f

                SHA1

                548d3779ed3ab7309328f174bfb18d7768d27747

                SHA256

                3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

                SHA512

                c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

                Download Submit

              • C:\Windows\Installer\MSI214E.tmp
                Filesize

                225KB

                MD5

                d711da8a6487aea301e05003f327879f

                SHA1

                548d3779ed3ab7309328f174bfb18d7768d27747

                SHA256

                3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

                SHA512

                c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

                Download Submit

              • C:\Windows\Installer\MSI36CE.tmp
                Filesize

                225KB

                MD5

                d711da8a6487aea301e05003f327879f

                SHA1

                548d3779ed3ab7309328f174bfb18d7768d27747

                SHA256

                3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

                SHA512

                c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

                Download Submit

              • C:\Windows\Installer\MSIC05.tmp
                Filesize

                225KB

                MD5

                d711da8a6487aea301e05003f327879f

                SHA1

                548d3779ed3ab7309328f174bfb18d7768d27747

                SHA256

                3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

                SHA512

                c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

                Download Submit

              • C:\Windows\Installer\MSIF52.tmp
                Filesize

                225KB

                MD5

                d711da8a6487aea301e05003f327879f

                SHA1

                548d3779ed3ab7309328f174bfb18d7768d27747

                SHA256

                3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

                SHA512

                c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

                Download Submit

              • C:\Windows\Installer\MSIFBF4.tmp
                Filesize

                225KB

                MD5

                d711da8a6487aea301e05003f327879f

                SHA1

                548d3779ed3ab7309328f174bfb18d7768d27747

                SHA256

                3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

                SHA512

                c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

                Download Submit

              • C:\Windows\Temp\{D4B61B39-F465-49CD-B45A-EE2A6B45E864}\.be\windowsdesktop-runtime-6.0.12-win-x64.exe
                Filesize

                610KB

                MD5

                29fbc5cabda5a2afdc4ca20e78e7f61a

                SHA1

                535dba4d2ebb82f0dd217f4876d25e6430146645

                SHA256

                aff17ea5884da8f7e7d10f9fd6a6e4e8d43b9e34d28df55f08328e0d84a7ecf7

                SHA512

                4ddb847a9747f857ad37216e42224320003e99f73929c617c6946d2352e6fe8528faf225d1be3bd650f7ac533246a8303a48628a0de689f3b273955cf9fcbab2

                Download Submit

              • C:\Windows\Temp\{D4B61B39-F465-49CD-B45A-EE2A6B45E864}\.be\windowsdesktop-runtime-6.0.12-win-x64.exe
                Filesize

                610KB

                MD5

                29fbc5cabda5a2afdc4ca20e78e7f61a

                SHA1

                535dba4d2ebb82f0dd217f4876d25e6430146645

                SHA256

                aff17ea5884da8f7e7d10f9fd6a6e4e8d43b9e34d28df55f08328e0d84a7ecf7

                SHA512

                4ddb847a9747f857ad37216e42224320003e99f73929c617c6946d2352e6fe8528faf225d1be3bd650f7ac533246a8303a48628a0de689f3b273955cf9fcbab2

                Download Submit

              • C:\Windows\Temp\{D4B61B39-F465-49CD-B45A-EE2A6B45E864}\dotnet_host_6.0.12_win_x64.msi
                Filesize

                736KB

                MD5

                753735368ed5ab04df161907268651c5

                SHA1

                e68772a1f4f752a5d11340fb9724643f764ef06c

                SHA256

                26a5442a404027b6cacf87381d2f7219f9c8c05f8ea380000d27290bd79c2cfc

                SHA512

                3746c4801fb9e6b3fa2e0f3245756bdf7a725bb64c53539b25ab133b959a9318d92151157f2a09bf06b9618ebd66e1bf3b15e53173d9ce10b77c17ca3db012e9

                Download Submit

              • C:\Windows\Temp\{D4B61B39-F465-49CD-B45A-EE2A6B45E864}\dotnet_hostfxr_6.0.12_win_x64.msi
                Filesize

                804KB

                MD5

                288f19e824eafccf3654eeebf69c03f1

                SHA1

                14d49baab39001a3459be19f9e760e467b39c90d

                SHA256

                264d63dcaa7052dcf9539fedc99f5a56da6234e3a69433a6cdeaa50cfc143e8f

                SHA512

                3ca3f18db329164f46aab9b8228dc5e79ded4fce571b848556fccc28970829ffb38070daf593c617ba2acdff859f48fc49ccaf77d052f76004cba200f5b2735c

                Download Submit

              • C:\Windows\Temp\{D4B61B39-F465-49CD-B45A-EE2A6B45E864}\dotnet_runtime_6.0.12_win_x64.msi
                Filesize

                25.6MB

                MD5

                ed04f657c593c878184f2cacd259d89d

                SHA1

                b3b9ef6c6a7d7b26e1db8a25c9cfca801b4510e2

                SHA256

                c271c90769d282c35da7496b217d8c1b7e1f110f98c910263fd0a511f06b7b6c

                SHA512

                e5540046b4fad6b2848a8a5ec895e1482d1b185ff580e086f998217c4f1af8e101c66724c35f1149014e4bd3037814ebc0f9246f943f129df3f65bb401a9c5aa

                Download Submit

              • C:\Windows\Temp\{D4B61B39-F465-49CD-B45A-EE2A6B45E864}\windowsdesktop_runtime_6.0.12_win_x64.msi
                Filesize

                28.6MB

                MD5

                224844b83b90ae86a10a48240d7b410a

                SHA1

                9c773d4a08542284ea3c1fa923ecb0509dd69279

                SHA256

                c610983fcb3e7d6ba33c5882da3e3b95d13a18c0a974421a67cdf54430c4546e

                SHA512

                ae7c109331b758b48df9b7b3958762da7a6412b6f1483fba18cc01832f053c1a39ccd91fdaa217f0b9e15716d1f2ec5798815ebfdfa00d8d3147a6827d8af603

                Download Submit

              • C:\Windows\Temp\{DBF3D89E-6B90-407A-AE53-61B9726B5215}\.cr\windowsdesktop-runtime-6.0.12-win-x64.exe
                Filesize

                610KB

                MD5

                29fbc5cabda5a2afdc4ca20e78e7f61a

                SHA1

                535dba4d2ebb82f0dd217f4876d25e6430146645

                SHA256

                aff17ea5884da8f7e7d10f9fd6a6e4e8d43b9e34d28df55f08328e0d84a7ecf7

                SHA512

                4ddb847a9747f857ad37216e42224320003e99f73929c617c6946d2352e6fe8528faf225d1be3bd650f7ac533246a8303a48628a0de689f3b273955cf9fcbab2

                Download Submit

              • C:\Windows\Temp\{DBF3D89E-6B90-407A-AE53-61B9726B5215}\.cr\windowsdesktop-runtime-6.0.12-win-x64.exe
                Filesize

                610KB

                MD5

                29fbc5cabda5a2afdc4ca20e78e7f61a

                SHA1

                535dba4d2ebb82f0dd217f4876d25e6430146645

                SHA256

                aff17ea5884da8f7e7d10f9fd6a6e4e8d43b9e34d28df55f08328e0d84a7ecf7

                SHA512

                4ddb847a9747f857ad37216e42224320003e99f73929c617c6946d2352e6fe8528faf225d1be3bd650f7ac533246a8303a48628a0de689f3b273955cf9fcbab2

                Download Submit

              • \Windows\Installer\MSI1551.tmp
                Filesize

                225KB

                MD5

                d711da8a6487aea301e05003f327879f

                SHA1

                548d3779ed3ab7309328f174bfb18d7768d27747

                SHA256

                3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

                SHA512

                c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

                Download Submit

              • \Windows\Installer\MSI17E2.tmp
                Filesize

                225KB

                MD5

                d711da8a6487aea301e05003f327879f

                SHA1

                548d3779ed3ab7309328f174bfb18d7768d27747

                SHA256

                3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

                SHA512

                c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

                Download Submit

              • \Windows\Installer\MSI1EAD.tmp
                Filesize

                225KB

                MD5

                d711da8a6487aea301e05003f327879f

                SHA1

                548d3779ed3ab7309328f174bfb18d7768d27747

                SHA256

                3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

                SHA512

                c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

                Download Submit

              • \Windows\Installer\MSI214E.tmp
                Filesize

                225KB

                MD5

                d711da8a6487aea301e05003f327879f

                SHA1

                548d3779ed3ab7309328f174bfb18d7768d27747

                SHA256

                3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

                SHA512

                c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

                Download Submit

              • \Windows\Installer\MSI36CE.tmp
                Filesize

                225KB

                MD5

                d711da8a6487aea301e05003f327879f

                SHA1

                548d3779ed3ab7309328f174bfb18d7768d27747

                SHA256

                3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

                SHA512

                c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

                Download Submit

              • \Windows\Installer\MSIC05.tmp
                Filesize

                225KB

                MD5

                d711da8a6487aea301e05003f327879f

                SHA1

                548d3779ed3ab7309328f174bfb18d7768d27747

                SHA256

                3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

                SHA512

                c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

                Download Submit

              • \Windows\Installer\MSIF52.tmp
                Filesize

                225KB

                MD5

                d711da8a6487aea301e05003f327879f

                SHA1

                548d3779ed3ab7309328f174bfb18d7768d27747

                SHA256

                3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

                SHA512

                c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

                Download Submit

              • \Windows\Installer\MSIFBF4.tmp
                Filesize

                225KB

                MD5

                d711da8a6487aea301e05003f327879f

                SHA1

                548d3779ed3ab7309328f174bfb18d7768d27747

                SHA256

                3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

                SHA512

                c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

                Download Submit

              • \Windows\Temp\{D4B61B39-F465-49CD-B45A-EE2A6B45E864}\.ba\wixstdba.dll
                Filesize

                197KB

                MD5

                4356ee50f0b1a878e270614780ddf095

                SHA1

                b5c0915f023b2e4ed3e122322abc40c4437909af

                SHA256

                41a8787fdc9467f563438daba4131191aa1eb588a81beb9a89fe8bd886c16104

                SHA512

                b9e482efe9189683dabfc9feff8b386d7eba4ecf070f42a1eebee6052cfb181a19497f831f1ea6429cfcce1d4865a5d279b24bd738d702902e9887bb9f0c4691

                Download Submit

              • memory/2328-144-0x0000000077410000-0x000000007759E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2328-131-0x0000000077410000-0x000000007759E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2328-155-0x0000000077410000-0x000000007759E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2328-158-0x0000000077410000-0x000000007759E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2328-159-0x0000000077410000-0x000000007759E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2328-160-0x0000000077410000-0x000000007759E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2328-161-0x0000000077410000-0x000000007759E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2328-162-0x0000000077410000-0x000000007759E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2328-163-0x0000000077410000-0x000000007759E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2328-164-0x0000000077410000-0x000000007759E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2328-165-0x0000000077410000-0x000000007759E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2328-127-0x0000000077410000-0x000000007759E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2328-129-0x0000000077410000-0x000000007759E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2328-151-0x0000000077410000-0x000000007759E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2328-128-0x0000000077410000-0x000000007759E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2328-154-0x0000000077410000-0x000000007759E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2328-130-0x0000000077410000-0x000000007759E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2328-156-0x0000000077410000-0x000000007759E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2328-150-0x0000000077410000-0x000000007759E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2328-133-0x0000000077410000-0x000000007759E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2328-132-0x0000000077410000-0x000000007759E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2328-134-0x0000000077410000-0x000000007759E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2328-135-0x0000000077410000-0x000000007759E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2328-136-0x0000000077410000-0x000000007759E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2328-137-0x0000000077410000-0x000000007759E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2328-138-0x0000000077410000-0x000000007759E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2328-139-0x0000000077410000-0x000000007759E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2328-140-0x0000000077410000-0x000000007759E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2328-141-0x0000000077410000-0x000000007759E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2328-142-0x0000000077410000-0x000000007759E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2328-143-0x0000000077410000-0x000000007759E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2328-145-0x0000000077410000-0x000000007759E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2328-146-0x0000000077410000-0x000000007759E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2328-147-0x0000000077410000-0x000000007759E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2328-148-0x0000000077410000-0x000000007759E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2328-149-0x0000000077410000-0x000000007759E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2328-153-0x0000000077410000-0x000000007759E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2328-152-0x0000000077410000-0x000000007759E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2804-173-0x0000000077410000-0x000000007759E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2804-180-0x0000000077410000-0x000000007759E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2804-191-0x0000000077410000-0x000000007759E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2804-190-0x0000000077410000-0x000000007759E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2804-189-0x0000000077410000-0x000000007759E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2804-188-0x0000000077410000-0x000000007759E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2804-187-0x0000000077410000-0x000000007759E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2804-186-0x0000000077410000-0x000000007759E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2804-185-0x0000000077410000-0x000000007759E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2804-184-0x0000000077410000-0x000000007759E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2804-182-0x0000000077410000-0x000000007759E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2804-183-0x0000000077410000-0x000000007759E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2804-168-0x0000000077410000-0x000000007759E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2804-181-0x0000000077410000-0x000000007759E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2804-169-0x0000000077410000-0x000000007759E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2804-179-0x0000000077410000-0x000000007759E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2804-178-0x0000000077410000-0x000000007759E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2804-177-0x0000000077410000-0x000000007759E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2804-170-0x0000000077410000-0x000000007759E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2804-176-0x0000000077410000-0x000000007759E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2804-175-0x0000000077410000-0x000000007759E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2804-174-0x0000000077410000-0x000000007759E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2804-172-0x0000000077410000-0x000000007759E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2804-171-0x0000000077410000-0x000000007759E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/4336-116-0x00000137EBF20000-0x00000137EBF30000-memory.dmp

                Filesize

                64KB

                Download

              • memory/4336-117-0x00000137EC020000-0x00000137EC030000-memory.dmp

                Filesize

                64KB

                Download