38436d423dcb7741dcf84e580720c5faec14319129856775aed7fd7892057e28

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
04/02/2023, 22:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

H1EmuLauncherSetup.exe
Size

71.3MB
MD5

04a31f25e86d5428131daad86590eaeb
SHA1

59335674c89e0a0a110c62713a2984eb56b2b65b
SHA256

38436d423dcb7741dcf84e580720c5faec14319129856775aed7fd7892057e28
SHA512

aa46aa1e7e2dc681ddc8bd45820b6dbd07baa7aa901c5ed442f3ae3d1a91e45bbbc94dff1a31b5230f974a21325fe7776799f6aa051cc1319a60e32117573b88
SSDEEP

1572864:V4ssErqwOwvzYllLJBwOwR+8tKXIOmHRc7NRIugoLhM7:V4ssEEwvoJmOn8t1Rc7f3vK

Score

8^/10

discovery persistence

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	windowsdesktop-runtime-6.0.13-win-x64.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	setup.exe

Executes dropped EXE 7 IoCs

pid	Process
4040	setup.exe
4808	NetCoreCheck.exe
4036	NetCoreCheck.exe
3156	windowsdesktop-runtime-6.0.13-win-x64.exe
4668	windowsdesktop-runtime-6.0.13-win-x64.exe
4708	windowsdesktop-runtime-6.0.13-win-x64.exe
4132	NetCoreCheck.exe

Loads dropped DLL 15 IoCs

pid	Process
4668	windowsdesktop-runtime-6.0.13-win-x64.exe
912	MsiExec.exe
912	MsiExec.exe
2856	MsiExec.exe
2856	MsiExec.exe
2220	MsiExec.exe
2220	MsiExec.exe
2224	MsiExec.exe
2224	MsiExec.exe
4132	NetCoreCheck.exe
4132	NetCoreCheck.exe
4844	MsiExec.exe
4844	MsiExec.exe
1656	MsiExec.exe
1656	MsiExec.exe

Adds Run key to start application 2 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce	H1EmuLauncherSetup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	H1EmuLauncherSetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce	windowsdesktop-runtime-6.0.13-win-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{96cf40b0-81d6-43ed-ad0e-611e67899196} = "\"C:\\ProgramData\\Package Cache\\{96cf40b0-81d6-43ed-ad0e-611e67899196}\\windowsdesktop-runtime-6.0.13-win-x64.exe\" /burn.runonce"	windowsdesktop-runtime-6.0.13-win-x64.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 48 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.13\System.Linq.Expressions.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.13\api-ms-win-core-libraryloader-l1-1-0.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.13\PresentationFramework-SystemXml.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.13\cs\PresentationFramework.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.13\ko\UIAutomationProvider.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.13\ko\System.Windows.Forms.Design.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.13\System.Runtime.InteropServices.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.13\mscordaccore.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.13\System.ComponentModel.EventBasedAsync.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.13\pl\WindowsFormsIntegration.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.13\ja\System.Windows.Input.Manipulations.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.13\System.IO.FileSystem.Watcher.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.13\es\System.Windows.Forms.Design.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.13\cs\System.Windows.Input.Manipulations.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.13\tr\System.Windows.Forms.Design.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.13\System.Transactions.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.13\System.AppContext.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.13\es\WindowsFormsIntegration.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.13\pl\UIAutomationClient.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.13\zh-Hant\UIAutomationProvider.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.13\api-ms-win-crt-runtime-l1-1-0.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.13\ko\System.Windows.Forms.Primitives.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.13\zh-Hans\WindowsFormsIntegration.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.13\pt-BR\PresentationFramework.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.13\zh-Hant\System.Windows.Forms.Design.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.13\System.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.13\api-ms-win-crt-filesystem-l1-1-0.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.13\System.Net.Sockets.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.13\System.Diagnostics.Debug.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.13\pl\ReachFramework.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.13\ru\PresentationCore.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.13\ja\UIAutomationTypes.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.13\pt-BR\System.Windows.Forms.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.13\System.Reflection.Extensions.dll	msiexec.exe
File created	C:\Program Files (x86)\H1Emu © 2022\H1Emu Launcher\H1EmuLauncher.exe	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.13\PresentationFramework-SystemXmlLinq.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.13\WindowsFormsIntegration.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.13\PresentationUI.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.13\zh-Hans\System.Xaml.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\H1Emu © 2022\H1Emu Launcher\H1EmuLauncher.dll.config	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.13\api-ms-win-crt-utility-l1-1-0.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.13\System.IO.Compression.Native.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.13\ja\System.Windows.Forms.Design.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.13\zh-Hant\UIAutomationClient.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.13\api-ms-win-core-synch-l1-2-0.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.13\tr\System.Windows.Forms.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.13\tr\System.Xaml.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.13\System.Transactions.Local.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.13\api-ms-win-core-sysinfo-l1-1-0.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.13\ja\Microsoft.VisualBasic.Forms.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.13\zh-Hans\PresentationFramework.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.13\pl\UIAutomationClientSideProviders.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.13\api-ms-win-core-fibers-l1-1-0.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.13\mscordaccore_amd64_amd64_6.0.1322.58009.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.13\fr\System.Windows.Controls.Ribbon.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.13\System.Windows.Presentation.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.13\System.Diagnostics.TextWriterTraceListener.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.13\System.Web.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.13\System.Xml.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.13\ja\System.Windows.Forms.Primitives.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.13\pt-BR\System.Windows.Forms.Design.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.13\System.Runtime.InteropServices.RuntimeInformation.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.13\it\Microsoft.VisualBasic.Forms.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.13\ru\Microsoft.VisualBasic.Forms.resources.dll	msiexec.exe

Drops file in Windows directory 44 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\MSIE44A.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\e57ca61.msi	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{5F0DB006-2AE3-4D36-8077-65247FD687D4}	msiexec.exe
File opened for modification	C:\Windows\Installer\e57ca5d.msi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{9511601E-12FF-4972-BF9C-2992F2CA5A32}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF0C2.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\e57ca65.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\{097ADD09-200F-4858-A040-35D9C4E48D96}\_3B5E89380B7280FA3671EB.exe	msiexec.exe
File created	C:\Windows\Installer\e57ca67.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\SourceHash{8CDACE3C-0064-4A17-A02C-49F831D5F73A}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIE189.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF42E.tmp	msiexec.exe
File created	C:\Windows\Installer\e57ca64.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\{097ADD09-200F-4858-A040-35D9C4E48D96}\_853F67D554F05449430E7E.exe	msiexec.exe
File created	C:\Windows\Installer\e57ca55.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIEA28.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIEC6B.tmp	msiexec.exe
File created	C:\Windows\Installer\e57ca65.msi	msiexec.exe
File created	C:\Windows\Installer\{097ADD09-200F-4858-A040-35D9C4E48D96}\_9AECB983F1DA8D982F9374.exe	msiexec.exe
File opened for modification	C:\Windows\Installer\e57ca55.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIDDBF.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\e57ca59.msi	msiexec.exe
File created	C:\Windows\Installer\{097ADD09-200F-4858-A040-35D9C4E48D96}\_853F67D554F05449430E7E.exe	msiexec.exe
File opened for modification	C:\Windows\Installer\MSID060.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSID39D.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI8554.tmp	msiexec.exe
File created	C:\Windows\Installer\SourceHash{097ADD09-200F-4858-A040-35D9C4E48D96}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI8A19.tmp	msiexec.exe
File created	C:\Windows\Installer\{097ADD09-200F-4858-A040-35D9C4E48D96}\_3B5E89380B7280FA3671EB.exe	msiexec.exe
File opened for modification	C:\Windows\Installer\{097ADD09-200F-4858-A040-35D9C4E48D96}\_9AECB983F1DA8D982F9374.exe	msiexec.exe
File created	C:\Windows\Installer\e57ca59.msi	msiexec.exe
File created	C:\Windows\Installer\e57ca61.msi	msiexec.exe
File created	C:\Windows\Installer\e57ca5d.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIE71A.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI866E.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIE340.tmp	msiexec.exe
File created	C:\Windows\Installer\e57ca5c.msi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{8484730A-68A4-4C63-93B4-52628D3B488D}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI1BC.tmp	msiexec.exe
File created	C:\Windows\Installer\e57ca58.msi	msiexec.exe
File created	C:\Windows\Installer\e57ca60.msi	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 5 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000dcccb42f1bc641320000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000dcccb42f0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3f000000ffffffff000000000700010000680900dcccb42f000000000000d0120000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000dcccb42f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000dcccb42f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe

Modifies data under HKEY_USERS 12 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\20	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\21	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\22\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\1E\52C64B7E	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1f	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\1F	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\23	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\20	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\21	msiexec.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\C61AF4A983356BD7017B5363DF2BCFC2\C3ECADC8460071A40AC2948F135D7FA3	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A03748484A8636C4394B2526D8B384D8\Language = "1033"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A03748484A8636C4394B2526D8B384D8\Assignment = "1"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\600BD0F53EA263D408775642F76D784D\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{5F0DB006-2AE3-4D36-8077-65247FD687D4}v48.55.52137\\"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C3ECADC8460071A40AC2948F135D7FA3\Assignment = "1"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A03748484A8636C4394B2526D8B384D8\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{8484730A-68A4-4C63-93B4-52628D3B488D}v48.55.53270\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\H1EmuLauncher\URL Protocol	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\90DDA790F00285840A04539D4C4ED869\DeploymentFlags = "3"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\600BD0F53EA263D408775642F76D784D\AdvertiseFlags = "388"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_SharedHost_48.3.31210_x64\Dependents	windowsdesktop-runtime-6.0.13-win-x64.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|H1Emu © 2022\|H1Emu Launcher\|Newtonsoft.Json.dll\Newtonsoft.Json,Version="13.0.0.0",Culture="neutral",PublicKeyToken="30AD4FE6B2A6AEED",ProcessorArchitecture="MSIL" = 39004b007d00260026004d007e00460039003f006e00260074006d006e004b007d007b00480058003e003d0067004e0038006600550068006a004400700073002600470067005f00650079007b003d00390000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\90DDA790F00285840A04539D4C4ED869\PackageCode = "148F820DC13FB7E4E893837310D00B4C"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\072976E48C56120438EBB3E83CCEA7EF	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{96cf40b0-81d6-43ed-ad0e-611e67899196}\Version = "6.0.13.32001"	windowsdesktop-runtime-6.0.13-win-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\600BD0F53EA263D408775642F76D784D	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C3ECADC8460071A40AC2948F135D7FA3\AdvertiseFlags = "388"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\90DDA790F00285840A04539D4C4ED869\SourceList	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\90DDA790F00285840A04539D4C4ED869\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\90DDA790F00285840A04539D4C4ED869\Clients = 3a0000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{96cf40b0-81d6-43ed-ad0e-611e67899196}\Dependents\{96cf40b0-81d6-43ed-ad0e-611e67899196}	windowsdesktop-runtime-6.0.13-win-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C3ECADC8460071A40AC2948F135D7FA3	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_SharedHost_48.3.31210_x64\ = "{9511601E-12FF-4972-BF9C-2992F2CA5A32}"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_SharedHost_48.3.31210_x64\DisplayName = "Microsoft .NET Host - 6.0.13 (x64)"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E1061159FF212794FBC992292FACA523\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{9511601E-12FF-4972-BF9C-2992F2CA5A32}v48.55.52137\\"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\600BD0F53EA263D408775642F76D784D\AuthorizedLUAApp = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\A03748484A8636C4394B2526D8B384D8\Provider	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\600BD0F53EA263D408775642F76D784D\PackageCode = "6583A622D1F67E64B836884A1D3E6C78"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\600BD0F53EA263D408775642F76D784D\Assignment = "1"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\7AAC419AA63514254F7B5A2BAD664AB5\A03748484A8636C4394B2526D8B384D8	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\90DDA790F00285840A04539D4C4ED869\SourceList\Net	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C3ECADC8460071A40AC2948F135D7FA3\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{8CDACE3C-0064-4A17-A02C-49F831D5F73A}v48.55.52137\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E1061159FF212794FBC992292FACA523\PackageCode = "7C9D16C6A32B9544D8C0852A372E34EB"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\094F9C7997352096B7082D27C35AD959	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E1061159FF212794FBC992292FACA523\SourceList\PackageName = "dotnet-host-6.0.13-win-x64.msi"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\windowsdesktop_runtime_48.55.53270_x64\ = "{8484730A-68A4-4C63-93B4-52628D3B488D}"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_HostFxr_48.55.52137_x64\Dependents\{96cf40b0-81d6-43ed-ad0e-611e67899196}	windowsdesktop-runtime-6.0.13-win-x64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E1061159FF212794FBC992292FACA523\AuthorizedLUAApp = "0"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A03748484A8636C4394B2526D8B384D8\Clients = 3a0000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\dotnet_runtime_48.55.52137_x64\Version = "48.55.52137"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\600BD0F53EA263D408775642F76D784D	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_HostFxr_48.55.52137_x64\ = "{8CDACE3C-0064-4A17-A02C-49F831D5F73A}"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C3ECADC8460071A40AC2948F135D7FA3\SourceList	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C3ECADC8460071A40AC2948F135D7FA3\Clients = 3a0000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\H1EmuLauncher\Shell	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|H1Emu © 2022\|H1Emu Launcher\|H1EmuLauncher.dll\H1EmuLauncher,Version="2.7.0.0",Culture="neutral",ProcessorArchitecture="MSIL" = 39004b007d00260026004d007e00460039003f006e00260074006d006e004b007d007b00480058003e003f00410076003f00650073005600660064006100470042003f00440041004d00740073006b004a0000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C3ECADC8460071A40AC2948F135D7FA3\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{8CDACE3C-0064-4A17-A02C-49F831D5F73A}v48.55.52137\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A03748484A8636C4394B2526D8B384D8	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A03748484A8636C4394B2526D8B384D8\SourceList\Media	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{96cf40b0-81d6-43ed-ad0e-611e67899196}\DisplayName = "Microsoft Windows Desktop Runtime - 6.0.13 (x64)"	windowsdesktop-runtime-6.0.13-win-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\600BD0F53EA263D408775642F76D784D\SourceList\Net	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\600BD0F53EA263D408775642F76D784D\SourceList\Media	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\dotnet_runtime_48.55.52137_x64\Dependents\{96cf40b0-81d6-43ed-ad0e-611e67899196}	windowsdesktop-runtime-6.0.13-win-x64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C3ECADC8460071A40AC2948F135D7FA3\Language = "1033"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\H1EmuLauncher	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|H1Emu © 2022\|H1Emu Launcher\|SteamKit2.dll\SteamKit2,Version="2.4.1.0",Culture="neutral",PublicKeyToken="ED3CE47ED5AAD940",ProcessorArchitecture="MSIL" = 39004b007d00260026004d007e00460039003f006e00260074006d006e004b007d007b00480058003e005b0044004500730063003700520065002e0031006000690040002e002500540046002d003200700000000000	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\90DDA790F00285840A04539D4C4ED869\AuthorizedLUAApp = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\90DDA790F00285840A04539D4C4ED869\SourceList\Media\1 = ";"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\C3ECADC8460071A40AC2948F135D7FA3	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Dotnet_CLI_HostFxr_48.55.52137_x64	windowsdesktop-runtime-6.0.13-win-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_SharedHost_48.3.31210_x64\Version = "48.55.52137"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\A03748484A8636C4394B2526D8B384D8\MainFeature	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\windowsdesktop_runtime_48.55.53270_x64\Dependents	windowsdesktop-runtime-6.0.13-win-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\dotnet_runtime_48.55.52137_x64\Dependents	windowsdesktop-runtime-6.0.13-win-x64.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E1061159FF212794FBC992292FACA523\Clients = 3a0000000000	msiexec.exe

Modifies system certificate store 2 TTPs 2 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\F252E794FE438E35ACE6E53762C0A234A2C52135	setup.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\F252E794FE438E35ACE6E53762C0A234A2C52135\Blob = 030000000100000014000000f252e794fe438e35ace6e53762c0a234a2c5213519000000010000001000000087e0ffb0415d8ad49500855f8ba368c4040000000100000010000000ce02a0499711d1f1a3fcfc3c699a6c970f0000000100000020000000f6f717a43ad9abddc8cefdde1c505462535e7d1307e630f9544a2d14fe8bf26e140000000100000014000000486e64e55005d382aa17373722b56da8ca7502955c000000010000000400000000100000180000000100000010000000bb048f1838395f6fc3a1f3d2b7e9765420000000010000007e0700003082077a30820562a003020102020a610e90d2000000000003300d06092a864886f70d01010b0500308188310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e31323030060355040313294d6963726f736f667420526f6f7420436572746966696361746520417574686f726974792032303131301e170d3131303730383230353930395a170d3236303730383231303930395a307e310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e312830260603550403131f4d6963726f736f667420436f6465205369676e696e6720504341203230313130820222300d06092a864886f70d01010105000382020f003082020a0282020100abf0fa72101c2eadd86eaa82104d34baf2b658219f421b2a6be95a50aab806381a0449ba7fc30c1edd376bc612d80bf038c29906b0c839d501143142d3890d7964877e9460246caf9e499ce9685ed2df9b53b20a2cc3afd9a92bae7a09afd79659ca601a05e96676e8325226122fe7ab0850cfb344b75dd8c42e0375ab68f3cb6df33a5ca116f446bae03864ac6e643578a6a0630f2dd34093f8e3de070dd55c79a54929e70dbea01377be943deffbe32b5a101f4d5628a27a72e0123ab7495ed8eded439183d97bb27b861bd93eb18c5de8894f841af2a12f59e4903b2dae3358c5b73efe32d3b3033db1b2af92387ed29d802cf54e5691213525c3396e647f53ba9c0fad192384cbf4ba03868df75ff0d052bf8c9487bcc02174255f1828b6cc2728382598394a36cf7cb192ae1c23a7a966ec611f6ae128499d5f88e2255dd3214b3e52c4b5573f2403f0d17a5b2fd523e3705d0f514677b3f800e1bcac02825fdbc015b3bd1bd4554be739a10fe92349bc18b8447c45e4c1c3727ae072e724dfbf4699c5efc21c57db838dec4d4930a7ab8edfec5b9faffcddb066e2c197817bedd6ed4be74929a71328a6a77d6780e68a62785fb22f84d7579c5cbf772828f1ed6dc3288f2c8f40374fc1e1854489c4094cc5d4a5432f7495f76ef87820582c135d60959a3e4f3384dab08817de9e4ef496b0bc46a06c98d2e0d6888c0b0203010001a38201ed308201e9301006092b06010401823715010403020100301d0603551d0e04160414486e64e55005d382aa17373722b56da8ca750295301906092b0601040182371402040c1e0a00530075006200430041300b0603551d0f040403020186300f0603551d130101ff040530030101ff301f0603551d23041830168014722d3a02319043b914054ee1eaa7c731d1238934305a0603551d1f04533051304fa04da04b8649687474703a2f2f63726c2e6d6963726f736f66742e636f6d2f706b692f63726c2f70726f64756374732f4d6963526f6f436572417574323031315f323031315f30335f32322e63726c305e06082b0601050507010104523050304e06082b060105050730028642687474703a2f2f7777772e6d6963726f736f66742e636f6d2f706b692f63657274732f4d6963526f6f436572417574323031315f323031315f30335f32322e63727430819f0603551d2004819730819430819106092b0601040182372e03308183303f06082b060105050702011633687474703a2f2f7777772e6d6963726f736f66742e636f6d2f706b696f70732f646f63732f7072696d6172796370732e68746d304006082b0601050507020230341e32201d004c006500670061006c005f0070006f006c006900630079005f00730074006100740065006d0065006e0074002e201d300d06092a864886f70d01010b0500038202010067f286a598e054791a2ed3d87467229b0b9611e163929942967dd2790c90c1655f2e2c3ef8c372d16d83febe3fe80aca3bbf47a9a3f369db63bf2235a5975d6584907d8b465055d80c927cd21a4b1cf33c428b52d0b0fd6be33e072e299be63d1ba5d4b51d779439e2e964c9443d787a23f3137da69074838df4cb2602462ac28a10bba4a9050c9bed68fa682e95a02a3f2a6b5849631f09696e5a9896e483f4c08ff3462bdefc3bd0bd35ef6e25aee5af27edd0ddf30eaf992897984d0e3d0bf20889d61fc33218e2f0c52dce5b9eb449390ac60ac2c6adaee5b2d9db1588514558383271271a7fb1f427f8de2c3a206998b25989686e6fa7b774c3400506a6012a283e823f134d660bc0b34df5e18f7f1c6f157d45a776e5402a65a3c35d526286c31d63369786dfdaf3f8f216a19a27e1cda597d0ee5d6341e35b079c873e067706d106b1751f14be6161b5f0dcc61b04bedf41c70e28eede652fec97f6a15c96d800d6a146bd59f397a5094b481099801fd00029c5b19ba53f45771e35c6d2a2a29f7a7a22fa48951fabfb472380f59ef8bf6bb74b97e2eb75781aecea379979184bffd6b3236875e6affafc8beb0b80ea693baffc30ed044c8edfdf756d63913dd19d564e4fbf805722a1781132217aef410ab13ffba8cca45dc1a1889b5771564e4845c042c99b765b0a80486bfd799fc1bd6d6d6ac95273130d7a50cd	setup.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2352	msiexec.exe
2352	msiexec.exe
2352	msiexec.exe
2352	msiexec.exe
2352	msiexec.exe
2352	msiexec.exe
2352	msiexec.exe
2352	msiexec.exe
2352	msiexec.exe
2352	msiexec.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4708	windowsdesktop-runtime-6.0.13-win-x64.exe
Token: SeIncreaseQuotaPrivilege	4708	windowsdesktop-runtime-6.0.13-win-x64.exe
Token: SeSecurityPrivilege	2352	msiexec.exe
Token: SeCreateTokenPrivilege	4708	windowsdesktop-runtime-6.0.13-win-x64.exe
Token: SeAssignPrimaryTokenPrivilege	4708	windowsdesktop-runtime-6.0.13-win-x64.exe
Token: SeLockMemoryPrivilege	4708	windowsdesktop-runtime-6.0.13-win-x64.exe
Token: SeIncreaseQuotaPrivilege	4708	windowsdesktop-runtime-6.0.13-win-x64.exe
Token: SeMachineAccountPrivilege	4708	windowsdesktop-runtime-6.0.13-win-x64.exe
Token: SeTcbPrivilege	4708	windowsdesktop-runtime-6.0.13-win-x64.exe
Token: SeSecurityPrivilege	4708	windowsdesktop-runtime-6.0.13-win-x64.exe
Token: SeTakeOwnershipPrivilege	4708	windowsdesktop-runtime-6.0.13-win-x64.exe
Token: SeLoadDriverPrivilege	4708	windowsdesktop-runtime-6.0.13-win-x64.exe
Token: SeSystemProfilePrivilege	4708	windowsdesktop-runtime-6.0.13-win-x64.exe
Token: SeSystemtimePrivilege	4708	windowsdesktop-runtime-6.0.13-win-x64.exe
Token: SeProfSingleProcessPrivilege	4708	windowsdesktop-runtime-6.0.13-win-x64.exe
Token: SeIncBasePriorityPrivilege	4708	windowsdesktop-runtime-6.0.13-win-x64.exe
Token: SeCreatePagefilePrivilege	4708	windowsdesktop-runtime-6.0.13-win-x64.exe
Token: SeCreatePermanentPrivilege	4708	windowsdesktop-runtime-6.0.13-win-x64.exe
Token: SeBackupPrivilege	4708	windowsdesktop-runtime-6.0.13-win-x64.exe
Token: SeRestorePrivilege	4708	windowsdesktop-runtime-6.0.13-win-x64.exe
Token: SeShutdownPrivilege	4708	windowsdesktop-runtime-6.0.13-win-x64.exe
Token: SeDebugPrivilege	4708	windowsdesktop-runtime-6.0.13-win-x64.exe
Token: SeAuditPrivilege	4708	windowsdesktop-runtime-6.0.13-win-x64.exe
Token: SeSystemEnvironmentPrivilege	4708	windowsdesktop-runtime-6.0.13-win-x64.exe
Token: SeChangeNotifyPrivilege	4708	windowsdesktop-runtime-6.0.13-win-x64.exe
Token: SeRemoteShutdownPrivilege	4708	windowsdesktop-runtime-6.0.13-win-x64.exe
Token: SeUndockPrivilege	4708	windowsdesktop-runtime-6.0.13-win-x64.exe
Token: SeSyncAgentPrivilege	4708	windowsdesktop-runtime-6.0.13-win-x64.exe
Token: SeEnableDelegationPrivilege	4708	windowsdesktop-runtime-6.0.13-win-x64.exe
Token: SeManageVolumePrivilege	4708	windowsdesktop-runtime-6.0.13-win-x64.exe
Token: SeImpersonatePrivilege	4708	windowsdesktop-runtime-6.0.13-win-x64.exe
Token: SeCreateGlobalPrivilege	4708	windowsdesktop-runtime-6.0.13-win-x64.exe
Token: SeRestorePrivilege	2352	msiexec.exe
Token: SeTakeOwnershipPrivilege	2352	msiexec.exe
Token: SeRestorePrivilege	2352	msiexec.exe
Token: SeTakeOwnershipPrivilege	2352	msiexec.exe
Token: SeRestorePrivilege	2352	msiexec.exe
Token: SeTakeOwnershipPrivilege	2352	msiexec.exe
Token: SeRestorePrivilege	2352	msiexec.exe
Token: SeTakeOwnershipPrivilege	2352	msiexec.exe
Token: SeRestorePrivilege	2352	msiexec.exe
Token: SeTakeOwnershipPrivilege	2352	msiexec.exe
Token: SeRestorePrivilege	2352	msiexec.exe
Token: SeTakeOwnershipPrivilege	2352	msiexec.exe
Token: SeRestorePrivilege	2352	msiexec.exe
Token: SeTakeOwnershipPrivilege	2352	msiexec.exe
Token: SeRestorePrivilege	2352	msiexec.exe
Token: SeTakeOwnershipPrivilege	2352	msiexec.exe
Token: SeRestorePrivilege	2352	msiexec.exe
Token: SeTakeOwnershipPrivilege	2352	msiexec.exe
Token: SeRestorePrivilege	2352	msiexec.exe
Token: SeTakeOwnershipPrivilege	2352	msiexec.exe
Token: SeRestorePrivilege	2352	msiexec.exe
Token: SeTakeOwnershipPrivilege	2352	msiexec.exe
Token: SeRestorePrivilege	2352	msiexec.exe
Token: SeTakeOwnershipPrivilege	2352	msiexec.exe
Token: SeRestorePrivilege	2352	msiexec.exe
Token: SeTakeOwnershipPrivilege	2352	msiexec.exe
Token: SeRestorePrivilege	2352	msiexec.exe
Token: SeTakeOwnershipPrivilege	2352	msiexec.exe
Token: SeRestorePrivilege	2352	msiexec.exe
Token: SeTakeOwnershipPrivilege	2352	msiexec.exe
Token: SeRestorePrivilege	2352	msiexec.exe
Token: SeTakeOwnershipPrivilege	2352	msiexec.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4336	msiexec.exe

Suspicious use of WriteProcessMemory 41 IoCs

description	pid	Process	procid_target
PID 2916 wrote to memory of 4040	2916	H1EmuLauncherSetup.exe	79
PID 2916 wrote to memory of 4040	2916	H1EmuLauncherSetup.exe	79
PID 2916 wrote to memory of 4040	2916	H1EmuLauncherSetup.exe	79
PID 4040 wrote to memory of 4808	4040	setup.exe	80
PID 4040 wrote to memory of 4808	4040	setup.exe	80
PID 4040 wrote to memory of 4036	4040	setup.exe	91
PID 4040 wrote to memory of 4036	4040	setup.exe	91
PID 4040 wrote to memory of 3156	4040	setup.exe	93
PID 4040 wrote to memory of 3156	4040	setup.exe	93
PID 4040 wrote to memory of 3156	4040	setup.exe	93
PID 3156 wrote to memory of 4668	3156	windowsdesktop-runtime-6.0.13-win-x64.exe	94
PID 3156 wrote to memory of 4668	3156	windowsdesktop-runtime-6.0.13-win-x64.exe	94
PID 3156 wrote to memory of 4668	3156	windowsdesktop-runtime-6.0.13-win-x64.exe	94
PID 4668 wrote to memory of 4708	4668	windowsdesktop-runtime-6.0.13-win-x64.exe	95
PID 4668 wrote to memory of 4708	4668	windowsdesktop-runtime-6.0.13-win-x64.exe	95
PID 4668 wrote to memory of 4708	4668	windowsdesktop-runtime-6.0.13-win-x64.exe	95
PID 2352 wrote to memory of 912	2352	msiexec.exe	97
PID 2352 wrote to memory of 912	2352	msiexec.exe	97
PID 2352 wrote to memory of 912	2352	msiexec.exe	97
PID 2352 wrote to memory of 2856	2352	msiexec.exe	98
PID 2352 wrote to memory of 2856	2352	msiexec.exe	98
PID 2352 wrote to memory of 2856	2352	msiexec.exe	98
PID 2352 wrote to memory of 2220	2352	msiexec.exe	99
PID 2352 wrote to memory of 2220	2352	msiexec.exe	99
PID 2352 wrote to memory of 2220	2352	msiexec.exe	99
PID 2352 wrote to memory of 2224	2352	msiexec.exe	100
PID 2352 wrote to memory of 2224	2352	msiexec.exe	100
PID 2352 wrote to memory of 2224	2352	msiexec.exe	100
PID 4040 wrote to memory of 4132	4040	setup.exe	101
PID 4040 wrote to memory of 4132	4040	setup.exe	101
PID 4040 wrote to memory of 4336	4040	setup.exe	103
PID 4040 wrote to memory of 4336	4040	setup.exe	103
PID 4040 wrote to memory of 4336	4040	setup.exe	103
PID 2352 wrote to memory of 4844	2352	msiexec.exe	106
PID 2352 wrote to memory of 4844	2352	msiexec.exe	106
PID 2352 wrote to memory of 4844	2352	msiexec.exe	106
PID 2352 wrote to memory of 2596	2352	msiexec.exe	110
PID 2352 wrote to memory of 2596	2352	msiexec.exe	110
PID 2352 wrote to memory of 1656	2352	msiexec.exe	112
PID 2352 wrote to memory of 1656	2352	msiexec.exe	112
PID 2352 wrote to memory of 1656	2352	msiexec.exe	112

C:\Users\Admin\AppData\Local\Temp\H1EmuLauncherSetup.exe
"C:\Users\Admin\AppData\Local\Temp\H1EmuLauncherSetup.exe"
1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:2916
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\setup.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\setup.exe
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Modifies system certificate store
  - Suspicious use of WriteProcessMemory
  PID:4040
- - C:\Users\Admin\AppData\Local\Temp\VSD766D.tmp\net6desktopruntime_x64\NetCoreCheck.exe
    "C:\Users\Admin\AppData\Local\Temp\VSD766D.tmp\net6desktopruntime_x64\NetCoreCheck.exe" Microsoft.WindowsDesktop.App 6.0.13
    3⤵
    - Executes dropped EXE
    PID:4808
- - C:\Users\Admin\AppData\Local\Temp\VSD766D.tmp\net6desktopruntime_x64\NetCoreCheck.exe
    "C:\Users\Admin\AppData\Local\Temp\VSD766D.tmp\net6desktopruntime_x64\NetCoreCheck.exe" Microsoft.WindowsDesktop.App 6.0.13
    3⤵
    - Executes dropped EXE
    PID:4036
- - C:\Users\Admin\AppData\Local\Temp\VSD766D.tmp\net6desktopruntime_x64\windowsdesktop-runtime-6.0.13-win-x64.exe
    "C:\Users\Admin\AppData\Local\Temp\VSD766D.tmp\net6desktopruntime_x64\windowsdesktop-runtime-6.0.13-win-x64.exe" /q
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:3156
  - - C:\Windows\Temp\{257A1AD6-0F27-432E-B979-5E961B956226}\.cr\windowsdesktop-runtime-6.0.13-win-x64.exe
      "C:\Windows\Temp\{257A1AD6-0F27-432E-B979-5E961B956226}\.cr\windowsdesktop-runtime-6.0.13-win-x64.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\VSD766D.tmp\net6desktopruntime_x64\windowsdesktop-runtime-6.0.13-win-x64.exe" -burn.filehandle.attached=540 -burn.filehandle.self=548 /q
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:4668
    - - C:\Windows\Temp\{A14F483A-BC0B-4432-90D4-EE4B603F88EE}\.be\windowsdesktop-runtime-6.0.13-win-x64.exe
        
        "C:\Windows\Temp\{A14F483A-BC0B-4432-90D4-EE4B603F88EE}\.be\windowsdesktop-runtime-6.0.13-win-x64.exe" -q -burn.elevated BurnPipe.{7026A9AD-6148-4891-A177-18B1479C88BB} {C06D6DA4-AC05-4365-9E48-7F29D4A293F3} 4668
        5⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of AdjustPrivilegeToken
        
        PID:4708
- - C:\Users\Admin\AppData\Local\Temp\VSD766D.tmp\net6desktopruntime_x64\NetCoreCheck.exe
    "C:\Users\Admin\AppData\Local\Temp\VSD766D.tmp\net6desktopruntime_x64\NetCoreCheck.exe" Microsoft.WindowsDesktop.App 6.0.13
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4132
- - C:\Windows\SysWOW64\msiexec.exe
    "C:\Windows\SysWOW64\msiexec.exe" -I "C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\H1EmuLauncherSetup.msi"
    3⤵
    - Enumerates connected drives
    - Suspicious use of FindShellTrayWindow
    PID:4336

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2352
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 4210BDDB277E5F78C2EC57F60A9E8A75
  2⤵
  - Loads dropped DLL
  PID:912
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding B020FB1B45AED60F34150CE80AA21ADC
  2⤵
  - Loads dropped DLL
  PID:2856
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 4F2BB895B758B95F50045724C822F154
  2⤵
  - Loads dropped DLL
  PID:2220
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 9748DB6BF44DEADEC0EE3F72CB3958EF
  2⤵
  - Loads dropped DLL
  PID:2224
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 3C23384526A00FEA5DCFC77F1649A8C8 C
  2⤵
  - Loads dropped DLL
  PID:4844
- C:\Windows\system32\srtasks.exe
  C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
  2⤵
  PID:2596
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 856B0CA7CE22AF554E74052473DD679E
  2⤵
  - Loads dropped DLL
  PID:1656

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
PID:1832

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\H1Emu © 2022\H1Emu Launcher\H1EmuLauncher.deps.json

Filesize
5KB

MD5
6ea27bddfe417c9717b9e055b9252ff4

SHA1
edfae607ba5880d5a802523cdc9a3f7216a67c95

SHA256
59156af6a3b974360dc0dcb2c28ba41f3651e26370aaea7962d3317b593e4b25

SHA512
6e4087c7942222b9bb1c22262df2b9a6c04b51749a0596a582b9112473c764ca4f1062a272fe9117a97680e22f06dc51b5854f4da1063513d7ad018a99dafe32

Download Submit
C:\Program Files (x86)\H1Emu © 2022\H1Emu Launcher\H1EmuLauncher.dll.config

Filesize
37KB

MD5
398d9f4cab0c7f291197d29e2eb18211

SHA1
6cf9fea2db160162c101baa95dec4cbf8cbcfea5

SHA256
3c99562a31e775235e31a6c865916878727cfd90f2fa02b635e88113ed58ccfa

SHA512
86555136dae39f8ea8487741df381c797a749175d297753d6d8c5f041d6d3486dad11862d9751787c0310bd477ddd5bb218b7ee6dfa7a5f3593da159a270c95a

Download Submit
C:\Program Files (x86)\H1Emu © 2022\H1Emu Launcher\H1EmuLauncher.exe

Filesize
257KB

MD5
4191c22486369af14fe9519557fb3dd9

SHA1
d0679870d03460b0a4df20a54455bdf2b1406d97

SHA256
1aea70afab2c5c0ebfabc8c0135c5a0d9b45700ade8054968263a4c21ab3cf53

SHA512
ffc7bdfe5daf40a11dedebd5de271b4f637582552d9070c39c057a56aff6d16659381b1c6f4e07005b64de03fe796ba4da19f28ab5bbc2df564a24e422e6845f

Download Submit
C:\Program Files (x86)\H1Emu © 2022\H1Emu Launcher\H1EmuLauncher.pdb

Filesize
79KB

MD5
e925692e2077cf4bc8c78f5d869155b4

SHA1
071532bf8a42aeaf75f55f17c1cf8074948ce9f6

SHA256
28d68e9e152b82085e3f34f499afb1786323860fc7c51446097ec1d5900ea47b

SHA512
fa871914ebff37c06566a77735f3e5af2cafa43cf32eb8431f7334af1995e277d46a981fed41d6abf554d45dccbba3069e3babe222ca8bcd8752d576104da8d0

Download Submit
C:\Program Files (x86)\H1Emu © 2022\H1Emu Launcher\H1EmuLauncher.runtimeconfig.json

Filesize
266B

MD5
d720176a229e9d969b40fabeb0baf62e

SHA1
f2d8e97a6c6098a10dd80553eaaef7547ad32ba3

SHA256
321b4e463bbacd6113aa337511bdebf5e7356e9971744346b28424607c7b483a

SHA512
0844f9aca147014a68248c43310bf97e0a0a3679fc84650aa0a27aa09f70f56fa071c0ace1be80f0e33ce4dd3f865eae11e946d98d21af916dc1a7f945acaba0

Download Submit
C:\Program Files (x86)\H1Emu © 2022\H1Emu Launcher\Icon.ico

Filesize
111KB

MD5
b7000064cfb5aea5832a06324d7fa675

SHA1
cf63e366f00e13856f34c2edf1dc5bd7098accaf

SHA256
8f0bf9b157751edfc5f6b22f00c338d07e88903ea82901c3f1fabf526e265c53

SHA512
33bcf07edc7fa04f1153217e25ad61e21d8995b759ac5517d66bc12b0553c299d5541e23432de4757a8a88a8817c473efb5cd6dc7b0c381f2def4fc5577750ec

Download Submit
C:\Program Files (x86)\H1Emu © 2022\H1Emu Launcher\Newtonsoft.Json.dll

Filesize
695KB

MD5
86a83a63f12b55fd3718cfbfb577d7dc

SHA1
3df82ebba50086de83aee27c63255e80f2d73f3b

SHA256
4816c4276f575e4d85b80633a0df2eadf29496fe00bdc33cd7843e61373bde0e

SHA512
ae0eac0477e4b6375b5266297e6503c9206e6327ecb476d3f54022daef92c015b6f33bc9a5423533d869f200ac71793aba14f197bd358a0fdd3129e2c00bec10

Download Submit
C:\Program Files (x86)\H1Emu © 2022\H1Emu Launcher\WpfAnimatedGif.dll

Filesize
42KB

MD5
bd86598613f23b58a5e11ce0023fb14a

SHA1
3fdfc27d65d4c271f40af0bebc88b894de83b2f8

SHA256
091c944f2db95521f9190319173f17848d515da8f5a2374a0ab680406ba65914

SHA512
26351713cd36f2504d32f0ca980c51fdc5c225b5ae4af1418a2cdf42aac285b82970d902dfbf3eb52c6600878ee594f76deadc30823f0048e689a83b56cc11eb

Download Submit
C:\Program Files (x86)\H1Emu © 2022\H1Emu Launcher\protobuf-net.Core.dll

Filesize
256KB

MD5
c1c206a431b0368a39e4175c8477cc74

SHA1
868b138572a4a92ee0fe25c44522e32b4eb10fe4

SHA256
c5412a4b1516fb0bf454516e9486a6d7b8be5e64237adf9a5e51811bf3946922

SHA512
8a90c9177188e78d1758199b5cd5f07be7893fb5945d209f638f63f342bbc3c55b292e96bbc4209bd6755018e1aa1714d4979e6d7175f242cae92f7bc509b73a

Download Submit
C:\Program Files\dotnet\host\fxr\6.0.13\hostfxr.dll

Filesize
366KB

MD5
381776a192f18c3c164d5dbdc4ebbe92

SHA1
73c009942e8fc82b51c6ebd471892c289d41e4ce

SHA256
7f5c6702f285a2047bb734d19e6152e16a3c493306a1c458fb3b2a95ef968642

SHA512
041dbe5f60b2d17c87adc5789bdb38f09691a4b0d39bbb549ef478614ab65cbf16aa8073212ff902402ff5211884d1c0f74ad1b16c80388048fd3f1f5f17b278

Download Submit
C:\Program Files\dotnet\host\fxr\6.0.13\hostfxr.dll

Filesize
366KB

MD5
381776a192f18c3c164d5dbdc4ebbe92

SHA1
73c009942e8fc82b51c6ebd471892c289d41e4ce

SHA256
7f5c6702f285a2047bb734d19e6152e16a3c493306a1c458fb3b2a95ef968642

SHA512
041dbe5f60b2d17c87adc5789bdb38f09691a4b0d39bbb549ef478614ab65cbf16aa8073212ff902402ff5211884d1c0f74ad1b16c80388048fd3f1f5f17b278

Download Submit
C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.13\Microsoft.NETCore.App.deps.json

Filesize
32KB

MD5
e9da7c46db119b2f6300589e3074aea3

SHA1
2162b6a23d357130edd6069bc9f04d1c0f9af844

SHA256
e7cf85269b86c55454846c4e149a82e34d0f3a4a328525a310b40f824ac9d73c

SHA512
81bac57c68490443ff7358bcb3d9062d03b9c29dd4069d9a0fd9a1d99fb5b30e3907795c929376823485bcefee41feff778140560dbae74fefc91eb7794889dd

Download Submit
C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.13\Microsoft.NETCore.App.runtimeconfig.json

Filesize
159B

MD5
3fbd84a952d4bab02e11fec7b2bbc90e

SHA1
e92de794f3c8d5a5a1a0b75318be9d5fb528d07d

SHA256
1b7aa545d9d3216979a9efe8d72967f6e559a9c6a22288d14444d6c5c4c15738

SHA512
c97c1da7ae94847d4edf11625dc5b5085838c3842a550310cca5c70ba54be907ff454ca1e0080ba451eacfc5954c3f778f8b4e26c0933e55c121c86c9a24400b

Download Submit
C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.13\hostpolicy.dll

Filesize
383KB

MD5
b07171691e318c66e771d9a802c4e3d9

SHA1
431c287d30d767a57b065990bda0e4c670265ac6

SHA256
be301da91eb5c89e700e0e2140b4853566f1dd433e45e79108284982c81e604e

SHA512
866976be183674aad91c5a2161960f58074db973f8f0c55ad2499cf25d9c70059e1614332ff3749ff6ec6818a0a0c5405a3bca12fd7f8cdebc4ff548527897bf

Download Submit
C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.13\hostpolicy.dll

Filesize
383KB

MD5
b07171691e318c66e771d9a802c4e3d9

SHA1
431c287d30d767a57b065990bda0e4c670265ac6

SHA256
be301da91eb5c89e700e0e2140b4853566f1dd433e45e79108284982c81e604e

SHA512
866976be183674aad91c5a2161960f58074db973f8f0c55ad2499cf25d9c70059e1614332ff3749ff6ec6818a0a0c5405a3bca12fd7f8cdebc4ff548527897bf

Download Submit
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.13\Microsoft.WindowsDesktop.App.deps.json

Filesize
30KB

MD5
b84e5eae0320023ea90e00392add8943

SHA1
811fc3edf34955ec17af852e5bbbbd9e2b86101d

SHA256
0776c7802a53d1f5b739c663db3d6f759f8fc1b76f7d7b1fd57bc7de2f58ca1c

SHA512
c394752b1afe8059b8cf5e063ba6cd5bb34b327d97ae70f2defa430c5770198438107c95d9ae867bbb5caa36f6009b0dbcc7bd4c876d5d9b07fd1fdce854030b

Download Submit
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.13\Microsoft.WindowsDesktop.App.runtimeconfig.json

Filesize
289B

MD5
3e5236881ec51ca11ffe87ab64648eef

SHA1
80141e33d0d6020ab0c5364ad961857001c88f9c

SHA256
20634e8a5bdce8b0c45f6327f746ad63ac833e7e91fd2e5e27fe90ab35bcad4c

SHA512
3ce704dcd135f3ab1021c8ebae8e413eab5fa07bc1c109c3d0235418eda032e05ca4e7dc1f1a184ceff6d7eed4eab2970b663ed83ae10d2a0d1772dcfef5f8f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\H1EmuLauncherSetup.msi

Filesize
71.9MB

MD5
dab15453db444a61581a5ac3e1d9141b

SHA1
5be0df8530055d93902e93b3bc7ee79d5f60ce10

SHA256
999c43a1141edcae5aa2c57040568dd528ab88346b86da395de4c49744a6d263

SHA512
da9333dcba60dce57a33cc5e7f32509eb8ee3161ad746d4d589928a883ae6964ec5b5b5e46075db91fc0aa30d272fc67d7de1c09eee607c4acbffd16cd4f7436

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\setup.exe

Filesize
694KB

MD5
e734950a732ad8e35ffb3a872c57dc71

SHA1
0b3d9d804fda9e0e05d78a8d77530f06cdfc5503

SHA256
e07f72f41f2377e56a2386c5423d7f2d0bb90b9f33dcea687181bafd904bfc7c

SHA512
74678f601d2229a48b3728f79eb1eac27e06b4f6137e5359389b7275410eef598ee2a11ec69622989b68f2a30a9bb7140460bb1eed922323e061bc55aac39826

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\setup.exe

Filesize
694KB

MD5
e734950a732ad8e35ffb3a872c57dc71

SHA1
0b3d9d804fda9e0e05d78a8d77530f06cdfc5503

SHA256
e07f72f41f2377e56a2386c5423d7f2d0bb90b9f33dcea687181bafd904bfc7c

SHA512
74678f601d2229a48b3728f79eb1eac27e06b4f6137e5359389b7275410eef598ee2a11ec69622989b68f2a30a9bb7140460bb1eed922323e061bc55aac39826

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIC30.tmp

Filesize
285KB

MD5
b77a2a2768b9cc78a71bbffb9812b978

SHA1
b70e27eb446fe1c3bc8ea03dabbee2739a782e04

SHA256
f74c97b1a53541b059d3bfafe41a79005ce5065f8210d7de9f1b600dc4e28aa0

SHA512
a8b16bc60f8559c78c64ca9e85cd7fd704bba1f55b362465b7accef1bb853d1c9616995a35f972256c57fbe877ce880398ba1fbceaa658604883aa12dcbc4f57

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIC30.tmp

Filesize
285KB

MD5
b77a2a2768b9cc78a71bbffb9812b978

SHA1
b70e27eb446fe1c3bc8ea03dabbee2739a782e04

SHA256
f74c97b1a53541b059d3bfafe41a79005ce5065f8210d7de9f1b600dc4e28aa0

SHA512
a8b16bc60f8559c78c64ca9e85cd7fd704bba1f55b362465b7accef1bb853d1c9616995a35f972256c57fbe877ce880398ba1fbceaa658604883aa12dcbc4f57

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSICBE.tmp

Filesize
285KB

MD5
b77a2a2768b9cc78a71bbffb9812b978

SHA1
b70e27eb446fe1c3bc8ea03dabbee2739a782e04

SHA256
f74c97b1a53541b059d3bfafe41a79005ce5065f8210d7de9f1b600dc4e28aa0

SHA512
a8b16bc60f8559c78c64ca9e85cd7fd704bba1f55b362465b7accef1bb853d1c9616995a35f972256c57fbe877ce880398ba1fbceaa658604883aa12dcbc4f57

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSICBE.tmp

Filesize
285KB

MD5
b77a2a2768b9cc78a71bbffb9812b978

SHA1
b70e27eb446fe1c3bc8ea03dabbee2739a782e04

SHA256
f74c97b1a53541b059d3bfafe41a79005ce5065f8210d7de9f1b600dc4e28aa0

SHA512
a8b16bc60f8559c78c64ca9e85cd7fd704bba1f55b362465b7accef1bb853d1c9616995a35f972256c57fbe877ce880398ba1fbceaa658604883aa12dcbc4f57

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_6.0.13_(x64)_20230204234122_000_dotnet_runtime_6.0.13_win_x64.msi.log

Filesize
2KB

MD5
7e54e41266e362a8fa59500aaf044d2f

SHA1
25c29776c8b7dbcad8e3bf846ee5b7c0cc3ffc17

SHA256
55c1f257cb4283341742e0357685639a61f9a02202c23c5c706170c0c248219e

SHA512
d0c33e90ebc5f0c58a6c1a58b6020c405da2538f77b13c5bf815acc8fd22783eb5ef94b2d94ed857bd30a5566e607f19bc551d2a41c16fabdeba35afbf297851

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_6.0.13_(x64)_20230204234122_001_dotnet_hostfxr_6.0.13_win_x64.msi.log

Filesize
2KB

MD5
77c2863cf748adc47d71164934bb0e47

SHA1
2dd20e0fcac6cb3e2e92f55010b17d042c25fc22

SHA256
f7b382a90919fc3ed73e480f61bb069caf0e9c2bcf060d9bfc2055658b25b59d

SHA512
3938c6beb109c1788a1b88a85c281e4f51dd8305956978ed62b177baa854e9a633fa451b5a66f194f103a038af75ba3d52ebdd02d9bed570e12c0fbd39e61799

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_6.0.13_(x64)_20230204234122_002_dotnet_host_6.0.13_win_x64.msi.log

Filesize
2KB

MD5
056cf1afb8368aa62fef42be6df12815

SHA1
2fa94cb60d8902df34fe797a87d7e715afc7cf8b

SHA256
18f7741683db69f97359e43486a51a42b0ea1db2615eb677673ed2740c1fd78f

SHA512
e9c6aed2ed67e9719a6c9ec716478031d3e33c2dfca0e4e7d7f042993df373ac0bc13418c00b4ffd9c2ce445c5dc6e7138b2187937b04206b21112aba5b53326

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_6.0.13_(x64)_20230204234122_003_windowsdesktop_runtime_6.0.13_win_x64.msi.log

Filesize
2KB

MD5
15109c21cea235bae88dbafae5d0ab6e

SHA1
0f7bd97ac4494396d8e18fa7bcb4cf7a9f7e9dad

SHA256
e76644bc469782bdb20fff2d5d04d9af620bcc3bba8966c32ba58acc22825a94

SHA512
a55c6836420dea0fc1c628c1c5ac2610ced745b47787b9db17125e5f90cc78728981c685d24edbf3739d6bf299fdfd25cc129d8c91add545cacda41c7b7b4605

Download Submit
C:\Users\Admin\AppData\Local\Temp\VSD766D.tmp\net6desktopruntime_x64\NetCoreCheck.exe

Filesize
141KB

MD5
f0cb8c49b000d90dd2f181affbf2b4e0

SHA1
4e5477e508329be2d65666669e87e5cc941bd268

SHA256
3e1c1d8c5540e45099a501c4bc910222618fc21563644bc9add00ea541b013f9

SHA512
af8b064216dd13b5e45aff330da1292d06498e6f37b04c7583f7e0badd635acac9a5750d94e6565537f8899dc80b4184f0fa040210688d508764607cc5768586

Download Submit
C:\Users\Admin\AppData\Local\Temp\VSD766D.tmp\net6desktopruntime_x64\NetCoreCheck.exe

Filesize
141KB

MD5
f0cb8c49b000d90dd2f181affbf2b4e0

SHA1
4e5477e508329be2d65666669e87e5cc941bd268

SHA256
3e1c1d8c5540e45099a501c4bc910222618fc21563644bc9add00ea541b013f9

SHA512
af8b064216dd13b5e45aff330da1292d06498e6f37b04c7583f7e0badd635acac9a5750d94e6565537f8899dc80b4184f0fa040210688d508764607cc5768586

Download Submit
C:\Users\Admin\AppData\Local\Temp\VSD766D.tmp\net6desktopruntime_x64\NetCoreCheck.exe

Filesize
141KB

MD5
f0cb8c49b000d90dd2f181affbf2b4e0

SHA1
4e5477e508329be2d65666669e87e5cc941bd268

SHA256
3e1c1d8c5540e45099a501c4bc910222618fc21563644bc9add00ea541b013f9

SHA512
af8b064216dd13b5e45aff330da1292d06498e6f37b04c7583f7e0badd635acac9a5750d94e6565537f8899dc80b4184f0fa040210688d508764607cc5768586

Download Submit
C:\Users\Admin\AppData\Local\Temp\VSD766D.tmp\net6desktopruntime_x64\NetCoreCheck.exe

Filesize
141KB

MD5
f0cb8c49b000d90dd2f181affbf2b4e0

SHA1
4e5477e508329be2d65666669e87e5cc941bd268

SHA256
3e1c1d8c5540e45099a501c4bc910222618fc21563644bc9add00ea541b013f9

SHA512
af8b064216dd13b5e45aff330da1292d06498e6f37b04c7583f7e0badd635acac9a5750d94e6565537f8899dc80b4184f0fa040210688d508764607cc5768586

Download Submit
C:\Users\Admin\AppData\Local\Temp\VSD766D.tmp\net6desktopruntime_x64\windowsdesktop-runtime-6.0.13-win-x64.exe

Filesize
54.5MB

MD5
7c37e8a464a8248889dadc710cc7585d

SHA1
f4d830e319074a0ccf5f7d4219297e4b1d4ac760

SHA256
a2e875d7734b468225da5786616bab5bede1b8c4e71c5dd2e4faffa83b34dec5

SHA512
1b44717a2784c6597aa2e1ec9e6bb54f295eab09457cd41e61ca917d45fd1797fb160765111a85cd7264efa392230ee45477a1d95bee0c108c41e8375cd51afd

Download Submit
C:\Users\Admin\AppData\Local\Temp\VSD766D.tmp\net6desktopruntime_x64\windowsdesktop-runtime-6.0.13-win-x64.exe

Filesize
54.5MB

MD5
7c37e8a464a8248889dadc710cc7585d

SHA1
f4d830e319074a0ccf5f7d4219297e4b1d4ac760

SHA256
a2e875d7734b468225da5786616bab5bede1b8c4e71c5dd2e4faffa83b34dec5

SHA512
1b44717a2784c6597aa2e1ec9e6bb54f295eab09457cd41e61ca917d45fd1797fb160765111a85cd7264efa392230ee45477a1d95bee0c108c41e8375cd51afd

Download Submit
C:\Windows\Installer\MSI1BC.tmp

Filesize
225KB

MD5
d711da8a6487aea301e05003f327879f

SHA1
548d3779ed3ab7309328f174bfb18d7768d27747

SHA256
3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

SHA512
c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

Download Submit
C:\Windows\Installer\MSI1BC.tmp

Filesize
225KB

MD5
d711da8a6487aea301e05003f327879f

SHA1
548d3779ed3ab7309328f174bfb18d7768d27747

SHA256
3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

SHA512
c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

Download Submit
C:\Windows\Installer\MSI8554.tmp

Filesize
285KB

MD5
b77a2a2768b9cc78a71bbffb9812b978

SHA1
b70e27eb446fe1c3bc8ea03dabbee2739a782e04

SHA256
f74c97b1a53541b059d3bfafe41a79005ce5065f8210d7de9f1b600dc4e28aa0

SHA512
a8b16bc60f8559c78c64ca9e85cd7fd704bba1f55b362465b7accef1bb853d1c9616995a35f972256c57fbe877ce880398ba1fbceaa658604883aa12dcbc4f57

Download Submit
C:\Windows\Installer\MSI8554.tmp

Filesize
285KB

MD5
b77a2a2768b9cc78a71bbffb9812b978

SHA1
b70e27eb446fe1c3bc8ea03dabbee2739a782e04

SHA256
f74c97b1a53541b059d3bfafe41a79005ce5065f8210d7de9f1b600dc4e28aa0

SHA512
a8b16bc60f8559c78c64ca9e85cd7fd704bba1f55b362465b7accef1bb853d1c9616995a35f972256c57fbe877ce880398ba1fbceaa658604883aa12dcbc4f57

Download Submit
C:\Windows\Installer\MSI866E.tmp

Filesize
285KB

MD5
b77a2a2768b9cc78a71bbffb9812b978

SHA1
b70e27eb446fe1c3bc8ea03dabbee2739a782e04

SHA256
f74c97b1a53541b059d3bfafe41a79005ce5065f8210d7de9f1b600dc4e28aa0

SHA512
a8b16bc60f8559c78c64ca9e85cd7fd704bba1f55b362465b7accef1bb853d1c9616995a35f972256c57fbe877ce880398ba1fbceaa658604883aa12dcbc4f57

Download Submit
C:\Windows\Installer\MSI866E.tmp

Filesize
285KB

MD5
b77a2a2768b9cc78a71bbffb9812b978

SHA1
b70e27eb446fe1c3bc8ea03dabbee2739a782e04

SHA256
f74c97b1a53541b059d3bfafe41a79005ce5065f8210d7de9f1b600dc4e28aa0

SHA512
a8b16bc60f8559c78c64ca9e85cd7fd704bba1f55b362465b7accef1bb853d1c9616995a35f972256c57fbe877ce880398ba1fbceaa658604883aa12dcbc4f57

Download Submit
C:\Windows\Installer\MSID060.tmp

Filesize
225KB

MD5
d711da8a6487aea301e05003f327879f

SHA1
548d3779ed3ab7309328f174bfb18d7768d27747

SHA256
3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

SHA512
c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

Download Submit
C:\Windows\Installer\MSID060.tmp

Filesize
225KB

MD5
d711da8a6487aea301e05003f327879f

SHA1
548d3779ed3ab7309328f174bfb18d7768d27747

SHA256
3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

SHA512
c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

Download Submit
C:\Windows\Installer\MSIDDBF.tmp

Filesize
225KB

MD5
d711da8a6487aea301e05003f327879f

SHA1
548d3779ed3ab7309328f174bfb18d7768d27747

SHA256
3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

SHA512
c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

Download Submit
C:\Windows\Installer\MSIDDBF.tmp

Filesize
225KB

MD5
d711da8a6487aea301e05003f327879f

SHA1
548d3779ed3ab7309328f174bfb18d7768d27747

SHA256
3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

SHA512
c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

Download Submit
C:\Windows\Installer\MSIE189.tmp

Filesize
225KB

MD5
d711da8a6487aea301e05003f327879f

SHA1
548d3779ed3ab7309328f174bfb18d7768d27747

SHA256
3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

SHA512
c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

Download Submit
C:\Windows\Installer\MSIE189.tmp

Filesize
225KB

MD5
d711da8a6487aea301e05003f327879f

SHA1
548d3779ed3ab7309328f174bfb18d7768d27747

SHA256
3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

SHA512
c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

Download Submit
C:\Windows\Installer\MSIE44A.tmp

Filesize
225KB

MD5
d711da8a6487aea301e05003f327879f

SHA1
548d3779ed3ab7309328f174bfb18d7768d27747

SHA256
3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

SHA512
c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

Download Submit
C:\Windows\Installer\MSIE44A.tmp

Filesize
225KB

MD5
d711da8a6487aea301e05003f327879f

SHA1
548d3779ed3ab7309328f174bfb18d7768d27747

SHA256
3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

SHA512
c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

Download Submit
C:\Windows\Installer\MSIE71A.tmp

Filesize
225KB

MD5
d711da8a6487aea301e05003f327879f

SHA1
548d3779ed3ab7309328f174bfb18d7768d27747

SHA256
3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

SHA512
c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

Download Submit
C:\Windows\Installer\MSIE71A.tmp

Filesize
225KB

MD5
d711da8a6487aea301e05003f327879f

SHA1
548d3779ed3ab7309328f174bfb18d7768d27747

SHA256
3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

SHA512
c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

Download Submit
C:\Windows\Installer\MSIEC6B.tmp

Filesize
225KB

MD5
d711da8a6487aea301e05003f327879f

SHA1
548d3779ed3ab7309328f174bfb18d7768d27747

SHA256
3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

SHA512
c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

Download Submit
C:\Windows\Installer\MSIEC6B.tmp

Filesize
225KB

MD5
d711da8a6487aea301e05003f327879f

SHA1
548d3779ed3ab7309328f174bfb18d7768d27747

SHA256
3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

SHA512
c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

Download Submit
C:\Windows\Installer\MSIF0C2.tmp

Filesize
225KB

MD5
d711da8a6487aea301e05003f327879f

SHA1
548d3779ed3ab7309328f174bfb18d7768d27747

SHA256
3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

SHA512
c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

Download Submit
C:\Windows\Installer\MSIF0C2.tmp

Filesize
225KB

MD5
d711da8a6487aea301e05003f327879f

SHA1
548d3779ed3ab7309328f174bfb18d7768d27747

SHA256
3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

SHA512
c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

Download Submit
C:\Windows\Temp\{257A1AD6-0F27-432E-B979-5E961B956226}\.cr\windowsdesktop-runtime-6.0.13-win-x64.exe

Filesize
610KB

MD5
1c09875664bc933007f858ba2dcc65ca

SHA1
e464a2e5e82fa8a2dccbbc2ae879b1e5a36a1189

SHA256
e4a80c05bed611d9e1241e3b03f33500b832b75034a0868fb1b87d88a3c42391

SHA512
c13a56968d4f7b88e40800d3180ed2f30e0f5603ae29416c9d0d2e50aeee9cfc4abdebb5868bf59fbc9232d7d8e8d680c48c86c6968d153ef4ca208ea84f7fcf

Download Submit
C:\Windows\Temp\{257A1AD6-0F27-432E-B979-5E961B956226}\.cr\windowsdesktop-runtime-6.0.13-win-x64.exe

Filesize
610KB

MD5
1c09875664bc933007f858ba2dcc65ca

SHA1
e464a2e5e82fa8a2dccbbc2ae879b1e5a36a1189

SHA256
e4a80c05bed611d9e1241e3b03f33500b832b75034a0868fb1b87d88a3c42391

SHA512
c13a56968d4f7b88e40800d3180ed2f30e0f5603ae29416c9d0d2e50aeee9cfc4abdebb5868bf59fbc9232d7d8e8d680c48c86c6968d153ef4ca208ea84f7fcf

Download Submit
C:\Windows\Temp\{A14F483A-BC0B-4432-90D4-EE4B603F88EE}\.ba\wixstdba.dll

Filesize
197KB

MD5
4356ee50f0b1a878e270614780ddf095

SHA1
b5c0915f023b2e4ed3e122322abc40c4437909af

SHA256
41a8787fdc9467f563438daba4131191aa1eb588a81beb9a89fe8bd886c16104

SHA512
b9e482efe9189683dabfc9feff8b386d7eba4ecf070f42a1eebee6052cfb181a19497f831f1ea6429cfcce1d4865a5d279b24bd738d702902e9887bb9f0c4691

Download Submit
C:\Windows\Temp\{A14F483A-BC0B-4432-90D4-EE4B603F88EE}\.be\windowsdesktop-runtime-6.0.13-win-x64.exe

Filesize
610KB

MD5
1c09875664bc933007f858ba2dcc65ca

SHA1
e464a2e5e82fa8a2dccbbc2ae879b1e5a36a1189

SHA256
e4a80c05bed611d9e1241e3b03f33500b832b75034a0868fb1b87d88a3c42391

SHA512
c13a56968d4f7b88e40800d3180ed2f30e0f5603ae29416c9d0d2e50aeee9cfc4abdebb5868bf59fbc9232d7d8e8d680c48c86c6968d153ef4ca208ea84f7fcf

Download Submit
C:\Windows\Temp\{A14F483A-BC0B-4432-90D4-EE4B603F88EE}\.be\windowsdesktop-runtime-6.0.13-win-x64.exe

Filesize
610KB

MD5
1c09875664bc933007f858ba2dcc65ca

SHA1
e464a2e5e82fa8a2dccbbc2ae879b1e5a36a1189

SHA256
e4a80c05bed611d9e1241e3b03f33500b832b75034a0868fb1b87d88a3c42391

SHA512
c13a56968d4f7b88e40800d3180ed2f30e0f5603ae29416c9d0d2e50aeee9cfc4abdebb5868bf59fbc9232d7d8e8d680c48c86c6968d153ef4ca208ea84f7fcf

Download Submit
C:\Windows\Temp\{A14F483A-BC0B-4432-90D4-EE4B603F88EE}\dotnet_host_6.0.13_win_x64.msi

Filesize
736KB

MD5
4e2da0053edf89b2b3eb75b1c629da84

SHA1
b7bc5ab94defce203711a544d615b48fb072faba

SHA256
5fc94f33ac39648a5788f69d93d11b31b2df2f0faff9ca93c8d184f10afeab17

SHA512
b081fb0d1c05ed0cad7a23ae82e75ea5bc0a02e9f1213b79a2f992538af26db42d04a001ee9abbebc07c29bce4a2fcfb2e264ea62c00c41a743a5156c1ee21d4

Download Submit
C:\Windows\Temp\{A14F483A-BC0B-4432-90D4-EE4B603F88EE}\dotnet_hostfxr_6.0.13_win_x64.msi

Filesize
804KB

MD5
c6de3476cf791eb894a55334b636763d

SHA1
b2d5ccbe7270378caa69488629df240be84a91de

SHA256
dea630108cd4a2b1a9777b9958c2e4fa7416b315d19646c46195c431c5b432a1

SHA512
50a7c2897975c277b1265c0d7c6419c14cec78e1910374af836550ac5ea064d33507809a11c917d67614ed1234b42b5d860d7ae943b5a3ca11ea8b32f62a221a

Download Submit
C:\Windows\Temp\{A14F483A-BC0B-4432-90D4-EE4B603F88EE}\dotnet_runtime_6.0.13_win_x64.msi

Filesize
25.7MB

MD5
c91d74f41cd6760829076752ead92560

SHA1
c903dfadf85025b9c02a65b9a4382ea85c5a460a

SHA256
c667c83c12109e96a025d5b1394a1d3cda3df4a520bcc73c7cef373f0e4088e5

SHA512
2520c30df18d63f92b83fbac107109122da81ea0db336a179a6673170e32d840ff67e673119bd2d4c6c86541d646248488d2410f1072ed69f51369ac8a51a918

Download Submit
C:\Windows\Temp\{A14F483A-BC0B-4432-90D4-EE4B603F88EE}\windowsdesktop_runtime_6.0.13_win_x64.msi

Filesize
28.4MB

MD5
64b5ee5ac0b4b2e719c19f3370c37f18

SHA1
8d19c7123cdac781f16c46866d88ad92f7879656

SHA256
57e08f7fbb456646880e870ab9e14bfa19e216b26da35e45ca800ee569cedacc

SHA512
fb91d564de20eac1f9c8818c9584cee5edd6a693560bc1a9817c2fec6e4e220654ad153375186ab543b18d8d38adb08c42cf47764f56c4747b49d1df66e41a81

Download Submit