d064edcda9fb79bec9fc86b03a4f6412736d955017822c631ad4275c9b0426aa

Analysis

max time kernel
221s
max time network
205s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
28-03-2023 08:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

pIGI+ 2.2.6.msi
Size

114.3MB
MD5

327b69c02a8283fed8d634b118baf20a
SHA1

09f06c814bc6d356a50fe86441769a31beb159d9
SHA256

d064edcda9fb79bec9fc86b03a4f6412736d955017822c631ad4275c9b0426aa
SHA512

63c40c0ed5aadd21c3de917bec4aa7c401991f3a085826794457ddd17e4b46e93680dcbda23f2d364250b9eb3a80ea0747e54006c6bf3b0c43202d788b6653a9
SSDEEP

3145728:SrwuzhAup25Be1TFyCIlU5HlBRW7ci/Kgpqh:aTuheDGlWljW7ci/Bqh

Score

7^/10

bootkit discovery persistence

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

windowsdesktop-runtime-6.0.13-win-x64.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation	windowsdesktop-runtime-6.0.13-win-x64.exe

Executes dropped EXE 4 IoCs

Processes:

windowsdesktop-runtime-6.0.13-win-x64.exewindowsdesktop-runtime-6.0.13-win-x64.exewindowsdesktop-runtime-6.0.13-win-x64.exeRunPigiPlus.exe

pid	process
548	windowsdesktop-runtime-6.0.13-win-x64.exe
1088	windowsdesktop-runtime-6.0.13-win-x64.exe
4968	windowsdesktop-runtime-6.0.13-win-x64.exe
2400	RunPigiPlus.exe

Loads dropped DLL 31 IoCs

Processes:

MsiExec.exewindowsdesktop-runtime-6.0.13-win-x64.exeMsiExec.exeMsiExec.exeMsiExec.exeMsiExec.exeMsiExec.exeRunPigiPlus.exe

pid	process
2596	MsiExec.exe
2596	MsiExec.exe
2596	MsiExec.exe
2596	MsiExec.exe
2596	MsiExec.exe
2596	MsiExec.exe
2596	MsiExec.exe
2596	MsiExec.exe
2596	MsiExec.exe
2596	MsiExec.exe
2596	MsiExec.exe
1088	windowsdesktop-runtime-6.0.13-win-x64.exe
4812	MsiExec.exe
4812	MsiExec.exe
4316	MsiExec.exe
4316	MsiExec.exe
1224	MsiExec.exe
1224	MsiExec.exe
1480	MsiExec.exe
1480	MsiExec.exe
4176	MsiExec.exe
4176	MsiExec.exe
4176	MsiExec.exe
4176	MsiExec.exe
4176	MsiExec.exe
2596	MsiExec.exe
2596	MsiExec.exe
2596	MsiExec.exe
2400	RunPigiPlus.exe
2400	RunPigiPlus.exe
2400	RunPigiPlus.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

windowsdesktop-runtime-6.0.13-win-x64.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce	windowsdesktop-runtime-6.0.13-win-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{96cf40b0-81d6-43ed-ad0e-611e67899196} = "\"C:\\ProgramData\\Package Cache\\{96cf40b0-81d6-43ed-ad0e-611e67899196}\\windowsdesktop-runtime-6.0.13-win-x64.exe\" /burn.runonce"	windowsdesktop-runtime-6.0.13-win-x64.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 48 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

msiexec.exemsiexec.exe

description	ioc	process
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1067

Processes:

RunPigiPlus.exe

description ioc process

File opened for modification \??\PhysicalDrive0 RunPigiPlus.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	RunPigiPlus.exe

Drops file in Program Files directory 64 IoCs

Processes:

msiexec.exe

description	ioc	process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.13\UIAutomationProvider.dll	msiexec.exe
File created	C:\Program Files (x86)\IGI ltd\pIGI+\Common.Utility.IO.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.13\de\WindowsFormsIntegration.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.13\es\UIAutomationClient.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.13\msquic.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.13\System.IO.Compression.FileSystem.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.13\System.Security.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.13\System.IO.FileSystem.DriveInfo.dll	msiexec.exe
File created	C:\Program Files\dotnet\dotnet.exe	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.13\ko\WindowsFormsIntegration.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\IGI ltd\pIGI+\ProjectAnalysisOverview.Implementation.dll	msiexec.exe
File created	C:\Program Files (x86)\IGI ltd\pIGI+\ProjectMigrator2\Microsoft.Extensions.Primitives.dll	msiexec.exe
File created	C:\Program Files (x86)\IGI ltd\pIGI+\ProjectMigrator2\runtimes\linux-musl-x64\native\libe_sqlite3.so	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.13\System.Net.Http.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.13\System.Drawing.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.13\fr\UIAutomationTypes.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.13\cs\System.Windows.Forms.Primitives.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\IGI ltd\pIGI+\Merlin.Utility.dll	msiexec.exe
File created	C:\Program Files (x86)\IGI ltd\pIGI+\Spreadsheet.Implementation.dll	msiexec.exe
File created	C:\Program Files (x86)\IGI ltd\pIGI+\ProjectMigrator2\SQLitePCLRaw.provider.e_sqlite3.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.13\System.Xml.Linq.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.13\System.Text.Encoding.Extensions.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.13\zh-Hant\UIAutomationClient.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.13\zh-Hant\System.Windows.Controls.Ribbon.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\IGI ltd\pIGI+\Microsoft.EntityFrameworkCore.Abstractions.dll	msiexec.exe
File created	C:\Program Files (x86)\IGI ltd\pIGI+\ProjectMigrator\dbup-core.dll	msiexec.exe
File created	C:\Program Files (x86)\IGI ltd\pIGI+\ProjectMigrator2\Microsoft.Extensions.Caching.Memory.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.13\api-ms-win-core-namedpipe-l1-1-0.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.13\pt-BR\System.Windows.Controls.Ribbon.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.13\de\UIAutomationTypes.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.13\cs\UIAutomationProvider.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.13\it\ReachFramework.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\IGI ltd\pIGI+\Common.Application.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.13\zh-Hant\System.Xaml.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\IGI ltd\pIGI+\Accord.Math.Core.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.13\System.ComponentModel.TypeConverter.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.13\System.Linq.Parallel.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.13\System.Linq.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.13\mscorrc.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.13\System.Net.NetworkInformation.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.13\api-ms-win-crt-locale-l1-1-0.dll	msiexec.exe
File created	C:\Program Files (x86)\IGI ltd\pIGI+\ProjectMigrator\dbup-sqlite.dll	msiexec.exe
File created	C:\Program Files (x86)\IGI ltd\pIGI+\runtimes\win-x86\native\e_sqlite3.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.13\System.Diagnostics.TraceSource.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.13\System.Xml.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.13\ja\WindowsFormsIntegration.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.13\zh-Hant\System.Windows.Forms.Design.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\IGI ltd\pIGI+\ProjectMigrator2\Microsoft.EntityFrameworkCore.Sqlite.dll	msiexec.exe
File created	C:\Program Files (x86)\IGI ltd\pIGI+\ProjectMigrator2\runtimes\osx-x64\native\libe_sqlite3.dylib	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.13\System.Security.Claims.dll	msiexec.exe
File created	C:\Program Files (x86)\IGI ltd\pIGI+\Microsoft.Bcl.AsyncInterfaces.dll	msiexec.exe
File created	C:\Program Files (x86)\IGI ltd\pIGI+\runtimes\win-x86\native\WebView2Loader.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.13\clretwrc.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.13\System.Net.WebSockets.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.13\PresentationFramework.Aero2.dll	msiexec.exe
File created	C:\Program Files (x86)\IGI ltd\pIGI+\Merge.Implementation.dll	msiexec.exe
File created	C:\Program Files (x86)\IGI ltd\pIGI+\System.Threading.Tasks.Extensions.dll	msiexec.exe
File created	C:\Program Files (x86)\IGI ltd\pIGI+\ProjectMigrator2\ProjectMigrator2.pdb	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.13\System.Text.Encoding.CodePages.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.13\System.Configuration.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.13\cs\PresentationUI.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\IGI ltd\pIGI+\GongSolutions.Wpf.DragDrop.dll	msiexec.exe
File created	C:\Program Files (x86)\IGI ltd\pIGI+\Microsoft.Extensions.Configuration.Abstractions.dll	msiexec.exe
File created	C:\Program Files (x86)\IGI ltd\pIGI+\msvcr100.dll	msiexec.exe

Drops file in Windows directory 43 IoCs

Processes:

msiexec.exe

description	ioc	process
File created	C:\Windows\Installer\e56ea8b.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIA507.tmp	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF4E4.tmp	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\Installer\e56ea8f.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIA556.tmp	msiexec.exe
File created	C:\Windows\Installer\SourceHash{58C56493-100E-462E-80D3-FC3425D4CA8C}	msiexec.exe
File opened for modification	C:\Windows\Installer\e56ea84.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e56ea88.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIC79.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIA672.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIAB16.tmp	msiexec.exe
File created	C:\Windows\Installer\e56ea87.msi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{8CDACE3C-0064-4A17-A02C-49F831D5F73A}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIECD.tmp	msiexec.exe
File created	C:\Windows\Installer\{58C56493-100E-462E-80D3-FC3425D4CA8C}\pigiplus.exe	msiexec.exe
File created	C:\Windows\Installer\e56ea96.msi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{5F0DB006-2AE3-4D36-8077-65247FD687D4}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI3EA.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSID55.tmp	msiexec.exe
File created	C:\Windows\Installer\e56ea8c.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e56ea8c.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI15D4.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI65C.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIA84.tmp	msiexec.exe
File created	C:\Windows\Installer\SourceHash{9511601E-12FF-4972-BF9C-2992F2CA5A32}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIA3FD.tmp	msiexec.exe
File created	C:\Windows\Installer\e56ea94.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e56ea94.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIA5B5.tmp	msiexec.exe
File created	C:\Windows\Installer\e56ea84.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e56ea90.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI1323.tmp	msiexec.exe
File created	C:\Windows\Installer\e56ea90.msi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{8484730A-68A4-4C63-93B4-52628D3B488D}	msiexec.exe
File created	C:\Windows\Installer\e56ea93.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI241D.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\{58C56493-100E-462E-80D3-FC3425D4CA8C}\pigiplus.exe	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIFB00.tmp	msiexec.exe
File created	C:\Windows\Installer\e56ea88.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI832.tmp	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 5 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

vssvc.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 000000000400000027c70fafd0cbe6b20000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff00000000270101000008000027c70faf0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3f000000ffffffff00000000070001000068090027c70faf000000000000d0120000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff00000000000000000000000027c70faf00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff00000000000000000000000027c70faf00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

RunPigiPlus.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RunPigiPlus.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	RunPigiPlus.exe

Modifies data under HKEY_USERS 12 IoCs

Processes:

msiexec.exe

description	ioc	process
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\1E\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1f	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\20	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\23	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\1F	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\20	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\21	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\21	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\22\52C64B7E	msiexec.exe

Modifies registry class 64 IoCs

Processes:

windowsdesktop-runtime-6.0.13-win-x64.exemsiexec.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{96cf40b0-81d6-43ed-ad0e-611e67899196}\ = "{96cf40b0-81d6-43ed-ad0e-611e67899196}"	windowsdesktop-runtime-6.0.13-win-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\C61AF4A983356BD7017B5363DF2BCFC2\C3ECADC8460071A40AC2948F135D7FA3	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_SharedHost_48.3.31210_x64\Dependents	windowsdesktop-runtime-6.0.13-win-x64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\39465C85E001E264083DCF43524DACC8\InstanceType = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\39465C85E001E264083DCF43524DACC8\PackageCode = "11E8620A03605944BBBED635CB12E326"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\dotnet_runtime_48.55.52137_x64\DisplayName = "Microsoft .NET Runtime - 6.0.13 (x64)"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\600BD0F53EA263D408775642F76D784D\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{5F0DB006-2AE3-4D36-8077-65247FD687D4}v48.55.52137\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\600BD0F53EA263D408775642F76D784D\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{5F0DB006-2AE3-4D36-8077-65247FD687D4}v48.55.52137\\"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E1061159FF212794FBC992292FACA523\Language = "1033"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E1061159FF212794FBC992292FACA523\Clients = 3a0000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\600BD0F53EA263D408775642F76D784D\PackageCode = "6583A622D1F67E64B836884A1D3E6C78"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C3ECADC8460071A40AC2948F135D7FA3\SourceList\PackageName = "dotnet-hostfxr-6.0.13-win-x64.msi"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\39465C85E001E264083DCF43524DACC8\ProductIcon = "C:\\Windows\\Installer\\{58C56493-100E-462E-80D3-FC3425D4CA8C}\\pigiplus.exe"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\39465C85E001E264083DCF43524DACC8\SourceList\Media	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\A03748484A8636C4394B2526D8B384D8	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\39465C85E001E264083DCF43524DACC8\SourceList\Media\DiskPrompt = "[1]"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{96cf40b0-81d6-43ed-ad0e-611e67899196}\DisplayName = "Microsoft Windows Desktop Runtime - 6.0.13 (x64)"	windowsdesktop-runtime-6.0.13-win-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\C3ECADC8460071A40AC2948F135D7FA3	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\094F9C7997352096B7082D27C35AD959	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\094F9C7997352096B7082D27C35AD959\E1061159FF212794FBC992292FACA523	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\windowsdesktop_runtime_48.55.53270_x64\Version = "48.55.53270"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_HostFxr_48.55.52137_x64\Version = "48.55.52137"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A03748484A8636C4394B2526D8B384D8\SourceList\Net	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\39465C85E001E264083DCF43524DACC8\Assignment = "1"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\dotnet_runtime_48.55.52137_x64\Dependents\{96cf40b0-81d6-43ed-ad0e-611e67899196}	windowsdesktop-runtime-6.0.13-win-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_SharedHost_48.3.31210_x64\DisplayName = "Microsoft .NET Host - 6.0.13 (x64)"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E1061159FF212794FBC992292FACA523\PackageCode = "7C9D16C6A32B9544D8C0852A372E34EB"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A03748484A8636C4394B2526D8B384D8\DeploymentFlags = "3"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IGI ltd.pIGI+.pigi\shell\open\command\ = "\"C:\\Program Files (x86)\\IGI ltd\\pIGI+\\RunPigiPlus.exe\" \"%1\""	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\A03748484A8636C4394B2526D8B384D8\MainFeature	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\windowsdesktop_runtime_48.55.53270_x64\Dependents	windowsdesktop-runtime-6.0.13-win-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\39465C85E001E264083DCF43524DACC8	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\600BD0F53EA263D408775642F76D784D\InstanceType = "0"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C3ECADC8460071A40AC2948F135D7FA3\Version = "808962985"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C3ECADC8460071A40AC2948F135D7FA3\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{8CDACE3C-0064-4A17-A02C-49F831D5F73A}v48.55.52137\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Dotnet_CLI_HostFxr_48.55.52137_x64	windowsdesktop-runtime-6.0.13-win-x64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E1061159FF212794FBC992292FACA523\Version = "808962985"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A03748484A8636C4394B2526D8B384D8\Clients = 3a0000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IGI ltd.pIGI+.pigi\shell\open\ = "&Open"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\39465C85E001E264083DCF43524DACC8\SourceList\Net	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\600BD0F53EA263D408775642F76D784D\Provider	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\600BD0F53EA263D408775642F76D784D\ProductName = "Microsoft .NET Runtime - 6.0.13 (x64)"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C3ECADC8460071A40AC2948F135D7FA3\Language = "1033"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\E1061159FF212794FBC992292FACA523	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\windowsdesktop_runtime_48.55.53270_x64\DisplayName = "Microsoft Windows Desktop Runtime - 6.0.13 (x64)"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IGI ltd.pIGI+.pigi\shell\ = "open"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\39465C85E001E264083DCF43524DACC8\ProductName = "pIGI+"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\DEB184E701F32ED41800FBE4FBB2896C\39465C85E001E264083DCF43524DACC8	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\windowsdesktop_runtime_48.55.53270_x64\Dependents\{96cf40b0-81d6-43ed-ad0e-611e67899196}	windowsdesktop-runtime-6.0.13-win-x64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\39465C85E001E264083DCF43524DACC8\Language = "2057"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C3ECADC8460071A40AC2948F135D7FA3\ProductName = "Microsoft .NET Host FX Resolver - 6.0.13 (x64)"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C3ECADC8460071A40AC2948F135D7FA3\InstanceType = "0"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Dotnet_CLI_SharedHost_48.3.31210_x64	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_SharedHost_48.3.31210_x64\ = "{9511601E-12FF-4972-BF9C-2992F2CA5A32}"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\7AAC419AA63514254F7B5A2BAD664AB5	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\dotnet_runtime_48.55.52137_x64	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\600BD0F53EA263D408775642F76D784D\AuthorizedLUAApp = "0"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C3ECADC8460071A40AC2948F135D7FA3\SourceList\Media	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\DEB184E701F32ED41800FBE4FBB2896C	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E1061159FF212794FBC992292FACA523\SourceList	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.pigi2\ = "IGI ltd.pIGI+.pigi"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\39465C85E001E264083DCF43524DACC8\MainFeature	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\600BD0F53EA263D408775642F76D784D\Assignment = "1"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\600BD0F53EA263D408775642F76D784D\Clients = 3a0000000000	msiexec.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msiexec.exe

pid	process
1636	msiexec.exe
1636	msiexec.exe
1636	msiexec.exe
1636	msiexec.exe
1636	msiexec.exe
1636	msiexec.exe
1636	msiexec.exe
1636	msiexec.exe
1636	msiexec.exe
1636	msiexec.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

msiexec.exemsiexec.exe

description	pid	process
Token: SeShutdownPrivilege	1676	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1676	msiexec.exe
Token: SeSecurityPrivilege	1636	msiexec.exe
Token: SeCreateTokenPrivilege	1676	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	1676	msiexec.exe
Token: SeLockMemoryPrivilege	1676	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1676	msiexec.exe
Token: SeMachineAccountPrivilege	1676	msiexec.exe
Token: SeTcbPrivilege	1676	msiexec.exe
Token: SeSecurityPrivilege	1676	msiexec.exe
Token: SeTakeOwnershipPrivilege	1676	msiexec.exe
Token: SeLoadDriverPrivilege	1676	msiexec.exe
Token: SeSystemProfilePrivilege	1676	msiexec.exe
Token: SeSystemtimePrivilege	1676	msiexec.exe
Token: SeProfSingleProcessPrivilege	1676	msiexec.exe
Token: SeIncBasePriorityPrivilege	1676	msiexec.exe
Token: SeCreatePagefilePrivilege	1676	msiexec.exe
Token: SeCreatePermanentPrivilege	1676	msiexec.exe
Token: SeBackupPrivilege	1676	msiexec.exe
Token: SeRestorePrivilege	1676	msiexec.exe
Token: SeShutdownPrivilege	1676	msiexec.exe
Token: SeDebugPrivilege	1676	msiexec.exe
Token: SeAuditPrivilege	1676	msiexec.exe
Token: SeSystemEnvironmentPrivilege	1676	msiexec.exe
Token: SeChangeNotifyPrivilege	1676	msiexec.exe
Token: SeRemoteShutdownPrivilege	1676	msiexec.exe
Token: SeUndockPrivilege	1676	msiexec.exe
Token: SeSyncAgentPrivilege	1676	msiexec.exe
Token: SeEnableDelegationPrivilege	1676	msiexec.exe
Token: SeManageVolumePrivilege	1676	msiexec.exe
Token: SeImpersonatePrivilege	1676	msiexec.exe
Token: SeCreateGlobalPrivilege	1676	msiexec.exe
Token: SeCreateTokenPrivilege	1676	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	1676	msiexec.exe
Token: SeLockMemoryPrivilege	1676	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1676	msiexec.exe
Token: SeMachineAccountPrivilege	1676	msiexec.exe
Token: SeTcbPrivilege	1676	msiexec.exe
Token: SeSecurityPrivilege	1676	msiexec.exe
Token: SeTakeOwnershipPrivilege	1676	msiexec.exe
Token: SeLoadDriverPrivilege	1676	msiexec.exe
Token: SeSystemProfilePrivilege	1676	msiexec.exe
Token: SeSystemtimePrivilege	1676	msiexec.exe
Token: SeProfSingleProcessPrivilege	1676	msiexec.exe
Token: SeIncBasePriorityPrivilege	1676	msiexec.exe
Token: SeCreatePagefilePrivilege	1676	msiexec.exe
Token: SeCreatePermanentPrivilege	1676	msiexec.exe
Token: SeBackupPrivilege	1676	msiexec.exe
Token: SeRestorePrivilege	1676	msiexec.exe
Token: SeShutdownPrivilege	1676	msiexec.exe
Token: SeDebugPrivilege	1676	msiexec.exe
Token: SeAuditPrivilege	1676	msiexec.exe
Token: SeSystemEnvironmentPrivilege	1676	msiexec.exe
Token: SeChangeNotifyPrivilege	1676	msiexec.exe
Token: SeRemoteShutdownPrivilege	1676	msiexec.exe
Token: SeUndockPrivilege	1676	msiexec.exe
Token: SeSyncAgentPrivilege	1676	msiexec.exe
Token: SeEnableDelegationPrivilege	1676	msiexec.exe
Token: SeManageVolumePrivilege	1676	msiexec.exe
Token: SeImpersonatePrivilege	1676	msiexec.exe
Token: SeCreateGlobalPrivilege	1676	msiexec.exe
Token: SeCreateTokenPrivilege	1676	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	1676	msiexec.exe
Token: SeLockMemoryPrivilege	1676	msiexec.exe

Suspicious use of FindShellTrayWindow 3 IoCs

Processes:

msiexec.exewindowsdesktop-runtime-6.0.13-win-x64.exe

pid process

1676 msiexec.exe
1088 windowsdesktop-runtime-6.0.13-win-x64.exe
1676 msiexec.exe

pid	process
1676	msiexec.exe
1088	windowsdesktop-runtime-6.0.13-win-x64.exe
1676	msiexec.exe

Suspicious use of WriteProcessMemory 29 IoCs

Processes:

msiexec.exeMsiExec.exewindowsdesktop-runtime-6.0.13-win-x64.exewindowsdesktop-runtime-6.0.13-win-x64.exe

description	pid	process	target process
PID 1636 wrote to memory of 2596	1636	msiexec.exe	MsiExec.exe
PID 1636 wrote to memory of 2596	1636	msiexec.exe	MsiExec.exe
PID 1636 wrote to memory of 2596	1636	msiexec.exe	MsiExec.exe
PID 2596 wrote to memory of 548	2596	MsiExec.exe	windowsdesktop-runtime-6.0.13-win-x64.exe
PID 2596 wrote to memory of 548	2596	MsiExec.exe	windowsdesktop-runtime-6.0.13-win-x64.exe
PID 2596 wrote to memory of 548	2596	MsiExec.exe	windowsdesktop-runtime-6.0.13-win-x64.exe
PID 548 wrote to memory of 1088	548	windowsdesktop-runtime-6.0.13-win-x64.exe	windowsdesktop-runtime-6.0.13-win-x64.exe
PID 548 wrote to memory of 1088	548	windowsdesktop-runtime-6.0.13-win-x64.exe	windowsdesktop-runtime-6.0.13-win-x64.exe
PID 548 wrote to memory of 1088	548	windowsdesktop-runtime-6.0.13-win-x64.exe	windowsdesktop-runtime-6.0.13-win-x64.exe
PID 1088 wrote to memory of 4968	1088	windowsdesktop-runtime-6.0.13-win-x64.exe	windowsdesktop-runtime-6.0.13-win-x64.exe
PID 1088 wrote to memory of 4968	1088	windowsdesktop-runtime-6.0.13-win-x64.exe	windowsdesktop-runtime-6.0.13-win-x64.exe
PID 1088 wrote to memory of 4968	1088	windowsdesktop-runtime-6.0.13-win-x64.exe	windowsdesktop-runtime-6.0.13-win-x64.exe
PID 1636 wrote to memory of 4812	1636	msiexec.exe	MsiExec.exe
PID 1636 wrote to memory of 4812	1636	msiexec.exe	MsiExec.exe
PID 1636 wrote to memory of 4812	1636	msiexec.exe	MsiExec.exe
PID 1636 wrote to memory of 4316	1636	msiexec.exe	MsiExec.exe
PID 1636 wrote to memory of 4316	1636	msiexec.exe	MsiExec.exe
PID 1636 wrote to memory of 4316	1636	msiexec.exe	MsiExec.exe
PID 1636 wrote to memory of 1224	1636	msiexec.exe	MsiExec.exe
PID 1636 wrote to memory of 1224	1636	msiexec.exe	MsiExec.exe
PID 1636 wrote to memory of 1224	1636	msiexec.exe	MsiExec.exe
PID 1636 wrote to memory of 1480	1636	msiexec.exe	MsiExec.exe
PID 1636 wrote to memory of 1480	1636	msiexec.exe	MsiExec.exe
PID 1636 wrote to memory of 1480	1636	msiexec.exe	MsiExec.exe
PID 1636 wrote to memory of 4408	1636	msiexec.exe	srtasks.exe
PID 1636 wrote to memory of 4408	1636	msiexec.exe	srtasks.exe
PID 1636 wrote to memory of 4176	1636	msiexec.exe	MsiExec.exe
PID 1636 wrote to memory of 4176	1636	msiexec.exe	MsiExec.exe
PID 1636 wrote to memory of 4176	1636	msiexec.exe	MsiExec.exe

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\msiexec.exe
msiexec.exe /I "C:\Users\Admin\AppData\Local\Temp\pIGI+ 2.2.6.msi"
1⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1676

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1636

C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 7CE67177F9A5CC1C98D2424F07947134 C
2⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2596

C:\Users\Admin\AppData\Roaming\IGI ltd\pIGI+\prerequisites\.NET 6.0\windowsdesktop-runtime-6.0.13-win-x64.exe
"C:\Users\Admin\AppData\Roaming\IGI ltd\pIGI+\prerequisites\.NET 6.0\windowsdesktop-runtime-6.0.13-win-x64.exe"
3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:548

C:\Windows\Temp\{3C23F8DD-9B9A-4541-BBF0-B6E84CEF4070}\.cr\windowsdesktop-runtime-6.0.13-win-x64.exe
"C:\Windows\Temp\{3C23F8DD-9B9A-4541-BBF0-B6E84CEF4070}\.cr\windowsdesktop-runtime-6.0.13-win-x64.exe" -burn.clean.room="C:\Users\Admin\AppData\Roaming\IGI ltd\pIGI+\prerequisites\.NET 6.0\windowsdesktop-runtime-6.0.13-win-x64.exe" -burn.filehandle.attached=540 -burn.filehandle.self=548
4⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1088

C:\Windows\Temp\{1D1E25AD-EA37-4608-9BFF-5654D2693A27}\.be\windowsdesktop-runtime-6.0.13-win-x64.exe
"C:\Windows\Temp\{1D1E25AD-EA37-4608-9BFF-5654D2693A27}\.be\windowsdesktop-runtime-6.0.13-win-x64.exe" -q -burn.elevated BurnPipe.{95060DDB-37EB-46B8-A150-E99E113BC1F2} {C010D537-3A25-4B39-A04B-6DC28EBB621A} 1088
5⤵
- Executes dropped EXE
- Adds Run key to start application
- Modifies registry class
PID:4968

C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 5B9113480FBB95C4BC618123FB119685
2⤵
- Loads dropped DLL
PID:4812

C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 57D4CF1A8E6AF72E5C2C265754B63F38
2⤵
- Loads dropped DLL
PID:4316

C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 172E310EDE16C956A6FEC3B95B88AA95
2⤵
- Loads dropped DLL
PID:1224

C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding C07B2187701D17B1A294316113410F3B
2⤵
- Loads dropped DLL
PID:1480

C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
2⤵
PID:4408

C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 906C490D0F7370FAECB30BAD5D51CE05
2⤵
- Loads dropped DLL
PID:4176

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
PID:4864

C:\Program Files (x86)\IGI ltd\pIGI+\RunPigiPlus.exe
"C:\Program Files (x86)\IGI ltd\pIGI+\RunPigiPlus.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Enumerates system info in registry
PID:2400

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Bootkit

T1067

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Peripheral Device Discovery

T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e56ea86.rbs
Filesize
56KB

MD5
d713372056a53549d1ff7bd45c61f8e0

SHA1
8eeb6a1990cd36f2b970632e975805212a695540

SHA256
8ba523bbf405873652166cceaaab5b2f6830a04a27567905fb57ac2dfc0c7335

SHA512
f43ea001b128040fad93261ca05e0730eaa182aff1fa808af6d21a0d3c2fedba02bd6a81a35c6aa45105aee256fcb76bf16830b8005f12871b798ae877c80a38

Download Submit
C:\Config.Msi\e56ea8a.rbs
Filesize
8KB

MD5
97d865045dee94707a90e9434fd8abca

SHA1
26b94417cbb7c80d9b47aa0b96b9c204015899bf

SHA256
fd65304e135fa0692b61a756da2ca49985b5f495a934e77b79341a6b1e727b4d

SHA512
23fa80862a83a7368002514f11462bf9cc18024b1a0837dbff037918805bdc64b06c039c8ceac4a5b87c8a9bf331bce3c7aec259944847845f112adc7837ac4e

Download Submit
C:\Config.Msi\e56ea8e.rbs
Filesize
10KB

MD5
246c98085a17f60ea74352d3fa09da79

SHA1
5a7390287997b43b9b9db0dc4489254186f8bca9

SHA256
dd56e4ea682908300e525df99d53fc20af0d977fc6cb35c5932f2ab849517721

SHA512
4f4806a53c7a5baf61b78ed99d71afd42dc55b433de428c29b55004de8f36e32558b423b7b03425cf9fa3858db79ec1ed06f0aca3dd907be3328b9b281798c4c

Download Submit
C:\Config.Msi\e56ea92.rbs
Filesize
87KB

MD5
b8a68ff8860905f7b80de8beed458446

SHA1
629e1e735bd178a12f4c04c6a64566d2385aef21

SHA256
fccf10e4bd899cf115a260f2e646bca69f1e9158c7a2bf9d3289fbfd176f95a7

SHA512
f3528dd2235703cb8add893695205386a803758f1603ea365ebdcc26a0327316eb530903d5372a81da4cc3681dec4aa55ceb9967b3da84f41eae937b14c9b4fe

Download Submit
C:\Config.Msi\e56ea95.rbs
Filesize
60KB

MD5
9d42685b56f0f1cfc3ec860a239dfd53

SHA1
c2cfeb0fafa872b998f5cd213b15c3aa951e577f

SHA256
31eb1f61d74d27e52257e282b8244d37767fc9f859a2d87fbea3a4dfdff4374d

SHA512
e02808388750389b3038e9166c21dd9b6a55c8fafdc32fcd86e2f5e13b524f72f494625961cf5f689c5981fa33b3d27a2faa6740bded7211663862258d282b32

Download Submit
C:\Program Files (x86)\IGI ltd\pIGI+\RunPigiPlus.exe
Filesize
368KB

MD5
8a88af1a47b415eb0f7cdb0f674d2d7f

SHA1
f2586bd3dce1eef41abba102507fe8ffcec527dd

SHA256
88b41f723f282479d9c3a4494dc357acffb841394bc5b386104256f567854d07

SHA512
e40ed8c084c09b629e9da43133d39149da88f6c7765f0ce89d92b15681edbcd5b1bb1801552c1ea1c98630dac0e49b02b70fb1b0b5a4d434fa964a9cd766a40d

Download Submit
C:\Program Files\dotnet\LICENSE.txt
Filesize
9KB

MD5
31c5a77b3c57c8c2e82b9541b00bcd5a

SHA1
153d4bc14e3a2c1485006f1752e797ca8684d06d

SHA256
7f6839a61ce892b79c6549e2dc5a81fdbd240a0b260f8881216b45b7fda8b45d

SHA512
ad33e3c0c3b060ad44c5b1b712c991b2d7042f6a60dc691c014d977c922a7e3a783ba9bade1a34de853c271fde1fb75bc2c47869acd863a40be3a6c6d754c0a6

Download Submit
C:\Program Files\dotnet\ThirdPartyNotices.txt
Filesize
78KB

MD5
f77a4aecfaf4640d801eb6dcdfddc478

SHA1
7424710f255f6205ef559e4d7e281a3b701183bb

SHA256
d5db0ed54363e40717ae09e746dec99ad5b09223cc1273bb870703176dd226b7

SHA512
1b729dfa561899980ba8b15128ea39bc1e609fe07b30b283001fd9cf9da62885d78c18082d0085edd81f09203f878549b48f7f888a8486a2a526b134c849fd6b

Download Submit
C:\ProgramData\SafeNet Sentinel\Sentinel RMS Development Kit\System\grcauth2.dll
Filesize
1024B

MD5
5766ba4f4833df68e4f18a69305924c3

SHA1
b706748cd5c3a256d9cb63126823f90fc1ab8566

SHA256
367e87fd07aeb4193ad1241d9809c5e2425d40a58409fe1cb32b731c83a9392f

SHA512
8408fa35eb83abe0e7807058997721846a7f883bc4acf1fb8084d423bc781c4d102d510eb93ad952d956bc24e713578a5e195ea48a231d697314fb5ccd7c964d

Download Submit
C:\ProgramData\SafeNet Sentinel\Sentinel RMS Development Kit\System\prsgrc.dll
Filesize
148B

MD5
4854995261e09e60d14dc7273801b13b

SHA1
400ba2afba33c551e3407bd387238f0b5ece2406

SHA256
5a09cc5fee28dc87247bb435d9ceb5e1636ac5a49bf4d08caae74463774f00c7

SHA512
fb11568553e48aae10a91a28e35362fd2f9e0a5d051d2826802e6c7c8e392c3bdf6e34c5d1a71e25832d196b0cd26153621a2882d31868a226a71edd479c7f98

Download Submit
C:\ProgramData\SafeNet Sentinel\Sentinel RMS Development Kit\System\prsgrc.tgz
Filesize
162B

MD5
7d0beb710e51b5e2e22e1621f1fdb22c

SHA1
a8367d727673028a973d95dc33bd9323ee80c129

SHA256
e646593def4ab46953b66d757c274326e5ee1f14c5b2403406f80380dffcfb91

SHA512
e0625517ae58c540f552698572a500346f2cf0477e93a93b4498661128d36f4a1e9d989c13e406b49d4105fc453b9c6f7f1486de36205d5c1a26fbdb61eb9b6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI760F.tmp
Filesize
584KB

MD5
ad6faed544d1f3b892268e4b47425736

SHA1
e893ad7e0b52f03cedd0f94a8b9655459286083c

SHA256
759936d197e6098be606432002b78067c3feb2dbc294f5776b1c8c3a38314f0b

SHA512
0a752417f5e3789fee92c6d755a0c34317b82cb0cb9995ba7b5f102b4e85ad0d48206d66cb766f48a767be2349c546b51e963ee6e032446447b29868943b2af5

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI760F.tmp
Filesize
584KB

MD5
ad6faed544d1f3b892268e4b47425736

SHA1
e893ad7e0b52f03cedd0f94a8b9655459286083c

SHA256
759936d197e6098be606432002b78067c3feb2dbc294f5776b1c8c3a38314f0b

SHA512
0a752417f5e3789fee92c6d755a0c34317b82cb0cb9995ba7b5f102b4e85ad0d48206d66cb766f48a767be2349c546b51e963ee6e032446447b29868943b2af5

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI7C0C.tmp
Filesize
584KB

MD5
ad6faed544d1f3b892268e4b47425736

SHA1
e893ad7e0b52f03cedd0f94a8b9655459286083c

SHA256
759936d197e6098be606432002b78067c3feb2dbc294f5776b1c8c3a38314f0b

SHA512
0a752417f5e3789fee92c6d755a0c34317b82cb0cb9995ba7b5f102b4e85ad0d48206d66cb766f48a767be2349c546b51e963ee6e032446447b29868943b2af5

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI7C0C.tmp
Filesize
584KB

MD5
ad6faed544d1f3b892268e4b47425736

SHA1
e893ad7e0b52f03cedd0f94a8b9655459286083c

SHA256
759936d197e6098be606432002b78067c3feb2dbc294f5776b1c8c3a38314f0b

SHA512
0a752417f5e3789fee92c6d755a0c34317b82cb0cb9995ba7b5f102b4e85ad0d48206d66cb766f48a767be2349c546b51e963ee6e032446447b29868943b2af5

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI7D35.tmp
Filesize
584KB

MD5
ad6faed544d1f3b892268e4b47425736

SHA1
e893ad7e0b52f03cedd0f94a8b9655459286083c

SHA256
759936d197e6098be606432002b78067c3feb2dbc294f5776b1c8c3a38314f0b

SHA512
0a752417f5e3789fee92c6d755a0c34317b82cb0cb9995ba7b5f102b4e85ad0d48206d66cb766f48a767be2349c546b51e963ee6e032446447b29868943b2af5

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI7D35.tmp
Filesize
584KB

MD5
ad6faed544d1f3b892268e4b47425736

SHA1
e893ad7e0b52f03cedd0f94a8b9655459286083c

SHA256
759936d197e6098be606432002b78067c3feb2dbc294f5776b1c8c3a38314f0b

SHA512
0a752417f5e3789fee92c6d755a0c34317b82cb0cb9995ba7b5f102b4e85ad0d48206d66cb766f48a767be2349c546b51e963ee6e032446447b29868943b2af5

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI7D35.tmp
Filesize
584KB

MD5
ad6faed544d1f3b892268e4b47425736

SHA1
e893ad7e0b52f03cedd0f94a8b9655459286083c

SHA256
759936d197e6098be606432002b78067c3feb2dbc294f5776b1c8c3a38314f0b

SHA512
0a752417f5e3789fee92c6d755a0c34317b82cb0cb9995ba7b5f102b4e85ad0d48206d66cb766f48a767be2349c546b51e963ee6e032446447b29868943b2af5

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI7D75.tmp
Filesize
584KB

MD5
ad6faed544d1f3b892268e4b47425736

SHA1
e893ad7e0b52f03cedd0f94a8b9655459286083c

SHA256
759936d197e6098be606432002b78067c3feb2dbc294f5776b1c8c3a38314f0b

SHA512
0a752417f5e3789fee92c6d755a0c34317b82cb0cb9995ba7b5f102b4e85ad0d48206d66cb766f48a767be2349c546b51e963ee6e032446447b29868943b2af5

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI7D75.tmp
Filesize
584KB

MD5
ad6faed544d1f3b892268e4b47425736

SHA1
e893ad7e0b52f03cedd0f94a8b9655459286083c

SHA256
759936d197e6098be606432002b78067c3feb2dbc294f5776b1c8c3a38314f0b

SHA512
0a752417f5e3789fee92c6d755a0c34317b82cb0cb9995ba7b5f102b4e85ad0d48206d66cb766f48a767be2349c546b51e963ee6e032446447b29868943b2af5

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI7DC4.tmp
Filesize
584KB

MD5
ad6faed544d1f3b892268e4b47425736

SHA1
e893ad7e0b52f03cedd0f94a8b9655459286083c

SHA256
759936d197e6098be606432002b78067c3feb2dbc294f5776b1c8c3a38314f0b

SHA512
0a752417f5e3789fee92c6d755a0c34317b82cb0cb9995ba7b5f102b4e85ad0d48206d66cb766f48a767be2349c546b51e963ee6e032446447b29868943b2af5

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI7DC4.tmp
Filesize
584KB

MD5
ad6faed544d1f3b892268e4b47425736

SHA1
e893ad7e0b52f03cedd0f94a8b9655459286083c

SHA256
759936d197e6098be606432002b78067c3feb2dbc294f5776b1c8c3a38314f0b

SHA512
0a752417f5e3789fee92c6d755a0c34317b82cb0cb9995ba7b5f102b4e85ad0d48206d66cb766f48a767be2349c546b51e963ee6e032446447b29868943b2af5

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI7F1D.tmp
Filesize
709KB

MD5
205434c8070719c44bbb463a86ca9280

SHA1
ea2237bc8ce1cd27594c2b7589c88c8ff7b40a59

SHA256
c07d1b7cd5450153d3f158166ae703cb5f2f6569e081991a1c1888091318638e

SHA512
5dab5ce82f4d7b0f5b59339d89ee809416e63fb42d6243570b3809a6fb56b83e3e1f77f3af0c7348fefc0a232a9aea9ed75e8d879c8488b4c36d863d8e02d902

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI7F1D.tmp
Filesize
709KB

MD5
205434c8070719c44bbb463a86ca9280

SHA1
ea2237bc8ce1cd27594c2b7589c88c8ff7b40a59

SHA256
c07d1b7cd5450153d3f158166ae703cb5f2f6569e081991a1c1888091318638e

SHA512
5dab5ce82f4d7b0f5b59339d89ee809416e63fb42d6243570b3809a6fb56b83e3e1f77f3af0c7348fefc0a232a9aea9ed75e8d879c8488b4c36d863d8e02d902

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI7FAA.tmp
Filesize
584KB

MD5
ad6faed544d1f3b892268e4b47425736

SHA1
e893ad7e0b52f03cedd0f94a8b9655459286083c

SHA256
759936d197e6098be606432002b78067c3feb2dbc294f5776b1c8c3a38314f0b

SHA512
0a752417f5e3789fee92c6d755a0c34317b82cb0cb9995ba7b5f102b4e85ad0d48206d66cb766f48a767be2349c546b51e963ee6e032446447b29868943b2af5

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI7FAA.tmp
Filesize
584KB

MD5
ad6faed544d1f3b892268e4b47425736

SHA1
e893ad7e0b52f03cedd0f94a8b9655459286083c

SHA256
759936d197e6098be606432002b78067c3feb2dbc294f5776b1c8c3a38314f0b

SHA512
0a752417f5e3789fee92c6d755a0c34317b82cb0cb9995ba7b5f102b4e85ad0d48206d66cb766f48a767be2349c546b51e963ee6e032446447b29868943b2af5

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI8028.tmp
Filesize
584KB

MD5
ad6faed544d1f3b892268e4b47425736

SHA1
e893ad7e0b52f03cedd0f94a8b9655459286083c

SHA256
759936d197e6098be606432002b78067c3feb2dbc294f5776b1c8c3a38314f0b

SHA512
0a752417f5e3789fee92c6d755a0c34317b82cb0cb9995ba7b5f102b4e85ad0d48206d66cb766f48a767be2349c546b51e963ee6e032446447b29868943b2af5

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI8028.tmp
Filesize
584KB

MD5
ad6faed544d1f3b892268e4b47425736

SHA1
e893ad7e0b52f03cedd0f94a8b9655459286083c

SHA256
759936d197e6098be606432002b78067c3feb2dbc294f5776b1c8c3a38314f0b

SHA512
0a752417f5e3789fee92c6d755a0c34317b82cb0cb9995ba7b5f102b4e85ad0d48206d66cb766f48a767be2349c546b51e963ee6e032446447b29868943b2af5

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI98D2.tmp
Filesize
709KB

MD5
205434c8070719c44bbb463a86ca9280

SHA1
ea2237bc8ce1cd27594c2b7589c88c8ff7b40a59

SHA256
c07d1b7cd5450153d3f158166ae703cb5f2f6569e081991a1c1888091318638e

SHA512
5dab5ce82f4d7b0f5b59339d89ee809416e63fb42d6243570b3809a6fb56b83e3e1f77f3af0c7348fefc0a232a9aea9ed75e8d879c8488b4c36d863d8e02d902

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI98D2.tmp
Filesize
709KB

MD5
205434c8070719c44bbb463a86ca9280

SHA1
ea2237bc8ce1cd27594c2b7589c88c8ff7b40a59

SHA256
c07d1b7cd5450153d3f158166ae703cb5f2f6569e081991a1c1888091318638e

SHA512
5dab5ce82f4d7b0f5b59339d89ee809416e63fb42d6243570b3809a6fb56b83e3e1f77f3af0c7348fefc0a232a9aea9ed75e8d879c8488b4c36d863d8e02d902

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI9911.tmp
Filesize
709KB

MD5
205434c8070719c44bbb463a86ca9280

SHA1
ea2237bc8ce1cd27594c2b7589c88c8ff7b40a59

SHA256
c07d1b7cd5450153d3f158166ae703cb5f2f6569e081991a1c1888091318638e

SHA512
5dab5ce82f4d7b0f5b59339d89ee809416e63fb42d6243570b3809a6fb56b83e3e1f77f3af0c7348fefc0a232a9aea9ed75e8d879c8488b4c36d863d8e02d902

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI9911.tmp
Filesize
709KB

MD5
205434c8070719c44bbb463a86ca9280

SHA1
ea2237bc8ce1cd27594c2b7589c88c8ff7b40a59

SHA256
c07d1b7cd5450153d3f158166ae703cb5f2f6569e081991a1c1888091318638e

SHA512
5dab5ce82f4d7b0f5b59339d89ee809416e63fb42d6243570b3809a6fb56b83e3e1f77f3af0c7348fefc0a232a9aea9ed75e8d879c8488b4c36d863d8e02d902

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI9911.tmp
Filesize
709KB

MD5
205434c8070719c44bbb463a86ca9280

SHA1
ea2237bc8ce1cd27594c2b7589c88c8ff7b40a59

SHA256
c07d1b7cd5450153d3f158166ae703cb5f2f6569e081991a1c1888091318638e

SHA512
5dab5ce82f4d7b0f5b59339d89ee809416e63fb42d6243570b3809a6fb56b83e3e1f77f3af0c7348fefc0a232a9aea9ed75e8d879c8488b4c36d863d8e02d902

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI9D49.tmp
Filesize
709KB

MD5
205434c8070719c44bbb463a86ca9280

SHA1
ea2237bc8ce1cd27594c2b7589c88c8ff7b40a59

SHA256
c07d1b7cd5450153d3f158166ae703cb5f2f6569e081991a1c1888091318638e

SHA512
5dab5ce82f4d7b0f5b59339d89ee809416e63fb42d6243570b3809a6fb56b83e3e1f77f3af0c7348fefc0a232a9aea9ed75e8d879c8488b4c36d863d8e02d902

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI9D49.tmp
Filesize
709KB

MD5
205434c8070719c44bbb463a86ca9280

SHA1
ea2237bc8ce1cd27594c2b7589c88c8ff7b40a59

SHA256
c07d1b7cd5450153d3f158166ae703cb5f2f6569e081991a1c1888091318638e

SHA512
5dab5ce82f4d7b0f5b59339d89ee809416e63fb42d6243570b3809a6fb56b83e3e1f77f3af0c7348fefc0a232a9aea9ed75e8d879c8488b4c36d863d8e02d902

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIBC46.tmp
Filesize
709KB

MD5
205434c8070719c44bbb463a86ca9280

SHA1
ea2237bc8ce1cd27594c2b7589c88c8ff7b40a59

SHA256
c07d1b7cd5450153d3f158166ae703cb5f2f6569e081991a1c1888091318638e

SHA512
5dab5ce82f4d7b0f5b59339d89ee809416e63fb42d6243570b3809a6fb56b83e3e1f77f3af0c7348fefc0a232a9aea9ed75e8d879c8488b4c36d863d8e02d902

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_6.0.13_(x64)_20230328103042_000_dotnet_runtime_6.0.13_win_x64.msi.log
Filesize
3KB

MD5
a32bb57b61999b24ce83cb4030365878

SHA1
ddd8675187df0bce06a65a3d34b4a40bd39ef42d

SHA256
f0c8db8d86d1952e14a3d7a00513572d92807f4a709bae466309847ad39e79eb

SHA512
2ab6065b5d53ee8ff213b12c3320d88545e3bc7bca3225726baf01d052dd9438ce6ce02208203a965c5050fa216da3dd098851c2705f1f8bde98419ae91a04fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_6.0.13_(x64)_20230328103042_001_dotnet_hostfxr_6.0.13_win_x64.msi.log
Filesize
2KB

MD5
ee24287af8cffae169510842c480cf6b

SHA1
3b2b1f09e8e5f95e686f3c3c6b5d14f169a380d5

SHA256
9cc60111ccc7c42f20fad30a51ca62e3fc2138b0b245fbcf8e35c089dd0c778b

SHA512
8321027d6d80879c32691f8774c49243d7214ce17bb79878b8386c8961e644149975f66a4e80700f4637a16d4f2c53570ceffb594a5b4a9390e59b338ebb5fe5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_6.0.13_(x64)_20230328103042_002_dotnet_host_6.0.13_win_x64.msi.log
Filesize
2KB

MD5
71f64dc655dfa478754ef919351acbbf

SHA1
da450b6e623e4e1e584dc0afdf00237bfee26d07

SHA256
ab5245cc43590781d49fc72466b15550425faab0a14ddd50df98f7cce775923b

SHA512
3ccccd9498000608f4e5dcc0f348352277c54a261b0876b67349611e717218e95607fff4fbf2c81968c2ad606c7adf1f639dd79ff59e451566ba727094f96530

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_6.0.13_(x64)_20230328103042_003_windowsdesktop_runtime_6.0.13_win_x64.msi.log
Filesize
2KB

MD5
6a601648e74a4079449d260d7f9f0864

SHA1
cb0a90ac4ef889c491942f30f850bb139487ba6c

SHA256
68f36b52a2172a8b2fb994c460b3d9bcc1d6a56e06b2f8d01250f552f86ad95f

SHA512
14ff5d7ae8fab5059f873b221c199a3a2fa31943ecd18a27b8012f55a292ea3bdd016c6491ea085aae208dfeb5c40f4459325751344a6e5c10c49a191835a91c

Download Submit
C:\Users\Admin\AppData\Local\Temp\t0000002.tmp
Filesize
148B

MD5
b67ace5a193cdcab359e8f031377f679

SHA1
6dc4db39ef997a9e25df70ef8c56598559b43bb6

SHA256
6543b5c9ef8388eef2590be60a1e7ed8a6fecc481b5b5a3c057539459b8dd48d

SHA512
e71a83960ba3ae3b9d2097e970dc6f725bb987ec2622bd640b7d2c5138a9fbe35bd8623a5400f121b51a36463a76fe59fde6462e858d6164ffd3813192ae8f00

Download Submit
C:\Users\Admin\AppData\Roaming\IGI ltd\pIGI+\prerequisites\.NET 6.0\windowsdesktop-runtime-6.0.13-win-x64.exe
Filesize
54.5MB

MD5
7c37e8a464a8248889dadc710cc7585d

SHA1
f4d830e319074a0ccf5f7d4219297e4b1d4ac760

SHA256
a2e875d7734b468225da5786616bab5bede1b8c4e71c5dd2e4faffa83b34dec5

SHA512
1b44717a2784c6597aa2e1ec9e6bb54f295eab09457cd41e61ca917d45fd1797fb160765111a85cd7264efa392230ee45477a1d95bee0c108c41e8375cd51afd

Download Submit
C:\Users\Admin\AppData\Roaming\IGI ltd\pIGI+\prerequisites\.NET 6.0\windowsdesktop-runtime-6.0.13-win-x64.exe
Filesize
54.5MB

MD5
7c37e8a464a8248889dadc710cc7585d

SHA1
f4d830e319074a0ccf5f7d4219297e4b1d4ac760

SHA256
a2e875d7734b468225da5786616bab5bede1b8c4e71c5dd2e4faffa83b34dec5

SHA512
1b44717a2784c6597aa2e1ec9e6bb54f295eab09457cd41e61ca917d45fd1797fb160765111a85cd7264efa392230ee45477a1d95bee0c108c41e8375cd51afd

Download Submit
C:\Users\Admin\AppData\Roaming\IGI ltd\pIGI+\prerequisites\.NET 6.0\windowsdesktop-runtime-6.0.13-win-x64.exe
Filesize
54.5MB

MD5
7c37e8a464a8248889dadc710cc7585d

SHA1
f4d830e319074a0ccf5f7d4219297e4b1d4ac760

SHA256
a2e875d7734b468225da5786616bab5bede1b8c4e71c5dd2e4faffa83b34dec5

SHA512
1b44717a2784c6597aa2e1ec9e6bb54f295eab09457cd41e61ca917d45fd1797fb160765111a85cd7264efa392230ee45477a1d95bee0c108c41e8375cd51afd

Download Submit
C:\Windows\Installer\MSI1323.tmp
Filesize
225KB

MD5
d711da8a6487aea301e05003f327879f

SHA1
548d3779ed3ab7309328f174bfb18d7768d27747

SHA256
3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

SHA512
c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

Download Submit
C:\Windows\Installer\MSI1323.tmp
Filesize
225KB

MD5
d711da8a6487aea301e05003f327879f

SHA1
548d3779ed3ab7309328f174bfb18d7768d27747

SHA256
3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

SHA512
c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

Download Submit
C:\Windows\Installer\MSI241D.tmp
Filesize
225KB

MD5
d711da8a6487aea301e05003f327879f

SHA1
548d3779ed3ab7309328f174bfb18d7768d27747

SHA256
3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

SHA512
c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

Download Submit
C:\Windows\Installer\MSI241D.tmp
Filesize
225KB

MD5
d711da8a6487aea301e05003f327879f

SHA1
548d3779ed3ab7309328f174bfb18d7768d27747

SHA256
3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

SHA512
c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

Download Submit
C:\Windows\Installer\MSI3EA.tmp
Filesize
225KB

MD5
d711da8a6487aea301e05003f327879f

SHA1
548d3779ed3ab7309328f174bfb18d7768d27747

SHA256
3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

SHA512
c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

Download Submit
C:\Windows\Installer\MSI3EA.tmp
Filesize
225KB

MD5
d711da8a6487aea301e05003f327879f

SHA1
548d3779ed3ab7309328f174bfb18d7768d27747

SHA256
3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

SHA512
c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

Download Submit
C:\Windows\Installer\MSI65C.tmp
Filesize
225KB

MD5
d711da8a6487aea301e05003f327879f

SHA1
548d3779ed3ab7309328f174bfb18d7768d27747

SHA256
3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

SHA512
c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

Download Submit
C:\Windows\Installer\MSI65C.tmp
Filesize
225KB

MD5
d711da8a6487aea301e05003f327879f

SHA1
548d3779ed3ab7309328f174bfb18d7768d27747

SHA256
3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

SHA512
c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

Download Submit
C:\Windows\Installer\MSI65C.tmp
Filesize
225KB

MD5
d711da8a6487aea301e05003f327879f

SHA1
548d3779ed3ab7309328f174bfb18d7768d27747

SHA256
3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

SHA512
c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

Download Submit
C:\Windows\Installer\MSIA3FD.tmp
Filesize
584KB

MD5
ad6faed544d1f3b892268e4b47425736

SHA1
e893ad7e0b52f03cedd0f94a8b9655459286083c

SHA256
759936d197e6098be606432002b78067c3feb2dbc294f5776b1c8c3a38314f0b

SHA512
0a752417f5e3789fee92c6d755a0c34317b82cb0cb9995ba7b5f102b4e85ad0d48206d66cb766f48a767be2349c546b51e963ee6e032446447b29868943b2af5

Download Submit
C:\Windows\Installer\MSIA3FD.tmp
Filesize
584KB

MD5
ad6faed544d1f3b892268e4b47425736

SHA1
e893ad7e0b52f03cedd0f94a8b9655459286083c

SHA256
759936d197e6098be606432002b78067c3feb2dbc294f5776b1c8c3a38314f0b

SHA512
0a752417f5e3789fee92c6d755a0c34317b82cb0cb9995ba7b5f102b4e85ad0d48206d66cb766f48a767be2349c546b51e963ee6e032446447b29868943b2af5

Download Submit
C:\Windows\Installer\MSIA507.tmp
Filesize
584KB

MD5
ad6faed544d1f3b892268e4b47425736

SHA1
e893ad7e0b52f03cedd0f94a8b9655459286083c

SHA256
759936d197e6098be606432002b78067c3feb2dbc294f5776b1c8c3a38314f0b

SHA512
0a752417f5e3789fee92c6d755a0c34317b82cb0cb9995ba7b5f102b4e85ad0d48206d66cb766f48a767be2349c546b51e963ee6e032446447b29868943b2af5

Download Submit
C:\Windows\Installer\MSIA507.tmp
Filesize
584KB

MD5
ad6faed544d1f3b892268e4b47425736

SHA1
e893ad7e0b52f03cedd0f94a8b9655459286083c

SHA256
759936d197e6098be606432002b78067c3feb2dbc294f5776b1c8c3a38314f0b

SHA512
0a752417f5e3789fee92c6d755a0c34317b82cb0cb9995ba7b5f102b4e85ad0d48206d66cb766f48a767be2349c546b51e963ee6e032446447b29868943b2af5

Download Submit
C:\Windows\Installer\MSIA556.tmp
Filesize
584KB

MD5
ad6faed544d1f3b892268e4b47425736

SHA1
e893ad7e0b52f03cedd0f94a8b9655459286083c

SHA256
759936d197e6098be606432002b78067c3feb2dbc294f5776b1c8c3a38314f0b

SHA512
0a752417f5e3789fee92c6d755a0c34317b82cb0cb9995ba7b5f102b4e85ad0d48206d66cb766f48a767be2349c546b51e963ee6e032446447b29868943b2af5

Download Submit
C:\Windows\Installer\MSIA556.tmp
Filesize
584KB

MD5
ad6faed544d1f3b892268e4b47425736

SHA1
e893ad7e0b52f03cedd0f94a8b9655459286083c

SHA256
759936d197e6098be606432002b78067c3feb2dbc294f5776b1c8c3a38314f0b

SHA512
0a752417f5e3789fee92c6d755a0c34317b82cb0cb9995ba7b5f102b4e85ad0d48206d66cb766f48a767be2349c546b51e963ee6e032446447b29868943b2af5

Download Submit
C:\Windows\Installer\MSIA5B5.tmp
Filesize
709KB

MD5
205434c8070719c44bbb463a86ca9280

SHA1
ea2237bc8ce1cd27594c2b7589c88c8ff7b40a59

SHA256
c07d1b7cd5450153d3f158166ae703cb5f2f6569e081991a1c1888091318638e

SHA512
5dab5ce82f4d7b0f5b59339d89ee809416e63fb42d6243570b3809a6fb56b83e3e1f77f3af0c7348fefc0a232a9aea9ed75e8d879c8488b4c36d863d8e02d902

Download Submit
C:\Windows\Installer\MSIA5B5.tmp
Filesize
709KB

MD5
205434c8070719c44bbb463a86ca9280

SHA1
ea2237bc8ce1cd27594c2b7589c88c8ff7b40a59

SHA256
c07d1b7cd5450153d3f158166ae703cb5f2f6569e081991a1c1888091318638e

SHA512
5dab5ce82f4d7b0f5b59339d89ee809416e63fb42d6243570b3809a6fb56b83e3e1f77f3af0c7348fefc0a232a9aea9ed75e8d879c8488b4c36d863d8e02d902

Download Submit
C:\Windows\Installer\MSIA672.tmp
Filesize
709KB

MD5
205434c8070719c44bbb463a86ca9280

SHA1
ea2237bc8ce1cd27594c2b7589c88c8ff7b40a59

SHA256
c07d1b7cd5450153d3f158166ae703cb5f2f6569e081991a1c1888091318638e

SHA512
5dab5ce82f4d7b0f5b59339d89ee809416e63fb42d6243570b3809a6fb56b83e3e1f77f3af0c7348fefc0a232a9aea9ed75e8d879c8488b4c36d863d8e02d902

Download Submit
C:\Windows\Installer\MSIA672.tmp
Filesize
709KB

MD5
205434c8070719c44bbb463a86ca9280

SHA1
ea2237bc8ce1cd27594c2b7589c88c8ff7b40a59

SHA256
c07d1b7cd5450153d3f158166ae703cb5f2f6569e081991a1c1888091318638e

SHA512
5dab5ce82f4d7b0f5b59339d89ee809416e63fb42d6243570b3809a6fb56b83e3e1f77f3af0c7348fefc0a232a9aea9ed75e8d879c8488b4c36d863d8e02d902

Download Submit
C:\Windows\Installer\MSIA84.tmp
Filesize
225KB

MD5
d711da8a6487aea301e05003f327879f

SHA1
548d3779ed3ab7309328f174bfb18d7768d27747

SHA256
3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

SHA512
c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

Download Submit
C:\Windows\Installer\MSIA84.tmp
Filesize
225KB

MD5
d711da8a6487aea301e05003f327879f

SHA1
548d3779ed3ab7309328f174bfb18d7768d27747

SHA256
3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

SHA512
c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

Download Submit
C:\Windows\Installer\MSIC79.tmp
Filesize
225KB

MD5
d711da8a6487aea301e05003f327879f

SHA1
548d3779ed3ab7309328f174bfb18d7768d27747

SHA256
3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

SHA512
c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

Download Submit
C:\Windows\Installer\MSIC79.tmp
Filesize
225KB

MD5
d711da8a6487aea301e05003f327879f

SHA1
548d3779ed3ab7309328f174bfb18d7768d27747

SHA256
3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

SHA512
c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

Download Submit
C:\Windows\Installer\MSIECD.tmp
Filesize
225KB

MD5
d711da8a6487aea301e05003f327879f

SHA1
548d3779ed3ab7309328f174bfb18d7768d27747

SHA256
3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

SHA512
c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

Download Submit
C:\Windows\Installer\MSIECD.tmp
Filesize
225KB

MD5
d711da8a6487aea301e05003f327879f

SHA1
548d3779ed3ab7309328f174bfb18d7768d27747

SHA256
3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

SHA512
c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

Download Submit
C:\Windows\Installer\MSIF4E4.tmp
Filesize
225KB

MD5
d711da8a6487aea301e05003f327879f

SHA1
548d3779ed3ab7309328f174bfb18d7768d27747

SHA256
3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

SHA512
c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

Download Submit
C:\Windows\Installer\MSIF4E4.tmp
Filesize
225KB

MD5
d711da8a6487aea301e05003f327879f

SHA1
548d3779ed3ab7309328f174bfb18d7768d27747

SHA256
3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

SHA512
c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

Download Submit
C:\Windows\Installer\e56ea87.msi
Filesize
25.7MB

MD5
c91d74f41cd6760829076752ead92560

SHA1
c903dfadf85025b9c02a65b9a4382ea85c5a460a

SHA256
c667c83c12109e96a025d5b1394a1d3cda3df4a520bcc73c7cef373f0e4088e5

SHA512
2520c30df18d63f92b83fbac107109122da81ea0db336a179a6673170e32d840ff67e673119bd2d4c6c86541d646248488d2410f1072ed69f51369ac8a51a918

Download Submit
C:\Windows\Installer\e56ea88.msi
Filesize
804KB

MD5
c6de3476cf791eb894a55334b636763d

SHA1
b2d5ccbe7270378caa69488629df240be84a91de

SHA256
dea630108cd4a2b1a9777b9958c2e4fa7416b315d19646c46195c431c5b432a1

SHA512
50a7c2897975c277b1265c0d7c6419c14cec78e1910374af836550ac5ea064d33507809a11c917d67614ed1234b42b5d860d7ae943b5a3ca11ea8b32f62a221a

Download Submit
C:\Windows\Installer\e56ea93.msi
Filesize
28.4MB

MD5
64b5ee5ac0b4b2e719c19f3370c37f18

SHA1
8d19c7123cdac781f16c46866d88ad92f7879656

SHA256
57e08f7fbb456646880e870ab9e14bfa19e216b26da35e45ca800ee569cedacc

SHA512
fb91d564de20eac1f9c8818c9584cee5edd6a693560bc1a9817c2fec6e4e220654ad153375186ab543b18d8d38adb08c42cf47764f56c4747b49d1df66e41a81

Download Submit
C:\Windows\Installer\e56ea94.msi
Filesize
114.3MB

MD5
327b69c02a8283fed8d634b118baf20a

SHA1
09f06c814bc6d356a50fe86441769a31beb159d9

SHA256
d064edcda9fb79bec9fc86b03a4f6412736d955017822c631ad4275c9b0426aa

SHA512
63c40c0ed5aadd21c3de917bec4aa7c401991f3a085826794457ddd17e4b46e93680dcbda23f2d364250b9eb3a80ea0747e54006c6bf3b0c43202d788b6653a9

Download Submit
C:\Windows\Temp\{1D1E25AD-EA37-4608-9BFF-5654D2693A27}\.ba\bg.png
Filesize
4KB

MD5
9eb0320dfbf2bd541e6a55c01ddc9f20

SHA1
eb282a66d29594346531b1ff886d455e1dcd6d99

SHA256
9095bf7b6baa0107b40a4a6d727215be077133a190f4ca9bd89a176842141e79

SHA512
9ada3a1757a493fbb004bd767fab8f77430af69d71479f340b8b8ede904cc94cd733700db593a4a2d2e1184c0081fd0648318d867128e1cb461021314990931d

Download Submit
C:\Windows\Temp\{1D1E25AD-EA37-4608-9BFF-5654D2693A27}\.ba\wixstdba.dll
Filesize
197KB

MD5
4356ee50f0b1a878e270614780ddf095

SHA1
b5c0915f023b2e4ed3e122322abc40c4437909af

SHA256
41a8787fdc9467f563438daba4131191aa1eb588a81beb9a89fe8bd886c16104

SHA512
b9e482efe9189683dabfc9feff8b386d7eba4ecf070f42a1eebee6052cfb181a19497f831f1ea6429cfcce1d4865a5d279b24bd738d702902e9887bb9f0c4691

Download Submit
C:\Windows\Temp\{1D1E25AD-EA37-4608-9BFF-5654D2693A27}\.be\windowsdesktop-runtime-6.0.13-win-x64.exe
Filesize
610KB

MD5
1c09875664bc933007f858ba2dcc65ca

SHA1
e464a2e5e82fa8a2dccbbc2ae879b1e5a36a1189

SHA256
e4a80c05bed611d9e1241e3b03f33500b832b75034a0868fb1b87d88a3c42391

SHA512
c13a56968d4f7b88e40800d3180ed2f30e0f5603ae29416c9d0d2e50aeee9cfc4abdebb5868bf59fbc9232d7d8e8d680c48c86c6968d153ef4ca208ea84f7fcf

Download Submit
C:\Windows\Temp\{1D1E25AD-EA37-4608-9BFF-5654D2693A27}\.be\windowsdesktop-runtime-6.0.13-win-x64.exe
Filesize
610KB

MD5
1c09875664bc933007f858ba2dcc65ca

SHA1
e464a2e5e82fa8a2dccbbc2ae879b1e5a36a1189

SHA256
e4a80c05bed611d9e1241e3b03f33500b832b75034a0868fb1b87d88a3c42391

SHA512
c13a56968d4f7b88e40800d3180ed2f30e0f5603ae29416c9d0d2e50aeee9cfc4abdebb5868bf59fbc9232d7d8e8d680c48c86c6968d153ef4ca208ea84f7fcf

Download Submit
C:\Windows\Temp\{1D1E25AD-EA37-4608-9BFF-5654D2693A27}\.be\windowsdesktop-runtime-6.0.13-win-x64.exe
Filesize
610KB

MD5
1c09875664bc933007f858ba2dcc65ca

SHA1
e464a2e5e82fa8a2dccbbc2ae879b1e5a36a1189

SHA256
e4a80c05bed611d9e1241e3b03f33500b832b75034a0868fb1b87d88a3c42391

SHA512
c13a56968d4f7b88e40800d3180ed2f30e0f5603ae29416c9d0d2e50aeee9cfc4abdebb5868bf59fbc9232d7d8e8d680c48c86c6968d153ef4ca208ea84f7fcf

Download Submit
C:\Windows\Temp\{1D1E25AD-EA37-4608-9BFF-5654D2693A27}\dotnet_host_6.0.13_win_x64.msi
Filesize
736KB

MD5
4e2da0053edf89b2b3eb75b1c629da84

SHA1
b7bc5ab94defce203711a544d615b48fb072faba

SHA256
5fc94f33ac39648a5788f69d93d11b31b2df2f0faff9ca93c8d184f10afeab17

SHA512
b081fb0d1c05ed0cad7a23ae82e75ea5bc0a02e9f1213b79a2f992538af26db42d04a001ee9abbebc07c29bce4a2fcfb2e264ea62c00c41a743a5156c1ee21d4

Download Submit
C:\Windows\Temp\{1D1E25AD-EA37-4608-9BFF-5654D2693A27}\dotnet_hostfxr_6.0.13_win_x64.msi
Filesize
804KB

MD5
c6de3476cf791eb894a55334b636763d

SHA1
b2d5ccbe7270378caa69488629df240be84a91de

SHA256
dea630108cd4a2b1a9777b9958c2e4fa7416b315d19646c46195c431c5b432a1

SHA512
50a7c2897975c277b1265c0d7c6419c14cec78e1910374af836550ac5ea064d33507809a11c917d67614ed1234b42b5d860d7ae943b5a3ca11ea8b32f62a221a

Download Submit
C:\Windows\Temp\{1D1E25AD-EA37-4608-9BFF-5654D2693A27}\dotnet_runtime_6.0.13_win_x64.msi
Filesize
25.7MB

MD5
c91d74f41cd6760829076752ead92560

SHA1
c903dfadf85025b9c02a65b9a4382ea85c5a460a

SHA256
c667c83c12109e96a025d5b1394a1d3cda3df4a520bcc73c7cef373f0e4088e5

SHA512
2520c30df18d63f92b83fbac107109122da81ea0db336a179a6673170e32d840ff67e673119bd2d4c6c86541d646248488d2410f1072ed69f51369ac8a51a918

Download Submit
C:\Windows\Temp\{1D1E25AD-EA37-4608-9BFF-5654D2693A27}\windowsdesktop_runtime_6.0.13_win_x64.msi
Filesize
28.4MB

MD5
64b5ee5ac0b4b2e719c19f3370c37f18

SHA1
8d19c7123cdac781f16c46866d88ad92f7879656

SHA256
57e08f7fbb456646880e870ab9e14bfa19e216b26da35e45ca800ee569cedacc

SHA512
fb91d564de20eac1f9c8818c9584cee5edd6a693560bc1a9817c2fec6e4e220654ad153375186ab543b18d8d38adb08c42cf47764f56c4747b49d1df66e41a81

Download Submit
C:\Windows\Temp\{3C23F8DD-9B9A-4541-BBF0-B6E84CEF4070}\.cr\windowsdesktop-runtime-6.0.13-win-x64.exe
Filesize
610KB

MD5
1c09875664bc933007f858ba2dcc65ca

SHA1
e464a2e5e82fa8a2dccbbc2ae879b1e5a36a1189

SHA256
e4a80c05bed611d9e1241e3b03f33500b832b75034a0868fb1b87d88a3c42391

SHA512
c13a56968d4f7b88e40800d3180ed2f30e0f5603ae29416c9d0d2e50aeee9cfc4abdebb5868bf59fbc9232d7d8e8d680c48c86c6968d153ef4ca208ea84f7fcf

Download Submit
C:\Windows\Temp\{3C23F8DD-9B9A-4541-BBF0-B6E84CEF4070}\.cr\windowsdesktop-runtime-6.0.13-win-x64.exe
Filesize
610KB

MD5
1c09875664bc933007f858ba2dcc65ca

SHA1
e464a2e5e82fa8a2dccbbc2ae879b1e5a36a1189

SHA256
e4a80c05bed611d9e1241e3b03f33500b832b75034a0868fb1b87d88a3c42391

SHA512
c13a56968d4f7b88e40800d3180ed2f30e0f5603ae29416c9d0d2e50aeee9cfc4abdebb5868bf59fbc9232d7d8e8d680c48c86c6968d153ef4ca208ea84f7fcf

Download Submit
memory/2400-1262-0x0000000000620000-0x0000000000682000-memory.dmp

Filesize
392KB

Download
memory/2400-1263-0x0000000000FC0000-0x0000000000FCA000-memory.dmp

Filesize
40KB

Download