Overview

overview

8

Static

static

3

NovaInstaller.exe

windows7-x64

8

NovaInstaller.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    124s
  • max time network
    172s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/10/2023, 01:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NovaInstaller.exe

  • Size

    152.4MB

  • MD5

    b22a99d3bcaec970a0ff099b095053fc

  • SHA1

    8f3ddffd78e901182382cd56994fab1e85171359

  • SHA256

    423ecb6f566708e142c7be0cbc1cb7475eb1f6c017c00799592a0a5a124ff13e

  • SHA512

    745b56187b4abf7fbf92cca79f85c436600a83caef7a88d9fa4d7870a425ac111e64d2920357d16018e1bdfb36197b155767a9095912367d2b8e1e2b7909188e

  • SSDEEP

    786432:zpj24RRx7jChNQNt/ZYLy/pGyjOy5l7y953zQ3TtLwSTRpf4P1wT1XKTTmBEA/rI:zN2ExfWNQNt/ZL3+jRuBQ

Score
8/10
discoverypersistence

Malware Config

Signatures

  • Downloads MZ/PE file
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 6 IoCs
  • Loads dropped DLL 13 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 31 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 5 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies data under HKEY_USERS 9 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of WriteProcessMemory 30 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\NovaInstaller.exe
    "C:\Users\Admin\AppData\Local\Temp\NovaInstaller.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3892
    • C:\Users\Admin\AppData\Local\Temp\windowsdesktop-runtime-6.0.15-win-x64.exe
      "windowsdesktop-runtime-6.0.15-win-x64.exe" /S
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:1912
      • C:\Windows\Temp\{AEB18C47-ECF8-49A4-9241-197D4162DCCE}\.cr\windowsdesktop-runtime-6.0.15-win-x64.exe
        "C:\Windows\Temp\{AEB18C47-ECF8-49A4-9241-197D4162DCCE}\.cr\windowsdesktop-runtime-6.0.15-win-x64.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\windowsdesktop-runtime-6.0.15-win-x64.exe" -burn.filehandle.attached=536 -burn.filehandle.self=540 /S
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:404
        • C:\Windows\Temp\{394CC07F-65E6-418C-AD67-4C27DBB54299}\.be\windowsdesktop-runtime-6.0.21-win-x64.exe
          "C:\Windows\Temp\{394CC07F-65E6-418C-AD67-4C27DBB54299}\.be\windowsdesktop-runtime-6.0.21-win-x64.exe" -q -burn.elevated BurnPipe.{DDA4BB4C-F69D-45D7-82AF-4D3FCAD453E4} {9F18E97C-0174-4D57-B35B-189D22476BF3} 404
          4⤵
          • Executes dropped EXE
          • Adds Run key to start application
          • Modifies registry class
          • Suspicious use of AdjustPrivilegeToken
          PID:1332
    • C:\Users\Admin\AppData\Local\Temp\vc_redist.x64.exe
      "vc_redist.x64.exe" /install /quiet /norestart
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:1172
      • C:\Windows\Temp\{3B3B8736-5C55-4791-8724-B7355C04F4FD}\.cr\vc_redist.x64.exe
        "C:\Windows\Temp\{3B3B8736-5C55-4791-8724-B7355C04F4FD}\.cr\vc_redist.x64.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\vc_redist.x64.exe" -burn.filehandle.attached=540 -burn.filehandle.self=548 /install /quiet /norestart
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:4500
        • C:\Windows\Temp\{374A4021-B3A0-49C0-A831-B3741DFE7482}\.be\VC_redist.x64.exe
          "C:\Windows\Temp\{374A4021-B3A0-49C0-A831-B3741DFE7482}\.be\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{4C36DA03-932B-4891-81B3-527CC6B18D12} {96D0A4CB-2469-45F8-A2BD-93F857C0A52D} 4500
          4⤵
          • Executes dropped EXE
          PID:5060
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3368
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 40139F0BC125158A60954BBD779B6DA9
      2⤵
      • Loads dropped DLL
      PID:5084
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 12840F93DB867B33E3FAE58F3C163CD2
      2⤵
      • Loads dropped DLL
      PID:4720
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding B1C3B3CF8318E930BC7EF248E8FD44F3
      2⤵
      • Loads dropped DLL
      PID:1892
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding FED46EE60A2F738B16C88BE3CC96E53F
      2⤵
      • Loads dropped DLL
      PID:4788
  • C:\Windows\system32\vssvc.exe
    C:\Windows\system32\vssvc.exe
    1⤵
    • Checks SCSI registry key(s)
    PID:1532

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Config.Msi\e594281.rbs
    Filesize

    56KB

    MD5

    dd7e25cf9910aeb40ea8c283856276e9

    SHA1

    945277a4c4260c96f322cef44822a57fd00ebd3d

    SHA256

    b7d32f4022d7fe018abc396cd43c4d30456d22a4de0a4481125bd0d87fa0896d

    SHA512

    06a2e07ecfe2816893cf7f6b799ba66f10dede3c66997a4a817c9d6bfce040633f865670bafacbd8f2b5e93a6f10ecbb386627da664a80c57a88e1b85b4a7293

    Download Submit

  • C:\Config.Msi\e594286.rbs
    Filesize

    8KB

    MD5

    1578c9b96ea84e684b080dd42d4ff2f1

    SHA1

    3bc145dc509230439e5a0be53128b1c89a7d90aa

    SHA256

    49d5d66d81c709a005b582697b6feaee1396a5ff31fd78a4966811906c8c9dac

    SHA512

    f11d11666bf1dace2d2d3c5367e71313acb672d9dedb61d036c2e04be53d006c437162a9e8469243a0e590af7c35651165022d3c00ec632040774b8ede095c66

    Download Submit

  • C:\Config.Msi\e59428b.rbs
    Filesize

    10KB

    MD5

    7433339770ff819421555a2d32e75c1c

    SHA1

    718660143d8c6a66cd181087e6b0ebde2006d36d

    SHA256

    b64fcd4147bc74a3f23dffa95aad84f0a4e2e8bc5f22ae8ceae03593aa02ddd1

    SHA512

    07ff032274f01c7f1401191329713e07fd6f1bc45680019a4868b9e333ba6843b6828e4a784fb17698bcbcf2f47a51499b1bd2ae1acc8d9cb6115358055cbd83

    Download Submit

  • C:\Config.Msi\e594290.rbs
    Filesize

    87KB

    MD5

    abb38d923b2a9ed1d6de66d36190d2d8

    SHA1

    52d597cf64ebbccb1d3df0b854e77c73355f681f

    SHA256

    c7914c7e932e1108b88553369c8dec4a67df58be5323275b9b7d9ff0c80ca481

    SHA512

    d88e608c22500b9cf730f1e484ab949dffd3004b425569faf4a16419322d415f73ade53b3168b7bac88fa01f48e7cd36f5c5694dfe55ad1ef58219495fc86328

    Download Submit

  • C:\Program Files\dotnet\LICENSE.txt
    Filesize

    9KB

    MD5

    31c5a77b3c57c8c2e82b9541b00bcd5a

    SHA1

    153d4bc14e3a2c1485006f1752e797ca8684d06d

    SHA256

    7f6839a61ce892b79c6549e2dc5a81fdbd240a0b260f8881216b45b7fda8b45d

    SHA512

    ad33e3c0c3b060ad44c5b1b712c991b2d7042f6a60dc691c014d977c922a7e3a783ba9bade1a34de853c271fde1fb75bc2c47869acd863a40be3a6c6d754c0a6

    Download Submit

  • C:\Program Files\dotnet\ThirdPartyNotices.txt
    Filesize

    78KB

    MD5

    f77a4aecfaf4640d801eb6dcdfddc478

    SHA1

    7424710f255f6205ef559e4d7e281a3b701183bb

    SHA256

    d5db0ed54363e40717ae09e746dec99ad5b09223cc1273bb870703176dd226b7

    SHA512

    1b729dfa561899980ba8b15128ea39bc1e609fe07b30b283001fd9cf9da62885d78c18082d0085edd81f09203f878549b48f7f888a8486a2a526b134c849fd6b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\.net\NovaInstaller\axcgh20z.3zq\D3DCompiler_47_cor3.dll
    Filesize

    4.7MB

    MD5

    ca68272d2c97f1e145f50b8cd1edf3a6

    SHA1

    83097400436f111c13ee34740e66b3de0542914b

    SHA256

    ff5dddae92b3798cc00c14a706ecb6329c27aa6d7bb6e82b393cf8b7366458ba

    SHA512

    ffc670aea4dad0113196d594c0fd07a838123e485ffebe3b728b8a18403b0bb82b042ccf23019c850a62466990b10a2e94102178326df735e4815dba7811d502

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\.net\NovaInstaller\axcgh20z.3zq\PresentationNative_cor3.dll
    Filesize

    1.2MB

    MD5

    5a137f1c0db458b0e5bb642f5293d3e6

    SHA1

    6f66bf8ad1a930c7021a95025b81af6169508a08

    SHA256

    334a78b0e495b25b9b828216c4613a8a169129c583245da3c3b2b923d4e4c39b

    SHA512

    d645f9c57523296923e2753202dbcd2a09f75bf46ac9a5a5525182d1d90b6f2fb078789150f4aeeafca8717098670780cbdb1e81fdb7fdd32d5ad791a2cafc79

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\.net\NovaInstaller\axcgh20z.3zq\wpfgfx_cor3.dll
    Filesize

    1.9MB

    MD5

    c8af68f307e0868e673d6e69924b3b81

    SHA1

    fbf565bdc0c1fe97b57690e3be751452d7e2fc56

    SHA256

    23db27f5a6d7b9993f3d5179e4021913cd977d810fbfd8c482f601aee9759e47

    SHA512

    cb4d21179504de09c62629a7b4cb23d4b771f477bf888927896abb143214451c4ad6210f2586a4e442b68eb39b9af7f42c916931849dd650044152ce7bf25720

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_6.0.21_(x64)_20231016012033_000_dotnet_runtime_6.0.21_win_x64.msi.log
    Filesize

    2KB

    MD5

    5b1c1461944880b1062bc35a52e69e68

    SHA1

    0e945d170c84b9d244ad90edfc8686711f10a6e8

    SHA256

    05f8c9c31e678b30ac784091ce3ccf80d5c31f74cfd4bd1e25dd40491aa2a1c5

    SHA512

    a05e89729f0191a7c09f5266c9214087bf30a41b3840f84f919197c6b7c249fdb4e11cbc2e0926d55514883928bde0fbdacb5cc7010a5b2c93e98013beb2ccde

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_6.0.21_(x64)_20231016012033_001_dotnet_hostfxr_6.0.21_win_x64.msi.log
    Filesize

    4KB

    MD5

    8f483a34a75ad242525baf4e10c3e8da

    SHA1

    6b5cfbe3ca78d053ce716eddfc1cb92a48b4e2cc

    SHA256

    1071c1360c66bfb1354422a01b28cb61f1bf28c8c2804eed60d6ca73b518a74e

    SHA512

    0056ce8faaf2b704ed70a3e6bc96205b920fc306aa35e3821f36e4c9f25003dbe61b03e7fc4fbb91e96b904eae3ed3bb4569c8ecce517b9cd7f180374af07b17

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_6.0.21_(x64)_20231016012033_002_dotnet_host_6.0.21_win_x64.msi.log
    Filesize

    2KB

    MD5

    2980e96354903b8e30a64e8a4730781b

    SHA1

    632e57364eb00dcb53ae8cd1f3b77d379ed88bf8

    SHA256

    7b079c384d3e758d6f64160ff709348ef66c3a76049808f2befef5776c7bb576

    SHA512

    67bf41f59fbf3df169088e9d0b3961079c21d23e8baca6c7b8b0c62818865db3ff34c724ed6d6a05e832ab16256eeca25d7c0edafa6d510b02f16ac53e0c16f9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_6.0.21_(x64)_20231016012033_003_windowsdesktop_runtime_6.0.21_win_x64.msi.log
    Filesize

    2KB

    MD5

    785c366e678984e331323c854a6aacdb

    SHA1

    77d2c48874e6ca1f96af761117efd041a0a0bb52

    SHA256

    16b586a0f92b4ca1f4ecccdad2903ebeaffdc23fec8b5b1d34f30228bdd05258

    SHA512

    d9e40af6a53569c5dae1afdfc66d45a2c94956bc5f14850abd592345fcba1f91d6154fb3bcb01523f6d45edd9a096220316bf3bba65f4006eb25e43be1ea0416

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\vc_redist.x64.exe
    Filesize

    24.2MB

    MD5

    077f0abdc2a3881d5c6c774af821f787

    SHA1

    c483f66c48ba83e99c764d957729789317b09c6b

    SHA256

    917c37d816488545b70affd77d6e486e4dd27e2ece63f6bbaaf486b178b2b888

    SHA512

    70a888d5891efd2a48d33c22f35e9178bd113032162dc5a170e7c56f2d592e3c59a08904b9f1b54450c80f8863bda746e431b396e4c1624b91ff15dd701bd939

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\vc_redist.x64.exe
    Filesize

    24.2MB

    MD5

    077f0abdc2a3881d5c6c774af821f787

    SHA1

    c483f66c48ba83e99c764d957729789317b09c6b

    SHA256

    917c37d816488545b70affd77d6e486e4dd27e2ece63f6bbaaf486b178b2b888

    SHA512

    70a888d5891efd2a48d33c22f35e9178bd113032162dc5a170e7c56f2d592e3c59a08904b9f1b54450c80f8863bda746e431b396e4c1624b91ff15dd701bd939

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\windowsdesktop-runtime-6.0.15-win-x64.exe
    Filesize

    54.7MB

    MD5

    1a6d60add2d112dd73e83fb46dca474d

    SHA1

    8b374a54f508cfdb8c8176bfaef96f37edf7170b

    SHA256

    aa0c922c9c65f11b75747343b4711a0bdc8dc8ac1bd38da7c3ecd01ce28c8545

    SHA512

    49192c5141bb04dc19483e8b1adec9c6f56fa54ef8c55e2f4fa4aae73abf9119bb7b1dff3d8f9b3307c50de8989669398a5f6d8dc4323b81b6a1def5ee6c6e79

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\windowsdesktop-runtime-6.0.15-win-x64.exe
    Filesize

    54.7MB

    MD5

    1a6d60add2d112dd73e83fb46dca474d

    SHA1

    8b374a54f508cfdb8c8176bfaef96f37edf7170b

    SHA256

    aa0c922c9c65f11b75747343b4711a0bdc8dc8ac1bd38da7c3ecd01ce28c8545

    SHA512

    49192c5141bb04dc19483e8b1adec9c6f56fa54ef8c55e2f4fa4aae73abf9119bb7b1dff3d8f9b3307c50de8989669398a5f6d8dc4323b81b6a1def5ee6c6e79

    Download Submit

  • C:\Windows\Installer\MSI5181.tmp
    Filesize

    225KB

    MD5

    d711da8a6487aea301e05003f327879f

    SHA1

    548d3779ed3ab7309328f174bfb18d7768d27747

    SHA256

    3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

    SHA512

    c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

    Download Submit

  • C:\Windows\Installer\MSI5181.tmp
    Filesize

    225KB

    MD5

    d711da8a6487aea301e05003f327879f

    SHA1

    548d3779ed3ab7309328f174bfb18d7768d27747

    SHA256

    3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

    SHA512

    c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

    Download Submit

  • C:\Windows\Installer\MSI720B.tmp
    Filesize

    225KB

    MD5

    d711da8a6487aea301e05003f327879f

    SHA1

    548d3779ed3ab7309328f174bfb18d7768d27747

    SHA256

    3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

    SHA512

    c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

    Download Submit

  • C:\Windows\Installer\MSI720B.tmp
    Filesize

    225KB

    MD5

    d711da8a6487aea301e05003f327879f

    SHA1

    548d3779ed3ab7309328f174bfb18d7768d27747

    SHA256

    3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

    SHA512

    c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

    Download Submit

  • C:\Windows\Installer\MSI7F99.tmp
    Filesize

    225KB

    MD5

    d711da8a6487aea301e05003f327879f

    SHA1

    548d3779ed3ab7309328f174bfb18d7768d27747

    SHA256

    3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

    SHA512

    c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

    Download Submit

  • C:\Windows\Installer\MSI7F99.tmp
    Filesize

    225KB

    MD5

    d711da8a6487aea301e05003f327879f

    SHA1

    548d3779ed3ab7309328f174bfb18d7768d27747

    SHA256

    3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

    SHA512

    c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

    Download Submit

  • C:\Windows\Installer\MSI7F99.tmp
    Filesize

    225KB

    MD5

    d711da8a6487aea301e05003f327879f

    SHA1

    548d3779ed3ab7309328f174bfb18d7768d27747

    SHA256

    3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

    SHA512

    c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

    Download Submit

  • C:\Windows\Installer\MSI84DB.tmp
    Filesize

    225KB

    MD5

    d711da8a6487aea301e05003f327879f

    SHA1

    548d3779ed3ab7309328f174bfb18d7768d27747

    SHA256

    3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

    SHA512

    c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

    Download Submit

  • C:\Windows\Installer\MSI84DB.tmp
    Filesize

    225KB

    MD5

    d711da8a6487aea301e05003f327879f

    SHA1

    548d3779ed3ab7309328f174bfb18d7768d27747

    SHA256

    3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

    SHA512

    c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

    Download Submit

  • C:\Windows\Installer\MSI88C4.tmp
    Filesize

    225KB

    MD5

    d711da8a6487aea301e05003f327879f

    SHA1

    548d3779ed3ab7309328f174bfb18d7768d27747

    SHA256

    3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

    SHA512

    c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

    Download Submit

  • C:\Windows\Installer\MSI88C4.tmp
    Filesize

    225KB

    MD5

    d711da8a6487aea301e05003f327879f

    SHA1

    548d3779ed3ab7309328f174bfb18d7768d27747

    SHA256

    3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

    SHA512

    c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

    Download Submit

  • C:\Windows\Installer\MSI9912.tmp
    Filesize

    225KB

    MD5

    d711da8a6487aea301e05003f327879f

    SHA1

    548d3779ed3ab7309328f174bfb18d7768d27747

    SHA256

    3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

    SHA512

    c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

    Download Submit

  • C:\Windows\Installer\MSI9912.tmp
    Filesize

    225KB

    MD5

    d711da8a6487aea301e05003f327879f

    SHA1

    548d3779ed3ab7309328f174bfb18d7768d27747

    SHA256

    3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

    SHA512

    c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

    Download Submit

  • C:\Windows\Installer\MSI9FBA.tmp
    Filesize

    225KB

    MD5

    d711da8a6487aea301e05003f327879f

    SHA1

    548d3779ed3ab7309328f174bfb18d7768d27747

    SHA256

    3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

    SHA512

    c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

    Download Submit

  • C:\Windows\Installer\MSI9FBA.tmp
    Filesize

    225KB

    MD5

    d711da8a6487aea301e05003f327879f

    SHA1

    548d3779ed3ab7309328f174bfb18d7768d27747

    SHA256

    3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

    SHA512

    c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

    Download Submit

  • C:\Windows\Installer\MSIC286.tmp
    Filesize

    225KB

    MD5

    d711da8a6487aea301e05003f327879f

    SHA1

    548d3779ed3ab7309328f174bfb18d7768d27747

    SHA256

    3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

    SHA512

    c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

    Download Submit

  • C:\Windows\Installer\MSIC286.tmp
    Filesize

    225KB

    MD5

    d711da8a6487aea301e05003f327879f

    SHA1

    548d3779ed3ab7309328f174bfb18d7768d27747

    SHA256

    3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

    SHA512

    c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

    Download Submit

  • C:\Windows\Installer\e594282.msi
    Filesize

    25.7MB

    MD5

    0fda2bb0ba0c1dd265e9540265a035b7

    SHA1

    03461f9f268e5ec0a997990c05b16086a03505dc

    SHA256

    bb994af42653ab3738ea3b689f6870c2549f6f170f23a1a8a161c7e02ccec9b1

    SHA512

    acdcb21c4ac6587b7a7cc43078a075f2f06d71823ace65e175611e0ef8af2bc7c753b7618447ba6d9f24cbea63cf582bcd5f71ca3b7a79066ca6cd61c43ed7d6

    Download Submit

  • C:\Windows\Installer\e594283.msi
    Filesize

    804KB

    MD5

    5dce0ef6b5d0bd2b850106a22b5e0264

    SHA1

    263cfbd815de6b877d084ab4b3d2f878d71c9b1f

    SHA256

    c98010f7c473bdb2a182e61aae35a20c044006fee26ffb378346cbdf255d2736

    SHA512

    fc7297d142cf8d0247ac86732182a031e819a4fc41b034d1b9a7dba5cdb56d73e158dd57132b6a083b3f6184859b4dca4a1a21205f6d11b2be6ca3913e89891b

    Download Submit

  • C:\Windows\Installer\e594291.msi
    Filesize

    28.5MB

    MD5

    6ec2d8f7944d0766603fa3b043fe2410

    SHA1

    000a79c4792abbfdf65ca3b5367b7a3b02146732

    SHA256

    619074e13358e2c259086bf306083229ae8d3472187bc755951413858949cb68

    SHA512

    4f86befae9a437985e4ae491f416b0c06a72344ffccfb00c325e91d48244b46edee784003c0a519bc39fdb14409d949c7fe7cde7f51b3479d504c61d88f6371b

    Download Submit

  • C:\Windows\Temp\{374A4021-B3A0-49C0-A831-B3741DFE7482}\.ba\logo.png
    Filesize

    1KB

    MD5

    d6bd210f227442b3362493d046cea233

    SHA1

    ff286ac8370fc655aea0ef35e9cf0bfcb6d698de

    SHA256

    335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef

    SHA512

    464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

    Download Submit

  • C:\Windows\Temp\{374A4021-B3A0-49C0-A831-B3741DFE7482}\.ba\wixstdba.dll
    Filesize

    191KB

    MD5

    eab9caf4277829abdf6223ec1efa0edd

    SHA1

    74862ecf349a9bedd32699f2a7a4e00b4727543d

    SHA256

    a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041

    SHA512

    45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2

    Download Submit

  • C:\Windows\Temp\{374A4021-B3A0-49C0-A831-B3741DFE7482}\.be\VC_redist.x64.exe
    Filesize

    635KB

    MD5

    35e545dac78234e4040a99cbb53000ac

    SHA1

    ae674cc167601bd94e12d7ae190156e2c8913dc5

    SHA256

    9a6c005e1a71e11617f87ede695af32baac8a2056f11031941df18b23c4eeba6

    SHA512

    bd984c20f59674d1c54ca19785f54f937f89661014573c5966e5f196f776ae38f1fc9a7f3b68c5bc9bf0784adc5c381f8083f2aecdef620965aeda9ecba504f3

    Download Submit

  • C:\Windows\Temp\{374A4021-B3A0-49C0-A831-B3741DFE7482}\.be\VC_redist.x64.exe
    Filesize

    635KB

    MD5

    35e545dac78234e4040a99cbb53000ac

    SHA1

    ae674cc167601bd94e12d7ae190156e2c8913dc5

    SHA256

    9a6c005e1a71e11617f87ede695af32baac8a2056f11031941df18b23c4eeba6

    SHA512

    bd984c20f59674d1c54ca19785f54f937f89661014573c5966e5f196f776ae38f1fc9a7f3b68c5bc9bf0784adc5c381f8083f2aecdef620965aeda9ecba504f3

    Download Submit

  • C:\Windows\Temp\{374A4021-B3A0-49C0-A831-B3741DFE7482}\.be\VC_redist.x64.exe
    Filesize

    635KB

    MD5

    35e545dac78234e4040a99cbb53000ac

    SHA1

    ae674cc167601bd94e12d7ae190156e2c8913dc5

    SHA256

    9a6c005e1a71e11617f87ede695af32baac8a2056f11031941df18b23c4eeba6

    SHA512

    bd984c20f59674d1c54ca19785f54f937f89661014573c5966e5f196f776ae38f1fc9a7f3b68c5bc9bf0784adc5c381f8083f2aecdef620965aeda9ecba504f3

    Download Submit

  • C:\Windows\Temp\{394CC07F-65E6-418C-AD67-4C27DBB54299}\.ba\bg.png
    Filesize

    4KB

    MD5

    9eb0320dfbf2bd541e6a55c01ddc9f20

    SHA1

    eb282a66d29594346531b1ff886d455e1dcd6d99

    SHA256

    9095bf7b6baa0107b40a4a6d727215be077133a190f4ca9bd89a176842141e79

    SHA512

    9ada3a1757a493fbb004bd767fab8f77430af69d71479f340b8b8ede904cc94cd733700db593a4a2d2e1184c0081fd0648318d867128e1cb461021314990931d

    Download Submit

  • C:\Windows\Temp\{394CC07F-65E6-418C-AD67-4C27DBB54299}\.ba\wixstdba.dll
    Filesize

    197KB

    MD5

    4356ee50f0b1a878e270614780ddf095

    SHA1

    b5c0915f023b2e4ed3e122322abc40c4437909af

    SHA256

    41a8787fdc9467f563438daba4131191aa1eb588a81beb9a89fe8bd886c16104

    SHA512

    b9e482efe9189683dabfc9feff8b386d7eba4ecf070f42a1eebee6052cfb181a19497f831f1ea6429cfcce1d4865a5d279b24bd738d702902e9887bb9f0c4691

    Download Submit

  • C:\Windows\Temp\{394CC07F-65E6-418C-AD67-4C27DBB54299}\.be\windowsdesktop-runtime-6.0.21-win-x64.exe
    Filesize

    610KB

    MD5

    ff67a2a55ed6998ab527273d547fc00f

    SHA1

    852712b95ca05de8f336f07ff9ac672281b91215

    SHA256

    71dc12e39274b7a94f1a44b1ebe1a1507adf9884db5fdcd4cd9346b4c9fbe0c9

    SHA512

    48eb6bcb087d23ffb4e85501d23e55a4a15e8e0d2b4ca402a46df5946640f7e33c47deb785142af0fbc8cb10b6f9731500a370168cb43fd02642b29a880151d9

    Download Submit

  • C:\Windows\Temp\{394CC07F-65E6-418C-AD67-4C27DBB54299}\.be\windowsdesktop-runtime-6.0.21-win-x64.exe
    Filesize

    610KB

    MD5

    ff67a2a55ed6998ab527273d547fc00f

    SHA1

    852712b95ca05de8f336f07ff9ac672281b91215

    SHA256

    71dc12e39274b7a94f1a44b1ebe1a1507adf9884db5fdcd4cd9346b4c9fbe0c9

    SHA512

    48eb6bcb087d23ffb4e85501d23e55a4a15e8e0d2b4ca402a46df5946640f7e33c47deb785142af0fbc8cb10b6f9731500a370168cb43fd02642b29a880151d9

    Download Submit

  • C:\Windows\Temp\{394CC07F-65E6-418C-AD67-4C27DBB54299}\.be\windowsdesktop-runtime-6.0.21-win-x64.exe
    Filesize

    610KB

    MD5

    ff67a2a55ed6998ab527273d547fc00f

    SHA1

    852712b95ca05de8f336f07ff9ac672281b91215

    SHA256

    71dc12e39274b7a94f1a44b1ebe1a1507adf9884db5fdcd4cd9346b4c9fbe0c9

    SHA512

    48eb6bcb087d23ffb4e85501d23e55a4a15e8e0d2b4ca402a46df5946640f7e33c47deb785142af0fbc8cb10b6f9731500a370168cb43fd02642b29a880151d9

    Download Submit

  • C:\Windows\Temp\{394CC07F-65E6-418C-AD67-4C27DBB54299}\dotnet_host_6.0.21_win_x64.msi
    Filesize

    736KB

    MD5

    12b8c5914e56f4bd933c8490f7f6cd45

    SHA1

    2ec135cdd97adbcfe7decb04f1a5e95b6f0614e3

    SHA256

    3b83682de5bfeabde75ffc34330f470df11ce5e62c2509c50b3e48e35130fa51

    SHA512

    ecc9ddd52d097ca6f643f7ce78399b01d37e776e30abb8b82b6278711716e6893528340b6719f8287848931759ae41427c252cb00df97742583dbe5d7ea4277a

    Download Submit

  • C:\Windows\Temp\{394CC07F-65E6-418C-AD67-4C27DBB54299}\dotnet_hostfxr_6.0.21_win_x64.msi
    Filesize

    804KB

    MD5

    5dce0ef6b5d0bd2b850106a22b5e0264

    SHA1

    263cfbd815de6b877d084ab4b3d2f878d71c9b1f

    SHA256

    c98010f7c473bdb2a182e61aae35a20c044006fee26ffb378346cbdf255d2736

    SHA512

    fc7297d142cf8d0247ac86732182a031e819a4fc41b034d1b9a7dba5cdb56d73e158dd57132b6a083b3f6184859b4dca4a1a21205f6d11b2be6ca3913e89891b

    Download Submit

  • C:\Windows\Temp\{394CC07F-65E6-418C-AD67-4C27DBB54299}\dotnet_runtime_6.0.21_win_x64.msi
    Filesize

    25.7MB

    MD5

    0fda2bb0ba0c1dd265e9540265a035b7

    SHA1

    03461f9f268e5ec0a997990c05b16086a03505dc

    SHA256

    bb994af42653ab3738ea3b689f6870c2549f6f170f23a1a8a161c7e02ccec9b1

    SHA512

    acdcb21c4ac6587b7a7cc43078a075f2f06d71823ace65e175611e0ef8af2bc7c753b7618447ba6d9f24cbea63cf582bcd5f71ca3b7a79066ca6cd61c43ed7d6

    Download Submit

  • C:\Windows\Temp\{394CC07F-65E6-418C-AD67-4C27DBB54299}\windowsdesktop_runtime_6.0.21_win_x64.msi
    Filesize

    28.5MB

    MD5

    6ec2d8f7944d0766603fa3b043fe2410

    SHA1

    000a79c4792abbfdf65ca3b5367b7a3b02146732

    SHA256

    619074e13358e2c259086bf306083229ae8d3472187bc755951413858949cb68

    SHA512

    4f86befae9a437985e4ae491f416b0c06a72344ffccfb00c325e91d48244b46edee784003c0a519bc39fdb14409d949c7fe7cde7f51b3479d504c61d88f6371b

    Download Submit

  • C:\Windows\Temp\{3B3B8736-5C55-4791-8724-B7355C04F4FD}\.cr\vc_redist.x64.exe
    Filesize

    635KB

    MD5

    35e545dac78234e4040a99cbb53000ac

    SHA1

    ae674cc167601bd94e12d7ae190156e2c8913dc5

    SHA256

    9a6c005e1a71e11617f87ede695af32baac8a2056f11031941df18b23c4eeba6

    SHA512

    bd984c20f59674d1c54ca19785f54f937f89661014573c5966e5f196f776ae38f1fc9a7f3b68c5bc9bf0784adc5c381f8083f2aecdef620965aeda9ecba504f3

    Download Submit

  • C:\Windows\Temp\{3B3B8736-5C55-4791-8724-B7355C04F4FD}\.cr\vc_redist.x64.exe
    Filesize

    635KB

    MD5

    35e545dac78234e4040a99cbb53000ac

    SHA1

    ae674cc167601bd94e12d7ae190156e2c8913dc5

    SHA256

    9a6c005e1a71e11617f87ede695af32baac8a2056f11031941df18b23c4eeba6

    SHA512

    bd984c20f59674d1c54ca19785f54f937f89661014573c5966e5f196f776ae38f1fc9a7f3b68c5bc9bf0784adc5c381f8083f2aecdef620965aeda9ecba504f3

    Download Submit

  • C:\Windows\Temp\{AEB18C47-ECF8-49A4-9241-197D4162DCCE}\.cr\windowsdesktop-runtime-6.0.15-win-x64.exe
    Filesize

    610KB

    MD5

    ff67a2a55ed6998ab527273d547fc00f

    SHA1

    852712b95ca05de8f336f07ff9ac672281b91215

    SHA256

    71dc12e39274b7a94f1a44b1ebe1a1507adf9884db5fdcd4cd9346b4c9fbe0c9

    SHA512

    48eb6bcb087d23ffb4e85501d23e55a4a15e8e0d2b4ca402a46df5946640f7e33c47deb785142af0fbc8cb10b6f9731500a370168cb43fd02642b29a880151d9

    Download Submit

  • C:\Windows\Temp\{AEB18C47-ECF8-49A4-9241-197D4162DCCE}\.cr\windowsdesktop-runtime-6.0.15-win-x64.exe
    Filesize

    610KB

    MD5

    ff67a2a55ed6998ab527273d547fc00f

    SHA1

    852712b95ca05de8f336f07ff9ac672281b91215

    SHA256

    71dc12e39274b7a94f1a44b1ebe1a1507adf9884db5fdcd4cd9346b4c9fbe0c9

    SHA512

    48eb6bcb087d23ffb4e85501d23e55a4a15e8e0d2b4ca402a46df5946640f7e33c47deb785142af0fbc8cb10b6f9731500a370168cb43fd02642b29a880151d9

    Download Submit

  • memory/3892-56-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/3892-51-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/3892-67-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/3892-66-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/3892-65-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/3892-64-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/3892-63-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/3892-62-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/3892-61-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/3892-60-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/3892-59-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/3892-58-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/3892-57-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/3892-69-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/3892-55-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/3892-54-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/3892-53-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/3892-52-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/3892-50-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/3892-68-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/3892-49-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/3892-48-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/3892-47-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/3892-44-0x00000177669E0000-0x00000177669F9000-memory.dmp

    Filesize

    100KB

    Download

  • memory/3892-41-0x00000177675C0000-0x0000017767684000-memory.dmp

    Filesize

    784KB

    Download

  • memory/3892-38-0x00000177669B0000-0x00000177669DE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/3892-35-0x0000017744A70000-0x0000017744A7D000-memory.dmp

    Filesize

    52KB

    Download

  • memory/3892-32-0x0000017744A80000-0x0000017744A88000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3892-29-0x0000017766A60000-0x0000017766AA0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/3892-26-0x0000017766920000-0x0000017766932000-memory.dmp

    Filesize

    72KB

    Download

  • memory/3892-23-0x0000017766A10000-0x0000017766A57000-memory.dmp

    Filesize

    284KB

    Download

  • memory/3892-20-0x0000017766950000-0x0000017766971000-memory.dmp

    Filesize

    132KB

    Download

  • memory/3892-751-0x00007FF6B2950000-0x00007FF6B327E000-memory.dmp

    Filesize

    9.2MB

    Download

  • memory/3892-5-0x0000000180000000-0x0000000180A23000-memory.dmp

    Filesize

    10.1MB

    Download

  • memory/3892-17-0x0000017766D90000-0x0000017766EEE000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/3892-14-0x0000017766B60000-0x0000017766D88000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/3892-10-0x00000177678B0000-0x0000017768836000-memory.dmp

    Filesize

    15.5MB

    Download

  • memory/3892-11-0x00007FF6B2950000-0x00007FF6B327E000-memory.dmp

    Filesize

    9.2MB

    Download

  • memory/3892-8-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download