74db4ae35512c9a7be17f01544b2a5bd56b3b256edb3f179e76b59951f222175

Analysis

max time kernel
94s
max time network
158s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
06/11/2023, 17:21

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

NovaInstaller.exe
Size

152.1MB
MD5

6196a6ac54713dc0d11c7ebab96bc6d0
SHA1

594c07c73f5844f74dc80b79f9d29ae0c9591f3f
SHA256

74db4ae35512c9a7be17f01544b2a5bd56b3b256edb3f179e76b59951f222175
SHA512

613b185438c693c25e55174eaf2dc5e8d36b57f462c82ab318276219b0bdadb1f145712b9dbb4bd49ad60dfc8e9176428c6cceaac3ff615c13e60e74153724c7
SSDEEP

786432:65Nre6UmdCvF4N3RtI9n1gqBf8ICtZNXDPWsUwZnb5xFTtLwSTRpf4P1wT1vdvmu:A5UmamUyqtSyctjdegUc

Score

8^/10

discovery persistence

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 6 IoCs

pid	Process
2948	windowsdesktop-runtime-6.0.15-win-x64.exe
1448	windowsdesktop-runtime-6.0.15-win-x64.exe
2808	windowsdesktop-runtime-6.0.21-win-x64.exe
2056	dotnet-sdk-6.0.405-win-x64.exe
1632	dotnet-sdk-6.0.405-win-x64.exe
1176	dotnet-sdk-6.0.413-win-x86.exe

Loads dropped DLL 24 IoCs

pid	Process
2588	NovaInstaller.exe
2588	NovaInstaller.exe
2588	NovaInstaller.exe
2948	windowsdesktop-runtime-6.0.15-win-x64.exe
1448	windowsdesktop-runtime-6.0.15-win-x64.exe
1448	windowsdesktop-runtime-6.0.15-win-x64.exe
2652	MsiExec.exe
1816	MsiExec.exe
2768	msiexec.exe
2768	msiexec.exe
2320	MsiExec.exe
2328	MsiExec.exe
2056	dotnet-sdk-6.0.405-win-x64.exe
1632	dotnet-sdk-6.0.405-win-x64.exe
1632	dotnet-sdk-6.0.405-win-x64.exe
2604	MsiExec.exe
1448	MsiExec.exe
1576	MsiExec.exe
2748	MsiExec.exe
1448	MsiExec.exe
1940	MsiExec.exe
604	MsiExec.exe
2024	MsiExec.exe
2656	MsiExec.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{0f39db03-9030-48f3-82ef-5384bed81d85} = "\"C:\\ProgramData\\Package Cache\\{0f39db03-9030-48f3-82ef-5384bed81d85}\\windowsdesktop-runtime-6.0.21-win-x64.exe\" /burn.runonce"	windowsdesktop-runtime-6.0.21-win-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{901a4233-9860-4dd0-bb2d-0d86482fc5bd} = "\"C:\\ProgramData\\Package Cache\\{901a4233-9860-4dd0-bb2d-0d86482fc5bd}\\dotnet-sdk-6.0.413-win-x86.exe\" /burn.runonce"	dotnet-sdk-6.0.413-win-x86.exe

Blocklisted process makes network request 1 IoCs

flow	pid	Process
11	2768	msiexec.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.21\Microsoft.DiaSymReader.Native.amd64.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.21\mscordaccore_amd64_amd64_6.0.2123.36311.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.21\de\UIAutomationTypes.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\packs\Microsoft.NETCore.App.Ref\6.0.21\ref\net6.0\System.ObjectModel.xml	msiexec.exe
File created	C:\Program Files (x86)\dotnet\packs\Microsoft.NETCore.App.Ref\6.0.21\ref\net6.0\System.IO.FileSystem.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.21\api-ms-win-core-heap-l1-1-0.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.21\System.Threading.Timer.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.21\ru\System.Windows.Input.Manipulations.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\6.0.21\System.Diagnostics.TraceSource.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\packs\Microsoft.NETCore.App.Ref\6.0.21\ref\net6.0\System.Security.Cryptography.X509Certificates.xml	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.21\System.IO.Pipes.AccessControl.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\packs\Microsoft.NETCore.App.Ref\6.0.21\ref\net6.0\System.ComponentModel.TypeConverter.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\packs\Microsoft.NETCore.App.Ref\6.0.21\ref\net6.0\System.Data.Common.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\packs\Microsoft.NETCore.App.Host.win-arm\6.0.21\runtimes\win-arm\native\libnethost.lib	msiexec.exe
File created	C:\Program Files (x86)\dotnet\packs\NETStandard.Library.Ref\2.1.0\ref\netstandard2.1\System.Diagnostics.TraceSource.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.21\PresentationFramework-SystemXml.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.21\it\System.Windows.Forms.Primitives.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\6.0.21\api-ms-win-crt-time-l1-1-0.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\packs\Microsoft.NETCore.App.Ref\6.0.21\ref\net6.0\System.Runtime.CompilerServices.Unsafe.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\packs\Microsoft.NETCore.App.Ref\6.0.21\ref\net6.0\System.IO.Pipes.AccessControl.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\6.0.21\System.Net.HttpListener.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\packs\Microsoft.NETCore.App.Ref\6.0.21\ref\net6.0\System.IO.Compression.Brotli.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\packs\Microsoft.NETCore.App.Ref\6.0.21\ref\net6.0\System.Linq.Queryable.xml	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.21\System.Text.Json.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.21\ru\PresentationCore.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.21\ja\PresentationFramework.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\6.0.21\System.Runtime.InteropServices.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\6.0.21\System.Xml.XDocument.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\packs\Microsoft.NETCore.App.Ref\6.0.21\ref\net6.0\System.Reflection.Primitives.xml	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.21\System.Net.Http.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\6.0.21\System.Diagnostics.Process.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\packs\Microsoft.NETCore.App.Ref\6.0.21\ref\net6.0\System.Globalization.Calendars.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.21\Microsoft.VisualBasic.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.21\de\System.Windows.Input.Manipulations.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\6.0.21\System.Xml.XPath.XDocument.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.21\ko\System.Windows.Input.Manipulations.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\packs\Microsoft.NETCore.App.Ref\6.0.21\ref\net6.0\System.Runtime.Serialization.Xml.xml	msiexec.exe
File created	C:\Program Files (x86)\dotnet\packs\Microsoft.NETCore.App.Ref\6.0.21\ref\net6.0\System.Reflection.Emit.xml	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.21\api-ms-win-core-fibers-l1-1-0.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\6.0.21\api-ms-win-crt-heap-l1-1-0.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\6.0.21\System.Diagnostics.Tools.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\packs\Microsoft.NETCore.App.Ref\6.0.21\analyzers\dotnet\cs\es\System.Text.Json.SourceGeneration.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.21\System.Drawing.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.21\cs\UIAutomationTypes.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\6.0.21\System.Threading.Tasks.Extensions.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\packs\Microsoft.NETCore.App.Ref\6.0.21\ref\net6.0\System.Security.Cryptography.OpenSsl.xml	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.21\System.Threading.AccessControl.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\6.0.21\System.ComponentModel.EventBasedAsync.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\packs\NETStandard.Library.Ref\2.1.0\ref\netstandard2.1\System.Runtime.CompilerServices.VisualC.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\packs\Microsoft.NETCore.App.Ref\6.0.21\ref\net6.0\WindowsBase.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\packs\NETStandard.Library.Ref\2.1.0\ref\netstandard2.1\System.Linq.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.21\System.Core.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.21\cs\ReachFramework.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.21\ko\System.Windows.Forms.Design.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.21\ru\WindowsFormsIntegration.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\6.0.21\System.Private.DataContractSerialization.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\packs\NETStandard.Library.Ref\2.1.0\ref\netstandard2.1\System.Reflection.Emit.Lightweight.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.21\Microsoft.Win32.Registry.AccessControl.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.21\PresentationFramework.Luna.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\6.0.21\System.Threading.Overlapped.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\6.0.21\api-ms-win-crt-runtime-l1-1-0.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\6.0.21\System.Collections.Concurrent.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.21\System.ServiceProcess.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.21\System.Windows.Input.Manipulations.dll	msiexec.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\Installer\f770488.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI2B78.tmp	msiexec.exe
File created	C:\Windows\Installer\f77049b.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\f77049b.msi	msiexec.exe
File created	C:\Windows\Installer\f7704a7.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\f7704b0.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIECDB.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\f7704bf.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\f7704ce.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\f770486.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\f770492.ipi	msiexec.exe
File created	C:\Windows\Installer\f77049e.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIBEBC.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\f7704a4.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\f7704a7.msi	msiexec.exe
File created	C:\Windows\Installer\f7704ce.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIE1AA.tmp	msiexec.exe
File created	C:\Windows\Installer\f7704c2.ipi	msiexec.exe
File created	C:\Windows\Installer\f7704c5.msi	msiexec.exe
File created	C:\Windows\Installer\f7704aa.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSID9BB.tmp	msiexec.exe
File created	C:\Windows\Installer\f7704b9.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\f7704c2.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI2103.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF076.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIFBCC.tmp	msiexec.exe
File created	C:\Windows\Installer\f7704be.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\f770483.msi	msiexec.exe
File created	C:\Windows\Installer\f77048c.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\f770495.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI3329.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSID890.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\f7704b9.msi	msiexec.exe
File created	C:\Windows\Installer\f770489.msi	msiexec.exe
File created	C:\Windows\Installer\f770494.msi	msiexec.exe
File created	C:\Windows\Installer\f770495.msi	msiexec.exe
File created	C:\Windows\Installer\f7704a4.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\f7704b6.ipi	msiexec.exe
File created	C:\Windows\Installer\f7704ca.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\f77048c.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\f7704ad.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF59B.tmp	msiexec.exe
File created	C:\Windows\Installer\f7704cb.msi	msiexec.exe
File created	C:\Windows\Installer\f7704d0.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI40D.tmp	msiexec.exe
File created	C:\Windows\Installer\f770483.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\f770489.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\f770498.ipi	msiexec.exe
File opened for modification	C:\Windows\WindowsUpdate.log	dotnet-sdk-6.0.413-win-x86.exe
File opened for modification	C:\Windows\Installer\MSIEAE4.tmp	msiexec.exe
File created	C:\Windows\Installer\f7704bf.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSICF0.tmp	msiexec.exe
File created	C:\Windows\Installer\f77048f.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\f77048f.msi	msiexec.exe
File created	C:\Windows\Installer\f770498.ipi	msiexec.exe
File created	C:\Windows\Installer\f77049a.msi	msiexec.exe
File created	C:\Windows\Installer\f7704a1.msi	msiexec.exe
File created	C:\Windows\Installer\f7704ac.msi	msiexec.exe
File created	C:\Windows\Installer\f7704b8.msi	msiexec.exe
File created	C:\Windows\Installer\f7704c8.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\f7704d1.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\f7704a6.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF1F0.tmp	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies data under HKEY_USERS 27 IoCs

description	ioc	Process
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\30	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\33	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\34	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\35	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\39	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2F	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\30	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\36	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\39	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\31	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\32	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\34	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\37	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\33	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\35	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\36	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2F	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\3A	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\37	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\32	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\38	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\31	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\38	msiexec.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\7F53FF62BBDAF9C479AD9721D08BE06C\MainFeature	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\dotnet_apphost_pack_48.87.64667_x86_arm	dotnet-sdk-6.0.413-win-x86.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\307514C3C04491841B33B644A2610D7C\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{3C415703-440C-4819-B133-6B442A16D0C7}v48.87.64667\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\netstandard_targeting_pack_24.0.28113_x86	dotnet-sdk-6.0.413-win-x86.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\netstandard_targeting_pack_24.0.28113_x86\Version = "24.0.28113"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Dotnet_CLI_HostFxr_48.87.64667_x64	windowsdesktop-runtime-6.0.21-win-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\windowsdesktop_runtime_48.87.64723_x64\Dependents	windowsdesktop-runtime-6.0.21-win-x64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\307514C3C04491841B33B644A2610D7C\Version = "811072667"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\9E9FD90E4E4505C78CAA858E06886EB9\B272DE8BD2F55FF47AAC7C53257DBFF0	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\3E2F8F9A4A3D09D489006F9839E2EC98\Provider	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3E2F8F9A4A3D09D489006F9839E2EC98\ProductName = "Microsoft .NET Host - 6.0.21 (x86)"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B272DE8BD2F55FF47AAC7C53257DBFF0\AdvertiseFlags = "388"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\D75888F3F1051067D02D00B11BF2E2B0\002BA525AC3991642AA78ED27092AEE5	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Dotnet_CLI_SharedHost_48.3.31210_x64	windowsdesktop-runtime-6.0.21-win-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\DD7FB6FA21B25C0419C9E29C0945BB1E\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{AF6BF7DD-2B12-40C5-919C-2EC99054BBE1}v48.87.64723\\"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B272DE8BD2F55FF47AAC7C53257DBFF0\AuthorizedLUAApp = "0"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\808CC02C5C3E9B847B19B041C51D7D7A	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{0f39db03-9030-48f3-82ef-5384bed81d85}\ = "{0f39db03-9030-48f3-82ef-5384bed81d85}"	windowsdesktop-runtime-6.0.21-win-x64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\307514C3C04491841B33B644A2610D7C\AuthorizedLUAApp = "0"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8361F15F9659BD047857A47AECF64DF1\AuthorizedLUAApp = "0"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\7F53FF62BBDAF9C479AD9721D08BE06C	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\DD73A4FEEF129E34981DC196C91C79CA\Provider	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3E2F8F9A4A3D09D489006F9839E2EC98\SourceList\Media\1 = ";"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\808CC02C5C3E9B847B19B041C51D7D7A\InstanceType = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3E2F8F9A4A3D09D489006F9839E2EC98\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{A9F8F2E3-D3A4-4D90-9800-F689932ECE89}v48.87.64667\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\dotnet_apphost_pack_48.87.64667_x86_x64	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\307514C3C04491841B33B644A2610D7C\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{3C415703-440C-4819-B133-6B442A16D0C7}v48.87.64667\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3E2F8F9A4A3D09D489006F9839E2EC98\SourceList	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{901a4233-9860-4dd0-bb2d-0d86482fc5bd}\Dependents\{901a4233-9860-4dd0-bb2d-0d86482fc5bd}	dotnet-sdk-6.0.413-win-x86.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\DD73A4FEEF129E34981DC196C91C79CA\InstanceType = "0"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\13E50C477853C52439243293464C6257\Assignment = "1"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\dotnet_apphost_pack_48.87.64667_x86_arm\Dependents	dotnet-sdk-6.0.413-win-x86.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\windowsdesktop_runtime_48.87.64723_x64\Version = "48.87.64723"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\13E50C477853C52439243293464C6257\PackageCode = "11B7F9B6C2F08C54F8792383C18AAF82"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\002BA525AC3991642AA78ED27092AEE5\MainFeature	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\dotnet_apphost_pack_48.87.64667_x86_arm64\Dependents	dotnet-sdk-6.0.413-win-x86.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\002BA525AC3991642AA78ED27092AEE5\AuthorizedLUAApp = "0"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E29CE2D8309552B4496081B2E8AF38F4\AdvertiseFlags = "388"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\B272DE8BD2F55FF47AAC7C53257DBFF0\Provider	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\netstandard_targeting_pack_24.0.28113_x86\DisplayName = "Microsoft .NET Standard Targeting Pack - 2.1.0 (x86)"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\78FE739DD11F877479C37BE171F8590D\Language = "1033"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\DD73A4FEEF129E34981DC196C91C79CA	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\DD7FB6FA21B25C0419C9E29C0945BB1E\SourceList\Net	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\307514C3C04491841B33B644A2610D7C\SourceList\Net	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\78FE739DD11F877479C37BE171F8590D\Assignment = "1"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_SharedHost_48.3.31210_x86\Version = "48.87.64667"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\BE3E5325A595AB443B7CED4E083B14EB\E29CE2D8309552B4496081B2E8AF38F4	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\78FE739DD11F877479C37BE171F8590D\SourceList\PackageName = "dotnet-hostfxr-6.0.21-win-x64.msi"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\DD7FB6FA21B25C0419C9E29C0945BB1E\SourceList\PackageName = "windowsdesktop-runtime-6.0.21-win-x64.msi"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_SharedHost_48.3.31210_x86\Dependents\{901a4233-9860-4dd0-bb2d-0d86482fc5bd}	dotnet-sdk-6.0.413-win-x86.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8361F15F9659BD047857A47AECF64DF1\Version = "811072667"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\dotnet_runtime_48.87.64667_x64\DisplayName = "Microsoft .NET Runtime - 6.0.21 (x64)"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\DD73A4FEEF129E34981DC196C91C79CA\AuthorizedLUAApp = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E29CE2D8309552B4496081B2E8AF38F4\ProductName = "Microsoft .NET Runtime - 6.0.21 (x64)"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\16F350F7730518B71214A03200AA04D5\DD7FB6FA21B25C0419C9E29C0945BB1E	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B272DE8BD2F55FF47AAC7C53257DBFF0\Language = "1033"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\dotnet_apphost_pack_48.87.64667_x86_arm64	dotnet-sdk-6.0.413-win-x86.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\13E50C477853C52439243293464C6257\AdvertiseFlags = "388"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\78FE739DD11F877479C37BE171F8590D\InstanceType = "0"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\808CC02C5C3E9B847B19B041C51D7D7A\Clients = 3a0000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\19E070CCFFE56D74289F6902447564EB\BD5D59C9E092FCA4CBA65208D9880D20	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BD5D59C9E092FCA4CBA65208D9880D20\SourceList\Media	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\307514C3C04491841B33B644A2610D7C\MainFeature	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BD5D59C9E092FCA4CBA65208D9880D20\SourceList\PackageName = "dotnet-apphost-pack-6.0.21-win-x86_x64.msi"	msiexec.exe

Modifies system certificate store 2 TTPs 8 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	NovaInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13	NovaInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	NovaInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc41560858910090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000000f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	NovaInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	NovaInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436	NovaInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde	NovaInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	NovaInstaller.exe

Suspicious behavior: EnumeratesProcesses 26 IoCs

pid	Process
2768	msiexec.exe
2768	msiexec.exe
2768	msiexec.exe
2768	msiexec.exe
2768	msiexec.exe
2768	msiexec.exe
2768	msiexec.exe
2768	msiexec.exe
2768	msiexec.exe
2768	msiexec.exe
2768	msiexec.exe
2768	msiexec.exe
2768	msiexec.exe
2768	msiexec.exe
2768	msiexec.exe
2768	msiexec.exe
2768	msiexec.exe
2768	msiexec.exe
2768	msiexec.exe
2768	msiexec.exe
2768	msiexec.exe
2768	msiexec.exe
2768	msiexec.exe
2768	msiexec.exe
2768	msiexec.exe
2768	msiexec.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2588	NovaInstaller.exe
Token: SeShutdownPrivilege	2808	windowsdesktop-runtime-6.0.21-win-x64.exe
Token: SeIncreaseQuotaPrivilege	2808	windowsdesktop-runtime-6.0.21-win-x64.exe
Token: SeRestorePrivilege	2768	msiexec.exe
Token: SeTakeOwnershipPrivilege	2768	msiexec.exe
Token: SeSecurityPrivilege	2768	msiexec.exe
Token: SeCreateTokenPrivilege	2808	windowsdesktop-runtime-6.0.21-win-x64.exe
Token: SeAssignPrimaryTokenPrivilege	2808	windowsdesktop-runtime-6.0.21-win-x64.exe
Token: SeLockMemoryPrivilege	2808	windowsdesktop-runtime-6.0.21-win-x64.exe
Token: SeIncreaseQuotaPrivilege	2808	windowsdesktop-runtime-6.0.21-win-x64.exe
Token: SeMachineAccountPrivilege	2808	windowsdesktop-runtime-6.0.21-win-x64.exe
Token: SeTcbPrivilege	2808	windowsdesktop-runtime-6.0.21-win-x64.exe
Token: SeSecurityPrivilege	2808	windowsdesktop-runtime-6.0.21-win-x64.exe
Token: SeTakeOwnershipPrivilege	2808	windowsdesktop-runtime-6.0.21-win-x64.exe
Token: SeLoadDriverPrivilege	2808	windowsdesktop-runtime-6.0.21-win-x64.exe
Token: SeSystemProfilePrivilege	2808	windowsdesktop-runtime-6.0.21-win-x64.exe
Token: SeSystemtimePrivilege	2808	windowsdesktop-runtime-6.0.21-win-x64.exe
Token: SeProfSingleProcessPrivilege	2808	windowsdesktop-runtime-6.0.21-win-x64.exe
Token: SeIncBasePriorityPrivilege	2808	windowsdesktop-runtime-6.0.21-win-x64.exe
Token: SeCreatePagefilePrivilege	2808	windowsdesktop-runtime-6.0.21-win-x64.exe
Token: SeCreatePermanentPrivilege	2808	windowsdesktop-runtime-6.0.21-win-x64.exe
Token: SeBackupPrivilege	2808	windowsdesktop-runtime-6.0.21-win-x64.exe
Token: SeRestorePrivilege	2808	windowsdesktop-runtime-6.0.21-win-x64.exe
Token: SeShutdownPrivilege	2808	windowsdesktop-runtime-6.0.21-win-x64.exe
Token: SeDebugPrivilege	2808	windowsdesktop-runtime-6.0.21-win-x64.exe
Token: SeAuditPrivilege	2808	windowsdesktop-runtime-6.0.21-win-x64.exe
Token: SeSystemEnvironmentPrivilege	2808	windowsdesktop-runtime-6.0.21-win-x64.exe
Token: SeChangeNotifyPrivilege	2808	windowsdesktop-runtime-6.0.21-win-x64.exe
Token: SeRemoteShutdownPrivilege	2808	windowsdesktop-runtime-6.0.21-win-x64.exe
Token: SeUndockPrivilege	2808	windowsdesktop-runtime-6.0.21-win-x64.exe
Token: SeSyncAgentPrivilege	2808	windowsdesktop-runtime-6.0.21-win-x64.exe
Token: SeEnableDelegationPrivilege	2808	windowsdesktop-runtime-6.0.21-win-x64.exe
Token: SeManageVolumePrivilege	2808	windowsdesktop-runtime-6.0.21-win-x64.exe
Token: SeImpersonatePrivilege	2808	windowsdesktop-runtime-6.0.21-win-x64.exe
Token: SeCreateGlobalPrivilege	2808	windowsdesktop-runtime-6.0.21-win-x64.exe
Token: SeRestorePrivilege	2768	msiexec.exe
Token: SeTakeOwnershipPrivilege	2768	msiexec.exe
Token: SeRestorePrivilege	2768	msiexec.exe
Token: SeTakeOwnershipPrivilege	2768	msiexec.exe
Token: SeRestorePrivilege	2768	msiexec.exe
Token: SeTakeOwnershipPrivilege	2768	msiexec.exe
Token: SeRestorePrivilege	2768	msiexec.exe
Token: SeTakeOwnershipPrivilege	2768	msiexec.exe
Token: SeRestorePrivilege	2768	msiexec.exe
Token: SeTakeOwnershipPrivilege	2768	msiexec.exe
Token: SeRestorePrivilege	2768	msiexec.exe
Token: SeTakeOwnershipPrivilege	2768	msiexec.exe
Token: SeRestorePrivilege	2768	msiexec.exe
Token: SeTakeOwnershipPrivilege	2768	msiexec.exe
Token: SeRestorePrivilege	2768	msiexec.exe
Token: SeTakeOwnershipPrivilege	2768	msiexec.exe
Token: SeRestorePrivilege	2768	msiexec.exe
Token: SeTakeOwnershipPrivilege	2768	msiexec.exe
Token: SeRestorePrivilege	2768	msiexec.exe
Token: SeTakeOwnershipPrivilege	2768	msiexec.exe
Token: SeRestorePrivilege	2768	msiexec.exe
Token: SeTakeOwnershipPrivilege	2768	msiexec.exe
Token: SeRestorePrivilege	2768	msiexec.exe
Token: SeTakeOwnershipPrivilege	2768	msiexec.exe
Token: SeRestorePrivilege	2768	msiexec.exe
Token: SeTakeOwnershipPrivilege	2768	msiexec.exe
Token: SeRestorePrivilege	2768	msiexec.exe
Token: SeTakeOwnershipPrivilege	2768	msiexec.exe
Token: SeRestorePrivilege	2768	msiexec.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2588	NovaInstaller.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2588 wrote to memory of 2948	2588	NovaInstaller.exe	28
PID 2588 wrote to memory of 2948	2588	NovaInstaller.exe	28
PID 2588 wrote to memory of 2948	2588	NovaInstaller.exe	28
PID 2588 wrote to memory of 2948	2588	NovaInstaller.exe	28
PID 2588 wrote to memory of 2948	2588	NovaInstaller.exe	28
PID 2588 wrote to memory of 2948	2588	NovaInstaller.exe	28
PID 2588 wrote to memory of 2948	2588	NovaInstaller.exe	28
PID 2948 wrote to memory of 1448	2948	windowsdesktop-runtime-6.0.15-win-x64.exe	29
PID 2948 wrote to memory of 1448	2948	windowsdesktop-runtime-6.0.15-win-x64.exe	29
PID 2948 wrote to memory of 1448	2948	windowsdesktop-runtime-6.0.15-win-x64.exe	29
PID 2948 wrote to memory of 1448	2948	windowsdesktop-runtime-6.0.15-win-x64.exe	29
PID 2948 wrote to memory of 1448	2948	windowsdesktop-runtime-6.0.15-win-x64.exe	29
PID 2948 wrote to memory of 1448	2948	windowsdesktop-runtime-6.0.15-win-x64.exe	29
PID 2948 wrote to memory of 1448	2948	windowsdesktop-runtime-6.0.15-win-x64.exe	29
PID 1448 wrote to memory of 2808	1448	windowsdesktop-runtime-6.0.15-win-x64.exe	30
PID 1448 wrote to memory of 2808	1448	windowsdesktop-runtime-6.0.15-win-x64.exe	30
PID 1448 wrote to memory of 2808	1448	windowsdesktop-runtime-6.0.15-win-x64.exe	30
PID 1448 wrote to memory of 2808	1448	windowsdesktop-runtime-6.0.15-win-x64.exe	30
PID 1448 wrote to memory of 2808	1448	windowsdesktop-runtime-6.0.15-win-x64.exe	30
PID 1448 wrote to memory of 2808	1448	windowsdesktop-runtime-6.0.15-win-x64.exe	30
PID 1448 wrote to memory of 2808	1448	windowsdesktop-runtime-6.0.15-win-x64.exe	30
PID 2768 wrote to memory of 2652	2768	msiexec.exe	34
PID 2768 wrote to memory of 2652	2768	msiexec.exe	34
PID 2768 wrote to memory of 2652	2768	msiexec.exe	34
PID 2768 wrote to memory of 2652	2768	msiexec.exe	34
PID 2768 wrote to memory of 2652	2768	msiexec.exe	34
PID 2768 wrote to memory of 2652	2768	msiexec.exe	34
PID 2768 wrote to memory of 2652	2768	msiexec.exe	34
PID 2768 wrote to memory of 1816	2768	msiexec.exe	35
PID 2768 wrote to memory of 1816	2768	msiexec.exe	35
PID 2768 wrote to memory of 1816	2768	msiexec.exe	35
PID 2768 wrote to memory of 1816	2768	msiexec.exe	35
PID 2768 wrote to memory of 1816	2768	msiexec.exe	35
PID 2768 wrote to memory of 1816	2768	msiexec.exe	35
PID 2768 wrote to memory of 1816	2768	msiexec.exe	35
PID 2768 wrote to memory of 2320	2768	msiexec.exe	36
PID 2768 wrote to memory of 2320	2768	msiexec.exe	36
PID 2768 wrote to memory of 2320	2768	msiexec.exe	36
PID 2768 wrote to memory of 2320	2768	msiexec.exe	36
PID 2768 wrote to memory of 2320	2768	msiexec.exe	36
PID 2768 wrote to memory of 2320	2768	msiexec.exe	36
PID 2768 wrote to memory of 2320	2768	msiexec.exe	36
PID 2768 wrote to memory of 2328	2768	msiexec.exe	37
PID 2768 wrote to memory of 2328	2768	msiexec.exe	37
PID 2768 wrote to memory of 2328	2768	msiexec.exe	37
PID 2768 wrote to memory of 2328	2768	msiexec.exe	37
PID 2768 wrote to memory of 2328	2768	msiexec.exe	37
PID 2768 wrote to memory of 2328	2768	msiexec.exe	37
PID 2768 wrote to memory of 2328	2768	msiexec.exe	37
PID 2588 wrote to memory of 2056	2588	NovaInstaller.exe	38
PID 2588 wrote to memory of 2056	2588	NovaInstaller.exe	38
PID 2588 wrote to memory of 2056	2588	NovaInstaller.exe	38
PID 2588 wrote to memory of 2056	2588	NovaInstaller.exe	38
PID 2588 wrote to memory of 2056	2588	NovaInstaller.exe	38
PID 2588 wrote to memory of 2056	2588	NovaInstaller.exe	38
PID 2588 wrote to memory of 2056	2588	NovaInstaller.exe	38
PID 2056 wrote to memory of 1632	2056	dotnet-sdk-6.0.405-win-x64.exe	39
PID 2056 wrote to memory of 1632	2056	dotnet-sdk-6.0.405-win-x64.exe	39
PID 2056 wrote to memory of 1632	2056	dotnet-sdk-6.0.405-win-x64.exe	39
PID 2056 wrote to memory of 1632	2056	dotnet-sdk-6.0.405-win-x64.exe	39
PID 2056 wrote to memory of 1632	2056	dotnet-sdk-6.0.405-win-x64.exe	39
PID 2056 wrote to memory of 1632	2056	dotnet-sdk-6.0.405-win-x64.exe	39
PID 2056 wrote to memory of 1632	2056	dotnet-sdk-6.0.405-win-x64.exe	39
PID 1632 wrote to memory of 1176	1632	dotnet-sdk-6.0.405-win-x64.exe	40

C:\Users\Admin\AppData\Local\Temp\NovaInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\NovaInstaller.exe"
1⤵
- Loads dropped DLL
- Modifies system certificate store
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2588
- C:\Users\Admin\AppData\Local\Temp\windowsdesktop-runtime-6.0.15-win-x64.exe
  "windowsdesktop-runtime-6.0.15-win-x64.exe" /S
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2948
- - C:\Windows\Temp\{F2F99748-7F30-4C8A-903D-4133F205B5F8}\.cr\windowsdesktop-runtime-6.0.15-win-x64.exe
    "C:\Windows\Temp\{F2F99748-7F30-4C8A-903D-4133F205B5F8}\.cr\windowsdesktop-runtime-6.0.15-win-x64.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\windowsdesktop-runtime-6.0.15-win-x64.exe" -burn.filehandle.attached=184 -burn.filehandle.self=192 /S
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:1448
  - - C:\Windows\Temp\{D241605F-3653-47FE-9292-671872692FF5}\.be\windowsdesktop-runtime-6.0.21-win-x64.exe
      "C:\Windows\Temp\{D241605F-3653-47FE-9292-671872692FF5}\.be\windowsdesktop-runtime-6.0.21-win-x64.exe" -q -burn.elevated BurnPipe.{4896EE77-76E5-4D0C-BB69-4BA1ECF31593} {9284DECC-2E90-4ABB-BA4C-F56A3DE197E9} 1448
      4⤵
      Executes dropped EXE
      Adds Run key to start application
      Modifies registry class
      Suspicious use of AdjustPrivilegeToken
      PID:2808
- C:\Users\Admin\AppData\Local\Temp\dotnet-sdk-6.0.405-win-x64.exe
  "dotnet-sdk-6.0.405-win-x64.exe" /install /quiet
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2056
- - C:\Windows\Temp\{2EFFEF5E-D9A4-4494-BD11-2B1E33B5EFE0}\.cr\dotnet-sdk-6.0.405-win-x64.exe
    "C:\Windows\Temp\{2EFFEF5E-D9A4-4494-BD11-2B1E33B5EFE0}\.cr\dotnet-sdk-6.0.405-win-x64.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\dotnet-sdk-6.0.405-win-x64.exe" -burn.filehandle.attached=184 -burn.filehandle.self=192 /install /quiet
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:1632
  - - C:\Windows\Temp\{8276FCBF-0537-43D5-9A24-E661F51E8E9F}\.be\dotnet-sdk-6.0.413-win-x86.exe
      "C:\Windows\Temp\{8276FCBF-0537-43D5-9A24-E661F51E8E9F}\.be\dotnet-sdk-6.0.413-win-x86.exe" -q -burn.elevated BurnPipe.{3C09AF9D-BAA5-4DE1-9031-A54F4413D8EA} {5E9F80A8-459B-40A0-965C-E6CB671B269D} 1632
      4⤵
      Executes dropped EXE
      Adds Run key to start application
      Drops file in Windows directory
      Modifies registry class
      PID:1176

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Loads dropped DLL
- Blocklisted process makes network request
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2768
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 86C7A88E24DBCE428C9134B143A4855E
  2⤵
  - Loads dropped DLL
  PID:2652
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 89A5DBDCC1E95CE1D4A303C3A9C00F86
  2⤵
  - Loads dropped DLL
  PID:1816
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding D0AD29E95E511712A01731DC15474DBB
  2⤵
  - Loads dropped DLL
  PID:2320
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 2ED0B2322D8ADC8598E73DDF00C0748A
  2⤵
  - Loads dropped DLL
  PID:2328
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding CAF7E476693EA059D95DEA035ED0059E
  2⤵
  - Loads dropped DLL
  PID:2604
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding B75143ED7D2098A415817B9CC10E547A
  2⤵
  PID:1448
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 5646B603038757D98F4617C2BD81244E
  2⤵
  - Loads dropped DLL
  PID:1576
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 35640E30D2F5B2741674CF5C85090FFC
  2⤵
  - Loads dropped DLL
  PID:2748
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding F8C4DEA1DE1A1C71A26363A78682274F
  2⤵
  - Loads dropped DLL
  PID:1448
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 5EB796DE9E1CB75E0BC3F5BD75AB6562
  2⤵
  - Loads dropped DLL
  PID:1940
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding F3CE492726B6E5414C1876824E52AAC0
  2⤵
  - Loads dropped DLL
  PID:604
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding F6DED43C30EC5D3F019F92724BA4B436
  2⤵
  - Loads dropped DLL
  PID:2024
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 61D6792C53A3B3DFDD9605B40715282C
  2⤵
  - Loads dropped DLL
  PID:2656
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 63CFAD72926CA718245BF48499470DD5
  2⤵
  PID:952
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 3391A0F567CD4DF1B5F547373F1B96AF
  2⤵
  PID:532

C:\Program Files\Windows Sidebar\sidebar.exe
"C:\Program Files\Windows Sidebar\sidebar.exe" /showGadgets
1⤵
PID:2580

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\f770487.rbs

Filesize
55KB

MD5
0065f882a9e0436cc283ecdae84a52a8

SHA1
324b222ea4bdc4606798dfc42947e408c8563d08

SHA256
da0dd9a5bae11b335396cc4d903ab34c9d9d35b77315555633d26c3daa4a8a1f

SHA512
f7a6d546976e81097b9290b7e4e6554b4fe35a6e9c04e4bef071d0d3a13abfc6fb71710c382811390ba07762a9f3049f52e6b689a240cc2f44cbbf29cb0d1a38

Download Submit
C:\Config.Msi\f77048d.rbs

Filesize
8KB

MD5
7de58e59c79832df518524effa3c2cbc

SHA1
380ee5484545fbe6da3899929df8b489473976dd

SHA256
e908919fd4b963479a5e203792a48f7c3040026e11ea813835433825dbeab978

SHA512
09b3f333491fda27623422b36f282c78e05e23c932554c92d53317542b8acc073cfa57d4e940dfcb18bc27ed32154c776854375fc218b8a36bc71bdca922c546

Download Submit
C:\Config.Msi\f770493.rbs

Filesize
9KB

MD5
bfb409f47fec5c4660fdde82a3b3cc10

SHA1
570b576c6ec76d13bd4819a9011df4ef41e8c1fa

SHA256
ab6f911771a01c4306bfaa9c6761547c9d29040e04404f1ccfe0b1c80bc5d911

SHA512
b5131e8672600b7c9fcfbcd56f89f0b46b9e1136eeb1275f228874cd61707171d22dff4545e61ef1462c434ccba46413c6d42962d85b1dace5ac05960c8c7cf8

Download Submit
C:\Config.Msi\f770499.rbs

Filesize
87KB

MD5
7bbda99f58d1a63b91aba2457a6f27a1

SHA1
7c72d7015389ddf7a0a97b5edebfc6e8948e7440

SHA256
538f2d9936e940c6c2602f75bc042e22e59207eea2b34608a33bfe91d1cb9fe3

SHA512
2b2404652e1d45ac037c7589742472caffc7ac83efaf8cf802ad0ac791730c58df263b71a6ca0f1359806f41a5a24a2a16a49d08f20291749c3bededb0bce29a

Download Submit
C:\Config.Msi\f77049f.rbs

Filesize
56KB

MD5
3f314f88530d4a5feac59fbd8fda9899

SHA1
17395b89058e38d15c25809e4e54dfd61d504f54

SHA256
429cdcdfd2804c7c540896ef745cdb3aece6a077da5ea8f9aee61b8852770dbf

SHA512
5f1b1feea4bd8f5d68d756e2c96155e28e6a7168dc7828376ff5c7a6c9a938c3ed44213ec1e5323a4f8694f9964b72399aee0a664c2b5f08705fcca3b8770b30

Download Submit
C:\Config.Msi\f7704a5.rbs

Filesize
8KB

MD5
c7685d82785c7382a055f75468166924

SHA1
71b34f84ee5e20bc29cdf862e7745c9c83b05c93

SHA256
6099b187f039f792c7f58078938e86ec95675e5631c179dadfc14b6d3210047b

SHA512
a8ff5f3542fbcc93173a2331b98ff5344f572e9b18f7e71b799c7c1b0de275f62fef8d3e4c58fe631ae14162d3acbd42e6a05dc936a85ef0cc2bf6ab5f30f4a2

Download Submit
C:\Config.Msi\f7704ab.rbs

Filesize
9KB

MD5
95d4161e3a363d1bf93d8a076eb2cbf2

SHA1
0b37ce46f282c1e5a22a64895c9ce2b4fcab7c64

SHA256
c70cfd4bb68f84dd049965ead4dd55e7a56d1d9f763c6467211ad496f9b66650

SHA512
3836e624367d1fe727d3557acffa9abd4f52f34968f269dcb2b3e30ebf485acc12003f29a281071196c6634e53686a6bdbab9789681cd300fe3b2d834ab949b3

Download Submit
C:\Config.Msi\f7704b1.rbs

Filesize
73KB

MD5
8c493bc2cad32281cbd59732dd2d2ad0

SHA1
2c4b88239304af17d8491eb4198d657d0e1fc1e2

SHA256
93873d29b6dbabef4274dce5ff1f49191344f5c85ec1d58987bf34041a88409e

SHA512
770d3dccf7a2a7a5a2619b3bb90d87cd00fd67650731dd665449f780c7e631829299eb5d8224d6655ce08816c56c45811c9ede2ef724f054fc1a218ee33cb2a9

Download Submit
C:\Config.Msi\f7704b7.rbs

Filesize
10KB

MD5
32e79161c5f85a4395cb244afcf19460

SHA1
8837c1717358f56e6eb079b593f586102de5c4d2

SHA256
3b177c5ab266bb69dfc02fe494e882eac8d0b5f8ae0b875a0562f51c5808b572

SHA512
d56c00b418dfc82dcf7e6c9d2240d56aa1575c1f1e7134041227d4a64a053e8a354766978c23f482678e65dc7652ec2701398c2183e61e6a7f291223dcd105a4

Download Submit
C:\Config.Msi\f7704bd.rbs

Filesize
10KB

MD5
78a35ae1218e21e6a3a13bfd2554d69b

SHA1
b8ecf4a89da5ec0559a85ab35155b761e9ef9b2d

SHA256
80c00dd0b9a9793cd0944a9de96c9cf649ad132bee9120f6443505e94b0b095a

SHA512
84aa4220a6a8fc08554effe22fa9dbf53373258c5221baa68c29cbd68bed33a920013ec8ea1e2e728920600b28c3d99cc976343b0d6091206cd120aa1ec98d5f

Download Submit
C:\Config.Msi\f7704c3.rbs

Filesize
10KB

MD5
7e6cf04b7aef29f0c63034b748695f9c

SHA1
5ca827200b26270e4e28393f592902a63701730b

SHA256
e22d6069333963ffac365afb8f916d40979a4a15d7765185c9e0f44469cdaf37

SHA512
608904a85d4bb784f08a6264459ead2c69fa2c77b3d6d90a9d9b2e847fddfc1c050fe0c23b337e3a5ce6e504bcdc3f115682cdd690b7c8bb31f493107bdae38a

Download Submit
C:\Config.Msi\f7704c9.rbs

Filesize
10KB

MD5
8fe21a3d5a521c4b2183101bfba17cc3

SHA1
4f4872754356e4b2786a606bf40dff1092a3183e

SHA256
ce80a4bbf6cb0e0409eb2bcbea24590dde66503106fea772b44a9e6226d37c18

SHA512
3ba51686bba0d25d0b9cab8ba3e18231742f5381d746e06eddcfd352eab2f0bce09d11025fb69f4a6294750f254c71c2dafdcddad9d8ed50544561d5f3a78b61

Download Submit
C:\Config.Msi\f7704cf.rbs

Filesize
35KB

MD5
c7362439483947495428411b620ee5be

SHA1
56e28082c986aa362c1352d780d71216726a2a55

SHA256
6cb1ca83e0e3d7986cfc80edc65bed3b9c8df3b9391c57e3166b90cb412bfde3

SHA512
3d1597433d54e4aa7ff2dce10ec0bb7b710a6b8f5e7dd823772ecf053745e67d6a1e7f588afc8482af27df3ed340e08738b8c28abe53b8a01a2c72ae513f15a6

Download Submit
C:\Config.Msi\f7704d5.rbs

Filesize
90KB

MD5
8acb1bb33a8e6efff7c7cb60504bda4e

SHA1
8d5c054c963200532723f330ff55eeae9a21c52a

SHA256
a707c59edf2a989b0a3730a97b6044511e28b4976deb5aa5ba57dd8283aa489f

SHA512
676b638dd302425fbb426e8793a920f039c3af2d3d760aa8395216f6ace8440b738c51e30407832d1b94e812dcdb9e6b92e67f4fee7f2ce167585094ebe65575

Download Submit
C:\Config.Msi\f7704db.rbs

Filesize
41KB

MD5
bed04ed8cd99f9d42541d6743685ce8c

SHA1
7cb35e8846a6d4a8cb116e2f9d684886a5c37e80

SHA256
1dc6e753c5697cf62c59f9abda5b97e25c197699a6817aa83a0bdb7696be2504

SHA512
2bf55259d05de6dea63b8b8ba4b5fec9589b5e285b432f3ea825dedc2328ac9970c1970de3a7ccd04b42d77f7e7f2364a370896e1d9d0e36e3bba22e32852882

Download Submit
C:\Config.Msi\f7704e1.rbs

Filesize
77KB

MD5
a521d27625c8aabded88e6ce731849b7

SHA1
30c221086ac3cadfa18aa174740036a869229272

SHA256
d7015c8f9a6eaccb2494d0c728ea6b95f1b3c8599156e7b8086d9e43c8fb66f1

SHA512
c960cf998e14a6ec7ec99338cd096b23e74a078144d9e1c7ed368dd918daef74be4f3fd295af78df3da8f5ab883d0d269dd476a891795db3227379b94f817d1c

Download Submit
C:\Config.Msi\f7704e7.rbs

Filesize
9KB

MD5
eaabe6396cfcd1b54713c5693cf6fe2c

SHA1
64ec6323f8a5e83c55472c6376ed4206555efbec

SHA256
d888c14f781f40ac97840dc30c4ace87c7c519ffb1fc1e0107259f91031ca556

SHA512
beb2e405607accf72d53810b330ac45f4ae13bfe52df79cefa4107cb824b79734d16e71eb42362e81b3813d34bcd63e382c2b75be29b96bbf81dbe79d64a74d8

Download Submit
C:\Config.Msi\f7704ed.rbs

Filesize
8KB

MD5
39bce55f9588767a0df55f218d23956a

SHA1
84d7fd3adbaba7be8a00725879c392bb10066c21

SHA256
f4542bba7fb1aa6bbf4a0061f2aecf89df85126840fd79536cc0ebdac3a99ca9

SHA512
ee0f3ba75aad24cd4d6d3785cf34a692422fc24684f3de3582c4bfe47120b5112f9b895c592eda2b0465a15be44d44ed6daedd7ccdaed21f608be4a65f7daa23

Download Submit
C:\Config.Msi\f7704f3.rbs

Filesize
8KB

MD5
a882cf8bbb957d5474731cfb6769f417

SHA1
cea7b1e818217a7eab16ead328b3d4f5a06fdbd1

SHA256
2c6190794b93c24a8815ad7dec6cbede58b82b44d4051c7a5175ad9b01b292cb

SHA512
ac6ee7a51cedb5e2de7f6f0918335e8e571553e60ab61241111620f616cfc2af160edeb32eac522e682c672cc82240609cc0d1f09d68277411005e4b50c48f94

Download Submit
C:\Config.Msi\f7704f9.rbs

Filesize
8KB

MD5
390f4168f6b28a0a7c37c8f074fdd969

SHA1
8582afca562c1b745cb803b6644710612ce5711e

SHA256
c1bc32f8ecd04372d460a9335f11fd74f6bcbf8647fb103eb41b43aa0b5143ee

SHA512
fd76f396b14332bf592a1cd9e634c6d7d30019950df3eb0d8a86d30468dd169fdfb7fc32f2119d74e4ffe812ff88f62ff8100cb54fdc1a8a6023f153dc115c95

Download Submit
C:\Config.Msi\f7704ff.rbs

Filesize
8KB

MD5
aa39bd5a2253a7befcf68932ecb676b1

SHA1
3dfeb48aa9df97f224ff3dc196cf3788e76dfe06

SHA256
9a4d661773341a50a99aec95ad88b0a2635dda086f3a86a5b3d57156c936c96c

SHA512
87f90d948fbc7c4d83a1d1e3483a37d1851e62ba8556ffee81a0c65e4ee78e6d464140b3cfaf1095bee093d4aeb68c69969d7876cf9bf1c73133a2759bb0bc15

Download Submit
C:\Config.Msi\f770505.rbs

Filesize
8KB

MD5
19743098c6c68a8ea83dbc15ca1904ac

SHA1
086f443ba89c1a81f11b4939f87e86f50695bb03

SHA256
07936b3bbd45388503370d878f04d24d431682b9cba600e3de35d872427d2031

SHA512
ebad144a0acbe7cddda9e51955a656adcbd86304f0eb93e182c2636055e996616c5742def1fdd958a691271c873a5548e965c9e7547ac87fd05325832b7e0d54

Download Submit
C:\Config.Msi\f77050b.rbs

Filesize
8KB

MD5
d93fc9c500dc3dccdef20797a899d1b3

SHA1
569a61ebdf8a278253d57fa76f038359ba2a372a

SHA256
0b1aca1df077305f1e6e060e66e521fd97de439aa92e44ecdfd5c43ead546135

SHA512
8e202af922daf1c7f278f2fc36a1c67e2a57b09cf7e7f1193b0ae4dcb71effe702c6f3636b92edcb770a2258b4e2ecb214fd840764fc5b7188292ab5a8021dae

Download Submit
C:\Config.Msi\f770511.rbs

Filesize
12KB

MD5
2a3744db4aa14e6ba3a770451a71a676

SHA1
2343b884e6de515e811daaba61dc9348440abc2b

SHA256
02a4bd8f2d96bc6b590abfc995074b4986b48b20a6ecc1b957b5a8a6d0329810

SHA512
801e6c0e36cbad4b0428a36c415aeab33bd26669ae5a37441f0158895080882bbf70e91f0cd97e9230d85d3df569a8cdce6c949744fa538294b0d86e909e8582

Download Submit
C:\Config.Msi\f770517.rbs

Filesize
8KB

MD5
f765d7a06128801cdbc5bc48941c61b4

SHA1
bd7fb8f25c346948876d18f6a6975d459a88a7e7

SHA256
f4888d7d88413fc0e33fc72c54862b3c71301f5e68eb22275f10166786a48b13

SHA512
f4b7a7160aa7962cc8e050535cbc0c52d769e4cc43d0793b6f79a14712c46205e7599327d0476086f1ebeb2bcff7b1cd6d5355255d44801b30f8eb4b48c61aae

Download Submit
C:\Program Files (x86)\dotnet\sdk\6.0.413\TestHost\testhost.net48.arm64.exe.config

Filesize
3KB

MD5
b0d3eb198fba676352e90e9ff7f48ae9

SHA1
f2065f68a58152ed774726d14a60004e86026416

SHA256
1e2ec47aa9fe319ad598a2e6306f25f75b9fbb6edeee86a912d7ef5368c55478

SHA512
e061022562747f25cc9d60a1f98e3296e98e3930ebc403cafc4c1a743f59bee2c3858daafb9bcda420392c271310a345d204fb2059e846ae163f994b2898ee10

Download Submit
C:\Program Files\dotnet\LICENSE.txt

Filesize
9KB

MD5
31c5a77b3c57c8c2e82b9541b00bcd5a

SHA1
153d4bc14e3a2c1485006f1752e797ca8684d06d

SHA256
7f6839a61ce892b79c6549e2dc5a81fdbd240a0b260f8881216b45b7fda8b45d

SHA512
ad33e3c0c3b060ad44c5b1b712c991b2d7042f6a60dc691c014d977c922a7e3a783ba9bade1a34de853c271fde1fb75bc2c47869acd863a40be3a6c6d754c0a6

Download Submit
C:\Program Files\dotnet\ThirdPartyNotices.txt

Filesize
78KB

MD5
f77a4aecfaf4640d801eb6dcdfddc478

SHA1
7424710f255f6205ef559e4d7e281a3b701183bb

SHA256
d5db0ed54363e40717ae09e746dec99ad5b09223cc1273bb870703176dd226b7

SHA512
1b729dfa561899980ba8b15128ea39bc1e609fe07b30b283001fd9cf9da62885d78c18082d0085edd81f09203f878549b48f7f888a8486a2a526b134c849fd6b

Download Submit
C:\ProgramData\Package Cache\{0f39db03-9030-48f3-82ef-5384bed81d85}\state.rsm

Filesize
960B

MD5
1794a09d2661c87d884c5c30e86e9557

SHA1
4e37d06b293b209bde8ba007d8705493dca08eb0

SHA256
7179fc65fbd810e2c75868a66938035183a71b719b3378dda10ab6078aedaf2e

SHA512
2ee6823e7053071a8d6639ad215499473853f2166f563dfedaa6000af28bd9a99e99a711c5c9f6a5e25a4279cb4e68d7dd2ce35c243b3922fad56008173d6140

Download Submit
C:\ProgramData\Package Cache\{0f39db03-9030-48f3-82ef-5384bed81d85}\windowsdesktop-runtime-6.0.21-win-x64.exe

Filesize
610KB

MD5
ff67a2a55ed6998ab527273d547fc00f

SHA1
852712b95ca05de8f336f07ff9ac672281b91215

SHA256
71dc12e39274b7a94f1a44b1ebe1a1507adf9884db5fdcd4cd9346b4c9fbe0c9

SHA512
48eb6bcb087d23ffb4e85501d23e55a4a15e8e0d2b4ca402a46df5946640f7e33c47deb785142af0fbc8cb10b6f9731500a370168cb43fd02642b29a880151d9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
961cb806665784a24ccf2d296206e446

SHA1
bdff4b74bbac39c05d781430e1168070d6cfd19b

SHA256
4916ae705348955353ae6eb8e340c9dc67226bf34adeafb946302d147ad0bf56

SHA512
f50d739b7965004f0dabdafd56bae535b2125ac867d88c0155c6bfa8809a50ac8d9be26bc527d64329f915eb5fd63a6311884e8f190cc9c5b21e27e746953395

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
71f9e7a3b46315172644edc5cfe4d14a

SHA1
d0942b3dba84e9ddb23f49a2cc9cfcdaf271e16b

SHA256
0693765d1eadaf68db97154f74a9c1e014bc43ab271d3372ab81b416d20a1498

SHA512
03d1dbea20a63e1c9a28a030fe9d853fdffbca3ce084997ea92ff7d573fe74f320e722f4853fce6bbe3bceee16db6b9c2774c7173b8438dc4c34568179567f7d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0832810ef97c20e21378510b3d9b7ace

SHA1
d0acc3edb3d4ab6e4160732db0b5b328b62060da

SHA256
d3c69a8d0777eae1119e23d80c6a292ddcdd0191c6fcac928d70730c872346f0

SHA512
594359603e7309aa1ee23a20607a281263d5468e9aed2b55b3475b8eb7d4066a1d8b3be7e4ab10eec29ee26353ad455c6f1130fedab49af283213fa53bb1d040

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d3270b90a5af85e738d67e205ae6ee58

SHA1
64584431c25e15f849cd8645776e1b169d3bf242

SHA256
97b8b75faf9ff59a4de777beb3f271a8926dd7dfa60681618a0c62e5385591db

SHA512
33de9033bb775115eb49a1fc1b4f0dda3dffb0c531bf96d5402940b5f37038f4d42746f1b583bdd0d8f9d2a39e24a1962430e94e0e75d86da25fe6b36bd3847a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
efd390632eb01e040f646aef570057d0

SHA1
19e7cee99bfcb8aee07c47f1394e286d22a9bbe2

SHA256
ab842b0ef2f90243e123b26506442b48303dec92cb0f625410aaa7a406ea734e

SHA512
652cfddb7abea44da04ca706197b5d7089c3101d51357f6632136094a131c9d68b9c9ad261236665028919b808a2d1f9bc0183e2462793fb0aa19a542082fcab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3f88f80570d80880dfbde0baa0e93ff2

SHA1
ed0ed17295ae6c3ff67b34f784a91cb103450164

SHA256
004fd07ea06f5a2f73c5f35a52f2be3012c4af492d8660024a1ff86a8ace16b0

SHA512
3f9e7fe235716e5d039a32f4385d82a261aee28e53426c2c6fd6e8252fb8d9beb320e492f0521d062ef2dcaf46ed416af8638f961ee88c633128d949a065e47f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b70e7a347f527a9fb1dedbe99e551cf2

SHA1
7c065564c71c0217aa67873b8048911cd52ef111

SHA256
251a33722894897f69e8632d27ec24fe1c7566731f2268dddb110f42e1cc0275

SHA512
b507d3de32becf0de285ac28220c704b653a2340121dc6bf3ad0018fd796105a1f6c7713a5a03f1da36dc8a06b5cbfe1428b5cd58ad024f3d04b405be31da724

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
34053e774a3a4f17ea5e8da253f6eaaf

SHA1
4d5da51d417807626dd5780245b3e05ee97b3232

SHA256
8cead14cbacb690c21c7971a7fb0b18e7abcd829aa274aa6493c27a926bfe46e

SHA512
605b68499d0ad3f4eeda6e7855ca3d59fbf04f554dc62c6e6b78130227fe4357ffe203215c49a4178c2b339c1167f722c1c2087a4628e7d96b9419a2e327edc8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b18a12443be3e111c0e7633c3d670261

SHA1
cbc0c7455bed01c6f37de9d592a5f97e41f588af

SHA256
06c3696bca7e08fb08226bddb1a94bbc8c0f8e12fa1484eacd73958e45e5c97c

SHA512
668d99d71c4c25110d2496fa037e29a0f2a0ef71f1456dcde1dd7bebc49000cab46f7d6d5fb1a634fe1c715b8ff6979fb5eec555a35f866c3a2aa35c9c041337

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
87820bd5ace9007527a08f44512b38cb

SHA1
f8c78b62772da2b9f34947273fb601beb4ca9b80

SHA256
21d7ee36e80725957e479381414d7dd8ae8aa5f5a1dd68ef0e2eafbe8d87d284

SHA512
651b8e3e634f71656604a65c6e212cedcb0b948f89d78a1669ea235cbda171bd3ca0244f7aba1c05477a5c7c1d382f87eedd70cd14b53437763a19ca3c016099

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d891b565ba4e20bd206f95a0d990d0e6

SHA1
0c62c6bd4b2943d763d146c62870a58fcf9eff32

SHA256
198f2f009fecd09f017fe083a64bff5a7af88e73dd856532b3bb0f4e02b24697

SHA512
6619cbeaa6c233c1236e0f283766a99be66d2b9f9d1d2a7d65e52ab72e3c74fa07d72a733b3ba3ed8bfc7264b4ea3f887bab8b94afced0a46d6c0fbf2d037f7a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bd4de0a255933ac6de4a140168c1b81b

SHA1
a58792bded47e9e7f15a757b0d327922ea217f6d

SHA256
b5e8595c0baa070cb562c0b1f257985f1486ae10b8db516b017d49423686369b

SHA512
e278a55b6f357e7cf0b814300e6bfaf8c523ad2195c73f0236cab5553f2bffd54c50bb1a75586deb695c8180f291970f4f954659f9fba69b354bf93d851e94d9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d1f388adf0f380f0be7682d12bb7cbf7

SHA1
f5f9ea25a79536836b6f9e719a0f7ec0a9ea70a2

SHA256
68a16196b708f60123c8d4004de913f283c225a4c51347fef5584a7021d7b253

SHA512
1f5562dbfe3157f31a39ec90a9d73efe0ea02101f5745cf0494244c6bede7840b7b08654a920cc472462da76e2a3415ad514bae8e384e6812c0540be44b9eab4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4981e4211dc541eb8145466e48c26112

SHA1
8b105b0016e71fa6ed39a48ca64c98e2208893e6

SHA256
d2d4a5c3b4237509bc662b9399b0165eee6709205d7ad495ef70b19741fc6773

SHA512
e42a839531e73b187e8f75cae9c407c72a9da6087dac07c31897570e73c0e6c83a7cd2640d4a7bd9623e5b96f78658112c5da381a50f2f5617fe35c9714d4a82

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
be1c94b232283506b9deaf96d190fc37

SHA1
be11eec1efc4292a800670201fa4e638e5f2ffac

SHA256
f66bcdcde1674f959beb3de5f2067b5abbd038a50741bfc0f59c13dee7dd0420

SHA512
24d2bd1fa426db449c6b991263d77db12cf08d6a6cb4019f9036ad8be45591476b481da6614a93125ab3f254b540dfa28a7e686c2c7d258fb57d6eb9007a5697

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ad89005ad2999b3bcc5f52327bf6eccb

SHA1
4189630df668842fa98fca23ff38a79759db9e62

SHA256
b9a3fa85ef3455c60681d40db80f314fcf35cac7a585a222ac2a6cd2f8d38cdd

SHA512
ae57d60c3aa3e36b55ea1359ac5369c8b7e3c3fc99e0f1e9192cc18d3994ac1041e936ec857002c2d9c701fe5999a0fc73fc539f62973c2ce13a81924dd73ff0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1900ed23b7749c359e935564f10e9d27

SHA1
f9519f306e19d5417d454466ab5d9d15132d1fee

SHA256
f07038d4a7230939d8d728eef2bac60dc04871f113bdcfed45c80f5d35d63d37

SHA512
dd5278c7edfc25375be61c012c4922b2c8eeaa24469a7f358534cad264edd27367b5909254ff9537bbcf91b64a9c270165b82674572de56e5248d199e2de1b3e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c576a81fd4dc08cd81c7c1cf08e58c15

SHA1
c5a687a49c0bcca5ec07343fb11128cf9cf29a37

SHA256
4ead3570a508f2cf53293ad97029eec9c0cfd89f944d736d72e70db16223bc54

SHA512
941f09eea3c9a57b2824abe4fb67582de632ea3572bca2fd15736ebcf4866195e67e0766fedddbc5cdcf6ed4ccc91035e0de8ef5ef092a3d716530f0878c7c47

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
37b1e2cab72fafabcd8bfec762eee95c

SHA1
7d034eae79669e505478ccaa14cc67cb10302cf7

SHA256
b744bee98938940564a3a3d3f89ff3c237062095bf97f8153828d0d4039f1cf3

SHA512
958e60b3355e4afa2072e120334795fd03dc21bfeeb927bf08ee14db790d467dda6ebeccefa570e75625709e10aa4f6ca5c0c39c4f0970fbb16b0f4b69d75ce5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d4c8c33d976d6d5713292e2462a4ba1e

SHA1
77ec6768d162494f56a4e185e0ebbb078bd5b021

SHA256
8c4335399d0f0b81303f83ef92fae24b8e259dc0c1aacb01fa7efe31aabae1fb

SHA512
bc1cc160f58071fb5a5fc3896c11b4cb173abc268cf106e21be3603d8f6dd98e29324ef027c9d676b9f7a8c46f1eb32163184c49d0f4c63b9e86b2bdf4c75704

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
66efdf687246c4e267cdaa1ef8bd19ab

SHA1
26769353a87fa7ccf6fb045b1499dd2e72860132

SHA256
11711b7e9254609728221c5d015bdffa96a97d39442f8328cd0687796b17d33b

SHA512
1eb9e8a64cbbfbd86d94d8895c70b29cbcf397d2a7f7ed48564a7fa1fab68d547f84e9c1138c3cf50e35bc3d1d36c63f3710bf2ab13186360b1169e06813cee3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8f603ae9404b4ca53e246256004bf631

SHA1
9896b673fcd5f51658cfbcfa157b1aeb5ec1a19b

SHA256
19f43a3cb59ba24ccade957e30dfbbfd3ecb27f88f05207cb74f0bf2567429e3

SHA512
24c116accd3b2a4d1fbcf5bfbe282ff4c4a18814e56375343d5627877b2de03e973e9ed7a77aa13e39a94ccd783f1c6030100d6b0073ba94ffad4cc8d549af78

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1ddeb3cf6eb64fa3d647e7db25675ec0

SHA1
cf2f17d48d86f7201c5a81a743f0d144e28896a6

SHA256
15ec81bf01faa248ee4880548c323c76eb7b9092964b08c33fc3e54a33e390a2

SHA512
7d37527f1275fcee140d447274327ff48adfa64f89f36128e0c1594fea01d953d1bcf74b5ec628b16bb9334feacf8047e525cff2ab4fb24e18a0b991f7263332

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
04e8a254c825bf30d5c6220d42fb0cf0

SHA1
3d1f83af1dae11dbdd4c28a2b7e86a287fa4f985

SHA256
ceb4888246efbff651fdc4f35e5c29fef7b1ddc77e8a33c33fa9f69b7fa7c662

SHA512
f034e1cdf208dcfa464157a521668e1ca30df14838013fdbccf98935cfeec3fbfd2a95be5bdf08f05609104bf71d5978a66cfa8fa5b5f258fbaa37aa84e2596d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a748a3d65b7c3d6e63058c8b480655f4

SHA1
645a908344b1f627b7752af8ae61fb6e730602d3

SHA256
b1797431bd27696972b790909a488dcf7a659f90e28da66db2afb93bfc8a25b6

SHA512
68913a285b82bfe9fabdb34dc66bae390bdd9322aec530662b73c0516d90583d735c2050f8a96c6b9c1b0c9f7f1292abc86cd2f8c56532bfe86df45607d0307d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6fc1f42d26b2a43a9c8fd6add9b2a5b5

SHA1
d571b4b95fe6757f5aa7481507046bf8d070b99b

SHA256
86286c315f5de7a4d1d90f18f2d41e331a99ba5899f0d32b855eb1ce3e3808d2

SHA512
ba5b2cf2a9a65963de4873caf8de6cbcf9e1652896ebfe44601c81948445f6a714c411af841445485d9c5499e9e30f5fe2768e5265eaf689c02296e5e10aa45a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e4d3f197c1b67fb991f5aad2023e6ea8

SHA1
2c98b32c4d42f5ad7a951ea4daa439e3b0ba8fc5

SHA256
f33636610b557670c40c735655d6f4d138f6beb731cb1e27ce30e4731529c904

SHA512
dfa806cd6cc939be00b86941acd432368b3d0019002acb6a03b4f403c0bf9b1a23f5f1626538c5f07e8e3b5352f54c21ee828958d99068848f5e8fe877337eac

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabC209.tmp

Filesize
61KB

MD5
f3441b8572aae8801c04f3060b550443

SHA1
4ef0a35436125d6821831ef36c28ffaf196cda15

SHA256
6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

SHA512
5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_6.0.21_(x64)_20231106172320_000_dotnet_runtime_6.0.21_win_x64.msi.log

Filesize
2KB

MD5
38ee05688923138ddbb7636a41967a96

SHA1
89da9815f909f5ecd57c2536b1c6b0576c8e36ee

SHA256
b2f026d4c96ce2500cd3038e435bdab9fe6aa7910fa4a45abd9cbaa7a7c880e4

SHA512
ef7514d132156647f723f2450978144cff41df2cd29dc984d7c96fca32c063e99ed1b693f62f08b3e4babeb84499bec2fdea4f6558693a6f12b83e617a63a590

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_6.0.21_(x64)_20231106172320_001_dotnet_hostfxr_6.0.21_win_x64.msi.log

Filesize
2KB

MD5
32a2fb4b5cb2d71c9370dcebb522b742

SHA1
cb81b7478f7e17394df2818c9473599b77a0a2a8

SHA256
f73ccd070ceb6176d3224528249bc269b11af800ab268bc613e7f812e9d5f30d

SHA512
5292678f8424ce408f53cd29c0cb7f6f9221e80b4d5761004d703587c2bad0e338c134a308b21dca4e2db8573571a479bd974bbe34e567e9de915161f136683a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_6.0.21_(x64)_20231106172320_002_dotnet_host_6.0.21_win_x64.msi.log

Filesize
2KB

MD5
e02c76086e51ca06cb2583e0cce86ac6

SHA1
00823409ba21335b10334e8fc9dca4b89fb8f146

SHA256
620b3fcd38b92f0cba266cdce624ebff3994605561f9cc0bcfa08ff62404c95f

SHA512
5e4c7997abf5ec63cde1fb74ff543e2b8fed35fa1b08029b9d463afdc125961145381c2568157eaf75dd8ffff9c5e9e2d3ab703149c5aea3157f973a3dea1ac7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_6.0.21_(x64)_20231106172320_003_windowsdesktop_runtime_6.0.21_win_x64.msi.log

Filesize
2KB

MD5
a52db8bc1b8a6938fe3f2d78f5599052

SHA1
9103374e10a7ba80da43e7df08b4154728aaebaf

SHA256
a990fd29aaafee679ec41ac51a3654e5fe8470c14c680ca72dec3bfb0771c392

SHA512
0a67e35f61166e0e5ecacea30a16783da232b0fdf3b38adf4757ba61cb593b4c6f590bc842b81d1ec39671dd462bd711ceffe1347f1e195b1282f91c29b01b39

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarC27A.tmp

Filesize
163KB

MD5
9441737383d21192400eca82fda910ec

SHA1
725e0d606a4fc9ba44aa8ffde65bed15e65367e4

SHA256
bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

SHA512
7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

Download Submit
C:\Users\Admin\AppData\Local\Temp\dotnet-sdk-6.0.405-win-x64.exe

Filesize
185.2MB

MD5
8e003e67ae8154be6e4efbc2f788a631

SHA1
99cf7157aba3a64ae9a5a17eb8df81453bf9fed8

SHA256
ee634896a21a1a49b811efec9da39b95a564e764b87143ce424000c0ec6cfa04

SHA512
e767cfa0664630dd325ddf045bbee5e562c8e966a588a711f0dfba0e6458430ac3f2062c400dabc9d1e94fe7a2a592340593f6fabbe75e951fd6a31cbfe10727

Download Submit
C:\Users\Admin\AppData\Local\Temp\dotnet-sdk-6.0.405-win-x64.exe

Filesize
185.2MB

MD5
8e003e67ae8154be6e4efbc2f788a631

SHA1
99cf7157aba3a64ae9a5a17eb8df81453bf9fed8

SHA256
ee634896a21a1a49b811efec9da39b95a564e764b87143ce424000c0ec6cfa04

SHA512
e767cfa0664630dd325ddf045bbee5e562c8e966a588a711f0dfba0e6458430ac3f2062c400dabc9d1e94fe7a2a592340593f6fabbe75e951fd6a31cbfe10727

Download Submit
C:\Users\Admin\AppData\Local\Temp\windowsdesktop-runtime-6.0.15-win-x64.exe

Filesize
54.7MB

MD5
1a6d60add2d112dd73e83fb46dca474d

SHA1
8b374a54f508cfdb8c8176bfaef96f37edf7170b

SHA256
aa0c922c9c65f11b75747343b4711a0bdc8dc8ac1bd38da7c3ecd01ce28c8545

SHA512
49192c5141bb04dc19483e8b1adec9c6f56fa54ef8c55e2f4fa4aae73abf9119bb7b1dff3d8f9b3307c50de8989669398a5f6d8dc4323b81b6a1def5ee6c6e79

Download Submit
C:\Users\Admin\AppData\Local\Temp\windowsdesktop-runtime-6.0.15-win-x64.exe

Filesize
54.7MB

MD5
1a6d60add2d112dd73e83fb46dca474d

SHA1
8b374a54f508cfdb8c8176bfaef96f37edf7170b

SHA256
aa0c922c9c65f11b75747343b4711a0bdc8dc8ac1bd38da7c3ecd01ce28c8545

SHA512
49192c5141bb04dc19483e8b1adec9c6f56fa54ef8c55e2f4fa4aae73abf9119bb7b1dff3d8f9b3307c50de8989669398a5f6d8dc4323b81b6a1def5ee6c6e79

Download Submit
C:\Windows\Installer\MSI1A9A.tmp

Filesize
225KB

MD5
d711da8a6487aea301e05003f327879f

SHA1
548d3779ed3ab7309328f174bfb18d7768d27747

SHA256
3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

SHA512
c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

Download Submit
C:\Windows\Installer\MSI23D4.tmp

Filesize
225KB

MD5
d711da8a6487aea301e05003f327879f

SHA1
548d3779ed3ab7309328f174bfb18d7768d27747

SHA256
3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

SHA512
c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

Download Submit
C:\Windows\Installer\MSI2B78.tmp

Filesize
225KB

MD5
d711da8a6487aea301e05003f327879f

SHA1
548d3779ed3ab7309328f174bfb18d7768d27747

SHA256
3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

SHA512
c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

Download Submit
C:\Windows\Installer\MSI2B78.tmp

Filesize
225KB

MD5
d711da8a6487aea301e05003f327879f

SHA1
548d3779ed3ab7309328f174bfb18d7768d27747

SHA256
3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

SHA512
c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

Download Submit
C:\Windows\Installer\MSI4B8C.tmp

Filesize
225KB

MD5
d711da8a6487aea301e05003f327879f

SHA1
548d3779ed3ab7309328f174bfb18d7768d27747

SHA256
3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

SHA512
c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

Download Submit
C:\Windows\Installer\f770488.msi

Filesize
25.7MB

MD5
0fda2bb0ba0c1dd265e9540265a035b7

SHA1
03461f9f268e5ec0a997990c05b16086a03505dc

SHA256
bb994af42653ab3738ea3b689f6870c2549f6f170f23a1a8a161c7e02ccec9b1

SHA512
acdcb21c4ac6587b7a7cc43078a075f2f06d71823ace65e175611e0ef8af2bc7c753b7618447ba6d9f24cbea63cf582bcd5f71ca3b7a79066ca6cd61c43ed7d6

Download Submit
C:\Windows\Installer\f770489.msi

Filesize
804KB

MD5
5dce0ef6b5d0bd2b850106a22b5e0264

SHA1
263cfbd815de6b877d084ab4b3d2f878d71c9b1f

SHA256
c98010f7c473bdb2a182e61aae35a20c044006fee26ffb378346cbdf255d2736

SHA512
fc7297d142cf8d0247ac86732182a031e819a4fc41b034d1b9a7dba5cdb56d73e158dd57132b6a083b3f6184859b4dca4a1a21205f6d11b2be6ca3913e89891b

Download Submit
C:\Windows\Installer\f77049a.msi

Filesize
28.5MB

MD5
6ec2d8f7944d0766603fa3b043fe2410

SHA1
000a79c4792abbfdf65ca3b5367b7a3b02146732

SHA256
619074e13358e2c259086bf306083229ae8d3472187bc755951413858949cb68

SHA512
4f86befae9a437985e4ae491f416b0c06a72344ffccfb00c325e91d48244b46edee784003c0a519bc39fdb14409d949c7fe7cde7f51b3479d504c61d88f6371b

Download Submit
C:\Windows\Installer\f7704a0.msi

Filesize
23.3MB

MD5
e79bada7cb5640f0c5c486a63fcfb75d

SHA1
b8c1fdadebd64a237ba63676e45c4702f998278b

SHA256
7d585a27e8fe15388570ea170765651189bad6ad7d2d84b6c252bf950784e516

SHA512
950f938fee3ae3328ad69ebc39e515fd0473753b1266a0f5a4c2354235526a6865661648990f90f844a4e493cef8c4b42495626e7ea8912442579ccfd3c7af36

Download Submit
C:\Windows\Installer\f7704e8.msi

Filesize
3.0MB

MD5
d058ba14c23a55a07e639470d5594017

SHA1
b99a4598362a0034e62564eb515f310e3dabbbef

SHA256
a1b0e104219780c14c5067dcc3edd03b5204306bd6c4e882f10ded3a5d58e6b8

SHA512
3b97b280893dbce7b01bdff2c51e20de7a48ee850fab9da16bcd2bc23b29a38f1d37c1a7215a73f4d4a65a6dc3f9f4469c2a02268a8fa3b416ca3fe0dd0f40d5

Download Submit
C:\Windows\Temp\{2EFFEF5E-D9A4-4494-BD11-2B1E33B5EFE0}\.cr\dotnet-sdk-6.0.405-win-x64.exe

Filesize
610KB

MD5
c829733fccac1d023514b6a56647d461

SHA1
eae92bb4711c6d9e1e19ebe79b3afc2de7dfabec

SHA256
fec2580479532e2a36b75e9e4d14835be00e1fb65f43166ee4b4660aae13f2bc

SHA512
dd7f1299ba1db1c3ada0110dc75e91d5b68731fae7261b6c06f330354653e1ca1e8dde2150d34843b76c4066d2328fbac18f0b9ba989446c29c86ac38f507706

Download Submit
C:\Windows\Temp\{2EFFEF5E-D9A4-4494-BD11-2B1E33B5EFE0}\.cr\dotnet-sdk-6.0.405-win-x64.exe

Filesize
610KB

MD5
c829733fccac1d023514b6a56647d461

SHA1
eae92bb4711c6d9e1e19ebe79b3afc2de7dfabec

SHA256
fec2580479532e2a36b75e9e4d14835be00e1fb65f43166ee4b4660aae13f2bc

SHA512
dd7f1299ba1db1c3ada0110dc75e91d5b68731fae7261b6c06f330354653e1ca1e8dde2150d34843b76c4066d2328fbac18f0b9ba989446c29c86ac38f507706

Download Submit
C:\Windows\Temp\{8276FCBF-0537-43D5-9A24-E661F51E8E9F}\.ba\wixstdba.dll

Filesize
197KB

MD5
4356ee50f0b1a878e270614780ddf095

SHA1
b5c0915f023b2e4ed3e122322abc40c4437909af

SHA256
41a8787fdc9467f563438daba4131191aa1eb588a81beb9a89fe8bd886c16104

SHA512
b9e482efe9189683dabfc9feff8b386d7eba4ecf070f42a1eebee6052cfb181a19497f831f1ea6429cfcce1d4865a5d279b24bd738d702902e9887bb9f0c4691

Download Submit
C:\Windows\Temp\{8276FCBF-0537-43D5-9A24-E661F51E8E9F}\.be\dotnet-sdk-6.0.413-win-x86.exe

Filesize
610KB

MD5
c829733fccac1d023514b6a56647d461

SHA1
eae92bb4711c6d9e1e19ebe79b3afc2de7dfabec

SHA256
fec2580479532e2a36b75e9e4d14835be00e1fb65f43166ee4b4660aae13f2bc

SHA512
dd7f1299ba1db1c3ada0110dc75e91d5b68731fae7261b6c06f330354653e1ca1e8dde2150d34843b76c4066d2328fbac18f0b9ba989446c29c86ac38f507706

Download Submit
C:\Windows\Temp\{8276FCBF-0537-43D5-9A24-E661F51E8E9F}\.be\dotnet-sdk-6.0.413-win-x86.exe

Filesize
610KB

MD5
c829733fccac1d023514b6a56647d461

SHA1
eae92bb4711c6d9e1e19ebe79b3afc2de7dfabec

SHA256
fec2580479532e2a36b75e9e4d14835be00e1fb65f43166ee4b4660aae13f2bc

SHA512
dd7f1299ba1db1c3ada0110dc75e91d5b68731fae7261b6c06f330354653e1ca1e8dde2150d34843b76c4066d2328fbac18f0b9ba989446c29c86ac38f507706

Download Submit
C:\Windows\Temp\{8276FCBF-0537-43D5-9A24-E661F51E8E9F}\.be\dotnet-sdk-6.0.413-win-x86.exe

Filesize
610KB

MD5
c829733fccac1d023514b6a56647d461

SHA1
eae92bb4711c6d9e1e19ebe79b3afc2de7dfabec

SHA256
fec2580479532e2a36b75e9e4d14835be00e1fb65f43166ee4b4660aae13f2bc

SHA512
dd7f1299ba1db1c3ada0110dc75e91d5b68731fae7261b6c06f330354653e1ca1e8dde2150d34843b76c4066d2328fbac18f0b9ba989446c29c86ac38f507706

Download Submit
C:\Windows\Temp\{8276FCBF-0537-43D5-9A24-E661F51E8E9F}\AspNetCoreSharedFramework_x86

Filesize
7.5MB

MD5
759608b8db045afb303c4f66dca422b0

SHA1
f0536b100dfaec1e7de7c8c35ca7c7ad5ae6e779

SHA256
2035e3187d8b8369167ebf3e96c84f68639875eeaae7fd743379d0f4fc2eb30b

SHA512
25d6b772650a87bf428c7e1517f09876c2da789d53c4259d9a064d9f682e739226f37cc7d420653573f5fd898b0a0b6b23abef94406497bbd55852cbf7298447

Download Submit
C:\Windows\Temp\{8276FCBF-0537-43D5-9A24-E661F51E8E9F}\Finalizer

Filesize
130KB

MD5
1ec0ef0eb7860f069bda682b0e74df8d

SHA1
12ffab75565303e970e27218efeeb364b3ecdd18

SHA256
2f6948e63b4c8e4493b32dedcaad3d871bd86940e160435bb794fb9be12e2001

SHA512
9964a24217aaf610f1bcd85ef246d9f361313090e1acddc5eaee7b2e241fc441b2ddcdb305e3cbc5591a0c6566856291ff549aab1e09c8b7acf45482df1cb71b

Download Submit
C:\Windows\Temp\{8276FCBF-0537-43D5-9A24-E661F51E8E9F}\Microsoft.NET.Sdk.Android.Manifest_6.0.300.32.0.301_x86.msi

Filesize
420KB

MD5
a4b79c3af25e4ff3125e872bbe8abece

SHA1
d72feb62deb1585f9743312fd3d4160706aeb4ce

SHA256
187d2afab3e747f49d9afc4e720e312f098194760517adcd822ce6f18bd30bc6

SHA512
42bd976aff2fde5cf4d06ec314efead67715cc34c8635669d89712a743a9ac6a4da5de5fddd9e682fc72a458e5b7d38c8ce8a80b6fb12b74e72c8536473433e6

Download Submit
C:\Windows\Temp\{8276FCBF-0537-43D5-9A24-E661F51E8E9F}\Microsoft.NET.Sdk.MacCatalyst.Manifest_6.0.300.15.4.303_x86.msi

Filesize
420KB

MD5
a5979d34f92f39d27a21d8163583862e

SHA1
1203352b2c68f873648a3ebbad6b83cbe00a0822

SHA256
9f9a931214de020a6be34633bf9f5e22d616ad7aaa10563144cdf8189c4bb17e

SHA512
b0cfa77b9f207ed25e8dc17e7922b3b5f6eb419f3a393eb7505a6a9800fdb6a8eda568efcaa7c89d6cf52af024277158242f59563ce0396280c90a2c0dc57feb

Download Submit
C:\Windows\Temp\{8276FCBF-0537-43D5-9A24-E661F51E8E9F}\Microsoft.NET.Sdk.Maui.Manifest_6.0.300.6.0.312_x86.msi

Filesize
420KB

MD5
6f5959cc42f66fbb3c5bc7856d591f29

SHA1
02ebb209d3d9fbd29e284251722af4e7073b2d3d

SHA256
dd042000735f13c2e801545259be3a3476425e834684a46590bdfefc51062c40

SHA512
e45c24ced44317769b1ceff4433f97932c0fedcc4d6553c5e63e8c554cccf014b4d50d793075ca9dfde976328e51470bec50df41a40d4407a991d38f59e77be7

Download Submit
C:\Windows\Temp\{8276FCBF-0537-43D5-9A24-E661F51E8E9F}\Microsoft.NET.Sdk.iOS.Manifest_6.0.300.15.4.303_x86.msi

Filesize
420KB

MD5
4e4d26193bd7adf82dba0ad97ec8f5d2

SHA1
c9ac4301dc31d9888cd65f15aa2fe9e110a59209

SHA256
86ef7bfcfbae9b65d940db6cb03b53a1b69c911d1d1d57bd6e082a4f97723135

SHA512
c77078e499c249c738946edb9bc52577e3df56a067da15e5d5f24bf855cf9acda7ac377a35ac184498c6751fbf4ee552b8b4b6744a297f9c60a7da73059a9343

Download Submit
C:\Windows\Temp\{8276FCBF-0537-43D5-9A24-E661F51E8E9F}\Microsoft.NET.Sdk.macOS.Manifest_6.0.300.12.3.303_x86.msi

Filesize
420KB

MD5
6502d3138e23891187d2cac987115455

SHA1
04ce69246bb3d55b3ae2e4b134c52f89a8d628d0

SHA256
c3e228e66e5a8d9cce4f65cffde235b328272a7b098a4af7d83d413af9e8a027

SHA512
a6701bc008692b6c775e316a12bfd3ff3932afbdc735402e36f5486cba99569e03676420869abcb124c1c6dd7a848f455a8cf3ebfda60659931893a7d42db5f9

Download Submit
C:\Windows\Temp\{8276FCBF-0537-43D5-9A24-E661F51E8E9F}\Microsoft.NET.Sdk.tvOS.Manifest_6.0.300.15.4.303_x86.msi

Filesize
420KB

MD5
838989470eade37ee5a7674f582f494e

SHA1
80bda03eff3f223cd50b6f747a19edd1e047ebfd

SHA256
71d07c2a35b4cff43e46989c21c1a682a016c2ff9d5cafbac911e061868bab05

SHA512
92c5850eec4d9d06678e23f2f1e926873a797dbd74472992c238e3b6b7184812581f594406c5b070fc4ccde1d01ed1cd3aa4d51a106a2f803602a4cec332da36

Download Submit
C:\Windows\Temp\{8276FCBF-0537-43D5-9A24-E661F51E8E9F}\aspnetcore_targeting_pack_6.0.21_servicing.23364.38_win_x86.msi

Filesize
2.2MB

MD5
f846d2bd240a812ef7735f1af9a0d7a0

SHA1
ede9a3627e6e761739d3c6180fd7595f9fa6124f

SHA256
5008ada911bf5596fb526cec3c449ff58d61761d66b6ba4bb42ef1e6ae9422fa

SHA512
eb8b2a3b86dc9a3ff55c4a6db198e583011cb039d30dc9d131463ba8492cdfbf8f6f64d4258e9050d73180460b5b3e99413bd4f4fd2513f9239689f8b17ff367

Download Submit
C:\Windows\Temp\{8276FCBF-0537-43D5-9A24-E661F51E8E9F}\dotnet_60templates_6.0.413_servicing.23367.26_win_x86.msi

Filesize
3.0MB

MD5
d058ba14c23a55a07e639470d5594017

SHA1
b99a4598362a0034e62564eb515f310e3dabbbef

SHA256
a1b0e104219780c14c5067dcc3edd03b5204306bd6c4e882f10ded3a5d58e6b8

SHA512
3b97b280893dbce7b01bdff2c51e20de7a48ee850fab9da16bcd2bc23b29a38f1d37c1a7215a73f4d4a65a6dc3f9f4469c2a02268a8fa3b416ca3fe0dd0f40d5

Download Submit
C:\Windows\Temp\{8276FCBF-0537-43D5-9A24-E661F51E8E9F}\dotnet_apphost_pack_6.0.21_win_x86.msi

Filesize
4.7MB

MD5
4f0bfe81932134b8aab9b6092d7e26c2

SHA1
eee511b4cb2639de4773d2cbd9c6eaa92f30ec22

SHA256
27d80fb9a521647348b9512df69c0d1f2548e039528fa864a69f0a35d72a360d

SHA512
f75af8223eefb69fa71ae465aee18f17d1c4f26e1d6c9940f4fe6ad9e01d8e7b7012a5135eceb8778abf99cdda1f6a1b504f2eab4d8518ca0fdbaefdb09c0625

Download Submit
C:\Windows\Temp\{8276FCBF-0537-43D5-9A24-E661F51E8E9F}\dotnet_apphost_pack_6.0.21_win_x86_arm.msi

Filesize
4.8MB

MD5
6999b5d640b5e194dc5e87abe05fb2ac

SHA1
d01e97273945b853b76a53ac657788269d2ffa10

SHA256
3bd2495165f4d325205b7e4f37fa0654a6ac12c65be7ebb515f12c5413859b8e

SHA512
9481dfeabcefb3446d9c54502b3537f2298926269da39c12c92ccc51c4bc6c73a79ac51b92fdbe7ae1e7be0bd47c7c4a192ba5bfd806adeb3a99d7a9037a8711

Download Submit
C:\Windows\Temp\{8276FCBF-0537-43D5-9A24-E661F51E8E9F}\dotnet_apphost_pack_6.0.21_win_x86_arm64.msi

Filesize
4.9MB

MD5
d1658a415473267e6c2233db17b78d93

SHA1
4b04f1994cd456437200816e13bb2fd7750f6f4b

SHA256
e643202cfe7c17c8efcfd3299a5e9f808204b4ec1029ec2a02fb3b6f995f65f1

SHA512
31953a50c60018d5e7d65885d88305a7703893e826ebd0d16ac171f72a4615206e6ea28243da2bfb73f4ffd09607852fdd74766446bd82814f5b460fc009174c

Download Submit
C:\Windows\Temp\{8276FCBF-0537-43D5-9A24-E661F51E8E9F}\dotnet_apphost_pack_6.0.21_win_x86_x64.msi

Filesize
5.3MB

MD5
6f227f38fb91d88c567e83a20f5440ce

SHA1
b2040a05f1f0814b8b1f44499d5cbc2c17db72c9

SHA256
702548b15947f0ee00c3f2ca46e1c1c0cea9005a485e2cb5b472024b51950e16

SHA512
a18cb0dbd9ecf486da9836417bb169b5584fc01fe1a64907c0ede8ec20341ed147793a1357479cd4dcd18445ebd24b07771f81e2672f65d400269d6cf41bb31e

Download Submit
C:\Windows\Temp\{8276FCBF-0537-43D5-9A24-E661F51E8E9F}\dotnet_host_6.0.21_win_x86.msi

Filesize
728KB

MD5
06a94b7b03fd6ddc6942959b0360551a

SHA1
6ec5e317599efa731ebd86a1fdca187391cd5f59

SHA256
837eb5ef21b543600c4dcd1905d7072e5ec88dd4ea7c177a9755df602f7aad97

SHA512
6c276e21070995f57ad2f31eeb4cdddd42e28dd1cd37405aa773883b567621c97077ef669f34dd357d15ffb3930c67b1a5950cc39ee7f78927002f3c8b2fbac8

Download Submit
C:\Windows\Temp\{8276FCBF-0537-43D5-9A24-E661F51E8E9F}\dotnet_hostfxr_6.0.21_win_x86.msi

Filesize
784KB

MD5
1da4c6997d53b4e057eacba87395c44c

SHA1
e62f066789d3494799b3b0edd6885e8b92e59f53

SHA256
13cda8492bbcbf19f0d09582e259eab6f7b934f74b1bfb50c4250a4e27d80fde

SHA512
e2c39964a116cb14833c83a3efe09d890c8c0cac963c007a477aaf8c181230ebcfc54412953816588ac932656982ebd667739fefc135869d848ebab0f789c83f

Download Submit
C:\Windows\Temp\{8276FCBF-0537-43D5-9A24-E661F51E8E9F}\dotnet_runtime_6.0.21_win_x86.msi

Filesize
23.3MB

MD5
e79bada7cb5640f0c5c486a63fcfb75d

SHA1
b8c1fdadebd64a237ba63676e45c4702f998278b

SHA256
7d585a27e8fe15388570ea170765651189bad6ad7d2d84b6c252bf950784e516

SHA512
950f938fee3ae3328ad69ebc39e515fd0473753b1266a0f5a4c2354235526a6865661648990f90f844a4e493cef8c4b42495626e7ea8912442579ccfd3c7af36

Download Submit
C:\Windows\Temp\{8276FCBF-0537-43D5-9A24-E661F51E8E9F}\dotnet_targeting_pack_6.0.21_win_x86.msi

Filesize
3.4MB

MD5
c9e8294ca0f5be8af4f9a01a75c00ad6

SHA1
52a4cd485e357ae3f11d42a98f89d5a100ade07c

SHA256
dfbed44a3da64c26738eb37f66160e06c6c0d42fb0927defdb1160ee4bc3b89f

SHA512
fd1ef66c737da5c4549ea85efff22a5bfb8c3d9d2134b97145a0a63f40de270908052e492e353f6a1dcee1e2a72e3430f3f47a3e57e78bd625c3e2a52579ee51

Download Submit
C:\Windows\Temp\{8276FCBF-0537-43D5-9A24-E661F51E8E9F}\netstandard_targeting_pack_2.1.0_win_x86.msi

Filesize
2.2MB

MD5
48c5e8790b27c069b2f7f711a77ced17

SHA1
bb5fd31397a04b7f9064572b49099582f559bc79

SHA256
dea4e3d5fc348cfc668f7caf89c3503ecb99e90405474efe36cfc4d72084245b

SHA512
6d8ed59bc050ec94ab400ccf37aec74dab80d517a3e5a5f0deb6693005f4eedf0c1dcced0ec85febd72f7fd82aac7c7516a542095e20c5120c591d05ab393ff2

Download Submit
C:\Windows\Temp\{8276FCBF-0537-43D5-9A24-E661F51E8E9F}\windowsdesktop_runtime_6.0.21_win_x86.msi

Filesize
25.9MB

MD5
cbf54c4b5d6933adecb71a52a339b803

SHA1
cba937a79a0213883e8a121d8c78df908407d0b8

SHA256
f0818f42c0fd0ef871584232e6b7ced40b42860fb9dcdbf836cecfbb183ca278

SHA512
34ef525c7be386772081ab6f8e4336138f26c3014c371fbb82bcbddfa05b51d0742f3a9b8853a29acafe283d47386d32e76b904ae6d99f4c56eb6558b17d2f4c

Download Submit
C:\Windows\Temp\{8276FCBF-0537-43D5-9A24-E661F51E8E9F}\windowsdesktop_targeting_pack_6.0.21_win_x86.msi

Filesize
3.2MB

MD5
301ecae747b29905894719430a79d2a8

SHA1
2f3a35247dc66e3eed74ed925547005bf99a1ef8

SHA256
8110a0aebcaa8b36f35bf9eac28c7b5975cd0cbc509123782755192ee099d47a

SHA512
0bf1f4f69a4c685816fe5adfe11df3e2406a5e636538dbc00a0ec2676eade309cd580bdfdc235fa5dd8cfae43793d13e8b362a1b14e40476fe130dfffa50d4c7

Download Submit
C:\Windows\Temp\{D241605F-3653-47FE-9292-671872692FF5}\.ba\bg.png

Filesize
4KB

MD5
9eb0320dfbf2bd541e6a55c01ddc9f20

SHA1
eb282a66d29594346531b1ff886d455e1dcd6d99

SHA256
9095bf7b6baa0107b40a4a6d727215be077133a190f4ca9bd89a176842141e79

SHA512
9ada3a1757a493fbb004bd767fab8f77430af69d71479f340b8b8ede904cc94cd733700db593a4a2d2e1184c0081fd0648318d867128e1cb461021314990931d

Download Submit
C:\Windows\Temp\{D241605F-3653-47FE-9292-671872692FF5}\.be\windowsdesktop-runtime-6.0.21-win-x64.exe

Filesize
610KB

MD5
ff67a2a55ed6998ab527273d547fc00f

SHA1
852712b95ca05de8f336f07ff9ac672281b91215

SHA256
71dc12e39274b7a94f1a44b1ebe1a1507adf9884db5fdcd4cd9346b4c9fbe0c9

SHA512
48eb6bcb087d23ffb4e85501d23e55a4a15e8e0d2b4ca402a46df5946640f7e33c47deb785142af0fbc8cb10b6f9731500a370168cb43fd02642b29a880151d9

Download Submit
C:\Windows\Temp\{D241605F-3653-47FE-9292-671872692FF5}\.be\windowsdesktop-runtime-6.0.21-win-x64.exe

Filesize
610KB

MD5
ff67a2a55ed6998ab527273d547fc00f

SHA1
852712b95ca05de8f336f07ff9ac672281b91215

SHA256
71dc12e39274b7a94f1a44b1ebe1a1507adf9884db5fdcd4cd9346b4c9fbe0c9

SHA512
48eb6bcb087d23ffb4e85501d23e55a4a15e8e0d2b4ca402a46df5946640f7e33c47deb785142af0fbc8cb10b6f9731500a370168cb43fd02642b29a880151d9

Download Submit
C:\Windows\Temp\{D241605F-3653-47FE-9292-671872692FF5}\.be\windowsdesktop-runtime-6.0.21-win-x64.exe

Filesize
610KB

MD5
ff67a2a55ed6998ab527273d547fc00f

SHA1
852712b95ca05de8f336f07ff9ac672281b91215

SHA256
71dc12e39274b7a94f1a44b1ebe1a1507adf9884db5fdcd4cd9346b4c9fbe0c9

SHA512
48eb6bcb087d23ffb4e85501d23e55a4a15e8e0d2b4ca402a46df5946640f7e33c47deb785142af0fbc8cb10b6f9731500a370168cb43fd02642b29a880151d9

Download Submit
C:\Windows\Temp\{D241605F-3653-47FE-9292-671872692FF5}\dotnet_host_6.0.21_win_x64.msi

Filesize
736KB

MD5
12b8c5914e56f4bd933c8490f7f6cd45

SHA1
2ec135cdd97adbcfe7decb04f1a5e95b6f0614e3

SHA256
3b83682de5bfeabde75ffc34330f470df11ce5e62c2509c50b3e48e35130fa51

SHA512
ecc9ddd52d097ca6f643f7ce78399b01d37e776e30abb8b82b6278711716e6893528340b6719f8287848931759ae41427c252cb00df97742583dbe5d7ea4277a

Download Submit
C:\Windows\Temp\{D241605F-3653-47FE-9292-671872692FF5}\dotnet_hostfxr_6.0.21_win_x64.msi

Filesize
804KB

MD5
5dce0ef6b5d0bd2b850106a22b5e0264

SHA1
263cfbd815de6b877d084ab4b3d2f878d71c9b1f

SHA256
c98010f7c473bdb2a182e61aae35a20c044006fee26ffb378346cbdf255d2736

SHA512
fc7297d142cf8d0247ac86732182a031e819a4fc41b034d1b9a7dba5cdb56d73e158dd57132b6a083b3f6184859b4dca4a1a21205f6d11b2be6ca3913e89891b

Download Submit
C:\Windows\Temp\{D241605F-3653-47FE-9292-671872692FF5}\dotnet_runtime_6.0.21_win_x64.msi

Filesize
25.7MB

MD5
0fda2bb0ba0c1dd265e9540265a035b7

SHA1
03461f9f268e5ec0a997990c05b16086a03505dc

SHA256
bb994af42653ab3738ea3b689f6870c2549f6f170f23a1a8a161c7e02ccec9b1

SHA512
acdcb21c4ac6587b7a7cc43078a075f2f06d71823ace65e175611e0ef8af2bc7c753b7618447ba6d9f24cbea63cf582bcd5f71ca3b7a79066ca6cd61c43ed7d6

Download Submit
C:\Windows\Temp\{D241605F-3653-47FE-9292-671872692FF5}\windowsdesktop_runtime_6.0.21_win_x64.msi

Filesize
28.5MB

MD5
6ec2d8f7944d0766603fa3b043fe2410

SHA1
000a79c4792abbfdf65ca3b5367b7a3b02146732

SHA256
619074e13358e2c259086bf306083229ae8d3472187bc755951413858949cb68

SHA512
4f86befae9a437985e4ae491f416b0c06a72344ffccfb00c325e91d48244b46edee784003c0a519bc39fdb14409d949c7fe7cde7f51b3479d504c61d88f6371b

Download Submit
C:\Windows\Temp\{F2F99748-7F30-4C8A-903D-4133F205B5F8}\.cr\windowsdesktop-runtime-6.0.15-win-x64.exe

Filesize
610KB

MD5
ff67a2a55ed6998ab527273d547fc00f

SHA1
852712b95ca05de8f336f07ff9ac672281b91215

SHA256
71dc12e39274b7a94f1a44b1ebe1a1507adf9884db5fdcd4cd9346b4c9fbe0c9

SHA512
48eb6bcb087d23ffb4e85501d23e55a4a15e8e0d2b4ca402a46df5946640f7e33c47deb785142af0fbc8cb10b6f9731500a370168cb43fd02642b29a880151d9

Download Submit
C:\Windows\Temp\{F2F99748-7F30-4C8A-903D-4133F205B5F8}\.cr\windowsdesktop-runtime-6.0.15-win-x64.exe

Filesize
610KB

MD5
ff67a2a55ed6998ab527273d547fc00f

SHA1
852712b95ca05de8f336f07ff9ac672281b91215

SHA256
71dc12e39274b7a94f1a44b1ebe1a1507adf9884db5fdcd4cd9346b4c9fbe0c9

SHA512
48eb6bcb087d23ffb4e85501d23e55a4a15e8e0d2b4ca402a46df5946640f7e33c47deb785142af0fbc8cb10b6f9731500a370168cb43fd02642b29a880151d9

Download Submit
C:\Windows\WindowsUpdate.log

Filesize
16KB

MD5
979f8900615b26af0006d67f48268c6e

SHA1
143af3e335f2bdf6f980de27a489edd7b6ca810e

SHA256
931a04bbdcfbf1cd1d30d7fb5a7c9891a0470cd8d74d7304cb86c35430b63f66

SHA512
34c23257cb0c042117ddc7148f41dcb811565ce1010d6bcd5f49d6a4a363d79aa06ba699f43842dde2aff00215307ad9ab6837cbf8630e66c5dff5cd8a83c8e4

Download Submit
\Program Files\dotnet\dotnet.exe

Filesize
133KB

MD5
54a71118efdb67dbbe816765908b6cf4

SHA1
10d2e20e4042f91cdadd0a5bc1e09b9ea79eb88a

SHA256
d2607dbc6c95c252baaba299b659f156b388c6130ac846f79eb4c768f91a019f

SHA512
77a4a33340f5ac8b5eb7f690526bbc1fa31f6855354c98c44ff77b92fd6f560a15405bb22e747c217bb8343dc7b9390d0ff25ed8b405a95f601dc06222bbc000

Download Submit
\Program Files\dotnet\dotnet.exe

Filesize
133KB

MD5
54a71118efdb67dbbe816765908b6cf4

SHA1
10d2e20e4042f91cdadd0a5bc1e09b9ea79eb88a

SHA256
d2607dbc6c95c252baaba299b659f156b388c6130ac846f79eb4c768f91a019f

SHA512
77a4a33340f5ac8b5eb7f690526bbc1fa31f6855354c98c44ff77b92fd6f560a15405bb22e747c217bb8343dc7b9390d0ff25ed8b405a95f601dc06222bbc000

Download Submit
\Users\Admin\AppData\Local\Temp\.net\NovaInstaller\uWcU5_6FXSwQ4UMNThCcNYZC4UGolsg=\D3DCompiler_47_cor3.dll

Filesize
4.7MB

MD5
2191e768cc2e19009dad20dc999135a3

SHA1
f49a46ba0e954e657aaed1c9019a53d194272b6a

SHA256
7353f25dc5cf84d09894e3e0461cef0e56799adbc617fce37620ca67240b547d

SHA512
5adcb00162f284c16ec78016d301fc11559dd0a781ffbeff822db22efbed168b11d7e5586ea82388e9503b0c7d3740cf2a08e243877f5319202491c8a641c970

Download Submit
\Users\Admin\AppData\Local\Temp\.net\NovaInstaller\uWcU5_6FXSwQ4UMNThCcNYZC4UGolsg=\PresentationNative_cor3.dll

Filesize
1.2MB

MD5
c7bcc68b81e965fe74ef58d503c58deb

SHA1
99990f204f7318eeb8de6f9664ebcd0d42ea81b7

SHA256
06cb4da78f5cfddece86329241a2af9d6390ce1082b02f7db2e3bf320215a23e

SHA512
cab2bc27eca0ee097324a2471c8228f1723cfef5df9971359eec7710082c122b26a7aa1d1e6faab75389438a358bbff2973ad67e8dd9046455b4c4ac880d858c

Download Submit
\Users\Admin\AppData\Local\Temp\.net\NovaInstaller\uWcU5_6FXSwQ4UMNThCcNYZC4UGolsg=\wpfgfx_cor3.dll

Filesize
1.9MB

MD5
1b01746fe61beb761a643050823190b0

SHA1
927b12e4a733bcc51545c6a005838a24b8dc4dda

SHA256
f8c4d6eb1cfa9c5b6fb322a0c818a4f5d5ee44043c259e0262c0460513953fb8

SHA512
83eeb187e554588a5a4efbce0fcb7e9c30e718ec9f6d797a7add28036e3d4506cd3e78386522467d7ac967a60ac509a23edd79a1b9032a7e230d980b9f36080a

Download Submit
\Windows\Installer\MSI1A9A.tmp

Filesize
225KB

MD5
d711da8a6487aea301e05003f327879f

SHA1
548d3779ed3ab7309328f174bfb18d7768d27747

SHA256
3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

SHA512
c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

Download Submit
\Windows\Installer\MSI23D4.tmp

Filesize
225KB

MD5
d711da8a6487aea301e05003f327879f

SHA1
548d3779ed3ab7309328f174bfb18d7768d27747

SHA256
3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

SHA512
c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

Download Submit
\Windows\Installer\MSI2B78.tmp

Filesize
225KB

MD5
d711da8a6487aea301e05003f327879f

SHA1
548d3779ed3ab7309328f174bfb18d7768d27747

SHA256
3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

SHA512
c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

Download Submit
\Windows\Installer\MSI4B8C.tmp

Filesize
225KB

MD5
d711da8a6487aea301e05003f327879f

SHA1
548d3779ed3ab7309328f174bfb18d7768d27747

SHA256
3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

SHA512
c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

Download Submit
\Windows\Temp\{2EFFEF5E-D9A4-4494-BD11-2B1E33B5EFE0}\.cr\dotnet-sdk-6.0.405-win-x64.exe

Filesize
610KB

MD5
c829733fccac1d023514b6a56647d461

SHA1
eae92bb4711c6d9e1e19ebe79b3afc2de7dfabec

SHA256
fec2580479532e2a36b75e9e4d14835be00e1fb65f43166ee4b4660aae13f2bc

SHA512
dd7f1299ba1db1c3ada0110dc75e91d5b68731fae7261b6c06f330354653e1ca1e8dde2150d34843b76c4066d2328fbac18f0b9ba989446c29c86ac38f507706

Download Submit
\Windows\Temp\{8276FCBF-0537-43D5-9A24-E661F51E8E9F}\.ba\wixstdba.dll

Filesize
197KB

MD5
4356ee50f0b1a878e270614780ddf095

SHA1
b5c0915f023b2e4ed3e122322abc40c4437909af

SHA256
41a8787fdc9467f563438daba4131191aa1eb588a81beb9a89fe8bd886c16104

SHA512
b9e482efe9189683dabfc9feff8b386d7eba4ecf070f42a1eebee6052cfb181a19497f831f1ea6429cfcce1d4865a5d279b24bd738d702902e9887bb9f0c4691

Download Submit
\Windows\Temp\{8276FCBF-0537-43D5-9A24-E661F51E8E9F}\.be\dotnet-sdk-6.0.413-win-x86.exe

Filesize
610KB

MD5
c829733fccac1d023514b6a56647d461

SHA1
eae92bb4711c6d9e1e19ebe79b3afc2de7dfabec

SHA256
fec2580479532e2a36b75e9e4d14835be00e1fb65f43166ee4b4660aae13f2bc

SHA512
dd7f1299ba1db1c3ada0110dc75e91d5b68731fae7261b6c06f330354653e1ca1e8dde2150d34843b76c4066d2328fbac18f0b9ba989446c29c86ac38f507706

Download Submit
\Windows\Temp\{D241605F-3653-47FE-9292-671872692FF5}\.ba\wixstdba.dll

Filesize
197KB

MD5
4356ee50f0b1a878e270614780ddf095

SHA1
b5c0915f023b2e4ed3e122322abc40c4437909af

SHA256
41a8787fdc9467f563438daba4131191aa1eb588a81beb9a89fe8bd886c16104

SHA512
b9e482efe9189683dabfc9feff8b386d7eba4ecf070f42a1eebee6052cfb181a19497f831f1ea6429cfcce1d4865a5d279b24bd738d702902e9887bb9f0c4691

Download Submit
\Windows\Temp\{D241605F-3653-47FE-9292-671872692FF5}\.be\windowsdesktop-runtime-6.0.21-win-x64.exe

Filesize
610KB

MD5
ff67a2a55ed6998ab527273d547fc00f

SHA1
852712b95ca05de8f336f07ff9ac672281b91215

SHA256
71dc12e39274b7a94f1a44b1ebe1a1507adf9884db5fdcd4cd9346b4c9fbe0c9

SHA512
48eb6bcb087d23ffb4e85501d23e55a4a15e8e0d2b4ca402a46df5946640f7e33c47deb785142af0fbc8cb10b6f9731500a370168cb43fd02642b29a880151d9

Download Submit
\Windows\Temp\{F2F99748-7F30-4C8A-903D-4133F205B5F8}\.cr\windowsdesktop-runtime-6.0.15-win-x64.exe

Filesize
610KB

MD5
ff67a2a55ed6998ab527273d547fc00f

SHA1
852712b95ca05de8f336f07ff9ac672281b91215

SHA256
71dc12e39274b7a94f1a44b1ebe1a1507adf9884db5fdcd4cd9346b4c9fbe0c9

SHA512
48eb6bcb087d23ffb4e85501d23e55a4a15e8e0d2b4ca402a46df5946640f7e33c47deb785142af0fbc8cb10b6f9731500a370168cb43fd02642b29a880151d9

Download Submit
memory/2588-5-0x0000000180000000-0x0000000180A25000-memory.dmp

Filesize
10.1MB

Download
memory/2588-45-0x0000000002100000-0x0000000002116000-memory.dmp

Filesize
88KB

Download
memory/2588-126-0x0000000022FE0000-0x0000000022FEA000-memory.dmp

Filesize
40KB

Download
memory/2588-72-0x0000000025EF0000-0x000000002670C000-memory.dmp

Filesize
8.1MB

Download
memory/2588-69-0x00000000228A0000-0x00000000228CA000-memory.dmp

Filesize
168KB

Download
memory/2588-66-0x0000000022DE0000-0x0000000022E27000-memory.dmp

Filesize
284KB

Download
memory/2588-60-0x00000000233D0000-0x00000000234C4000-memory.dmp

Filesize
976KB

Download
memory/2588-125-0x0000000022FE0000-0x0000000022FEA000-memory.dmp

Filesize
40KB

Download
memory/2588-63-0x0000000001E90000-0x0000000001E98000-memory.dmp

Filesize
32KB

Download
memory/2588-184-0x000000013FF30000-0x000000014085D000-memory.dmp

Filesize
9.2MB

Download
memory/2588-54-0x0000000022880000-0x0000000022892000-memory.dmp

Filesize
72KB

Download
memory/2588-48-0x00000000228D0000-0x0000000022910000-memory.dmp

Filesize
256KB

Download
memory/2588-51-0x0000000002120000-0x0000000002138000-memory.dmp

Filesize
96KB

Download
memory/2588-277-0x0000000022FE0000-0x0000000022FEA000-memory.dmp

Filesize
40KB

Download
memory/2588-33-0x00000000003B0000-0x00000000003B5000-memory.dmp

Filesize
20KB

Download
memory/2588-39-0x00000000003C0000-0x00000000003C7000-memory.dmp

Filesize
28KB

Download
memory/2588-42-0x0000000002040000-0x0000000002059000-memory.dmp

Filesize
100KB

Download
memory/2588-36-0x0000000002020000-0x0000000002033000-memory.dmp

Filesize
76KB

Download
memory/2588-27-0x0000000022D00000-0x0000000022D7F000-memory.dmp

Filesize
508KB

Download
memory/2588-30-0x00000000003A0000-0x00000000003AD000-memory.dmp

Filesize
52KB

Download
memory/2588-24-0x0000000024E80000-0x00000000256C2000-memory.dmp

Filesize
8.3MB

Download
memory/2588-18-0x0000000001E00000-0x0000000001E44000-memory.dmp

Filesize
272KB

Download
memory/2588-21-0x0000000001E50000-0x0000000001E8E000-memory.dmp

Filesize
248KB

Download
memory/2588-15-0x0000000022E70000-0x0000000022FCE000-memory.dmp

Filesize
1.4MB

Download
memory/2588-12-0x00000000231A0000-0x00000000233C8000-memory.dmp

Filesize
2.2MB

Download
memory/2588-8-0x0000000023EF0000-0x0000000024E78000-memory.dmp

Filesize
15.5MB

Download
memory/2588-9-0x000000013FF30000-0x000000014085D000-memory.dmp

Filesize
9.2MB

Download