hxxps://download[.]visualstudio[.]microsoft[.]com/download/pr/06239090-ba0c-46e2-ad3e-6491b877f481/c5e4ab5e344eb3bdc3630e7b5bc29cd7/windowsdesktop-runtime-6[.]0[.]21-win-x64[.]exe

Analysis

max time kernel
23s
max time network
55s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
15/11/2023, 18:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://download.visualstudio.microsoft.com/download/pr/06239090-ba0c-46e2-ad3e-6491b877f481/c5e4ab5e344eb3bdc3630e7b5bc29cd7/windowsdesktop-runtime-6.0.21-win-x64.exe

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 961949.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3540	msedge.exe
3540	msedge.exe
2172	msedge.exe
2172	msedge.exe
1592	identity_helper.exe
1592	identity_helper.exe
4896	msedge.exe
4896	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe

Suspicious use of FindShellTrayWindow 55 IoCs

pid	Process
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2172 wrote to memory of 2672	2172	msedge.exe	86
PID 2172 wrote to memory of 2672	2172	msedge.exe	86
PID 2172 wrote to memory of 208	2172	msedge.exe	89
PID 2172 wrote to memory of 208	2172	msedge.exe	89
PID 2172 wrote to memory of 208	2172	msedge.exe	89
PID 2172 wrote to memory of 208	2172	msedge.exe	89
PID 2172 wrote to memory of 208	2172	msedge.exe	89
PID 2172 wrote to memory of 208	2172	msedge.exe	89
PID 2172 wrote to memory of 208	2172	msedge.exe	89
PID 2172 wrote to memory of 208	2172	msedge.exe	89
PID 2172 wrote to memory of 208	2172	msedge.exe	89
PID 2172 wrote to memory of 208	2172	msedge.exe	89
PID 2172 wrote to memory of 208	2172	msedge.exe	89
PID 2172 wrote to memory of 208	2172	msedge.exe	89
PID 2172 wrote to memory of 208	2172	msedge.exe	89
PID 2172 wrote to memory of 208	2172	msedge.exe	89
PID 2172 wrote to memory of 208	2172	msedge.exe	89
PID 2172 wrote to memory of 208	2172	msedge.exe	89
PID 2172 wrote to memory of 208	2172	msedge.exe	89
PID 2172 wrote to memory of 208	2172	msedge.exe	89
PID 2172 wrote to memory of 208	2172	msedge.exe	89
PID 2172 wrote to memory of 208	2172	msedge.exe	89
PID 2172 wrote to memory of 208	2172	msedge.exe	89
PID 2172 wrote to memory of 208	2172	msedge.exe	89
PID 2172 wrote to memory of 208	2172	msedge.exe	89
PID 2172 wrote to memory of 208	2172	msedge.exe	89
PID 2172 wrote to memory of 208	2172	msedge.exe	89
PID 2172 wrote to memory of 208	2172	msedge.exe	89
PID 2172 wrote to memory of 208	2172	msedge.exe	89
PID 2172 wrote to memory of 208	2172	msedge.exe	89
PID 2172 wrote to memory of 208	2172	msedge.exe	89
PID 2172 wrote to memory of 208	2172	msedge.exe	89
PID 2172 wrote to memory of 208	2172	msedge.exe	89
PID 2172 wrote to memory of 208	2172	msedge.exe	89
PID 2172 wrote to memory of 208	2172	msedge.exe	89
PID 2172 wrote to memory of 208	2172	msedge.exe	89
PID 2172 wrote to memory of 208	2172	msedge.exe	89
PID 2172 wrote to memory of 208	2172	msedge.exe	89
PID 2172 wrote to memory of 208	2172	msedge.exe	89
PID 2172 wrote to memory of 208	2172	msedge.exe	89
PID 2172 wrote to memory of 208	2172	msedge.exe	89
PID 2172 wrote to memory of 208	2172	msedge.exe	89
PID 2172 wrote to memory of 3540	2172	msedge.exe	88
PID 2172 wrote to memory of 3540	2172	msedge.exe	88
PID 2172 wrote to memory of 4248	2172	msedge.exe	90
PID 2172 wrote to memory of 4248	2172	msedge.exe	90
PID 2172 wrote to memory of 4248	2172	msedge.exe	90
PID 2172 wrote to memory of 4248	2172	msedge.exe	90
PID 2172 wrote to memory of 4248	2172	msedge.exe	90
PID 2172 wrote to memory of 4248	2172	msedge.exe	90
PID 2172 wrote to memory of 4248	2172	msedge.exe	90
PID 2172 wrote to memory of 4248	2172	msedge.exe	90
PID 2172 wrote to memory of 4248	2172	msedge.exe	90
PID 2172 wrote to memory of 4248	2172	msedge.exe	90
PID 2172 wrote to memory of 4248	2172	msedge.exe	90
PID 2172 wrote to memory of 4248	2172	msedge.exe	90
PID 2172 wrote to memory of 4248	2172	msedge.exe	90
PID 2172 wrote to memory of 4248	2172	msedge.exe	90
PID 2172 wrote to memory of 4248	2172	msedge.exe	90
PID 2172 wrote to memory of 4248	2172	msedge.exe	90
PID 2172 wrote to memory of 4248	2172	msedge.exe	90
PID 2172 wrote to memory of 4248	2172	msedge.exe	90
PID 2172 wrote to memory of 4248	2172	msedge.exe	90
PID 2172 wrote to memory of 4248	2172	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://download.visualstudio.microsoft.com/download/pr/06239090-ba0c-46e2-ad3e-6491b877f481/c5e4ab5e344eb3bdc3630e7b5bc29cd7/windowsdesktop-runtime-6.0.21-win-x64.exe
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb6fe146f8,0x7ffb6fe14708,0x7ffb6fe14718
  2⤵
  PID:2672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,9701399301681682742,1702168816070456672,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,9701399301681682742,1702168816070456672,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
  2⤵
  PID:208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,9701399301681682742,1702168816070456672,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8
  2⤵
  PID:4248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9701399301681682742,1702168816070456672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9701399301681682742,1702168816070456672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:2296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2144,9701399301681682742,1702168816070456672,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5288 /prefetch:8
  2⤵
  PID:3956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9701399301681682742,1702168816070456672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9701399301681682742,1702168816070456672,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:1780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9701399301681682742,1702168816070456672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3864 /prefetch:1
  2⤵
  PID:3624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2144,9701399301681682742,1702168816070456672,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4676 /prefetch:8
  2⤵
  PID:3176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9701399301681682742,1702168816070456672,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9701399301681682742,1702168816070456672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
  2⤵
  PID:3584
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,9701399301681682742,1702168816070456672,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 /prefetch:8
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,9701399301681682742,1702168816070456672,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9701399301681682742,1702168816070456672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:3684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2144,9701399301681682742,1702168816070456672,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3452 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4896
- C:\Users\Admin\Downloads\windowsdesktop-runtime-6.0.21-win-x64.exe
  "C:\Users\Admin\Downloads\windowsdesktop-runtime-6.0.21-win-x64.exe"
  2⤵
  PID:3688
- - C:\Windows\Temp\{7C4BA050-7E56-465E-86FB-F8C9C253949F}\.cr\windowsdesktop-runtime-6.0.21-win-x64.exe
    "C:\Windows\Temp\{7C4BA050-7E56-465E-86FB-F8C9C253949F}\.cr\windowsdesktop-runtime-6.0.21-win-x64.exe" -burn.clean.room="C:\Users\Admin\Downloads\windowsdesktop-runtime-6.0.21-win-x64.exe" -burn.filehandle.attached=568 -burn.filehandle.self=576
    3⤵
    PID:5768
- C:\Users\Admin\Downloads\windowsdesktop-runtime-6.0.21-win-x64.exe
  "C:\Users\Admin\Downloads\windowsdesktop-runtime-6.0.21-win-x64.exe"
  2⤵
  PID:5160
- - C:\Windows\Temp\{CC204373-4713-48A0-ABAE-2A173D142599}\.cr\windowsdesktop-runtime-6.0.21-win-x64.exe
    "C:\Windows\Temp\{CC204373-4713-48A0-ABAE-2A173D142599}\.cr\windowsdesktop-runtime-6.0.21-win-x64.exe" -burn.clean.room="C:\Users\Admin\Downloads\windowsdesktop-runtime-6.0.21-win-x64.exe" -burn.filehandle.attached=544 -burn.filehandle.self=556
    3⤵
    PID:5616
- C:\Users\Admin\Downloads\windowsdesktop-runtime-6.0.21-win-x64.exe
  "C:\Users\Admin\Downloads\windowsdesktop-runtime-6.0.21-win-x64.exe"
  2⤵
  PID:5200
- - C:\Windows\Temp\{AF40A983-49C8-4F7A-A0C6-33BFB06230E2}\.cr\windowsdesktop-runtime-6.0.21-win-x64.exe
    "C:\Windows\Temp\{AF40A983-49C8-4F7A-A0C6-33BFB06230E2}\.cr\windowsdesktop-runtime-6.0.21-win-x64.exe" -burn.clean.room="C:\Users\Admin\Downloads\windowsdesktop-runtime-6.0.21-win-x64.exe" -burn.filehandle.attached=540 -burn.filehandle.self=548
    3⤵
    PID:5572
- C:\Users\Admin\Downloads\windowsdesktop-runtime-6.0.21-win-x64.exe
  "C:\Users\Admin\Downloads\windowsdesktop-runtime-6.0.21-win-x64.exe"
  2⤵
  PID:5352
- - C:\Windows\Temp\{347A4F3D-0E4C-4E17-9860-F4C80CEDCB86}\.cr\windowsdesktop-runtime-6.0.21-win-x64.exe
    "C:\Windows\Temp\{347A4F3D-0E4C-4E17-9860-F4C80CEDCB86}\.cr\windowsdesktop-runtime-6.0.21-win-x64.exe" -burn.clean.room="C:\Users\Admin\Downloads\windowsdesktop-runtime-6.0.21-win-x64.exe" -burn.filehandle.attached=540 -burn.filehandle.self=548
    3⤵
    PID:5608
- C:\Users\Admin\Downloads\windowsdesktop-runtime-6.0.21-win-x64.exe
  "C:\Users\Admin\Downloads\windowsdesktop-runtime-6.0.21-win-x64.exe"
  2⤵
  PID:5404
- - C:\Windows\Temp\{5816CEAB-C9A6-4DDC-BD4E-8D2A908967B4}\.cr\windowsdesktop-runtime-6.0.21-win-x64.exe
    "C:\Windows\Temp\{5816CEAB-C9A6-4DDC-BD4E-8D2A908967B4}\.cr\windowsdesktop-runtime-6.0.21-win-x64.exe" -burn.clean.room="C:\Users\Admin\Downloads\windowsdesktop-runtime-6.0.21-win-x64.exe" -burn.filehandle.attached=540 -burn.filehandle.self=548
    3⤵
    PID:5564
- C:\Users\Admin\Downloads\windowsdesktop-runtime-6.0.21-win-x64.exe
  "C:\Users\Admin\Downloads\windowsdesktop-runtime-6.0.21-win-x64.exe"
  2⤵
  PID:5468
- - C:\Windows\Temp\{6D837788-5764-4C01-A091-3212B37E4C9C}\.cr\windowsdesktop-runtime-6.0.21-win-x64.exe
    "C:\Windows\Temp\{6D837788-5764-4C01-A091-3212B37E4C9C}\.cr\windowsdesktop-runtime-6.0.21-win-x64.exe" -burn.clean.room="C:\Users\Admin\Downloads\windowsdesktop-runtime-6.0.21-win-x64.exe" -burn.filehandle.attached=540 -burn.filehandle.self=548
    3⤵
    PID:5580
  - - C:\Windows\Temp\{9ACDBDD4-4536-451C-8F9C-177116D82054}\.be\windowsdesktop-runtime-6.0.21-win-x64.exe
      "C:\Windows\Temp\{9ACDBDD4-4536-451C-8F9C-177116D82054}\.be\windowsdesktop-runtime-6.0.21-win-x64.exe" -q -burn.elevated BurnPipe.{4ECFDD63-136C-4822-BD02-6B4A81038FD6} {6983CC6E-6FDF-4515-A237-23CDFC492F6B} 5580
      4⤵
      PID:2436
- C:\Users\Admin\Downloads\windowsdesktop-runtime-6.0.21-win-x64.exe
  "C:\Users\Admin\Downloads\windowsdesktop-runtime-6.0.21-win-x64.exe"
  2⤵
  PID:5488
- - C:\Windows\Temp\{59C9126E-6BF5-43FB-85AE-3BF627BF7231}\.cr\windowsdesktop-runtime-6.0.21-win-x64.exe
    "C:\Windows\Temp\{59C9126E-6BF5-43FB-85AE-3BF627BF7231}\.cr\windowsdesktop-runtime-6.0.21-win-x64.exe" -burn.clean.room="C:\Users\Admin\Downloads\windowsdesktop-runtime-6.0.21-win-x64.exe" -burn.filehandle.attached=540 -burn.filehandle.self=548
    3⤵
    PID:5588

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5048

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2356

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
PID:5716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0629525c94f6548880f5f3a67846755e

SHA1
40ef667fc04bb1c0ae4bf2c17ded88594f0f4423

SHA256
812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee

SHA512
f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\2e845264-f4fb-4c1e-88ea-a11fac9f76c1.tmp

Filesize
5KB

MD5
83e0656793352f4c043260cd95bb33d6

SHA1
f625fa88fae402609f043a8c7284671413521e61

SHA256
39174b232cec734b85234547046465b8ee454b8ee21556216c500f2a81248655

SHA512
6e02c31dfce6f9ea6940df8785746e6e54b88c872a4f3690bce732ed4c68aba0e1e54dc262722315d68c3317540ecadc256a01b17d978a34ea1661f20e7780cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c6643ce80ff70253c441966f02575191

SHA1
921fcf2ace40bd03313df322717d2440fc43624e

SHA256
dd83269033a1c507e6259916380309f28065415098ab184357257f589161c326

SHA512
d9b89ddcd5568bef66768cd491e19acf5890df626c0b914f3cc2085064ad20a009b25fe24af3849230b61c08b3300c4aeb618d0adb0bd8dffb89ff99d3560f1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
fd20981c7184673929dfcab50885629b

SHA1
14c2437aad662b119689008273844bac535f946c

SHA256
28b7a1e7b492fff3e5268a6cd480721f211ceb6f2f999f3698b3b8cbd304bb22

SHA512
b99520bbca4d2b39f8bedb59944ad97714a3c9b8a87393719f1cbc40ed63c5834979f49346d31072c4d354c612ab4db9bf7f16e7c15d6802c9ea507d8c46af75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
57a09cb370a909204a7d2493ed211412

SHA1
549af932e0436de653a97170fbb9eac75453cce5

SHA256
391cb927a7a29c34d46283c7cfcb8f2abea821314c13b1ee56f02d4ec6d0ec33

SHA512
56fa89b3246ceb5e3b66cd2985438ffda47b4c4b2990878d516e4130487d23d4ab45b867622e97a46d8f0983f7792216cf2acd4b461801e96adcb619796d3c34

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_6.0.21_(x64)_20231115181409_000_dotnet_runtime_6.0.21_win_x64.msi.log

Filesize
4KB

MD5
7067d5d85fb7530b80bfd6034e957649

SHA1
60aef4d00e4d2707ef69eb476fa9dfef4b71e268

SHA256
b1dc54864b31d27e957a2d1d911e6f1ab2401b84c6692b38e6619a4b6ebe7887

SHA512
1db2157d32d75dad8043749b57183a3e6e4e38711621d08e30ffd070dc671082157d35ac0e91d16721150b9780eb84a954ca95a3bf20e3963f14833563881ead

Download Submit
C:\Users\Admin\Downloads\windowsdesktop-runtime-6.0.21-win-x64.exe

Filesize
54.4MB

MD5
60424ad616596b70f9f80110796b77dd

SHA1
81ce57839a032b0908954ee6d923bcf1460788da

SHA256
de2ae744c960f740cf9c4ec008d74d7b601feff582f4ca8084801231fa32567d

SHA512
4e71593f677595b567653cfd8a7b7fdbc14cfce60aa03a46f2c84aebb777852514036cf0410d7f0a92e8caac5f5d480c5febe427c261364b14d294c2b4b31c3b

Download Submit
C:\Users\Admin\Downloads\windowsdesktop-runtime-6.0.21-win-x64.exe

Filesize
53.5MB

MD5
872f58f6115b1ab95bf459aafda40bd7

SHA1
c826dcece8f7ca276cd51f11545f2e11aba78f22

SHA256
333e5dc6e573e1b793c71511e8450f3c3275b0846c0ea9bd1b9e8eb349291b5f

SHA512
56e97fecde108939c6b4016dfda989eff8cfe3f267825a6327d2e58a8f99d66ddad256380db79adae73576841cc102ed70b06121f615bde7ae3c176ea5c6eb79

Download Submit
C:\Users\Admin\Downloads\windowsdesktop-runtime-6.0.21-win-x64.exe

Filesize
48.9MB

MD5
d09c6c0a4fb5ef62693f433f42296dfe

SHA1
5f33f602d5e196eed54bf5cddd655929a1bfd9d2

SHA256
d513a1eb24cc17ebd1e31591d48582944f2c5647a593fba8401f880589b9c689

SHA512
de8a5a70e8147c54e42faf16a53d117450bf1f7ad26f2de21608cbabbd722de3b3a0427e716ca5371e347881dae1b8113e2ffbe7e046ef524d64512792f93253

Download Submit
C:\Users\Admin\Downloads\windowsdesktop-runtime-6.0.21-win-x64.exe

Filesize
53.8MB

MD5
4089ae65ca5f5b63f2aa327f3f21bebb

SHA1
f79580d6fc9eab26daa5546e7ae8f84d8b0f1d24

SHA256
94d1de5afcd1d63cfcac51d71d98a656b6c22837950c8f5508c6763f96143cc4

SHA512
1992b327cbbab79b4bdf2d45d13657820d4196e385f8feed7807e08364ad4d3e59d76060b1ba3b80434db2db48861a875f35c06ff306d2233b889512952442b2

Download Submit
C:\Users\Admin\Downloads\windowsdesktop-runtime-6.0.21-win-x64.exe

Filesize
54.5MB

MD5
f9dbdc5bf48767fa8071e5e6de9c38c6

SHA1
a5c9c345cfd46802205dfedd727ecde0aad87548

SHA256
ef7a93f3b3e8ee86d88d53654ca5a3fc56b3cbb69ff8b8209aa1a0d2a4339f0d

SHA512
b924b564a1138b41ad151e0179f573c077e01cf57e88c311c0bc9abd6614d2895ccbf95b0a3d8ceca85545c27be8d423d850b0d925e1dad8a633627277ea6ec8

Download Submit
C:\Users\Admin\Downloads\windowsdesktop-runtime-6.0.21-win-x64.exe

Filesize
53.9MB

MD5
50cc244096cf64fdc3a246496cdd5c47

SHA1
6c7b398969678b81032e98b0453d9ae99ba133e9

SHA256
f9cfd156f4b62ea0c661d89f3f907d2cccadec42d470ae9e4ba55a828a0d370a

SHA512
847e7c9ee9d4049e51b80de700440be60ed5b0c29d208e0ac4a79a2af4a7d84071de366f604e916b434371c316a14de502c99dd0ed363ab1681169d923043e94

Download Submit
C:\Users\Admin\Downloads\windowsdesktop-runtime-6.0.21-win-x64.exe

Filesize
53.6MB

MD5
2d3f0891dc617cf1b655c30594de7ee0

SHA1
d05be8c67cd5429a2774839255a9a7e8088de832

SHA256
9bbb23de82cebae89493ff65f32928d0d1fca950f24315ff541efc6b8120251c

SHA512
fe7b2d4a6e28ec00a70e75ba1294aa2e9a908f3487a0ac74034967091cf86506dbe64cfc6db7c160661f0c83059a06702425baebc13dd895a580840b78607f3c

Download Submit
C:\Users\Admin\Downloads\windowsdesktop-runtime-6.0.21-win-x64.exe

Filesize
53.6MB

MD5
4abd4cf66707e3bfc1158dfb83337ed9

SHA1
61d4d8e0b8e8c2d947af1ec357133a3380296c2f

SHA256
22042c8f54c3611da44e82e7402cc9b6c155c83874a5cb8ab8b3c6e199899ca0

SHA512
93bccc3e23f6daa9d88e3ecce44f6f6c89e9cec104a61359a221f1416553944fcbd5de8222cea5f54af8d1a85219c4f6622da6f86b01a1a27ef42445e0236699

Download Submit
C:\Users\Admin\Downloads\windowsdesktop-runtime-6.0.21-win-x64.exe

Filesize
54.7MB

MD5
1a6d60add2d112dd73e83fb46dca474d

SHA1
8b374a54f508cfdb8c8176bfaef96f37edf7170b

SHA256
aa0c922c9c65f11b75747343b4711a0bdc8dc8ac1bd38da7c3ecd01ce28c8545

SHA512
49192c5141bb04dc19483e8b1adec9c6f56fa54ef8c55e2f4fa4aae73abf9119bb7b1dff3d8f9b3307c50de8989669398a5f6d8dc4323b81b6a1def5ee6c6e79

Download Submit
C:\Windows\Temp\{032DDE1B-9689-4736-BCD7-C87E24D8E208}\.ba\wixstdba.dll

Filesize
197KB

MD5
4356ee50f0b1a878e270614780ddf095

SHA1
b5c0915f023b2e4ed3e122322abc40c4437909af

SHA256
41a8787fdc9467f563438daba4131191aa1eb588a81beb9a89fe8bd886c16104

SHA512
b9e482efe9189683dabfc9feff8b386d7eba4ecf070f42a1eebee6052cfb181a19497f831f1ea6429cfcce1d4865a5d279b24bd738d702902e9887bb9f0c4691

Download Submit
C:\Windows\Temp\{347A4F3D-0E4C-4E17-9860-F4C80CEDCB86}\.cr\windowsdesktop-runtime-6.0.21-win-x64.exe

Filesize
610KB

MD5
ff67a2a55ed6998ab527273d547fc00f

SHA1
852712b95ca05de8f336f07ff9ac672281b91215

SHA256
71dc12e39274b7a94f1a44b1ebe1a1507adf9884db5fdcd4cd9346b4c9fbe0c9

SHA512
48eb6bcb087d23ffb4e85501d23e55a4a15e8e0d2b4ca402a46df5946640f7e33c47deb785142af0fbc8cb10b6f9731500a370168cb43fd02642b29a880151d9

Download Submit
C:\Windows\Temp\{347A4F3D-0E4C-4E17-9860-F4C80CEDCB86}\.cr\windowsdesktop-runtime-6.0.21-win-x64.exe

Filesize
610KB

MD5
ff67a2a55ed6998ab527273d547fc00f

SHA1
852712b95ca05de8f336f07ff9ac672281b91215

SHA256
71dc12e39274b7a94f1a44b1ebe1a1507adf9884db5fdcd4cd9346b4c9fbe0c9

SHA512
48eb6bcb087d23ffb4e85501d23e55a4a15e8e0d2b4ca402a46df5946640f7e33c47deb785142af0fbc8cb10b6f9731500a370168cb43fd02642b29a880151d9

Download Submit
C:\Windows\Temp\{347A4F3D-0E4C-4E17-9860-F4C80CEDCB86}\.cr\windowsdesktop-runtime-6.0.21-win-x64.exe

Filesize
610KB

MD5
ff67a2a55ed6998ab527273d547fc00f

SHA1
852712b95ca05de8f336f07ff9ac672281b91215

SHA256
71dc12e39274b7a94f1a44b1ebe1a1507adf9884db5fdcd4cd9346b4c9fbe0c9

SHA512
48eb6bcb087d23ffb4e85501d23e55a4a15e8e0d2b4ca402a46df5946640f7e33c47deb785142af0fbc8cb10b6f9731500a370168cb43fd02642b29a880151d9

Download Submit
C:\Windows\Temp\{57350FB0-BF07-4878-9761-CE42A0C40765}\.ba\wixstdba.dll

Filesize
197KB

MD5
4356ee50f0b1a878e270614780ddf095

SHA1
b5c0915f023b2e4ed3e122322abc40c4437909af

SHA256
41a8787fdc9467f563438daba4131191aa1eb588a81beb9a89fe8bd886c16104

SHA512
b9e482efe9189683dabfc9feff8b386d7eba4ecf070f42a1eebee6052cfb181a19497f831f1ea6429cfcce1d4865a5d279b24bd738d702902e9887bb9f0c4691

Download Submit
C:\Windows\Temp\{5816CEAB-C9A6-4DDC-BD4E-8D2A908967B4}\.cr\windowsdesktop-runtime-6.0.21-win-x64.exe

Filesize
610KB

MD5
ff67a2a55ed6998ab527273d547fc00f

SHA1
852712b95ca05de8f336f07ff9ac672281b91215

SHA256
71dc12e39274b7a94f1a44b1ebe1a1507adf9884db5fdcd4cd9346b4c9fbe0c9

SHA512
48eb6bcb087d23ffb4e85501d23e55a4a15e8e0d2b4ca402a46df5946640f7e33c47deb785142af0fbc8cb10b6f9731500a370168cb43fd02642b29a880151d9

Download Submit
C:\Windows\Temp\{5816CEAB-C9A6-4DDC-BD4E-8D2A908967B4}\.cr\windowsdesktop-runtime-6.0.21-win-x64.exe

Filesize
610KB

MD5
ff67a2a55ed6998ab527273d547fc00f

SHA1
852712b95ca05de8f336f07ff9ac672281b91215

SHA256
71dc12e39274b7a94f1a44b1ebe1a1507adf9884db5fdcd4cd9346b4c9fbe0c9

SHA512
48eb6bcb087d23ffb4e85501d23e55a4a15e8e0d2b4ca402a46df5946640f7e33c47deb785142af0fbc8cb10b6f9731500a370168cb43fd02642b29a880151d9

Download Submit
C:\Windows\Temp\{59C9126E-6BF5-43FB-85AE-3BF627BF7231}\.cr\windowsdesktop-runtime-6.0.21-win-x64.exe

Filesize
610KB

MD5
ff67a2a55ed6998ab527273d547fc00f

SHA1
852712b95ca05de8f336f07ff9ac672281b91215

SHA256
71dc12e39274b7a94f1a44b1ebe1a1507adf9884db5fdcd4cd9346b4c9fbe0c9

SHA512
48eb6bcb087d23ffb4e85501d23e55a4a15e8e0d2b4ca402a46df5946640f7e33c47deb785142af0fbc8cb10b6f9731500a370168cb43fd02642b29a880151d9

Download Submit
C:\Windows\Temp\{59C9126E-6BF5-43FB-85AE-3BF627BF7231}\.cr\windowsdesktop-runtime-6.0.21-win-x64.exe

Filesize
610KB

MD5
ff67a2a55ed6998ab527273d547fc00f

SHA1
852712b95ca05de8f336f07ff9ac672281b91215

SHA256
71dc12e39274b7a94f1a44b1ebe1a1507adf9884db5fdcd4cd9346b4c9fbe0c9

SHA512
48eb6bcb087d23ffb4e85501d23e55a4a15e8e0d2b4ca402a46df5946640f7e33c47deb785142af0fbc8cb10b6f9731500a370168cb43fd02642b29a880151d9

Download Submit
C:\Windows\Temp\{6D837788-5764-4C01-A091-3212B37E4C9C}\.cr\windowsdesktop-runtime-6.0.21-win-x64.exe

Filesize
610KB

MD5
ff67a2a55ed6998ab527273d547fc00f

SHA1
852712b95ca05de8f336f07ff9ac672281b91215

SHA256
71dc12e39274b7a94f1a44b1ebe1a1507adf9884db5fdcd4cd9346b4c9fbe0c9

SHA512
48eb6bcb087d23ffb4e85501d23e55a4a15e8e0d2b4ca402a46df5946640f7e33c47deb785142af0fbc8cb10b6f9731500a370168cb43fd02642b29a880151d9

Download Submit
C:\Windows\Temp\{6D837788-5764-4C01-A091-3212B37E4C9C}\.cr\windowsdesktop-runtime-6.0.21-win-x64.exe

Filesize
610KB

MD5
ff67a2a55ed6998ab527273d547fc00f

SHA1
852712b95ca05de8f336f07ff9ac672281b91215

SHA256
71dc12e39274b7a94f1a44b1ebe1a1507adf9884db5fdcd4cd9346b4c9fbe0c9

SHA512
48eb6bcb087d23ffb4e85501d23e55a4a15e8e0d2b4ca402a46df5946640f7e33c47deb785142af0fbc8cb10b6f9731500a370168cb43fd02642b29a880151d9

Download Submit
C:\Windows\Temp\{7C4BA050-7E56-465E-86FB-F8C9C253949F}\.cr\windowsdesktop-runtime-6.0.21-win-x64.exe

Filesize
610KB

MD5
ff67a2a55ed6998ab527273d547fc00f

SHA1
852712b95ca05de8f336f07ff9ac672281b91215

SHA256
71dc12e39274b7a94f1a44b1ebe1a1507adf9884db5fdcd4cd9346b4c9fbe0c9

SHA512
48eb6bcb087d23ffb4e85501d23e55a4a15e8e0d2b4ca402a46df5946640f7e33c47deb785142af0fbc8cb10b6f9731500a370168cb43fd02642b29a880151d9

Download Submit
C:\Windows\Temp\{7C4BA050-7E56-465E-86FB-F8C9C253949F}\.cr\windowsdesktop-runtime-6.0.21-win-x64.exe

Filesize
610KB

MD5
ff67a2a55ed6998ab527273d547fc00f

SHA1
852712b95ca05de8f336f07ff9ac672281b91215

SHA256
71dc12e39274b7a94f1a44b1ebe1a1507adf9884db5fdcd4cd9346b4c9fbe0c9

SHA512
48eb6bcb087d23ffb4e85501d23e55a4a15e8e0d2b4ca402a46df5946640f7e33c47deb785142af0fbc8cb10b6f9731500a370168cb43fd02642b29a880151d9

Download Submit
C:\Windows\Temp\{8865F7B7-710B-4ACF-9A66-39B225F62CCD}\.ba\1028\thm.wxl

Filesize
5KB

MD5
b9428c94444693b5e3a392c8d0b95170

SHA1
0fb22d01f1c11cf74e844c19c96c41b1c0515d71

SHA256
c0413edfd13fd27eeab7b8ce60963668236466c48f4173c29f84093011c281af

SHA512
70212889f8f8a070fbcc81ef6121999518f2bc7ef369e2a38b3f0f825870e88b9327f837de884c52e6ac0a1c750f07121cd17edc2e932c993c73a43275ac1180

Download Submit
C:\Windows\Temp\{8865F7B7-710B-4ACF-9A66-39B225F62CCD}\.ba\1029\thm.wxl

Filesize
6KB

MD5
27411946ef45b3b8236319421770e5ad

SHA1
d00d3e2d4fa3429f2578325de364dfcce51d8fd4

SHA256
c92d3efd72d6d14148f9931128ee4143affd1da517eb358ab88ed4138c1434a4

SHA512
ff24b47504d6e752f1fa5bd388da75338078f72b5d17094d2bc9426b35a55de097629c3ec53356723253a8d7373dcb2b2d921bdf0be6fd4a524c9aa8913277eb

Download Submit
C:\Windows\Temp\{8865F7B7-710B-4ACF-9A66-39B225F62CCD}\.ba\1031\thm.wxl

Filesize
6KB

MD5
b45249a2238a5568b377e58d4ce89e9a

SHA1
57a68133af7ef4062559d9144d9cda4aa28722fb

SHA256
0c4203a81dcd01d53378036af78cffcf9e9a5af7754dfbdd56584ae74c21cc61

SHA512
6485548b9f4e0cdbd2876b0fc4dca5c125d260e237e994ee67823edc72c358cdad4e1170df62e67a0d1249f54ee6bea26741cbf8eafe952154e182008f31665b

Download Submit
C:\Windows\Temp\{8865F7B7-710B-4ACF-9A66-39B225F62CCD}\.ba\1036\thm.wxl

Filesize
6KB

MD5
9f779700ff90df7211ae3a3340ddd5fc

SHA1
a4e05d7a489b095af4805660d7bab4f2da3af34c

SHA256
6af5c2bc88b1e5ce188a97dd9204061d66369ec2689b3657aff1dc6188f44f22

SHA512
5dca90fdb1b498bc982cc8489dd13ed492a7856b701d9fb43d46ef01d40b49d9888e7ac35bb5962dcf72241f05a4e006130f94372a7c4d7542b708e71b0663a4

Download Submit
C:\Windows\Temp\{8865F7B7-710B-4ACF-9A66-39B225F62CCD}\.ba\1040\thm.wxl

Filesize
6KB

MD5
347be63418f507e7f2a086726e96fca8

SHA1
e42e9ebfa654134cf243841beed2370ba12a627d

SHA256
344acd0d3665ba489eb30ebc0f902c625e1ad33a4e2b5ba7cdd7e463658d5557

SHA512
3bba2e5a3f5407274eddb076702e640646dfc7ef43ad9f08c05e99f0ecca67e6f9de2dbe4e3743a74107165b935d36c979cee23a22adcf6139d5bec47b541325

Download Submit
C:\Windows\Temp\{8865F7B7-710B-4ACF-9A66-39B225F62CCD}\.ba\1041\thm.wxl

Filesize
6KB

MD5
e5fd798d4bbdd419a602423a699e2854

SHA1
2ece478d5ce4de0c0a864f14cea6bd365f008d81

SHA256
00aec52b4564bc07302881fcfd510f7cca535ac9e05cfd95a86738171626f6c4

SHA512
ab3b93b635211f112d8d820861fe77e9d7c67018688a6a2a1b82532ea9a97609f02e7e9b0dc658202ce0441554a3cb2622f6edc61456e0d250aa8f3df4bcbbf5

Download Submit
C:\Windows\Temp\{8865F7B7-710B-4ACF-9A66-39B225F62CCD}\.ba\1042\thm.wxl

Filesize
6KB

MD5
f59a0369a337b58a797ddbb5ebbdcadc

SHA1
4e6c9501ed901b5c1d4b6713a632e899d223679b

SHA256
1b1b0700aa6677afe3581b8b3f4934bf85f4750c544a108e1d5f1b688078e1cf

SHA512
b12134295dddf5fc4f63e23c98c837aa02e5fcff5191087fdc7c0b044f472487987966282b8955421dbfd480707305e0e7af65f307655f876615ab36c24786b8

Download Submit
C:\Windows\Temp\{8865F7B7-710B-4ACF-9A66-39B225F62CCD}\.ba\1045\thm.wxl

Filesize
6KB

MD5
8cfbee02f1c88567cd9aa747ff27182e

SHA1
ed18f294ec1e36629900db42797f1499db080f4f

SHA256
d92b3838de7a1685ccbd04fc9c123704fbd198bfd284d8faece4a3663494e75a

SHA512
63c53c29382badb2aecfb67284755cae978af114f957a1b3466b91de8559d6dd4b2bd4b993589e3ad25ab316e90d2c99479a4589057dc8b80c88bb552e7ea519

Download Submit
C:\Windows\Temp\{8865F7B7-710B-4ACF-9A66-39B225F62CCD}\.ba\1046\thm.wxl

Filesize
5KB

MD5
88cb193f0b0c15023d789e0f8fce3e03

SHA1
38e1390a410d751c6376f5e23a0933fa08c8aec5

SHA256
4d6a2d306abe77e7dbdb2609f6198b4cf99b3f9dc15b9dc72951592ad2f64384

SHA512
b894e05c79c95d03481211de8fcde00d79767ad3b3483ac95d8b16421d719473d7a9829d996b60ec1abc3830048feea1cf49bacaaa3adda0dfd5971ec2ea5f1a

Download Submit
C:\Windows\Temp\{8865F7B7-710B-4ACF-9A66-39B225F62CCD}\.ba\1049\thm.wxl

Filesize
7KB

MD5
1d628f2e1dbaa25bdd8cf2d7f2a9caf2

SHA1
5c4f2a69772a20088779e7288fb37cfb6eaf4c42

SHA256
c7cc8e0bdd4f82da33984f553b576412df69c5e1e5b8479542d024cb6b41d050

SHA512
f6d3969f48b42a2f6eed8efda3a9eb5f5d9a4b69c6039bd7eb72cdb1e01b2c69dc4becaa8133b7ddd7a6325cbb17bc56fb11bafa7fadfd1afa9a84b6fe3ca0ec

Download Submit
C:\Windows\Temp\{8865F7B7-710B-4ACF-9A66-39B225F62CCD}\.ba\1055\thm.wxl

Filesize
6KB

MD5
2897baec061b9a89661744685fe3c217

SHA1
904753d6daf2ee3a05319f045e4f2028a8ab576c

SHA256
285e32e649eb71a68f29bca7321a6cade50d79f94dd89e50ece1197dd70e7633

SHA512
574f3fec930cf960dd9725ce1298501d7ad88ac59efcfb61032a2c3f3bbb12ef91bbc1ca63d1516dad93fa202c25655754ae1c5bc6607b5ca7a0209f7a55576e

Download Submit
C:\Windows\Temp\{8865F7B7-710B-4ACF-9A66-39B225F62CCD}\.ba\2052\thm.wxl

Filesize
5KB

MD5
ed946a363e47dcc77017ec10b1032c54

SHA1
c37b26426b51f9e5f405ef7798833fc017e653d4

SHA256
3bb9ce59ba1c4b76fa6b35f544e2b04c85387053edd8b25d8c8d4fe637fb0a85

SHA512
fc65e04a87e5add299b71f1332d47f9e4d46f7f97139bbaf101ce0a1d7df9d7db8c33e4625ca9748c7607f4d43ff93e612b57acd38dd5264fc6924446bf881be

Download Submit
C:\Windows\Temp\{8865F7B7-710B-4ACF-9A66-39B225F62CCD}\.ba\3082\thm.wxl

Filesize
5KB

MD5
1474c297b47c24d9e8e937ccbf50c4b2

SHA1
012226924911c23dcc220bd653c329a304b2ba58

SHA256
fab76fa9382a7793309c9b07d5baaa3efd8553172d46f8b69e22e30b635bb146

SHA512
3428682ed3ec803e709b30251c4233db7c825eefbfd718777211b6b80cd5ee36cba1d08850e6294d4c4148e8d640171fd62764cbedd7c9ac3bd628b48bf010f5

Download Submit
C:\Windows\Temp\{8865F7B7-710B-4ACF-9A66-39B225F62CCD}\.ba\BootstrapperApplicationData.xml

Filesize
7KB

MD5
de005641ab9a99cc76554d822022750e

SHA1
c4b5b32bc1c2b471f4882f9a129ae69b1b8a40dc

SHA256
78dba60583ad646fc568a0cb2ba39cc8fbd9da089d0572497910236954d856b5

SHA512
3f55dd09bc21e8ae8542036ea6a3f3a6e90e9543adfcd6a1e67ac1bfa2b9cfeb7b99dd0e076b7ab17c858bd3711e09adb793c6132517f04b8e9f5962c00cbc1a

Download Submit
C:\Windows\Temp\{8865F7B7-710B-4ACF-9A66-39B225F62CCD}\.ba\bg.png

Filesize
4KB

MD5
9eb0320dfbf2bd541e6a55c01ddc9f20

SHA1
eb282a66d29594346531b1ff886d455e1dcd6d99

SHA256
9095bf7b6baa0107b40a4a6d727215be077133a190f4ca9bd89a176842141e79

SHA512
9ada3a1757a493fbb004bd767fab8f77430af69d71479f340b8b8ede904cc94cd733700db593a4a2d2e1184c0081fd0648318d867128e1cb461021314990931d

Download Submit
C:\Windows\Temp\{8865F7B7-710B-4ACF-9A66-39B225F62CCD}\.ba\eula.rtf

Filesize
46KB

MD5
cc06442cfc33d0ae6509143325c05110

SHA1
fc635958a57b88f63545cbee1a37e3458cc547b0

SHA256
72f2e7b06c562f1dd6cb3f6efdccd9ae620a183e598856ab3cba6d712254824a

SHA512
4d8a79347104501d89150a738de24f700dc5d54d7cb05359c853a1189bf12b42e53b9e0b0d4a963c6aaa027d46d80a01ab2740bee5d145c3597f1a7efb48d4a9

Download Submit
C:\Windows\Temp\{8865F7B7-710B-4ACF-9A66-39B225F62CCD}\.ba\thm.xml

Filesize
11KB

MD5
302563a713b142ee41b59e3eeac53a90

SHA1
1340e90cc3c6c5fc19a7feb61d7779f4a4f0fdb5

SHA256
83ca096f7ba2c83fc3b3aeb697b8139a788fa35eb8632943e26bb9fff7c78e63

SHA512
c9d4dfc20802bb542178300d1044bb94b35593b834ab0b50875a32953f890e48da456199128500e2c1fee26eaaf8c2c4fcaffb308b37914215f900cdd5c4cbc8

Download Submit
C:\Windows\Temp\{8865F7B7-710B-4ACF-9A66-39B225F62CCD}\.ba\wixstdba.dll

Filesize
197KB

MD5
4356ee50f0b1a878e270614780ddf095

SHA1
b5c0915f023b2e4ed3e122322abc40c4437909af

SHA256
41a8787fdc9467f563438daba4131191aa1eb588a81beb9a89fe8bd886c16104

SHA512
b9e482efe9189683dabfc9feff8b386d7eba4ecf070f42a1eebee6052cfb181a19497f831f1ea6429cfcce1d4865a5d279b24bd738d702902e9887bb9f0c4691

Download Submit
C:\Windows\Temp\{8865F7B7-710B-4ACF-9A66-39B225F62CCD}\.ba\wixstdba.dll

Filesize
197KB

MD5
4356ee50f0b1a878e270614780ddf095

SHA1
b5c0915f023b2e4ed3e122322abc40c4437909af

SHA256
41a8787fdc9467f563438daba4131191aa1eb588a81beb9a89fe8bd886c16104

SHA512
b9e482efe9189683dabfc9feff8b386d7eba4ecf070f42a1eebee6052cfb181a19497f831f1ea6429cfcce1d4865a5d279b24bd738d702902e9887bb9f0c4691

Download Submit
C:\Windows\Temp\{8FA89580-CB68-4676-8058-92F38B25823C}\.ba\thm.wxl

Filesize
5KB

MD5
d5070cb3387a0a22b7046ae5ab53f371

SHA1
bc9da146a42bbf9496de059ac576869004702a97

SHA256
81a68046b06e09385be8449373e7ceb9e79f7724c3cf11f0b18a4489a8d4926a

SHA512
8fcf621fb9ce74725c3712e06e5b37b619145078491e828c6069e153359de3bd5486663b1fa6f3bcf1c994d5c556b9964ea1a1355100a634a6c700ef37d381e3

Download Submit
C:\Windows\Temp\{8FA89580-CB68-4676-8058-92F38B25823C}\.ba\wixstdba.dll

Filesize
197KB

MD5
4356ee50f0b1a878e270614780ddf095

SHA1
b5c0915f023b2e4ed3e122322abc40c4437909af

SHA256
41a8787fdc9467f563438daba4131191aa1eb588a81beb9a89fe8bd886c16104

SHA512
b9e482efe9189683dabfc9feff8b386d7eba4ecf070f42a1eebee6052cfb181a19497f831f1ea6429cfcce1d4865a5d279b24bd738d702902e9887bb9f0c4691

Download Submit
C:\Windows\Temp\{9ACDBDD4-4536-451C-8F9C-177116D82054}\.ba\wixstdba.dll

Filesize
197KB

MD5
4356ee50f0b1a878e270614780ddf095

SHA1
b5c0915f023b2e4ed3e122322abc40c4437909af

SHA256
41a8787fdc9467f563438daba4131191aa1eb588a81beb9a89fe8bd886c16104

SHA512
b9e482efe9189683dabfc9feff8b386d7eba4ecf070f42a1eebee6052cfb181a19497f831f1ea6429cfcce1d4865a5d279b24bd738d702902e9887bb9f0c4691

Download Submit
C:\Windows\Temp\{9ACDBDD4-4536-451C-8F9C-177116D82054}\.be\windowsdesktop-runtime-6.0.21-win-x64.exe

Filesize
610KB

MD5
ff67a2a55ed6998ab527273d547fc00f

SHA1
852712b95ca05de8f336f07ff9ac672281b91215

SHA256
71dc12e39274b7a94f1a44b1ebe1a1507adf9884db5fdcd4cd9346b4c9fbe0c9

SHA512
48eb6bcb087d23ffb4e85501d23e55a4a15e8e0d2b4ca402a46df5946640f7e33c47deb785142af0fbc8cb10b6f9731500a370168cb43fd02642b29a880151d9

Download Submit
C:\Windows\Temp\{9ACDBDD4-4536-451C-8F9C-177116D82054}\.be\windowsdesktop-runtime-6.0.21-win-x64.exe

Filesize
610KB

MD5
ff67a2a55ed6998ab527273d547fc00f

SHA1
852712b95ca05de8f336f07ff9ac672281b91215

SHA256
71dc12e39274b7a94f1a44b1ebe1a1507adf9884db5fdcd4cd9346b4c9fbe0c9

SHA512
48eb6bcb087d23ffb4e85501d23e55a4a15e8e0d2b4ca402a46df5946640f7e33c47deb785142af0fbc8cb10b6f9731500a370168cb43fd02642b29a880151d9

Download Submit
C:\Windows\Temp\{9ACDBDD4-4536-451C-8F9C-177116D82054}\dotnet_host_6.0.21_win_x64.msi

Filesize
736KB

MD5
12b8c5914e56f4bd933c8490f7f6cd45

SHA1
2ec135cdd97adbcfe7decb04f1a5e95b6f0614e3

SHA256
3b83682de5bfeabde75ffc34330f470df11ce5e62c2509c50b3e48e35130fa51

SHA512
ecc9ddd52d097ca6f643f7ce78399b01d37e776e30abb8b82b6278711716e6893528340b6719f8287848931759ae41427c252cb00df97742583dbe5d7ea4277a

Download Submit
C:\Windows\Temp\{9ACDBDD4-4536-451C-8F9C-177116D82054}\dotnet_hostfxr_6.0.21_win_x64.msi

Filesize
804KB

MD5
5dce0ef6b5d0bd2b850106a22b5e0264

SHA1
263cfbd815de6b877d084ab4b3d2f878d71c9b1f

SHA256
c98010f7c473bdb2a182e61aae35a20c044006fee26ffb378346cbdf255d2736

SHA512
fc7297d142cf8d0247ac86732182a031e819a4fc41b034d1b9a7dba5cdb56d73e158dd57132b6a083b3f6184859b4dca4a1a21205f6d11b2be6ca3913e89891b

Download Submit
C:\Windows\Temp\{9ACDBDD4-4536-451C-8F9C-177116D82054}\dotnet_runtime_6.0.21_win_x64.msi

Filesize
2.8MB

MD5
81dce58d30d65204fa28ae1e54a0f6d4

SHA1
324ffad59a640434eb045c964778861efa9ff167

SHA256
573bb19a86ba30a0e2e1db4cab2d6ed863434a5eb04f9cf2b416c759fa571359

SHA512
ae689774a0f5f85270950ac4245766381e352fc07f8df363a99770ce1a0ea0cc25e5e125e0feba0d09e5be981b2ebc7199c8d29adc9cf5c22e469c82d2e847d4

Download Submit
C:\Windows\Temp\{9ACDBDD4-4536-451C-8F9C-177116D82054}\windowsdesktop_runtime_6.0.21_win_x64.msi

Filesize
6.1MB

MD5
744f87990510da0e4fa731b649dc1ce4

SHA1
0fb949e783f3eb0de53ee8f27389c22f24d7533d

SHA256
4fe00515e436c7c1c2791c2c46843e51644e1a60f06296a34b24a9de555f76b5

SHA512
e8e7f3cd4ec930967a0ee31ec050a9e22e6f3948a8f94de9870ffeb9f2a7ed549e036ff4b5dbd759f4ed96b01284463edb273867b0cb30821c9d776e1318757a

Download Submit
C:\Windows\Temp\{AA83BE4F-FEC2-4DAD-95D7-2B3DA776CD59}\.ba\wixstdba.dll

Filesize
197KB

MD5
4356ee50f0b1a878e270614780ddf095

SHA1
b5c0915f023b2e4ed3e122322abc40c4437909af

SHA256
41a8787fdc9467f563438daba4131191aa1eb588a81beb9a89fe8bd886c16104

SHA512
b9e482efe9189683dabfc9feff8b386d7eba4ecf070f42a1eebee6052cfb181a19497f831f1ea6429cfcce1d4865a5d279b24bd738d702902e9887bb9f0c4691

Download Submit
C:\Windows\Temp\{AF40A983-49C8-4F7A-A0C6-33BFB06230E2}\.cr\windowsdesktop-runtime-6.0.21-win-x64.exe

Filesize
610KB

MD5
ff67a2a55ed6998ab527273d547fc00f

SHA1
852712b95ca05de8f336f07ff9ac672281b91215

SHA256
71dc12e39274b7a94f1a44b1ebe1a1507adf9884db5fdcd4cd9346b4c9fbe0c9

SHA512
48eb6bcb087d23ffb4e85501d23e55a4a15e8e0d2b4ca402a46df5946640f7e33c47deb785142af0fbc8cb10b6f9731500a370168cb43fd02642b29a880151d9

Download Submit
C:\Windows\Temp\{AF40A983-49C8-4F7A-A0C6-33BFB06230E2}\.cr\windowsdesktop-runtime-6.0.21-win-x64.exe

Filesize
610KB

MD5
ff67a2a55ed6998ab527273d547fc00f

SHA1
852712b95ca05de8f336f07ff9ac672281b91215

SHA256
71dc12e39274b7a94f1a44b1ebe1a1507adf9884db5fdcd4cd9346b4c9fbe0c9

SHA512
48eb6bcb087d23ffb4e85501d23e55a4a15e8e0d2b4ca402a46df5946640f7e33c47deb785142af0fbc8cb10b6f9731500a370168cb43fd02642b29a880151d9

Download Submit
C:\Windows\Temp\{B6A8E24B-EA98-44FD-87E8-62956133F818}\.ba\wixstdba.dll

Filesize
197KB

MD5
4356ee50f0b1a878e270614780ddf095

SHA1
b5c0915f023b2e4ed3e122322abc40c4437909af

SHA256
41a8787fdc9467f563438daba4131191aa1eb588a81beb9a89fe8bd886c16104

SHA512
b9e482efe9189683dabfc9feff8b386d7eba4ecf070f42a1eebee6052cfb181a19497f831f1ea6429cfcce1d4865a5d279b24bd738d702902e9887bb9f0c4691

Download Submit
C:\Windows\Temp\{CC204373-4713-48A0-ABAE-2A173D142599}\.cr\windowsdesktop-runtime-6.0.21-win-x64.exe

Filesize
610KB

MD5
ff67a2a55ed6998ab527273d547fc00f

SHA1
852712b95ca05de8f336f07ff9ac672281b91215

SHA256
71dc12e39274b7a94f1a44b1ebe1a1507adf9884db5fdcd4cd9346b4c9fbe0c9

SHA512
48eb6bcb087d23ffb4e85501d23e55a4a15e8e0d2b4ca402a46df5946640f7e33c47deb785142af0fbc8cb10b6f9731500a370168cb43fd02642b29a880151d9

Download Submit
C:\Windows\Temp\{CC204373-4713-48A0-ABAE-2A173D142599}\.cr\windowsdesktop-runtime-6.0.21-win-x64.exe

Filesize
610KB

MD5
ff67a2a55ed6998ab527273d547fc00f

SHA1
852712b95ca05de8f336f07ff9ac672281b91215

SHA256
71dc12e39274b7a94f1a44b1ebe1a1507adf9884db5fdcd4cd9346b4c9fbe0c9

SHA512
48eb6bcb087d23ffb4e85501d23e55a4a15e8e0d2b4ca402a46df5946640f7e33c47deb785142af0fbc8cb10b6f9731500a370168cb43fd02642b29a880151d9

Download Submit