Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system -
submitted
22/02/2024, 17:49
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://nova.fnbuilds.services/Installer/2.4/NovaInstaller.exe
Resource
win10v2004-20240221-en
General
-
Target
https://nova.fnbuilds.services/Installer/2.4/NovaInstaller.exe
Malware Config
Signatures
-
Downloads MZ/PE file
-
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000\Control Panel\International\Geo\Nation vc_redist.x64.exe Key value queried \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000\Control Panel\International\Geo\Nation dotnet-sdk-6.0.405-win-x64.exe -
Executes dropped EXE 7 IoCs
pid Process 4736 NovaInstaller.exe 3304 vc_redist.x64.exe 2604 vc_redist.x64.exe 3984 VC_redist.x64.exe 2320 dotnet-sdk-6.0.405-win-x64.exe 3116 dotnet-sdk-6.0.405-win-x64.exe 4444 dotnet-sdk-6.0.413-win-x86.exe -
Loads dropped DLL 17 IoCs
pid Process 4736 NovaInstaller.exe 4736 NovaInstaller.exe 4736 NovaInstaller.exe 2604 vc_redist.x64.exe 5616 VC_redist.x64.exe 3116 dotnet-sdk-6.0.405-win-x64.exe 5272 MsiExec.exe 4584 MsiExec.exe 5284 MsiExec.exe 1036 MsiExec.exe 1776 MsiExec.exe 936 MsiExec.exe 3040 MsiExec.exe 408 MsiExec.exe 3648 MsiExec.exe 668 MsiExec.exe 2536 MsiExec.exe -
Adds Run key to start application 2 TTPs 2 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{c649ede4-f16a-4486-a117-dcc2f2a35165} = "\"C:\\ProgramData\\Package Cache\\{c649ede4-f16a-4486-a117-dcc2f2a35165}\\VC_redist.x64.exe\" /burn.runonce" VC_redist.x64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{901a4233-9860-4dd0-bb2d-0d86482fc5bd} = "\"C:\\ProgramData\\Package Cache\\{901a4233-9860-4dd0-bb2d-0d86482fc5bd}\\dotnet-sdk-6.0.413-win-x86.exe\" /burn.runonce" dotnet-sdk-6.0.413-win-x86.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\K: msiexec.exe File opened (read-only) \??\M: msiexec.exe File opened (read-only) \??\S: msiexec.exe File opened (read-only) \??\B: msiexec.exe File opened (read-only) \??\I: msiexec.exe File opened (read-only) \??\O: msiexec.exe File opened (read-only) \??\Q: msiexec.exe File opened (read-only) \??\X: msiexec.exe File opened (read-only) \??\Y: msiexec.exe File opened (read-only) \??\Z: msiexec.exe File opened (read-only) \??\E: msiexec.exe File opened (read-only) \??\H: msiexec.exe File opened (read-only) \??\J: msiexec.exe File opened (read-only) \??\U: msiexec.exe File opened (read-only) \??\V: msiexec.exe File opened (read-only) \??\W: msiexec.exe File opened (read-only) \??\T: msiexec.exe File opened (read-only) \??\A: msiexec.exe File opened (read-only) \??\G: msiexec.exe File opened (read-only) \??\L: msiexec.exe File opened (read-only) \??\N: msiexec.exe File opened (read-only) \??\P: msiexec.exe File opened (read-only) \??\R: msiexec.exe -
Drops file in System32 directory 51 IoCs
description ioc Process File opened for modification C:\Windows\system32\concrt140.dll msiexec.exe File opened for modification C:\Windows\system32\mfc140esn.dll msiexec.exe File opened for modification C:\Windows\system32\msvcp140_codecvt_ids.dll msiexec.exe File opened for modification C:\Windows\system32\vcamp140.dll msiexec.exe File created C:\Windows\system32\vcamp140.dll msiexec.exe File created C:\Windows\system32\vcomp140.dll msiexec.exe File created C:\Windows\system32\vcruntime140.dll msiexec.exe File opened for modification C:\Windows\system32\mfc140ita.dll msiexec.exe File opened for modification C:\Windows\system32\mfc140rus.dll msiexec.exe File opened for modification C:\Windows\system32\msvcp140_2.dll msiexec.exe File created C:\Windows\system32\vcruntime140_threads.dll msiexec.exe File opened for modification C:\Windows\system32\mfc140deu.dll msiexec.exe File created C:\Windows\system32\mfc140deu.dll msiexec.exe File created C:\Windows\system32\mfc140fra.dll msiexec.exe File created C:\Windows\system32\vcruntime140_1.dll msiexec.exe File opened for modification C:\Windows\system32\mfc140cht.dll msiexec.exe File opened for modification C:\Windows\system32\mfc140jpn.dll msiexec.exe File created C:\Windows\system32\mfc140jpn.dll msiexec.exe File created C:\Windows\system32\mfc140rus.dll msiexec.exe File created C:\Windows\system32\mfc140kor.dll msiexec.exe File created C:\Windows\system32\mfcm140u.dll msiexec.exe File opened for modification C:\Windows\system32\msvcp140_atomic_wait.dll msiexec.exe File created C:\Windows\system32\msvcp140_2.dll msiexec.exe File opened for modification C:\Windows\system32\mfc140chs.dll msiexec.exe File opened for modification C:\Windows\system32\mfc140enu.dll msiexec.exe File opened for modification C:\Windows\system32\mfc140fra.dll msiexec.exe File created C:\Windows\system32\mfc140.dll msiexec.exe File opened for modification C:\Windows\system32\vcomp140.dll msiexec.exe File created C:\Windows\system32\msvcp140_1.dll msiexec.exe File opened for modification C:\Windows\system32\mfc140u.dll msiexec.exe File created C:\Windows\system32\mfc140cht.dll msiexec.exe File created C:\Windows\system32\mfcm140.dll msiexec.exe File opened for modification C:\Windows\system32\vcruntime140.dll msiexec.exe File opened for modification C:\Windows\system32\mfc140kor.dll msiexec.exe File created C:\Windows\system32\mfc140esn.dll msiexec.exe File opened for modification C:\Windows\system32\msvcp140_1.dll msiexec.exe File created C:\Windows\system32\msvcp140_atomic_wait.dll msiexec.exe File created C:\Windows\system32\vccorlib140.dll msiexec.exe File opened for modification C:\Windows\system32\vcruntime140_1.dll msiexec.exe File created C:\Windows\system32\concrt140.dll msiexec.exe File created C:\Windows\system32\msvcp140.dll msiexec.exe File created C:\Windows\system32\msvcp140_codecvt_ids.dll msiexec.exe File created C:\Windows\system32\mfc140enu.dll msiexec.exe File created C:\Windows\system32\mfc140u.dll msiexec.exe File opened for modification C:\Windows\system32\msvcp140.dll msiexec.exe File opened for modification C:\Windows\system32\mfcm140.dll msiexec.exe File opened for modification C:\Windows\system32\mfcm140u.dll msiexec.exe File opened for modification C:\Windows\system32\vccorlib140.dll msiexec.exe File opened for modification C:\Windows\system32\mfc140.dll msiexec.exe File created C:\Windows\system32\mfc140ita.dll msiexec.exe File created C:\Windows\system32\mfc140chs.dll msiexec.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files (x86)\dotnet\packs\Microsoft.NETCore.App.Ref\6.0.21\ref\net6.0\System.dll msiexec.exe File created C:\Program Files (x86)\dotnet\packs\Microsoft.WindowsDesktop.App.Ref\6.0.21\ref\net6.0\System.Windows.Extensions.dll msiexec.exe File created C:\Program Files (x86)\dotnet\packs\Microsoft.AspNetCore.App.Ref\6.0.21\ref\net6.0\Microsoft.AspNetCore.Mvc.Abstractions.xml msiexec.exe File created C:\Program Files (x86)\dotnet\packs\Microsoft.AspNetCore.App.Ref\6.0.21\ref\net6.0\Microsoft.Extensions.FileSystemGlobbing.dll msiexec.exe File created C:\Program Files (x86)\dotnet\templates\6.0.21\microsoft.dotnet.winforms.projecttemplates.6.0.21-servicing.23364.6.nupkg msiexec.exe File created C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\6.0.21\api-ms-win-core-libraryloader-l1-1-0.dll msiexec.exe File created C:\Program Files (x86)\dotnet\packs\NETStandard.Library.Ref\2.1.0\ref\netstandard2.1\System.IO.Compression.FileSystem.dll msiexec.exe File created C:\Program Files (x86)\dotnet\packs\NETStandard.Library.Ref\2.1.0\ref\netstandard2.1\System.Security.Cryptography.Primitives.dll msiexec.exe File created C:\Program Files (x86)\dotnet\packs\Microsoft.AspNetCore.App.Ref\6.0.21\ref\net6.0\Microsoft.AspNetCore.Connections.Abstractions.dll msiexec.exe File created C:\Program Files (x86)\dotnet\packs\Microsoft.AspNetCore.App.Ref\6.0.21\ref\net6.0\Microsoft.AspNetCore.Authentication.OAuth.dll msiexec.exe File created C:\Program Files (x86)\dotnet\packs\Microsoft.AspNetCore.App.Ref\6.0.21\ref\net6.0\Microsoft.AspNetCore.Components.xml msiexec.exe File created C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\6.0.21\System.Security.AccessControl.dll msiexec.exe File created C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.21\tr\ReachFramework.resources.dll msiexec.exe File created C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.21\es\System.Windows.Input.Manipulations.resources.dll msiexec.exe File created C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.21\cs\System.Windows.Forms.resources.dll msiexec.exe File created C:\Program Files (x86)\dotnet\packs\Microsoft.AspNetCore.App.Ref\6.0.21\ref\net6.0\Microsoft.AspNetCore.Cryptography.Internal.dll msiexec.exe File created C:\Program Files (x86)\dotnet\packs\Microsoft.AspNetCore.App.Ref\6.0.21\ref\net6.0\Microsoft.Extensions.Configuration.dll msiexec.exe File created C:\Program Files (x86)\dotnet\packs\NETStandard.Library.Ref\2.1.0\ref\netstandard2.1\System.Threading.ThreadPool.dll msiexec.exe File created C:\Program Files (x86)\dotnet\packs\Microsoft.NETCore.App.Host.win-arm\6.0.21\runtimes\win-arm\native\nethost.lib msiexec.exe File created C:\Program Files (x86)\dotnet\packs\Microsoft.AspNetCore.App.Ref\6.0.21\ref\net6.0\Microsoft.AspNetCore.Hosting.Server.Abstractions.dll msiexec.exe File created C:\Program Files (x86)\dotnet\packs\Microsoft.AspNetCore.App.Ref\6.0.21\ref\net6.0\Microsoft.Extensions.Configuration.Abstractions.dll msiexec.exe File created C:\Program Files (x86)\dotnet\packs\Microsoft.AspNetCore.App.Ref\6.0.21\ref\net6.0\Microsoft.AspNetCore.Mvc.Cors.dll msiexec.exe File created C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\6.0.21\System.Threading.Thread.dll msiexec.exe File created C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\6.0.21\mscordaccore.dll msiexec.exe File created C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.21\UIAutomationProvider.dll msiexec.exe File created C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.21\ru\UIAutomationClient.resources.dll msiexec.exe File created C:\Program Files (x86)\dotnet\packs\Microsoft.AspNetCore.App.Ref\6.0.21\ref\net6.0\Microsoft.AspNetCore.HostFiltering.xml msiexec.exe File created C:\Program Files (x86)\dotnet\templates\6.0.21\microsoft.dotnet.test.projecttemplates.6.0.1.0.2-beta4.22207.1.nupkg msiexec.exe File created C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\6.0.21\System.Linq.dll msiexec.exe File created C:\Program Files (x86)\dotnet\packs\Microsoft.NETCore.App.Ref\6.0.21\ref\net6.0\System.ComponentModel.TypeConverter.xml msiexec.exe File created C:\Program Files (x86)\dotnet\packs\NETStandard.Library.Ref\2.1.0\ref\netstandard2.1\System.Core.dll msiexec.exe File created C:\Program Files (x86)\dotnet\packs\Microsoft.AspNetCore.App.Ref\6.0.21\ref\net6.0\Microsoft.Extensions.Features.dll msiexec.exe File created C:\Program Files (x86)\dotnet\packs\Microsoft.AspNetCore.App.Ref\6.0.21\ref\net6.0\Microsoft.Extensions.Logging.Debug.xml msiexec.exe File created C:\Program Files (x86)\dotnet\packs\Microsoft.AspNetCore.App.Ref\6.0.21\ref\net6.0\Microsoft.AspNetCore.Mvc.Formatters.Xml.dll msiexec.exe File created C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\6.0.21\System.Runtime.dll msiexec.exe File created C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.21\tr\System.Windows.Input.Manipulations.resources.dll msiexec.exe File created C:\Program Files (x86)\dotnet\packs\Microsoft.WindowsDesktop.App.Ref\6.0.21\analyzers\dotnet\cs\tr\System.Windows.Forms.Analyzers.CSharp.resources.dll msiexec.exe File created C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.21\pt-BR\System.Windows.Forms.resources.dll msiexec.exe File created C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.21\de\Microsoft.VisualBasic.Forms.resources.dll msiexec.exe File created C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\6.0.21\System.Diagnostics.Tracing.dll msiexec.exe File created C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\6.0.21\api-ms-win-core-memory-l1-1-0.dll msiexec.exe File created C:\Program Files (x86)\dotnet\packs\Microsoft.NETCore.App.Ref\6.0.21\ref\net6.0\mscorlib.dll msiexec.exe File created C:\Program Files (x86)\dotnet\packs\NETStandard.Library.Ref\2.1.0\ref\netstandard2.1\netstandard.dll msiexec.exe File created C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.21\zh-Hant\System.Windows.Controls.Ribbon.resources.dll msiexec.exe File created C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.21\zh-Hans\ReachFramework.resources.dll msiexec.exe File created C:\Program Files (x86)\dotnet\packs\Microsoft.WindowsDesktop.App.Ref\6.0.21\ref\net6.0\WindowsFormsIntegration.dll msiexec.exe File created C:\Program Files (x86)\dotnet\packs\Microsoft.WindowsDesktop.App.Ref\6.0.21\ref\net6.0\Microsoft.VisualBasic.Forms.dll msiexec.exe File created C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\6.0.21\System.Runtime.Serialization.Json.dll msiexec.exe File created C:\Program Files (x86)\dotnet\packs\Microsoft.NETCore.App.Ref\6.0.21\ref\net6.0\System.Collections.NonGeneric.xml msiexec.exe File created C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.21\zh-Hant\PresentationCore.resources.dll msiexec.exe File created C:\Program Files (x86)\dotnet\packs\Microsoft.AspNetCore.App.Ref\6.0.21\ref\net6.0\Microsoft.AspNetCore.Mvc.Cors.xml msiexec.exe File created C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\6.0.21\System.Collections.NonGeneric.dll msiexec.exe File created C:\Program Files (x86)\dotnet\packs\Microsoft.NETCore.App.Ref\6.0.21\ref\net6.0\System.Text.Encoding.dll msiexec.exe File created C:\Program Files (x86)\dotnet\packs\NETStandard.Library.Ref\2.1.0\ref\netstandard2.1\System.Threading.Tasks.Parallel.dll msiexec.exe File created C:\Program Files (x86)\dotnet\packs\NETStandard.Library.Ref\2.1.0\ref\netstandard2.1\System.Reflection.dll msiexec.exe File created C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.21\ru\WindowsBase.resources.dll msiexec.exe File created C:\Program Files (x86)\dotnet\packs\Microsoft.AspNetCore.App.Ref\6.0.21\ref\net6.0\Microsoft.AspNetCore.Components.Authorization.dll msiexec.exe File created C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\6.0.21\System.Xml.XmlSerializer.dll msiexec.exe File created C:\Program Files (x86)\dotnet\packs\Microsoft.WindowsDesktop.App.Ref\6.0.21\ref\net6.0\WindowsFormsIntegration.xml msiexec.exe File created C:\Program Files (x86)\dotnet\packs\Microsoft.AspNetCore.App.Ref\6.0.21\ref\net6.0\Microsoft.AspNetCore.Html.Abstractions.xml msiexec.exe File created C:\Program Files (x86)\dotnet\packs\Microsoft.WindowsDesktop.App.Ref\6.0.21\ref\net6.0\System.Printing.xml msiexec.exe File created C:\Program Files (x86)\dotnet\packs\Microsoft.AspNetCore.App.Ref\6.0.21\ref\net6.0\Microsoft.AspNetCore.Components.Web.xml msiexec.exe File created C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\6.0.21\System.Collections.Immutable.dll msiexec.exe File created C:\Program Files (x86)\dotnet\packs\Microsoft.NETCore.App.Ref\6.0.21\ref\net6.0\System.Collections.dll msiexec.exe -
Drops file in Windows directory 64 IoCs
description ioc Process File opened for modification C:\Windows\Installer\e57e649.msi msiexec.exe File created C:\Windows\Installer\e57e680.msi msiexec.exe File opened for modification C:\Windows\Installer\MSI637F.tmp msiexec.exe File created C:\Windows\Installer\e57e6bc.msi msiexec.exe File opened for modification C:\Windows\Installer\e57e67c.msi msiexec.exe File opened for modification C:\Windows\Installer\e57e68b.msi msiexec.exe File opened for modification C:\Windows\Installer\MSI569B.tmp msiexec.exe File opened for modification C:\Windows\Installer\e57e6cc.msi msiexec.exe File created C:\Windows\Installer\e57e6d0.msi msiexec.exe File opened for modification C:\Windows\Installer\MSI29DC.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSI38F3.tmp msiexec.exe File created C:\Windows\Installer\SourceHash{74C05E31-3587-425C-9342-233964C42675} msiexec.exe File opened for modification C:\Windows\Installer\MSI7A8A.tmp msiexec.exe File created C:\Windows\Installer\e57e677.msi msiexec.exe File created C:\Windows\Installer\SourceHash{EF4A37DD-21FE-43E9-89D1-1C699CC197AC} msiexec.exe File created C:\Windows\Installer\e57e694.msi msiexec.exe File opened for modification C:\Windows\Installer\e57e69f.msi msiexec.exe File created C:\Windows\Installer\e57e6ad.msi msiexec.exe File created C:\Windows\Installer\e57e6da.msi msiexec.exe File created C:\Windows\Installer\SourceHash{AA0C8AB5-7297-4D46-A0D9-08096FE59E46} msiexec.exe File opened for modification C:\Windows\Installer\e57e681.msi msiexec.exe File opened for modification C:\Windows\Installer\MSI4969.tmp msiexec.exe File created C:\Windows\Installer\e57e6ae.msi msiexec.exe File created C:\Windows\Installer\SourceHash{1B5E440D-23FB-4AC3-89F6-8C7C2E03D774} msiexec.exe File opened for modification C:\Windows\Installer\MSI460C.tmp msiexec.exe File created C:\Windows\Installer\e57e6b7.msi msiexec.exe File opened for modification C:\Windows\Installer\e57e6c2.msi msiexec.exe File created C:\Windows\Installer\e57e6cb.msi msiexec.exe File created C:\Windows\Installer\e57e6db.msi msiexec.exe File created C:\Windows\Installer\e57e69f.msi msiexec.exe File created C:\Windows\Installer\e57e6a8.msi msiexec.exe File created C:\Windows\Installer\e57e686.msi msiexec.exe File created C:\Windows\Installer\SourceHash{9C95D5DB-290E-4ACF-BC6A-25809D88D002} msiexec.exe File opened for modification C:\Windows\Installer\MSI3D2D.tmp msiexec.exe File created C:\Windows\Installer\e57e6a3.msi msiexec.exe File created C:\Windows\Installer\e57e6b2.msi msiexec.exe File opened for modification C:\Windows\Installer\MSI2C5E.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSI5283.tmp msiexec.exe File created C:\Windows\Installer\e57e65c.msi msiexec.exe File opened for modification C:\Windows\Installer\MSIEE79.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSI430D.tmp msiexec.exe File created C:\Windows\Installer\e57e649.msi msiexec.exe File opened for modification C:\Windows\Installer\MSI6507.tmp msiexec.exe File created C:\Windows\Installer\e57e6c1.msi msiexec.exe File opened for modification C:\Windows\Installer\MSI6D3A.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSIE84D.tmp msiexec.exe File opened for modification C:\Windows\Installer\e57e65c.msi msiexec.exe File created C:\Windows\Installer\e57e681.msi msiexec.exe File opened for modification C:\Windows\Installer\MSI4118.tmp msiexec.exe File created C:\Windows\Installer\e57e6c6.msi msiexec.exe File created C:\Windows\Installer\inprogressinstallinfo.ipi msiexec.exe File created C:\Windows\Installer\e57e65b.msi msiexec.exe File created C:\Windows\Installer\SourceHash{19AFE054-CA83-45D5-A9DB-4108EF4BD391} msiexec.exe File created C:\Windows\Installer\SourceHash{B8ED272B-5F2D-4FF5-A7CA-C73552D7FB0F} msiexec.exe File opened for modification C:\Windows\Installer\e57e677.msi msiexec.exe File created C:\Windows\Installer\e57e67c.msi msiexec.exe File opened for modification C:\Windows\Installer\MSI3067.tmp msiexec.exe File created C:\Windows\Installer\SourceHash{F4687860-8C1B-4DB3-B99D-391E99371B71} msiexec.exe File opened for modification C:\Windows\Installer\MSI6BE1.tmp msiexec.exe File created C:\Windows\Installer\e57e699.msi msiexec.exe File opened for modification C:\Windows\Installer\e57e6b8.msi msiexec.exe File opened for modification C:\Windows\Installer\MSI6FBB.tmp msiexec.exe File opened for modification C:\Windows\Installer\ msiexec.exe File created C:\Windows\Installer\SourceHash{847C9780-42FF-4621-BA1E-20C0CD779FF0} msiexec.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks SCSI registry key(s) 3 TTPs 5 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters vssvc.exe Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters vssvc.exe Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr vssvc.exe Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 000000000400000039a337e041d2b58d0000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff00000000270101000008000039a337e00000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff00000000070001000068090039a337e0000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d39a337e0000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff00000000000000000000000039a337e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 vssvc.exe Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 vssvc.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe -
Modifies data under HKEY_USERS 53 IoCs
description ioc Process Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2E msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\31 msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\37 msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3a msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22 msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\23 msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\29 msiexec.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133530977892781359" chrome.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2B msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2f msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\31 msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\32 msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\34 msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\34 msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2D msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\33 msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\36 msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\33 msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\22\52C64B7E msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\24 msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26 msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2d msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\30 msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\30 msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\35 msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\29 msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2c msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\36 msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3A msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\35 msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2e msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\38 msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2A msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\23 msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\37 msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25 msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\39 msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\27 msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\32 msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\38 msiexec.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\25 msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27 msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2F msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\39 msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3b msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\28 msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\28 msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\24 msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26 msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2C msiexec.exe -
Modifies registry class 64 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1CA5A49760BB6094EB1B1D7044B76635\SourceList msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NET.Sdk.Android,6.0.300,x86\Dependents dotnet-sdk-6.0.413-win-x86.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NET.Workload.Mono.ToolChain,6.0.300,x86\DisplayName = "Microsoft.NET.Workload.Mono.Toolchain.Manifest" msiexec.exe Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.NET.Workload.Emscripten,6.0.300,x86 msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\60CA4B9C7E30F09459F55E12AE683159\DeploymentFlags = "3" msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B272DE8BD2F55FF47AAC7C53257DBFF0\Version = "811072667" msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8361F15F9659BD047857A47AECF64DF1\Version = "811072667" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\netstandard_targeting_pack_24.0.28113_x86\Version = "24.0.28113" msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\2D43852F064059945858E814DB701495\SourceList\Media msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\C2490406381063638BC6579BBBE96D2C msiexec.exe Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.NET.Sdk.Maui,6.0.300,x86 dotnet-sdk-6.0.413-win-x86.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\D8741E2A456961135BBFCB82C5ABBEC0\A73DD4971C0B96344843400990C2E6E6 msiexec.exe Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Dotnet_CLI_SharedHost_48.3.31210_x86 dotnet-sdk-6.0.413-win-x86.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\002BA525AC3991642AA78ED27092AEE5\MainFeature msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D044E5B1BF323CA4986FC8C7E2307D47\SourceList\Media\1 = ";" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\0879C748FF241264ABE1020CDC77F90F\F_PackageContent msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0879C748FF241264ABE1020CDC77F90F\SourceList msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0879C748FF241264ABE1020CDC77F90F\AdvertiseFlags = "388" msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\416C3B2A709432D46A89AF5D4CBCBACC\AdvertiseFlags = "388" msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\307514C3C04491841B33B644A2610D7C\SourceList msiexec.exe Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.NET.Sdk.Android,6.0.300,x86 msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\A3B1AC64AFB5B2153912DECE86514689 msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\450EFA9138AC5D549ABD1480FEB43D19\VC_Runtime_Additional msiexec.exe Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\dotnet_targeting_pack_48.87.64667_x86 dotnet-sdk-6.0.413-win-x86.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\6D67D16AF5BAEFA35A4EDDEEFAD33444\3792749D1323A184990A3A9429451183 msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0879C748FF241264ABE1020CDC77F90F\PackageCode = "0DEC55757133CB04A8C2F46075C2FC5C" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0879C748FF241264ABE1020CDC77F90F\SourceList\Media\1 = ";" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NET.Sdk.Maui,6.0.300,x86\Version = "24.78.0" msiexec.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\INSTALLER\DEPENDENCIES\MICROSOFT.VS.VC_RUNTIMEMINIMUMVSU_AMD64,V14\DEPENDENTS\{57A73DF6-4BA9-4C1D-BBBB-517289FF6C13} VC_redist.x64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\dotnet_apphost_pack_48.87.64667_x86\Dependents dotnet-sdk-6.0.413-win-x86.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0879C748FF241264ABE1020CDC77F90F\SourceList\Net msiexec.exe Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\windowsdesktop_runtime_48.87.64723_x86 msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\2D43852F064059945858E814DB701495\Version = "811072723" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\windowsdesktop_targeting_pack_48.87.64723_x86\ = "{F4687860-8C1B-4DB3-B99D-391E99371B71}" msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0687864FB1C83BD49BD993E19973B117\AuthorizedLUAApp = "0" msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B50510C14E88E6B3B985915B660AAEE8\Version = "100663317" msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B50510C14E88E6B3B985915B660AAEE8\SourceList\Net msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3792749D1323A184990A3A9429451183\ProductName = "Microsoft.NET.Sdk.Android.Manifest-6.0.300" msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\450EFA9138AC5D549ABD1480FEB43D19\AdvertiseFlags = "388" msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\450EFA9138AC5D549ABD1480FEB43D19\AuthorizedLUAApp = "0" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\F69CEBDA7D057DE61BC89C3CE758E01B\808CC02C5C3E9B847B19B041C51D7D7A msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\2D43852F064059945858E814DB701495 msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NET.Workload.Mono.ToolChain,6.0.300,x86\Dependents dotnet-sdk-6.0.413-win-x86.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\88AAB0B9F51EF1A3CA0C2B609EDD7FC1\450EFA9138AC5D549ABD1480FEB43D19 msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\DD73A4FEEF129E34981DC196C91C79CA\SourceList\Media\1 = ";" msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B272DE8BD2F55FF47AAC7C53257DBFF0\DeploymentFlags = "3" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8361F15F9659BD047857A47AECF64DF1\ProductName = "Microsoft .NET AppHost Pack - 6.0.21 (x86_arm)" msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\307514C3C04491841B33B644A2610D7C\Language = "1033" msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\windowsdesktop_runtime_48.87.64723_x86\Dependents\{901a4233-9860-4dd0-bb2d-0d86482fc5bd} dotnet-sdk-6.0.413-win-x86.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\64300F7B24308E24B92DE09A68A70646\AuthorizedLUAApp = "0" msiexec.exe Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.NET.Sdk.macOS,6.0.300,x86 msiexec.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8800A266DCF6DD54E97A86760485EA5D msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5BA8C0AA792764D40A9D8090F65EE964\AuthorizedLUAApp = "0" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3CA42F14C85834547944D6324817CCC6\PackageCode = "21D3C6C32E1B00548990AEF7C72D888F" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\dotnet_apphost_pack_48.87.64667_x86\DisplayName = "Microsoft .NET AppHost Pack - 6.0.21 (x86)" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\dotnet_apphost_pack_48.87.64667_x86_arm64\ = "{3C415703-440C-4819-B133-6B442A16D0C7}" msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\13E50C477853C52439243293464C6257 msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\13E50C477853C52439243293464C6257\Language = "1033" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\64300F7B24308E24B92DE09A68A70646\PackageCode = "B4E6B1313D1C08540803355FA4BF29A6" msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A73DD4971C0B96344843400990C2E6E6\Language = "1033" msiexec.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x64,amd64,14.30,bundle VC_redist.x64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\DD73A4FEEF129E34981DC196C91C79CA\Provider msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\2D43852F064059945858E814DB701495\Language = "1033" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B50510C14E88E6B3B985915B660AAEE8\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{1C01505B-88E4-3B6E-9B58-19B566A0EA8E}v6.0.21.23364\\" msiexec.exe -
Suspicious behavior: EnumeratesProcesses 56 IoCs
pid Process 4176 chrome.exe 4176 chrome.exe 1744 msiexec.exe 1744 msiexec.exe 1744 msiexec.exe 1744 msiexec.exe 1744 msiexec.exe 1744 msiexec.exe 1744 msiexec.exe 1744 msiexec.exe 2724 chrome.exe 2724 chrome.exe 1744 msiexec.exe 1744 msiexec.exe 1744 msiexec.exe 1744 msiexec.exe 1744 msiexec.exe 1744 msiexec.exe 1744 msiexec.exe 1744 msiexec.exe 1744 msiexec.exe 1744 msiexec.exe 1744 msiexec.exe 1744 msiexec.exe 1744 msiexec.exe 1744 msiexec.exe 1744 msiexec.exe 1744 msiexec.exe 1744 msiexec.exe 1744 msiexec.exe 1744 msiexec.exe 1744 msiexec.exe 1744 msiexec.exe 1744 msiexec.exe 1744 msiexec.exe 1744 msiexec.exe 1744 msiexec.exe 1744 msiexec.exe 1744 msiexec.exe 1744 msiexec.exe 1744 msiexec.exe 1744 msiexec.exe 1744 msiexec.exe 1744 msiexec.exe 1744 msiexec.exe 1744 msiexec.exe 1744 msiexec.exe 1744 msiexec.exe 1744 msiexec.exe 1744 msiexec.exe 1744 msiexec.exe 1744 msiexec.exe 1744 msiexec.exe 1744 msiexec.exe 1744 msiexec.exe 1744 msiexec.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 4176 chrome.exe 4176 chrome.exe 4176 chrome.exe 4176 chrome.exe 4176 chrome.exe 4176 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4176 chrome.exe Token: SeCreatePagefilePrivilege 4176 chrome.exe Token: SeShutdownPrivilege 4176 chrome.exe Token: SeCreatePagefilePrivilege 4176 chrome.exe Token: SeShutdownPrivilege 4176 chrome.exe Token: SeCreatePagefilePrivilege 4176 chrome.exe Token: SeShutdownPrivilege 4176 chrome.exe Token: SeCreatePagefilePrivilege 4176 chrome.exe Token: SeShutdownPrivilege 4176 chrome.exe Token: SeCreatePagefilePrivilege 4176 chrome.exe Token: SeShutdownPrivilege 4176 chrome.exe Token: SeCreatePagefilePrivilege 4176 chrome.exe Token: SeShutdownPrivilege 4176 chrome.exe Token: SeCreatePagefilePrivilege 4176 chrome.exe Token: SeShutdownPrivilege 4176 chrome.exe Token: SeCreatePagefilePrivilege 4176 chrome.exe Token: SeShutdownPrivilege 4176 chrome.exe Token: SeCreatePagefilePrivilege 4176 chrome.exe Token: SeShutdownPrivilege 4176 chrome.exe Token: SeCreatePagefilePrivilege 4176 chrome.exe Token: SeShutdownPrivilege 4176 chrome.exe Token: SeCreatePagefilePrivilege 4176 chrome.exe Token: SeShutdownPrivilege 4176 chrome.exe Token: SeCreatePagefilePrivilege 4176 chrome.exe Token: SeShutdownPrivilege 4176 chrome.exe Token: SeCreatePagefilePrivilege 4176 chrome.exe Token: SeShutdownPrivilege 4176 chrome.exe Token: SeCreatePagefilePrivilege 4176 chrome.exe Token: SeShutdownPrivilege 4176 chrome.exe Token: SeCreatePagefilePrivilege 4176 chrome.exe Token: SeShutdownPrivilege 4176 chrome.exe Token: SeCreatePagefilePrivilege 4176 chrome.exe Token: SeDebugPrivilege 4736 NovaInstaller.exe Token: SeShutdownPrivilege 4176 chrome.exe Token: SeCreatePagefilePrivilege 4176 chrome.exe Token: SeShutdownPrivilege 4176 chrome.exe Token: SeCreatePagefilePrivilege 4176 chrome.exe Token: SeShutdownPrivilege 4176 chrome.exe Token: SeCreatePagefilePrivilege 4176 chrome.exe Token: SeShutdownPrivilege 4176 chrome.exe Token: SeCreatePagefilePrivilege 4176 chrome.exe Token: SeShutdownPrivilege 4176 chrome.exe Token: SeCreatePagefilePrivilege 4176 chrome.exe Token: SeShutdownPrivilege 4176 chrome.exe Token: SeCreatePagefilePrivilege 4176 chrome.exe Token: SeShutdownPrivilege 4176 chrome.exe Token: SeCreatePagefilePrivilege 4176 chrome.exe Token: SeShutdownPrivilege 4176 chrome.exe Token: SeCreatePagefilePrivilege 4176 chrome.exe Token: SeShutdownPrivilege 4176 chrome.exe Token: SeCreatePagefilePrivilege 4176 chrome.exe Token: SeShutdownPrivilege 4176 chrome.exe Token: SeCreatePagefilePrivilege 4176 chrome.exe Token: SeShutdownPrivilege 4176 chrome.exe Token: SeCreatePagefilePrivilege 4176 chrome.exe Token: SeShutdownPrivilege 4176 chrome.exe Token: SeCreatePagefilePrivilege 4176 chrome.exe Token: SeShutdownPrivilege 4176 chrome.exe Token: SeCreatePagefilePrivilege 4176 chrome.exe Token: SeShutdownPrivilege 4176 chrome.exe Token: SeCreatePagefilePrivilege 4176 chrome.exe Token: SeShutdownPrivilege 4176 chrome.exe Token: SeCreatePagefilePrivilege 4176 chrome.exe Token: SeShutdownPrivilege 4176 chrome.exe -
Suspicious use of FindShellTrayWindow 57 IoCs
pid Process 4176 chrome.exe 4176 chrome.exe 4176 chrome.exe 4176 chrome.exe 4176 chrome.exe 4176 chrome.exe 4176 chrome.exe 4176 chrome.exe 4176 chrome.exe 4176 chrome.exe 4176 chrome.exe 4176 chrome.exe 4176 chrome.exe 4176 chrome.exe 4176 chrome.exe 4176 chrome.exe 4176 chrome.exe 4176 chrome.exe 4176 chrome.exe 4176 chrome.exe 4176 chrome.exe 4176 chrome.exe 4176 chrome.exe 4176 chrome.exe 4176 chrome.exe 4176 chrome.exe 4176 chrome.exe 4176 chrome.exe 4176 chrome.exe 4176 chrome.exe 4176 chrome.exe 4176 chrome.exe 4176 chrome.exe 4176 chrome.exe 4176 chrome.exe 4176 chrome.exe 4176 chrome.exe 4176 chrome.exe 4176 chrome.exe 4176 chrome.exe 4176 chrome.exe 4176 chrome.exe 4176 chrome.exe 4176 chrome.exe 4176 chrome.exe 4176 chrome.exe 4176 chrome.exe 4176 chrome.exe 4176 chrome.exe 4176 chrome.exe 4176 chrome.exe 4176 chrome.exe 4176 chrome.exe 4176 chrome.exe 4176 chrome.exe 4176 chrome.exe 4176 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4176 chrome.exe 4176 chrome.exe 4176 chrome.exe 4176 chrome.exe 4176 chrome.exe 4176 chrome.exe 4176 chrome.exe 4176 chrome.exe 4176 chrome.exe 4176 chrome.exe 4176 chrome.exe 4176 chrome.exe 4176 chrome.exe 4176 chrome.exe 4176 chrome.exe 4176 chrome.exe 4176 chrome.exe 4176 chrome.exe 4176 chrome.exe 4176 chrome.exe 4176 chrome.exe 4176 chrome.exe 4176 chrome.exe 4176 chrome.exe -
Suspicious use of SetWindowsHookEx 10 IoCs
pid Process 4736 NovaInstaller.exe 3304 vc_redist.x64.exe 2604 vc_redist.x64.exe 3984 VC_redist.x64.exe 5592 VC_redist.x64.exe 5616 VC_redist.x64.exe 5884 VC_redist.x64.exe 2320 dotnet-sdk-6.0.405-win-x64.exe 3116 dotnet-sdk-6.0.405-win-x64.exe 4444 dotnet-sdk-6.0.413-win-x86.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4176 wrote to memory of 1220 4176 chrome.exe 87 PID 4176 wrote to memory of 1220 4176 chrome.exe 87 PID 4176 wrote to memory of 4452 4176 chrome.exe 89 PID 4176 wrote to memory of 4452 4176 chrome.exe 89 PID 4176 wrote to memory of 4452 4176 chrome.exe 89 PID 4176 wrote to memory of 4452 4176 chrome.exe 89 PID 4176 wrote to memory of 4452 4176 chrome.exe 89 PID 4176 wrote to memory of 4452 4176 chrome.exe 89 PID 4176 wrote to memory of 4452 4176 chrome.exe 89 PID 4176 wrote to memory of 4452 4176 chrome.exe 89 PID 4176 wrote to memory of 4452 4176 chrome.exe 89 PID 4176 wrote to memory of 4452 4176 chrome.exe 89 PID 4176 wrote to memory of 4452 4176 chrome.exe 89 PID 4176 wrote to memory of 4452 4176 chrome.exe 89 PID 4176 wrote to memory of 4452 4176 chrome.exe 89 PID 4176 wrote to memory of 4452 4176 chrome.exe 89 PID 4176 wrote to memory of 4452 4176 chrome.exe 89 PID 4176 wrote to memory of 4452 4176 chrome.exe 89 PID 4176 wrote to memory of 4452 4176 chrome.exe 89 PID 4176 wrote to memory of 4452 4176 chrome.exe 89 PID 4176 wrote to memory of 4452 4176 chrome.exe 89 PID 4176 wrote to memory of 4452 4176 chrome.exe 89 PID 4176 wrote to memory of 4452 4176 chrome.exe 89 PID 4176 wrote to memory of 4452 4176 chrome.exe 89 PID 4176 wrote to memory of 4452 4176 chrome.exe 89 PID 4176 wrote to memory of 4452 4176 chrome.exe 89 PID 4176 wrote to memory of 4452 4176 chrome.exe 89 PID 4176 wrote to memory of 4452 4176 chrome.exe 89 PID 4176 wrote to memory of 4452 4176 chrome.exe 89 PID 4176 wrote to memory of 4452 4176 chrome.exe 89 PID 4176 wrote to memory of 4452 4176 chrome.exe 89 PID 4176 wrote to memory of 4452 4176 chrome.exe 89 PID 4176 wrote to memory of 4452 4176 chrome.exe 89 PID 4176 wrote to memory of 4452 4176 chrome.exe 89 PID 4176 wrote to memory of 4452 4176 chrome.exe 89 PID 4176 wrote to memory of 4452 4176 chrome.exe 89 PID 4176 wrote to memory of 4452 4176 chrome.exe 89 PID 4176 wrote to memory of 4452 4176 chrome.exe 89 PID 4176 wrote to memory of 4452 4176 chrome.exe 89 PID 4176 wrote to memory of 4452 4176 chrome.exe 89 PID 4176 wrote to memory of 4216 4176 chrome.exe 91 PID 4176 wrote to memory of 4216 4176 chrome.exe 91 PID 4176 wrote to memory of 2500 4176 chrome.exe 90 PID 4176 wrote to memory of 2500 4176 chrome.exe 90 PID 4176 wrote to memory of 2500 4176 chrome.exe 90 PID 4176 wrote to memory of 2500 4176 chrome.exe 90 PID 4176 wrote to memory of 2500 4176 chrome.exe 90 PID 4176 wrote to memory of 2500 4176 chrome.exe 90 PID 4176 wrote to memory of 2500 4176 chrome.exe 90 PID 4176 wrote to memory of 2500 4176 chrome.exe 90 PID 4176 wrote to memory of 2500 4176 chrome.exe 90 PID 4176 wrote to memory of 2500 4176 chrome.exe 90 PID 4176 wrote to memory of 2500 4176 chrome.exe 90 PID 4176 wrote to memory of 2500 4176 chrome.exe 90 PID 4176 wrote to memory of 2500 4176 chrome.exe 90 PID 4176 wrote to memory of 2500 4176 chrome.exe 90 PID 4176 wrote to memory of 2500 4176 chrome.exe 90 PID 4176 wrote to memory of 2500 4176 chrome.exe 90 PID 4176 wrote to memory of 2500 4176 chrome.exe 90 PID 4176 wrote to memory of 2500 4176 chrome.exe 90 PID 4176 wrote to memory of 2500 4176 chrome.exe 90 PID 4176 wrote to memory of 2500 4176 chrome.exe 90 PID 4176 wrote to memory of 2500 4176 chrome.exe 90 PID 4176 wrote to memory of 2500 4176 chrome.exe 90 -
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://nova.fnbuilds.services/Installer/2.4/NovaInstaller.exe1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4176 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe3ec69758,0x7ffe3ec69768,0x7ffe3ec697782⤵PID:1220
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 --field-trial-handle=1888,i,1021495483261366260,5230884985567160067,131072 /prefetch:22⤵PID:4452
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2200 --field-trial-handle=1888,i,1021495483261366260,5230884985567160067,131072 /prefetch:82⤵PID:2500
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1888,i,1021495483261366260,5230884985567160067,131072 /prefetch:82⤵PID:4216
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2956 --field-trial-handle=1888,i,1021495483261366260,5230884985567160067,131072 /prefetch:12⤵PID:4916
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2948 --field-trial-handle=1888,i,1021495483261366260,5230884985567160067,131072 /prefetch:12⤵PID:3824
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5224 --field-trial-handle=1888,i,1021495483261366260,5230884985567160067,131072 /prefetch:82⤵PID:184
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5272 --field-trial-handle=1888,i,1021495483261366260,5230884985567160067,131072 /prefetch:82⤵PID:4236
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5556 --field-trial-handle=1888,i,1021495483261366260,5230884985567160067,131072 /prefetch:82⤵PID:4988
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 --field-trial-handle=1888,i,1021495483261366260,5230884985567160067,131072 /prefetch:82⤵PID:3580
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5264 --field-trial-handle=1888,i,1021495483261366260,5230884985567160067,131072 /prefetch:82⤵PID:3544
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5412 --field-trial-handle=1888,i,1021495483261366260,5230884985567160067,131072 /prefetch:82⤵PID:4380
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5460 --field-trial-handle=1888,i,1021495483261366260,5230884985567160067,131072 /prefetch:82⤵PID:3216
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 --field-trial-handle=1888,i,1021495483261366260,5230884985567160067,131072 /prefetch:82⤵PID:3284
-
-
C:\Users\Admin\Downloads\NovaInstaller.exe"C:\Users\Admin\Downloads\NovaInstaller.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4736 -
C:\Users\Admin\Downloads\vc_redist.x64.exe"vc_redist.x64.exe" /install /quiet /norestart3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3304 -
C:\Windows\Temp\{5842B655-4AE8-4FDF-9A6C-CB91197401C6}\.cr\vc_redist.x64.exe"C:\Windows\Temp\{5842B655-4AE8-4FDF-9A6C-CB91197401C6}\.cr\vc_redist.x64.exe" -burn.clean.room="C:\Users\Admin\Downloads\vc_redist.x64.exe" -burn.filehandle.attached=684 -burn.filehandle.self=544 /install /quiet /norestart4⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2604 -
C:\Windows\Temp\{2DDD4F91-E68C-4400-AE0A-C47BCD552FAF}\.be\VC_redist.x64.exe"C:\Windows\Temp\{2DDD4F91-E68C-4400-AE0A-C47BCD552FAF}\.be\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{AED49722-AD00-48EE-9714-14CC77A415FB} {1A0D28E8-2AA7-4F23-A92C-75843CF2B994} 26045⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SetWindowsHookEx
PID:3984 -
C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe"C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={c649ede4-f16a-4486-a117-dcc2f2a35165} -burn.filehandle.self=1068 -burn.embedded BurnPipe.{B070B22D-A48F-4676-9D89-05E441AD5FC1} {67987D90-7900-4E7A-9B0C-AE8E6D557472} 39846⤵
- Suspicious use of SetWindowsHookEx
PID:5592 -
C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe"C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -burn.filehandle.attached=540 -burn.filehandle.self=560 -uninstall -quiet -burn.related.upgrade -burn.ancestors={c649ede4-f16a-4486-a117-dcc2f2a35165} -burn.filehandle.self=1068 -burn.embedded BurnPipe.{B070B22D-A48F-4676-9D89-05E441AD5FC1} {67987D90-7900-4E7A-9B0C-AE8E6D557472} 39847⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:5616 -
C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe"C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{5F388DC7-D765-4017-8548-0544AC892DCD} {14145B04-E2FC-43A2-92F5-7FEC1A89DC25} 56168⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5884
-
-
-
-
-
-
-
C:\Users\Admin\Downloads\dotnet-sdk-6.0.405-win-x64.exe"dotnet-sdk-6.0.405-win-x64.exe" /install /quiet3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2320 -
C:\Windows\Temp\{9826CD0F-E1CB-4260-8708-020934925889}\.cr\dotnet-sdk-6.0.405-win-x64.exe"C:\Windows\Temp\{9826CD0F-E1CB-4260-8708-020934925889}\.cr\dotnet-sdk-6.0.405-win-x64.exe" -burn.clean.room="C:\Users\Admin\Downloads\dotnet-sdk-6.0.405-win-x64.exe" -burn.filehandle.attached=568 -burn.filehandle.self=676 /install /quiet4⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:3116 -
C:\Windows\Temp\{55DFEA3F-7C22-43A2-BC9B-F07155A439EC}\.be\dotnet-sdk-6.0.413-win-x86.exe"C:\Windows\Temp\{55DFEA3F-7C22-43A2-BC9B-F07155A439EC}\.be\dotnet-sdk-6.0.413-win-x86.exe" -q -burn.elevated BurnPipe.{F4E2C678-98F6-44A0-9879-2730A9EEC88E} {416F94C1-5620-4841-965B-289EF57ADCCE} 31165⤵
- Executes dropped EXE
- Adds Run key to start application
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4444
-
-
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1612 --field-trial-handle=1888,i,1021495483261366260,5230884985567160067,131072 /prefetch:12⤵PID:2448
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4636 --field-trial-handle=1888,i,1021495483261366260,5230884985567160067,131072 /prefetch:12⤵PID:3540
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5764 --field-trial-handle=1888,i,1021495483261366260,5230884985567160067,131072 /prefetch:12⤵PID:900
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4644 --field-trial-handle=1888,i,1021495483261366260,5230884985567160067,131072 /prefetch:12⤵PID:5408
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2620 --field-trial-handle=1888,i,1021495483261366260,5230884985567160067,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2724
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:864
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Checks SCSI registry key(s)
PID:3356
-
C:\Windows\system32\srtasks.exeC:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:21⤵PID:3084
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:1744 -
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 519B03C66F343FC1B07C65DE94A41F042⤵
- Loads dropped DLL
PID:5272
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 40129A8BAE84EC5F2EE5A823E6D4649B2⤵
- Loads dropped DLL
PID:4584
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 84F07D2EEAB6C1499CC944D5B0D77F302⤵
- Loads dropped DLL
PID:5284
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 04E88923501480380F9DE873B1D84E9A2⤵
- Loads dropped DLL
PID:1036
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding A822AD27A0C5290EEEB38B19B5C7983E2⤵
- Loads dropped DLL
PID:1776
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 0B59BA7240895D2D619876EB22AD4EDA2⤵
- Loads dropped DLL
PID:936
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding E0D3856D3325DB25741CC2FDEDA4A4EE2⤵
- Loads dropped DLL
PID:3040
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 1A4D61C5D5D2966A46E1FDFBCAE491122⤵
- Loads dropped DLL
PID:408
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding BDC3DA5FB372F32BDB9F97E7309FE6D42⤵
- Loads dropped DLL
PID:3648
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 3637DDDF4F3A84E61EB7C91B6A828A2F2⤵
- Loads dropped DLL
PID:668
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 1F9EFD705DB478344C7383E0EFCB63A32⤵
- Loads dropped DLL
PID:2536
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
19KB
MD5c5e6e95a3aa9f0a791eb1fc9408a6215
SHA1112114449c5e0d880bc57dfc345b901bfe7bdceb
SHA2562bf3d75ab25db0096b24fe873109b92b39c04961ba52e77411bf907b2ebba797
SHA5128cc520f926cc2e85a46edb326637e4d54e99c5a0619161299c9af42a893e3c1a6d9bd2a2d2a993e75c536388f0a3644119314c7fbc2f52c8d39c4db42f833cea
-
Filesize
19KB
MD5ad57074ba7d7fa9ffc3ca5d15b96ed6f
SHA1908a5b17648a6ee9172f8d9f3d18cb268ab9e0f5
SHA256b228d5df67c6e154544572dbf0eaaba0ab64a9a4e2c29c147f55e8ac061f6533
SHA5121afe0e22b0510854f4288bcac1fb6eefe4d49ec6480c1929c3bf21d806eaf7dfa65076e8a049dfa63ed2dab3e3402d6b92dc64fb9173a92f21d5abee6ebc4ee4
-
Filesize
21KB
MD56ee74dc18bbd9651d0f8a9bf251d8379
SHA1c91184f782331029ef4e9103e1df380075623ad4
SHA256d2ebecab53d08f2f6ec53a4bc5699a7d6344e83849c8cf48a1ed396ead1afb42
SHA512fa4ac7e46d64edef61fb1af8e69877858fcfcabe05653699b360f4710e6ba8b21308bf2f3371f59de7d64e587a4c5ba5608807d75623d843b542d951ae1aad9c
-
Filesize
21KB
MD526abdab671e41357e341a4664578ebe7
SHA19ed0766bd5cc7248abe296803e7c1874255dee5f
SHA2563f7563bb9e29898f259347db6a0cabdd195c17fd525e9ae3038dfe88404e0f4d
SHA5129653fbba78db7367405837b1e9debf32e515eaeab0b1b5f1db32cff267bccc67c2c244862acf9cbe7921f697967b4ddaf6bd4bede0b06375a59e87976741498a
-
Filesize
57KB
MD5162d899ef151d56de9f32c229da03934
SHA1dd5b46ea41add1dec67a86571f4cdc7ce9e30a59
SHA256a70933d684d55e5f363989126b15e51172c43efc6d314e44ae901b1bbc01e8e4
SHA5120cfb172e75733999a41a5eabac65e227892f6929ae9826a47d9013091f09b41d7bcc44ee5f0d0ccbcd8afdcfb5e40e35684d56c14d6c97c438767d0995676cb7
-
Filesize
8KB
MD53f164db3be0c5fef5738ff4113f0951f
SHA146c41644e2709d8cf777a0fd3df051827ab6d6e6
SHA256301329b5d9032b64976ce9b8d62667db2fbc28c69b0b28a970172dad54fd68a6
SHA512b3fcfa212eddbc8ecb0727cd94af352779f5a89946e9212cfe7b175644ef1b2eba5a749444e5349eb26b9bb0c60777bfdbd40bbe1f969d7d619f4fed26210d26
-
Filesize
9KB
MD559f6942c8939004f1ac206f9ef6c6600
SHA1768d6b79bb49f27c6e8eb9497ea82adc381e06a8
SHA256d4e5a565dca1b25285b743c2de9a38d3b959df8f104ecda9df033388dc6397cc
SHA51203abbcbc7b6518b1a6f0ff4bda977a708eac0988ac2f7bc8e578e38a9ebe61c1372da7fa9edc7b0dbdc92b17cd7fcffbc8fbeacba7bb851fb9773f88f65f0b39
-
Filesize
73KB
MD5d6627d91ca83e9c52dee3c836084249a
SHA14ea8d9e933ffa01a1486d9b518473d1103e424cc
SHA256c9198d0dca07f7c6a711a397ff04d0e5f575356f69d664e7bf40d26c97800194
SHA5121b32f61376408feb1c7b8c7405fd5af5383214e2f4bca9ae4b2aed36e43f163b99627a8c6f72714d4492d8a8ace67c8fdf287751244baeb3aba87866ce351ae8
-
Filesize
10KB
MD539da5d142c2ffd30ff3bc5176e33efb9
SHA1c3c73082d42e40879bcacba17c139039115513dc
SHA2562a34c01c32b8f8a0c28c767c9b2c658433509f911c3503ec67edbada3514c993
SHA512ea5fa788b9ee319ff9e95dbe4ab09b02cf2bf8962cfe9ebcea703d0260a5e964799678611d9ff518b60eefdfabf87e7e23a0dd5e8968682451138bf8bee9e0ce
-
Filesize
11KB
MD560e8abf01e171050c706919df093e41a
SHA11233cb473a8529fa5175125f86e6e84612dce254
SHA2564d437844732d7bccb28b8b9e7cd1b1b1764a3ce695294c15321b336e066f23e2
SHA5129f187721706d53e2cc81bc6e3304f461945789475823ef11ca3ee285decb359a884826250b35bdde6133f92407c76bb563f3da56495c024ba1378aecf6d7907c
-
Filesize
11KB
MD55c6f0a1997ac101358428bdf4cbee9cd
SHA1096b8af93a9b8bc8344112b4ccc2a1f33eb25691
SHA256adc3306ff7dbd7f3f53de47b5e4331bfd754634e75106030712964eac7cdfd42
SHA512aa7ce37578d73d6f0593689c76e6daf631d5d92a8c4c713629df3fd087ea70644ec0beccad57f6a8ce3fdc4371917aacaf28420a3b33b481b12143f5fb28b4c7
-
Filesize
11KB
MD58a02abf1fb063b897646657285b5ad72
SHA10d8efb786ae008aa0eae365bf664355fe8bcf287
SHA2563c1d92707b359cc9a9d7fd64479bcb1837a835b35bc38d95c80e31f2c8e1735b
SHA512ed8ee73bce2dd02b0419f5b7e64909ee0c19cf18dd0be18c79debc4fbe180ef1e2f8d9ce45134b3fd68a7ff682d6a71660375b90b57d92c732e0e84c1c29397b
-
Filesize
36KB
MD545d33cbdb9062c02b5e4d2956e515213
SHA1aa5dbcd41ae3f70dc179c55dc24e915c83d0be39
SHA256ea7bf8307857078c104f8807a9fbbed8dca4a2e9b6002212154cdbb05bb3b1d1
SHA512d1baf82c05c0a9b5de8694cd940ae654db59bf727478b2ef1207fe372582f05045cf2b097453c42134706ef9e0148a3c7c1d00815b66f98b9c264542e033833e
-
Filesize
90KB
MD51a728180359bab1baade294a4328e066
SHA120cd3e0fa0160810a71515bc72084f691f6ec182
SHA256300493acf71d4e9539395585294b15835b02b62060d8aace8ec98da6b5b5e496
SHA512ddd30cd69ea8f7fe48b6b967e45cb2ff22fb8e680fefa52cfb4127916abfb0d9a3150f9d0818f0ad9391fcd8834e9d212267efdf004c7b1c6dba35f279db8b57
-
Filesize
41KB
MD50a62a1fb65ad8277a9940c1b37c9530d
SHA1c49d3697de0220626e5a999925cfae518d9cf8d4
SHA256719e08b5752ccf1a60ffba58477cde9c3921aa9bdd6f7321edb002af094a01c7
SHA51238cd6bb020af3ef4e0a273464ecb3e3befbe40b23bb8bf640720f4e592ae7d62568424715e3bc5e8b36060820c8b92982bd6cfac19e0ed7e18713f0c1047e5f8
-
Filesize
77KB
MD531975e6b143146d980577a94e8cfa624
SHA1367a3028e7d6946903efef6ac9c511dc6874cd25
SHA25602393ab70a2374880ff5833009b7ab9e79b14237b86351a8f62fc43d96460d76
SHA512a38b7b7cda553ea2a58002a24c1491b923a3759f2eaa5add339edbe22c2695140a1e77e8e33ad29f519a61919f74920ef892e3a64067e87d2e367edff04cb62e
-
Filesize
10KB
MD59efe4a1a27ce0ba8f7a1c87df98a4507
SHA155d5822c55cc03eec1168128be7503958f10cfc9
SHA256d9bb155ef9e38236880691d1d725d00b759bedc5b3441d5836b87b68272caf4e
SHA5121b98b8f490b49da58b635fa530bd6840090daf7c1e46003f4bf3a7011989b5b4fbd711c7dd7e3423754f52dbc09df797508da5a84ff42b3ad897c22df6a94950
-
Filesize
9KB
MD574adf6b729963e89b1e4c1a49437d32d
SHA1c866483fae82ee68ada656a13b94f3dd515b104e
SHA256b07f3eb4761eb5322246faf78118c6287f36d5c6e0d774f7bafe2f0083e4f9f0
SHA512ec1351f03e00e7c818e5282bd32e41e163adf3452eae80a70767f8df8aff0f63edca0a7a00338f49ec2ca27b401a3010fee584e71dbf0346c6e23cf2b1664e5f
-
Filesize
8KB
MD560dac93caa2ac1271a3c827125bb632e
SHA1ec1e7e8e1731f2ebb2a549782fdc264512dc2e87
SHA256377732d0f414b3511d9f4668fea044d59d4e352245092028fa679be88d72a79a
SHA51275779804fb7b1ce0bd3d9b4e74d2a4a8100b28bf78401625eeb4218c895d88137140ead2d4528ea082e58d1ec45a2a666e773ab72bfb85feceb65f56e0c78f89
-
Filesize
9KB
MD59ff456134da27275f8f65f8bcb3993f1
SHA1e1b5a2c2264b68e9c330acefcfa6d6ef9fa3b1ef
SHA256e9aa0af028229bc8adece6697d5c70b959b56eb517e259d768e6c4b15b1152a3
SHA51250c02d309857449c01121368c38b8f9272d721f690f7bcecaba02ab9fe2d906e88dc34733f29d7c715637cca5abc82f38d185bf022a2b2c74e94058d23daf45b
-
Filesize
9KB
MD5d06d97a8341bc9eeb04da21c0c3027de
SHA13e275f5f31e3478c62ce12127b9a1e46b61c7125
SHA2569bac74c1101683d97cac968fdc7f95bcdac2d2589556a291251907238b559f47
SHA51242733a89545b19505a5c96f124a67d1e9bdb38f1da38dadb80e5ddc9cc292bf566bb2db891bc0e759dc4e4c4ce671093ee577e22bc5ad84cf4f49ae53e907829
-
Filesize
8KB
MD5799a78df9128b3e81b1666e22c8f8cc1
SHA134b7c3b4c5d7c5c3291f394f10cf7e727d6807d6
SHA256643d83cfc70656b959646bac7f6d899bf88c7040ad44df936e237aee5f6317d1
SHA51221383b3207e23f131cd821bf1bc8f8937705f446a2f3babe54a9280557e2791d7f20ea961f878ae08e377840b49d43693abb8240b5fe03519de7ea7057c9bb0c
-
Filesize
8KB
MD5759c576624d17ec19a3038744cc17b7e
SHA1d9771a1dd296adc589932ca3fde5cb642bb463f9
SHA256d9aa2815397feee53c3ed07bcdf98253b981ddad6b3cb4ca873a6440da6dcbc1
SHA512e7b28cd43dbf898e92a562d44ca7d63e8104138409a9def29273012f55bac3816afb14fc324c8fc15c4cfdf3f9abaec6a678ac616c5d4bb0cc5339cb5a4dc631
-
Filesize
12KB
MD562e1086d7a72fb7b5237fe25ee54fe5e
SHA1e3d9b7d0319e1dc0ec27bc137308378795660b65
SHA256634431bf0c785235c2bbe2a39ca57a1924f45a07b1d1381a6f6ec0a029c0b3de
SHA512d42bc2d72b206ae0dcd0c69d396b8fb37b94f7e09a9279f463d034828153b899be04494cef69a4569ce1b832bbbbd6837069e5538eef75ecb8c5b13faff8083a
-
Filesize
9KB
MD5043634b619e251e182ffad9959eef231
SHA13ac012a79c0f8c41c095c880aba356f775a93b65
SHA2567ab82a9f076c307031f22f4811fc9de5c29ccc5a4f05c7ddf8dd9f25d38d4d42
SHA5126665a78d7463df71c603a042a2421a12ae84aa9e04c60a5cc03965277115c00f74664e81197df19f54606e63903f69d76f0093afc6c9f5341b70458ae7be1a6b
-
Filesize
9KB
MD531c5a77b3c57c8c2e82b9541b00bcd5a
SHA1153d4bc14e3a2c1485006f1752e797ca8684d06d
SHA2567f6839a61ce892b79c6549e2dc5a81fdbd240a0b260f8881216b45b7fda8b45d
SHA512ad33e3c0c3b060ad44c5b1b712c991b2d7042f6a60dc691c014d977c922a7e3a783ba9bade1a34de853c271fde1fb75bc2c47869acd863a40be3a6c6d754c0a6
-
Filesize
78KB
MD5f77a4aecfaf4640d801eb6dcdfddc478
SHA17424710f255f6205ef559e4d7e281a3b701183bb
SHA256d5db0ed54363e40717ae09e746dec99ad5b09223cc1273bb870703176dd226b7
SHA5121b729dfa561899980ba8b15128ea39bc1e609fe07b30b283001fd9cf9da62885d78c18082d0085edd81f09203f878549b48f7f888a8486a2a526b134c849fd6b
-
Filesize
876B
MD5efc70a09597ed5d7f6bee3e5dae97b74
SHA1eefec0dd29191ece459b15a533e97d9924542f6a
SHA256a80426357919ebe640066657a30292f6d0f29cd373d43c2e769a050c36883e87
SHA512233c48e3b0e7174dff9a8bed6fc825ba6d3415d5088265b2a4be634faf9a4c21adf010404da7680a79547a41a5f8882ff0f0b0ed874aabeb3ef887d9b83ae612
-
Filesize
111KB
MD5f0b22e8cefbb2df3950faaf208c558c8
SHA1e4c14ef23e41b39b68b84666193fceff502d250f
SHA256a2ec86f220dc948db8c3313341b3590bacc18b161670cced95070d98f91bae17
SHA512a8d85babdd1693e9cd53f821842d600cfed270f69a058497a35aef1b8a774e1c5182be79da406c475b185381a5ac01d5895634447cb0688684806e4383780937
-
Filesize
195KB
MD5873734b55d4c7d35a177c8318b0caec7
SHA1469b913b09ea5b55e60098c95120cc9b935ddb28
SHA2564ee3aa3dc43cb3ef3f6bfb91ed8214659e9c2600a45bee9728ebbcb6f33b088d
SHA51224f05ed981e994475879ca2221b6948418c4412063b9c07f46b8de581047ddd5d73401562fa9ee54d4ce5f97a6288c54eac5de0ca29b1bb5797bdac5a1b30308
-
Filesize
168B
MD57fb44e0ef897887f29b1dd6d66c7a283
SHA11fbfe433c992510b722446c740bcc478794dc26e
SHA2569fca57d431a44bb57c02ccc7dfcd4cdffc3bfccf80cc1635bae50fb00f3c0ec9
SHA512b087bef49711a51b53f4693092fc8897d1f8f0d67c9a08837e560b62ba0a461ef0e670f2b1024a3912ae37240a5eeee78e1f1b1af3501de34e4d1a25b45ac185
-
Filesize
864B
MD51f676241675c17fec33c9895515f4a82
SHA126843db438ccc50294409b0d4ed0e099d7a74fc9
SHA25689a4c62b8087979600783f7d5c8c922d3c2d4bd3bfe36b6c8c5540cb72891e10
SHA512cfdc99d3c49a954a9cb371faa4539e6957b1b10a89619cc32831c97123c035a35dd65abb16cecc4d94badd5697ce903af691e451bd59fce72dcb606f87e611e5
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_developers.google.com_0.indexeddb.leveldb\CURRENT
Filesize16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
2KB
MD54b9fcf8e39e7a343c44d794ad03ab625
SHA17816ef53a5c790b78ec6ef82e1ce78e338d4db7d
SHA256f8a7cbc1e21434d89fa7af8a3781878964a162330bab22db8553517ac3215eb5
SHA51276120c6991ba04b6d6bcac8a6bd7adf781bd550f8aed318b0f4bf79d1ac3dbf1f24bc4e369cbf92a7b5e3e2bde4ac17ec497403a2d430b1deee45ea1212951e3
-
Filesize
3KB
MD5056df94620c2335d246ad2fffe90176e
SHA1fc9a417d605a5e51f6a88dd54832c5a5a86e729b
SHA2569e6702e199c8e69129b96d6cb37eee0cfc8c85228b5d3cd8cf666a8741a81737
SHA5129590e77fe0a43483f6faf3f0bc6f7c0fbdd40d3ca67bc5d80a5b8634ab26bccf967de81db3c5be3b875e30c73f26e2a18559e1f0b1a4a6d3d3dbce2357cd3462
-
Filesize
873B
MD5e4c1321206d6de2cc937b361111020da
SHA1995075a2990ec1e8e6f110f93ac3fd4d73d36b49
SHA2560f1eee70bfa1b5b5ef7c5d085c9d07f62f114bedd792cf6b2c310c087b467f3c
SHA5126cf91b928b43267fed6c429f27feffbc78d459a4d2af93f73fd1f1f147854418982bea05e8010af17f34515874eaff4b8a5f2cbe7cd9129cb19a22aa5af9207c
-
Filesize
371B
MD5505114dc19d34046f48bf90ee042b477
SHA1f707268a5d9a800353baa28bb235ba9a1f8f5e86
SHA25609d7bc5ba64d52dc19c1d6b545cafb90194c8b7628e13b6972bbbe8abfb66927
SHA5126a132fbcd7866dc49de7c61c3b6ba0ea79ede5f3c6824689af8e36ffde581014fe7aec5c832612d20f397b29e43ea298a0291ba9264b80262b1cf7fc7e7afe6b
-
Filesize
6KB
MD53a1f62dc0856f63b6fc2e482de56a3f5
SHA1299b6b6ace0eb6c136142b2aa7676a9a1522bfa7
SHA2565395e8bbd986e532acec9dba32957fd7c75fc70e20ee93a4d9b833e13e2b1460
SHA512305d68c6e9e7de496ee7689b6aff1e0ebf226f7aa17ede6b49ac9782f970ff42fc115460486fab65b5cd48a5829ba00369f8e1dc4d8f041874bcde4333bb27ef
-
Filesize
6KB
MD5d9f85b5df000371797f53ad6f53f4963
SHA1b0a190c929c14d5587d5a3314b462c6743da2837
SHA256a85e417e7f1f97e559e6a1a05cb3ff953d1d28a445f28130878832f62bf8c8fb
SHA512eced734f092ac548103aa35df166d64d672ed312f56e91efdca8356e4afb0f6bf0226639719ee430bbf4d6a2ba7504002ff64533e9c18763a8c7bfa6de892f68
-
Filesize
6KB
MD55b78ade66925619423c232d0ec9a3876
SHA1426dfe3cddd57c1382d6b43786f3dfd438099499
SHA2562c73dced70f68c6496a2e8d49a2e3ab150ab21837d9af6fc427c6443d6fa5f6a
SHA512bb2680c3aabfe1f4e5cb9c69e308ae9f191bbb7606fb788e581395db1625048244b556183d90135b814198c01c48da64cd7122b086ef73a39b38f030e2a64de6
-
Filesize
6KB
MD55e046195b948c32cbe7c103d1e633ea6
SHA1bc923517ff286c5747cdd8d9c8ba36d205e37278
SHA256b18712ad62d6658e63eae21141f9a91080fff9a0d3932ca724cedf8cb3aae150
SHA5122b819b01c8454b0efec9cf9308f4461fc940e0e67191d7aa3656fa5a2cdb0fa70ecd2e9391872a625dc0e52ede24759be437bbd5f3c3f88724a0fba17509e98e
-
Filesize
6KB
MD5217b94c0d0fe6b244493167fea26bd1c
SHA1fd7a8b06ba0600703221b28c3abe159f57c70bf2
SHA256a88042fd3954dc3c59a4789478c9d5083bd11d0031d926f703b5f1873196c924
SHA512310878dbab0af02eb0d0c53c06f1f002b0d326138d5524cb35bf4d762a4d27fe562ef853780d5b564700eb6e4326de8ea45799d2c2b505c1b5585930c5d3a204
-
Filesize
6KB
MD5b214a9dfa4c1982dcbce36668614b831
SHA1f7580e61bfb095c97ace74638eb00df4f6bb6d88
SHA256796f966f9906d2fbd4b626864aeab694fe62dd7267c920f439df3915974e4d38
SHA512c5dc8474a3fc388d0466c7d933bb141529c2da18cc89a8e84d78e596fbb9d4a77fa79735087ef52a1534e3d13aa6a0f9abb8f93e19c0cb5e90d2900974785a3d
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\5ce50966647b163092d864b9f37d981f5bccd871\3fc57804-53aa-4e9f-b880-2f113f6e0f6a\index-dir\the-real-index
Filesize1KB
MD5a794fb5ff1406f182de9491be17593ce
SHA15c626df5ebd49f5ff32389346fa4931fb5a5ca64
SHA256d55f604270176af2ed7b3c2b01094c5664b2fcb2a71a44969209274360e2235f
SHA512757f052301db7a8dd3b06ebfee49b5b8591dd5bbd91862b61466d23bd52d47daf73ebc124a7f254f802dbcec818f12c8b70091913be0b0c682650c3e143a5145
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\5ce50966647b163092d864b9f37d981f5bccd871\3fc57804-53aa-4e9f-b880-2f113f6e0f6a\index-dir\the-real-index~RFe58df8d.TMP
Filesize48B
MD56ded383b2e3ea3a68d30228f344ce050
SHA1fabd4f700ce2d859e55460d23beb341d44f83dd5
SHA2562e4fd848282e98247fce3a6e7031b9d16b529d00194d012224753dafd3b91368
SHA51243a55a4e81eb32de0bf5be78b874ba9b9cee426d50af698cbaacea6521e8c46d1d1a932bfe8938abe20f931538ca47e32e5cde70063893aaf7960093d9839dd6
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\5ce50966647b163092d864b9f37d981f5bccd871\index.txt
Filesize147B
MD5c42a2edc55cbfefd6b62652d2a179ba2
SHA1d4e10bd177f097b21929527ad397f3b9c11916c8
SHA25651520bd5b7a90dd572ad86b5251a4e98cab7911f670747484bac553eb085563f
SHA512d9626aa8710b122cf037a7e916ee7f4eab46c05249eed0a28e1a8f361783a8654cca1708baafa40b06dd260e5bc1e123ded9352fa6fd905efe59ffb27c9b11c8
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\5ce50966647b163092d864b9f37d981f5bccd871\index.txt~RFe58dfbc.TMP
Filesize147B
MD59c033c83c1c2760a43c1744834740f35
SHA1569adaff76a7960f1f85a8a5b125e9d725626664
SHA2562cbd48e7ea5270c28abda39365bd0bf17dc811a087da125807a1ceae42e1980a
SHA512aa552c12f5469ab12413c845ebd669853a6987a129d5bb8d9174e25190df9db19b1ba27e0ae77f07779d0a61968af6dcf8d31539ef31bdf36c0a5dc20985dbbc
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize72B
MD53b5e1049271c64affdae14c8c4850cc1
SHA18b61a718cca6b9b77bef882e6895517b43ab8940
SHA25693a9694290d9cf5448ffec817d034f1c7b02adfe299deba24f2b4739e4187408
SHA512f0ee23c74d655448907bdb4d54622f68dab1882e819a76506afd1c42750d23181b89cb4143bc49c733f0051d4e4d49c6e01023a2268626c2481dd5a7f0af6c04
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58dc42.TMP
Filesize48B
MD527badc272e24d0cc397fe1667e20b501
SHA14a5f7cd880ddc2b2d6a8f7c9317aa9864225c7b1
SHA2562f156ca94cb599b9b93fd1ed63c1bc448f7ef508017bab4f674cd4905d2a1f5e
SHA51291d4c55f658c76f649846a54cf6c5926f5e57bc6c56f74cfac2c6404ba9fa23dfd69049fe06bbac76b83d2bb3f54345eebee34a28fd13e1f80a105a363607aab
-
Filesize
130KB
MD52c80e81b2a33fec511747ae61d0bdb2f
SHA127f09e7d56398a15c9b14dec96b0ecdac3375b07
SHA2569a932540046dc5ceddfc2cdbffb0eb5f21538cd6f070d67c480223ea8d2e6ed4
SHA5122c0cc5be3aad8be7a31421cccac9aab77d80753c60dc0d6326522c73e6e16ddc400afaf98a63c0793cf93ed37c5036ee6329d6381540156c4f49f54b78415731
-
Filesize
130KB
MD51955ab5101b579648b4c29278e7f60f3
SHA1add5c958f3121465bfe183fcadd70d08cb13e5a0
SHA2563f9d6c966068230cfd38595d0f7cd78596ab30b305a5a32f3a1f7c6837938179
SHA51204bb19297e0ae6df5877cb03393b15a40cb13b48f9bd9b8837783c04293c1ca1474e5b37b982a7ac990516648c2fd5543c9835951f3a655bfa193a958c9873dc
-
Filesize
130KB
MD5c3f5cb71f57967c047367c7a18dc2304
SHA1ad369bf8a171804e2352d6d60d6d10c744a861ee
SHA256627a831722e9c2e400427cad5cb46777874f0f17585cf42df02c9b9f6ed5893d
SHA512cc2d85096290bafccd15339a940ea68fdc221443ad22cd6d3adda87f2c0c0e9835c850dee07b8747956cbd7db1700ed91b4dcfe34d3d8cbe5dae336774f03029
-
Filesize
103KB
MD58d848bea247b065786165b0d713c9aa9
SHA1f33872454c6aeeb09a7456a14e1df9c40b4ebad3
SHA256e2d87a421b4ae267c93817d8c54093610a56d27fe3180e8569dddb5a3a2b513b
SHA512cf327ccb29c9893bca0a75f3a10c7675dcc1b8cf826e85e80e22dea1f81643359393e48f77e3ba373b8913a8c613d6531dcc218896f501438527e278e2fa13a9
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
C:\Users\Admin\AppData\Local\Temp\.net\NovaInstaller\uztLljCegqSJbgApdKxz7vVm_L3UFNo=\D3DCompiler_47_cor3.dll
Filesize1.2MB
MD59a75ecacc7ffcb95eb0ac2323b6f90bb
SHA173301d88697f769daf3d181936a830a15be7af11
SHA256f601de157de0ef238b6ff16208ba605b95a1c5c503e098f73ba932f6351bd326
SHA512f963eed4481f11170a6f3b6f805c073e49a54728889151caea3e1a25851d1e1d46c268256f2548270cdd92b946942395548960e7e4e37a9de190f7bba70ee1d8
-
C:\Users\Admin\AppData\Local\Temp\.net\NovaInstaller\uztLljCegqSJbgApdKxz7vVm_L3UFNo=\PresentationNative_cor3.dll
Filesize1.2MB
MD5607039b9e741f29a5996d255ae7ea39f
SHA19ea6ef007bee59e05dd9dd994da2a56a8675a021
SHA256be81804da3077e93880b506e3f3061403ce6bf9ce50b9c0fcc63bb50b4352369
SHA5120766c98228f6ccc907674e3b9cebe64eee234138b8d3f00848433388ad609fa38d17a961227e683e92241b163aa30cf06708a458f2bc4d3704d5aa7a7182ca50
-
C:\Users\Admin\AppData\Local\Temp\.net\NovaInstaller\uztLljCegqSJbgApdKxz7vVm_L3UFNo=\wpfgfx_cor3.dll
Filesize1.7MB
MD5f3272b0a0e144c819cba2e8f469549c6
SHA1f693b8ecb31cb32ed797746c96051c0b753cbd0d
SHA25668708f067727d09f6576fac3a365ac0204874dbf55369b1efa69691d4ddecd3a
SHA512ebb14323f7fd45b1dd2ba843e282146ed03e91f6bc62022c4af6e996695b66d5a603295ddd9a6bfc87e0118195f9a3b114ff11f6d1418e969c5977630f9859c9
-
C:\Users\Admin\AppData\Local\Temp\Microsoft_.NET_SDK_6.0.413_(x86)_20240222175142_000_dotnet_runtime_6.0.21_win_x86.msi.log
Filesize3KB
MD5e2445a6776677a26978965ab7488c70c
SHA1713e44044a0ef51a802c242f633bbce3aaf990cd
SHA256dd5d7773a49fd136498413141342a29730f3d1b5cca7a02f3c645ae26d7c2c9d
SHA512c0a9d81b8f977aafb3f7e8b25ab5e14b2e6ee3de64c803a4c9393bc4845209e56c3a02eae5dee599a865d009f25ad95363bd2d19ee1327b489d73b9768582a7e
-
Filesize
3KB
MD592275b263ae8e164b76019158ab5a6cb
SHA1a1cfb8c881da705c320d29226462a34abe327164
SHA2565f9a670c88648a7f87b46b8fe3e611a09053c3778d270080233666591ff449c9
SHA5122afaff8674cc0ceb5d957bf5241b031ab58f3dd7a9f6bf9e16ef7239875985ca4cad95565fd86f8a1feec2d70ca9ec937fe9228c23a63e527116fbf0cbc465b0
-
Filesize
2KB
MD5f95d6ac40dbe808f821cac6201630a08
SHA10e63c9d9942f94fc8d3e1c700494ab0b8d0a21c8
SHA2566353926b45ce9cbb9f7505fbf7fcc71be2517d1fd98aebac0a178c39c8c210db
SHA512ec6d2b44ffc5b634f963f570351b1cac770d6f457af548193eb43ea5cd64a9018633e395b1793a2825b952840554454628b719b203a88628a13a30673a238307
-
Filesize
56.5MB
MD52b7b606253fd6eb0627165cd95f45ede
SHA1c3373dfa478622fa0393f94062989669668ea8ba
SHA2567a744520f5df04549f5d459ca66124d8c560a4151aac350bd33c11b4036c4f00
SHA512c75334c47ba59c5d751bd20f22e0ceefc02b8d6dd4edba682b79c59812806da4979a520d61d123ed3b367bbe74b3793289b0dd23cd0595881fc4596ffbf90438
-
Filesize
4.7MB
MD5dd07c7e6d599c554bd3ccf386b878002
SHA1420aa7d50286a772f8c244825f38857d31636212
SHA2564ade9fc906f2361dffe9dcda5db7e268a07ebdbe919e9ebb003ada9c4bc5c2fd
SHA5120bec2bec15f2ab1dd7a3fbc45739ef297f21c6312276dd207b068909ad216592c67493331568148cfc59fbacfd5ff0dcee2ee0c9253a246de55a3dfa6e5d2fe2
-
Filesize
4.8MB
MD5a03208c5d2cea1f228c2389651d75435
SHA1074e611332477bc3bb46975dc17fb953a5da303c
SHA256fea7639f21fee355b59096ec5ffd1a8f7806f79ac04e92073819e9eac69c620f
SHA5121a1d14a5e608f89693c25dd59bc5f730bee02cfa1dbab2a2b8800f59655c286e60a1095e0b32439c04c86015f5de14dcedacb559ea3b8b27c324b1f2f913eec0
-
Filesize
25.0MB
MD5b6de8f061c6bbe607b5e53f37311865b
SHA16f05655e44651dcbe96b9712f5273862a5981cf7
SHA2568543ad70296dc1511eb978f6437a4f49461e5ef5b7a915dd87356cf649b4ca4f
SHA51255ca40ea6f6ca406e417a9f73351815b60a414de449fe8d6c856a3bde1c7911e8fb968864ba2fd26c3168765e9088e09ac3c806f4dabeb48ec52f9e611f6fc7c
-
Filesize
35.4MB
MD528c031be6d17f352db27cd8e6c27bc42
SHA1852b6e793ea8d76d3387e1d98446fe106172e95f
SHA256fe24f490cb6bf9312d9bb92ed39908249b101c5975c490ec51c44c9393645839
SHA51273ed5ffe7d4dfdc6b15d005d80c9c173958c6f81bbf421b1e468b802e25aeb9719c3e3a1afcad69eb19368293ea4b1140c38d24dc42d0e44011f5b094d1dee50
-
Filesize
2.4MB
MD5281594e04055706773cd204c26434f93
SHA18c2d5798906650b1cd3c1eeda0e2c4a91393e1c4
SHA256766e48a469dd04ccc6f8ff325d89b3b80b2ab5bee90336f85b663884914f263b
SHA51248a83ab804ffd438985030caf0f40b67feeb0a0fc1c2c5022bc2487773e1f3d258c41a042fd73962fd486fc37f798e83b6f3bf49a01a50070125cfffe03b70de
-
Filesize
960KB
MD5f3717f895d49e4bb1cfa0172e0792f42
SHA153c93e5919fb3e58006520070ec86477272297f0
SHA25633005305187e489b6667928a5a9ce04cca8e0b7bfab1d589e474bb27da3e657f
SHA512ee09f1fd8d7e54004711de0b490ab3def4ad50847675330eeb4d53674dd96b2dcf6fbb65746824536ba69406845b15531f9dbf8e00e92df577c07c822886233f
-
Filesize
225KB
MD5d711da8a6487aea301e05003f327879f
SHA1548d3779ed3ab7309328f174bfb18d7768d27747
SHA2563d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283
SHA512c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681
-
Filesize
23.3MB
MD5e79bada7cb5640f0c5c486a63fcfb75d
SHA1b8c1fdadebd64a237ba63676e45c4702f998278b
SHA2567d585a27e8fe15388570ea170765651189bad6ad7d2d84b6c252bf950784e516
SHA512950f938fee3ae3328ad69ebc39e515fd0473753b1266a0f5a4c2354235526a6865661648990f90f844a4e493cef8c4b42495626e7ea8912442579ccfd3c7af36
-
Filesize
25.9MB
MD5cbf54c4b5d6933adecb71a52a339b803
SHA1cba937a79a0213883e8a121d8c78df908407d0b8
SHA256f0818f42c0fd0ef871584232e6b7ced40b42860fb9dcdbf836cecfbb183ca278
SHA51234ef525c7be386772081ab6f8e4336138f26c3014c371fbb82bcbddfa05b51d0742f3a9b8853a29acafe283d47386d32e76b904ae6d99f4c56eb6558b17d2f4c
-
Filesize
1KB
MD5d6bd210f227442b3362493d046cea233
SHA1ff286ac8370fc655aea0ef35e9cf0bfcb6d698de
SHA256335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef
SHA512464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b
-
Filesize
191KB
MD5eab9caf4277829abdf6223ec1efa0edd
SHA174862ecf349a9bedd32699f2a7a4e00b4727543d
SHA256a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041
SHA51245b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2
-
Filesize
5.4MB
MD5d0cbbe859fbb7c25dd5158e0f45d3682
SHA19c2f0b8379976fda1b46aa8c4a4a27b6f824b659
SHA25697aef328363e120e786841903bb51a17547aa84f64d5d3525940ec5a69b9a627
SHA5127ad84ae54668c07033ad100bc101fd0bf0b0783a1dd1f018d241097e167328b8e87cc15e4c0b45859e1946d41ef7528f46ca3c44deccd8859f11274d9e4189b6
-
Filesize
955KB
MD53d14b0e254ea96fef419e6da38eb25e4
SHA193341ef98a0e2ae2cccc7e467af23bcc477d9a5c
SHA2568717dc81d0345d8b81aa85e776fd3e0e6010dba974bf0f5660071e6d680c4526
SHA51264a656648c16aa78ed74196e327126f6a9eb5d89052cdcd8f83eb655842e41c4f42be7f61541371f36ce322d208d1d707f485e99a79aa799fad7fd2c51553811
-
Filesize
188KB
MD5d5a907e3b279f26804af0c56b0c65d52
SHA163bf7f0afd12ef21781dc14dd3b14c59d9e66518
SHA256401ffa2ef4f070e211ef3f6e4f8a2a7af2bc9ea0119bbacad040669ab6221bba
SHA5128d23fed4d26f0e2d1e40d5993ab2f588be1e7873cbcbe2064351ca8ef705bf74535225e9d0c2adf93fabfd45691077c7abb3991a013c8b4b234b9751c991f327
-
Filesize
188KB
MD5e312d6be7dee2b8f3737e0a1bc92e3aa
SHA172487572a3f8b8eff93489997c8a5041ea7a6867
SHA256d48c8e848a219bceb638b2505132756cb908703fe75dee78bdf475435420dc49
SHA512b39a0c18aa242887e3f9ae3d49bc9d6765ce15097718964cccd86b824d13481cbd53175105db29d17e3a08f74fe4d20dfb3f9989eca5276c3f5fbb255b80f8ae
-
Filesize
4KB
MD59eb0320dfbf2bd541e6a55c01ddc9f20
SHA1eb282a66d29594346531b1ff886d455e1dcd6d99
SHA2569095bf7b6baa0107b40a4a6d727215be077133a190f4ca9bd89a176842141e79
SHA5129ada3a1757a493fbb004bd767fab8f77430af69d71479f340b8b8ede904cc94cd733700db593a4a2d2e1184c0081fd0648318d867128e1cb461021314990931d
-
Filesize
197KB
MD54356ee50f0b1a878e270614780ddf095
SHA1b5c0915f023b2e4ed3e122322abc40c4437909af
SHA25641a8787fdc9467f563438daba4131191aa1eb588a81beb9a89fe8bd886c16104
SHA512b9e482efe9189683dabfc9feff8b386d7eba4ecf070f42a1eebee6052cfb181a19497f831f1ea6429cfcce1d4865a5d279b24bd738d702902e9887bb9f0c4691
-
Filesize
5.4MB
MD50fa3a77c2aa5c177281565e6ccbb5554
SHA10793fc303279f581d69037c26152a036627a1012
SHA256aa70a191dc6bf89f406bc10f603d6b6df7d93428be7f88346c53a18623c81e08
SHA512fb806e3d58ac51139b0573fd5e8b23d0d100bc9fb30810b79bb1165fffb6ad2cfe96de3df4aeab61b1b2087bc006b8b7d8ac7ba076dc0ea048faa592bd98c2aa
-
Filesize
130KB
MD51ec0ef0eb7860f069bda682b0e74df8d
SHA112ffab75565303e970e27218efeeb364b3ecdd18
SHA2562f6948e63b4c8e4493b32dedcaad3d871bd86940e160435bb794fb9be12e2001
SHA5129964a24217aaf610f1bcd85ef246d9f361313090e1acddc5eaee7b2e241fc441b2ddcdb305e3cbc5591a0c6566856291ff549aab1e09c8b7acf45482df1cb71b
-
C:\Windows\Temp\{55DFEA3F-7C22-43A2-BC9B-F07155A439EC}\Microsoft.NET.Sdk.Android.Manifest_6.0.300.32.0.301_x86.msi
Filesize420KB
MD5a4b79c3af25e4ff3125e872bbe8abece
SHA1d72feb62deb1585f9743312fd3d4160706aeb4ce
SHA256187d2afab3e747f49d9afc4e720e312f098194760517adcd822ce6f18bd30bc6
SHA51242bd976aff2fde5cf4d06ec314efead67715cc34c8635669d89712a743a9ac6a4da5de5fddd9e682fc72a458e5b7d38c8ce8a80b6fb12b74e72c8536473433e6
-
C:\Windows\Temp\{55DFEA3F-7C22-43A2-BC9B-F07155A439EC}\Microsoft.NET.Sdk.MacCatalyst.Manifest_6.0.300.15.4.303_x86.msi
Filesize420KB
MD5a5979d34f92f39d27a21d8163583862e
SHA11203352b2c68f873648a3ebbad6b83cbe00a0822
SHA2569f9a931214de020a6be34633bf9f5e22d616ad7aaa10563144cdf8189c4bb17e
SHA512b0cfa77b9f207ed25e8dc17e7922b3b5f6eb419f3a393eb7505a6a9800fdb6a8eda568efcaa7c89d6cf52af024277158242f59563ce0396280c90a2c0dc57feb
-
C:\Windows\Temp\{55DFEA3F-7C22-43A2-BC9B-F07155A439EC}\Microsoft.NET.Sdk.iOS.Manifest_6.0.300.15.4.303_x86.msi
Filesize420KB
MD54e4d26193bd7adf82dba0ad97ec8f5d2
SHA1c9ac4301dc31d9888cd65f15aa2fe9e110a59209
SHA25686ef7bfcfbae9b65d940db6cb03b53a1b69c911d1d1d57bd6e082a4f97723135
SHA512c77078e499c249c738946edb9bc52577e3df56a067da15e5d5f24bf855cf9acda7ac377a35ac184498c6751fbf4ee552b8b4b6744a297f9c60a7da73059a9343
-
C:\Windows\Temp\{55DFEA3F-7C22-43A2-BC9B-F07155A439EC}\aspnetcore_targeting_pack_6.0.21_servicing.23364.38_win_x86.msi
Filesize2.2MB
MD5f846d2bd240a812ef7735f1af9a0d7a0
SHA1ede9a3627e6e761739d3c6180fd7595f9fa6124f
SHA2565008ada911bf5596fb526cec3c449ff58d61761d66b6ba4bb42ef1e6ae9422fa
SHA512eb8b2a3b86dc9a3ff55c4a6db198e583011cb039d30dc9d131463ba8492cdfbf8f6f64d4258e9050d73180460b5b3e99413bd4f4fd2513f9239689f8b17ff367
-
C:\Windows\Temp\{55DFEA3F-7C22-43A2-BC9B-F07155A439EC}\dotnet_60templates_6.0.413_servicing.23367.26_win_x86.msi
Filesize3.0MB
MD5d058ba14c23a55a07e639470d5594017
SHA1b99a4598362a0034e62564eb515f310e3dabbbef
SHA256a1b0e104219780c14c5067dcc3edd03b5204306bd6c4e882f10ded3a5d58e6b8
SHA5123b97b280893dbce7b01bdff2c51e20de7a48ee850fab9da16bcd2bc23b29a38f1d37c1a7215a73f4d4a65a6dc3f9f4469c2a02268a8fa3b416ca3fe0dd0f40d5
-
Filesize
2.6MB
MD5a770e7c5f3cedf9a6aeac0a92c4ebb8f
SHA149e6f030e12ccddaf20ea67a2080c80282776b99
SHA256268df9fd4c1382dd39419081cd27a98bacd764a950442e40442d298dc5e4b837
SHA512d305f09dffc7f8cff95e184bbf6abf5624858e16200f18fc4e80f8d5e5f9200fdc8f8a9d4f3316d10674adc43506036416a824814d30a0738af7985a2d0117ce
-
Filesize
4.8MB
MD56999b5d640b5e194dc5e87abe05fb2ac
SHA1d01e97273945b853b76a53ac657788269d2ffa10
SHA2563bd2495165f4d325205b7e4f37fa0654a6ac12c65be7ebb515f12c5413859b8e
SHA5129481dfeabcefb3446d9c54502b3537f2298926269da39c12c92ccc51c4bc6c73a79ac51b92fdbe7ae1e7be0bd47c7c4a192ba5bfd806adeb3a99d7a9037a8711
-
Filesize
4.9MB
MD5d1658a415473267e6c2233db17b78d93
SHA14b04f1994cd456437200816e13bb2fd7750f6f4b
SHA256e643202cfe7c17c8efcfd3299a5e9f808204b4ec1029ec2a02fb3b6f995f65f1
SHA51231953a50c60018d5e7d65885d88305a7703893e826ebd0d16ac171f72a4615206e6ea28243da2bfb73f4ffd09607852fdd74766446bd82814f5b460fc009174c
-
Filesize
2.3MB
MD51ed329f3cabf76cdf1d2d1528f8c99e6
SHA1d85ebcde2a0d21d04e023398282fcbc3730c9144
SHA256cd6ea31d71c900c99ecf944e415f29744b496715a726d24b17653de6cb941f2b
SHA5126e713bc3ecf33de6627b9886db791913745d29d9d122792d43ae233578ea453e718107681944d0e504ac0e7212f0d5150c1cbcf625eae8e1dd038158a32baa6f
-
Filesize
728KB
MD506a94b7b03fd6ddc6942959b0360551a
SHA16ec5e317599efa731ebd86a1fdca187391cd5f59
SHA256837eb5ef21b543600c4dcd1905d7072e5ec88dd4ea7c177a9755df602f7aad97
SHA5126c276e21070995f57ad2f31eeb4cdddd42e28dd1cd37405aa773883b567621c97077ef669f34dd357d15ffb3930c67b1a5950cc39ee7f78927002f3c8b2fbac8
-
Filesize
784KB
MD51da4c6997d53b4e057eacba87395c44c
SHA1e62f066789d3494799b3b0edd6885e8b92e59f53
SHA25613cda8492bbcbf19f0d09582e259eab6f7b934f74b1bfb50c4250a4e27d80fde
SHA512e2c39964a116cb14833c83a3efe09d890c8c0cac963c007a477aaf8c181230ebcfc54412953816588ac932656982ebd667739fefc135869d848ebab0f789c83f
-
Filesize
2.7MB
MD5a5fadf292988ad801c1987adf306054d
SHA15b1309ae8512a6b624e34a8806daf4e0961009ca
SHA256769f3ddf0ba5b89e5d28c849725050e59912a457bdddcdbd436b48210395ef8a
SHA51233f830fc86ddaa369ecbfd82c3001f6f70df513f1449171a18ae78ac728d6a0908fff5cacb8acda9feaa15d611e4e6fc670e7ec8eae153647d7e8c75cb9ad420
-
Filesize
2.6MB
MD5de8422d18458aaf0d9aba8a07c9c07b2
SHA14f03e7b04c4b36ba9b83725ed7eb49302522672d
SHA2567da9195a7c7d8c60f1a66df58c988a5d523e55c6256d031167c94982d3cb447d
SHA512937d6b1216145712cee543c4b1e8b1cce375c4aa6bfffa041b78ad21f52b598d6d85d20345d0acceb91dfde3e8245c60932647931d33b0cebbffa7d3713a1193
-
Filesize
2.2MB
MD548c5e8790b27c069b2f7f711a77ced17
SHA1bb5fd31397a04b7f9064572b49099582f559bc79
SHA256dea4e3d5fc348cfc668f7caf89c3503ecb99e90405474efe36cfc4d72084245b
SHA5126d8ed59bc050ec94ab400ccf37aec74dab80d517a3e5a5f0deb6693005f4eedf0c1dcced0ec85febd72f7fd82aac7c7516a542095e20c5120c591d05ab393ff2
-
Filesize
13.2MB
MD597e42507d53d448b3806128080d5a758
SHA19c378f65dd6b3b85c3989f06b01d569bfa16f669
SHA2560554cae60e8c0751b2ff2ac733d88170162dac823afe43ce516af2b4280a9a7f
SHA5125201570866972f0e2cb53fdeb97584eec405896e864c014fbb8b0911717e2dd27e394865b2772bb63009494bb00cc8776bea20990bdbc8889005a90f233d794d
-
C:\Windows\Temp\{55DFEA3F-7C22-43A2-BC9B-F07155A439EC}\windowsdesktop_targeting_pack_6.0.21_win_x86.msi
Filesize3.2MB
MD5301ecae747b29905894719430a79d2a8
SHA12f3a35247dc66e3eed74ed925547005bf99a1ef8
SHA2568110a0aebcaa8b36f35bf9eac28c7b5975cd0cbc509123782755192ee099d47a
SHA5120bf1f4f69a4c685816fe5adfe11df3e2406a5e636538dbc00a0ec2676eade309cd580bdfdc235fa5dd8cfae43793d13e8b362a1b14e40476fe130dfffa50d4c7
-
Filesize
635KB
MD5b73be38096eddc4d427fbbfdd8cf15bd
SHA1534f605fd43cc7089e448e5fa1b1a2d56de14779
SHA256ab1164dcaf6c7d7d4905881f332a7b6f854be46e36b860c44d9eedc96ab6607a
SHA5125af779926d344bc7c4140725f90cddad5eb778f5ca4856d5a31a6084424964d205638815eab4454e0ea34ea56fafca19fadd1eb2779dc6b7f277e4e4ce4b1603
-
Filesize
610KB
MD5c829733fccac1d023514b6a56647d461
SHA1eae92bb4711c6d9e1e19ebe79b3afc2de7dfabec
SHA256fec2580479532e2a36b75e9e4d14835be00e1fb65f43166ee4b4660aae13f2bc
SHA512dd7f1299ba1db1c3ada0110dc75e91d5b68731fae7261b6c06f330354653e1ca1e8dde2150d34843b76c4066d2328fbac18f0b9ba989446c29c86ac38f507706