Resubmissions
11/06/2024, 09:42
240611-lpmdyashkj 711/06/2024, 09:38
240611-lmdc9asgpp 311/06/2024, 09:36
240611-lk8rdasglr 611/06/2024, 09:33
240611-lh6h8ssfrp 311/06/2024, 09:30
240611-lgq26asbke 3Analysis
-
max time kernel
146s -
max time network
150s -
platform
windows11-21h2_x64 -
resource
win11-20240508-en -
resource tags
arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system -
submitted
11/06/2024, 09:42
Static task
static1
Behavioral task
behavioral1
Sample
ninja.exe
Resource
win11-20240508-en
General
-
Target
ninja.exe
-
Size
556KB
-
MD5
6107353ae21982becc0cc95a6411ad60
-
SHA1
a60cc6cb7d3fb184941ae2f3a8871f5bfd6a10f0
-
SHA256
68865c3276d449d746cea5065fdec2baf755d7813e161ab04205b0907b2629b8
-
SHA512
ae79f504cd18ca1c424867ac10bf688a085699c81599daf48dc72e7c8149f76518bdfce73ae9b8a31959c84d09f3e94220c66ccd47f1f3c47c68f073c587ef22
-
SSDEEP
12288:cpvpFKupIKTLj5ZFVaZHtkxi6oUnRQw4ddQXq:cpvpB+KTJsHtxURQw44
Malware Config
Signatures
-
Loads dropped DLL 9 IoCs
pid Process 5776 windowsdesktop-runtime-6.0.27-win-x64.exe 4740 MsiExec.exe 4740 MsiExec.exe 5172 MsiExec.exe 5172 MsiExec.exe 1580 MsiExec.exe 1580 MsiExec.exe 1044 MsiExec.exe 1044 MsiExec.exe -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{d87ae0f4-64a6-4b94-859a-530b9c313c27} = "\"C:\\ProgramData\\Package Cache\\{d87ae0f4-64a6-4b94-859a-530b9c313c27}\\windowsdesktop-runtime-6.0.27-win-x64.exe\" /burn.runonce" windowsdesktop-runtime-6.0.27-win-x64.exe -
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\T: msiexec.exe File opened (read-only) \??\A: msiexec.exe File opened (read-only) \??\B: msiexec.exe File opened (read-only) \??\E: msiexec.exe File opened (read-only) \??\H: msiexec.exe File opened (read-only) \??\I: msiexec.exe File opened (read-only) \??\M: msiexec.exe File opened (read-only) \??\K: msiexec.exe File opened (read-only) \??\N: msiexec.exe File opened (read-only) \??\Q: msiexec.exe File opened (read-only) \??\R: msiexec.exe File opened (read-only) \??\Y: msiexec.exe File opened (read-only) \??\Z: msiexec.exe File opened (read-only) \??\J: msiexec.exe File opened (read-only) \??\P: msiexec.exe File opened (read-only) \??\V: msiexec.exe File opened (read-only) \??\X: msiexec.exe File opened (read-only) \??\G: msiexec.exe File opened (read-only) \??\L: msiexec.exe File opened (read-only) \??\O: msiexec.exe File opened (read-only) \??\S: msiexec.exe File opened (read-only) \??\U: msiexec.exe File opened (read-only) \??\W: msiexec.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\UIAutomationClient.resources.dll msiexec.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\WindowsBase.resources.dll msiexec.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.Native.dll msiexec.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Tasks.Parallel.dll msiexec.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.HttpListener.dll msiexec.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\D3DCompiler_47_cor3.dll msiexec.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\Microsoft.VisualBasic.Forms.resources.dll msiexec.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Forms.resources.dll msiexec.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.TextWriterTraceListener.dll msiexec.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\PresentationCore.resources.dll msiexec.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-heap-l1-1-0.dll msiexec.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.ZipFile.dll msiexec.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.Win32.SystemEvents.dll msiexec.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\PresentationUI.resources.dll msiexec.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\WindowsFormsIntegration.resources.dll msiexec.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.CompilerServices.VisualC.dll msiexec.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\DirectWriteForwarder.dll msiexec.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Forms.resources.dll msiexec.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Forms.Primitives.resources.dll msiexec.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-libraryloader-l1-1-0.dll msiexec.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Private.Xml.dll msiexec.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Extensions.dll msiexec.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Xaml.resources.dll msiexec.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\UIAutomationTypes.resources.dll msiexec.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-private-l1-1-0.dll msiexec.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\dbgshim.dll msiexec.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-rtlsupport-l1-1-0.dll msiexec.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\PresentationFramework.resources.dll msiexec.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\ReachFramework.resources.dll msiexec.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\PresentationCore.resources.dll msiexec.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Controls.Ribbon.resources.dll msiexec.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.ReaderWriter.dll msiexec.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\PresentationCore.resources.dll msiexec.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\ReachFramework.resources.dll msiexec.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-multibyte-l1-1-0.dll msiexec.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Data.DataSetExtensions.dll msiexec.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Emit.Lightweight.dll msiexec.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\UIAutomationClientSideProviders.dll msiexec.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Forms.Design.resources.dll msiexec.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\UIAutomationClient.resources.dll msiexec.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.CSharp.dll msiexec.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Sockets.dll msiexec.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\Microsoft.VisualBasic.Forms.resources.dll msiexec.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.StackTrace.dll msiexec.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.dll msiexec.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Configuration.ConfigurationManager.dll msiexec.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Forms.Design.resources.dll msiexec.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Xaml.resources.dll msiexec.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\WindowsBase.resources.dll msiexec.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\PresentationFramework.resources.dll msiexec.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Numerics.Vectors.dll msiexec.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.InteropServices.dll msiexec.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.ThreadPool.dll msiexec.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationClient.resources.dll msiexec.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\vcruntime140_cor3.dll msiexec.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Controls.Ribbon.resources.dll msiexec.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\PresentationUI.resources.dll msiexec.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\WindowsFormsIntegration.resources.dll msiexec.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Forms.resources.dll msiexec.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Xaml.resources.dll msiexec.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.dll msiexec.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\ReachFramework.resources.dll msiexec.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Forms.resources.dll msiexec.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\UIAutomationClientSideProviders.resources.dll msiexec.exe -
Drops file in Windows directory 34 IoCs
description ioc Process File opened for modification C:\Windows\Panther\UnattendGC\setuperr.log UserOOBEBroker.exe File opened for modification C:\Windows\Installer\MSI6B54.tmp msiexec.exe File created C:\Windows\SystemTemp\~DF31C8656558627512.TMP msiexec.exe File created C:\Windows\SystemTemp\~DFC440EBE929366EF4.TMP msiexec.exe File opened for modification C:\Windows\Installer\MSI782B.tmp msiexec.exe File created C:\Windows\SystemTemp\~DFF98F49777316CFE6.TMP msiexec.exe File opened for modification C:\Windows\Installer\$PatchCache$\Managed\E39B69A3F3677E14587CF1C3CC73FE72\48.108.8828\fileCoreHostExe msiexec.exe File created C:\Windows\SystemTemp\~DF06B6791C9A691356.TMP msiexec.exe File created C:\Windows\SystemTemp\~DF8BD6FACD72CB4D10.TMP msiexec.exe File opened for modification C:\Windows\Panther\UnattendGC\setupact.log UserOOBEBroker.exe File opened for modification C:\Windows\Panther\UnattendGC\diagwrn.xml UserOOBEBroker.exe File opened for modification C:\Windows\Installer\MSI779D.tmp msiexec.exe File created C:\Windows\SystemTemp\~DFDC255E58CCFD650D.TMP msiexec.exe File opened for modification C:\Windows\Installer\MSI7965.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSI81F3.tmp msiexec.exe File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log msiexec.exe File opened for modification C:\Windows\Installer\MSI74EA.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSI75C6.tmp msiexec.exe File opened for modification C:\Windows\Installer\$PatchCache$\Managed\E39B69A3F3677E14587CF1C3CC73FE72\CacheSize.txt msiexec.exe File opened for modification C:\Windows\Installer\MSI76E1.tmp msiexec.exe File created C:\Windows\SystemTemp\~DFB75138CA056F0F09.TMP msiexec.exe File opened for modification C:\Windows\Installer\MSI7ACE.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSI696E.tmp msiexec.exe File created C:\Windows\Installer\inprogressinstallinfo.ipi msiexec.exe File opened for modification C:\Windows\Installer\MSI7653.tmp msiexec.exe File opened for modification C:\Windows\Panther\UnattendGC\diagerr.xml UserOOBEBroker.exe File opened for modification C:\Windows\Installer\ msiexec.exe File created C:\Windows\SystemTemp\~DF9574238F4AA26311.TMP msiexec.exe File opened for modification C:\Windows\Installer\MSI78B9.tmp msiexec.exe File created C:\Windows\SystemTemp\~DF05E239923D816EB1.TMP msiexec.exe File created C:\Windows\Installer\$PatchCache$\Managed\E39B69A3F3677E14587CF1C3CC73FE72\CacheSize.txt msiexec.exe File created C:\Windows\SystemTemp\~DFD49659F44E043D2A.TMP msiexec.exe File created C:\Windows\SystemTemp\~DF53EC75EA49904888.TMP msiexec.exe File created C:\Windows\SystemTemp\~DF10E4806631BD1658.TMP msiexec.exe -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 svchost.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString svchost.exe -
Enumerates system info in registry 2 TTPs 6 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies data under HKEY_USERS 11 IoCs
description ioc Process Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2B msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2c msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2D msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2e msiexec.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133625725865917689" chrome.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2A\52C64B7E msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2C msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2d msiexec.exe -
Modifies registry class 40 IoCs
description ioc Process Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\613F436E6BEB3BF46A217F01F2751656\SourceList\Media msiexec.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\613F436E6BEB3BF46A217F01F2751656\SourceList\Net msiexec.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E39B69A3F3677E14587CF1C3CC73FE72\SourceList msiexec.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E39B69A3F3677E14587CF1C3CC73FE72 msiexec.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\E39B69A3F3677E14587CF1C3CC73FE72 msiexec.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\dotnet_runtime_48.108.8828_x64 msiexec.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\windowsdesktop_runtime_48.108.8836_x64\Dependents windowsdesktop-runtime-6.0.27-win-x64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_SharedHost_48.3.31210_x64\Dependents windowsdesktop-runtime-6.0.27-win-x64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\497A7447E2AFEB24ABA9F5BC5DC4D53F\SourceList msiexec.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\0DE340971DE772245A5E405C95D4127F msiexec.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\613F436E6BEB3BF46A217F01F2751656\SourceList msiexec.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\497A7447E2AFEB24ABA9F5BC5DC4D53F\SourceList\Net msiexec.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\497A7447E2AFEB24ABA9F5BC5DC4D53F msiexec.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\dotnet_runtime_48.108.8828_x64\Dependents windowsdesktop-runtime-6.0.27-win-x64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0DE340971DE772245A5E405C95D4127F\SourceList\Media msiexec.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0DE340971DE772245A5E405C95D4127F msiexec.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{d87ae0f4-64a6-4b94-859a-530b9c313c27}\Dependents windowsdesktop-runtime-6.0.27-win-x64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\windowsdesktop_runtime_48.108.8836_x64 msiexec.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E39B69A3F3677E14587CF1C3CC73FE72\SourceList\Net msiexec.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\497A7447E2AFEB24ABA9F5BC5DC4D53F\SourceList\Media msiexec.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\2DDBF7219475B995939F6795C8ACCD62 msiexec.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3107365284-1576850094-161165143-1000\{E62CE093-4DF8-42C4-B8AB-03EFBB39DEE1} svchost.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\INSTALLER\DEPENDENCIES\DOTNET_CLI_HOSTFXR_48.108.8828_X64\DEPENDENTS\{D87AE0F4-64A6-4B94-859A-530B9C313C27} windowsdesktop-runtime-6.0.27-win-x64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_HostFxr_48.108.8828_x64 msiexec.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0DE340971DE772245A5E405C95D4127F\SourceList\Net msiexec.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\INSTALLER\DEPENDENCIES\WINDOWSDESKTOP_RUNTIME_48.108.8836_X64\DEPENDENTS\{D87AE0F4-64A6-4B94-859A-530B9C313C27} windowsdesktop-runtime-6.0.27-win-x64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\613F436E6BEB3BF46A217F01F2751656 msiexec.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\613F436E6BEB3BF46A217F01F2751656 msiexec.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\INSTALLER\DEPENDENCIES\DOTNET_CLI_SHAREDHOST_48.3.31210_X64\DEPENDENTS\{D87AE0F4-64A6-4B94-859A-530B9C313C27} windowsdesktop-runtime-6.0.27-win-x64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\094F9C7997352096B7082D27C35AD959 msiexec.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0DE340971DE772245A5E405C95D4127F\SourceList msiexec.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\INSTALLER\DEPENDENCIES\{D87AE0F4-64A6-4B94-859A-530B9C313C27}\DEPENDENTS\{D87AE0F4-64A6-4B94-859A-530B9C313C27} windowsdesktop-runtime-6.0.27-win-x64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\A203DC83D8E5BD778453BE6D1E5656AE msiexec.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_SharedHost_48.3.31210_x64 msiexec.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\A1A5B816FCD50AC5256C8FA1FB47CF92 msiexec.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\INSTALLER\DEPENDENCIES\DOTNET_RUNTIME_48.108.8828_X64\DEPENDENTS\{D87AE0F4-64A6-4B94-859A-530B9C313C27} windowsdesktop-runtime-6.0.27-win-x64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E39B69A3F3677E14587CF1C3CC73FE72\SourceList\Media msiexec.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_HostFxr_48.108.8828_x64\Dependents windowsdesktop-runtime-6.0.27-win-x64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\497A7447E2AFEB24ABA9F5BC5DC4D53F msiexec.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{d87ae0f4-64a6-4b94-859a-530b9c313c27} windowsdesktop-runtime-6.0.27-win-x64.exe -
Suspicious behavior: EnumeratesProcesses 18 IoCs
pid Process 1808 chrome.exe 1808 chrome.exe 1940 msedge.exe 1940 msedge.exe 1548 msedge.exe 1548 msedge.exe 2060 msedge.exe 2060 msedge.exe 1832 identity_helper.exe 1832 identity_helper.exe 6136 msiexec.exe 6136 msiexec.exe 6136 msiexec.exe 6136 msiexec.exe 6136 msiexec.exe 6136 msiexec.exe 6136 msiexec.exe 6136 msiexec.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs
pid Process 1808 chrome.exe 1808 chrome.exe 1808 chrome.exe 1808 chrome.exe 1808 chrome.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1808 chrome.exe Token: SeCreatePagefilePrivilege 1808 chrome.exe Token: SeShutdownPrivilege 1808 chrome.exe Token: SeCreatePagefilePrivilege 1808 chrome.exe Token: SeShutdownPrivilege 1808 chrome.exe Token: SeCreatePagefilePrivilege 1808 chrome.exe Token: SeShutdownPrivilege 1808 chrome.exe Token: SeCreatePagefilePrivilege 1808 chrome.exe Token: SeShutdownPrivilege 1808 chrome.exe Token: SeCreatePagefilePrivilege 1808 chrome.exe Token: SeShutdownPrivilege 1808 chrome.exe Token: SeCreatePagefilePrivilege 1808 chrome.exe Token: SeShutdownPrivilege 1808 chrome.exe Token: SeCreatePagefilePrivilege 1808 chrome.exe Token: SeShutdownPrivilege 1808 chrome.exe Token: SeCreatePagefilePrivilege 1808 chrome.exe Token: SeShutdownPrivilege 1808 chrome.exe Token: SeCreatePagefilePrivilege 1808 chrome.exe Token: SeShutdownPrivilege 1808 chrome.exe Token: SeCreatePagefilePrivilege 1808 chrome.exe Token: SeShutdownPrivilege 1808 chrome.exe Token: SeCreatePagefilePrivilege 1808 chrome.exe Token: SeShutdownPrivilege 1808 chrome.exe Token: SeCreatePagefilePrivilege 1808 chrome.exe Token: SeShutdownPrivilege 1808 chrome.exe Token: SeCreatePagefilePrivilege 1808 chrome.exe Token: SeShutdownPrivilege 1808 chrome.exe Token: SeCreatePagefilePrivilege 1808 chrome.exe Token: SeShutdownPrivilege 1808 chrome.exe Token: SeCreatePagefilePrivilege 1808 chrome.exe Token: SeShutdownPrivilege 1808 chrome.exe Token: SeCreatePagefilePrivilege 1808 chrome.exe Token: SeShutdownPrivilege 1808 chrome.exe Token: SeCreatePagefilePrivilege 1808 chrome.exe Token: SeShutdownPrivilege 1808 chrome.exe Token: SeCreatePagefilePrivilege 1808 chrome.exe Token: SeShutdownPrivilege 1808 chrome.exe Token: SeCreatePagefilePrivilege 1808 chrome.exe Token: SeShutdownPrivilege 1808 chrome.exe Token: SeCreatePagefilePrivilege 1808 chrome.exe Token: SeShutdownPrivilege 1808 chrome.exe Token: SeCreatePagefilePrivilege 1808 chrome.exe Token: SeShutdownPrivilege 1808 chrome.exe Token: SeCreatePagefilePrivilege 1808 chrome.exe Token: SeShutdownPrivilege 1808 chrome.exe Token: SeCreatePagefilePrivilege 1808 chrome.exe Token: SeShutdownPrivilege 1808 chrome.exe Token: SeCreatePagefilePrivilege 1808 chrome.exe Token: SeShutdownPrivilege 1808 chrome.exe Token: SeCreatePagefilePrivilege 1808 chrome.exe Token: SeShutdownPrivilege 6088 windowsdesktop-runtime-6.0.27-win-x64.exe Token: SeIncreaseQuotaPrivilege 6088 windowsdesktop-runtime-6.0.27-win-x64.exe Token: SeSecurityPrivilege 6136 msiexec.exe Token: SeCreateTokenPrivilege 6088 windowsdesktop-runtime-6.0.27-win-x64.exe Token: SeAssignPrimaryTokenPrivilege 6088 windowsdesktop-runtime-6.0.27-win-x64.exe Token: SeLockMemoryPrivilege 6088 windowsdesktop-runtime-6.0.27-win-x64.exe Token: SeIncreaseQuotaPrivilege 6088 windowsdesktop-runtime-6.0.27-win-x64.exe Token: SeMachineAccountPrivilege 6088 windowsdesktop-runtime-6.0.27-win-x64.exe Token: SeTcbPrivilege 6088 windowsdesktop-runtime-6.0.27-win-x64.exe Token: SeSecurityPrivilege 6088 windowsdesktop-runtime-6.0.27-win-x64.exe Token: SeTakeOwnershipPrivilege 6088 windowsdesktop-runtime-6.0.27-win-x64.exe Token: SeLoadDriverPrivilege 6088 windowsdesktop-runtime-6.0.27-win-x64.exe Token: SeSystemProfilePrivilege 6088 windowsdesktop-runtime-6.0.27-win-x64.exe Token: SeSystemtimePrivilege 6088 windowsdesktop-runtime-6.0.27-win-x64.exe -
Suspicious use of FindShellTrayWindow 53 IoCs
pid Process 1808 chrome.exe 1808 chrome.exe 1808 chrome.exe 1808 chrome.exe 1808 chrome.exe 1808 chrome.exe 1808 chrome.exe 1808 chrome.exe 1808 chrome.exe 1808 chrome.exe 1808 chrome.exe 1808 chrome.exe 1808 chrome.exe 1808 chrome.exe 1808 chrome.exe 1808 chrome.exe 1808 chrome.exe 1808 chrome.exe 1808 chrome.exe 1808 chrome.exe 1808 chrome.exe 1808 chrome.exe 1808 chrome.exe 1808 chrome.exe 1808 chrome.exe 1808 chrome.exe 1808 chrome.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 5776 windowsdesktop-runtime-6.0.27-win-x64.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1808 chrome.exe 1808 chrome.exe 1808 chrome.exe 1808 chrome.exe 1808 chrome.exe 1808 chrome.exe 1808 chrome.exe 1808 chrome.exe 1808 chrome.exe 1808 chrome.exe 1808 chrome.exe 1808 chrome.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 1624 OpenWith.exe 984 MiniSearchHost.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1808 wrote to memory of 3336 1808 chrome.exe 84 PID 1808 wrote to memory of 3336 1808 chrome.exe 84 PID 1808 wrote to memory of 3960 1808 chrome.exe 85 PID 1808 wrote to memory of 3960 1808 chrome.exe 85 PID 1808 wrote to memory of 3960 1808 chrome.exe 85 PID 1808 wrote to memory of 3960 1808 chrome.exe 85 PID 1808 wrote to memory of 3960 1808 chrome.exe 85 PID 1808 wrote to memory of 3960 1808 chrome.exe 85 PID 1808 wrote to memory of 3960 1808 chrome.exe 85 PID 1808 wrote to memory of 3960 1808 chrome.exe 85 PID 1808 wrote to memory of 3960 1808 chrome.exe 85 PID 1808 wrote to memory of 3960 1808 chrome.exe 85 PID 1808 wrote to memory of 3960 1808 chrome.exe 85 PID 1808 wrote to memory of 3960 1808 chrome.exe 85 PID 1808 wrote to memory of 3960 1808 chrome.exe 85 PID 1808 wrote to memory of 3960 1808 chrome.exe 85 PID 1808 wrote to memory of 3960 1808 chrome.exe 85 PID 1808 wrote to memory of 3960 1808 chrome.exe 85 PID 1808 wrote to memory of 3960 1808 chrome.exe 85 PID 1808 wrote to memory of 3960 1808 chrome.exe 85 PID 1808 wrote to memory of 3960 1808 chrome.exe 85 PID 1808 wrote to memory of 3960 1808 chrome.exe 85 PID 1808 wrote to memory of 3960 1808 chrome.exe 85 PID 1808 wrote to memory of 3960 1808 chrome.exe 85 PID 1808 wrote to memory of 3960 1808 chrome.exe 85 PID 1808 wrote to memory of 3960 1808 chrome.exe 85 PID 1808 wrote to memory of 3960 1808 chrome.exe 85 PID 1808 wrote to memory of 3960 1808 chrome.exe 85 PID 1808 wrote to memory of 3960 1808 chrome.exe 85 PID 1808 wrote to memory of 3960 1808 chrome.exe 85 PID 1808 wrote to memory of 3960 1808 chrome.exe 85 PID 1808 wrote to memory of 3960 1808 chrome.exe 85 PID 1808 wrote to memory of 3960 1808 chrome.exe 85 PID 1808 wrote to memory of 3600 1808 chrome.exe 86 PID 1808 wrote to memory of 3600 1808 chrome.exe 86 PID 1808 wrote to memory of 3308 1808 chrome.exe 87 PID 1808 wrote to memory of 3308 1808 chrome.exe 87 PID 1808 wrote to memory of 3308 1808 chrome.exe 87 PID 1808 wrote to memory of 3308 1808 chrome.exe 87 PID 1808 wrote to memory of 3308 1808 chrome.exe 87 PID 1808 wrote to memory of 3308 1808 chrome.exe 87 PID 1808 wrote to memory of 3308 1808 chrome.exe 87 PID 1808 wrote to memory of 3308 1808 chrome.exe 87 PID 1808 wrote to memory of 3308 1808 chrome.exe 87 PID 1808 wrote to memory of 3308 1808 chrome.exe 87 PID 1808 wrote to memory of 3308 1808 chrome.exe 87 PID 1808 wrote to memory of 3308 1808 chrome.exe 87 PID 1808 wrote to memory of 3308 1808 chrome.exe 87 PID 1808 wrote to memory of 3308 1808 chrome.exe 87 PID 1808 wrote to memory of 3308 1808 chrome.exe 87 PID 1808 wrote to memory of 3308 1808 chrome.exe 87 PID 1808 wrote to memory of 3308 1808 chrome.exe 87 PID 1808 wrote to memory of 3308 1808 chrome.exe 87 PID 1808 wrote to memory of 3308 1808 chrome.exe 87 PID 1808 wrote to memory of 3308 1808 chrome.exe 87 PID 1808 wrote to memory of 3308 1808 chrome.exe 87 PID 1808 wrote to memory of 3308 1808 chrome.exe 87 PID 1808 wrote to memory of 3308 1808 chrome.exe 87 PID 1808 wrote to memory of 3308 1808 chrome.exe 87 PID 1808 wrote to memory of 3308 1808 chrome.exe 87 PID 1808 wrote to memory of 3308 1808 chrome.exe 87 PID 1808 wrote to memory of 3308 1808 chrome.exe 87 PID 1808 wrote to memory of 3308 1808 chrome.exe 87 PID 1808 wrote to memory of 3308 1808 chrome.exe 87
Processes
-
C:\Users\Admin\AppData\Local\Temp\ninja.exe"C:\Users\Admin\AppData\Local\Temp\ninja.exe"1⤵PID:484
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious use of SetWindowsHookEx
PID:1624
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService1⤵
- Checks processor information in registry
- Modifies registry class
PID:2892
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1808 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ff972d9ab58,0x7ff972d9ab68,0x7ff972d9ab782⤵PID:3336
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1584 --field-trial-handle=1732,i,7459361257123401272,15321013820097248277,131072 /prefetch:22⤵PID:3960
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1732,i,7459361257123401272,15321013820097248277,131072 /prefetch:82⤵PID:3600
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2168 --field-trial-handle=1732,i,7459361257123401272,15321013820097248277,131072 /prefetch:82⤵PID:3308
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3056 --field-trial-handle=1732,i,7459361257123401272,15321013820097248277,131072 /prefetch:12⤵PID:3316
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3144 --field-trial-handle=1732,i,7459361257123401272,15321013820097248277,131072 /prefetch:12⤵PID:3716
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4180 --field-trial-handle=1732,i,7459361257123401272,15321013820097248277,131072 /prefetch:12⤵PID:432
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4532 --field-trial-handle=1732,i,7459361257123401272,15321013820097248277,131072 /prefetch:82⤵PID:2088
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4660 --field-trial-handle=1732,i,7459361257123401272,15321013820097248277,131072 /prefetch:82⤵PID:3572
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4540 --field-trial-handle=1732,i,7459361257123401272,15321013820097248277,131072 /prefetch:12⤵PID:4396
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4968 --field-trial-handle=1732,i,7459361257123401272,15321013820097248277,131072 /prefetch:12⤵PID:4924
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:964
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1548 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff972f63cb8,0x7ff972f63cc8,0x7ff972f63cd82⤵PID:2336
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1932,14935125151569361629,17813286365879687237,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1936 /prefetch:22⤵PID:3060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1932,14935125151569361629,17813286365879687237,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1940
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1932,14935125151569361629,17813286365879687237,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2520 /prefetch:82⤵PID:4152
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14935125151569361629,17813286365879687237,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:12⤵PID:3284
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14935125151569361629,17813286365879687237,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:12⤵PID:1640
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14935125151569361629,17813286365879687237,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4436 /prefetch:12⤵PID:1896
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14935125151569361629,17813286365879687237,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4352 /prefetch:12⤵PID:4044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1932,14935125151569361629,17813286365879687237,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4140 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14935125151569361629,17813286365879687237,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4056 /prefetch:12⤵PID:1160
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14935125151569361629,17813286365879687237,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4124 /prefetch:12⤵PID:1096
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14935125151569361629,17813286365879687237,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:12⤵PID:4604
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1932,14935125151569361629,17813286365879687237,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1832
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14935125151569361629,17813286365879687237,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:12⤵PID:3484
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14935125151569361629,17813286365879687237,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3848 /prefetch:12⤵PID:4836
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14935125151569361629,17813286365879687237,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:12⤵PID:3952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14935125151569361629,17813286365879687237,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3996 /prefetch:12⤵PID:1868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14935125151569361629,17813286365879687237,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:12⤵PID:5492
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3920
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:72
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca1⤵
- Suspicious use of SetWindowsHookEx
PID:984
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc1⤵PID:2688
-
C:\Windows\System32\oobe\UserOOBEBroker.exeC:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding1⤵
- Drops file in Windows directory
PID:2252
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exeC:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding1⤵PID:4588
-
C:\ProgramData\Package Cache\{d87ae0f4-64a6-4b94-859a-530b9c313c27}\windowsdesktop-runtime-6.0.27-win-x64.exe"C:\ProgramData\Package Cache\{d87ae0f4-64a6-4b94-859a-530b9c313c27}\windowsdesktop-runtime-6.0.27-win-x64.exe" /uninstall1⤵PID:5748
-
C:\ProgramData\Package Cache\{d87ae0f4-64a6-4b94-859a-530b9c313c27}\windowsdesktop-runtime-6.0.27-win-x64.exe"C:\ProgramData\Package Cache\{d87ae0f4-64a6-4b94-859a-530b9c313c27}\windowsdesktop-runtime-6.0.27-win-x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\{d87ae0f4-64a6-4b94-859a-530b9c313c27}\windowsdesktop-runtime-6.0.27-win-x64.exe" -burn.filehandle.attached=576 -burn.filehandle.self=592 /uninstall2⤵
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
PID:5776 -
C:\ProgramData\Package Cache\{d87ae0f4-64a6-4b94-859a-530b9c313c27}\windowsdesktop-runtime-6.0.27-win-x64.exe"C:\ProgramData\Package Cache\{d87ae0f4-64a6-4b94-859a-530b9c313c27}\windowsdesktop-runtime-6.0.27-win-x64.exe" -q -burn.elevated BurnPipe.{46EDDE8D-9044-4E9D-8DB2-8A9E397200F7} {30B3781A-F9BD-4CFB-AA76-D5BAEBE31ED6} 57763⤵
- Adds Run key to start application
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:6088
-
-
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:6136 -
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 31BF83A0961D63C5DD7174B4F7DA20762⤵
- Loads dropped DLL
PID:4740
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding F55A8A9EBFCBA988A338D048A8E7F31C2⤵
- Loads dropped DLL
PID:5172
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding F61655CCF89DA287CFF7216F3FED76CF2⤵
- Loads dropped DLL
PID:1580
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 670AA5CC08E33CD70C77A479681F88F02⤵
- Loads dropped DLL
PID:1044
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
132KB
MD5f57f3b5101a47eecbbb08c0d1f3ab4a5
SHA1cd90e5437f0e9388135f5beb1672766c407ad8a4
SHA2566400baa4b4fdd08c6cc72abdbf2194e119b30f94df47d4d232dbb7996565b25a
SHA51210e70047bfa452d4ae40b124ba5097bf6d79801d347158daf11761f2f4534632e9aa204a9e46b06ac641e16bbd8ef4d14f660c1bb84514f9bf7cf988ac9c3480
-
Filesize
9KB
MD570cbfd5dc9049c0cb0b95f6f6b13f331
SHA172f882ce0cbc9695b0319d8e0f9f8436ce4df8ca
SHA2569930897c3e35fa68130768d0905c75734ff485fbc405c77bf724d2f87d3a882a
SHA512770683a0b6b4552391f9646ffb7007327a40f84a3657e11655341d8d0330c436cae94da4ed63f93351cbb7e7977323103629e6ecc02f291dcee503efad38ad71
-
Filesize
3B
MD521438ef4b9ad4fc266b6129a2f60de29
SHA15eb8e2242eeb4f5432beeec8b873f1ab0a6b71fd
SHA25613bf7b3039c63bf5a50491fa3cfd8eb4e699d1ba1436315aef9cbe5711530354
SHA51237436ced85e5cd638973e716d6713257d692f9dd2e1975d5511ae3856a7b3b9f0d9e497315a058b516ab31d652ea9950938c77c1ad435ea8d4b49d73427d1237
-
Filesize
8KB
MD5e1a9fdc188ec3c9ad4c628862ae8d05a
SHA1d520a7139ef4c9c8dde510c9a161fb11696ac56f
SHA2561ac9e379f36089e571776d97010b9ce8f1da966b3436cdba12fd46dd8e277fb0
SHA512b48c4b885f5a0f1b9864c8446806d5ca1fb2e31a8459175bcc5b2d6d59df8df2684fa6c31425a1f97ff2b4dd6ebb9b0ed2092a18664ab9763e7052d58e4e44e3
-
Filesize
102KB
MD57abe39e9f48d62cf570f43d501890001
SHA1e3a8b465703c059aad5d00cbe9c0423a6db0abab
SHA256505837be6cf62a1f39a28f104b74f47f67121848a9e8475f5b36ff0105592fbf
SHA512c3ae02cc4b5b6b3767b6a6297511ae3f1644a330f14b438c34cde83c36dc5851362e106840cdc63303888ab84675d30ec2ff4f7370143686bfe0a1b7c4d05833
-
Filesize
811B
MD5a5a6c3071dbf7be8273bc6b746a8c3a4
SHA1f5e341797150053d374036a581cdb6675839e13c
SHA25675531b4e6719c7f6f61a8ca9b5b12a88421bea28dcec6548a5ce55caeacaab5c
SHA512dc8dc139c9b8a8246063152c7d6d3e9bc92cf1f0cb562af2e524396ec1080f820bb53603e692e255d00f4d3e729227dcb9dbcbf6226f515b01ca3245fa3d2b31
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
7KB
MD557723e4d6cec23969134aeb69129d6f9
SHA1e9573e2ea01ae9a57995095598bf1e4c9f5cf82f
SHA256b6df2679b39c6b5dbc3a5ad627e67be5ef63019c6ed6139aea3f8bbe39e3d5c5
SHA512d9f3f218f052f62cef51166a213c97bd581e2cfe06b159f6040014a787a7e8940224277e920107774ead667d9253bccde7c851ac2495651388ecd204332c1b06
-
Filesize
7KB
MD5309c159dad5a456064b1dec996f735a9
SHA197cd929b469f35f3ec897e768f35a040820331f3
SHA256d356153f18513654295e40bf9a02dc67d1009f59e63233da9291af76ac5b6d0d
SHA5127407d1195a634e7bbf2810102dc70d43ea42c19270c5004c4c15c239d8bab093e7811bf896d985dca2fc6e207130c3341f2d723f7f9d212ab3838355673b31a4
-
Filesize
129KB
MD5d621320d3801917a7c2bade778fd66fc
SHA137b6037d5a9c58cffcb1f95514471c3b889a4bd5
SHA2565164fb747b4750825d541595d6135d9c56a18e9bea6ed23c2a9c5c26339ac4b0
SHA51220a5741aba7cfb822161ba70c54a0b869f13c62f2bd57972384b6bff50b81df1450d0dd8a0408193edf6f33546ad1a586525ce7dbb12c6735c004eca3a556b98
-
Filesize
129KB
MD59379979e28952eddc445d8b09203ffbb
SHA183f8565fe8b08d5e5cfeaa0c2a70854acb126fba
SHA2563b31127f3135fa08495494747eff9ac6217f73a68816cca2aaa8ed12c5732f73
SHA512ad5bea647aaf1286a90d45fcec4a93948d2b156a00d96d7371039d57d4bfc5f383a8e4fdaae01eaff7de8aacb8e5400343c9871670c5e598e6a5782f3306870c
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
152B
MD5c1c7e2f451eb3836d23007799bc21d5f
SHA111a25f6055210aa7f99d77346b0d4f1dc123ce79
SHA256429a870d582c77c8a661c8cc3f4afa424ed5faf64ce722f51a6a74f66b21c800
SHA5122ca40bbbe76488dff4b10cca78a81ecf2e97d75cd65f301da4414d93e08e33f231171d455b0dbf012b2d4735428e835bf3631f678f0ab203383e315da2d23a34
-
Filesize
152B
MD56876cbd342d4d6b236f44f52c50f780f
SHA1a215cf6a499bfb67a3266d211844ec4c82128d83
SHA256ca5a6320d94ee74db11e55893a42a52c56c8f067cba35594d507b593d993451e
SHA512dff3675753b6b733ffa2da73d28a250a52ab29620935960673d77fe2f90d37a273c8c6afdf87db959bdb49f31b69b41f7aa4febac5bbdd43a9706a4dd9705039
-
Filesize
5KB
MD505bb784bb7aef9a3b7b66c8ad5b5d2f2
SHA12f5e3e0e96972cbcf0cb458fc71164973a3962b9
SHA256a8cee849877d258a8c2f1bcf45161de813b1e1656768398363350055b9e5bd3e
SHA5125632ddb7a8c7613b60351994912f76062175d64cbae9f6991e50997a75bb03a48c5475b9e29904be1753152c7dcf9f9c0247c4a99476e4523e52d1238fc3437a
-
Filesize
5KB
MD502813055f5f8b51a887506bf786e5588
SHA18df9ca550e848a2d599388d8f87a295a350537e0
SHA25688263e4f2e84cdf29692842a78c486ae723b8e06be797c12d52f5b7300326850
SHA51257635dc2032856ea094619da00440ca350bea910b635138fb591a533d7eb81767bb79697a288ebf8db8d0e5ec2880294964ec7d024125509cb5aaa1fc8fced27
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
8KB
MD59d415ca51022b1ff34c1d0b53195a739
SHA1f86b10f06d1820d57275e3973c326bb0eff0636d
SHA256c6fb634d26d5a3559b3f742760605cdbe11910d25edb43778203e43a5b2ab06f
SHA5125f7c7f877175d351892d5bb7fc785e54ac055a1ff2aba096b1df6c8b38894c79bc216a6211ad8d5bc5dbc17dc93c9f99272978186915dd0c147d0df9937d4ee3
-
Filesize
8KB
MD5691e653227f988aee91b6412638ee585
SHA137dab37a7f789047173d1eb99beff1c83f98d429
SHA25688b18df6a96ad7f2a27ee3fb44aeebc18c6ac070cc8fea2b2b2470e92a6d2dd0
SHA51277deb67ba654c5874458d54af5f1c46ded6ff85212595208f1c96d063347b4b526b3a02b9c2d19779066361eb872fff9071d6bc7a49ba1893970fe08f78c9397
-
Filesize
8KB
MD5b4a19d9662ae16e3e2cca7695b333a9a
SHA11374489498c0d3a944d38307b532e223197e98ea
SHA25693d18dc85eb69a2fe04346d6e47199dc17210c08316d09ae64cb171c3826d62d
SHA512bd3d68310980fd1385c4a464dfa99b21526443e98639b7199d2b8d8b828004e631dbd193e529bab673a8e0f839120281b85b4abe88c12560b4b857e95c7f44ef
-
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_6.0.27_(x64)_20240611094453_000_windowsdesktop_runtime_6.0.27_win_x64.msi.log
Filesize1KB
MD56eaf4d6dde1429b5379e9c1d5555a1dc
SHA1af8341a70c01d9fd349e219c85b659fae34b562d
SHA256be9984311bf931f4895c1b272a17118f0f892048394411a346a581a580840c22
SHA51238c7ad649be6ea008e49ba73964643fc7f887787d043f92cfa799e1cbb1f85c3a81214716c1f2a2649528df99be1b9696ab856bb93f70143a2be2286b99e80d3
-
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_6.0.27_(x64)_20240611094453_001_dotnet_host_6.0.27_win_x64.msi.log
Filesize3KB
MD5eb454c36838bd677ce277c102aa50aa6
SHA1771434e2320c7a62604010ef665a1675fa8effce
SHA2566e1a5cee23752ff994d4765f3cdc583a16ea67a83bf4df60435b258fdcea60a4
SHA51289b9d6d90d1127a16094c8f5131828d202b5691e2856543057e29786af998e3241541a0c16fb910e2dba86cb04c65633a234695c263bf8b0e9bac0ec3e9c0bdf
-
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_6.0.27_(x64)_20240611094453_002_dotnet_hostfxr_6.0.27_win_x64.msi.log
Filesize3KB
MD5da318afdb7d0ea771f0e1dd250b4776b
SHA190632d500a481d381c75931a65bf65802f6e5aff
SHA25680060a89f4f5912aeebeed4d465054fcb6b8d60becca260e6ee25843e66a191c
SHA512487a8ecbd94bc185f9f6f963f51f9054176ea6ffb9b653660508b59935d5c1424c08133f72fe2d447e1e54ef290a114aee3d4393830823c22ec910a3806456cb
-
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_6.0.27_(x64)_20240611094453_003_dotnet_runtime_6.0.27_win_x64.msi.log
Filesize3KB
MD52633a7e996e507d4896baa7e73736552
SHA13c654b5741c47fdbff3c0cf45a3fd8994b07809d
SHA25669f462112746ed10894d6b4e8b7b171c1779374f0714e96532f091d931c76a17
SHA51239f8b011152c74b450d512b89bb41dccba61dc13aaaa50ae3fc293bb52ddf19bf9c57031c52abef4744538c1c39cc8d74e72f49a14c4c995fc79504cc1b39790
-
Filesize
225KB
MD5d711da8a6487aea301e05003f327879f
SHA1548d3779ed3ab7309328f174bfb18d7768d27747
SHA2563d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283
SHA512c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681
-
Filesize
4KB
MD59eb0320dfbf2bd541e6a55c01ddc9f20
SHA1eb282a66d29594346531b1ff886d455e1dcd6d99
SHA2569095bf7b6baa0107b40a4a6d727215be077133a190f4ca9bd89a176842141e79
SHA5129ada3a1757a493fbb004bd767fab8f77430af69d71479f340b8b8ede904cc94cd733700db593a4a2d2e1184c0081fd0648318d867128e1cb461021314990931d
-
Filesize
197KB
MD54356ee50f0b1a878e270614780ddf095
SHA1b5c0915f023b2e4ed3e122322abc40c4437909af
SHA25641a8787fdc9467f563438daba4131191aa1eb588a81beb9a89fe8bd886c16104
SHA512b9e482efe9189683dabfc9feff8b386d7eba4ecf070f42a1eebee6052cfb181a19497f831f1ea6429cfcce1d4865a5d279b24bd738d702902e9887bb9f0c4691