Overview

overview

8

Static

static

1

URLScan

urlscan

1

https://cdn.discorda...

windows10-1703-x64

8

Analysis

  • max time kernel
    141s
  • max time network
    143s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    18/08/2024, 18:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://cdn.discordapp.com/attachments/1272473353420148756/1274790922214834189/Installer.exe?ex=66c38910&is=66c23790&hm=338f8bfa69404ccef9c937d96185c6c58dc6446a4594870cd72b9cd263b6fb70&

Score
8/10
discoverypersistence

Malware Config

Signatures

  • Downloads MZ/PE file
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 6 IoCs
  • Loads dropped DLL 64 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 33 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 10 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 9 IoCs
  • Modifies registry class 64 IoCs
  • NTFS ADS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: MapViewOfSection 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 43 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Windows\system32\LaunchWinApp.exe
    "C:\Windows\system32\LaunchWinApp.exe" "https://cdn.discordapp.com/attachments/1272473353420148756/1274790922214834189/Installer.exe?ex=66c38910&is=66c23790&hm=338f8bfa69404ccef9c937d96185c6c58dc6446a4594870cd72b9cd263b6fb70&"
    1⤵
      PID:4240
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:196
    • C:\Windows\system32\browser_broker.exe
      C:\Windows\system32\browser_broker.exe -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • NTFS ADS
      • Suspicious use of WriteProcessMemory
      PID:1888
      • C:\Users\Admin\Downloads\Installer.exe
        "C:\Users\Admin\Downloads\Installer.exe"
        2⤵
        • Checks computer location settings
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:976
      • C:\Users\Admin\Downloads\windowsdesktop-runtime-8.0.8-win-x86.exe
        "C:\Users\Admin\Downloads\windowsdesktop-runtime-8.0.8-win-x86.exe"
        2⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:3020
        • C:\Windows\Temp\{00E02E58-34DD-4EA2-9AA1-259F3195E18A}\.cr\windowsdesktop-runtime-8.0.8-win-x86.exe
          "C:\Windows\Temp\{00E02E58-34DD-4EA2-9AA1-259F3195E18A}\.cr\windowsdesktop-runtime-8.0.8-win-x86.exe" -burn.clean.room="C:\Users\Admin\Downloads\windowsdesktop-runtime-8.0.8-win-x86.exe" -burn.filehandle.attached=544 -burn.filehandle.self=548
          3⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of WriteProcessMemory
          PID:1444
          • C:\Windows\Temp\{80F01F84-1189-45FE-A467-0548A9791A3C}\.be\windowsdesktop-runtime-8.0.8-win-x86.exe
            "C:\Windows\Temp\{80F01F84-1189-45FE-A467-0548A9791A3C}\.be\windowsdesktop-runtime-8.0.8-win-x86.exe" -q -burn.elevated BurnPipe.{279EC4B1-7B0E-40B7-850E-398201144691} {EEFF130B-A2B6-4808-BBFF-F7915D058167} 1444
            4⤵
            • Executes dropped EXE
            • Adds Run key to start application
            • System Location Discovery: System Language Discovery
            • Modifies registry class
            • Suspicious use of AdjustPrivilegeToken
            PID:3916
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2640
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:2496
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      PID:68
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      PID:4412
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      PID:4276
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      PID:836
    • C:\Windows\system32\msiexec.exe
      C:\Windows\system32\msiexec.exe /V
      1⤵
      • Enumerates connected drives
      • Drops file in Program Files directory
      • Drops file in Windows directory
      • Modifies data under HKEY_USERS
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:4588
      • C:\Windows\syswow64\MsiExec.exe
        C:\Windows\syswow64\MsiExec.exe -Embedding A62591B1F637BE1798EE871039D0F1AB
        2⤵
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:1380
      • C:\Windows\syswow64\MsiExec.exe
        C:\Windows\syswow64\MsiExec.exe -Embedding C733E712B80653EEC0DB2E81A25A508A
        2⤵
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:3888
      • C:\Windows\syswow64\MsiExec.exe
        C:\Windows\syswow64\MsiExec.exe -Embedding 36685BFD7EB376F12627D6856A3F1EC9
        2⤵
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:2992
      • C:\Windows\syswow64\MsiExec.exe
        C:\Windows\syswow64\MsiExec.exe -Embedding 4BB6130121C23B0B97FA331E4DE7328A
        2⤵
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:5088
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:3460
      • C:\Users\Admin\Downloads\Installer.exe
        "C:\Users\Admin\Downloads\Installer.exe"
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:3328
        • C:\Users\Admin\Documents\Script-Ware\Script-Ware.exe
          "C:\Users\Admin\Documents\Script-Ware\Script-Ware.exe"
          2⤵
          • Checks computer location settings
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:2136

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Config.Msi\e5862df.rbs
        Filesize

        48KB

        MD5

        b6f422f1b8fb6436e09ce80fb7be8642

        SHA1

        6b613586534d234df2168c0974fa6b1bc08c5839

        SHA256

        b58703e7f70ac172a04685e6d4e47ae881f98379f2aed24403d9afb880e7f77f

        SHA512

        529d55334389db2cab6420d5cc218112aa3bb095f15d3f125fea7d127b844633f2f71b55ce7554d68a0dba22229c3f37a265e1c64801f788a15236a47821cb79

        Download Submit

      • C:\Config.Msi\e5862e4.rbs
        Filesize

        8KB

        MD5

        d2b82a81f98c2b9644d97361f8f390f6

        SHA1

        3e6a567e2f9c58e91be5dd3ef8c52030ee9602af

        SHA256

        e26a1222fd99ad74548033bda19745dd026dd1647cfd8960251ee38aba843eef

        SHA512

        ad0ff2e24d881e56daad4512413df60b448b0d0c5e23410c96afeba5f8204aed491c3225552daf00fd6bce2ae4f6ea2b8ef38b9116493e09ac363ed28e718ebb

        Download Submit

      • C:\Config.Msi\e5862e9.rbs
        Filesize

        9KB

        MD5

        0353ef1245d20265bc44dada7dffc6d6

        SHA1

        a6bf00eff49e758e8466d434b23de744c8b9e188

        SHA256

        2d681bff33adf6cd2788676e44a1c18342a80887b083e239fab4e2b242e9c536

        SHA512

        eaf6a46603d811b8ae3585178fc269c2a574d5371df6fd8da9272ec87579a66c4102ea4348d2e73689f327d618cf72e2007fb2526b04db14312672fd84ac441c

        Download Submit

      • C:\Config.Msi\e5862ee.rbs
        Filesize

        90KB

        MD5

        057667e54fe09b2ebda2d5258ef3fffa

        SHA1

        45920e0fb8ac10aaa64dbf4b802c0fecd1427182

        SHA256

        3a54b9d44a0e567a10f3cc77d10c693ea63ed78f7c375ee57e71254a1fab9de5

        SHA512

        1bc7cd9a1b12559bf6d92cda4c2f0e497150d31917de9d18b244cbc2d57b221bc436e882e517fef3bd57e14726fa54c11362c2a622ab9085e1892e08229cceae

        Download Submit

      • C:\Program Files (x86)\dotnet\LICENSE.txt
        Filesize

        9KB

        MD5

        31c5a77b3c57c8c2e82b9541b00bcd5a

        SHA1

        153d4bc14e3a2c1485006f1752e797ca8684d06d

        SHA256

        7f6839a61ce892b79c6549e2dc5a81fdbd240a0b260f8881216b45b7fda8b45d

        SHA512

        ad33e3c0c3b060ad44c5b1b712c991b2d7042f6a60dc691c014d977c922a7e3a783ba9bade1a34de853c271fde1fb75bc2c47869acd863a40be3a6c6d754c0a6

        Download Submit

      • C:\Program Files (x86)\dotnet\ThirdPartyNotices.txt
        Filesize

        93KB

        MD5

        90630d9ee3e0a5672166a45e00f79a5f

        SHA1

        d1148f8c7558e9b8a81bf1f50f9e3bed89d9928c

        SHA256

        1271701f435f7fe4aa81dc7e273ca80b6391b73580ee20b35a956052c95de4cf

        SHA512

        29e10bd57d1c580ece70b9b7c4a69dc036a5a64012eb89ba360a71be6b808150610ea0737351277a3d4235c02323fabef29f092fa6b2a40f0289f55a7973e93d

        Download Submit

      • C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\8.0.8\Microsoft.NETCore.App.deps.json
        Filesize

        27KB

        MD5

        b161b81e904d380a0e66bd23fcd3e840

        SHA1

        e7ee8a3045d213e860af5c8c08219f245d4d02d1

        SHA256

        c248d937b609bfec68ae2c942c0f1635e0bb3f3b8cddd3916e8a49ffada2f917

        SHA512

        880aeb361bc96db190733e5419680525401c1bf213fc8c5b5ab9fddb4dc35c6c1305c128ed8f186ae5cd11ef2221bba09a1d5525d98279f5b4bf2aa9c83d8e77

        Download Submit

      • C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\8.0.8\Microsoft.NETCore.App.runtimeconfig.json
        Filesize

        53B

        MD5

        0828cc814843c0960554265cda859ef5

        SHA1

        0140385a9e76436a7f3fed45136462f3393b5cba

        SHA256

        ac377253f9f7cf9d6127d684369de36da123d992cdc2e17950e3c8bf9688df76

        SHA512

        22cbb29225f35cea4329a08be760420cab6ab7ea85628436b7518759e09acee8f382d79c800e5c8f6ba647ca98b32a35a3a52cc1cb5b9cbd2e3b20fa314d839a

        Download Submit

      • C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\8.0.8\System.Private.CoreLib.dll
        Filesize

        12.0MB

        MD5

        c77f4912feb12f4b78e4d81c842dda36

        SHA1

        2780fd08ebea6792ce82039d3cc452a1a456fe01

        SHA256

        f765bf578b84b6e53d320da18929d8a6bdf7013a4fa5f40437c6f2458b25be1e

        SHA512

        a54f8b21b8e2c903d0df235707b6d9d592ff288b6492b401371a1229c52f22dfba7bebfff6e23a2c8f5c1f6cd9e29a46d66d3537a39902e28906afbd6e22db03

        Download Submit

      • C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\8.0.8\coreclr.dll
        Filesize

        3.9MB

        MD5

        fbef6a6a1dcfaa9ba2b861769aa2a6d7

        SHA1

        11a95fccb0902905fb97fc0877105ed41b8015ac

        SHA256

        6a2e336c11cbfa544252236ff6824760e524ff8042755235bd16fbce0b540bf8

        SHA512

        9c114ab67243827f94c91019f6fdeeb2640f8047b0002ea7dd1ac69abc9fa6324e3281da7af43b102b2f55121fd31fbf8aa17c48bb8a0580411ade7dd09f8e68

        Download Submit

      • C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.8\Microsoft.WindowsDesktop.App.deps.json
        Filesize

        30KB

        MD5

        941864e70b0204d727cd7f1c009e7b22

        SHA1

        a1d82273bbc78039aa54ad39760dc3aee8a2b438

        SHA256

        d84fcab4ffe2af4f43532b967171f46685bd53d5fe3d8f278c2eed74e2c07813

        SHA512

        9b563cadab4730ae2c2f5411d1fa47d435245ead07ef26f88389f142e887aea1ccf539a7a904bb04bd63456ced05192ac7b03aa2901609ad4defd9414af2f0f0

        Download Submit

      • C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.8\Microsoft.WindowsDesktop.App.runtimeconfig.json
        Filesize

        182B

        MD5

        8733d6017984d0ca78282be5c282e9de

        SHA1

        de4e213fa4a6734671c91c73518f78993c337996

        SHA256

        00216f13d30e7f58283cb7dc410ab2343357324cacba768dff3404700d0f0311

        SHA512

        7d64360b47ea1931f1c40665f71929d7e2a2c7201fa8b7177198a495738945f21f5d6bca723d5978003b1ab6b968d25271733cca5a46dad1ad183fbf317d3dc5

        Download Submit

      • C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.8\WindowsBase.dll
        Filesize

        2.0MB

        MD5

        bca72b6682ae23a396fbf7543014f5b0

        SHA1

        14af2870beb70e3c80fba7c9c28476cf6b982477

        SHA256

        b880b3fc1c4c9a1f33d23ba41e0a565e826b4675708c9540c267e49836924ee0

        SHA512

        34e43950a9479a364ccfb05e91e480575e4adfe1a4d332a355f056a27701399407129a4ffc37f4433383203a134f28e3f853c1a6553b2600baf1c9e5c1df9743

        Download Submit

      • C:\Users\Admin\AppData\Local\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_iecompat\IECompatData.xml
        Filesize

        74KB

        MD5

        d4fc49dc14f63895d997fa4940f24378

        SHA1

        3efb1437a7c5e46034147cbbc8db017c69d02c31

        SHA256

        853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

        SHA512

        cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\K00Q7DLO\dotnet.microsoft[1].xml
        Filesize

        13B

        MD5

        c1ddea3ef6bbef3e7060a1a9ad89e4c5

        SHA1

        35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

        SHA256

        b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

        SHA512

        6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\K00Q7DLO\dotnet.microsoft[1].xml
        Filesize

        84B

        MD5

        8219f1d54711adf813f47b1a21f7e9a0

        SHA1

        615088e13888faa8dede0dd6cd38abb4cf16859e

        SHA256

        57e5ddd2b505594c7c614289a4c3ec9b0b5c80d1f099252451bdbce4cbce89fe

        SHA512

        a1f61334f00de9dd975e5cc4ba3546f1cf69e08d0386875b1280078e595d06d9eb8cbff9a8bdb61ade9cb3c26366cd423b23ce7ba30ecf997b58b83f501d59fb

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\FFUBHLLC\suggestions[1].en-US
        Filesize

        17KB

        MD5

        5a34cb996293fde2cb7a4ac89587393a

        SHA1

        3c96c993500690d1a77873cd62bc639b3a10653f

        SHA256

        c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

        SHA512

        e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5W0ULC6J\Installer[1].exe
        Filesize

        16KB

        MD5

        49f5d7290a10c770dfdb1fa6b1f3d163

        SHA1

        f7b5f934b25de581867e5d18ddcf50fa1a02fe7f

        SHA256

        c64c0125a115638d4d03fc19961984e1357a31886163735ee08fd7804194eabe

        SHA512

        cc82c0611d2f137aa5ac4c763bbb02017581e0a8bdecdc1ad83bc2ea1e1dfb087fbc6ff91a3fb98d914e6f471eb29d444a1503174918fe22605775ea45ba2641

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5W0ULC6J\windowsdesktop-runtime-8.0.8-win-x86[1].exe
        Filesize

        32KB

        MD5

        5cc4f4943884b362f73605b84a638653

        SHA1

        3d6b2928f1b2950c7749be0affee9d4992c36ab9

        SHA256

        55fe8c6a74a77e388c1e6ff6d6da2f966ff12aa2c9f9de9aa4f35a653ea65833

        SHA512

        0e67a92b70e62573f9960714661772254956f85fc05a51353cf7c3caab244f62028fb7ea8702c52eae3ba93d748ddb904711999d13e16bebda2e1a0ed2660982

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\C5SQ01PP.cookie
        Filesize

        223B

        MD5

        83d5c715de9e809728d45bc2820286f5

        SHA1

        38c2b808b9342fb02a83da120c10e6b4435fd61f

        SHA256

        dd246c31088f6a5a1d6fe38dc89e4d3ab022239e38f49aeede93f0e85ff1e5c6

        SHA512

        3e31e3562e6fd56562ea3eb73e35a92c39bc1df7123e0614146982dba825c767742b0fa061110471ae489589c27bf5d90dc8afa4f486cbd456efbcf58823d820

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_8.0.8_(x86)_20240818180958_000_dotnet_runtime_8.0.8_win_x86.msi.log
        Filesize

        2KB

        MD5

        c4096ff8d90629ecfda279da9d1552a5

        SHA1

        37eced05af0efa5c54e6f017881548904f132454

        SHA256

        d5f0198edd35255ab148da7c4993d247447e2cfe8b2c6534b16c7400e3e70671

        SHA512

        9cbd8139a1612c4e069e92b36f6b86bfcb426eb50c8969230cdaa9f714125ed85788707c5b2034298260697958ccc1a2ada7b60bc40c07a632a64456e1d16b69

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_8.0.8_(x86)_20240818180958_001_dotnet_hostfxr_8.0.8_win_x86.msi.log
        Filesize

        2KB

        MD5

        09f1aa1e7a9bba949dfc5593e28560be

        SHA1

        9fec98d32255690bb625528fe2530c0ac76de4b9

        SHA256

        26511b810059d015646715934f1c5a68e7e58f2a0da7302b1efd12c6924d3ecb

        SHA512

        8a7e4e9f58259f9e3c2e9963f1ad3dd528c2dfa1606e75db4dd9d595afb7e54346f7f24815b8d1be23a59d99501314cc67d96fe39a4ffed527d1b943eeb4d3b4

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_8.0.8_(x86)_20240818180958_002_dotnet_host_8.0.8_win_x86.msi.log
        Filesize

        2KB

        MD5

        74bb89b23ad0e1fb2bf87197c2d9c336

        SHA1

        0e81e1f9c3e982dbc165e81adaca6ab233150938

        SHA256

        d2c7ddcdba749269c67d182b1e705fdc994ef922771e141b85847479bddd6c2c

        SHA512

        5b5d45063b22bd40c062dbe6d1330402f923a9477a37956d1383a0c7f0db068ea2f7e2caf9da3dc37ec97884827bdf55f97655cb855cddbd91b86a5c303fd5b0

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_8.0.8_(x86)_20240818180958_003_windowsdesktop_runtime_8.0.8_win_x86.msi.log
        Filesize

        2KB

        MD5

        4f01d81229c725059140824098f23c94

        SHA1

        ecb6dff5064037810f36a67db907508bed96fee0

        SHA256

        3eaca8be88adc6ae9db59bf280aa7b26b0287e10b5fce3d68c7229a2ed84e233

        SHA512

        7c5e2e628f6832df7f48e32ae5ebfc20afbcd1d8c12cf547431a40c78e1e3296fc786f1f28230f4a1b28cddcdf319ef7c548bc6bd71ca1e9586b360556d657fd

        Download Submit

      • C:\Users\Admin\Documents\Script-Ware\Script-Ware.exe
        Filesize

        4.6MB

        MD5

        fb00b55a31ea7ba48a9e8c21989edf25

        SHA1

        2be32da8e3ef8f35eb05658d7c84f6d8b3fabdbf

        SHA256

        5abea702d1417e6948fdcda0586b62afc565de39b3e66e953a54f370f58dcf11

        SHA512

        802fb06ebebd16f57daf4e1458ae2b7996f4ff6a5f9aa05ecfc01ed0e9fe4eb1b5d27f6096b1107404bb09ebb6e01f74fb2bec0c5b394978c3581a218a035305

        Download Submit

      • C:\Users\Admin\Downloads\Installer.exe.vyw300u.partial
        Filesize

        2.3MB

        MD5

        c9cab919c3b4310a7cabf1f3f91891e5

        SHA1

        fde1fd40f5ad81e0d5e6bbfb86fd802f80ce856d

        SHA256

        c7fdeb046c6343df12f0ab320d7bd298f486ecf1d60cf219202b509436b338ae

        SHA512

        8ac8de5dc31d9163499b330bc7926001b0ee813ed2fb699d72db87402fa1b83d67a93fb7e09d0193bb80c465b3e39a394441b690198ad184d90b8d26fe75e679

        Download Submit

      • C:\Windows\Installer\MSI6F71.tmp
        Filesize

        244KB

        MD5

        60e8c139e673b9eb49dc83718278bc88

        SHA1

        00a3a9cd6d3a9f52628ea09c2e645fe56ee7cd56

        SHA256

        b181b6b4d69a53143a97a306919ba1adbc0b036a48b6d1d41ae7a01e8ef286cb

        SHA512

        ac7cb86dbf3b86f00da7b8a246a6c7ef65a6f1c8705ea07f9b90e494b6239fb9626b55ee872a9b7f16575a60c82e767af228b8f018d4d7b9f783efaccca2b103

        Download Submit

      • C:\Windows\Temp\{00E02E58-34DD-4EA2-9AA1-259F3195E18A}\.cr\windowsdesktop-runtime-8.0.8-win-x86.exe
        Filesize

        635KB

        MD5

        cd5ea9cc738bc5c11990fb0cc065a532

        SHA1

        14fa040aa27ba085c61920bef5b096aa6d6a1873

        SHA256

        92abd3468d74a5f013db10ad387bd0601d7ae41eabd31deccc2ceb477a620942

        SHA512

        669559a0e2be7725d62ee9966ed28fe9f7c150126d2c4df8da3afb7876286996fdcdf0071b42860bf234dc33fa01209d7d2e3e7a3a3e72ae268ab757a9ef5e65

        Download Submit

      • C:\Windows\Temp\{80F01F84-1189-45FE-A467-0548A9791A3C}\.ba\bg.png
        Filesize

        4KB

        MD5

        9eb0320dfbf2bd541e6a55c01ddc9f20

        SHA1

        eb282a66d29594346531b1ff886d455e1dcd6d99

        SHA256

        9095bf7b6baa0107b40a4a6d727215be077133a190f4ca9bd89a176842141e79

        SHA512

        9ada3a1757a493fbb004bd767fab8f77430af69d71479f340b8b8ede904cc94cd733700db593a4a2d2e1184c0081fd0648318d867128e1cb461021314990931d

        Download Submit

      • C:\Windows\Temp\{80F01F84-1189-45FE-A467-0548A9791A3C}\dotnet_host_8.0.8_win_x86.msi
        Filesize

        772KB

        MD5

        3e4e85ad7ab30bcace6316fb06bfc9a3

        SHA1

        12b8d0a47695bb43c9bd315718393e7d4c84ae61

        SHA256

        8d89104fa197c44ed0dd1144bd9314b81ffd36c8f41bfaf62d7f1bd0166922f8

        SHA512

        0e7cef45a57d7417d6e0a4ae1ad9c54f2383998027dca0bbaf7f154e4892ffcdac11fee962a9284284fb12008745cc9e7cc371be0638ed8abb75bf2489de9e1d

        Download Submit

      • C:\Windows\Temp\{80F01F84-1189-45FE-A467-0548A9791A3C}\dotnet_hostfxr_8.0.8_win_x86.msi
        Filesize

        828KB

        MD5

        b52790ab8896d4161e003d8a10f0dd51

        SHA1

        a3e5f0f9a9316002dabd186860365c7ebaf36b2d

        SHA256

        36cd383cfed51dc12c5262ab1493f51b9d73965b26e5b10fbdab91596d770fbd

        SHA512

        72f46a031274dce409b932ef682c798891d780ad0e6265959a028b3f9f43cca4f288628eb54e3afbd4a85c35da91d6d1f6f2df7a349e607a37a9ae835252d04c

        Download Submit

      • C:\Windows\Temp\{80F01F84-1189-45FE-A467-0548A9791A3C}\dotnet_runtime_8.0.8_win_x86.msi
        Filesize

        24.2MB

        MD5

        27bf75c2f86ae0c09d169fd85c87421a

        SHA1

        83b17bb04f9f72d2870e66584df95cc3bccb8823

        SHA256

        672f1fe525f0cae31cfdc0ec688a17e5d131be5351477dd5264fcd29dbb6b078

        SHA512

        456621fa8340d8a437e30ce8cefaa30a9d3e102eedce38356f88e7b7964d5dab084f8ff7f3f2c121591a4c552054019589d5d0fecf1b831beb090ca14d6dbd2e

        Download Submit

      • C:\Windows\Temp\{80F01F84-1189-45FE-A467-0548A9791A3C}\windowsdesktop_runtime_8.0.8_win_x86.msi
        Filesize

        26.7MB

        MD5

        394286f68c036e90934ddbd5142541cd

        SHA1

        467c6bd0d41c6603b2661e0600b4444f42439d95

        SHA256

        6947c7b9364c3b7dd949ed4855c34455ec91c030f4f4327315389ed5eb45dcdc

        SHA512

        4181d6c90c3d9b9dcc37881be65d014c1962d95591a0181aa3a60722048ff710fbf0b5e55aea3bfedaea5c78b5278fbe24b1d670a09d6f5d18a851faa7c12ed2

        Download Submit

      • \Program Files (x86)\dotnet\host\fxr\8.0.8\hostfxr.dll
        Filesize

        285KB

        MD5

        b8450cb838808760e8d62a61f805ca05

        SHA1

        e521f92850cd0fa5e77138459299f86c06a1bf47

        SHA256

        4df7d590f98808518ab1020a570cd0458e499cda36813425bc35db6e947fbd41

        SHA512

        fd5139f79741c88f627329a45ec3f72e83f000472ee50ae1d81a8202d2c7cfe9f9acc39c07e1498b7f7d01f6866e3170b3bc2160ffe481f2e4d79c4989560f2b

        Download Submit

      • \Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\8.0.8\System.Private.Uri.dll
        Filesize

        242KB

        MD5

        e7b05755ca1dab9ad79c5e9ae65f20ae

        SHA1

        a5626170184b55fc92da48cc803fa68b1de7c871

        SHA256

        7424061fb446b0eb23c3e7c40b1f4d2311cfee37dceb31b90bb8907e25a2f387

        SHA512

        94ab84e8a3107a6590ba76bd5a7b9b17c3c55340d9ff0f7e7a279969a1144c791d46d075fb9f04ec6c596d343d0a532ffa73dd6ab5f6cd4131dea8098270b2de

        Download Submit

      • \Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\8.0.8\System.Runtime.Extensions.dll
        Filesize

        17KB

        MD5

        76436c13bba8732978a08454fd284d23

        SHA1

        359a7a36e8df9517450bff786c07c68abc004c9a

        SHA256

        ad4c4c92bad3d1be04793a39377129a42c45c227fe404113fb9f9bebda3c4b06

        SHA512

        23dcef122ee3da9e0d3a40bcbae1673dc5ef84103207d56fe5b3823e8d20d5b15124bc83de0e6dd60ac06bde8f0ee6527e7d70a654956db68f4af97fc4102a6e

        Download Submit

      • \Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\8.0.8\System.Runtime.dll
        Filesize

        42KB

        MD5

        ea2e0866f900117135c1771d85281303

        SHA1

        ec58a506017621db3233d1513d28727ea2fa7c7a

        SHA256

        819e11fe3c456dfd56377233b2bae5bc11fef41fa3a8816ed30fafff74a2090f

        SHA512

        4fae0463dd343e74d73401e9724e17f044699ccccee3873467a0171360fa1f0af080178a71ad7ddc7878218c9069eccd9b7b85557e699fac0cdaaa28bae0c40a

        Download Submit

      • \Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\8.0.8\clrjit.dll
        Filesize

        1.5MB

        MD5

        61d1f6a0c03477975c2cb12290c9df80

        SHA1

        26d241f651ba8ede4645dfa28086818d4b9dcc97

        SHA256

        3b3889df5457a2ca1b7b1cbfdccc3aa252b4ac1fff2ecb65d6ec1393cb4fd8d9

        SHA512

        304eaa578f4e24d929d393050d27b994831a1ed27b7a79856bd7c67ac18c27462d261ef3dc6ea74fd7d927a1f61f0eb68dbf254ca03187b0a863b2f4a626c6a7

        Download Submit

      • \Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\8.0.8\hostpolicy.dll
        Filesize

        326KB

        MD5

        77bbfda22fbf371581c93a264f0574b6

        SHA1

        ddf0a276fe88825ae7935abd352ee7ebaabbee2f

        SHA256

        2fb94baa15cab6b4a5a1858da8c19551b000d646e2ff90ddad7c8174eeacae2c

        SHA512

        76e49b2d8c577858d693e9532e3c659f69ab82e9985376992b272d54a09e44cc17da3f8594166470935ae487c7a51d6a93a75749abc0bef43756f3292b4b18a5

        Download Submit

      • \Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.8\DirectWriteForwarder.dll
        Filesize

        450KB

        MD5

        c229f3d2313f8a20753e0ad446cf6c09

        SHA1

        1ef2b56414eabd691fa2fedefb27566dbf8dbf36

        SHA256

        7d3bfe5449d99eba0149d9f47e8d998a843b030cdd4b5f65c2635f6e7c30d010

        SHA512

        d8f765e5f1c862ff7101a751a022cf89d774b38ea16336df327f61a2bf878a61ee457ea67e0fe708e45c3ec4334762b264721d88501539c758dcea37cb6088b0

        Download Submit

      • \Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.8\PresentationCore.dll
        Filesize

        7.7MB

        MD5

        6c0d5d2dbd7b7f854ec3ac03e069f10b

        SHA1

        aece75757d1fd54e9d19096c348bd411d20e1330

        SHA256

        a216ea4b82bfcd1767e81b5058b672bb2081c72cf4297e52f9d07e0191e6d2d8

        SHA512

        8fdcbad91120ab9ec2d64009500c85744482aaf60d8d8efbb14a621c2cb8f453064d48d903d1b17ee63a280741e2445a8d181448af1d00ee2cfd52da207bd862

        Download Submit

      • \Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.8\PresentationFramework.dll
        Filesize

        14.5MB

        MD5

        b77a626ce73073d37c0f5b4bf4830a78

        SHA1

        871d6c7bda2a067b412e4dafe03dfbf5051c17fa

        SHA256

        949fba472157ba65196ef3f6e7390d955f81b9c336024640760ac6e922a9cb20

        SHA512

        9e111e6a832d235c02a1b2f3f5bf1e9e95c4dcf74064499b64bf7616a19f24b757325cb8baeca95f58b0ed71ce3796605a3cefeb0080f5602bb30a7c5ddd8c8f

        Download Submit

      • \Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.8\System.IO.Packaging.dll
        Filesize

        262KB

        MD5

        6cc5c470d20da02db8aaeb0c39923a20

        SHA1

        a48d46a65d07d642aafbda4400218b345a6f5762

        SHA256

        b432effcd78065ed2a58bf66b4fe1ed41583b0beaf505fd2215534beb3c3a9a5

        SHA512

        18d72a1c2f6eb7cd63b8eabb10744caff27ea084a8c55f8aab477bae95ce3d5d394299ed3faa0caa063f3ad4d179694774d6dce481f4ff95bc182a4d5893013e

        Download Submit

      • \Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.8\System.Xaml.dll
        Filesize

        1.2MB

        MD5

        550e8bce2f04a431ef435039da23fa91

        SHA1

        5a0adf479d953f06c2f3928e4027bae11262287b

        SHA256

        cb14dfb3e9530e57a3c9168a088bf48409ad01ef1bbd383413955230fbd342d0

        SHA512

        d8ba7460df1cc2be94adb76493edfc6a092f75545e6a06fa68947fcb7e8a38bfcdf2805b4de1cb446ec1e3cabd6a48fd8383b448bb1e7d8fff053308dd711497

        Download Submit

      • \Windows\Temp\{80F01F84-1189-45FE-A467-0548A9791A3C}\.ba\wixstdba.dll
        Filesize

        215KB

        MD5

        f68f43f809840328f4e993a54b0d5e62

        SHA1

        01da48ce6c81df4835b4c2eca7e1d447be893d39

        SHA256

        e921f69b9fb4b5ad4691809d06896c5f1d655ab75e0ce94a372319c243c56d4e

        SHA512

        a7a799ecf1784fb5e8cd7191bf78b510ff5b07db07363388d7b32ed21f4fddc09e34d1160113395f728c0f4e57d13768a0350dbdb207d9224337d2153dc791e1

        Download Submit

      • memory/68-65-0x000002996C040000-0x000002996C042000-memory.dmp

        Filesize

        8KB

        Download

      • memory/68-56-0x000002995BC80000-0x000002995BD80000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/68-60-0x000002996BF50000-0x000002996BF52000-memory.dmp

        Filesize

        8KB

        Download

      • memory/68-63-0x000002996BF80000-0x000002996BF82000-memory.dmp

        Filesize

        8KB

        Download

      • memory/196-35-0x000001EF36350000-0x000001EF36352000-memory.dmp

        Filesize

        8KB

        Download

      • memory/196-0-0x000001EF38F20000-0x000001EF38F30000-memory.dmp

        Filesize

        64KB

        Download

      • memory/196-16-0x000001EF39020000-0x000001EF39030000-memory.dmp

        Filesize

        64KB

        Download

      • memory/836-336-0x00000230A54E0000-0x00000230A5500000-memory.dmp

        Filesize

        128KB

        Download

      • memory/836-223-0x000002309FE80000-0x000002309FE82000-memory.dmp

        Filesize

        8KB

        Download

      • memory/836-231-0x00000230A4110000-0x00000230A4112000-memory.dmp

        Filesize

        8KB

        Download

      • memory/836-362-0x00000230A5160000-0x00000230A5180000-memory.dmp

        Filesize

        128KB

        Download

      • memory/836-229-0x00000230A3EF0000-0x00000230A3EF2000-memory.dmp

        Filesize

        8KB

        Download

      • memory/836-227-0x00000230A3EE0000-0x00000230A3EE2000-memory.dmp

        Filesize

        8KB

        Download

      • memory/836-225-0x000002309FEA0000-0x000002309FEA2000-memory.dmp

        Filesize

        8KB

        Download

      • memory/836-335-0x00000230A54E0000-0x00000230A5500000-memory.dmp

        Filesize

        128KB

        Download

      • memory/836-221-0x000002309E660000-0x000002309E662000-memory.dmp

        Filesize

        8KB

        Download

      • memory/836-255-0x00000230A16A0000-0x00000230A17A0000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/836-270-0x000002308E500000-0x000002308E600000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/836-305-0x000002309F560000-0x000002309F660000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/836-392-0x000002309F690000-0x000002309F692000-memory.dmp

        Filesize

        8KB

        Download

      • memory/2496-43-0x0000023DDD400000-0x0000023DDD500000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/4412-75-0x000001473DF00000-0x000001473E000000-memory.dmp

        Filesize

        1024KB

        Download