4c306bf8013a156c3fcb0b50c0c99a1b750b2f11a683639e1d0ccb31f0e48657

Analysis

max time kernel
28s
max time network
38s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
31/03/2025, 15:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Superify Setup.exe
Size

102.9MB
MD5

092d25652c3714624f1074b95aa716d2
SHA1

fbf1dfe6dc956a57d0d2265f55f2ee65ff880964
SHA256

4c306bf8013a156c3fcb0b50c0c99a1b750b2f11a683639e1d0ccb31f0e48657
SHA512

e4b34504b3e16fafa47ff6afb5c08054ea6928a2f498c541ab3201d07839c0467562190bf0d0886e52abbeaad4972610f932c773428a498da95db489982d5145
SSDEEP

3145728:DgQroeNB2NDg+EJ5rId4qAdQh8XtGw8Des:DgQroeinfSd5kBe

Score

7^/10

discovery persistence

Malware Config

Signatures

Checks computer location settings 2 TTPs 4 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3218366390-1258052702-4267193707-1000\Control Panel\International\Geo\Nation	windowsdesktop-runtime-7.0.15-win-x86.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3218366390-1258052702-4267193707-1000\Control Panel\International\Geo\Nation	Superify Setup.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3218366390-1258052702-4267193707-1000\Control Panel\International\Geo\Nation	net70.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3218366390-1258052702-4267193707-1000\Control Panel\International\Geo\Nation	windowsdesktop-runtime-7.0.15-win-x86.exe

Executes dropped EXE 14 IoCs

pid	Process
2476	net70.exe
1848	net70.exe
1516	windowsdesktop-runtime-7.0.15-win-x86.exe
2208	windowsdesktop-runtime-7.0.15-win-x86.exe
2684	windowsdesktop-runtime-7.0.15-win-x86.exe
4836	windowsdesktop-runtime-7.0.15-win-x86.exe
3588	windowsdesktop-runtime-7.0.15-win-x86.exe
2692	windowsdesktop-runtime-7.0.15-win-x86.exe
2496	windowsdesktop-runtime-7.0.15-win-x86.exe
3076	windowsdesktop-runtime-7.0.15-win-x86.exe
4440	windowsdesktop-runtime-7.0.15-win-x86.exe
464	windowsdesktop-runtime-7.0.15-win-x86.exe
8	windowsdesktop-runtime-7.0.15-win-x86.exe
1320	windowsdesktop-runtime-7.0.15-win-x86.exe

Loads dropped DLL 9 IoCs

pid	Process
1848	net70.exe
4200	MsiExec.exe
4836	windowsdesktop-runtime-7.0.15-win-x86.exe
3020	MsiExec.exe
464	MsiExec.exe
4024	MsiExec.exe
3108	MsiExec.exe
3076	windowsdesktop-runtime-7.0.15-win-x86.exe
3484	MsiExec.exe

Adds Run key to start application 2 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{0305aed7-88ea-4e4d-995e-c09c56c41bd1} = "\"C:\\ProgramData\\Package Cache\\{0305aed7-88ea-4e4d-995e-c09c56c41bd1}\\windowsdesktop-runtime-7.0.15-win-x86.exe\" /burn.runonce"	windowsdesktop-runtime-7.0.15-win-x86.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{0305aed7-88ea-4e4d-995e-c09c56c41bd1} = "\"C:\\ProgramData\\Package Cache\\{0305aed7-88ea-4e4d-995e-c09c56c41bd1}\\windowsdesktop-runtime-7.0.15-win-x86.exe\" /burn.runonce"	windowsdesktop-runtime-7.0.15-win-x86.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{0305aed7-88ea-4e4d-995e-c09c56c41bd1} = "\"C:\\ProgramData\\Package Cache\\{0305aed7-88ea-4e4d-995e-c09c56c41bd1}\\windowsdesktop-runtime-7.0.15-win-x86.exe\" /burn.runonce"	windowsdesktop-runtime-7.0.15-win-x86.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.15\System.Windows.Forms.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.15\tr\UIAutomationClient.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.15\System.Runtime.Serialization.Primitives.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.15\System.Runtime.Handles.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.15\System.Security.Cryptography.Xml.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.15\System.Reflection.Metadata.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.15\System.Xml.XmlDocument.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.15\ja\System.Xaml.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.15\it\System.Windows.Controls.Ribbon.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.15\System.Design.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.15\System.DirectoryServices.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.15\ja\ReachFramework.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.15\netstandard.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.15\System.Net.Primitives.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.15\Microsoft.NETCore.App.deps.json	msiexec.exe
File created	C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.15\System.Diagnostics.TraceSource.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.15\System.Data.Common.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.15\zh-Hant\WindowsFormsIntegration.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.15\zh-Hant\System.Windows.Forms.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.15\ru\System.Windows.Forms.Design.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.15\pl\PresentationFramework.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.15\System.Linq.Queryable.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.15\System.Resources.Reader.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.15\pt-BR\Microsoft.VisualBasic.Forms.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.15\ru\PresentationFramework.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.15\fr\UIAutomationClientSideProviders.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.15\zh-Hans\Microsoft.VisualBasic.Forms.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.15\System.ComponentModel.Primitives.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.15\Microsoft.Win32.Registry.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.15\System.Net.Sockets.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.15\zh-Hans\System.Windows.Forms.Design.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.15\cs\UIAutomationProvider.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.15\zh-Hans\PresentationFramework.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.15\System.Private.CoreLib.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.15\cs\PresentationCore.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.15\fr\UIAutomationTypes.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.15\System.AppContext.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.15\it\System.Windows.Forms.Design.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.15\cs\WindowsFormsIntegration.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.15\cs\UIAutomationClient.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.15\System.Data.DataSetExtensions.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.15\System.ServiceProcess.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.15\System.IO.MemoryMappedFiles.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.15\pl\PresentationCore.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.15\PresentationFramework.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.15\ko\UIAutomationClient.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.15\System.Collections.Specialized.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.15\System.IO.IsolatedStorage.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.15\pl\System.Xaml.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.15\ko\System.Windows.Forms.Primitives.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.15\System.Runtime.InteropServices.JavaScript.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.15\de\System.Windows.Input.Manipulations.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.15\ko\System.Windows.Forms.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.15\de\UIAutomationClientSideProviders.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.15\System.Net.NameResolution.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.15\ru\System.Windows.Forms.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.15\ja\PresentationUI.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.15\it\WindowsFormsIntegration.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.15\System.Xaml.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.15\pl\UIAutomationClientSideProviders.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.15\System.Xml.Serialization.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.15\System.Net.WebSockets.Client.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.15\System.Drawing.dll	msiexec.exe
File created	C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.15\System.Diagnostics.Process.dll	msiexec.exe

Drops file in Windows directory 31 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File created	C:\Windows\Installer\e5793b2.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\e5793aa.msi	msiexec.exe
File created	C:\Windows\Installer\e5793ae.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIB357.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIB5B9.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSID5AA.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\e5793a5.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIA7BA.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIADB7.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIAF2F.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIB770.tmp	msiexec.exe
File created	C:\Windows\Installer\e5793ba.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e5793ba.msi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{D96F6B53-FC66-4BEE-91BD-1A4E944FC061}	msiexec.exe
File created	C:\Windows\Installer\e5793a5.msi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{565B8608-2758-4BB1-90B8-13C8D5D9A7A3}	msiexec.exe
File opened for modification	C:\Windows\Installer\e5793aa.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e5793b2.msi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{A8653AB8-2037-4D69-903D-F1D5FA5CACD2}	msiexec.exe
File created	C:\Windows\Installer\e5793b6.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIC2BE.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIBAEC.tmp	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI9E24.tmp	msiexec.exe
File created	C:\Windows\Installer\e5793be.msi	msiexec.exe
File created	C:\Windows\Installer\e5793a9.msi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{961F4E18-EF6F-44DA-A61E-8AFCAA87CB87}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIB2AA.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIBB2B.tmp	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 21 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	windowsdesktop-runtime-7.0.15-win-x86.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	windowsdesktop-runtime-7.0.15-win-x86.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Superify Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net70.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net70.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	windowsdesktop-runtime-7.0.15-win-x86.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	windowsdesktop-runtime-7.0.15-win-x86.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	windowsdesktop-runtime-7.0.15-win-x86.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	windowsdesktop-runtime-7.0.15-win-x86.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	windowsdesktop-runtime-7.0.15-win-x86.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	windowsdesktop-runtime-7.0.15-win-x86.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	windowsdesktop-runtime-7.0.15-win-x86.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	windowsdesktop-runtime-7.0.15-win-x86.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	windowsdesktop-runtime-7.0.15-win-x86.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	windowsdesktop-runtime-7.0.15-win-x86.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe

Modifies data under HKEY_USERS 14 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2d	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\28	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\28	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\29	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2B\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2C	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\27\52C64B7E	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\29	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2A	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2c	msiexec.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\windowsdesktop_runtime_56.60.5778_x86\ = "{D96F6B53-FC66-4BEE-91BD-1A4E944FC061}"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\35B6F69D66CFEEB419DBA1E449F40C16\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{D96F6B53-FC66-4BEE-91BD-1A4E944FC061}v56.60.5778\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\875FCC7E409552663C1E1CE12BB99B8B\8068B56585721BB4098B318C5D9D7A3A	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8068B56585721BB4098B318C5D9D7A3A\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{565B8608-2758-4BB1-90B8-13C8D5D9A7A3}v56.60.5674\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\CECF0AFFB02504A6772360FBC67BC746\81E4F169F6FEAD446AE1A8CFAA78BC78	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8BA3568A730296D409D31F5DAFC5CA2D	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\35B6F69D66CFEEB419DBA1E449F40C16\SourceList\Media	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{0305aed7-88ea-4e4d-995e-c09c56c41bd1}\Version = "7.0.15.33129"	windowsdesktop-runtime-7.0.15-win-x86.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8BA3568A730296D409D31F5DAFC5CA2D\InstanceType = "0"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8068B56585721BB4098B318C5D9D7A3A\Assignment = "1"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{0305aed7-88ea-4e4d-995e-c09c56c41bd1}\ = "{0305aed7-88ea-4e4d-995e-c09c56c41bd1}"	windowsdesktop-runtime-7.0.15-win-x86.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\35B6F69D66CFEEB419DBA1E449F40C16\SourceList\Media\1 = ";"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{0305aed7-88ea-4e4d-995e-c09c56c41bd1}\Dependents	windowsdesktop-runtime-7.0.15-win-x86.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8068B56585721BB4098B318C5D9D7A3A\PackageCode = "815A1F02C1E768D429CA25C331D3FE97"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{0305aed7-88ea-4e4d-995e-c09c56c41bd1}\DisplayName = "Microsoft Windows Desktop Runtime - 7.0.15 (x86)"	windowsdesktop-runtime-7.0.15-win-x86.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\35B6F69D66CFEEB419DBA1E449F40C16\AdvertiseFlags = "388"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_HostFxr_56.60.5674_x86\DisplayName = "Microsoft .NET Host FX Resolver - 7.0.15 (x86)"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\81E4F169F6FEAD446AE1A8CFAA78BC78	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\81E4F169F6FEAD446AE1A8CFAA78BC78	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8BA3568A730296D409D31F5DAFC5CA2D\AdvertiseFlags = "388"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Dotnet_CLI_SharedHost_7.0_x86	windowsdesktop-runtime-7.0.15-win-x86.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Dotnet_CLI_HostFxr_56.60.5674_x86	windowsdesktop-runtime-7.0.15-win-x86.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_SharedHost_7.0_x86\Version = "56.60.5674"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\CB060CF1DBA5E1C781D70245BFC4FA32	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8068B56585721BB4098B318C5D9D7A3A\Language = "1033"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8068B56585721BB4098B318C5D9D7A3A\Clients = 3a0000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\81E4F169F6FEAD446AE1A8CFAA78BC78\ProductName = "Microsoft .NET Host FX Resolver - 7.0.15 (x86)"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\81E4F169F6FEAD446AE1A8CFAA78BC78\Language = "1033"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\81E4F169F6FEAD446AE1A8CFAA78BC78\Clients = 3a0000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8068B56585721BB4098B318C5D9D7A3A	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8068B56585721BB4098B318C5D9D7A3A\AuthorizedLUAApp = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8068B56585721BB4098B318C5D9D7A3A\SourceList\Media\1 = ";"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\CECF0AFFB02504A6772360FBC67BC746	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\81E4F169F6FEAD446AE1A8CFAA78BC78\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{961F4E18-EF6F-44DA-A61E-8AFCAA87CB87}v56.60.5674\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Dotnet_CLI_SharedHost_7.0_x86	windowsdesktop-runtime-7.0.15-win-x86.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\dotnet_runtime_56.60.5674_x86\Dependents\{0305aed7-88ea-4e4d-995e-c09c56c41bd1}	windowsdesktop-runtime-7.0.15-win-x86.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\35B6F69D66CFEEB419DBA1E449F40C16\DeploymentFlags = "3"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{0305aed7-88ea-4e4d-995e-c09c56c41bd1}\Version = "7.0.15.33129"	windowsdesktop-runtime-7.0.15-win-x86.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8BA3568A730296D409D31F5DAFC5CA2D\SourceList	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8BA3568A730296D409D31F5DAFC5CA2D\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{A8653AB8-2037-4D69-903D-F1D5FA5CACD2}v56.60.5674\\"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\35B6F69D66CFEEB419DBA1E449F40C16\AuthorizedLUAApp = "0"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\35B6F69D66CFEEB419DBA1E449F40C16\SourceList\Net	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\35B6F69D66CFEEB419DBA1E449F40C16\Clients = 3a0000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\windowsdesktop_runtime_56.60.5778_x86\Dependents\{0305aed7-88ea-4e4d-995e-c09c56c41bd1}	windowsdesktop-runtime-7.0.15-win-x86.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{0305aed7-88ea-4e4d-995e-c09c56c41bd1}\DisplayName = "Microsoft Windows Desktop Runtime - 7.0.15 (x86)"	windowsdesktop-runtime-7.0.15-win-x86.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\8068B56585721BB4098B318C5D9D7A3A\Provider	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8068B56585721BB4098B318C5D9D7A3A\AdvertiseFlags = "388"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\dotnet_runtime_56.60.5674_x86\Dependents	windowsdesktop-runtime-7.0.15-win-x86.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_HostFxr_56.60.5674_x86\Version = "56.60.5674"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_SharedHost_7.0_x86\DisplayName = "Microsoft .NET Host - 7.0.15 (x86)"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8BA3568A730296D409D31F5DAFC5CA2D\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{A8653AB8-2037-4D69-903D-F1D5FA5CACD2}v56.60.5674\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{0305aed7-88ea-4e4d-995e-c09c56c41bd1}\ = "{0305aed7-88ea-4e4d-995e-c09c56c41bd1}"	windowsdesktop-runtime-7.0.15-win-x86.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_HostFxr_56.60.5674_x86\Dependents\{0305aed7-88ea-4e4d-995e-c09c56c41bd1}	windowsdesktop-runtime-7.0.15-win-x86.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\3774C265BB25E195676300FC0E846513\35B6F69D66CFEEB419DBA1E449F40C16	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\81E4F169F6FEAD446AE1A8CFAA78BC78\Version = "943461930"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\81E4F169F6FEAD446AE1A8CFAA78BC78\Assignment = "1"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8068B56585721BB4098B318C5D9D7A3A\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{565B8608-2758-4BB1-90B8-13C8D5D9A7A3}v56.60.5674\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\dotnet_runtime_56.60.5674_x86\Dependents\{0305aed7-88ea-4e4d-995e-c09c56c41bd1}	windowsdesktop-runtime-7.0.15-win-x86.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\81E4F169F6FEAD446AE1A8CFAA78BC78\SourceList\Net	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\{0305aed7-88ea-4e4d-995e-c09c56c41bd1}	windowsdesktop-runtime-7.0.15-win-x86.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\windowsdesktop_runtime_56.60.5778_x86\DisplayName = "Microsoft Windows Desktop Runtime - 7.0.15 (x86)"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\35B6F69D66CFEEB419DBA1E449F40C16\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{D96F6B53-FC66-4BEE-91BD-1A4E944FC061}v56.60.5778\\"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8068B56585721BB4098B318C5D9D7A3A\InstanceType = "0"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8068B56585721BB4098B318C5D9D7A3A\DeploymentFlags = "3"	msiexec.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
2360	Superify Setup.exe
2360	Superify Setup.exe
3252	msiexec.exe
3252	msiexec.exe
3252	msiexec.exe
3252	msiexec.exe
3252	msiexec.exe
3252	msiexec.exe
3252	msiexec.exe
3252	msiexec.exe
3252	msiexec.exe
3252	msiexec.exe
3252	msiexec.exe
3252	msiexec.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2360	Superify Setup.exe
Token: SeShutdownPrivilege	1516	windowsdesktop-runtime-7.0.15-win-x86.exe
Token: SeIncreaseQuotaPrivilege	1516	windowsdesktop-runtime-7.0.15-win-x86.exe
Token: SeSecurityPrivilege	3252	msiexec.exe
Token: SeCreateTokenPrivilege	1516	windowsdesktop-runtime-7.0.15-win-x86.exe
Token: SeAssignPrimaryTokenPrivilege	1516	windowsdesktop-runtime-7.0.15-win-x86.exe
Token: SeLockMemoryPrivilege	1516	windowsdesktop-runtime-7.0.15-win-x86.exe
Token: SeIncreaseQuotaPrivilege	1516	windowsdesktop-runtime-7.0.15-win-x86.exe
Token: SeMachineAccountPrivilege	1516	windowsdesktop-runtime-7.0.15-win-x86.exe
Token: SeTcbPrivilege	1516	windowsdesktop-runtime-7.0.15-win-x86.exe
Token: SeSecurityPrivilege	1516	windowsdesktop-runtime-7.0.15-win-x86.exe
Token: SeTakeOwnershipPrivilege	1516	windowsdesktop-runtime-7.0.15-win-x86.exe
Token: SeLoadDriverPrivilege	1516	windowsdesktop-runtime-7.0.15-win-x86.exe
Token: SeSystemProfilePrivilege	1516	windowsdesktop-runtime-7.0.15-win-x86.exe
Token: SeSystemtimePrivilege	1516	windowsdesktop-runtime-7.0.15-win-x86.exe
Token: SeProfSingleProcessPrivilege	1516	windowsdesktop-runtime-7.0.15-win-x86.exe
Token: SeIncBasePriorityPrivilege	1516	windowsdesktop-runtime-7.0.15-win-x86.exe
Token: SeCreatePagefilePrivilege	1516	windowsdesktop-runtime-7.0.15-win-x86.exe
Token: SeCreatePermanentPrivilege	1516	windowsdesktop-runtime-7.0.15-win-x86.exe
Token: SeBackupPrivilege	1516	windowsdesktop-runtime-7.0.15-win-x86.exe
Token: SeRestorePrivilege	1516	windowsdesktop-runtime-7.0.15-win-x86.exe
Token: SeShutdownPrivilege	1516	windowsdesktop-runtime-7.0.15-win-x86.exe
Token: SeDebugPrivilege	1516	windowsdesktop-runtime-7.0.15-win-x86.exe
Token: SeAuditPrivilege	1516	windowsdesktop-runtime-7.0.15-win-x86.exe
Token: SeSystemEnvironmentPrivilege	1516	windowsdesktop-runtime-7.0.15-win-x86.exe
Token: SeChangeNotifyPrivilege	1516	windowsdesktop-runtime-7.0.15-win-x86.exe
Token: SeRemoteShutdownPrivilege	1516	windowsdesktop-runtime-7.0.15-win-x86.exe
Token: SeUndockPrivilege	1516	windowsdesktop-runtime-7.0.15-win-x86.exe
Token: SeSyncAgentPrivilege	1516	windowsdesktop-runtime-7.0.15-win-x86.exe
Token: SeEnableDelegationPrivilege	1516	windowsdesktop-runtime-7.0.15-win-x86.exe
Token: SeManageVolumePrivilege	1516	windowsdesktop-runtime-7.0.15-win-x86.exe
Token: SeImpersonatePrivilege	1516	windowsdesktop-runtime-7.0.15-win-x86.exe
Token: SeCreateGlobalPrivilege	1516	windowsdesktop-runtime-7.0.15-win-x86.exe
Token: SeRestorePrivilege	3252	msiexec.exe
Token: SeTakeOwnershipPrivilege	3252	msiexec.exe
Token: SeRestorePrivilege	3252	msiexec.exe
Token: SeTakeOwnershipPrivilege	3252	msiexec.exe
Token: SeRestorePrivilege	3252	msiexec.exe
Token: SeTakeOwnershipPrivilege	3252	msiexec.exe
Token: SeRestorePrivilege	3252	msiexec.exe
Token: SeTakeOwnershipPrivilege	3252	msiexec.exe
Token: SeRestorePrivilege	3252	msiexec.exe
Token: SeTakeOwnershipPrivilege	3252	msiexec.exe
Token: SeRestorePrivilege	3252	msiexec.exe
Token: SeTakeOwnershipPrivilege	3252	msiexec.exe
Token: SeRestorePrivilege	3252	msiexec.exe
Token: SeTakeOwnershipPrivilege	3252	msiexec.exe
Token: SeRestorePrivilege	3252	msiexec.exe
Token: SeTakeOwnershipPrivilege	3252	msiexec.exe
Token: SeRestorePrivilege	3252	msiexec.exe
Token: SeTakeOwnershipPrivilege	3252	msiexec.exe
Token: SeRestorePrivilege	3252	msiexec.exe
Token: SeTakeOwnershipPrivilege	3252	msiexec.exe
Token: SeRestorePrivilege	3252	msiexec.exe
Token: SeTakeOwnershipPrivilege	3252	msiexec.exe
Token: SeRestorePrivilege	3252	msiexec.exe
Token: SeTakeOwnershipPrivilege	3252	msiexec.exe
Token: SeRestorePrivilege	3252	msiexec.exe
Token: SeTakeOwnershipPrivilege	3252	msiexec.exe
Token: SeRestorePrivilege	3252	msiexec.exe
Token: SeTakeOwnershipPrivilege	3252	msiexec.exe
Token: SeRestorePrivilege	3252	msiexec.exe
Token: SeTakeOwnershipPrivilege	3252	msiexec.exe
Token: SeRestorePrivilege	3252	msiexec.exe

Suspicious use of WriteProcessMemory 60 IoCs

description	pid	Process	procid_target
PID 2360 wrote to memory of 2476	2360	Superify Setup.exe	93
PID 2360 wrote to memory of 2476	2360	Superify Setup.exe	93
PID 2360 wrote to memory of 2476	2360	Superify Setup.exe	93
PID 2476 wrote to memory of 1848	2476	net70.exe	94
PID 2476 wrote to memory of 1848	2476	net70.exe	94
PID 2476 wrote to memory of 1848	2476	net70.exe	94
PID 1848 wrote to memory of 1516	1848	net70.exe	95
PID 1848 wrote to memory of 1516	1848	net70.exe	95
PID 1848 wrote to memory of 1516	1848	net70.exe	95
PID 3480 wrote to memory of 2208	3480	cmd.exe	98
PID 3480 wrote to memory of 2208	3480	cmd.exe	98
PID 3480 wrote to memory of 2208	3480	cmd.exe	98
PID 2208 wrote to memory of 2684	2208	windowsdesktop-runtime-7.0.15-win-x86.exe	99
PID 2208 wrote to memory of 2684	2208	windowsdesktop-runtime-7.0.15-win-x86.exe	99
PID 2208 wrote to memory of 2684	2208	windowsdesktop-runtime-7.0.15-win-x86.exe	99
PID 2684 wrote to memory of 4836	2684	windowsdesktop-runtime-7.0.15-win-x86.exe	100
PID 2684 wrote to memory of 4836	2684	windowsdesktop-runtime-7.0.15-win-x86.exe	100
PID 2684 wrote to memory of 4836	2684	windowsdesktop-runtime-7.0.15-win-x86.exe	100
PID 3252 wrote to memory of 4200	3252	msiexec.exe	107
PID 3252 wrote to memory of 4200	3252	msiexec.exe	107
PID 3252 wrote to memory of 4200	3252	msiexec.exe	107
PID 4836 wrote to memory of 3588	4836	windowsdesktop-runtime-7.0.15-win-x86.exe	109
PID 4836 wrote to memory of 3588	4836	windowsdesktop-runtime-7.0.15-win-x86.exe	109
PID 4836 wrote to memory of 3588	4836	windowsdesktop-runtime-7.0.15-win-x86.exe	109
PID 4448 wrote to memory of 2692	4448	cmd.exe	112
PID 4448 wrote to memory of 2692	4448	cmd.exe	112
PID 4448 wrote to memory of 2692	4448	cmd.exe	112
PID 2692 wrote to memory of 2496	2692	windowsdesktop-runtime-7.0.15-win-x86.exe	113
PID 2692 wrote to memory of 2496	2692	windowsdesktop-runtime-7.0.15-win-x86.exe	113
PID 2692 wrote to memory of 2496	2692	windowsdesktop-runtime-7.0.15-win-x86.exe	113
PID 2496 wrote to memory of 3076	2496	windowsdesktop-runtime-7.0.15-win-x86.exe	114
PID 2496 wrote to memory of 3076	2496	windowsdesktop-runtime-7.0.15-win-x86.exe	114
PID 2496 wrote to memory of 3076	2496	windowsdesktop-runtime-7.0.15-win-x86.exe	114
PID 3252 wrote to memory of 3020	3252	msiexec.exe	115
PID 3252 wrote to memory of 3020	3252	msiexec.exe	115
PID 3252 wrote to memory of 3020	3252	msiexec.exe	115
PID 3252 wrote to memory of 464	3252	msiexec.exe	116
PID 3252 wrote to memory of 464	3252	msiexec.exe	116
PID 3252 wrote to memory of 464	3252	msiexec.exe	116
PID 3252 wrote to memory of 4024	3252	msiexec.exe	119
PID 3252 wrote to memory of 4024	3252	msiexec.exe	119
PID 3252 wrote to memory of 4024	3252	msiexec.exe	119
PID 3252 wrote to memory of 3108	3252	msiexec.exe	120
PID 3252 wrote to memory of 3108	3252	msiexec.exe	120
PID 3252 wrote to memory of 3108	3252	msiexec.exe	120
PID 3076 wrote to memory of 4440	3076	windowsdesktop-runtime-7.0.15-win-x86.exe	121
PID 3076 wrote to memory of 4440	3076	windowsdesktop-runtime-7.0.15-win-x86.exe	121
PID 3076 wrote to memory of 4440	3076	windowsdesktop-runtime-7.0.15-win-x86.exe	121
PID 2188 wrote to memory of 464	2188	cmd.exe	124
PID 2188 wrote to memory of 464	2188	cmd.exe	124
PID 2188 wrote to memory of 464	2188	cmd.exe	124
PID 464 wrote to memory of 8	464	windowsdesktop-runtime-7.0.15-win-x86.exe	125
PID 464 wrote to memory of 8	464	windowsdesktop-runtime-7.0.15-win-x86.exe	125
PID 464 wrote to memory of 8	464	windowsdesktop-runtime-7.0.15-win-x86.exe	125
PID 8 wrote to memory of 1320	8	windowsdesktop-runtime-7.0.15-win-x86.exe	126
PID 8 wrote to memory of 1320	8	windowsdesktop-runtime-7.0.15-win-x86.exe	126
PID 8 wrote to memory of 1320	8	windowsdesktop-runtime-7.0.15-win-x86.exe	126
PID 3252 wrote to memory of 3484	3252	msiexec.exe	127
PID 3252 wrote to memory of 3484	3252	msiexec.exe	127
PID 3252 wrote to memory of 3484	3252	msiexec.exe	127

C:\Users\Admin\AppData\Local\Temp\Superify Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Superify Setup.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2360
- C:\net70.exe
  "C:\net70.exe" /q /norestart
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2476
- - C:\Windows\Temp\{675D20EC-2470-47A7-8B8F-6E5B442A72CA}\.cr\net70.exe
    "C:\Windows\Temp\{675D20EC-2470-47A7-8B8F-6E5B442A72CA}\.cr\net70.exe" -burn.clean.room="C:\net70.exe" -burn.filehandle.attached=548 -burn.filehandle.self=544 /q /norestart
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:1848
  - - C:\Windows\Temp\{031DA1E2-AE59-4242-AB70-AB218066B6C9}\.be\windowsdesktop-runtime-7.0.15-win-x86.exe
      "C:\Windows\Temp\{031DA1E2-AE59-4242-AB70-AB218066B6C9}\.be\windowsdesktop-runtime-7.0.15-win-x86.exe" -q -burn.elevated BurnPipe.{CCADE6CE-7C87-43F1-A229-DEDFA66AA836} {A1E5CB94-A940-4AF9-8465-3BA62844C4F4} 1848
      4⤵
      Executes dropped EXE
      Adds Run key to start application
      System Location Discovery: System Language Discovery
      Modifies registry class
      Suspicious use of AdjustPrivilegeToken
      PID:1516

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\ProgramData\Package Cache\{0305aed7-88ea-4e4d-995e-c09c56c41bd1}\windowsdesktop-runtime-7.0.15-win-x86.exe" /burn.runonce
1⤵
- Suspicious use of WriteProcessMemory
PID:3480
- C:\ProgramData\Package Cache\{0305aed7-88ea-4e4d-995e-c09c56c41bd1}\windowsdesktop-runtime-7.0.15-win-x86.exe
  "C:\ProgramData\Package Cache\{0305aed7-88ea-4e4d-995e-c09c56c41bd1}\windowsdesktop-runtime-7.0.15-win-x86.exe" /burn.runonce
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2208
- - C:\ProgramData\Package Cache\{0305aed7-88ea-4e4d-995e-c09c56c41bd1}\windowsdesktop-runtime-7.0.15-win-x86.exe
    "C:\ProgramData\Package Cache\{0305aed7-88ea-4e4d-995e-c09c56c41bd1}\windowsdesktop-runtime-7.0.15-win-x86.exe" /quiet /norestart /burn.log.append "C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_7.0.15_(x86)_20250331151455.log"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:2684
  - - C:\ProgramData\Package Cache\{0305aed7-88ea-4e4d-995e-c09c56c41bd1}\windowsdesktop-runtime-7.0.15-win-x86.exe
      "C:\ProgramData\Package Cache\{0305aed7-88ea-4e4d-995e-c09c56c41bd1}\windowsdesktop-runtime-7.0.15-win-x86.exe" -burn.clean.room="C:\ProgramData\Package Cache\{0305aed7-88ea-4e4d-995e-c09c56c41bd1}\windowsdesktop-runtime-7.0.15-win-x86.exe" -burn.filehandle.attached=516 -burn.filehandle.self=536 /quiet /norestart /burn.log.append "C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_7.0.15_(x86)_20250331151455.log"
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:4836
    - - C:\ProgramData\Package Cache\{0305aed7-88ea-4e4d-995e-c09c56c41bd1}\windowsdesktop-runtime-7.0.15-win-x86.exe
        
        "C:\ProgramData\Package Cache\{0305aed7-88ea-4e4d-995e-c09c56c41bd1}\windowsdesktop-runtime-7.0.15-win-x86.exe" -q -burn.elevated BurnPipe.{A005D44B-80EE-4A19-86DE-B51EF2026EFD} {153AF736-26D8-4FEE-8A58-9D1A583B4D0B} 4836
        5⤵
        Executes dropped EXE
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:3588

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3252
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding A937A9A115ADD05E0841F065B4F6DCA9
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:4200
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 702C600D09927C4926D4A09B20530681
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:3020
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 64A58D89CD4DCB1F547250BC452D8402
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:464
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 78C7CC7C2837F42363253FC093923E8C
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:4024
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 58B9E71EF33351A91ECC33B5832614D9
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:3108
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding BBEC0CE137DEB231D748D47289B0C1AF
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:3484
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding A6B334705BCA4AD7E22BB3D30A970410
  2⤵
  PID:4080
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 034E5F032EC73D032C792C290B194578
  2⤵
  PID:2224

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\ProgramData\Package Cache\{0305aed7-88ea-4e4d-995e-c09c56c41bd1}\windowsdesktop-runtime-7.0.15-win-x86.exe" /burn.runonce
1⤵
- Suspicious use of WriteProcessMemory
PID:4448
- C:\ProgramData\Package Cache\{0305aed7-88ea-4e4d-995e-c09c56c41bd1}\windowsdesktop-runtime-7.0.15-win-x86.exe
  "C:\ProgramData\Package Cache\{0305aed7-88ea-4e4d-995e-c09c56c41bd1}\windowsdesktop-runtime-7.0.15-win-x86.exe" /burn.runonce
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2692
- - C:\ProgramData\Package Cache\{0305aed7-88ea-4e4d-995e-c09c56c41bd1}\windowsdesktop-runtime-7.0.15-win-x86.exe
    "C:\ProgramData\Package Cache\{0305aed7-88ea-4e4d-995e-c09c56c41bd1}\windowsdesktop-runtime-7.0.15-win-x86.exe" /quiet /norestart /burn.log.append "C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_7.0.15_(x86)_20250331151455.log"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:2496
  - - C:\ProgramData\Package Cache\{0305aed7-88ea-4e4d-995e-c09c56c41bd1}\windowsdesktop-runtime-7.0.15-win-x86.exe
      "C:\ProgramData\Package Cache\{0305aed7-88ea-4e4d-995e-c09c56c41bd1}\windowsdesktop-runtime-7.0.15-win-x86.exe" -burn.clean.room="C:\ProgramData\Package Cache\{0305aed7-88ea-4e4d-995e-c09c56c41bd1}\windowsdesktop-runtime-7.0.15-win-x86.exe" -burn.filehandle.attached=532 -burn.filehandle.self=536 /quiet /norestart /burn.log.append "C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_7.0.15_(x86)_20250331151455.log"
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:3076
    - - C:\ProgramData\Package Cache\{0305aed7-88ea-4e4d-995e-c09c56c41bd1}\windowsdesktop-runtime-7.0.15-win-x86.exe
        
        "C:\ProgramData\Package Cache\{0305aed7-88ea-4e4d-995e-c09c56c41bd1}\windowsdesktop-runtime-7.0.15-win-x86.exe" -q -burn.elevated BurnPipe.{F5807A83-3ACE-49E7-8ACD-74F0FBB6DAB2} {B0E86746-8494-41DA-A271-01CC59095E99} 3076
        5⤵
        Executes dropped EXE
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:4440

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\ProgramData\Package Cache\{0305aed7-88ea-4e4d-995e-c09c56c41bd1}\windowsdesktop-runtime-7.0.15-win-x86.exe" /burn.runonce
1⤵
- Suspicious use of WriteProcessMemory
PID:2188
- C:\ProgramData\Package Cache\{0305aed7-88ea-4e4d-995e-c09c56c41bd1}\windowsdesktop-runtime-7.0.15-win-x86.exe
  "C:\ProgramData\Package Cache\{0305aed7-88ea-4e4d-995e-c09c56c41bd1}\windowsdesktop-runtime-7.0.15-win-x86.exe" /burn.runonce
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:464
- - C:\ProgramData\Package Cache\{0305aed7-88ea-4e4d-995e-c09c56c41bd1}\windowsdesktop-runtime-7.0.15-win-x86.exe
    "C:\ProgramData\Package Cache\{0305aed7-88ea-4e4d-995e-c09c56c41bd1}\windowsdesktop-runtime-7.0.15-win-x86.exe" /quiet /norestart /burn.log.append "C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_7.0.15_(x86)_20250331151455.log"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:8
  - - C:\ProgramData\Package Cache\{0305aed7-88ea-4e4d-995e-c09c56c41bd1}\windowsdesktop-runtime-7.0.15-win-x86.exe
      "C:\ProgramData\Package Cache\{0305aed7-88ea-4e4d-995e-c09c56c41bd1}\windowsdesktop-runtime-7.0.15-win-x86.exe" -burn.clean.room="C:\ProgramData\Package Cache\{0305aed7-88ea-4e4d-995e-c09c56c41bd1}\windowsdesktop-runtime-7.0.15-win-x86.exe" -burn.filehandle.attached=516 -burn.filehandle.self=536 /quiet /norestart /burn.log.append "C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_7.0.15_(x86)_20250331151455.log"
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:1320

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e5793a8.rbs

Filesize
49KB

MD5
3dc24635603524e0797f90bdbd644fa3

SHA1
93f8f0faa6d3d4772484963d2d2ec1743ed6ca61

SHA256
80716b3fd77b735bf631937ff534bc1fb49048d87fd86a1f7cca0fde534bfc71

SHA512
53e53e0321c9ac6dfb3856bcb82a6197564a27bc61a663de4fe01f9ea0e51ed452af09bd0cb206a16b45a7f45b3ff9bcf2b99ebac19677bf93018e0c9e81a941

Download Submit
C:\Config.Msi\e5793ad.rbs

Filesize
8KB

MD5
a96400c121dd465ff430eadeaaab0df2

SHA1
4a9a0b9a882df39d8a5ad2290ca8045f0baa1eef

SHA256
cf2cd6817cb6c7032dc12e96903c819b2e372cd1ce883a35990b5fb24ee05215

SHA512
fa4fa1c30cb372a733351c0f82f6a15fab07a9a9c2ac7997e79aafa54bc677c3d114033641555a6d6e2bfeee46372709eafe0b9306a12e96f6925ec1c4c45dc3

Download Submit
C:\Config.Msi\e5793b1.rbs

Filesize
3KB

MD5
83ca8ea8fbd382f3069e08c8c3d0b416

SHA1
2466bc714dacdb60d1010a96831225f6bf1ffba6

SHA256
860da1986ff303d949d3bd117c3e827a7b547dacee8b86dc0c3b5dde5b95ef3c

SHA512
dbb6ab201f7addc9e338cfa71af3ed5c41b24b4a1a582f01c7f37c7a34b3113ec5e12865fd6f004aa42fbb077de30b6cc5cddd8ed30a4874eccea419b49d6d91

Download Submit
C:\Config.Msi\e5793b5.rbs

Filesize
9KB

MD5
d1b7bbfb0c244b422500eb37a8e93881

SHA1
65afa07362871ba38d416f43cee242a305ade1cc

SHA256
ba20030f16a80f2eb0987cbefbc6cc2ac175bf0a05be6d46402dda7313c944b1

SHA512
073be83f4443230ffdbb97fdf25ff21b7c44d434d95b1111aa42838bc65ec0fe0d0e3848c3dd6a5f8cd69f62c0d1c95427cae66aa877096719c81334c101fd94

Download Submit
C:\Config.Msi\e5793b9.rbs

Filesize
3KB

MD5
2ecfd1cd2f548ffb5422c67f6f87c1f9

SHA1
624dcfcc594624cf53906bc63be656cb42da4350

SHA256
b3f0745c1275abb811f5ab62d653b453e7075bee319d49c8c960401f212e75e4

SHA512
dd5a84409ca77c583044ba5a7ecf1fd4e3e83bc8c1938f68dd5f708f45851d93265adb071a7d57ea5f903eae3876c7e606d87c58aafc970d177f527931da980b

Download Submit
C:\Config.Msi\e5793bd.rbs

Filesize
90KB

MD5
9fe8fbbb3bab766bb3668b2d561f0b6c

SHA1
80fa3dd523f51d358f31c32b9838393386a7bb4b

SHA256
eaedfa3072c1fb6634fa8cc1396a23640daa568f89f48396fb0c92d9b737009a

SHA512
9dc66ad563d8eea3223f78534f8293730bfc6a1ebc2c8a909e69d8fd6e9e75dafff416d2ddbd2fa0ca851c7b5cb99a15e6284585e1c71022859d197f6a5fc791

Download Submit
C:\Config.Msi\e5793c1.rbs

Filesize
3KB

MD5
cceaf1b8651a8550d3797589c67a4c4f

SHA1
cede1141ef991c2738a2ff0c0d2477e04d520ae1

SHA256
8401cad14e1b47b3c4b2f34aa32c667847b300f280a9c98096420534117b9b53

SHA512
e75ae6bee0d416ba666a52c3715d6274a740bb218ecb7e2b180d268c6803ccb2e01492b04243bcdffab1914f1d181f44899973ba1bffbcddbe884ec155c90e71

Download Submit
C:\Config.Msi\e5793c4.rbs

Filesize
3KB

MD5
a66f2f514b2b8d4f0666a25686bf909d

SHA1
efae63f1fdb3c0c62385c2ef9e6834e874dc8d9a

SHA256
1b8424da40e2b7bf56185fffef096b60ceda817ac62fe56c0954946a153ca857

SHA512
799e2c519375b5548cd24a9270e7a2b83aed4c31f1dd223d7a8e8ed216b01bc0f866f452471d24c513b7cfb9d56f93c7bed34b12ed42a2bb8e70236f1a444c50

Download Submit
C:\Program Files (x86)\dotnet\LICENSE.txt

Filesize
9KB

MD5
31c5a77b3c57c8c2e82b9541b00bcd5a

SHA1
153d4bc14e3a2c1485006f1752e797ca8684d06d

SHA256
7f6839a61ce892b79c6549e2dc5a81fdbd240a0b260f8881216b45b7fda8b45d

SHA512
ad33e3c0c3b060ad44c5b1b712c991b2d7042f6a60dc691c014d977c922a7e3a783ba9bade1a34de853c271fde1fb75bc2c47869acd863a40be3a6c6d754c0a6

Download Submit
C:\Program Files (x86)\dotnet\ThirdPartyNotices.txt

Filesize
85KB

MD5
5c13a5ea8c8cc3474240981d0ffa88ff

SHA1
1d8d3ce27d9dc3d9fb4fa4b06c20137d25879d80

SHA256
4f9bb3901879bafae3a17c6c4009ee5c15384a06fc234bed78937969079c77da

SHA512
32ea79ff5194d8a18e75f277aed5610b4955db15b0abbcc2664cf07f372bebfc57eb665ad078dc3da3ce5ee0d8856140c2a1bc7032b578dd103d43998d682d88

Download Submit
C:\ProgramData\Package Cache\{0305aed7-88ea-4e4d-995e-c09c56c41bd1}\state.rsm

Filesize
772B

MD5
b4e1a9d7eab982dc3b5ebcda8a0fdb67

SHA1
4edc2e8bc110c79e5866f64185a6872cbf57f358

SHA256
c4db5ba32053dd854e0b80f80ca8595d6197e8e32e346ac31aea38caa530659e

SHA512
5f4af670a915bddc7004d308960a8d2123edd5002f6a950b7bb64e37965f3307288256bb19bd8c85c717529f397a3d0259069ab6c5a33d9190d160b3521017b4

Download Submit
C:\ProgramData\Package Cache\{0305aed7-88ea-4e4d-995e-c09c56c41bd1}\state.rsm

Filesize
736B

MD5
f9d76796f6d2afaa93feb32c7452abd4

SHA1
4a85467b3eda7cd1c1230ecf305174b411eae8e0

SHA256
15fb560041fa3d6377f867be188b1c9e9e0c015454b24beb37acbf7ce8767b17

SHA512
44a553f77f5e1e53279e8149e9c6dd693471e9d4ffa67fc29871c108e85fae3fa22ef60fa45fac24c1558b0dda4405620b3f76883c99952870539e55da8b7f0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_7.0.15_(x86)_20250331151455.log

Filesize
15KB

MD5
97b37a56871d256f19466e8a384d9c20

SHA1
0a00c924751e93c26a72421609be375b99973ce4

SHA256
31c963c8ae330c72b3b64044f4fa8188a794977d97091ae365d40da7b559da03

SHA512
636aed0593a051e48ac80a2ba2ddc64b50df8cb29d233d7bb0f5e3a18b21f617f314ef27d6cb08fb5e2b76d5ff52ecfe3114a4d7fa3750e264cb3bb6f8210c85

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_7.0.15_(x86)_20250331151455_000_dotnet_runtime_7.0.15_win_x86.msi.log

Filesize
2KB

MD5
f42ee159515873e93a9edde5bc2ecb95

SHA1
e76c1c6311d60accb2f72539aeb8dc4e74a9a8a8

SHA256
1023f75ec8769324dc9adb67ad72d78793aca39c06b5a4cc493cda9020ada203

SHA512
621e6a46251ef1181c89bfbd8e0886f181485878fd813d0367addf3adff9e47f670387bd3de4ce4dcd9db9847bde7c8186f595b073807f0df8aff8bb7841aa9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_7.0.15_(x86)_20250331151455_001_dotnet_hostfxr_7.0.15_win_x86.msi.log

Filesize
2KB

MD5
5ad7964849f2eb25d069381713599f19

SHA1
86ab89bc87e6c03c4d5e8822745b565010e5ccc4

SHA256
78a47503954e930387b9280a791cccad154271e4e94e2595d1d5b3c9381ed7a9

SHA512
e3518494138dc39c7c2d9395ed0e95260c904e88fb3acf7557ec15e2271f43db03f013464eb0604ce22caa355f2e8538de7a6a03bcf1b42a440ff3456ea49dfa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_7.0.15_(x86)_20250331151455_002_dotnet_host_7.0.15_win_x86.msi.log

Filesize
2KB

MD5
900a3bab8f4245c582b4148b4099a383

SHA1
75e942e18cc75e3d3048ddd72814f8927a69dc25

SHA256
b7f064375f313ca4112fcb1d95ffb0261b08cafe3b6862f0243196bc42ec06d2

SHA512
06cac201833aa44a0692882cba857cced3c5af8b4abf5397760a304225d2f980c611928842e15d883b4f9efbbeb02908419973234a81dcfa4576591d206834ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_7.0.15_(x86)_20250331151455_003_windowsdesktop_runtime_7.0.15_win_x86.msi.log

Filesize
2KB

MD5
1932d8ce560b8f79d0cdf651d0bcbacc

SHA1
37c0951bbe80b811c19c25e167cd1e29f12f84a6

SHA256
28a0ee05e205d681d22ed51927a44093ded6e1bd8bb202593409c7364ebfd166

SHA512
9d94e0867db6c65f1e2623e104fdabfa6b4c229d6e886fb358e93402ce46f9f6ce5b8b1bb4519c939b11b5562e6a003b1201880b919a75916a392a3f78029668

Download Submit
C:\Windows\Installer\MSIA7BA.tmp

Filesize
225KB

MD5
d711da8a6487aea301e05003f327879f

SHA1
548d3779ed3ab7309328f174bfb18d7768d27747

SHA256
3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

SHA512
c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

Download Submit
C:\Windows\Temp\{031DA1E2-AE59-4242-AB70-AB218066B6C9}\.ba\bg.png

Filesize
4KB

MD5
9eb0320dfbf2bd541e6a55c01ddc9f20

SHA1
eb282a66d29594346531b1ff886d455e1dcd6d99

SHA256
9095bf7b6baa0107b40a4a6d727215be077133a190f4ca9bd89a176842141e79

SHA512
9ada3a1757a493fbb004bd767fab8f77430af69d71479f340b8b8ede904cc94cd733700db593a4a2d2e1184c0081fd0648318d867128e1cb461021314990931d

Download Submit
C:\Windows\Temp\{031DA1E2-AE59-4242-AB70-AB218066B6C9}\.ba\wixstdba.dll

Filesize
197KB

MD5
4356ee50f0b1a878e270614780ddf095

SHA1
b5c0915f023b2e4ed3e122322abc40c4437909af

SHA256
41a8787fdc9467f563438daba4131191aa1eb588a81beb9a89fe8bd886c16104

SHA512
b9e482efe9189683dabfc9feff8b386d7eba4ecf070f42a1eebee6052cfb181a19497f831f1ea6429cfcce1d4865a5d279b24bd738d702902e9887bb9f0c4691

Download Submit
C:\Windows\Temp\{031DA1E2-AE59-4242-AB70-AB218066B6C9}\dotnet_host_7.0.15_win_x86.msi

Filesize
732KB

MD5
5f79da720542e611e6bc967e03a16b40

SHA1
733541d95c650dad28c5f605c6ec890614b93094

SHA256
38df9ef14f81576400ad966c7ab1fa39323eda2c1a56992b8eb95dda1eff17f0

SHA512
8673811886fa26e0ec05788f9404b9b961269c614cd149aa93370f7066c9da5ce2ab8b68a3792c0924e175ddff0d83033de3ed6928279bb8cd4fe1bbc480a847

Download Submit
C:\Windows\Temp\{031DA1E2-AE59-4242-AB70-AB218066B6C9}\dotnet_hostfxr_7.0.15_win_x86.msi

Filesize
784KB

MD5
59d86bb5383eeac8bba8283a20be0055

SHA1
012b9cfe421ca5556c00b74e642bb9e142fea64e

SHA256
65d6faaaec8a0bde1ca8c8549800196845015b877e3856429d89af43e438d282

SHA512
b64a18689ae80dbb686b66a73e09ca2917b90302ce150b965581a8eec68c59a1732b10759f8ee9e87e67ee2c861b3214314516638f1e08bb26752dbefa070dac

Download Submit
C:\Windows\Temp\{031DA1E2-AE59-4242-AB70-AB218066B6C9}\dotnet_runtime_7.0.15_win_x86.msi

Filesize
23.7MB

MD5
b6b9d8c4ff319052ca611a58d78ae1e3

SHA1
653586e12e23bc7b7d7209116682a0a0377dde5d

SHA256
7cffcc6d90fe68b86feef763310a409fb17cbba979a685a7ab53924f60d99738

SHA512
e7cc75766e1426cb73f304e529077209e9411864c2326840ed7015ae2b4329c111e5c65fe149329d8c85cdf8e40a51124e3bb0ef455e4d1dcafcbc4c4663b47c

Download Submit
C:\Windows\Temp\{031DA1E2-AE59-4242-AB70-AB218066B6C9}\windowsdesktop_runtime_7.0.15_win_x86.msi

Filesize
26.4MB

MD5
11a0af2caba2216b54e09382d00d0126

SHA1
591d86acf4940f741cf3237c05c24d784dcaa963

SHA256
6965fa26a4ab6057c92516fade20e623b1b1643ced9314328b762135c2d4266c

SHA512
282d8ae7f66993f4d4725b1470cd2bfc3dc9a1770aa44c09c70240fbd6599d3da2b1e6515b2a269e17bc6e9ec4c0ff17a264205c0b9f5c1226585fb688b9884d

Download Submit
C:\Windows\Temp\{675D20EC-2470-47A7-8B8F-6E5B442A72CA}\.cr\net70.exe

Filesize
610KB

MD5
fb39099fa5e536604ec91e44e7fffc1f

SHA1
64a54139f47405fe7b8ebd3a9ce148caac147d43

SHA256
6c7187ac2d63598d846792e1ce77f1db3ce438f39d8cd4589d61ffdfea6a83c3

SHA512
0c76fd68ebc7a923f1e8c48b1391a5158ced2dc4bd6423d491ad9389060dbca6f9e67f26c9f55519e96111791f6e75b0cfcb3b88bb58ad2f7f32ba9f1bed1707

Download Submit
C:\Windows\Temp\{7293BAD3-1885-451B-BC7C-96599FEA9FBA}\.ba\BootstrapperApplicationData.xml

Filesize
7KB

MD5
4ad38378e02949d287314b978a49a88c

SHA1
00e52af0a06f0038af6998df5bdfda9830ae60fc

SHA256
c3b77cb302a9d125e3f95038c3f18b48d9dd1aec9dcfbd7d2c7dda0b5c497f2d

SHA512
5b34917286d5e9486f34b2b5086122a3ecf220f77aa3189db8a3919898d06dde3278617a00b7152bd2147e8699679e3118bafadfcb891aa5084eeab752700307

Download Submit
C:\Windows\Temp\{7293BAD3-1885-451B-BC7C-96599FEA9FBA}\.ba\thm.xml

Filesize
11KB

MD5
302563a713b142ee41b59e3eeac53a90

SHA1
1340e90cc3c6c5fc19a7feb61d7779f4a4f0fdb5

SHA256
83ca096f7ba2c83fc3b3aeb697b8139a788fa35eb8632943e26bb9fff7c78e63

SHA512
c9d4dfc20802bb542178300d1044bb94b35593b834ab0b50875a32953f890e48da456199128500e2c1fee26eaaf8c2c4fcaffb308b37914215f900cdd5c4cbc8

Download Submit
C:\Windows\Temp\{95B7E717-47DD-47D8-82CF-2D204B4B3B33}\.ba\1033\thm.wxl

Filesize
5KB

MD5
d5070cb3387a0a22b7046ae5ab53f371

SHA1
bc9da146a42bbf9496de059ac576869004702a97

SHA256
81a68046b06e09385be8449373e7ceb9e79f7724c3cf11f0b18a4489a8d4926a

SHA512
8fcf621fb9ce74725c3712e06e5b37b619145078491e828c6069e153359de3bd5486663b1fa6f3bcf1c994d5c556b9964ea1a1355100a634a6c700ef37d381e3

Download Submit
memory/2360-87-0x000000007511E000-0x000000007511F000-memory.dmp

Filesize
4KB

Download
memory/2360-138-0x0000000075110000-0x00000000758C0000-memory.dmp

Filesize
7.7MB

Download
memory/2360-0-0x000000007511E000-0x000000007511F000-memory.dmp

Filesize
4KB

Download
memory/2360-9-0x000000000EE40000-0x000000000EE62000-memory.dmp

Filesize
136KB

Download
memory/2360-8-0x000000000ED60000-0x000000000EE12000-memory.dmp

Filesize
712KB

Download
memory/2360-7-0x000000000E9F0000-0x000000000E9FE000-memory.dmp

Filesize
56KB

Download
memory/2360-6-0x000000000EA20000-0x000000000EA58000-memory.dmp

Filesize
224KB

Download
memory/2360-10-0x000000000F990000-0x000000000FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2360-508-0x0000000075110000-0x00000000758C0000-memory.dmp

Filesize
7.7MB

Download
memory/2360-5-0x0000000075110000-0x00000000758C0000-memory.dmp

Filesize
7.7MB

Download
memory/2360-4-0x0000000075110000-0x00000000758C0000-memory.dmp

Filesize
7.7MB

Download
memory/2360-3-0x000000000E1E0000-0x000000000E1E8000-memory.dmp

Filesize
32KB

Download
memory/2360-2-0x0000000075110000-0x00000000758C0000-memory.dmp

Filesize
7.7MB

Download
memory/2360-1-0x0000000000450000-0x0000000001450000-memory.dmp

Filesize
16.0MB

Download