Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
mierda.exe

Overview

General Information

Sample name:mierda.exe
Analysis ID:1573058
MD5:fba1071515dcdf3c4d27d1eb0a7b4769
SHA1:de8b686327fe59314011c23133ed234f255403f5
SHA256:7a418127fb8510cfefc6b9db220168b851ef2748f8252829997b3c61510c830a
Infos:

Detection

Score:25
Range:0 - 100
Whitelisted:false
Confidence:20%

Compliance

Score:49
Range:0 - 100

Signatures

Yara detected Generic Downloader
Checks for available system drives (often done to infect USB drives)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Deletes files inside the Windows folder
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Drops PE files to the windows directory (C:\Windows)
Found dropped PE file which has not been started or loaded
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Uses 32bit PE files

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64_ra
  • mierda.exe (PID: 6152 cmdline: "C:\Users\user\Desktop\mierda.exe" MD5: FBA1071515DCDF3C4D27D1EB0A7B4769)
    • mierda.exe (PID: 6468 cmdline: "C:\Windows\Temp\{93F26B59-68D6-4D87-89B4-59703B612E2C}\.cr\mierda.exe" -burn.clean.room="C:\Users\user\Desktop\mierda.exe" -burn.filehandle.attached=652 -burn.filehandle.self=680 MD5: FBA0B1010E82EE3896E104749F505F54)
      • windowsdesktop-runtime-8.0.11-win-x64.exe (PID: 6760 cmdline: "C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.be\windowsdesktop-runtime-8.0.11-win-x64.exe" -q -burn.elevated BurnPipe.{979512AC-5C49-46FA-B7F8-BD06647A3506} {699829B7-132E-4162-8BDB-33DF84CF8FAD} 6468 MD5: FBA0B1010E82EE3896E104749F505F54)
  • msiexec.exe (PID: 3564 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 3548 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 93086859B01BBB877568710C8714957A MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • msiexec.exe (PID: 6788 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 46CAED801AA912E50A6824BB218FEFDA MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • msiexec.exe (PID: 5748 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 0453BAF3E88A5B208F4E2C9F90D08A9A MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • msiexec.exe (PID: 7120 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding BC4BC7816D23F8A3511EF89EE923A1EF MD5: 9D09DC1EDA745A5F87553048E57620CF)
  • cleanup

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.dllJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
    C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\netstandard.dllJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
      C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.dllJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.dllJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
          C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\netstandard.dllJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
            Click to see the 1 entries

            Sigma Signatures

            No Sigma rule has matched

            Suricata Signatures

            No Suricata rule has matched

            Joe Sandbox Signatures

            • Compliance
            • Spreading
            • Networking
            • System Summary
            • Data Obfuscation
            • Persistence and Installation Behavior
            • Boot Survival
            • Hooking and other Techniques for Hiding and Protection
            • Malware Analysis System Evasion
            • HIPS / PFW / Operating System Protection Evasion
            • Language, Device and Operating System Detection

            Click to jump to signature section

            Show All Signature Results

            Compliance

            barindex
            Source: mierda.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, REMOVABLE_RUN_FROM_SWAP, NET_RUN_FROM_SWAP
            Source: C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.be\windowsdesktop-runtime-8.0.11-win-x64.exeDirectory created: C:\Program Files\dotnet
            Source: C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.be\windowsdesktop-runtime-8.0.11-win-x64.exeDirectory created: C:\Program Files\dotnet\swidtag
            Source: C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.be\windowsdesktop-runtime-8.0.11-win-x64.exeDirectory created: C:\Program Files\dotnet\swidtag\Microsoft Windows Desktop Runtime - 8.0.11 (x64).swidtag
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.IsolatedStorage.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.Compression.ZipFile.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Text.Encodings.Web.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.FileVersionInfo.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Memory.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.Ping.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Configuration.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Collections.Immutable.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\coreclr.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Web.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Transactions.Local.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.Tasks.Extensions.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.Mail.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.DiagnosticSource.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Web.HttpUtility.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\Microsoft.VisualBasic.Core.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.Timer.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.HttpListener.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\Microsoft.Win32.Primitives.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\clretwrc.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\Microsoft.CSharp.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Claims.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Private.Xml.Linq.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\Microsoft.NETCore.App.runtimeconfig.json
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ObjectModel.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Collections.NonGeneric.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.SecureString.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Extensions.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.Compression.FileSystem.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Private.DataContractSerialization.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.Overlapped.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.Thread.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.Process.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Cryptography.Primitives.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.InteropServices.JavaScript.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.Tools.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Numerics.Vectors.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.XmlDocument.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.WebHeaderCollection.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Buffers.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Private.Uri.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ComponentModel.DataAnnotations.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.XDocument.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.AccessControl.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ComponentModel.Annotations.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.InteropServices.RuntimeInformation.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.TextWriterTraceListener.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.Pipes.AccessControl.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.Primitives.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Collections.Concurrent.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ServiceProcess.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\mscordaccore.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.Debug.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Data.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.WebSockets.Client.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Linq.Queryable.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Globalization.Calendars.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Linq.Expressions.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.Tasks.Dataflow.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Serialization.Json.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Loader.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.NetworkInformation.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Linq.Parallel.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ComponentModel.Primitives.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Console.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.Tasks.Parallel.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.FileSystem.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ServiceModel.Web.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Data.Common.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Principal.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.ReaderWriter.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\mscordbi.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Text.Json.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.Pipes.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Resources.ResourceManager.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.FileSystem.DriveInfo.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.Primitives.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Cryptography.Csp.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Principal.Windows.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.CompilerServices.Unsafe.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.XmlSerializer.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.Emit.ILGeneration.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.Tasks.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.Compression.Brotli.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.WebProxy.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.FileSystem.Watcher.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Serialization.Primitives.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.InteropServices.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.CompilerServices.VisualC.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Serialization.Xml.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Windows.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\mscorlib.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Collections.Specialized.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.Sockets.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Resources.Reader.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ValueTuple.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.MemoryMappedFiles.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Globalization.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.XPath.XDocument.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.Security.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Text.Encoding.Extensions.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Formats.Asn1.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.FileSystem.Primitives.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.NameResolution.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.StackTrace.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Drawing.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\Microsoft.DiaSymReader.Native.amd64.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\hostpolicy.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.ServicePoint.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\Microsoft.VisualBasic.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\WindowsBase.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Serialization.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\clrjit.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\mscordaccore_amd64_amd64_8.0.1124.51707.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.ThreadPool.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Intrinsics.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.Quic.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Transactions.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.Channels.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Numerics.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.Metadata.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.AppContext.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Cryptography.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Dynamic.Runtime.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Formats.Tar.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.Http.Json.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.Tracing.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Globalization.Extensions.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.Emit.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ComponentModel.TypeConverter.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Linq.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.Compression.Native.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Private.CoreLib.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Cryptography.Cng.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.UnmanagedMemoryStream.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Collections.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.XPath.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Data.DataSetExtensions.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.WebClient.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ComponentModel.EventBasedAsync.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Cryptography.Algorithms.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Handles.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.WebSockets.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Text.RegularExpressions.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\Microsoft.Win32.Registry.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\createdump.exe
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ComponentModel.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.Compression.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Serialization.Formatters.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Drawing.Primitives.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.FileSystem.AccessControl.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.Emit.Lightweight.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\mscorrc.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Text.Encoding.CodePages.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.Http.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Private.Xml.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\.version
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.Extensions.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Numerics.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.Requests.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.TypeExtensions.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.DispatchProxy.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Text.Encoding.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.Serialization.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Resources.Writer.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.TraceSource.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\netstandard.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\Microsoft.NETCore.App.deps.json
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Cryptography.Encoding.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Core.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Cryptography.X509Certificates.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.Contracts.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Cryptography.OpenSsl.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.Linq.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\clrgc.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\msquic.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\host
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\host\fxr
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\host\fxr\8.0.11
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\host\fxr\8.0.11\hostfxr.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\dotnet.exe
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\LICENSE.txt
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\ThirdPartyNotices.txt
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans\System.Xaml.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr\UIAutomationClient.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr\PresentationFramework.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl\System.Windows.Controls.Ribbon.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant\System.Windows.Controls.Ribbon.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR\PresentationUI.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\PresentationFramework-SystemXml.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja\System.Windows.Forms.Primitives.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr\UIAutomationClient.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans\WindowsBase.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko\Microsoft.VisualBasic.Forms.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja\PresentationCore.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko\System.Windows.Controls.Ribbon.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es\UIAutomationProvider.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko\System.Windows.Forms.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru\UIAutomationTypes.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\PresentationUI.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\D3DCompiler_47_cor3.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de\PresentationCore.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja\WindowsFormsIntegration.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\Microsoft.Win32.SystemEvents.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it\UIAutomationTypes.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs\UIAutomationClient.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\Microsoft.WindowsDesktop.App.runtimeconfig.json
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de\System.Xaml.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr\System.Windows.Controls.Ribbon.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Resources.Extensions.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\Microsoft.VisualBasic.Forms.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR\UIAutomationProvider.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\PresentationFramework.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko\PresentationCore.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr\WindowsFormsIntegration.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Windows.Forms.Primitives.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru\System.Windows.Forms.Design.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it\UIAutomationClient.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja\System.Windows.Forms.Design.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es\System.Windows.Controls.Ribbon.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja\PresentationFramework.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr\System.Windows.Forms.Primitives.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru\System.Windows.Input.Manipulations.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de\System.Windows.Input.Manipulations.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Diagnostics.EventLog.Messages.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es\Microsoft.VisualBasic.Forms.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\UIAutomationClientSideProviders.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru\UIAutomationClient.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr\Microsoft.VisualBasic.Forms.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans\UIAutomationClient.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es\PresentationCore.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl\System.Windows.Input.Manipulations.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es\UIAutomationTypes.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr\WindowsBase.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\PenImc_cor3.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\PresentationFramework.Luna.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Diagnostics.PerformanceCounter.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\DirectWriteForwarder.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl\PresentationUI.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs\PresentationCore.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\vcruntime140_cor3.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko\UIAutomationClient.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja\System.Windows.Input.Manipulations.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it\System.Windows.Forms.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja\Microsoft.VisualBasic.Forms.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs\System.Windows.Forms.Primitives.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans\System.Windows.Forms.Design.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl\UIAutomationProvider.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko\UIAutomationProvider.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Windows.Extensions.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru\UIAutomationClientSideProviders.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr\PresentationFramework.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it\UIAutomationClientSideProviders.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR\UIAutomationClientSideProviders.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru\ReachFramework.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs\System.Windows.Forms.Design.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Configuration.ConfigurationManager.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de\System.Windows.Forms.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr\PresentationUI.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de\UIAutomationClientSideProviders.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR\ReachFramework.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs\PresentationUI.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant\ReachFramework.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it\PresentationUI.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant\Microsoft.VisualBasic.Forms.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr\WindowsFormsIntegration.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl\PresentationCore.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Security.Cryptography.Xml.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko\System.Windows.Forms.Primitives.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR\System.Xaml.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl\UIAutomationClient.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\PresentationFramework-SystemXmlLinq.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs\WindowsBase.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Xaml.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es\System.Windows.Forms.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Diagnostics.EventLog.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Windows.Presentation.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans\PresentationFramework.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\PresentationCore.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs\UIAutomationProvider.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru\WindowsBase.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR\Microsoft.VisualBasic.Forms.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru\System.Windows.Forms.Primitives.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja\PresentationUI.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans\PresentationUI.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es\System.Xaml.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs\UIAutomationClientSideProviders.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr\UIAutomationTypes.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr\PresentationCore.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Security.Cryptography.Pkcs.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es\WindowsBase.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\PresentationFramework.AeroLite.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans\UIAutomationProvider.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.IO.Packaging.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl\WindowsFormsIntegration.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es\ReachFramework.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr\System.Windows.Input.Manipulations.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de\PresentationFramework.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Design.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it\System.Windows.Forms.Primitives.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja\UIAutomationClient.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de\UIAutomationTypes.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it\System.Windows.Controls.Ribbon.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant\WindowsFormsIntegration.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru\UIAutomationProvider.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR\System.Windows.Forms.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru\WindowsFormsIntegration.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr\System.Windows.Input.Manipulations.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs\System.Windows.Forms.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant\UIAutomationClientSideProviders.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\Microsoft.WindowsDesktop.App.deps.json
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Drawing.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr\System.Windows.Forms.Design.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Drawing.Common.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans\UIAutomationClientSideProviders.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans\PresentationCore.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs\System.Windows.Controls.Ribbon.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru\System.Windows.Controls.Ribbon.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es\System.Windows.Forms.Design.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru\PresentationFramework.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant\UIAutomationClient.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr\UIAutomationProvider.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it\System.Windows.Forms.Design.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR\WindowsBase.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de\System.Windows.Controls.Ribbon.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR\System.Windows.Forms.Primitives.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de\WindowsFormsIntegration.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de\System.Windows.Forms.Primitives.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant\System.Xaml.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja\WindowsBase.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it\PresentationCore.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR\UIAutomationClient.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja\UIAutomationProvider.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Security.Cryptography.ProtectedData.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it\Microsoft.VisualBasic.Forms.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs\Microsoft.VisualBasic.Forms.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant\UIAutomationProvider.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko\UIAutomationTypes.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Windows.Forms.Design.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de\UIAutomationClient.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es\PresentationUI.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr\UIAutomationClientSideProviders.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja\ReachFramework.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans\Microsoft.VisualBasic.Forms.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans\System.Windows.Controls.Ribbon.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant\PresentationFramework.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\PresentationFramework-SystemData.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es\UIAutomationClientSideProviders.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko\WindowsFormsIntegration.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko\ReachFramework.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr\System.Xaml.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko\System.Windows.Forms.Design.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR\UIAutomationTypes.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it\WindowsBase.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.DirectoryServices.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr\Microsoft.VisualBasic.Forms.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\UIAutomationTypes.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Drawing.Design.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de\PresentationUI.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr\WindowsBase.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ReachFramework.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl\System.Windows.Forms.Design.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Printing.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs\WindowsFormsIntegration.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR\PresentationFramework.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.CodeDom.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko\PresentationUI.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl\System.Windows.Forms.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it\WindowsFormsIntegration.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans\ReachFramework.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr\UIAutomationProvider.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr\UIAutomationTypes.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr\System.Windows.Forms.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs\System.Xaml.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru\System.Windows.Forms.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr\PresentationUI.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko\WindowsBase.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans\System.Windows.Forms.Primitives.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de\System.Windows.Forms.Design.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Security.Permissions.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru\PresentationUI.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko\System.Xaml.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es\System.Windows.Forms.Primitives.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\Microsoft.VisualBasic.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de\Microsoft.VisualBasic.Forms.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans\System.Windows.Input.Manipulations.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es\System.Windows.Input.Manipulations.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it\ReachFramework.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de\WindowsBase.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Windows.Controls.Ribbon.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es\UIAutomationClient.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr\ReachFramework.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans\UIAutomationTypes.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans\System.Windows.Forms.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\PresentationFramework.Aero2.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl\System.Xaml.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru\System.Xaml.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl\UIAutomationTypes.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr\PresentationCore.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it\UIAutomationProvider.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de\UIAutomationProvider.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant\System.Windows.Forms.Primitives.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr\System.Windows.Controls.Ribbon.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja\System.Windows.Controls.Ribbon.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR\WindowsFormsIntegration.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\PresentationFramework.Classic.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs\ReachFramework.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr\System.Windows.Forms.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant\System.Windows.Forms.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl\Microsoft.VisualBasic.Forms.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\PresentationFramework-SystemDrawing.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\PresentationFramework-SystemCore.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\PresentationFramework.Aero.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr\System.Windows.Forms.Primitives.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru\PresentationCore.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl\PresentationFramework.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\Accessibility.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant\System.Windows.Forms.Design.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl\System.Windows.Forms.Primitives.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru\Microsoft.VisualBasic.Forms.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es\PresentationFramework.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Windows.Input.Manipulations.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja\System.Xaml.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko\PresentationFramework.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\UIAutomationProvider.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko\UIAutomationClientSideProviders.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Threading.AccessControl.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr\UIAutomationClientSideProviders.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr\System.Xaml.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\wpfgfx_cor3.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko\System.Windows.Input.Manipulations.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans\WindowsFormsIntegration.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs\System.Windows.Input.Manipulations.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it\System.Xaml.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR\PresentationCore.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant\UIAutomationTypes.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant\WindowsBase.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR\System.Windows.Forms.Design.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja\System.Windows.Forms.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\PresentationFramework.Royale.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR\System.Windows.Input.Manipulations.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr\System.Windows.Forms.Design.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl\ReachFramework.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\PresentationNative_cor3.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\WindowsFormsIntegration.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs\PresentationFramework.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es\WindowsFormsIntegration.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr\ReachFramework.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Windows.Forms.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it\PresentationFramework.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de\ReachFramework.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR\System.Windows.Controls.Ribbon.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\UIAutomationClient.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Windows.Forms.Design.Editors.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it\System.Windows.Input.Manipulations.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant\PresentationUI.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja\UIAutomationClientSideProviders.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\Microsoft.Win32.Registry.AccessControl.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs\UIAutomationTypes.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl\WindowsBase.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl\UIAutomationClientSideProviders.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja\UIAutomationTypes.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\WindowsBase.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant\System.Windows.Input.Manipulations.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant\PresentationCore.resources.dll
            Source: C:\Windows\System32\msiexec.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9C80213E-9079-4561-8D57-1FDD0D62251F}
            Source: C:\Windows\Temp\{93F26B59-68D6-4D87-89B4-59703B612E2C}\.cr\mierda.exeFile created: C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.ba\eula.rtf
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\LICENSE.txt
            Source: mierda.exeStatic PE information: certificate valid
            Source: mierda.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
            Source: C:\Windows\System32\msiexec.exeFile opened: z:
            Source: C:\Windows\System32\msiexec.exeFile opened: x:
            Source: C:\Windows\System32\msiexec.exeFile opened: v:
            Source: C:\Windows\System32\msiexec.exeFile opened: t:
            Source: C:\Windows\System32\msiexec.exeFile opened: r:
            Source: C:\Windows\System32\msiexec.exeFile opened: p:
            Source: C:\Windows\System32\msiexec.exeFile opened: n:
            Source: C:\Windows\System32\msiexec.exeFile opened: l:
            Source: C:\Windows\System32\msiexec.exeFile opened: j:
            Source: C:\Windows\System32\msiexec.exeFile opened: h:
            Source: C:\Windows\System32\msiexec.exeFile opened: f:
            Source: C:\Windows\System32\msiexec.exeFile opened: b:
            Source: C:\Windows\System32\msiexec.exeFile opened: y:
            Source: C:\Windows\System32\msiexec.exeFile opened: w:
            Source: C:\Windows\System32\msiexec.exeFile opened: u:
            Source: C:\Windows\System32\msiexec.exeFile opened: s:
            Source: C:\Windows\System32\msiexec.exeFile opened: q:
            Source: C:\Windows\System32\msiexec.exeFile opened: o:
            Source: C:\Windows\System32\msiexec.exeFile opened: m:
            Source: C:\Windows\System32\msiexec.exeFile opened: k:
            Source: C:\Windows\System32\msiexec.exeFile opened: i:
            Source: C:\Windows\System32\msiexec.exeFile opened: g:
            Source: C:\Windows\System32\msiexec.exeFile opened: e:
            Source: C:\Windows\System32\msiexec.exeFile opened: c:
            Source: C:\Windows\System32\msiexec.exeFile opened: a:
            Source: C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.be\windowsdesktop-runtime-8.0.11-win-x64.exeFile opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\NULL
            Source: C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.be\windowsdesktop-runtime-8.0.11-win-x64.exeFile opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\packages
            Source: C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.be\windowsdesktop-runtime-8.0.11-win-x64.exeFile opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\packages\vcRuntimeAdditional_amd64
            Source: C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.be\windowsdesktop-runtime-8.0.11-win-x64.exeFile opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532
            Source: C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.be\windowsdesktop-runtime-8.0.11-win-x64.exeFile opened: C:\ProgramData\Package Cache\NULL
            Source: C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.be\windowsdesktop-runtime-8.0.11-win-x64.exeFile opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\packages\NULL

            Networking

            barindex
            Source: Yara matchFile source: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.dll, type: DROPPED
            Source: Yara matchFile source: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\netstandard.dll, type: DROPPED
            Source: Yara matchFile source: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.dll, type: DROPPED
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\5596c4.msi
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI9B67.tmp
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipi
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{9C80213E-9079-4561-8D57-1FDD0D62251F}
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI9D0E.tmp
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\5596c7.msi
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\5596c7.msi
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIB3B4.tmp
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\5596c8.msi
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIB6D2.tmp
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipi
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{F59C11F0-D73F-452B-8D1D-8C33B82D8507}
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIB760.tmp
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\5596cb.msi
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\5596cb.msi
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIB84B.tmp
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\5596cc.msi
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIBAEC.tmp
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipi
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{362B4D0D-8438-44DA-86B2-FEC44E000FCA}
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIBB5A.tmp
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\5596cf.msi
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\5596cf.msi
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIBD6E.tmp
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\5596d0.msi
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC1C5.tmp
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipi
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{C0790AA0-0F40-4836-85B2-677B87625E63}
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC35C.tmp
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\5596d3.msi
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\5596d3.msi
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE397.tmp
            Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSI9B67.tmp
            Source: mierda.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, REMOVABLE_RUN_FROM_SWAP, NET_RUN_FROM_SWAP
            Source: classification engineClassification label: sus25.troj.winEXE@14/504@0/0
            Source: C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.be\windowsdesktop-runtime-8.0.11-win-x64.exeFile created: C:\Program Files\dotnet
            Source: C:\Users\user\Desktop\mierda.exeFile created: C:\Windows\Temp\{93F26B59-68D6-4D87-89B4-59703B612E2C}\
            Source: mierda.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: C:\Windows\Temp\{93F26B59-68D6-4D87-89B4-59703B612E2C}\.cr\mierda.exeFile read: C:\Users\user\Desktop\desktop.ini
            Source: C:\Users\user\Desktop\mierda.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
            Source: C:\Users\user\Desktop\mierda.exeFile read: C:\Users\user\Desktop\mierda.exe
            Source: unknownProcess created: C:\Users\user\Desktop\mierda.exe "C:\Users\user\Desktop\mierda.exe"
            Source: C:\Users\user\Desktop\mierda.exeProcess created: C:\Windows\Temp\{93F26B59-68D6-4D87-89B4-59703B612E2C}\.cr\mierda.exe "C:\Windows\Temp\{93F26B59-68D6-4D87-89B4-59703B612E2C}\.cr\mierda.exe" -burn.clean.room="C:\Users\user\Desktop\mierda.exe" -burn.filehandle.attached=652 -burn.filehandle.self=680
            Source: C:\Windows\Temp\{93F26B59-68D6-4D87-89B4-59703B612E2C}\.cr\mierda.exeProcess created: C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.be\windowsdesktop-runtime-8.0.11-win-x64.exe "C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.be\windowsdesktop-runtime-8.0.11-win-x64.exe" -q -burn.elevated BurnPipe.{979512AC-5C49-46FA-B7F8-BD06647A3506} {699829B7-132E-4162-8BDB-33DF84CF8FAD} 6468
            Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
            Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 93086859B01BBB877568710C8714957A
            Source: C:\Users\user\Desktop\mierda.exeProcess created: C:\Windows\Temp\{93F26B59-68D6-4D87-89B4-59703B612E2C}\.cr\mierda.exe "C:\Windows\Temp\{93F26B59-68D6-4D87-89B4-59703B612E2C}\.cr\mierda.exe" -burn.clean.room="C:\Users\user\Desktop\mierda.exe" -burn.filehandle.attached=652 -burn.filehandle.self=680
            Source: C:\Windows\Temp\{93F26B59-68D6-4D87-89B4-59703B612E2C}\.cr\mierda.exeProcess created: C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.be\windowsdesktop-runtime-8.0.11-win-x64.exe "C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.be\windowsdesktop-runtime-8.0.11-win-x64.exe" -q -burn.elevated BurnPipe.{979512AC-5C49-46FA-B7F8-BD06647A3506} {699829B7-132E-4162-8BDB-33DF84CF8FAD} 6468
            Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 46CAED801AA912E50A6824BB218FEFDA
            Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 0453BAF3E88A5B208F4E2C9F90D08A9A
            Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding BC4BC7816D23F8A3511EF89EE923A1EF
            Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 93086859B01BBB877568710C8714957A
            Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 46CAED801AA912E50A6824BB218FEFDA
            Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 0453BAF3E88A5B208F4E2C9F90D08A9A
            Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding BC4BC7816D23F8A3511EF89EE923A1EF
            Source: C:\Users\user\Desktop\mierda.exeSection loaded: kernel.appcore.dll
            Source: C:\Users\user\Desktop\mierda.exeSection loaded: cryptbase.dll
            Source: C:\Users\user\Desktop\mierda.exeSection loaded: msi.dll
            Source: C:\Users\user\Desktop\mierda.exeSection loaded: version.dll
            Source: C:\Users\user\Desktop\mierda.exeSection loaded: cabinet.dll
            Source: C:\Users\user\Desktop\mierda.exeSection loaded: msxml3.dll
            Source: C:\Users\user\Desktop\mierda.exeSection loaded: windows.storage.dll
            Source: C:\Users\user\Desktop\mierda.exeSection loaded: wldp.dll
            Source: C:\Users\user\Desktop\mierda.exeSection loaded: profapi.dll
            Source: C:\Users\user\Desktop\mierda.exeSection loaded: feclient.dll
            Source: C:\Users\user\Desktop\mierda.exeSection loaded: iertutil.dll
            Source: C:\Users\user\Desktop\mierda.exeSection loaded: apphelp.dll
            Source: C:\Windows\Temp\{93F26B59-68D6-4D87-89B4-59703B612E2C}\.cr\mierda.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\Temp\{93F26B59-68D6-4D87-89B4-59703B612E2C}\.cr\mierda.exeSection loaded: cryptbase.dll
            Source: C:\Windows\Temp\{93F26B59-68D6-4D87-89B4-59703B612E2C}\.cr\mierda.exeSection loaded: msi.dll
            Source: C:\Windows\Temp\{93F26B59-68D6-4D87-89B4-59703B612E2C}\.cr\mierda.exeSection loaded: version.dll
            Source: C:\Windows\Temp\{93F26B59-68D6-4D87-89B4-59703B612E2C}\.cr\mierda.exeSection loaded: cabinet.dll
            Source: C:\Windows\Temp\{93F26B59-68D6-4D87-89B4-59703B612E2C}\.cr\mierda.exeSection loaded: msxml3.dll
            Source: C:\Windows\Temp\{93F26B59-68D6-4D87-89B4-59703B612E2C}\.cr\mierda.exeSection loaded: windows.storage.dll
            Source: C:\Windows\Temp\{93F26B59-68D6-4D87-89B4-59703B612E2C}\.cr\mierda.exeSection loaded: wldp.dll
            Source: C:\Windows\Temp\{93F26B59-68D6-4D87-89B4-59703B612E2C}\.cr\mierda.exeSection loaded: profapi.dll
            Source: C:\Windows\Temp\{93F26B59-68D6-4D87-89B4-59703B612E2C}\.cr\mierda.exeSection loaded: feclient.dll
            Source: C:\Windows\Temp\{93F26B59-68D6-4D87-89B4-59703B612E2C}\.cr\mierda.exeSection loaded: iertutil.dll
            Source: C:\Windows\Temp\{93F26B59-68D6-4D87-89B4-59703B612E2C}\.cr\mierda.exeSection loaded: uxtheme.dll
            Source: C:\Windows\Temp\{93F26B59-68D6-4D87-89B4-59703B612E2C}\.cr\mierda.exeSection loaded: textinputframework.dll
            Source: C:\Windows\Temp\{93F26B59-68D6-4D87-89B4-59703B612E2C}\.cr\mierda.exeSection loaded: coreuicomponents.dll
            Source: C:\Windows\Temp\{93F26B59-68D6-4D87-89B4-59703B612E2C}\.cr\mierda.exeSection loaded: coremessaging.dll
            Source: C:\Windows\Temp\{93F26B59-68D6-4D87-89B4-59703B612E2C}\.cr\mierda.exeSection loaded: ntmarta.dll
            Source: C:\Windows\Temp\{93F26B59-68D6-4D87-89B4-59703B612E2C}\.cr\mierda.exeSection loaded: wintypes.dll
            Source: C:\Windows\Temp\{93F26B59-68D6-4D87-89B4-59703B612E2C}\.cr\mierda.exeSection loaded: wintypes.dll
            Source: C:\Windows\Temp\{93F26B59-68D6-4D87-89B4-59703B612E2C}\.cr\mierda.exeSection loaded: wintypes.dll
            Source: C:\Windows\Temp\{93F26B59-68D6-4D87-89B4-59703B612E2C}\.cr\mierda.exeSection loaded: msimg32.dll
            Source: C:\Windows\Temp\{93F26B59-68D6-4D87-89B4-59703B612E2C}\.cr\mierda.exeSection loaded: windowscodecs.dll
            Source: C:\Windows\Temp\{93F26B59-68D6-4D87-89B4-59703B612E2C}\.cr\mierda.exeSection loaded: explorerframe.dll
            Source: C:\Windows\Temp\{93F26B59-68D6-4D87-89B4-59703B612E2C}\.cr\mierda.exeSection loaded: textshaping.dll
            Source: C:\Windows\Temp\{93F26B59-68D6-4D87-89B4-59703B612E2C}\.cr\mierda.exeSection loaded: propsys.dll
            Source: C:\Windows\Temp\{93F26B59-68D6-4D87-89B4-59703B612E2C}\.cr\mierda.exeSection loaded: edputil.dll
            Source: C:\Windows\Temp\{93F26B59-68D6-4D87-89B4-59703B612E2C}\.cr\mierda.exeSection loaded: urlmon.dll
            Source: C:\Windows\Temp\{93F26B59-68D6-4D87-89B4-59703B612E2C}\.cr\mierda.exeSection loaded: srvcli.dll
            Source: C:\Windows\Temp\{93F26B59-68D6-4D87-89B4-59703B612E2C}\.cr\mierda.exeSection loaded: netutils.dll
            Source: C:\Windows\Temp\{93F26B59-68D6-4D87-89B4-59703B612E2C}\.cr\mierda.exeSection loaded: windows.staterepositoryps.dll
            Source: C:\Windows\Temp\{93F26B59-68D6-4D87-89B4-59703B612E2C}\.cr\mierda.exeSection loaded: sspicli.dll
            Source: C:\Windows\Temp\{93F26B59-68D6-4D87-89B4-59703B612E2C}\.cr\mierda.exeSection loaded: appresolver.dll
            Source: C:\Windows\Temp\{93F26B59-68D6-4D87-89B4-59703B612E2C}\.cr\mierda.exeSection loaded: bcp47langs.dll
            Source: C:\Windows\Temp\{93F26B59-68D6-4D87-89B4-59703B612E2C}\.cr\mierda.exeSection loaded: slc.dll
            Source: C:\Windows\Temp\{93F26B59-68D6-4D87-89B4-59703B612E2C}\.cr\mierda.exeSection loaded: userenv.dll
            Source: C:\Windows\Temp\{93F26B59-68D6-4D87-89B4-59703B612E2C}\.cr\mierda.exeSection loaded: sppc.dll
            Source: C:\Windows\Temp\{93F26B59-68D6-4D87-89B4-59703B612E2C}\.cr\mierda.exeSection loaded: onecorecommonproxystub.dll
            Source: C:\Windows\Temp\{93F26B59-68D6-4D87-89B4-59703B612E2C}\.cr\mierda.exeSection loaded: onecoreuapcommonproxystub.dll
            Source: C:\Windows\Temp\{93F26B59-68D6-4D87-89B4-59703B612E2C}\.cr\mierda.exeSection loaded: apphelp.dll
            Source: C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.be\windowsdesktop-runtime-8.0.11-win-x64.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.be\windowsdesktop-runtime-8.0.11-win-x64.exeSection loaded: cryptbase.dll
            Source: C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.be\windowsdesktop-runtime-8.0.11-win-x64.exeSection loaded: msi.dll
            Source: C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.be\windowsdesktop-runtime-8.0.11-win-x64.exeSection loaded: version.dll
            Source: C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.be\windowsdesktop-runtime-8.0.11-win-x64.exeSection loaded: cabinet.dll
            Source: C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.be\windowsdesktop-runtime-8.0.11-win-x64.exeSection loaded: msxml3.dll
            Source: C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.be\windowsdesktop-runtime-8.0.11-win-x64.exeSection loaded: windows.storage.dll
            Source: C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.be\windowsdesktop-runtime-8.0.11-win-x64.exeSection loaded: wldp.dll
            Source: C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.be\windowsdesktop-runtime-8.0.11-win-x64.exeSection loaded: profapi.dll
            Source: C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.be\windowsdesktop-runtime-8.0.11-win-x64.exeSection loaded: uxtheme.dll
            Source: C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.be\windowsdesktop-runtime-8.0.11-win-x64.exeSection loaded: textinputframework.dll
            Source: C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.be\windowsdesktop-runtime-8.0.11-win-x64.exeSection loaded: coreuicomponents.dll
            Source: C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.be\windowsdesktop-runtime-8.0.11-win-x64.exeSection loaded: coremessaging.dll
            Source: C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.be\windowsdesktop-runtime-8.0.11-win-x64.exeSection loaded: ntmarta.dll
            Source: C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.be\windowsdesktop-runtime-8.0.11-win-x64.exeSection loaded: wintypes.dll
            Source: C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.be\windowsdesktop-runtime-8.0.11-win-x64.exeSection loaded: wintypes.dll
            Source: C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.be\windowsdesktop-runtime-8.0.11-win-x64.exeSection loaded: wintypes.dll
            Source: C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.be\windowsdesktop-runtime-8.0.11-win-x64.exeSection loaded: srclient.dll
            Source: C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.be\windowsdesktop-runtime-8.0.11-win-x64.exeSection loaded: spp.dll
            Source: C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.be\windowsdesktop-runtime-8.0.11-win-x64.exeSection loaded: powrprof.dll
            Source: C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.be\windowsdesktop-runtime-8.0.11-win-x64.exeSection loaded: vssapi.dll
            Source: C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.be\windowsdesktop-runtime-8.0.11-win-x64.exeSection loaded: vsstrace.dll
            Source: C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.be\windowsdesktop-runtime-8.0.11-win-x64.exeSection loaded: umpdc.dll
            Source: C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.be\windowsdesktop-runtime-8.0.11-win-x64.exeSection loaded: usoapi.dll
            Source: C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.be\windowsdesktop-runtime-8.0.11-win-x64.exeSection loaded: cryptsp.dll
            Source: C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.be\windowsdesktop-runtime-8.0.11-win-x64.exeSection loaded: rsaenh.dll
            Source: C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.be\windowsdesktop-runtime-8.0.11-win-x64.exeSection loaded: feclient.dll
            Source: C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.be\windowsdesktop-runtime-8.0.11-win-x64.exeSection loaded: iertutil.dll
            Source: C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.be\windowsdesktop-runtime-8.0.11-win-x64.exeSection loaded: srpapi.dll
            Source: C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.be\windowsdesktop-runtime-8.0.11-win-x64.exeSection loaded: tsappcmp.dll
            Source: C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.be\windowsdesktop-runtime-8.0.11-win-x64.exeSection loaded: netapi32.dll
            Source: C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.be\windowsdesktop-runtime-8.0.11-win-x64.exeSection loaded: wkscli.dll
            Source: C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.be\windowsdesktop-runtime-8.0.11-win-x64.exeSection loaded: netutils.dll
            Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dll
            Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dll
            Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dll
            Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dll
            Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dll
            Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dll
            Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dll
            Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dll
            Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dll
            Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dll
            Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dll
            Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dll
            Source: C:\Windows\System32\msiexec.exeSection loaded: msasn1.dll
            Source: C:\Windows\System32\msiexec.exeSection loaded: cryptsp.dll
            Source: C:\Windows\System32\msiexec.exeSection loaded: rsaenh.dll
            Source: C:\Windows\System32\msiexec.exeSection loaded: cryptbase.dll
            Source: C:\Windows\System32\msiexec.exeSection loaded: msisip.dll
            Source: C:\Windows\System32\msiexec.exeSection loaded: gpapi.dll
            Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dll
            Source: C:\Windows\System32\msiexec.exeSection loaded: version.dll
            Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dll
            Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dll
            Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dll
            Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dll
            Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dll
            Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dll
            Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dll
            Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dll
            Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dll
            Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dll
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dll
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dll
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dll
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dll
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dll
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dll
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dll
            Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dll
            Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dll
            Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dll
            Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dll
            Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dll
            Source: C:\Windows\System32\msiexec.exeSection loaded: winsta.dll
            Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dll
            Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dll
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dll
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dll
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dll
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dll
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dll
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dll
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dll
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dll
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dll
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dll
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dll
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dll
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dll
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dll
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dll
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dll
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dll
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dll
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dll
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dll
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dll
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dll
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dll
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dll
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dll
            Source: C:\Users\user\Desktop\mierda.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\InProcServer32
            Source: C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.be\windowsdesktop-runtime-8.0.11-win-x64.exeDirectory created: C:\Program Files\dotnet
            Source: C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.be\windowsdesktop-runtime-8.0.11-win-x64.exeDirectory created: C:\Program Files\dotnet\swidtag
            Source: C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.be\windowsdesktop-runtime-8.0.11-win-x64.exeDirectory created: C:\Program Files\dotnet\swidtag\Microsoft Windows Desktop Runtime - 8.0.11 (x64).swidtag
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.IsolatedStorage.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.Compression.ZipFile.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Text.Encodings.Web.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.FileVersionInfo.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Memory.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.Ping.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Configuration.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Collections.Immutable.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\coreclr.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Web.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Transactions.Local.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.Tasks.Extensions.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.Mail.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.DiagnosticSource.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Web.HttpUtility.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\Microsoft.VisualBasic.Core.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.Timer.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.HttpListener.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\Microsoft.Win32.Primitives.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\clretwrc.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\Microsoft.CSharp.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Claims.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Private.Xml.Linq.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\Microsoft.NETCore.App.runtimeconfig.json
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ObjectModel.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Collections.NonGeneric.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.SecureString.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Extensions.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.Compression.FileSystem.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Private.DataContractSerialization.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.Overlapped.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.Thread.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.Process.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Cryptography.Primitives.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.InteropServices.JavaScript.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.Tools.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Numerics.Vectors.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.XmlDocument.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.WebHeaderCollection.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Buffers.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Private.Uri.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ComponentModel.DataAnnotations.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.XDocument.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.AccessControl.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ComponentModel.Annotations.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.InteropServices.RuntimeInformation.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.TextWriterTraceListener.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.Pipes.AccessControl.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.Primitives.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Collections.Concurrent.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ServiceProcess.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\mscordaccore.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.Debug.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Data.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.WebSockets.Client.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Linq.Queryable.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Globalization.Calendars.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Linq.Expressions.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.Tasks.Dataflow.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Serialization.Json.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Loader.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.NetworkInformation.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Linq.Parallel.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ComponentModel.Primitives.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Console.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.Tasks.Parallel.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.FileSystem.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ServiceModel.Web.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Data.Common.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Principal.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.ReaderWriter.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\mscordbi.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Text.Json.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.Pipes.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Resources.ResourceManager.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.FileSystem.DriveInfo.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.Primitives.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Cryptography.Csp.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Principal.Windows.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.CompilerServices.Unsafe.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.XmlSerializer.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.Emit.ILGeneration.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.Tasks.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.Compression.Brotli.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.WebProxy.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.FileSystem.Watcher.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Serialization.Primitives.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.InteropServices.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.CompilerServices.VisualC.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Serialization.Xml.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Windows.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\mscorlib.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Collections.Specialized.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.Sockets.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Resources.Reader.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ValueTuple.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.MemoryMappedFiles.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Globalization.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.XPath.XDocument.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.Security.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Text.Encoding.Extensions.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Formats.Asn1.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.FileSystem.Primitives.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.NameResolution.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.StackTrace.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Drawing.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\Microsoft.DiaSymReader.Native.amd64.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\hostpolicy.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.ServicePoint.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\Microsoft.VisualBasic.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\WindowsBase.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Serialization.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\clrjit.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\mscordaccore_amd64_amd64_8.0.1124.51707.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.ThreadPool.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Intrinsics.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.Quic.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Transactions.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.Channels.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Numerics.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.Metadata.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.AppContext.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Cryptography.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Dynamic.Runtime.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Formats.Tar.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.Http.Json.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.Tracing.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Globalization.Extensions.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.Emit.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ComponentModel.TypeConverter.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Linq.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.Compression.Native.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Private.CoreLib.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Cryptography.Cng.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.UnmanagedMemoryStream.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Collections.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.XPath.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Data.DataSetExtensions.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.WebClient.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ComponentModel.EventBasedAsync.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Cryptography.Algorithms.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Handles.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.WebSockets.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Text.RegularExpressions.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\Microsoft.Win32.Registry.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\createdump.exe
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ComponentModel.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.Compression.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Serialization.Formatters.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Drawing.Primitives.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.FileSystem.AccessControl.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.Emit.Lightweight.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\mscorrc.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Text.Encoding.CodePages.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.Http.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Private.Xml.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\.version
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.Extensions.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Numerics.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.Requests.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.TypeExtensions.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.DispatchProxy.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Text.Encoding.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.Serialization.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Resources.Writer.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.TraceSource.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\netstandard.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\Microsoft.NETCore.App.deps.json
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Cryptography.Encoding.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Core.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Cryptography.X509Certificates.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.Contracts.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Cryptography.OpenSsl.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.Linq.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\clrgc.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\msquic.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\host
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\host\fxr
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\host\fxr\8.0.11
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\host\fxr\8.0.11\hostfxr.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\dotnet.exe
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\LICENSE.txt
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\ThirdPartyNotices.txt
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans\System.Xaml.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr\UIAutomationClient.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr\PresentationFramework.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl\System.Windows.Controls.Ribbon.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant\System.Windows.Controls.Ribbon.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR\PresentationUI.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\PresentationFramework-SystemXml.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja\System.Windows.Forms.Primitives.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr\UIAutomationClient.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans\WindowsBase.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko\Microsoft.VisualBasic.Forms.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja\PresentationCore.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko\System.Windows.Controls.Ribbon.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es\UIAutomationProvider.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko\System.Windows.Forms.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru\UIAutomationTypes.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\PresentationUI.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\D3DCompiler_47_cor3.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de\PresentationCore.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja\WindowsFormsIntegration.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\Microsoft.Win32.SystemEvents.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it\UIAutomationTypes.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs\UIAutomationClient.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\Microsoft.WindowsDesktop.App.runtimeconfig.json
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de\System.Xaml.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr\System.Windows.Controls.Ribbon.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Resources.Extensions.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\Microsoft.VisualBasic.Forms.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR\UIAutomationProvider.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\PresentationFramework.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko\PresentationCore.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr\WindowsFormsIntegration.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Windows.Forms.Primitives.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru\System.Windows.Forms.Design.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it\UIAutomationClient.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja\System.Windows.Forms.Design.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es\System.Windows.Controls.Ribbon.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja\PresentationFramework.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr\System.Windows.Forms.Primitives.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru\System.Windows.Input.Manipulations.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de\System.Windows.Input.Manipulations.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Diagnostics.EventLog.Messages.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es\Microsoft.VisualBasic.Forms.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\UIAutomationClientSideProviders.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru\UIAutomationClient.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr\Microsoft.VisualBasic.Forms.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans\UIAutomationClient.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es\PresentationCore.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl\System.Windows.Input.Manipulations.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es\UIAutomationTypes.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr\WindowsBase.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\PenImc_cor3.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\PresentationFramework.Luna.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Diagnostics.PerformanceCounter.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\DirectWriteForwarder.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl\PresentationUI.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs\PresentationCore.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\vcruntime140_cor3.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko\UIAutomationClient.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja\System.Windows.Input.Manipulations.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it\System.Windows.Forms.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja\Microsoft.VisualBasic.Forms.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs\System.Windows.Forms.Primitives.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans\System.Windows.Forms.Design.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl\UIAutomationProvider.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko\UIAutomationProvider.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Windows.Extensions.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru\UIAutomationClientSideProviders.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr\PresentationFramework.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it\UIAutomationClientSideProviders.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR\UIAutomationClientSideProviders.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru\ReachFramework.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs\System.Windows.Forms.Design.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Configuration.ConfigurationManager.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de\System.Windows.Forms.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr\PresentationUI.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de\UIAutomationClientSideProviders.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR\ReachFramework.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs\PresentationUI.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant\ReachFramework.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it\PresentationUI.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant\Microsoft.VisualBasic.Forms.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr\WindowsFormsIntegration.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl\PresentationCore.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Security.Cryptography.Xml.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko\System.Windows.Forms.Primitives.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR\System.Xaml.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl\UIAutomationClient.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\PresentationFramework-SystemXmlLinq.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs\WindowsBase.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Xaml.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es\System.Windows.Forms.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Diagnostics.EventLog.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Windows.Presentation.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans\PresentationFramework.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\PresentationCore.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs\UIAutomationProvider.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru\WindowsBase.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR\Microsoft.VisualBasic.Forms.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru\System.Windows.Forms.Primitives.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja\PresentationUI.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans\PresentationUI.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es\System.Xaml.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs\UIAutomationClientSideProviders.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr\UIAutomationTypes.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr\PresentationCore.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Security.Cryptography.Pkcs.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es\WindowsBase.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\PresentationFramework.AeroLite.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans\UIAutomationProvider.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.IO.Packaging.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl\WindowsFormsIntegration.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es\ReachFramework.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr\System.Windows.Input.Manipulations.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de\PresentationFramework.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Design.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it\System.Windows.Forms.Primitives.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja\UIAutomationClient.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de\UIAutomationTypes.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it\System.Windows.Controls.Ribbon.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant\WindowsFormsIntegration.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru\UIAutomationProvider.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR\System.Windows.Forms.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru\WindowsFormsIntegration.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr\System.Windows.Input.Manipulations.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs\System.Windows.Forms.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant\UIAutomationClientSideProviders.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\Microsoft.WindowsDesktop.App.deps.json
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Drawing.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr\System.Windows.Forms.Design.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Drawing.Common.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans\UIAutomationClientSideProviders.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans\PresentationCore.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs\System.Windows.Controls.Ribbon.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru\System.Windows.Controls.Ribbon.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es\System.Windows.Forms.Design.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru\PresentationFramework.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant\UIAutomationClient.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr\UIAutomationProvider.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it\System.Windows.Forms.Design.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR\WindowsBase.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de\System.Windows.Controls.Ribbon.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR\System.Windows.Forms.Primitives.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de\WindowsFormsIntegration.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de\System.Windows.Forms.Primitives.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant\System.Xaml.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja\WindowsBase.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it\PresentationCore.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR\UIAutomationClient.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja\UIAutomationProvider.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Security.Cryptography.ProtectedData.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it\Microsoft.VisualBasic.Forms.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs\Microsoft.VisualBasic.Forms.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant\UIAutomationProvider.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko\UIAutomationTypes.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Windows.Forms.Design.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de\UIAutomationClient.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es\PresentationUI.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr\UIAutomationClientSideProviders.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja\ReachFramework.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans\Microsoft.VisualBasic.Forms.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans\System.Windows.Controls.Ribbon.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant\PresentationFramework.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\PresentationFramework-SystemData.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es\UIAutomationClientSideProviders.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko\WindowsFormsIntegration.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko\ReachFramework.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr\System.Xaml.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko\System.Windows.Forms.Design.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR\UIAutomationTypes.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it\WindowsBase.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.DirectoryServices.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr\Microsoft.VisualBasic.Forms.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\UIAutomationTypes.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Drawing.Design.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de\PresentationUI.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr\WindowsBase.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ReachFramework.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl\System.Windows.Forms.Design.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Printing.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs\WindowsFormsIntegration.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR\PresentationFramework.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.CodeDom.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko\PresentationUI.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl\System.Windows.Forms.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it\WindowsFormsIntegration.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans\ReachFramework.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr\UIAutomationProvider.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr\UIAutomationTypes.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr\System.Windows.Forms.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs\System.Xaml.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru\System.Windows.Forms.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr\PresentationUI.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko\WindowsBase.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans\System.Windows.Forms.Primitives.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de\System.Windows.Forms.Design.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Security.Permissions.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru\PresentationUI.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko\System.Xaml.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es\System.Windows.Forms.Primitives.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\Microsoft.VisualBasic.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de\Microsoft.VisualBasic.Forms.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans\System.Windows.Input.Manipulations.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es\System.Windows.Input.Manipulations.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it\ReachFramework.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de\WindowsBase.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Windows.Controls.Ribbon.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es\UIAutomationClient.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr\ReachFramework.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans\UIAutomationTypes.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans\System.Windows.Forms.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\PresentationFramework.Aero2.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl\System.Xaml.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru\System.Xaml.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl\UIAutomationTypes.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr\PresentationCore.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it\UIAutomationProvider.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de\UIAutomationProvider.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant\System.Windows.Forms.Primitives.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr\System.Windows.Controls.Ribbon.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja\System.Windows.Controls.Ribbon.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR\WindowsFormsIntegration.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\PresentationFramework.Classic.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs\ReachFramework.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr\System.Windows.Forms.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant\System.Windows.Forms.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl\Microsoft.VisualBasic.Forms.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\PresentationFramework-SystemDrawing.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\PresentationFramework-SystemCore.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\PresentationFramework.Aero.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr\System.Windows.Forms.Primitives.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru\PresentationCore.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl\PresentationFramework.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\Accessibility.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant\System.Windows.Forms.Design.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl\System.Windows.Forms.Primitives.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru\Microsoft.VisualBasic.Forms.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es\PresentationFramework.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Windows.Input.Manipulations.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja\System.Xaml.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko\PresentationFramework.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\UIAutomationProvider.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko\UIAutomationClientSideProviders.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Threading.AccessControl.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr\UIAutomationClientSideProviders.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr\System.Xaml.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\wpfgfx_cor3.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko\System.Windows.Input.Manipulations.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans\WindowsFormsIntegration.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs\System.Windows.Input.Manipulations.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it\System.Xaml.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR\PresentationCore.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant\UIAutomationTypes.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant\WindowsBase.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR\System.Windows.Forms.Design.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja\System.Windows.Forms.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\PresentationFramework.Royale.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR\System.Windows.Input.Manipulations.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr\System.Windows.Forms.Design.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl\ReachFramework.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\PresentationNative_cor3.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\WindowsFormsIntegration.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs\PresentationFramework.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es\WindowsFormsIntegration.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr\ReachFramework.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Windows.Forms.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it\PresentationFramework.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de\ReachFramework.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR\System.Windows.Controls.Ribbon.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\UIAutomationClient.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Windows.Forms.Design.Editors.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it\System.Windows.Input.Manipulations.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant\PresentationUI.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja\UIAutomationClientSideProviders.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\Microsoft.Win32.Registry.AccessControl.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs\UIAutomationTypes.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl\WindowsBase.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl\UIAutomationClientSideProviders.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja\UIAutomationTypes.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\WindowsBase.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant\System.Windows.Input.Manipulations.resources.dll
            Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant\PresentationCore.resources.dll
            Source: C:\Windows\System32\msiexec.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9C80213E-9079-4561-8D57-1FDD0D62251F}
            Source: mierda.exeStatic PE information: certificate valid
            Source: mierda.exeStatic file information: File size 58495680 > 1048576
            Source: mierda.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
            Source: mierda.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
            Source: mierda.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
            Source: mierda.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: mierda.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
            Source: mierda.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
            Source: mierda.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
            Source: mierda.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: mierda.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
            Source: mierda.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
            Source: mierda.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
            Source: mierda.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
            Source: mierda.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
            Source: mierda.exeStatic PE information: section name: .wixburn
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it\System.Windows.Input.Manipulations.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es\System.Windows.Forms.Primitives.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Cryptography.Algorithms.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko\System.Xaml.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr\Microsoft.VisualBasic.Forms.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Cryptography.Cng.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr\PresentationCore.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant\System.Windows.Forms.Primitives.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko\WindowsBase.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR\System.Xaml.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it\WindowsBase.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.CompilerServices.Unsafe.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ComponentModel.EventBasedAsync.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.AccessControl.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\PresentationFramework-SystemCore.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\PresentationFramework.AeroLite.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant\System.Windows.Forms.Design.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.Pipes.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Security.Permissions.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Security.Cryptography.Xml.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es\UIAutomationProvider.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\Microsoft.Win32.Registry.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Buffers.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans\UIAutomationClientSideProviders.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru\UIAutomationTypes.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Serialization.Xml.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it\System.Xaml.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR\System.Windows.Input.Manipulations.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.WebSockets.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs\System.Windows.Forms.Primitives.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR\UIAutomationClient.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl\System.Windows.Input.Manipulations.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant\UIAutomationClient.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.Process.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.CompilerServices.VisualC.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru\ReachFramework.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Resources.Extensions.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko\Microsoft.VisualBasic.Forms.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\Microsoft.Win32.SystemEvents.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Diagnostics.EventLog.Messages.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de\System.Xaml.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de\WindowsFormsIntegration.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Collections.Specialized.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Linq.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja\System.Windows.Forms.Design.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.UnmanagedMemoryStream.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Numerics.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de\PresentationCore.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru\System.Windows.Input.Manipulations.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr\System.Windows.Input.Manipulations.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\PresentationFramework.Aero.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs\ReachFramework.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Collections.NonGeneric.dllJump to dropped file
            Source: C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.be\windowsdesktop-runtime-8.0.11-win-x64.exeFile created: C:\ProgramData\Package Cache\{bd40e761-3e88-4202-9b53-26c6bed3d467}\windowsdesktop-runtime-8.0.11-win-x64.exeJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it\UIAutomationClient.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.Pipes.AccessControl.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de\Microsoft.VisualBasic.Forms.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl\System.Windows.Controls.Ribbon.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Linq.Parallel.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.NetworkInformation.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja\System.Windows.Forms.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr\PresentationFramework.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\createdump.exeJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.XDocument.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Cryptography.OpenSsl.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es\System.Windows.Controls.Ribbon.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl\Microsoft.VisualBasic.Forms.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant\PresentationUI.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Windows.Extensions.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\Microsoft.VisualBasic.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl\System.Windows.Forms.Primitives.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.ServicePoint.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es\UIAutomationTypes.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl\UIAutomationClientSideProviders.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr\UIAutomationProvider.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja\Microsoft.VisualBasic.Forms.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.ReaderWriter.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.TraceSource.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Linq.Expressions.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ValueTuple.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\msquic.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\PresentationUI.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr\System.Windows.Forms.Primitives.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\UIAutomationClientSideProviders.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\dotnet.exeJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Core.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Diagnostics.PerformanceCounter.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it\System.Windows.Controls.Ribbon.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko\PresentationCore.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.TextWriterTraceListener.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\PresentationFramework-SystemData.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr\PresentationUI.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko\System.Windows.Controls.Ribbon.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja\UIAutomationProvider.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant\Microsoft.VisualBasic.Forms.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr\UIAutomationClientSideProviders.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.Security.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.Emit.Lightweight.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Printing.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant\UIAutomationTypes.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.Compression.Brotli.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\PresentationFramework-SystemXml.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru\PresentationUI.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.FileSystem.Watcher.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\PenImc_cor3.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.Primitives.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es\Microsoft.VisualBasic.Forms.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Transactions.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Serialization.Primitives.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it\System.Windows.Forms.Primitives.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja\PresentationFramework.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\PresentationFramework-SystemXmlLinq.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.Compression.Native.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Serialization.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR\Microsoft.VisualBasic.Forms.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs\System.Windows.Controls.Ribbon.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es\UIAutomationClientSideProviders.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.XPath.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr\UIAutomationClient.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans\System.Windows.Controls.Ribbon.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans\System.Windows.Forms.Primitives.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.WebClient.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr\System.Windows.Controls.Ribbon.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.ThreadPool.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.Quic.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ComponentModel.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru\WindowsFormsIntegration.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr\ReachFramework.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.Channels.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Windows.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.Sockets.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\UIAutomationTypes.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de\PresentationFramework.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Loader.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it\UIAutomationTypes.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko\ReachFramework.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.XPath.XDocument.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs\UIAutomationClient.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR\PresentationUI.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ReachFramework.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Threading.AccessControl.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans\UIAutomationClient.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.StackTrace.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans\PresentationCore.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\PresentationFramework.Classic.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\PresentationFramework.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es\System.Windows.Forms.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr\UIAutomationTypes.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Drawing.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.FileSystem.AccessControl.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru\System.Windows.Forms.Primitives.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja\UIAutomationClient.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr\UIAutomationClient.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI9B67.tmpJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\D3DCompiler_47_cor3.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\vcruntime140_cor3.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.Primitives.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.Linq.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr\System.Windows.Input.Manipulations.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Resources.Reader.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.Http.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja\System.Windows.Forms.Primitives.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es\PresentationUI.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja\PresentationUI.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Extensions.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR\UIAutomationProvider.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.DispatchProxy.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.InteropServices.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it\ReachFramework.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr\System.Windows.Forms.Primitives.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Text.Encoding.Extensions.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.TypeExtensions.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Data.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR\System.Windows.Controls.Ribbon.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans\ReachFramework.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\Accessibility.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko\System.Windows.Forms.Design.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Globalization.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs\UIAutomationClientSideProviders.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr\WindowsBase.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant\ReachFramework.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.FileSystem.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\PresentationFramework.Luna.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant\PresentationFramework.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de\System.Windows.Controls.Ribbon.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr\ReachFramework.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant\WindowsBase.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko\System.Windows.Forms.Primitives.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es\System.Windows.Input.Manipulations.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr\System.Windows.Controls.Ribbon.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Data.DataSetExtensions.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Serialization.Formatters.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR\PresentationCore.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Windows.Forms.Design.Editors.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Private.CoreLib.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Collections.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko\UIAutomationTypes.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR\PresentationFramework.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Dynamic.Runtime.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr\PresentationUI.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko\System.Windows.Forms.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja\PresentationCore.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\clrjit.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\UIAutomationClient.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de\System.Windows.Forms.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.Compression.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko\PresentationUI.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Security.Cryptography.Pkcs.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs\Microsoft.VisualBasic.Forms.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it\PresentationCore.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\host\fxr\8.0.11\hostfxr.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko\System.Windows.Input.Manipulations.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it\System.Windows.Forms.Design.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant\System.Xaml.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru\Microsoft.VisualBasic.Forms.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de\UIAutomationClient.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.Metadata.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja\ReachFramework.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Windows.Input.Manipulations.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Numerics.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\mscorrc.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans\UIAutomationProvider.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant\System.Windows.Forms.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR\System.Windows.Forms.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.NameResolution.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Design.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ComponentModel.TypeConverter.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\Microsoft.Win32.Registry.AccessControl.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de\System.Windows.Input.Manipulations.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl\UIAutomationClient.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it\PresentationUI.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.CodeDom.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans\PresentationFramework.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de\UIAutomationClientSideProviders.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\WindowsFormsIntegration.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.Emit.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs\System.Windows.Input.Manipulations.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Resources.Writer.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Diagnostics.EventLog.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru\System.Windows.Forms.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de\UIAutomationProvider.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr\Microsoft.VisualBasic.Forms.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko\PresentationFramework.resources.dllJump to dropped file
            Source: C:\Windows\Temp\{93F26B59-68D6-4D87-89B4-59703B612E2C}\.cr\mierda.exeFile created: C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.ba\wixstdba.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru\UIAutomationProvider.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant\PresentationCore.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko\UIAutomationClient.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es\PresentationFramework.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl\PresentationUI.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr\System.Windows.Forms.Design.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it\UIAutomationClientSideProviders.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\Microsoft.DiaSymReader.Native.amd64.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Text.Json.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es\System.Xaml.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de\ReachFramework.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs\System.Windows.Forms.Design.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.SecureString.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Windows.Forms.Design.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru\System.Xaml.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Serialization.Json.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ServiceModel.Web.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Console.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr\WindowsBase.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr\WindowsFormsIntegration.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.XmlSerializer.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans\PresentationUI.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\Microsoft.VisualBasic.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR\System.Windows.Forms.Primitives.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Data.Common.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Configuration.ConfigurationManager.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl\WindowsBase.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Globalization.Extensions.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Principal.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\netstandard.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es\WindowsBase.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Windows.Controls.Ribbon.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr\System.Xaml.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Cryptography.Csp.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.Overlapped.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\PresentationFramework.Royale.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR\UIAutomationClientSideProviders.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es\ReachFramework.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans\System.Windows.Forms.Design.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Windows.Forms.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko\UIAutomationProvider.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ComponentModel.Annotations.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr\System.Xaml.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Collections.Concurrent.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR\UIAutomationTypes.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.AppContext.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.Tools.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\Microsoft.VisualBasic.Forms.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it\WindowsFormsIntegration.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant\UIAutomationProvider.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.Tasks.Dataflow.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans\System.Xaml.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it\Microsoft.VisualBasic.Forms.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Private.Uri.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Cryptography.Encoding.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.Tasks.Parallel.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans\Microsoft.VisualBasic.Forms.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Intrinsics.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.Serialization.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr\System.Windows.Forms.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs\WindowsFormsIntegration.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja\WindowsBase.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs\WindowsBase.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Formats.Tar.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es\WindowsFormsIntegration.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Windows.Presentation.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Drawing.Design.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.WebProxy.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr\UIAutomationProvider.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl\System.Windows.Forms.Design.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it\System.Windows.Forms.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Drawing.Common.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl\WindowsFormsIntegration.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.XmlDocument.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\UIAutomationProvider.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es\UIAutomationClient.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.MemoryMappedFiles.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\DirectWriteForwarder.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl\System.Windows.Forms.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de\System.Windows.Forms.Primitives.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Globalization.Calendars.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko\WindowsFormsIntegration.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru\PresentationCore.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Handles.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.WebHeaderCollection.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de\System.Windows.Forms.Design.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Drawing.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl\PresentationFramework.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr\WindowsFormsIntegration.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\WindowsBase.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ComponentModel.Primitives.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant\System.Windows.Input.Manipulations.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans\WindowsFormsIntegration.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Windows.Forms.Primitives.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru\System.Windows.Controls.Ribbon.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs\PresentationFramework.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Cryptography.X509Certificates.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.DirectoryServices.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr\PresentationFramework.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja\UIAutomationClientSideProviders.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr\System.Windows.Forms.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs\PresentationCore.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.Debug.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Security.Cryptography.ProtectedData.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl\UIAutomationProvider.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr\UIAutomationClientSideProviders.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.InteropServices.RuntimeInformation.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Text.Encoding.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\clrgc.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant\System.Windows.Controls.Ribbon.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Private.Xml.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it\UIAutomationProvider.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it\PresentationFramework.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\WindowsBase.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant\UIAutomationClientSideProviders.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Text.RegularExpressions.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.Tasks.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.Thread.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de\PresentationUI.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Numerics.Vectors.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl\ReachFramework.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\mscordaccore_amd64_amd64_8.0.1124.51707.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\PresentationFramework.Aero2.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ServiceProcess.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant\WindowsFormsIntegration.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\mscordbi.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs\PresentationUI.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR\System.Windows.Forms.Design.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl\UIAutomationTypes.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.IO.Packaging.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Drawing.Primitives.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru\WindowsBase.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl\System.Xaml.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es\System.Windows.Forms.Design.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr\UIAutomationTypes.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\hostpolicy.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl\PresentationCore.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru\PresentationFramework.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ComponentModel.DataAnnotations.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR\ReachFramework.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja\System.Windows.Input.Manipulations.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr\System.Windows.Forms.Design.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Private.DataContractSerialization.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ObjectModel.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de\UIAutomationTypes.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs\UIAutomationTypes.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.Tracing.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\PresentationCore.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.Extensions.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\PresentationNative_cor3.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.Contracts.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru\UIAutomationClientSideProviders.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.Compression.FileSystem.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja\WindowsFormsIntegration.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Linq.Queryable.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es\PresentationCore.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.Emit.ILGeneration.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Cryptography.Primitives.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja\UIAutomationTypes.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de\WindowsBase.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.FileSystem.Primitives.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko\UIAutomationClientSideProviders.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja\System.Xaml.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\wpfgfx_cor3.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Text.Encoding.CodePages.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja\System.Windows.Controls.Ribbon.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans\System.Windows.Forms.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs\System.Windows.Forms.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Principal.Windows.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs\UIAutomationProvider.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr\PresentationCore.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\mscorlib.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs\System.Xaml.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru\UIAutomationClient.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\PresentationFramework-SystemDrawing.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.FileSystem.DriveInfo.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.Http.Json.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans\System.Windows.Input.Manipulations.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Cryptography.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.InteropServices.JavaScript.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru\System.Windows.Forms.Design.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Resources.ResourceManager.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR\WindowsBase.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Formats.Asn1.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans\UIAutomationTypes.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.WebSockets.Client.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Xaml.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR\WindowsFormsIntegration.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans\WindowsBase.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.Requests.dllJump to dropped file
            Source: C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.be\windowsdesktop-runtime-8.0.11-win-x64.exeFile created: C:\ProgramData\Package Cache\{bd40e761-3e88-4202-9b53-26c6bed3d467}\windowsdesktop-runtime-8.0.11-win-x64.exeJump to dropped file
            Source: C:\Windows\Temp\{93F26B59-68D6-4D87-89B4-59703B612E2C}\.cr\mierda.exeFile created: C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.ba\wixstdba.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI9B67.tmpJump to dropped file
            Source: C:\Windows\Temp\{93F26B59-68D6-4D87-89B4-59703B612E2C}\.cr\mierda.exeFile created: C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.ba\eula.rtf
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\LICENSE.txt
            Source: C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.be\windowsdesktop-runtime-8.0.11-win-x64.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce {bd40e761-3e88-4202-9b53-26c6bed3d467}
            Source: C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.be\windowsdesktop-runtime-8.0.11-win-x64.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce {bd40e761-3e88-4202-9b53-26c6bed3d467}
            Source: C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.be\windowsdesktop-runtime-8.0.11-win-x64.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce {bd40e761-3e88-4202-9b53-26c6bed3d467}
            Source: C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.be\windowsdesktop-runtime-8.0.11-win-x64.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce {bd40e761-3e88-4202-9b53-26c6bed3d467}
            Source: C:\Windows\Temp\{93F26B59-68D6-4D87-89B4-59703B612E2C}\.cr\mierda.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Cryptography.Algorithms.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es\System.Windows.Forms.Primitives.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it\System.Windows.Input.Manipulations.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko\System.Xaml.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr\Microsoft.VisualBasic.Forms.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Cryptography.Cng.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr\PresentationCore.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant\System.Windows.Forms.Primitives.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko\WindowsBase.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR\System.Xaml.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it\WindowsBase.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.CompilerServices.Unsafe.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ComponentModel.EventBasedAsync.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.AccessControl.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\PresentationFramework-SystemCore.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\PresentationFramework.AeroLite.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant\System.Windows.Forms.Design.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.Pipes.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Security.Permissions.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Security.Cryptography.Xml.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\Microsoft.Win32.Registry.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es\UIAutomationProvider.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Buffers.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans\UIAutomationClientSideProviders.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru\UIAutomationTypes.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Serialization.Xml.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it\System.Xaml.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR\System.Windows.Input.Manipulations.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.WebSockets.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs\System.Windows.Forms.Primitives.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl\System.Windows.Input.Manipulations.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR\UIAutomationClient.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant\UIAutomationClient.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.Process.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.CompilerServices.VisualC.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru\ReachFramework.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko\Microsoft.VisualBasic.Forms.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Resources.Extensions.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\Microsoft.Win32.SystemEvents.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Diagnostics.EventLog.Messages.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de\System.Xaml.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de\WindowsFormsIntegration.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Collections.Specialized.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Linq.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja\System.Windows.Forms.Design.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.UnmanagedMemoryStream.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Numerics.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de\PresentationCore.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru\System.Windows.Input.Manipulations.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr\System.Windows.Input.Manipulations.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\PresentationFramework.Aero.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs\ReachFramework.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Collections.NonGeneric.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it\UIAutomationClient.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.Pipes.AccessControl.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de\Microsoft.VisualBasic.Forms.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl\System.Windows.Controls.Ribbon.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Linq.Parallel.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.NetworkInformation.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja\System.Windows.Forms.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr\PresentationFramework.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\createdump.exeJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.XDocument.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Cryptography.OpenSsl.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es\System.Windows.Controls.Ribbon.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl\Microsoft.VisualBasic.Forms.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant\PresentationUI.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Windows.Extensions.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\Microsoft.VisualBasic.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.ServicePoint.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl\System.Windows.Forms.Primitives.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es\UIAutomationTypes.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl\UIAutomationClientSideProviders.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr\UIAutomationProvider.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja\Microsoft.VisualBasic.Forms.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.ReaderWriter.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Linq.Expressions.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.TraceSource.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ValueTuple.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\msquic.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\PresentationUI.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr\System.Windows.Forms.Primitives.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\UIAutomationClientSideProviders.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\dotnet.exeJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Core.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Diagnostics.PerformanceCounter.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it\System.Windows.Controls.Ribbon.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko\PresentationCore.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.TextWriterTraceListener.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\PresentationFramework-SystemData.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr\PresentationUI.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko\System.Windows.Controls.Ribbon.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja\UIAutomationProvider.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant\Microsoft.VisualBasic.Forms.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr\UIAutomationClientSideProviders.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.Emit.Lightweight.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.Security.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Printing.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant\UIAutomationTypes.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.Compression.Brotli.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\PresentationFramework-SystemXml.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru\PresentationUI.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.FileSystem.Watcher.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\PenImc_cor3.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.Primitives.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es\Microsoft.VisualBasic.Forms.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Transactions.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Serialization.Primitives.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it\System.Windows.Forms.Primitives.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja\PresentationFramework.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\PresentationFramework-SystemXmlLinq.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.Compression.Native.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Serialization.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR\Microsoft.VisualBasic.Forms.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs\System.Windows.Controls.Ribbon.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es\UIAutomationClientSideProviders.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.XPath.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr\UIAutomationClient.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans\System.Windows.Controls.Ribbon.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans\System.Windows.Forms.Primitives.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.WebClient.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr\System.Windows.Controls.Ribbon.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.ThreadPool.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.Quic.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ComponentModel.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru\WindowsFormsIntegration.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr\ReachFramework.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.Channels.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Windows.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.Sockets.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\UIAutomationTypes.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Loader.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de\PresentationFramework.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it\UIAutomationTypes.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.XPath.XDocument.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko\ReachFramework.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs\UIAutomationClient.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR\PresentationUI.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ReachFramework.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Threading.AccessControl.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.StackTrace.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans\UIAutomationClient.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans\PresentationCore.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\PresentationFramework.Classic.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\PresentationFramework.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es\System.Windows.Forms.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr\UIAutomationTypes.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Drawing.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.FileSystem.AccessControl.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru\System.Windows.Forms.Primitives.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja\UIAutomationClient.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr\UIAutomationClient.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI9B67.tmpJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\D3DCompiler_47_cor3.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\vcruntime140_cor3.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.Primitives.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.Linq.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr\System.Windows.Input.Manipulations.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Resources.Reader.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.Http.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja\System.Windows.Forms.Primitives.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es\PresentationUI.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja\PresentationUI.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Extensions.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.DispatchProxy.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR\UIAutomationProvider.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.InteropServices.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it\ReachFramework.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr\System.Windows.Forms.Primitives.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Text.Encoding.Extensions.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.TypeExtensions.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Data.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR\System.Windows.Controls.Ribbon.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans\ReachFramework.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\Accessibility.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko\System.Windows.Forms.Design.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs\UIAutomationClientSideProviders.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Globalization.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr\WindowsBase.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant\ReachFramework.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.FileSystem.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\PresentationFramework.Luna.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant\PresentationFramework.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de\System.Windows.Controls.Ribbon.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr\ReachFramework.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant\WindowsBase.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko\System.Windows.Forms.Primitives.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es\System.Windows.Input.Manipulations.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr\System.Windows.Controls.Ribbon.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Data.DataSetExtensions.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Serialization.Formatters.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Windows.Forms.Design.Editors.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR\PresentationCore.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Private.CoreLib.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Collections.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko\UIAutomationTypes.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR\PresentationFramework.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Dynamic.Runtime.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr\PresentationUI.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko\System.Windows.Forms.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja\PresentationCore.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\clrjit.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de\System.Windows.Forms.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\UIAutomationClient.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.Compression.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko\PresentationUI.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Security.Cryptography.Pkcs.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs\Microsoft.VisualBasic.Forms.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it\PresentationCore.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\host\fxr\8.0.11\hostfxr.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko\System.Windows.Input.Manipulations.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant\System.Xaml.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it\System.Windows.Forms.Design.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru\Microsoft.VisualBasic.Forms.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de\UIAutomationClient.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.Metadata.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja\ReachFramework.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Windows.Input.Manipulations.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\mscorrc.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Numerics.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans\UIAutomationProvider.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant\System.Windows.Forms.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR\System.Windows.Forms.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.NameResolution.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Design.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ComponentModel.TypeConverter.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl\UIAutomationClient.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de\System.Windows.Input.Manipulations.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\Microsoft.Win32.Registry.AccessControl.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it\PresentationUI.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans\PresentationFramework.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.CodeDom.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de\UIAutomationClientSideProviders.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\WindowsFormsIntegration.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.Emit.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Resources.Writer.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Diagnostics.EventLog.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs\System.Windows.Input.Manipulations.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de\UIAutomationProvider.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru\System.Windows.Forms.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr\Microsoft.VisualBasic.Forms.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko\PresentationFramework.resources.dllJump to dropped file
            Source: C:\Windows\Temp\{93F26B59-68D6-4D87-89B4-59703B612E2C}\.cr\mierda.exeDropped PE file which has not been started: C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.ba\wixstdba.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru\UIAutomationProvider.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko\UIAutomationClient.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant\PresentationCore.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es\PresentationFramework.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl\PresentationUI.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\Microsoft.DiaSymReader.Native.amd64.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr\System.Windows.Forms.Design.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it\UIAutomationClientSideProviders.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es\System.Xaml.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Text.Json.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de\ReachFramework.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs\System.Windows.Forms.Design.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.SecureString.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Windows.Forms.Design.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru\System.Xaml.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Serialization.Json.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ServiceModel.Web.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Console.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr\WindowsFormsIntegration.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr\WindowsBase.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.XmlSerializer.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans\PresentationUI.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\Microsoft.VisualBasic.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Data.Common.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Configuration.ConfigurationManager.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR\System.Windows.Forms.Primitives.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Globalization.Extensions.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl\WindowsBase.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Principal.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\netstandard.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es\WindowsBase.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Windows.Controls.Ribbon.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr\System.Xaml.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Cryptography.Csp.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.Overlapped.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\PresentationFramework.Royale.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR\UIAutomationClientSideProviders.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans\System.Windows.Forms.Design.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es\ReachFramework.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Windows.Forms.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko\UIAutomationProvider.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ComponentModel.Annotations.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr\System.Xaml.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Collections.Concurrent.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR\UIAutomationTypes.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.Tools.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.AppContext.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\Microsoft.VisualBasic.Forms.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it\WindowsFormsIntegration.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant\UIAutomationProvider.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.Tasks.Dataflow.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans\System.Xaml.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Private.Uri.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it\Microsoft.VisualBasic.Forms.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Cryptography.Encoding.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.Tasks.Parallel.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans\Microsoft.VisualBasic.Forms.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Intrinsics.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.Serialization.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr\System.Windows.Forms.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs\WindowsFormsIntegration.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja\WindowsBase.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs\WindowsBase.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Formats.Tar.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es\WindowsFormsIntegration.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Windows.Presentation.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Drawing.Design.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.WebProxy.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr\UIAutomationProvider.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl\System.Windows.Forms.Design.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it\System.Windows.Forms.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Drawing.Common.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.XmlDocument.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl\WindowsFormsIntegration.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\UIAutomationProvider.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es\UIAutomationClient.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.MemoryMappedFiles.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\DirectWriteForwarder.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl\System.Windows.Forms.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de\System.Windows.Forms.Primitives.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Globalization.Calendars.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko\WindowsFormsIntegration.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru\PresentationCore.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Handles.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.WebHeaderCollection.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de\System.Windows.Forms.Design.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Drawing.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl\PresentationFramework.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr\WindowsFormsIntegration.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\WindowsBase.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ComponentModel.Primitives.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant\System.Windows.Input.Manipulations.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans\WindowsFormsIntegration.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Windows.Forms.Primitives.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru\System.Windows.Controls.Ribbon.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs\PresentationFramework.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Cryptography.X509Certificates.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.DirectoryServices.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr\PresentationFramework.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja\UIAutomationClientSideProviders.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr\System.Windows.Forms.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.Debug.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs\PresentationCore.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Security.Cryptography.ProtectedData.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl\UIAutomationProvider.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr\UIAutomationClientSideProviders.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.InteropServices.RuntimeInformation.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Text.Encoding.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\clrgc.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Private.Xml.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant\System.Windows.Controls.Ribbon.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it\UIAutomationProvider.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it\PresentationFramework.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\WindowsBase.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant\UIAutomationClientSideProviders.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Text.RegularExpressions.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.Tasks.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.Thread.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Numerics.Vectors.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de\PresentationUI.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl\ReachFramework.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\mscordaccore_amd64_amd64_8.0.1124.51707.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\PresentationFramework.Aero2.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ServiceProcess.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant\WindowsFormsIntegration.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\mscordbi.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs\PresentationUI.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR\System.Windows.Forms.Design.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl\UIAutomationTypes.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.IO.Packaging.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Drawing.Primitives.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru\WindowsBase.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl\System.Xaml.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es\System.Windows.Forms.Design.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr\UIAutomationTypes.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\hostpolicy.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl\PresentationCore.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ComponentModel.DataAnnotations.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru\PresentationFramework.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR\ReachFramework.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja\System.Windows.Input.Manipulations.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr\System.Windows.Forms.Design.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Private.DataContractSerialization.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ObjectModel.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de\UIAutomationTypes.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs\UIAutomationTypes.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.Tracing.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\PresentationCore.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.Extensions.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\PresentationNative_cor3.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.Contracts.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru\UIAutomationClientSideProviders.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.Compression.FileSystem.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja\WindowsFormsIntegration.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Linq.Queryable.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es\PresentationCore.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.Emit.ILGeneration.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Cryptography.Primitives.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja\UIAutomationTypes.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de\WindowsBase.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.FileSystem.Primitives.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko\UIAutomationClientSideProviders.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja\System.Xaml.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\wpfgfx_cor3.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Text.Encoding.CodePages.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja\System.Windows.Controls.Ribbon.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans\System.Windows.Forms.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Principal.Windows.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs\System.Windows.Forms.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs\UIAutomationProvider.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr\PresentationCore.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\mscorlib.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs\System.Xaml.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru\UIAutomationClient.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\PresentationFramework-SystemDrawing.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.FileSystem.DriveInfo.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.Http.Json.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.InteropServices.JavaScript.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans\System.Windows.Input.Manipulations.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Cryptography.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru\System.Windows.Forms.Design.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Resources.ResourceManager.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Formats.Asn1.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR\WindowsBase.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans\UIAutomationTypes.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.WebSockets.Client.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Xaml.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans\WindowsBase.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR\WindowsFormsIntegration.resources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.Requests.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
            Source: C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.be\windowsdesktop-runtime-8.0.11-win-x64.exeFile opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\NULL
            Source: C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.be\windowsdesktop-runtime-8.0.11-win-x64.exeFile opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\packages
            Source: C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.be\windowsdesktop-runtime-8.0.11-win-x64.exeFile opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\packages\vcRuntimeAdditional_amd64
            Source: C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.be\windowsdesktop-runtime-8.0.11-win-x64.exeFile opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532
            Source: C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.be\windowsdesktop-runtime-8.0.11-win-x64.exeFile opened: C:\ProgramData\Package Cache\NULL
            Source: C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.be\windowsdesktop-runtime-8.0.11-win-x64.exeFile opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\packages\NULL
            Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformation
            Source: C:\Users\user\Desktop\mierda.exeProcess created: C:\Windows\Temp\{93F26B59-68D6-4D87-89B4-59703B612E2C}\.cr\mierda.exe "C:\Windows\Temp\{93F26B59-68D6-4D87-89B4-59703B612E2C}\.cr\mierda.exe" -burn.clean.room="C:\Users\user\Desktop\mierda.exe" -burn.filehandle.attached=652 -burn.filehandle.self=680
            Source: C:\Windows\Temp\{93F26B59-68D6-4D87-89B4-59703B612E2C}\.cr\mierda.exeProcess created: C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.be\windowsdesktop-runtime-8.0.11-win-x64.exe "C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.be\windowsdesktop-runtime-8.0.11-win-x64.exe" -q -burn.elevated BurnPipe.{979512AC-5C49-46FA-B7F8-BD06647A3506} {699829B7-132E-4162-8BDB-33DF84CF8FAD} 6468
            Source: C:\Windows\Temp\{93F26B59-68D6-4D87-89B4-59703B612E2C}\.cr\mierda.exeQueries volume information: C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.ba\bg.png VolumeInformation
            Source: C:\Windows\Temp\{93F26B59-68D6-4D87-89B4-59703B612E2C}\.cr\mierda.exeQueries volume information: C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.ba\bg.png VolumeInformation
            Source: C:\Windows\Temp\{93F26B59-68D6-4D87-89B4-59703B612E2C}\.cr\mierda.exeQueries volume information: C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.ba\bg.png VolumeInformation
            Source: C:\Windows\Temp\{93F26B59-68D6-4D87-89B4-59703B612E2C}\.cr\mierda.exeQueries volume information: C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.ba\bg.png VolumeInformation
            Source: C:\Windows\Temp\{93F26B59-68D6-4D87-89B4-59703B612E2C}\.cr\mierda.exeQueries volume information: C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.ba\bg.png VolumeInformation
            Source: C:\Windows\Temp\{93F26B59-68D6-4D87-89B4-59703B612E2C}\.cr\mierda.exeQueries volume information: C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.ba\bg.png VolumeInformation
            Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformation
            Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformation
            Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformation
            Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformation
            Source: C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.be\windowsdesktop-runtime-8.0.11-win-x64.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire Infrastructure1
            Replication Through Removable Media            		Windows Management Instrumentation1
            Windows Service            		1
            Windows Service            		22
            Masquerading            		OS Credential Dumping1
            Process Discovery            		Remote ServicesData from Local SystemData ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/Job1
            DLL Side-Loading            		11
            Process Injection            		11
            Process Injection            		LSASS Memory11
            Peripheral Device Discovery            		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAt1
            Registry Run Keys / Startup Folder            		1
            DLL Side-Loading            		1
            DLL Side-Loading            		Security Account Manager2
            File and Directory Discovery            		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
            Registry Run Keys / Startup Folder            		1
            File Deletion            		NTDS13
            System Information Discovery            		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction

            Screenshots

            Download Video

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            mierda.exe0%ReversingLabs

            Dropped Files

            SourceDetectionScannerLabelLink
            C:\ProgramData\Package Cache\{bd40e761-3e88-4202-9b53-26c6bed3d467}\windowsdesktop-runtime-8.0.11-win-x64.exe0%ReversingLabs
            C:\Windows\Installer\MSI9B67.tmp0%ReversingLabs
            C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.ba\wixstdba.dll0%ReversingLabs
            C:\Program Files\dotnet\dotnet.exe0%ReversingLabs
            C:\Program Files\dotnet\host\fxr\8.0.11\hostfxr.dll0%ReversingLabs
            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\Microsoft.DiaSymReader.Native.amd64.dll0%ReversingLabs
            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\Microsoft.VisualBasic.dll0%ReversingLabs
            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\Microsoft.Win32.Registry.dll0%ReversingLabs
            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.AppContext.dll0%ReversingLabs
            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Buffers.dll0%ReversingLabs
            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Collections.Concurrent.dll0%ReversingLabs
            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Collections.NonGeneric.dll0%ReversingLabs
            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Collections.Specialized.dll0%ReversingLabs
            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Collections.dll0%ReversingLabs
            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ComponentModel.Annotations.dll0%ReversingLabs
            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ComponentModel.DataAnnotations.dll0%ReversingLabs
            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ComponentModel.EventBasedAsync.dll0%ReversingLabs
            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ComponentModel.Primitives.dll0%ReversingLabs
            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ComponentModel.TypeConverter.dll0%ReversingLabs
            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ComponentModel.dll0%ReversingLabs
            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Console.dll0%ReversingLabs
            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Core.dll0%ReversingLabs
            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Data.Common.dll0%ReversingLabs
            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Data.DataSetExtensions.dll0%ReversingLabs
            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Data.dll0%ReversingLabs
            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.Contracts.dll0%ReversingLabs
            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.Debug.dll0%ReversingLabs
            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.Process.dll0%ReversingLabs
            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.StackTrace.dll0%ReversingLabs
            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.TextWriterTraceListener.dll0%ReversingLabs
            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.Tools.dll0%ReversingLabs
            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.TraceSource.dll0%ReversingLabs
            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.Tracing.dll0%ReversingLabs
            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Drawing.Primitives.dll0%ReversingLabs
            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Drawing.dll0%ReversingLabs
            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Dynamic.Runtime.dll0%ReversingLabs
            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Formats.Asn1.dll0%ReversingLabs
            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Formats.Tar.dll0%ReversingLabs
            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Globalization.Calendars.dll0%ReversingLabs
            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Globalization.Extensions.dll0%ReversingLabs
            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Globalization.dll0%ReversingLabs
            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.Compression.Brotli.dll0%ReversingLabs
            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.Compression.FileSystem.dll0%ReversingLabs
            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.Compression.Native.dll0%ReversingLabs
            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.Compression.dll0%ReversingLabs
            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.FileSystem.AccessControl.dll0%ReversingLabs

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            No Antivirus matches

            Domains and IPs

            Contacted Domains

            No contacted domains info

            World Map of Contacted IPs

            No contacted IP infos

            General Information

            Joe Sandbox version:41.0.0 Charoite
            Analysis ID:1573058
            Start date and time:2024-12-11 13:35:21 +01:00
            Joe Sandbox product:CloudBasic
            Overall analysis duration:
            Hypervisor based Inspection enabled:false
            Report type:full
            Cookbook file name:defaultwindowsinteractivecookbook.jbs
            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
            Number of analysed new started processes analysed:16
            Number of new started drivers analysed:0
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:0
            Technologies:
            • EGA enabled
            Analysis Mode:stream
            Analysis stop reason:Timeout
            Sample name:mierda.exe
            Detection:SUS
            Classification:sus25.troj.winEXE@14/504@0/0
            Cookbook Comments:
            • Found application associated with file extension: .exe
            • Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe, SgrmBroker.exe, svchost.exe
            • Excluded IPs from analysis (whitelisted): 172.202.163.200
            • Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, sls.update.microsoft.com, glb.sls.prod.dcat.dsp.trafficmanager.net
            • Report size getting too big, too many NtOpenKeyEx calls found.
            • Report size getting too big, too many NtQueryValueKey calls found.
            • Report size getting too big, too many NtSetInformationFile calls found.
            • Report size getting too big, too many NtSetValueKey calls found.
            • VT rate limit hit for: mierda.exe

            Created / dropped Files

            C:\Config.Msi\5596c6.rbs

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:data
            Category:dropped
            Size (bytes):49141
            Entropy (8bit):5.877081408937675
            Encrypted:false
            SSDEEP:
            MD5:C8FC355D651FBE35E7C0F53B7AAE6F6A
            SHA1:ACA221C064490F859F990AE8C623A0F60DA493FF
            SHA-256:239B51C5D0CF6391459A735BD6636982FCA70BE74803A1FE8114E0164DB95F43
            SHA-512:6B4C619CE5AFE962A722CE9F300D108A148F6F5D2F9A1A7266522878E5977E3E2B84EE7F1B33F2EB648A33B78F5C847E5EF88C785EE44C8D1293712FB5AC62A2
            Malicious:false
            Reputation:unknown
            Preview:...@IXOS.@.....@.<.Y.@.....@.....@.....@.....@.....@......&.{9C80213E-9079-4561-8D57-1FDD0D62251F}%.Microsoft .NET Runtime - 8.0.11 (x64)!.dotnet-runtime-8.0.11-win-x64.msi.@.....@.Z,@.@.....@........&.{D9788553-CDFF-4792-87FA-89ADA20ADBA7}.....@.....@.....@.....@.......@.....@.....@.......@....%.Microsoft .NET Runtime - 8.0.11 (x64)......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{F81D99A3-0880-5654-AED5-B1AA39FA6285}&.{9C80213E-9079-4561-8D57-1FDD0D62251F}.@......&.{E6B3315F-85DE-56F4-AA3E-2A4820293382}&.{9C80213E-9079-4561-8D57-1FDD0D62251F}.@......&.{115BDECA-5A1C-5E3D-8EC7-4C45804415E5}&.{9C80213E-9079-4561-8D57-1FDD0D62251F}.@......&.{605499FF-1868-5A10-9952-9F413E0E17EA}&.{9C80213E-9079-4561-8D57-1FDD0D62251F}.@......&.{2869C3B1-74C6-50FA-8ED4-D408ADA4C59E}&.{9C80213E-9079-4561-8D57-1FDD0D62251F}.@......&.{EC639FA4-5778-5619-B7EC-C5FA45025FC1}&.{9C80213E-9079-4561-8D57-1FDD0D6225

            C:\Config.Msi\5596ca.rbs

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:data
            Category:dropped
            Size (bytes):9055
            Entropy (8bit):5.580943907046922
            Encrypted:false
            SSDEEP:
            MD5:69A0397196C26E2314E8DAAC94500D23
            SHA1:6A7A2EC252F464137855D69EB557A1B9DE4A60A1
            SHA-256:62ABC217586E7F61FC0BC0B50389228703CF2777547388BE54E466278519E278
            SHA-512:960712360D52EB5485F72D5AB83B7E90C6A305624AFD9E791EC62B8D0F14716D470AB6470A89C691E9BFF23786DC3C1AC85E13823841FE81B2A12C62FA6F9A34
            Malicious:false
            Reputation:unknown
            Preview:...@IXOS.@.....@.<.Y.@.....@.....@.....@.....@.....@......&.{F59C11F0-D73F-452B-8D1D-8C33B82D8507}..Microsoft .NET Host FX Resolver - 8.0.11 (x64)!.dotnet-hostfxr-8.0.11-win-x64.msi.@.....@.Z,@.@.....@........&.{EBC96263-55B4-4BCE-B9C8-B460A20F0BE4}.....@.....@.....@.....@.......@.....@.....@.......@......Microsoft .NET Host FX Resolver - 8.0.11 (x64)......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{4FD6DFC4-5859-531B-9E4A-DE2781CCA754}&.{F59C11F0-D73F-452B-8D1D-8C33B82D8507}.@......&.{88F54D57-4C26-5E97-B6AB-FB77E26C265C}&.{F59C11F0-D73F-452B-8D1D-8C33B82D8507}.@......&.{8EC524B8-7864-5ACE-B320-2D36216EBC12}&.{F59C11F0-D73F-452B-8D1D-8C33B82D8507}.@........InstallFiles..Copying new files&.File: [1], Directory: [9], Size: [6]..(.C:\Program Files\dotnet\host\fxr\8.0.11\....3.C:\Program Files\dotnet\host\fxr\8.0.11\hostfxr.dll....WriteRegistryValues..Writing system registry values..Key:

            C:\Config.Msi\5596ce.rbs

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:data
            Category:dropped
            Size (bytes):10267
            Entropy (8bit):5.640645559408337
            Encrypted:false
            SSDEEP:
            MD5:5FACBB41A588CC206BA54C651D72B7D8
            SHA1:8DE0BA241FF95F95A4F6B5897FA5149D50B6801C
            SHA-256:B7FD55CE4F65CE09388522A2C07A252B5A094DCEAE6927BAEF58A6C2950102A4
            SHA-512:8997EA3410686240D5CE3F6A978930835103FD1D465DE8958CB538E140A7637DAC2C6A15144DC714590C1467887F43BE1C639965ADD0CB0ACA2884B88020E538
            Malicious:false
            Reputation:unknown
            Preview:...@IXOS.@.....@.<.Y.@.....@.....@.....@.....@.....@......&.{362B4D0D-8438-44DA-86B2-FEC44E000FCA}".Microsoft .NET Host - 8.0.11 (x64)..dotnet-host-8.0.11-win-x64.msi.@.....@.Z,@.@.....@........&.{821DC2A6-AEB1-4796-80C6-7F7EC027B94F}.....@.....@.....@.....@.......@.....@.....@.......@....".Microsoft .NET Host - 8.0.11 (x64)......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{7ECCA0D4-8C88-50DD-A538-CDC29B9350D1}&.{362B4D0D-8438-44DA-86B2-FEC44E000FCA}.@......&.{45399BBB-DDA5-4386-A2E9-618FB3C54A18}&.{362B4D0D-8438-44DA-86B2-FEC44E000FCA}.@......&.{EA9C3F98-F9B1-5212-8980-CFEAF2B15E0D}&.{362B4D0D-8438-44DA-86B2-FEC44E000FCA}.@......&.{E4E008C8-57A8-5040-BB34-03024B15B6C5}&.{362B4D0D-8438-44DA-86B2-FEC44E000FCA}.@......&.{CE35924C-AD31-51DF-B84A-A8052ED08400}&.{362B4D0D-8438-44DA-86B2-FEC44E000FCA}.@......&.{A61CBE5B-1282-4F29-90AD-63597AA2372E}&.{362B4D0D-8438-44DA-86B2-FEC44E000FCA}.@....

            C:\Config.Msi\5596d2.rbs

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:data
            Category:dropped
            Size (bytes):89739
            Entropy (8bit):5.748379694773214
            Encrypted:false
            SSDEEP:
            MD5:6CDDEEFAE2B3CEC233539C129045088E
            SHA1:ABFC5629C112174AC64A158582E05264973976D6
            SHA-256:6B7280A9BF79221551A7CC6F19F7B21F1500B5EC1A1D512A5DD613F62F6CEB2A
            SHA-512:58EF6F9FEBCE0A8A0C2147FB69EB693CB65CF9F82C8958C3A6417290338C46EEC136A6DF3BD9E1FB2BC2A8ECFAB3831DEF0638EEDF204C327EB95EE8724AD014
            Malicious:false
            Reputation:unknown
            Preview:...@IXOS.@.....@.<.Y.@.....@.....@.....@.....@.....@......&.{C0790AA0-0F40-4836-85B2-677B87625E63}0.Microsoft Windows Desktop Runtime - 8.0.11 (x64)).windowsdesktop-runtime-8.0.11-win-x64.msi.@.....@.Z,@.@.....@........&.{51C0D04F-9A7A-4CAC-B790-6E8C4887FA33}.....@.....@.....@.....@.......@.....@.....@.......@....0.Microsoft Windows Desktop Runtime - 8.0.11 (x64)......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{4213F37B-7D6F-5A55-BF9B-BDF2827B9691}&.{C0790AA0-0F40-4836-85B2-677B87625E63}.@......&.{04220165-4406-550C-A381-981D09686CAC}&.{C0790AA0-0F40-4836-85B2-677B87625E63}.@......&.{19D9349A-B353-5593-A8FE-2CBCBECDB149}&.{C0790AA0-0F40-4836-85B2-677B87625E63}.@......&.{0803BEB9-AD3E-5364-ADF2-2DD58323E320}&.{C0790AA0-0F40-4836-85B2-677B87625E63}.@......&.{B6176A62-16B6-52F0-9D91-22842D81DF7A}&.{C0790AA0-0F40-4836-85B2-677B87625E63}.@......&.{B705D649-4B92-5254-AE02-1C51C9417E42}&.{C079

            C:\Program Files\dotnet\LICENSE.txt

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:Unicode text, UTF-8 text, with very long lines (514), with CRLF line terminators
            Category:dropped
            Size (bytes):9519
            Entropy (8bit):4.902271147017698
            Encrypted:false
            SSDEEP:
            MD5:31C5A77B3C57C8C2E82B9541B00BCD5A
            SHA1:153D4BC14E3A2C1485006F1752E797CA8684D06D
            SHA-256:7F6839A61CE892B79C6549E2DC5A81FDBD240A0B260F8881216B45B7FDA8B45D
            SHA-512:AD33E3C0C3B060AD44C5B1B712C991B2D7042F6A60DC691C014D977C922A7E3A783BA9BADE1A34DE853C271FDE1FB75BC2C47869ACD863A40BE3A6C6D754C0A6
            Malicious:false
            Reputation:unknown
            Preview:MICROSOFT SOFTWARE LICENSE TERMS..MICROSOFT .NET LIBRARY ..These license terms are an agreement between Microsoft Corporation (or based on where you live, one of its affiliates) and you. Please read them. They apply to the software named above, which includes the media on which you received it, if any. The terms also apply to any Microsoft.. * updates,.. * supplements,.. * Internet-based services, and.. * support services..for this software, unless other terms accompany those items. If so, those terms apply...BY USING THE SOFTWARE, YOU ACCEPT THESE TERMS. IF YOU DO NOT ACCEPT THEM, DO NOT USE THE SOFTWARE...IF YOU COMPLY WITH THESE LICENSE TERMS, YOU HAVE THE PERPETUAL RIGHTS BELOW...1. INSTALLATION AND USE RIGHTS. .. a. Installation and Use. You may install and use any number of copies of the software to design, develop and test your programs... b. Third Party Programs. The software may include third party programs that Microsoft, not the third party, licenses to you under this

            C:\Program Files\dotnet\ThirdPartyNotices.txt

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:Unicode text, UTF-8 text, with very long lines (755), with CRLF line terminators
            Category:dropped
            Size (bytes):96177
            Entropy (8bit):5.252050138452329
            Encrypted:false
            SSDEEP:
            MD5:90630D9EE3E0A5672166A45E00F79A5F
            SHA1:D1148F8C7558E9B8A81BF1F50F9E3BED89D9928C
            SHA-256:1271701F435F7FE4AA81DC7E273CA80B6391B73580EE20B35A956052C95DE4CF
            SHA-512:29E10BD57D1C580ECE70B9B7C4A69DC036A5A64012EB89BA360A71BE6B808150610EA0737351277A3D4235C02323FABEF29F092FA6B2A40F0289F55A7973E93D
            Malicious:false
            Reputation:unknown
            Preview:.NET Runtime uses third-party libraries or other resources that may be..distributed under licenses different than the .NET Runtime software.....In the event that we accidentally failed to list a required notice, please..bring it to our attention. Post an issue or email us:.... dotnet@microsoft.com....The attached notices are provided for information only.....License notice for ASP.NET..-------------------------------....Copyright (c) .NET Foundation. All rights reserved...Licensed under the Apache License, Version 2.0.....Available at..https://github.com/dotnet/aspnetcore/blob/main/LICENSE.txt....License notice for Slicing-by-8..-------------------------------....http://sourceforge.net/projects/slicing-by-8/....Copyright (c) 2004-2006 Intel Corporation - All Rights Reserved......This software program is licensed subject to the BSD License, available at..http://www.opensource.org/licenses/bsd-license.html.....License notice for Unicode data..-------------------------------...

            C:\Program Files\dotnet\dotnet.exe

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (console) x86-64, for MS Windows
            Category:dropped
            Size (bytes):146744
            Entropy (8bit):5.79986521836759
            Encrypted:false
            SSDEEP:
            MD5:71026B098F8FB39C88B003DF746D9FA0
            SHA1:013CA259F551AD6F33DB53FFF0E121E74408E20E
            SHA-256:11058E8C2CD05F30DCF1775644BF19D2913C9A6D674C12F91D1896D95D9CC5C2
            SHA-512:9830BE3444225A4B2F9FA4AEDBC8AF4F45FDB2548F0B6A2EBA2A2A407EA3C7D8FD78C0E37FAC66CAFBDFAD781AE78B076D225FD5C836A451F57A54053CCEF9AD
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......P.....k...k...k..>h...k..>o...k..>n.,.k.......k.d<j...k...j...k..9b...k..9....k.......k..9i...k.Rich..k.................PE..d...,a.g.........."....(.....B.................@.............................P.......U....`.................................................$I.......... ....p..........8)...@..L... )..T....................+..(....'..@............................................text...K........................... ..`.rdata..Nd.......f..................@..@.data........`.......B..............@....pdata.......p.......F..............@..@.rsrc... ............R..............@..@.reloc..L....@......................@..B........................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\host\fxr\8.0.11\hostfxr.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
            Category:dropped
            Size (bytes):350496
            Entropy (8bit):6.298534795731922
            Encrypted:false
            SSDEEP:
            MD5:00F6FC45937B885439CC6C1A34DC96C1
            SHA1:5DF3EFD8A49B91E5AF676D35C02E75A640F4755F
            SHA-256:130A3656B07A317F859D542C0F11339F3D0BA4198169853781A3FC04ED64C907
            SHA-512:75F088C244271142C58A7CA8F42EE68B910332AC2A23C44F7E6F6C38FF2334F96B8F28EF312A79461F5C631B07110403523B67245BE8D3C7B6D0368913438085
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......p..74i.d4i.d4i.d...e>i.d...e>i.d...egi.d=.td&i.dD..e1i.d4i.d.i.d'..e/i.d'..e5i.d'..d5i.d'..e5i.dRich4i.d........PE..d...+a.g.........." ...(.............8.......................................p............`A................................................L........P....... ...+...0.. )...`.......{..p....................}..(....y..@...............`............................text............................... ..`.rdata...L.......N..................@..@.data...H...........................@....pdata...+... ...,..................@..@.rsrc........P.......$..............@..@.reloc.......`.......*..............@..B................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\.version

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):50
            Entropy (8bit):4.0704355005135815
            Encrypted:false
            SSDEEP:
            MD5:4D9989D0E3454FEDFE945413784ED69F
            SHA1:8FCB584624E6CAF18B7687715BC36C7680453FA0
            SHA-256:439EAC83A94CC3C6B5A272A627396E879C7C449032B983A66EB904541A0C4F22
            SHA-512:38127E4F8C161F3C5ADA1800012F2D492753599AF40AA9E05563FF5DECAE54034D9EE7A334C219F704683E120593077D5DA510A9B3A0151A8246875B9A9876DD
            Malicious:false
            Reputation:unknown
            Preview:9cb3b725e3ad2b57ddc9fb2dd48d2d170563a8f5..8.0.11..

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\Microsoft.DiaSymReader.Native.amd64.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
            Category:dropped
            Size (bytes):2309152
            Entropy (8bit):6.414576855139372
            Encrypted:false
            SSDEEP:
            MD5:A71CD05C01F0FC603C0BD782516F806D
            SHA1:C15E261D5E7318875D324D28AB70A883CD434C81
            SHA-256:7F8DCF37D9D66EAE14C48A79FA2FCD447BD0F38A21BE0203A9C4A89398AACF28
            SHA-512:CE53F6DC1F02889ED6FB1F8DF226F9BADBB039F79505CDBD599A00A32B6617DA5E19F2AD7F76BB8134B3CCAD39FAB2209ED8EC6AE42CD30402C4E450FC19FA88
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Wq0...^...^...^.Xh]...^.Xh[..^.XhZ...^..]...^..Z.'.^.Xh_...^..._...^..[.m.^..W...^..^...^......^.......^..\...^.Rich..^.........................PE..d....ZY..........." ...(.....\...... 0........................................#......)$...`A.........................................Z!.p....[!.P....P#.......!..W....#. (...`#..>.....p.......................(....U..@...................0Y!.`....................text............................... ..`.rdata...Y.......Z..................@..@.data....a...p!......^!.............@....pdata...W....!..X...t!.............@..@.didat..p....@#.......".............@....rsrc........P#.......".............@..@.reloc...>...`#..@....".............@..B................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\Microsoft.NETCore.App.deps.json

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):28699
            Entropy (8bit):4.283179767103418
            Encrypted:false
            SSDEEP:
            MD5:B2CDCC03969704428D83706F823BD8C8
            SHA1:62031804C9A9482E45EF1C349CB1631154833126
            SHA-256:12F467B3C16265775872ED121223DE71FDB965518E037CDAE566421B4F499E56
            SHA-512:2936CE1EB9AF678933A3E3467E0C59BC06413649F026E63C49D51A2C1A7B3A7F7D3F1FEDA51DBDA728B7913EB6429E212971B9AED905CAC7BFF648C1DFEC1B6E
            Malicious:false
            Reputation:unknown
            Preview:{.. "runtimeTarget": {.. "name": ".NETCoreApp,Version=v8.0/win-x64",.. "signature": "".. },.. "compilationOptions": {},.. "targets": {.. ".NETCoreApp,Version=v8.0": {},.. ".NETCoreApp,Version=v8.0/win-x64": {.. "Microsoft.NETCore.App.Runtime.win-x64/8.0.11": {.. "runtime": {.. "System.Private.CoreLib.dll": {.. "assemblyVersion": "8.0.0.0",.. "fileVersion": "8.0.1124.51707".. },.. "Microsoft.VisualBasic.dll": {.. "assemblyVersion": "10.0.0.0",.. "fileVersion": "8.0.1124.51707".. },.. "Microsoft.Win32.Primitives.dll": {.. "assemblyVersion": "8.0.0.0",.. "fileVersion": "8.0.1124.51707".. },.. "mscorlib.dll": {.. "assemblyVersion": "4.0.0.0",.. "fileVersion": "8.0.1124.51707".. },.. "netstandard.dll": {.. "assemblyVersion": "2.1.0.0",.. "fileVersion": "8.0.1124.51707"..

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\Microsoft.NETCore.App.runtimeconfig.json

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):53
            Entropy (8bit):4.039544162952557
            Encrypted:false
            SSDEEP:
            MD5:0828CC814843C0960554265CDA859EF5
            SHA1:0140385A9E76436A7F3FED45136462F3393B5CBA
            SHA-256:AC377253F9F7CF9D6127D684369DE36DA123D992CDC2E17950E3C8BF9688DF76
            SHA-512:22CBB29225F35CEA4329A08BE760420CAB6AB7EA85628436B7518759E09ACEE8F382D79C800E5C8F6BA647CA98B32A35A3A52CC1CB5B9CBD2E3B20FA314D839A
            Malicious:false
            Reputation:unknown
            Preview:{.. "runtimeOptions": {.. "tfm": "net8.0".. }..}

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\Microsoft.VisualBasic.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):17712
            Entropy (8bit):6.610099146248559
            Encrypted:false
            SSDEEP:
            MD5:3B3C142639335F9B615C0DE17BACB2D0
            SHA1:C599AA74C3D0916D6E0BAF0949C5A6894145C6F2
            SHA-256:BD36D4FD23D717FE88F2AFEB563EC6034D7FA482278156D99EF3CBF11EC2A5D5
            SHA-512:87A3D33BE2DD049D906EEA8266FA4EE4694A81E3EE07F8205CACACC75B141605DDA2D454905BA0196FE26B8C7E68F9F2469AF2AEB4DD92FFA4A65F4C026AEBEF
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...J............." ..0.............B1... ...@....... ...................................`..................................0..O....@..................0)...`.......0..T............................................ ............... ..H............text...H.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................#1......H.......P ..4..................../......................................BSJB............v4.0.30319......l.......#~..,...t...#Strings............#US.........#GUID...........#Blob......................3................................K.....C.................................J.....~...........b...........G...........c.....................................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\Microsoft.Win32.Registry.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):121128
            Entropy (8bit):6.1482993626679106
            Encrypted:false
            SSDEEP:
            MD5:C2DC11B82A094AFCE0E4810E4FA50723
            SHA1:769A8C969BB7EC7CA893C1939D2500BB367CF565
            SHA-256:19EAB1189558EFEFB90F34B012B8182DFD3C707463F5E0D4F5C0D810156A5ED8
            SHA-512:0083FFF0E424FF80B3F8A632F139AD267A14D1419ABD1B68BAF1FC84BD2E5739E805ADF10EC79D7FA325BAC553CF7F0D84C846425638292C550CA3957AF46DAB
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .....p...0......................................................5.....`...@......@............... .......................................4..........()..........8...p...............................................................H............text...[h.......p.................. ..`.data...a........ ..................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.AppContext.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):15664
            Entropy (8bit):6.754633849646731
            Encrypted:false
            SSDEEP:
            MD5:CA56A8F20FBC0DC300136A7F52CE5448
            SHA1:3BC48E9E7EBFFCBDE4A0018ABEE27077AA22C90B
            SHA-256:1EE0C49348E8F269D65096B2A749E81E06ABED0796BE768D5383F174B3EBED61
            SHA-512:2EC0A88FE112AC840DFBC7992028B85FF216AFF944483F1FC518A5E5E3822A6E7A2E7995E22464A07E3089680664D87124A1F1B1C3036C0F19B643FDF16F5D50
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..............(... ...@....... ..............................w'....`..................................(..O....@..h...............0)...`.......'..T............................................ ............... ..H............text........ ...................... ..`.rsrc...h....@......................@..@.reloc.......`......................@..B.................(......H.......P ......................('......................................BSJB............v4.0.30319......l.......#~......<...#Strings....H.......#US.L.......#GUID...\...|...#Blob......................3......................................................x.....3...........^.................I....._.................w.................G...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Buffers.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):15656
            Entropy (8bit):6.745504174553825
            Encrypted:false
            SSDEEP:
            MD5:CAA67B5CB207447441AF97F77A8D28EE
            SHA1:00321E60DB8F53DAAB0AF1D86F090B6B77CA2F0B
            SHA-256:49BD03FF5EF094D48ACE745D8F5C81077D28551CCA08B16D4C4DFAFAA352E43A
            SHA-512:4F886B2E093397A857F69B1635BF3B6ABDD181D17FF21F19AD99916894A684AA35D834FDD03EFEF846AEA6BC99E42D4FBAA7E50EF2400CB818A301A285841B8E
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....F7..........." ..0..............(... ...@....... ....................................`..................................(..O....@..X...............()...`.......'..T............................................ ............... ..H............text........ ...................... ..`.rsrc...X....@......................@..@.reloc.......`......................@..B.................(......H.......P ......................,'......................................BSJB............v4.0.30319......l.......#~......@...#Strings....L.......#US.P.......#GUID...`...|...#Blob......................3............................................................?.....!.....j.....%...........U.....k.....:.......................!.....S...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Collections.Concurrent.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):276744
            Entropy (8bit):6.728786186995529
            Encrypted:false
            SSDEEP:
            MD5:B9B20837FC21F3B6C7DC96118F58A584
            SHA1:A1E60495DA508FACB76031996ABCA51306078142
            SHA-256:4CC75A63FED0A6388C95628EFBEA788408E4167595D8F3980BCD2BEB9B439541
            SHA-512:720FC092603432E3640C9B4C71C969403D2BF400E1C2F7EF1F0C46D85E8A31147113C0A191A1A3180D9FE26337C3E1D0F6BA38505BC8146156A88841F8FFBECF
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....(..........." .........P.......................................................#....`...@......@............... ...................................... n...........)..............p...............................................................H............text.............................. ..`.data...h=.......@..................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Collections.NonGeneric.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):104752
            Entropy (8bit):5.951214543616432
            Encrypted:false
            SSDEEP:
            MD5:D8E1F2706EDBBB0D5283E866FD6B5A68
            SHA1:5893B4B685A2172D37DF5519AD00F02B5132DB50
            SHA-256:891A7B6BAA99B3A98D33947E69CB35F415BF735D9515DA628D6624BD64595BBE
            SHA-512:82F5FCA1138885BF890EA262B7B453E05C76095A7C80F66D2F90CAC91B374153A7E53B4F0C215B389BDAFF63F91DC52912382960E24C646429E12908AB2FECA5
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...c............." .....0...0...............................................p............`...@......@............... ......................................H0.......p..0)...`..........p...............................................................H............text...:+.......0.................. ..`.data........@... ...@..............@....reloc.......`.......`..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Collections.Specialized.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):104760
            Entropy (8bit):6.023688556329198
            Encrypted:false
            SSDEEP:
            MD5:408636AD69D82964450D11E2BC2B063E
            SHA1:C6701A74D0993B7E8242DC45C73C47CF38A8CF1C
            SHA-256:B2EABD2CC9923818F6D1BDFB3E9CFE02A54D6327DCC4AECCF61F895E0E02E67A
            SHA-512:FC252CB0E6B778E410856C1D8B2E00A925C8C6A31E8622687D56D641DC54DAD004507AF4A23406448D1410CB618F7689704E0D504B55A68BA2BD6BD05E8254A5
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....<..........." .....0...0...............................................p.......y....`...@......@............... ......................................x1.......p..8)...`......@...p...............................................................H............text...1).......0.................. ..`.data........@... ...@..............@....reloc.......`.......`..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Collections.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):260400
            Entropy (8bit):6.618537900857936
            Encrypted:false
            SSDEEP:
            MD5:F79C5255B5A8113246917AE7681E4A24
            SHA1:CC1B9BED6269BB109657A3BBEC56F54C31444B0E
            SHA-256:5B20181EE4E188AA6B328C107FEE9506E63EFE3A4F9D2C3517EF2972B6AA1211
            SHA-512:731AB48B1913FC9BA4F8D25EB497EF860796FFCA7364AC91D18BE2DCB243CDA6BAE0BD141CD6B8CB77C940253FE642BD44D85999003DD5701BE9242A6BDAB5BB
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....;..........." .....p...P......................................................7.....`...@......@............... ..................................t....[..8.......0)..............p...........................................................x...H............text....g.......p.................. ..`.data....>.......@..................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ComponentModel.Annotations.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):203048
            Entropy (8bit):6.207009954800782
            Encrypted:false
            SSDEEP:
            MD5:60AC5526E44A9F031F87CD84CEC7140F
            SHA1:4DFF306D8D13C393EB5924BACF4788397FE29B03
            SHA-256:7ABBB89A3B170A9DB8894B7B6E24A6CE99340F6938E1B78A1DE0A941B8B5BB61
            SHA-512:18F1B98E350D32DB9269CCB8B650D9E433BC18CE5CBC69B37082E182B3793900616D60814215FE6C5B39C2811A5A9153B6D0BCFD8BB00DA499AB8CA76410CB78
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...er............" .........P............................................................`...@......@............... ......................................8I..p.......()......L....!..p...............................................................H............text............................... ..`.data...M9.......@..................@....reloc..L...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ComponentModel.DataAnnotations.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):17176
            Entropy (8bit):6.675054821557407
            Encrypted:false
            SSDEEP:
            MD5:F8ADC8C164B2D4E9D87DCABCBDA95B44
            SHA1:2D78A2C285FD096612530ED90BF7FBA8A2AE1392
            SHA-256:E49B3F50FDB62357C70C944EF84DBCDE9DA86D2833882EA08AC28B1D3DA0EBBB
            SHA-512:254E544BE19F32F0DF65627F80EF5D456B52FE38DCA7F1B498839649318CC6A60EC0B81984548BBB20A39753EC4904EC74AD057D2DE2D128CAB81E1FE5444143
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...a.g..........." ..0.................. ...@....... ..............................1.....`.....................................O....@...................)...`.......-..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B........................H.......P ...................... -......................................BSJB............v4.0.30319......l.......#~..l.......#Strings....,.......#US.0.......#GUID...@.......#Blob......................3................................+.....S...........................3.......9...O.............}.........}...........$.....A.....d.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ComponentModel.EventBasedAsync.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):47368
            Entropy (8bit):5.343354931264753
            Encrypted:false
            SSDEEP:
            MD5:8118646098B1A4570BB29A5D867A1983
            SHA1:58787C4A3E3285BA9C7E7B7574C552467FD96F6F
            SHA-256:6C2BA61732037024199D6CB5841E41A51370399ED8E9402D20D378C4C79DCCDC
            SHA-512:2CA167E4AA6DEC9B3C811F22DE33FF92DDA58E170EBD322DE54D1725AB6A47403DA7D595A18BE7F72DB2C28C03E620F2505992B29E32BA731E5E442AEE9DF023
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...AM............" .....`... .......................................................$....`...@......@............... ...................................................)..............p...............................................................H............text....W.......`.................. ..`.data........p.......p..............@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ComponentModel.Primitives.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):80136
            Entropy (8bit):5.846320393478092
            Encrypted:false
            SSDEEP:
            MD5:BC478FC2764A94C56E69E9E38A51452A
            SHA1:1C199BF6064992A5A81472B091A01F45B4442889
            SHA-256:304635DBC025B5C3BFF78DF48C19980E9B52C632A7D3C145B61288F546293BF7
            SHA-512:AE81A6CE5E66CDDE1B074474459DB6081C627B8B38E0F959EBCDEE02AE935BB022E66F39A4451989AA59E3EBB15CE3052CC23DDEE4C9DB5E6649D33EAEE484B6
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....N............" ......... ....................................................../l....`...@......@............... ......................................<&..X........)..........x...p...............................................................H............text............................... ..`.data...............................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ComponentModel.TypeConverter.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):747824
            Entropy (8bit):6.643641560609559
            Encrypted:false
            SSDEEP:
            MD5:DB6BCFE78A5A8BA98D4042A2567933F2
            SHA1:463D999211CCE7B669437DF3935BE627DCDE8E7B
            SHA-256:CD7E2EF84253D24807DD61EF644F5AD8042656340DD02830E3F22E6A7EAB8D06
            SHA-512:FD099BFB3C1328602458C6F2C4F7C9FD470CBB0ED78CEADBE70F92E4860701AF956504A4C18443DCCBA63A819D764F1FD3CD3E82A21214FC5189EE2BD0D1C8A5
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....s..........." .....P...................................................@.......&....`...@......@............... ......................................p....X...@..0)...0......x<..p...............................................................H............text...L@.......P.................. ..`.data........`.......`..............@....reloc.......0.......0..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ComponentModel.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):30984
            Entropy (8bit):4.326509735182786
            Encrypted:false
            SSDEEP:
            MD5:040F8D89AA869EBAE8DD21141ED326B0
            SHA1:DD4B5B58DFE497F76F61891B8E62695310262896
            SHA-256:0BF9E3E6C8327B7DB4372F27507A71BF0EF06B22F042BBACF4A860F0922BE1FE
            SHA-512:6AD73EBE3CB5FE756D5BBACDF6BA09D490D619A1067DC2B6945871F6B7EE5C8901C45B491A26B23E74B8911F396F61EA9A88DE4B2F6BACD1CBF9E20496EF527A
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....X............" ..... ... ...............................................P......)+....`...@......@............... ..........................................0....P...)...@......8...p...............................................................H............text...1........ .................. ..`.data........0.......0..............@....reloc.......@.......@..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Console.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):174376
            Entropy (8bit):6.280397830530098
            Encrypted:false
            SSDEEP:
            MD5:E58A5726978B1DFD94B6B4CB38102340
            SHA1:D1A561662830FD01351341CA862BB93191095338
            SHA-256:8469DEB8C7D532E8857F5C68DEB291035103DEE3698BF5005F4E08C5BD05775A
            SHA-512:2D7B698720D7AB2E8535A68AFA3ABA41D39A888D05E59454CB7E35EE04E9E3CAEF52EA9BE46BCD8E28C7EF4E4098F168D7D0580347A9F980893198995301A388
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..._.>..........." .....0...@......................................................c.....`...@......@............... ..................................T....<..........()...p......`...p...........................................................X...H............text...}!.......0.................. ..`.data...."...@...0...@..............@....reloc.......p.......p..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Core.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):23848
            Entropy (8bit):6.307580885714362
            Encrypted:false
            SSDEEP:
            MD5:85A20E6FF4565669D120A52C00B12775
            SHA1:4C648D4161C9FD6C7FAABCDE1ED7F45A68E98A50
            SHA-256:CC23F980E20FCED097A234AEB379D9C9C1F5235B93126709199815E96D8F2217
            SHA-512:96DCADABD7A73584BB58459404ECD011F088AFE6BF92E413BBE69F9EC329B651415405838100513358DBF09A3EDEC23792A6C54C9BDDFDBE74870BCF74421180
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..*...........H... ...`....... ....................................`.................................wH..O....`..8............4..()...........G..T............................................ ............... ..H............text....(... ...*.................. ..`.rsrc...8....`.......,..............@..@.reloc...............2..............@..B.................H......H.......P ...&.................. G......................................BSJB............v4.0.30319......l...<...#~..........#Strings.....$......#US..$......#GUID....$......#Blob......................3......................................................i.......G...........................:.n...J.t.....t...P.................C.....`...............................................).....1.....9.....A.....Q... .Y.....a.....i.....q.....y.....................I.....R.....q...#.z...+.

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Data.Common.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):2861368
            Entropy (8bit):6.795825527603884
            Encrypted:false
            SSDEEP:
            MD5:38154C0B1654E7B38878A8D20A804979
            SHA1:EAE6B02D412B61A64E9FE87B62B77B0A940CC899
            SHA-256:85614A082FDB244379E34EDEA86AE8B7DAA71EFB61E52868675E5DA7685FB72F
            SHA-512:1E487C6AF8DEF70C168B86843113BE3B0DF15CD978C68FBDC65A0F371276428731241EF315C192E85BE27234CFA6EB1072E48778C36B8845C8DA86E9614CAA73
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...h.w..........." .....@)..0................................................+.......,...`...@......@............... ..................................t.............+.8)...P+..-......p...........................................................x...H............text....8)......@)................. ..`.data........P)......P).............@....reloc...-...P+..0...P+.............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Data.DataSetExtensions.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):16184
            Entropy (8bit):6.666464376103628
            Encrypted:false
            SSDEEP:
            MD5:9783A0CCD5A64883445821E1F071076F
            SHA1:C710BFBB818BF9F27F123F07E90DE7DC98C9F6D8
            SHA-256:55E5BD120160DDD157A2F11C8D8F9AD99972BAF1FA78C37647B0A34F268AC0DC
            SHA-512:23052276DD8F811D240A277FE3C7C77743FAEADC54548E4EE712D5AC4DB7921988406E66B9CEA24A0AF1D73A4D31AFA14E2ED81E87C1F874EFC36C7DF4FDE785
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....[@..........." ..0..............*... ...@....... ....................................`..................................)..O....@..................8)...`.......(..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P ......................8(......................................BSJB............v4.0.30319......l...0...#~......@...#Strings............#US.........#GUID...........#Blob......................3................................................E.............|...............i.)...'.).....".....)...~.).....).....).....)...e.).....).....E...........v.....v.....v...).v...1.v...9.v...A.v...I.v...Q.v...Y.v...a.v...i.v...q.v...y.v.......:.....C.....b...#.k...+.....+.....3.....;.

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Data.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):25384
            Entropy (8bit):6.290197216885165
            Encrypted:false
            SSDEEP:
            MD5:7AA4CC0823A68484980CCB05380826C4
            SHA1:7A74462318DDB1B472CA7DD9BB30B05AF2C38CB4
            SHA-256:04C204B1FC3B287A1C236AE14A6B397FB32BAB493FCEA64EBA78C8BB234FA37B
            SHA-512:D7A58F21889D0CBE1AF6BDF1F009D00EA66B79512F05613EE429964CE6C789FACA1B5CEF6DDFB463D607C498A7BE671601DDC18474124E2A184049222F543C9A
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....w,..........." ..0..0...........O... ...`....... ...............................q....`..................................O..O....`..8............:..()...........N..T............................................ ............... ..H............text..../... ...0.................. ..`.rsrc...8....`.......2..............@..@.reloc...............8..............@..B.................O......H.......P ...-..................LN......................................BSJB............v4.0.30319......l...T...#~...... ...#Strings.....+......#US..+......#GUID....+......#Blob......................3................................<.....H.........~.......................).r.........;.................Y.......................B....._...................#...........................).....1.....9.....A.....Q... .Y.....a.....i.....q.....y.....................R.....[.....z...#.....+.

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.Contracts.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):16664
            Entropy (8bit):6.674104191430389
            Encrypted:false
            SSDEEP:
            MD5:53A5965A6A8EA3D8EC5FA56EB53A88A4
            SHA1:669AF6E47FFE94CC600E21A4EB052C05F65BFF01
            SHA-256:F8179EF7837F7BF555720B9FA8C49243365794C28D2F7381E612BFC548681DF7
            SHA-512:BBA0CE25676F1B97E4442EEF0FF0410E67DAA780AD18FFBEB61462ECB6846AA82C3AD5806656A4048111807096BF359951E2D628EF77D5923ABCEE57FC855156
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."!..0..............+... ........@.. ....................................`..................................+..N....@...................)...`.......*..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................+......H........ ......................P ......................................=......mO9Y.F.&w.(6....?.8.EG..;.J..B.j-........<Z>R._......d|Y...!.tv.k.|;mV..b.^2.<...p........4.......2.\x?.LJ]f.l.&?....BSJB............v4.0.30319......`.......#~......H...#Strings....4.......#GUID...D.......#Blob......................3......................................Z.........9.........................,...5.............{.........F.............................#.....p.........................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.Debug.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):16176
            Entropy (8bit):6.74420130921519
            Encrypted:false
            SSDEEP:
            MD5:200A2EF8039A866C29F6646C08C916A0
            SHA1:D9AFB3DCF376FDF153D5B0F1AE6167660DFB1FEB
            SHA-256:F587E4D5F4347D8851FE63FD165FF3AF6F0A0D7EDB22DC9EC13878CC5342AB2B
            SHA-512:51BEB0733A184397ED605D483D0EF47F7A6B6DA05666DB5175CBDB8CDEFB90E4D6BFDB0C59E118796E9851108D590F2EADF3CF07944424C05276BD9F8A64E25C
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....+............" ..0..............*... ...@....... ..............................+.....`..................................*..O....@..................0)...`.......)..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P ......................$)......................................BSJB............v4.0.30319......l...H...#~..........#Strings....<.......#US.@.......#GUID...P.......#Blob......................3..................................................W...R.W...g.D...w...........0.....w.......................>...........................................>.....>.....>...).>...1.>...9.>...A.>...I.>...Q.>...Y.>...a.>...i.>...q.>...y.>.......................#.....+.:...+.P...3.f...;.

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.Process.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):338216
            Entropy (8bit):6.547091859291254
            Encrypted:false
            SSDEEP:
            MD5:634FEF75870C6C036FB4132A4E4D5B63
            SHA1:9020E99507A27D3009B5914F0E73C91F39C1AA1E
            SHA-256:7BBCA593ED7F5B8F8650ECD5E597190D7D55BC4B1B9D8A992C7A1F887E65DCC2
            SHA-512:03B92B87E25344F425AB05475845B14BD8B320E8C09E5B55D94F8FD284097F5226A99720988DDCAE025B92C60847F04AD60D74C0E4E90BAD380EB0A5390251DC
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .........p............................................................`...@......@............... .......................................w..."......()...........%..p...............................................................H............text...+s.......................... ..`.data....S.......`..................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.StackTrace.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):47416
            Entropy (8bit):5.395594314778358
            Encrypted:false
            SSDEEP:
            MD5:48E2A256B5D7FC2BB74B5046AF715072
            SHA1:EC1854323EDB9C462A2A967C1C06759C3261CCFD
            SHA-256:2911FCAD2139490432F3FA96FFB3A50A90E06F84C60E45DF60E6DEB4126B16B9
            SHA-512:2D0196C98EAA40759ACCD38C5410F482CFBFC83B79CDC629E0297A3B590B1FDD3FB77299F38A1F1414DBBB71475C6CEF744BB2FD7D695E9D3177BF7817F80C68
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....Y............" .....`... ............................................................`...@......@............... ..........................................8.......8)..............p...............................................................H............text....V.......`.................. ..`.data........p.......p..............@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.TextWriterTraceListener.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):67896
            Entropy (8bit):6.071077935827304
            Encrypted:false
            SSDEEP:
            MD5:7AEC30A9E458C5C0025FBFA3A940B791
            SHA1:E7AED5DDD43AC6D7EF1D474229EDC9FEDFBF1DF6
            SHA-256:1A1CB8D5807BF6EF60EE749AF2A7D485A581FC7C03CED44E947E08699566B2AD
            SHA-512:0D18CA8444DF6C74CCFD74344B59F6B965783592AA4E674478ADDD5ABACF0518C4C0060BB07E7471BF550A909F50E8DC6B6C779922E58EB870FBCF2E0F298757
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...B............." ......... ......................................................O.....`...@......@............... ..................................4...<(..........8)......0.......p...........................................................8...H............text............................... ..`.data...............................@....reloc..0...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.Tools.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):15664
            Entropy (8bit):6.8080160066573665
            Encrypted:false
            SSDEEP:
            MD5:6D8E075425E16A234FC8F5463C11BEB0
            SHA1:97D419FD390DFBF214FB7CFCA029A3458554F55E
            SHA-256:383907734CD3DD76969A359423AEF226CA131AD085FEFDE4943F9B6BB9B28102
            SHA-512:45B57EC21B8E618E83E0B0B790A6C5964054D50C3DB8D88A7B564201BD693746C555A0203C50F7DEBB6888222A0BE8307598C6451AA1FDF254E48D1CF5A1A795
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..............)... ...@....... ....................................`.................................Q)..O....@..................0)...`......`(..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l.......#~..(.......#Strings............#US.........#GUID...........#Blob......................3................................................F.h.....h.....U.................%...(.%...........%.....%.....%.....%.....%...f.%.....%.................O.....O.....O...).O...1.O...9.O...A.O...I.O...Q.O...Y.O...a.O...i.O...q.O...y.O.......................#.....+.:...+.P...3.f...;.

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.TraceSource.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):145712
            Entropy (8bit):6.215648320789539
            Encrypted:false
            SSDEEP:
            MD5:E65ABBCA33F2ACA899D9F5106D6C4CE6
            SHA1:27E9980354458C7EE097F752874C1F6D95EA66A9
            SHA-256:CC685536EB2061DD6CAF225E353334AA9179AFAEEC105836CBE3B84B88E3BF1A
            SHA-512:C7614E260036828F863764FE41920DCB46055928DD5274628C317C3997C95161D131A02358ADC1B7E3E25928AC24434FCFCF49DE5A6DDE5C5A3FB2B947265F95
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...-Z............" .........0......................................................J.....`...@......@............... .......................................B..........0)......|.......p...............................................................H............text...g........................... ..`.data............ ..................@....reloc..|...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.Tracing.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):16680
            Entropy (8bit):6.732264017448511
            Encrypted:false
            SSDEEP:
            MD5:3DE56E93F4E1D8D189EEB58D935D39B6
            SHA1:1534FDD929DF529AB29EA4DBD1E9E9D3EC51C949
            SHA-256:07990D092B8200A012C83B871324F18AC8C42D335EDFD570A1D6A695D55E43E7
            SHA-512:893F5F8D72AB2F0C48E33C7A38864380571D57E162A371B2B4E4ED879CFC37F220117860C7DA324EC5BF57F683B70A78D3BCDE010ED67A7AAAB553D5C9AC4C6A
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...#X9..........."!..0.............n-... ........@.. ...............................G....`..................................-..V....@..................()...`.......,..T............................................ ............... ..H............text...t.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................P-......H........ ..L...................P ......................................../e5.)5a..7.......C....V...D1.<t..I.@.......@K..T.H...._.F|..;9.j..TIKLL.tV...=.R?....../{..X....J?....i.M.d..]....w.(.I^BSJB............v4.0.30319......`...x...#~..........#Strings............#GUID...........#Blob......................3................................ .....................O.......................c....._...........}...........6...........B...........................................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Drawing.Primitives.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):133424
            Entropy (8bit):6.077871799095023
            Encrypted:false
            SSDEEP:
            MD5:9436B672EF85B0060E417B93E6F4CD05
            SHA1:589C7567B4B9FBCFC69048DF509A8F401F31B49E
            SHA-256:FA7D94825EC7ADEF2171952CE5A176B74CF97CB3C7A792A83A0CC03EB4A3B071
            SHA-512:A322D1D8D45CF3E5DEA7288BA1C192D5792D0C409A6F0140846A302AF5C33BC4AFC0D11DEC81384B7CCFF8F9B66BFF1F1C20B6A357B3D6AA95A91B1A06BD3E50
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....|............" .........0.......................................................'....`...@......@............... .......................................-..........0)......<...H...p...............................................................H............text............................... ..`.data............ ..................@....reloc..<...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Drawing.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):20776
            Entropy (8bit):6.428726027972037
            Encrypted:false
            SSDEEP:
            MD5:72E86E777EB37C25309D9CA02FB173D2
            SHA1:958DBEA0B0EC16624B24F05A13633642D929A3C0
            SHA-256:4EF5CE2DAFC66D495B9D075EB30AA5DC5C32A84FBFB2903E57E514A7BB4ACC96
            SHA-512:E15CA60C6D30BF4A661B51D7034E055224A89B108CEBA7FEF13C9246391E46DC05D35E6F46AD6FB0D115CAE7DE6371F6CCAA71695D56A84C9FB9DEFEFC8FAA36
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.............b=... ...@....... ....................................`..................................=..O....@..X............(..()...`......0<..T............................................ ............... ..H............text...h.... ...................... ..`.rsrc...X....@....... ..............@..@.reloc.......`.......&..............@..B................A=......H.......P ..`....................;......................................BSJB............v4.0.30319......l...\...#~..........#Strings............#US.........#GUID...........#Blob......................3................................................s.#...C.#...~.....C...........d.`...U.`.........*.`.....`...!.`.....`.....`.....`.....`.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.C...+.Y...3.o...;.

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Dynamic.Runtime.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):16680
            Entropy (8bit):6.6920378205912305
            Encrypted:false
            SSDEEP:
            MD5:61F1E563B3D2F94B3392CD568254FCE8
            SHA1:E5F006FBC73D470081D92C2DFD47C13382D78438
            SHA-256:9E24A4F9235027AB72D2480FA54EB291AC46E86354F240426CD8FA0FDB2BF197
            SHA-512:4CFA20B326B7729D1483CB1AEBBD261A4B6FCC46948C91C4EC844D34038ECBF94C84AD6959AE499AD8C7F05D72C2CF1A19A1C09BC5D25B1B98A81A51B8712357
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...z.,..........." ..0..............,... ...@....... ..............................L.....`.................................e,..O....@..................()...`......x+..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................,......H.......P .......................*......................................BSJB............v4.0.30319......l...<...#~......h...#Strings............#US.........#GUID...$.......#Blob......................3......................................&.........W.............................j.Z...9.Z.....A.....Z.....Z.....Z.....Z.....Z...w.Z.....Z.....#...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Formats.Asn1.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):244000
            Entropy (8bit):6.507233565279823
            Encrypted:false
            SSDEEP:
            MD5:CDF076CA69511E705F6F5B753098F9AF
            SHA1:90D319A2C2206528DDC216C4B7A55F3011EBBAF8
            SHA-256:689C8742BA53CD02774B1E7A94C9C9F15767C4BF4FCBCE2B801B916329BAB51A
            SHA-512:1ADABCFBB98CAE2AEF81ECC4C7E3E423E02955691FF0B6FA0733EC764CD94DEA6CA9A3F2797D60760E28FE053F7797F77F3DC8B854A627836C020B569B05E13D
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...,............." .....@...@......................................................h.....`...@......@............... .......................................P.......... )......h.... ..p...............................................................H............text....=.......@.................. ..`.data....*...P...0...P..............@....reloc..h...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Formats.Tar.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):272664
            Entropy (8bit):6.5102889309866585
            Encrypted:false
            SSDEEP:
            MD5:41A6F214168ABD16EB912C85ACC09E6E
            SHA1:29441BB9FA6E8B7A3F058FD511490025C920246B
            SHA-256:4AAA042DA8CCF199E8131429FBE28B71A8547B3CB8ED20D3B6962BA6D45770F5
            SHA-512:B977AC9C155CEE618739A115A495EB92EF270A5B0DCA1DAAE4C78B836BE3A7D3EC06B030180AED0AD116C4DA6A98AE7185D919FE141A667AF6FEEADA0C72030C
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....!............" .........p......................................................Q.....`...@......@............... ..................................t....f...........)......L....%..p...........................................................x...H............text....|.......................... ..`.data....V.......`..................@....reloc..L...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Globalization.Calendars.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):16168
            Entropy (8bit):6.766379214654712
            Encrypted:false
            SSDEEP:
            MD5:D21C365011A6420D58FE6EBB86C5784E
            SHA1:7EEA87877D56968A80A940C5FDD72E7416CB666D
            SHA-256:C016FF9595BF28A1D507A8058BE786FD0EEA635569EAE5E27D8F7B0B8D2DE0F2
            SHA-512:FE74960971E974771D86195B317A5096412868654F151CA2BB1FF4E058EC8315AA19613C2423597A6C02F88BFFA4E6C05360C1143FE09306955DA48DEF5C9477
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...c............." ..0.............>+... ...@....... ..............................H.....`..................................*..O....@..................()...`.......)..T............................................ ............... ..H............text...D.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................+......H.......P ......................l)......................................BSJB............v4.0.30319......l...p...#~..........#Strings....|.......#US.........#GUID...........#Blob......................3..................................................;...x.;...3.(...[.....^.................I....._.................w.................G..................."....."....."...)."...1."...9."...A."...I."...Q."...Y."...a."...i."...q."...y.".......................#.....+.:...+.P...3.f...;.

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Globalization.Extensions.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):15656
            Entropy (8bit):6.821063767728242
            Encrypted:false
            SSDEEP:
            MD5:0DEE67964FCB385F9FA8B7C3828ABCDD
            SHA1:831A65D098049E4260A24B7C6AF40B1F97E4D598
            SHA-256:07C60EF102AA7DFAD2BC691A9B4B9D827C40934C4E88029E19E9694267B93465
            SHA-512:277719C8981D6EE5F86E58FD6F1D554E9044B397A0598C4FABF7B7E6F8243A86C96114EA3DCAA80EF9942F47C60D0CB27DABF8CA081437A20A94312C4155DC52
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...`............." ..0..............)... ...@....... ..............................5.....`.................................o)..O....@..................()...`......p(..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l.......#~..4.......#Strings............#US.........#GUID...........#Blob......................3..................................................8...x.8...3.%...X.....^.................I....._.................w.................G...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Globalization.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):16160
            Entropy (8bit):6.706885767315989
            Encrypted:false
            SSDEEP:
            MD5:1104F40E8469C5590E7EFF79F7CA7D20
            SHA1:D156ECD4719973DCD81AA14D1A5E25C403506E66
            SHA-256:B5809B99963888AA99A958A22982CDDD7235C09053466F2922C3AB120CBDE456
            SHA-512:2126C5FF977F4E1A1F1CD0D5E96C0AAB5476CE12C9EE14B3AB9AC7180C9483F681029C961E3031D82F788B2172F647FADFE99805BFAFD9A2625723B0C1E9273C
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...."............" ..0.............v*... ...@....... ...............................q....`.................................!*..O....@.................. )...`......8)..T............................................ ............... ..H............text...|.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................U*......H.......P ..h....................(......................................BSJB............v4.0.30319......l...T...#~..........#Strings............#US.........#GUID...........#Blob......................3............................................................D...........o.....*...........Z.....p.....?.......................&.....X...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.Compression.Brotli.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):84280
            Entropy (8bit):5.88073044398993
            Encrypted:false
            SSDEEP:
            MD5:75A8A0B838312CA85F7080E46E2AD772
            SHA1:0CC9A61CD1CFC94CB62E398161E55326AA746A34
            SHA-256:2172BDD60DDE91FD530473D4C8D7BD96EAD15CCE886B438F3B39363DE781C671
            SHA-512:770A19C2C1CE7228835AE58198CFA9CCB52E1D9AD246D18069354F0BD94D2A1A2BCFF430F59B5320026C625EB47CF2B6F650659E1F69D8E1AB5334AC806F63D7
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .........0............................................... ......."....`...@......@............... ......................................|(..L.... ..8)..........@...p...............................................................H............text............................... ..`.data............ ..................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.Compression.FileSystem.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):15672
            Entropy (8bit):6.764939082374204
            Encrypted:false
            SSDEEP:
            MD5:C804A5B35533C6C78ACDEB7928617388
            SHA1:C037FD5B022707FEA213F703C22682CB4A2C95FB
            SHA-256:1481A72E898D6A995BB99EFFFF60AC5CF4D49463A24DC23EA6F73B5E69E3251F
            SHA-512:EC938C04E946C36CB378A387D8E8EB679E16A43C4E0E75C6DA8A428E426B0EACBA7170758EB1199A45B18A1239EA61806ACA85FBAFF698D6FAC77B3FC8268F07
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...H.t..........." ..0..............)... ...@....... ..............................X.....`..................................(..O....@..................8)...`.......'..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P ......................,'......................................BSJB............v4.0.30319......l.......#~..,.......#Strings............#US.........#GUID...........#Blob......................3..................................................U.....U...Q.B...u.....|.....7.*.....*...g.....}.*...L.*.....*.....*.....*...3.*...e.*.................<.....<.....<...).<...1.<...9.<...A.<...I.<...Q.<...Y.<...a.<...i.<...q.<...y.<.......C.....L.....k...#.t...+.....+.....3.....;.

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.Compression.Native.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
            Category:dropped
            Size (bytes):831256
            Entropy (8bit):6.118714221658192
            Encrypted:false
            SSDEEP:
            MD5:C890CB767071D6E6231D7FC96B09812A
            SHA1:DA53E98E516F2482DAD274D7D37B98A9307669A0
            SHA-256:5146291E6AB9C284FB1FB9564C067A142B97CDBE66D8DAE6BA4E67CF52C66F0D
            SHA-512:11EBD9B4DDBC4B18724BBAB8E59A8FD41366CE4D4B4905351D7B4EB61019B4E6A146C389A3761D2B8459A947C39B77F9BFF2C825E38DA15F6476C54ABAB64CDE
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......,..uh..&h..&h..&.8.'`..&.8.'b..&.8.'H..&a..&d..&.:.'k..&h..&)..&{?.'G..&{?.'i..&{?{&i..&{?.'i..&Richh..&........PE..d...Pa.g.........." ...(............P...............................................5(....`A.........................................^.......`..x...............d........)..........0,..p............................*..@............................................text............................... ..`.rdata..Lg.......h..................@..@.data...l....p.......\..............@....pdata..d............`..............@..@.rsrc................~..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.Compression.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):264472
            Entropy (8bit):6.548591134679868
            Encrypted:false
            SSDEEP:
            MD5:D9F34984A15B7E1651950F7FC4212AD1
            SHA1:E31F71380FCC9BA64847F0B60D8DB85671F83F85
            SHA-256:E595732C065539AB183FBD27CF5E42C63D11079F7ACBEAE455421B5E2E73B669
            SHA-512:FCB010FBCEAE2197AD927265DD5FA5A8CDE9E0859C127144A0DEC5E33592CCAE6CDD840F1CE15BE216EBDB6755374AD8D14162303219A4C2D5795AC8F267DC65
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .........P............................................................`...@......@............... ......................................df...........)...........%..p...............................................................H............text....|.......................... ..`.data....;.......@..................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.FileSystem.AccessControl.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):104728
            Entropy (8bit):6.04299609988956
            Encrypted:false
            SSDEEP:
            MD5:7B8853FA50238165F45E3C6B33D6351C
            SHA1:5168A2CB788E45828329959A8BEB2ECBFB49112F
            SHA-256:3053AB194B17A8175155651B35D0FCB62F3D8F0C3078CBDC2627C4C7669042F3
            SHA-512:5A980D92DC624D433AA929B6643D05710058B71CE0FC85814C80421578E6BDF94A0900221B59DC8458DED615A655C809A5907D3960F0BA98AC2392A3B424B23B
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...U............" .....0...0...............................................p............`...@......@............... ......................................P-.......p...)...`..........p...............................................................H............text.... .......0.................. ..`.data........@... ...@..............@....reloc.......`.......`..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.FileSystem.DriveInfo.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):55608
            Entropy (8bit):5.425657754099587
            Encrypted:false
            SSDEEP:
            MD5:D65CCF17AE03862430A708738F23980E
            SHA1:2946EC1A63DDE5130CA32274D34C02A70E0F3CA4
            SHA-256:D7BF8354D118851E2CF0934CE8AFF5DE79C12362FAB51107E8C42BDC20C2B39C
            SHA-512:DAD79CB469E724DAEB51B72611BEFEA74FE24029A5135C729B87DF2C81781DEB2ACAD08EDB0FA295ABA50C8C5A1AC41802528C5ADE8F3629538FE35B2A9347FA
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....7............" ......... .......................................................X....`...@......@............... ..................................................8)..........`...p...............................................................H............text....p.......................... ..`.data...E...........................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.FileSystem.Primitives.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):15624
            Entropy (8bit):6.821694638098971
            Encrypted:false
            SSDEEP:
            MD5:67EBDED0179552C303E213781BA5DB4E
            SHA1:BAC421FF4E7F2CE0CA3073294E19B6C19B587F74
            SHA-256:7C2AEF2BD75EB88874D980358D91C66DE8919DC887FA94CF1EDD770C3A8E5F74
            SHA-512:5A8EA7ABA4E118036898625CA47D6842EF0E5FB19DF1B847BDB5DFF73ED52ADBEC7CABB26D54CD8D44605178E355143814FAE6697ACA27FC292866A6302BBE8E
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..............." ..0..............)... ...@....... ...............................;....`.................................k)..O....@...................)...`......l(..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l.......#~..D.......#Strings............#US.........#GUID...........#Blob......................3................................................!.2.....2..._.....R...........E...........u...........Z.......................A.....s...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.FileSystem.Watcher.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):88368
            Entropy (8bit):5.877540050029605
            Encrypted:false
            SSDEEP:
            MD5:0713043930CD3C83563EC283D10742DC
            SHA1:88CCAFEB1BE351C16A3BBFDBC6E160031E3A9B77
            SHA-256:3B6BDFB5BAD16C2D2126EABB74A9859CA414FC75E6EB520E93D3A43ADBED7640
            SHA-512:BBAAB646F9BE8AE26E0AD00DFDCEC00F8F00968A594BF4C030D0272D2E8F6147413CB939FE4C1563A39AE2566532E429ED0D1362189EBF9205ADC12AADF26A32
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....P............" .........0...............................................0......t4....`...@......@............... ......................................p).......0..0)... ......`...p...............................................................H............text............................... ..`.data............ ..................@....reloc....... ....... ..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.FileSystem.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):16160
            Entropy (8bit):6.72885945570015
            Encrypted:false
            SSDEEP:
            MD5:5591B6C98BCFC539D04FB4116CD1D18B
            SHA1:330F3ED4D9B6546364FD04E78DB1EAC9CDAE050D
            SHA-256:4A61B376B6E77FC3FB20ED4ACDA6DBDCBE22D9BC30BF4E06925C003ECA391269
            SHA-512:F47FD870FA993ABFFB90C575AD94EFE1FA347944C0435102065146477B2BF1E60EF9493647538949EB19173F4864188F4D407D4B997A5FCB33E653C5A184E410
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....i..........." ..0..............+... ...@....... ....................................`..................................*..O....@.................. )...`.......)..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P ......................L)......................................BSJB............v4.0.30319......l.......#~......p...#Strings....h.......#US.l.......#GUID...|.......#Blob......................3....................................../.........h...................................J.......a...............-.............................../...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.MemoryMappedFiles.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):84264
            Entropy (8bit):5.806191116216466
            Encrypted:false
            SSDEEP:
            MD5:F77A293786087936DB47A5F85D028681
            SHA1:1F484F14468C4E28C61E04D20CFB77949F7F1E3D
            SHA-256:C4CE83776FAF64605E92041546DD886D7718AABDB79585F372822F4943F10CF3
            SHA-512:6E937A2C3A80E8B9058DB6C2389085765FD7A449753E4B3ED3DD9F2EA4ABF44DE45BD54E1F9F06AF2A1A8B3C876730898756D621A9DCA310C6430D47171B8557
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....f............" .........0............................................... ......j.....`...@......@............... .......................................%..|.... ..()......<.......p...............................................................H............text... ........................... ..`.data...`........ ..................@....reloc..<...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.Pipes.AccessControl.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):16656
            Entropy (8bit):6.745569370541998
            Encrypted:false
            SSDEEP:
            MD5:C9E5B4FB06655ACDF85805F9BFAABAA8
            SHA1:0434768A5419391C748787E55E7E43CCA69DECBE
            SHA-256:357478614E285906C5478249E1FFBEBF08D5B8FD508FEA854DB6632540FC2E47
            SHA-512:3DC99ECA3BD14B422C633FA12E081044BAA1756DEAD3D633BA338E7435B5630303ED53D39A681A018047EC4CDB97C8F028EFB91EC16E37F17F28F228F2E68A28
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....3............"!..0..............,... ........@.. ..............................b.....`.................................g,..T....@...................)...`......`+..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................,......H........"..x...........P ......h"...........................................<linker>.. <assembly fullname="System.IO.Pipes.AccessControl" feature="System.Resources.UseSystemResourceKeys" featurevalue="true">.. System.Resources.UseSystemResourceKeys removes resource strings and instead uses the resource key as the exception message -->.. <resource name="FxResources.System.IO.Pipes.AccessControl.SR.resources" action="remove" />.. <type fullname="System.SR">..

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.Pipes.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):166176
            Entropy (8bit):6.346058751718644
            Encrypted:false
            SSDEEP:
            MD5:E2998F0D8693BB46B40A210FA04F9BEE
            SHA1:645C748C1F9D738598BD8C272FE799A02B0D3D60
            SHA-256:1972A42C7B9045D102AD48081CD93DC4D96DAE9FF016F75687D4887D03D2920E
            SHA-512:B1B3F451E91DB813ED013FA4547E83F905A35D2A9E2EF557262EA234E1D9F0F2C4E5761F1E3C78A558C8DFB970D9FE47D987179927331915A8BC680B15E8D1C6
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................" .........@...............................................`......;.....`...@......@............... ..................................T...|@..X....`.. )...P......H...p...........................................................X...H............text............................... ..`.data...6/... ...0... ..............@....reloc.......P.......P..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.UnmanagedMemoryStream.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):15632
            Entropy (8bit):6.829247129940496
            Encrypted:false
            SSDEEP:
            MD5:971EE5253BB544A7B2B3A1077C2C6008
            SHA1:FCE7DB0F757434DF870CC2113DDD67B893C56CE7
            SHA-256:5B614D49BBA36FF77CAA7A760A1E2C1642435A1FA949BF3BD25015BFFF91473C
            SHA-512:EBB00CFB6916B79A49FD1B6E0F9C7D77373B747D452466D09CD6689297287C8FE7AFE45E5C341B46998AE7D716D62EA88CE3B0EE26D87263C83DA4735FBE344F
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...G............." ..0..............)... ...@....... ..............................n.....`..................................)..O....@...................)...`.......(..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................(......................................BSJB............v4.0.30319......l.......#~..D.......#Strings............#US.........#GUID...(.......#Blob......................3................................................$...........=.n.........h.....#.>.....>...x.7.................>...].>.....>.....>.....>...D.>...Q.>.................h.....h.....h...).h...1.h...9.h...A.h...Q.h. .Y.h...a.h...i.h...q.h...y.h.....h.....h.......................#.....+.

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Linq.Expressions.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):3676456
            Entropy (8bit):6.685377818335155
            Encrypted:false
            SSDEEP:
            MD5:B6A58A0AC1AF936FC5F14F8F2D44D1E0
            SHA1:0738563464D22751D4ADDFD268A57181CFBE562D
            SHA-256:F961C3396AADC6AD4475F12EBEA85743D01B015423FB216DAF3DA7A9B7F3ACBB
            SHA-512:41E3E393866711A811AD1E8F0E184905D4F790BCAC061F41BC42679ADE647A77B2861323FB2A3D7C78660C24EB45680FC72AB3953783C1137D428B8600F80FAA
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....<k..........." .....P1...................................................7......8...`...@......@............... ..........................................`.....7.()....7.,f...b..p...............................................................H............text...dK1......P1................. ..`.data........`1.. ...`1.............@....reloc..,f....7..p....7.............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Linq.Parallel.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):805128
            Entropy (8bit):6.742092274429004
            Encrypted:false
            SSDEEP:
            MD5:1E9DB6EC85E31D87782D10CB2A5A6132
            SHA1:FF0B9CA05BAAA3028874E6CEC5FAF4188F7B28BE
            SHA-256:7004CF19931E4688247A28AAFCD46992E1184C782EA9F6BE3C4491D327355C31
            SHA-512:9AD6BE73F1C89A4901AF2011B051D8874903466733196C211AC114361090605BB647034CBB70CA828C5F2637F19E2656A1771516F2564B111B8F4E46DD273058
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................" ......................................................... .......)....`...@......@............... ......................................x....d... ...)......T.......p...............................................................H............text............................... ..`.data....U.......`..................@....reloc..T........ ..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Linq.Queryable.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):174376
            Entropy (8bit):6.299213446161007
            Encrypted:false
            SSDEEP:
            MD5:04C98DD367C3C081624578459663FE4D
            SHA1:56976D550298BE9F9DE1BCB30D73D588426941F8
            SHA-256:7EFDA8EA3ADC84870CA399F1973C1B48963E034158E5C8D184D97E86C8733BC3
            SHA-512:B40AA4DD1F6D4A5723C79C3AD1C206C00671B1E9A243BA911BDCDCBDB7573C28D702BCC06E80A6882BBCBBD19A0BAF6B89047067EC11E1A4DEFD9B8B289F2E4B
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....*..........." .........p......................................................Bj....`...@......@............... .......................................+..........()...p..........p...............................................................H............text............................... ..`.data....V.......`..................@....reloc.......p.......p..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Linq.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):543016
            Entropy (8bit):6.741951464470459
            Encrypted:false
            SSDEEP:
            MD5:6ED1EA9A8EA41D939DA714D97F063993
            SHA1:833F7561D58C8336E4E937DE1A2320DB45BE1432
            SHA-256:A2FB9DD804188E44948A53C4165815F5CCCDE4CF5FED19988377AF84E86EFCC8
            SHA-512:0A0A197AFD26FC51BB32C6A1799D31FFD1F29E9A580C67AA43141F1E7252065791C9728A0595D0B330EF232D34E082DFB544E08CA72210CB8A290FFE4340E8D1
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....(............" .....@................................................... ............`...@......@............... ..................................4........J... ..()......H.......p...........................................................8...H............text....1.......@.................. ..`.data........P.......P..............@....reloc..H...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.Http.Json.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):129328
            Entropy (8bit):6.199319743810756
            Encrypted:false
            SSDEEP:
            MD5:4248D1CB0BB05ECFCF5D97BF2C556E40
            SHA1:BCF119421A620917E41CC1C668849FEA3225DC21
            SHA-256:AEDF0405E5333C565A1544FF91E2B1DEEBCE8FF75345F90D9A8A3126ACEF669F
            SHA-512:16C94D5D6C7559C8065159524F867862C112731470F8919DC755267B9CD1E94AF1162A25771DBD2371107132B9AD5F17CA504F86AB1F54AB47B31D2911F5B5C4
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...,............." .....p...P.......................................................O....`...@......@............... .......................................4..<.......0)......l...0...p...............................................................H............text...Qe.......p.................. ..`.data....8.......@..................@....reloc..l...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.Http.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):1730856
            Entropy (8bit):6.690299064412809
            Encrypted:false
            SSDEEP:
            MD5:5FEF63054D9A2786E932F48D0EB8C7DC
            SHA1:36718C8A24757E6DA65DDD30AFA78691EFE014BF
            SHA-256:D88A1E49EC7FE3EFEB41FC61E453CD22468FB729DCF451BF3B1E0C53179077D3
            SHA-512:475A3E2DF1AE4987CA2E696D0E28E5888379700D86D496268DE72163B46D67D1CA3E336E23B88F7F0BCEE3D4714CE4695E82E6F55010C435E06B1E65194A7005
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....2............" ......... ...............................................@......,.....`...@......@............... ..................................T....J......@..()... ......`o..p...........................................................X...H............text............................... ..`.data........ ....... ..............@....reloc....... ... ... ..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.NameResolution.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):112904
            Entropy (8bit):6.14105129338038
            Encrypted:false
            SSDEEP:
            MD5:830154A3A12519882938F7367080CB2A
            SHA1:B7464994D56D3F8E615EE56A5A6228C52E6E374E
            SHA-256:67D6CE9D3592927FDF25BA715F0E6AAA06A11EB41C13615234CA508813CD7D0B
            SHA-512:FD0B691E44E75A85211E0D58D199A2631CE74656FBEC186F1AE3841C93694F395E4C1B64EE14BBF703056EF0F41B111E334E32CA55456EFA11D6FF890238F042
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .....@...@.......................................................q....`...@......@............... ......................................h1...........)..............p...............................................................H............text....7.......@.................. ..`.data...B$...P...0...P..............@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.NetworkInformation.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):157968
            Entropy (8bit):6.293376030261192
            Encrypted:false
            SSDEEP:
            MD5:0D567DB735EE434D9D42C330D9FE4CE9
            SHA1:AFD1A4C53D18285523221E2E0BC2E757D2B64925
            SHA-256:D3C0790E53540E6715DB61B512EFA719FD8E195781EE85913FB8832677203BAB
            SHA-512:4AA7F32051774ABED9FF97FC16178773BF87E853A0BD554E27CFA5D393570A1A29C47F0C9FD2262FE7551335FC2687AF416CE4DC78C484D594B743E41244D523
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...../..........." .........@...............................................@............`...@......@............... .......................................9..8....@...)...0......0...p...............................................................H............text............................... ..`.data...T&.......0..................@....reloc.......0.......0..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.Primitives.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):231736
            Entropy (8bit):6.473177149043323
            Encrypted:false
            SSDEEP:
            MD5:D8CEDA452779306A13FF2F310CBEFE60
            SHA1:4447F82C5A1207B244A0AAEBCE3AB3530CD2BD81
            SHA-256:93FA4AD1590D704DB6ECAAFBE2E388A5318212CB0A4CE435324EEE0268A11C56
            SHA-512:7E736F6E0B57F5D527DEDB0B91291DD3EB1FB0324E5E349C4206A025FE3CEAF5B3E1F21F44653F9C6FCAA41BFD8742B4D37BC5B1BEBCD84378D2A52AE9A64F22
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...2e............" .........P...............................................`............`...@......@............... .......................................U.......`..8)...P....... ..p...............................................................H............text............................... ..`.data....7.......@..................@....reloc.......P.......P..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.Quic.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):280864
            Entropy (8bit):6.508318800576785
            Encrypted:false
            SSDEEP:
            MD5:1E9B9E443C93C2C10B5ED5A18A6F373A
            SHA1:8F3D2DEA48ED2B29178BCDC998ADD696D101D5FF
            SHA-256:24674D754F8DF968CD688EDB57D76CC0D19CA8556FB233B228DC43265F23AC65
            SHA-512:42BF6AD8C6707F3924AF164F3ECA305678E39F5343C96EC1415D37D1EDADFC0CAC2A7BA619D16B721999909EA773221748905E0BC7A35C9DC641C06A8662DD3A
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...4.Y..........." .........p............................................... .......)....`...@......@............... ..................................T....b....... .. )..........x!..p...........................................................X...H............text............................... ..`.data....U.......`..................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.Requests.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):346424
            Entropy (8bit):6.517886198613069
            Encrypted:false
            SSDEEP:
            MD5:15453335CBB5A8C13B6C3579CB27EF44
            SHA1:4290DC1F4674F46AF1BFCFA2CAEFDAF6E29D5236
            SHA-256:2AF7C808F26966E6F607C5E64F8D0117301E0EB3BD830C0731C7B1C2811FEC5D
            SHA-512:07C36FF474FB60609AD531CCA73B3ED3B6B7EE2F764DEE61F17108D9399EB07627D31585108BE25FC7161CF018893A0FD91BA70E0D1640D48F842376C00CB6B9
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................" ......................................................... ............`...@......@............... ..................................t...p....#... ..8)......H...P)..p...........................................................x...H............text...j........................... ..`.data...=n.......p..................@....reloc..H...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.Security.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):669992
            Entropy (8bit):6.743467370555766
            Encrypted:false
            SSDEEP:
            MD5:346732F74DAD8A8D557FB494D5636E63
            SHA1:3943BDF4BFB6E4F1A79AB5027BA7E2CC3A88FDB4
            SHA-256:F8D695445499BCC4CA8A41436DF9167B3A730EE0FECF9DC2A40E998C769EB1B8
            SHA-512:65E678314C4566823A491CCE1E8EF674E5B78CA1C11C67F86C4EC92FF609D7F66FE9B3433123387ED644B044B7B670BFFC490769C87A9A8D11E868999FA0B18E
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................" ..... ..........................................................lJ....`...@......@............... ..................................t...h....7......()..........8+..p...........................................................x...H............text............ .................. ..`.data...h....0.......0..............@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.ServicePoint.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):47384
            Entropy (8bit):5.320340299131119
            Encrypted:false
            SSDEEP:
            MD5:92C47820207565CCDF190FBA0C055297
            SHA1:4695E165E2C162393FF43BC86731C50E8AB2C380
            SHA-256:613B5DC25C72833A5A75BA80C59CFB4CF5522C7A6AD39D2D27A005CEEA72C857
            SHA-512:B0204A39FC18FD854517E3C90A7459151602F8B6142F622FF168E12C49EBAA9B9BB0E27A87CE708947FF17D526E12A41EC7958AB7A9DEFDC4FC0AA8C3D2596EA
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..............." .....`... ......................................................\.....`...@......@............... ...................................................)..........X...p...............................................................H............text...HU.......`.................. ..`.data........p.......p..............@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.Sockets.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):547096
            Entropy (8bit):6.628823968958786
            Encrypted:false
            SSDEEP:
            MD5:E4D73542713F8FB1DD0E7E5E142443CA
            SHA1:2D4C8B35C2EFA76C1FE95D0107B40781C51E4EC5
            SHA-256:928CB763462984DF68C19B44B41CF27D002F8B5CB4EF8BA8EB8A6F0602F6B2C8
            SHA-512:204EC8A2D43C30F2673C4FC7E6543EA0CE71DDB56C0956B0B1B2D8B53A34745E12A09206D6D1B8A8CB019A3D69324DA068687DACCE87255F98421F3723D399FE
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .........................................................0...........`...@......@............... ..................................t.......|8...0...)... .......4..p...........................................................x...H............text...8........................... ..`.data...az..........................@....reloc....... ....... ..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.WebClient.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):170264
            Entropy (8bit):6.42995613243351
            Encrypted:false
            SSDEEP:
            MD5:F87B4ABDB9661C494CBFC3A1A6F1939F
            SHA1:5948DD100146C6E2966E5E57A967B990EB6D6D48
            SHA-256:E92BA4FCBE48EB14259778EC442BF6330A85517D290675E02C7BDDF8C6752ECA
            SHA-512:B3A55EFC33150937E48385DE402362C4112B51B78C6CFBEACA749997295C4B0CCC9BAB301F69F6C79E4897BAEB344FF273B7897D79489BB0C33ABE7A6A277045
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...GbV..........." .........P...............................................p......;.....`...@......@............... ......................................dK.......p...)...`......@...p...............................................................H............text............................... ..`.data....8... ...@... ..............@....reloc.......`.......`..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.WebHeaderCollection.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):67872
            Entropy (8bit):5.782301099321138
            Encrypted:false
            SSDEEP:
            MD5:1F48CE4F560C515D93BE8E631C6639F6
            SHA1:0CA5F7790AEFC8927B37149B8ED9EDCBDD054872
            SHA-256:7E1855C9965554D7164BA73D355BCAC2E28C7E253D35D07F58F718B8CB037730
            SHA-512:C2879328B25CE351C3DFDDE6AAFE1148BEC7499E261FD9FA6380026D17EBB17EC008F4E07F81E08DA90744DF8454FE479F45454BCDEDC105B35AC7316700C9F4
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...../..........." ......... ......................................................8.....`...@......@............... .......................................!.......... ).......... ...p...............................................................H............text...J........................... ..`.data...............................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.WebProxy.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):43304
            Entropy (8bit):5.4543981044661525
            Encrypted:false
            SSDEEP:
            MD5:C77A9EC63CC7588D5C7FDAE75CA4BA0A
            SHA1:912B2FB046EFC6152755A79CC4FB20A096F74483
            SHA-256:B28FA5FCE149A161C1619A8C40A6B25F6FCB0F44E4C0580B721D38F024AB3CB8
            SHA-512:6788378D707983AB8DB891E489E1169A214A9E54D400522D6E39FB89B4130A885213947AB3F3AB05201D5AA68B629912E68AB52A05438DD8272DF3C6DF7A08DC
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...IE............" .....P... ......................................................I.....`...@......@............... ..................................t...............()...p..........p...........................................................x...H............text... L.......P.................. ..`.data...=....`.......`..............@....reloc.......p.......p..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.WebSockets.Client.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):100656
            Entropy (8bit):6.037382679706859
            Encrypted:false
            SSDEEP:
            MD5:F60FC5DF9579B7807A41F83996A92336
            SHA1:F1DFFEF2B7B52DAD59C93B438CD8C9FC8237310B
            SHA-256:5AF953EEE1E6B527EDB09EB3D51265A08BF0CAA9B57A1064176C7A726E464A35
            SHA-512:A74D1D0AB4AE318792443D65B1E8F039DD63FEC0BF12E8C140C4C0DC5B28BC6760D17751D8C08C339C43ACF05FD42F6F68E625B7F4E45CAF31A14A979BE55050
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...6&............" .........@...............................................`............`...@......@............... .......................................,..<....`..0)...P..x.......p...............................................................H............text...s........................... ..`.data...s!... ...0... ..............@....reloc..x....P.......P..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.WebSockets.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):190752
            Entropy (8bit):6.370812726125536
            Encrypted:false
            SSDEEP:
            MD5:68AF5E566C3F92B8B5D435E8CF0E4C6F
            SHA1:C29C05434C7CA82A0BF15A60CB2D4542483A51BC
            SHA-256:5418618458AA64E2695F6F51F51101E0AF961AA884E37EF2CA4212513DC87912
            SHA-512:47606C8E0B9642933A81221B91CBBF7FC06424EEF1A37581E5C165DCAC9279C145253CE34D32009BAECB80EF847013FDC355C343C4C7C67BF51843D6A2700CC1
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...\9............" .....`...P............................................................`...@......@............... .......................................L.......... )......d.......p...............................................................H............text....Q.......`.................. ..`.data...O7...p...@...p..............@....reloc..d...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):17688
            Entropy (8bit):6.619310311563334
            Encrypted:false
            SSDEEP:
            MD5:E1BDFB0A3C2077F217E94626A9C84D37
            SHA1:4485FA68954A681EAB2A6C6BB5006645AA63FB39
            SHA-256:18A45C63385C3F59BD8A503939E2E5C7CD327E2C03219A550E016D6A7CFEF468
            SHA-512:8D004D51503A92DC1878853DCD028D7865F22392FE194DEE0CEF6DF0B0A0E040BD2F4D33F4F0524DCB130E39359AF9506A6D0F894CE3D6FD16AA54A2CC67C61A
            Malicious:true
            Yara Hits:
            • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.dll, Author: Joe Security
            • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.dll, Author: Joe Security
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....g............" ..0..............1... ...@....... ...............................#....`..................................0..O....@..8................)...`......./..T............................................ ............... ..H............text...$.... ...................... ..`.rsrc...8....@......................@..@.reloc.......`......................@..B.................0......H.......P ..$...................t/......................................BSJB............v4.0.30319......l.......#~..|.......#Strings............#US.........#GUID...........#Blob......................3................................6.....x.........................../.......L.................................p...........................................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.C...+.Y...3.o...;.

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Numerics.Vectors.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):16176
            Entropy (8bit):6.720152735363345
            Encrypted:false
            SSDEEP:
            MD5:D548C14C3C17E640DAF27A76707F3BD0
            SHA1:8318BD1AE48BFFF8D0C5609E511BC5C10C8DFE7D
            SHA-256:D15A0768577C9E75A3D6FB94D580ED1E32994F4B971BECE03E6AD6EF7FD3518B
            SHA-512:D57139F4FD99820FDA6BCFFAD86F818125678E7E543B2C68DFDA4EE0C3547E003B290B5DCE23ED43A6D9B3CC739159E151039BC8B1D26A851CCCE4DF287A0FFE
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....k............"!..0.............n*... ........@.. ....................................`..................................*..L....@..................0)...`......,)..T............................................ ............... ..H............text...t.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................P*......H........ ..\...................P ......................................^..C...wn.|2..)..E..Z'...N.. ./..I....Z........a..PP..=F..=....i...... D..R....03...n.....[.Q[<o....q@...:V.....6E._V....y;BSJB............v4.0.30319......`...8...#~..........#Strings............#GUID...........#Blob......................3......................................D.........]...........v.................\.r.....r.....`...8.....0.......r.....r.....r.....r.....r...}.r.....r...........6.....

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Numerics.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):15624
            Entropy (8bit):6.743391402121608
            Encrypted:false
            SSDEEP:
            MD5:C9FC19DB9FE74066786403B4829EC5CE
            SHA1:12240200EC9DC0A64B141761DD2ECF7CCF4D4480
            SHA-256:8CECA85D001CFBF974FA37ED8C64CF97B619DCA942501EFCF22D4F369BA42292
            SHA-512:3FD206570AB29DAC923CAA7E1FBB32AE855D7814559534637EC381412CAD6AFB89FBAB99BDA21BBBA975554ECF5955B60D2129F5DECB50D70477E1A4BEC7A18F
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...9.(..........." ..0.............^)... ...@....... ..............................+.....`..................................)..O....@..X................)...`......,(..T............................................ ............... ..H............text...d.... ...................... ..`.rsrc...X....@......................@..@.reloc.......`......................@..B................?)......H.......P ..\....................'......................................BSJB............v4.0.30319......l...8...#~..........#Strings....\.......#US.`.......#GUID...p.......#Blob......................3................................................'.f.....f...e.S...............K...........{...........`.......................G.....y.......-...........%.....%.....%...).%...1.%...9.%...A.%...I.%...Q.%...Y.%...a.%...i.%...q.%...y.%.......:.....C.....b...#.k...+.....+.....3.....;.

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ObjectModel.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):80184
            Entropy (8bit):5.8034670220183395
            Encrypted:false
            SSDEEP:
            MD5:1E2A3C3FCAEE389C04D33C18F3B09599
            SHA1:6BECEBD105CEDD72DA755A49720D79F23F43C3BD
            SHA-256:447E24F4BFAB9D7F23DC204B632817DDF933AFD89222CB396402B471DFCA99D5
            SHA-512:A2BA95117DC9937E60E304384107C09DBBD12EA1BDD3B6210D2088CF10A9A6AA8CC09C83522E54F9F884055FF7072CA4D231273B0DE0BD4E66175E865AB13009
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....(:..........." .........0.......................................................u....`...@......@............... ..................................t...d%..........8)......T.......p...........................................................x...H............text...o........................... ..`.data............ ..................@....reloc..T...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Private.CoreLib.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):13175088
            Entropy (8bit):6.846434850139803
            Encrypted:false
            SSDEEP:
            MD5:8B5EE62ABDB7B72F418D797FE73F2521
            SHA1:77582007964CBB215278267691A255B63ABE5FFD
            SHA-256:4CD6810B4EBE8D6E1F5928F2026D257C112380D33B557A60BCFA9C7F2BB012E8
            SHA-512:870EF275E1E8D1607E2B22EB25F1F05F99346B54651BC119D809BF21F1A6F041EFF801B3B5E1FFBB1897975FEB2C3AA47B3699CC4C63ECA8E3E6A60387AB4BD9
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...J.c..........." ................................................................}.....`...@......@............... ......................................(r..|.......0)...0..@...8...p...............................................................H............text.............................. ..`.data............ ..................@....reloc..@....0.......0..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Private.DataContractSerialization.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):2083120
            Entropy (8bit):6.7084204593562475
            Encrypted:false
            SSDEEP:
            MD5:3E4914FB86B55E766730BBA2CF5F9710
            SHA1:AA6EABD6462F7898FDF34FA71355190A1B915F07
            SHA-256:96C38BE90900D54FDE8D6DB1B3DE8377C07DAF21E99976D6A3474A9511E3EFC6
            SHA-512:1B5749D910B8B5564F8D125A5AD62218B3BCFE190692D82F5101A8E53DC604060E3D9211B34EAAA6A9094C03529D6CE0196766AB5F266BEB8064B41314834EB8
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....6..........." ................................................................X. ...`...@......@............... ..................................$....[..........0)...p...'..(v..p...........................................................(...H............text...;........................... ..`.data...X...........................@....reloc...'...p...0...p..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Private.Uri.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):260408
            Entropy (8bit):6.615538060259084
            Encrypted:false
            SSDEEP:
            MD5:FADC9E1672EBA182AD57E6FF27DF1797
            SHA1:774C74089FCEA3AFE0C7CA1A0B496C999392900A
            SHA-256:DC01ED420EF427086F0057013D7AC1CAC07E2483E4CFC162D09DF1B64553892C
            SHA-512:0650F9ED9C86103CC66871B4558BA9AE291273FF5E0DC0FA7468F3636AC6896CAA8C9EA714ED821B55A519C6E1B1F5BD26D6DC7196F8F2BBA6215F355A2BE602
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .........@.......................................................<....`...@......@............... ..................................t...XS..x.......8)......8.......p...........................................................x...H............text....{.......................... ..`.data....$.......0..................@....reloc..8...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Private.Xml.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):7989544
            Entropy (8bit):6.802297198301812
            Encrypted:false
            SSDEEP:
            MD5:E166C44D116A2A649FB8BF58B8DEAE69
            SHA1:E66C37FBA5E3C405DD21C464343B87E173F1FB45
            SHA-256:79CDAEFC221388C3E5B9AFA137F8E4A44366CAC0CCC617BF1F5B6CA0DC95F3F3
            SHA-512:852C80299D20B6D5D7EBCA7C3D76DA1EA36CED6274374AF8ABD8F484C356321090E784F8C5E8357D1B4F6AC49DD48F81A6642D0D95682BA92C50E07EC25A20EF
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." ......s...................................................y......z...`...@......@............... ..................................t............y.()...Py..h.....p...........................................................x...H............text.....s.......s................. ..`.data....Z....s..`....s.............@....reloc...h...Py..p...Py.............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.DispatchProxy.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):76048
            Entropy (8bit):5.943118914884181
            Encrypted:false
            SSDEEP:
            MD5:202192E1AEDBDBD47B4C755227C9F174
            SHA1:FB61C5557319FA1BBF82302AEF46C331EFD8348B
            SHA-256:F625AAE4F7A839B16834764BCDEC5F8008A5171AB1AF77277B4861B077078D25
            SHA-512:EB87E36BA74192A177D9649E3B583A72B15C8AC3B8ECD991A56D449EBE99E2CCB3D667FB937055623584EDA6B271658784F9BBB51343843D3317F311C2980154
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................" .........0.......................................................2....`...@......@............... .......................................$..|........)......P.......p...............................................................H............text............................... ..`.data............ ..................@....reloc..P...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.Emit.ILGeneration.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):16176
            Entropy (8bit):6.7440217236656395
            Encrypted:false
            SSDEEP:
            MD5:AB6EE54636B88E5FE0DADCB9F24D907D
            SHA1:FAEDDCC767249EF0208A907DB50ECAEF1AA1F91F
            SHA-256:7C85F57B009B38E7F62DE0437A652966DB39134DC95527E3F60EA1B3334E23EA
            SHA-512:5131F86CD07BF1BD434E039EE7F0BBBFDF772F5C01EBD6F0968B5E6E5567F0C4130E7621B7D4489698A77BE6543D256ED4217CDA84E9178ACA1FD0F70E507DFE
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..............."!..0..............*... ........@.. ....................................`.................................?*..L....@..................0)...`......4)..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................p*......H........ ..d...................P ......................................V{.U^i..7`..8.Q.Tw.YZ8......\@9...7C...L.....v...y.%.....-...l..>.*#_.........[...+...d@~....Pu.j(...lt..........O../BSJB............v4.0.30319......`.......#~..l...D...#Strings............#GUID...........#Blob......................3................................................"...........;...........f.....!.b.....b.....7.................b...[.b.....b.....b.....b...B.b...O.b...v.............

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.Emit.Lightweight.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):16152
            Entropy (8bit):6.719210609725614
            Encrypted:false
            SSDEEP:
            MD5:F6781A08C2B18C6D751821744820B6C4
            SHA1:F10227DE4488F3E6E753D4FBD1D1C017A5E23205
            SHA-256:9356D1216420F334FF6DE21F1ABC93609EC7B037471453EC722DE89CEA954D45
            SHA-512:1270DB17862A22352BC8737B88B33C4FFD03146F2DEDE9F8DDB144D1F26BB8FFA35183FF9E99EDC408D7E14524D4C6CF82E833B4992446C982778A842C050D23
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Ss..........."!..0..............*... ........@.. ...............................D....`..................................)..R....@...................)...`.......(..T............................................ ............... ..H............text...$.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H........ ......................P .........................................>..B...u....z......q..p...h.ea..U.1M@..)4..y...z.W.+..qJ...Sy8...F|.......W....?e.c2..........`...,.2.eS.R.......1W...}`BSJB............v4.0.30319......`.......#~..4.......#Strings....<.......#GUID...L.......#Blob......................3................................................0...........I.k.........t...../.E.....E.....>.....~.....~.....E...i.E.....E.....E.....E...P.E...].E.................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.Emit.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):129312
            Entropy (8bit):6.1169104642443894
            Encrypted:false
            SSDEEP:
            MD5:F3C93B3779D56D80D784BA712A74C9FA
            SHA1:AED1E91233D0DFD1937354D4A94C5447B87259BC
            SHA-256:5BE721DD3FEB1E56284390D592B81C1885F50BBEB567C53EDB8DDC1CD3210DD4
            SHA-512:A1CEC4E076613695FCA1336B4C40F4EAE2F049CA5CEE522EE4082F3BF74C3704DF41655E00A806365A216110A7997DA0375DF74F5CA58FF072647ED80E352BDB
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....+)..........." .........0......................................................3.....`...@......@............... .......................................+..l....... )..........0...p...............................................................H............text............................... ..`.data...Y........ ..................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.Extensions.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):15656
            Entropy (8bit):6.793667220027114
            Encrypted:false
            SSDEEP:
            MD5:92E0E5A63D25B9C3AE3983FD1B126A8D
            SHA1:AF7095C2D4D58A19F205ACEF1019064905F44EF5
            SHA-256:F006C1DF74494ED22ED0ACE97F4D3D1A8B2B5C65DE706D201B76146FDD5EA6EC
            SHA-512:92A3F172F88E4BCE2B7651801D7FBDCC7C5BBFC242D60FD416EC6DDDADC4E0BB98ED24979B0FCB008B220D7EB93EE45C4DC39E4B030A4F9F23AEA94FC8ED82CC
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.............z)... ...@....... ...............................=....`.................................%)..O....@..................()...`......,(..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................Y)......H.......P ..\....................'......................................BSJB............v4.0.30319......l.......#~..(.......#Strings............#US.........#GUID...........#Blob......................3......................................................x.....3.....4.....^.................I....._.................w.................G...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.Metadata.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):1116440
            Entropy (8bit):6.644311003487164
            Encrypted:false
            SSDEEP:
            MD5:64E6830F63DE5F8F82A4F45BB5AAC4E1
            SHA1:3834E21EAF634DD532FC3D77B9F2449BF9F384CB
            SHA-256:A82DA76C39DD2287B580986C9D21E7405E3B9D43953C1856AD9036E117462A2E
            SHA-512:EE57142DD8A3036F0D545408FD68B325FA614615412E94F49536C391C009809EEA17E17BA3581A8DB4C2A56DD3E761A21A7BA3458E537F086270A45099504928
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................" ................................................................Ny....`...@......@............... ......................................@...........)...........W..p...............................................................H............text............................... ..`.data...A...........................@....reloc........... ..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.Primitives.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):16136
            Entropy (8bit):6.781423994083627
            Encrypted:false
            SSDEEP:
            MD5:92BFDBCC5A2A2BC7DB8AB7A1D759B827
            SHA1:09C260B069057E7EDA73BAFB78DB6F5A5968F5B1
            SHA-256:081035E2019F5614F08BBEE64BA2D4B93958A6F1F6EC7CAD305109519DB07C9C
            SHA-512:C43D173D96D9743A5917F02F4299A36A15C99252C271DC5076EF80DA0ED06088A8300DF7F31301F937E641E6B91FAB7AD1F5F0B6A57AE4DEF5196884F71F1ACF
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....J..........."!..0..............+... ........@.. ...............................8....`.................................5+..V....@...................)...`......8*..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................p+......H........ ..h...................P .......................................5....To.*.r..+L@el..... wO[...&...BC...|(.u./.z.N.~.#.....Q7....(.~>H].L....%C..n.P........L.>.D9....s8....'.......?..BSJB............v4.0.30319......`.......#~..........#Strings............#GUID...........#Blob......................3......................................3.........@...........Y.................?.g.....g.....`.................g...y.g.....g.....g.....g...`.g...m.g.................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.TypeExtensions.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):43312
            Entropy (8bit):5.201190108733127
            Encrypted:false
            SSDEEP:
            MD5:E58204BCE15E07EC0E3A9E1BE50DE9FB
            SHA1:E9EB5D8BA8AB976B0FB4A8A267898145DB7BA2F8
            SHA-256:1C5AC607683FC37DCEC16FEDD9360DDE2A214444596E3C2EA922EEB0C5E22EE9
            SHA-512:D38BB77B4E253748E18AAABF8817A7CFFC802A5E42E889107A8763B1833F4550D313EBEBC7290079023A4617E1533D2CA3F78A2017908901B0A50496EB589BA7
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...}............." .....P... ............................................................`...@......@............... ..................................................0)...p..........p...............................................................H............text....G.......P.................. ..`.data........`.......`..............@....reloc.......p.......p..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):16664
            Entropy (8bit):6.685947251423688
            Encrypted:false
            SSDEEP:
            MD5:6AD5CAD80276892BA4CC02B27E85BE12
            SHA1:7333C6F4682AD9C77D9FC319DFA48372A5CA321A
            SHA-256:ACD8F3EA0B145517E9DBE2D276B174DF4C7EBAAE28ABA62EE2303A8AFC83235F
            SHA-512:5C010AC745B3DBB5D22149DC8C373B2ECC9D9EB38566714FF23119C4FB0BC03B4A49607DFC073DE5912DBD8B4583E80C1E528CD5710C1865CD1CD18CC7CC08C6
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..............,... ...@....... ...............................T....`..................................,..O....@..h................)...`.......+..T............................................ ............... ..H............text........ ...................... ..`.rsrc...h....@......................@..@.reloc.......`......................@..B.................,......H.......P ......................4+......................................BSJB............v4.0.30319......l...l...#~......|...#Strings....T.......#US.X.......#GUID...h...|...#Blob......................3................................"...............M.............................q.6.../.6...........6.....6.....6.....6.....6...m.6.....6.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Resources.Reader.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):15648
            Entropy (8bit):6.7745107157816
            Encrypted:false
            SSDEEP:
            MD5:B60D236051B2ABCB66F74C4812223C62
            SHA1:8786DC5545047F56D1C909265841212C203ACE2C
            SHA-256:4EE54B35DE61268A3C9DB9A80DB5F005B49C134F5E9CEDCC0B31CDC2D120058C
            SHA-512:93873F04B3C5B8F962DD376DD7A3B0672F85F086C5E8BA08478488740D8DCE9D77679B8524E210CCF4F2386D8CE5CDFFE17C2709C79897C7F477A6ACB4D59AA5
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...`5............" ..0..............)... ...@....... ....................................`..................................(..O....@.................. )...`.......'..T............................................ ............... ..H............text...$.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P ......................\'......................................BSJB............v4.0.30319......l.......#~......h...#Strings....t.......#US.x.......#GUID...........#Blob......................3..................................................%...x.%...3.....V.....^.................I....._.................w.................G...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Resources.ResourceManager.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):16136
            Entropy (8bit):6.723144015881292
            Encrypted:false
            SSDEEP:
            MD5:066BB1ECF94BF9C15F39A89C55AE70EF
            SHA1:B711BBAD6052C4BB53D8BEA0DBB9FA64B3402DDB
            SHA-256:78EA4958BBA58923073533245EEC77810C34DE5C4D7F8FC5F2DCB20503C39068
            SHA-512:610558F4B5CF6F72921B3BABE28CA842EFCE97A85FA4FABAD91FB8EB92ECBCF5154A52E185965347974720D0E377239DCBEFE00940F4F28BA78A6438A8B5547D
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....!..........." ..0.............n*... ...@....... ....................................`..................................*..O....@...................)...`.......)..T............................................ ............... ..H............text...t.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................M*......H.......P ..H....................(......................................BSJB............v4.0.30319......l.......#~..|...,...#Strings............#US.........#GUID...........#Blob......................3................................................9...........U...................A.....A...........A...r.A.....A.....A.....A...Y.A...i.A.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Resources.Writer.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):51464
            Entropy (8bit):5.757823712774265
            Encrypted:false
            SSDEEP:
            MD5:474F5DACA75A68CCB27640CA24FD360A
            SHA1:68A5F5EF287E31046B5B90C58DD4D9727E0B1E1E
            SHA-256:9175EF26F74399E465C8053B142704EFD03727FE9837A5EC608433A417DFE326
            SHA-512:E5620657ED62AA0C71ACF5E8FEC0ED47857C7776868D2374A5F48ADC9AC7F2D4DB46B055C4C9732BF315EDA9FFF78F9347570B7A2AFF6E25D9602CA8647B1D88
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....[............" .....p... ......................................................!.....`...@......@............... ...................................................)..............p...............................................................H............text....k.......p.................. ..`.data...............................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.CompilerServices.Unsafe.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):15672
            Entropy (8bit):6.804784998922409
            Encrypted:false
            SSDEEP:
            MD5:C491FA202B388C62A783E9E7B8219531
            SHA1:4DB62FCC3451FE365B96AC8F6AFB8B36A310D0A7
            SHA-256:2DC6D8D20AF5A36257AF1E816F289F3F21611E811DBE9AF20966E5D4E701B7E1
            SHA-512:2046C41F7F5CD99020FA5784B8656636CE6AD2EC35295AC580704314622841812F4293C08847C01AE2DB833AEAB4DF2DF59BC33812423121FD1DFC9FF42A04FF
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.............J)... ...@....... ...................................`..................................(..O....@..................8)...`.......'..T............................................ ............... ..H............text...P.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................))......H.......P ......................h'......................................BSJB............v4.0.30319......l.......#~......d...#Strings....p.......#US.t.......#GUID...........#Blob......................3..................................................4.....4...Z.!...T...........@...........p...........U.......................<.....n...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.CompilerServices.VisualC.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):31032
            Entropy (8bit):4.668485682155773
            Encrypted:false
            SSDEEP:
            MD5:511A6CD95CB5E50ACC7C7B97F8DE3531
            SHA1:3AE756447C028A59CBCFB20CEF96483337DE4B5B
            SHA-256:2CF2328B2BB67EFB7A4021E6B1093282826A7D221BD3B3B57C145E5E13374456
            SHA-512:033E5553663D65A66007021D5773BB3046C2B24D51A991C83E1B025170E9D04B910273467CBAEC9CDE12B79DB10E2C9685AF5722BBACD603EEEA5ACB565F4788
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....b{..........." ..... ... ...............................................P.......6....`...@......@............... ......................................$........P..8)...@..........p...............................................................H............text...~........ .................. ..`.data........0.......0..............@....reloc.......@.......@..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Extensions.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):18224
            Entropy (8bit):6.562338179216365
            Encrypted:false
            SSDEEP:
            MD5:33FB9BBBCBA3E7BBBD7BA9216958008B
            SHA1:7660B39FDF52E35EDF106D6900F2C7862121EEA4
            SHA-256:C31F0812B87812A10627C8603CA265E1A33927047134B1DD5CE69356869E250C
            SHA-512:D51FD4D60B53C8BD23BC285FF34C447CEB517C3E402A8D61DB397996C3800F268B4F0ABEBEAC12BF42B608506EDCBF66CC4A27E46C0842B9BA149DAB61E5F01D
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Y............." ..0.............22... ...@....... ....................................`..................................1..O....@..................0)...`.......0..T............................................ ............... ..H............text...8.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................2......H.......P ......................l0......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob......................3................................I.....3...................................................i.v.........N...........%.....B.....5.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Handles.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):15664
            Entropy (8bit):6.814505381555342
            Encrypted:false
            SSDEEP:
            MD5:5E4C20E0A38D62A629E7009686E20264
            SHA1:27459AD6B3431B3B522CBD4AF7CB8DA84618353D
            SHA-256:FF10134A6AB7612D6AA2A368B1C6F3173A30CBB1ABF8D517C97895DE72132F2C
            SHA-512:5F11D193335F8556E66A040B1D29B18BEEDEB2F3FF1DE4E59D278E9B9E45464F9B5389C7815DB5A8889BCCB754F9B7F6E58B4535FF749CC33FF701B43516CEDA
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....{..........." ..0..............)... ...@....... ..............................z.....`..................................)..O....@..................0)...`.......(..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................(......................................BSJB............v4.0.30319......l.......#~..D.......#Strings....0.......#US.4.......#GUID...D.......#Blob......................3................................................(.`.....`...f.................L...........|...........a.......................H.....z...................(.....(.....(...).(...1.(...9.(...A.(...I.(...Q.(...Y.(...a.(...i.(...q.(...y.(.......................#.....+.:...+.P...3.f...;.

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.InteropServices.JavaScript.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):51480
            Entropy (8bit):4.96736494913135
            Encrypted:false
            SSDEEP:
            MD5:B3CBC3F39F271F7E23A0959D2C4A26CD
            SHA1:FD29277A423DF0E2C107E3C306228C665767E99E
            SHA-256:B5415B6BE10C1E87BF8FAF4206471EAD93E0AA4F445CA8CD9F35B8EAF8158D90
            SHA-512:A0D7B80F572ACFA60B92CBBDF06EDE4050944281D96E419DED9C014DA085387B2A9D841BC28E5DC88562BF92720E6AFC516E744E16FA4E9C4E6E1C173CEC744E
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....m..........." .....p... ......................................................._....`...@......@............... ..................................$................)..............p...........................................................(...H............text...Zg.......p.................. ..`.data...............................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.InteropServices.RuntimeInformation.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):15672
            Entropy (8bit):6.847005993457445
            Encrypted:false
            SSDEEP:
            MD5:13D864886ED9DAF09E800B3851B4A05E
            SHA1:5F7DE3337CD71E167B6D70626D29DC7139AB765C
            SHA-256:357797FEA3E2F1FAE6DB8F47AA096BDC35707BEB16EA912019877812708841D4
            SHA-512:F561129CEEB84C4C0AE1C605887907E9ABA9BF20A5107828F706D3A5BD075C87C918B0551845208D81A1AD65CE7844044187430F943EEF8253FD257AC6E937F7
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...C./..........." ..0..............)... ...@....... ..............................&.....`.................................{)..O....@..h...............8)...`......X(..T............................................ ............... ..H............text........ ...................... ..`.rsrc...h....@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l.......#~..(.......#Strings............#US.........#GUID...........#Blob......................3............................................................@.O.........k.....&.7.....7...V.....l.7...;.7.....7.....7.....7...".7...T.7.................I.....I.....I...).I...1.I...9.I...A.I...I.I...Q.I...Y.I...a.I...i.I...q.I...y.I.......................#.....+.:...+.P...3.f...;.

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.InteropServices.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):96544
            Entropy (8bit):6.028171254215127
            Encrypted:false
            SSDEEP:
            MD5:1DF866F691DEF4290407F5CF01B996AD
            SHA1:B2BA5AF3F80AAB63EF2FECF6341B44DEAE201AC1
            SHA-256:127EA3F2FF47CEA14C082B2ED22066554D22C9D8F97DC0D403B17042FAC62A5B
            SHA-512:6F96AEC2ABF7F6E96B7699F67CC8547334277C8E502E6ED357713C54B68FAF264B1843EA42E6AB0F7C6AD7DCC1098B9042E1D5F15E93DB6F8D346F613D1F6A1D
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....]............" .........0...............................................P......>.....`...@......@............... .......................................(..\....P.. )...@......`...p...............................................................H............text............................... ..`.data........ ... ... ..............@....reloc.......@.......@..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Intrinsics.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):17208
            Entropy (8bit):6.6141833133111865
            Encrypted:false
            SSDEEP:
            MD5:66227035D9417A2E4B4FA6598FEA969C
            SHA1:398C254B721337177A5BB236D49CA6E2B218095E
            SHA-256:3A18C5B41B723D5DABA3088D621D4EB8DCEB97FA9B2C4A850D54FD4381DC3C22
            SHA-512:26D4059CB06967641E5A935B36A7AB50FCCE0B7374E62BFE275B2C138B46ED9B8CF1E4B1F7C029586B8D9DD913F736EEED8C7E489A5FF682AAEF67DC2202E0E5
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...{............."!..0.............~/... ........@.. ..............................^.....`.................................#/..X....@..................8)...`......,...T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................`/......H........ ..\...................P ......................................E....H.m`.D...&....z../.....~..%....A.:.~.bX...........d.kS..F.z...z.......*.....(..a .L.J~,&_kh.I.4..FNO.{B.-S.e.S.....j....BSJB............v4.0.30319......`.......#~..P...d...#Strings............#GUID...........#Blob......................3................................M.....I.........B.$.....$...[.....D...........A.............k........."...........{.......................b.....o.......$...........

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Loader.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):16184
            Entropy (8bit):6.74808977719352
            Encrypted:false
            SSDEEP:
            MD5:4ED4A34C35F7B26E8E246D16C2DE6A53
            SHA1:2FD8657B37AE7750FE1CADC7D555041063CAF821
            SHA-256:F106DF84A047BA38B018AB7BBA10E2D2D6B2A5FFE5762CE8208C339AF3BB21C6
            SHA-512:3A7CC11E455ED511313366B5A2527BC52698B8958E9E7E20B56768C9561D10BBF13A2D327AE0467A5DC64F7643B8D16D6A65CAE1C4E1CED6F62360C9C535F90F
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...pp............"!..0..............*... ........@.. ...............................;....`..................................*..X....@..................8)...`.......)..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H........ ......................P .......................................1cc=.m.y-v..Z......9,.....8.5.....R..k.....tk.MM.i....s.^.Qx.D#$..t...3......@<........gy+.n.....^...#W....$b*2..b.C...BSJB............v4.0.30319......`...(...#~..........#Strings....0.......#GUID...@.......#Blob......................3..................................................P...X.P...p.....p.......v...V.....z.....).......1.....1...?...........>...............................P...........

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Numerics.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):330024
            Entropy (8bit):6.652134966205565
            Encrypted:false
            SSDEEP:
            MD5:3ACFFC369AECF966DD9C9E1F6FB966B6
            SHA1:AA0A79D6AA6760A71B2A2E47E03BE0A43892FE1C
            SHA-256:55D0E21E8AD1F851E0803AC655D9FCA5BEDA6692592FEE421C179AF64109DA43
            SHA-512:DFB97F5F791CBBD7C308754BBEB4D63A0AFF098313113B931E74CF824F67B765D3667662840BCBA8DCC9BDB07960D83408B7227A1749A6905CD1851C7C0F15D8
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .........@......................................................\J....`...@......@............... ......................................hn.. .......()......p...X ..p...............................................................H............text.............................. ..`.data...-#.......0..................@....reloc..p...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Serialization.Formatters.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):309544
            Entropy (8bit):6.565288812451409
            Encrypted:false
            SSDEEP:
            MD5:5D3970DB4A500B2349BFA20B83BD69E8
            SHA1:A4DDB5936ABE75A46A83A293771B2434E3C47A83
            SHA-256:748CCE10A02BBF3D24A1C6D7FEBFF0E5A8E7AE2E9C423BC904643B8D54FE6297
            SHA-512:3F57F56FF97E63FA130A204DA1B63811D0B77EEC9B41A70F12204855B395CAB6C6169972C20B149DB4EF6148313FCCBEAF6FDEC5F228EDC06400711F6E9C0275
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....I..........." ..... ...`......................................................+9....`...@......@............... .......................................i..`.......()...........#..p...............................................................H............text............ .................. ..`.data...'N...0...P...0..............@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Serialization.Json.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):16136
            Entropy (8bit):6.748110626945014
            Encrypted:false
            SSDEEP:
            MD5:44DBC666AD269986DA0AA1D4870DCC43
            SHA1:787AFE4CF6DA55E71A0BB946CCF9BF41FA0FA284
            SHA-256:53BDE641865F6240C7C7228809953607A2609B72D096197EC07495E44686F87F
            SHA-512:663BBD7021ECE6A80CE2E9A02AADA4EB5EEEE54155DEB5E389F28C3E45E7D4E31CD2E1C8A49D4F626CF5AC226B416C975AD76F0F4B4E8B756D136D950ED5019F
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................"!..0..............*... ........@.. ...................................`.................................W*..T....@...................)...`......P)..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H........ ......................P ...........................................!....Id|....I.;........( G.h...Fb..U.<A..YM...s...<7.i)h.'?.....]...-...c.+.?..P..mR.="..^......Y....(y[.qK..u.f....zBSJB............v4.0.30319......`.......#~..x...d...#Strings............#GUID...........#Blob......................3............................................................3...........^.......O.....O...a.....w.O.....O.....O...w.O.....O.....O...G.O...I.........................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Serialization.Primitives.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):39224
            Entropy (8bit):5.151825928966964
            Encrypted:false
            SSDEEP:
            MD5:977C08FFE5527A368DD5DC4F6E5743D5
            SHA1:A9BDBEC552469651D6B74AAAA211DB2895BAD869
            SHA-256:1439D12A15B1745DAC140FBBC659638D665A86F7ADDA6B4369D9F50E008256A6
            SHA-512:0A588E32424B43D3EA74A7A8FFD7F54BD069F4BADF7A4C134DB8A8A25EBC49FCB472A3F76CC08FC2C9FCA026AE8FF6E05A2C943E45D757B09447C105343664D8
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...w+............" .....@... ...............................................p............`...@......@............... ...............................................p..8)...`..,.......p...............................................................H............text....>.......@.................. ..`.data........P.......P..............@....reloc..,....`.......`..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Serialization.Xml.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):17200
            Entropy (8bit):6.683002357395069
            Encrypted:false
            SSDEEP:
            MD5:992AA05D8ABFFC669C94BD88A399D792
            SHA1:916EF573E5D82591100DD06C6A6FA8C80A7418E8
            SHA-256:D37E6A8F6B3882C3F601C80880E6A9721C42A175C29F553695B42C16774585B6
            SHA-512:087F0A38A67246FADB517F54A0BEBFD11D7725D90960822137FAA82A3661FD18033C9761E70BB24D7551C84902D07721E2D10D1C8250BB51C53385136F78485D
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....M..........."!..0.................. ........@.. ...............................5....`.................................M...N....@..................0)...`......H-..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B........................H........ ..x...................P ........................................"...;..%..;.......L.Q.^2~.m.o/6...."....8.jQ.>.fn..*....b...>.?+.J.[...p{.+.So...z..f...0..T....>V.Z.ug.9..4.....;\...)BSJB............v4.0.30319......`.......#~..........#Strings............#GUID...........#Blob......................3................................"...........................W.a...............=.............Q.........R.......................9.....k.....m...................A.....

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Serialization.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):17192
            Entropy (8bit):6.684282851066347
            Encrypted:false
            SSDEEP:
            MD5:1B4D714283918CC3F29285ADCC30CAEE
            SHA1:FE85DD75367C8AB9AA9CD6430C553A18237C1F8C
            SHA-256:06CD0BD2011F05F72D0F413489443354D7946A33F6B78B1DFDC939A8F9080696
            SHA-512:314EAA273347B7A28DEACB78E25D6495090E8DC5594C3CF443DE7D5EB748014B37EA19BA36543FCCC7FA6CCB1C259E33AAF662B05AF3F824B8717E67E555884E
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....*............" ..0............../... ...@....... ...................................`.................................y/..O....@..................()...`..........T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................./......H.......P ..............................................................BSJB............v4.0.30319......l...d...#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................~...<.~.....S...........Z...a.;...{.;.........#.;.....;...0.;.....;.....;.....;.....;.................3.....3.....3...).3...1.3...9.3...A.3...I.3...Q.3...Y.3...a.3...i.3...q.3...y.3.......:.....C.....b...#.k...+.....+.....3.....;.

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.AccessControl.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):231696
            Entropy (8bit):6.491225217557608
            Encrypted:false
            SSDEEP:
            MD5:AEC18CE525B03B3359FBC19E00D6FDED
            SHA1:F69D5504D3A4107B43E743FB714B2EE8C340178A
            SHA-256:DE77B6A860B6D1E9DBB6E260EF352AA9981A4A76C18A3BD144A6F8F041BBCF64
            SHA-512:0D7BC1B94563186D36276E57FAB09D85F1269BBA230331077F61C8E96F53A0F97B99AFA6E6859C8A0F378C2B44979B2098C3841FF639B134041459C69FCE985D
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....}............" .........@...............................................`......-.....`...@......@............... .......................................V..t....`...)...P..H...X ..p...............................................................H............text...S........................... ..`.data....$... ...0... ..............@....reloc..H....P.......P..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Cryptography.Algorithms.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):17680
            Entropy (8bit):6.616772216364839
            Encrypted:false
            SSDEEP:
            MD5:3E2C2FBEF86A88B2BF2FD8B177FD6D0A
            SHA1:3B2B791ADBF69F9A37597B80FBA9E9932E49A6BD
            SHA-256:A28C5AD8CFC585C3D225B07AC28C359EACE65765EAA306FF44D7A6511262792D
            SHA-512:6671151577CC961CE2C016543EE78C6197ED5BA9ACBAD855641AF5F661BB0BB4A5253E9E7BB5AE52253ED451F90818289826C242659ECCE405C25F1B0092C83D
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....A..........." ..0.............V0... ...@....... ....................................`..................................0..O....@...................)...`..........T............................................ ............... ..H............text...\.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................70......H.......P ..$...................t.......................................BSJB............v4.0.30319......l.......#~..t.......#Strings....|.......#US.........#GUID...........#Blob......................3................................>...........................?.....6.....j.....%.d.....d...U.M...k.d...:.d.....d.....d.....d...!.d...S.d.....H...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Cryptography.Cng.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):16664
            Entropy (8bit):6.725385029818809
            Encrypted:false
            SSDEEP:
            MD5:B00B172EC15D23D3BED84FCFA40D59D2
            SHA1:2B98143649573E5DF30EE989D46D1DE956BDFC4F
            SHA-256:A589AC8A9E90BA4F3E96CEC8B360B894DAB5FBDEF0004EF428258A9DC28D309B
            SHA-512:3822F4DC24FF40893470D15E05E4E54933D19350227CF07696231A8C7EAF955AC4B303C075FED0AE2AB6C25BF790F889178C06F340F2D22BFA342231EEE6E5F9
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...#..........." ..0..............,... ...@....... ....................................`..................................,..O....@...................)...`.......+..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................,......H.......P ...................... +......................................BSJB............v4.0.30319......l...<...#~..........#Strings....0.......#US.4.......#GUID...D.......#Blob......................3......................................d.........J.!.....!.........A.......J...n.....,.........................................j.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Cryptography.Csp.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):16152
            Entropy (8bit):6.795290241765418
            Encrypted:false
            SSDEEP:
            MD5:E593AE76E4CFAC375120915947952FF6
            SHA1:8015474D50021C65A65867636086E4A8A3A6F347
            SHA-256:5DA38D4A9EB67C2EF23B416A505E0FDB2A22FD5FE45D241645B37B5B5F0BCCE8
            SHA-512:43C7368A394B119839BAC8FC2B0F9213307C84F297CE480C0BFA3DF6300F3AA7B55E64E789D1EF619E88364387CB11D2228015D3A2CC8338596348D7B2772A0D
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...6J............" ..0..............+... ...@....... ..............................".....`.................................}+..O....@...................)...`......|*..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................+......H.......P .......................)......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID... .......#Blob......................3......................................................x.....3.n.........^.................I....._.................w.................G...................h.....h.....h...).h...1.h...9.h...A.h...I.h...Q.h...Y.h...a.h...i.h...q.h...y.h.......................#.....+.:...+.P...3.f...;.

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Cryptography.Encoding.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):16160
            Entropy (8bit):6.7458016577263
            Encrypted:false
            SSDEEP:
            MD5:FA0C6A5EBA91D8A8B17232345900DD2D
            SHA1:75AE67259791C5D4F580A9D2E0E7A892CB3B0902
            SHA-256:AA82B36AF87D73B54AB0F0E5EFD9FDB16AAA6D3F385F238364ACD36E482999F6
            SHA-512:8A76EF22006A7D4D3DF580CE00D310574251A91E942400E39637B57840EFE8386E51E27C92839E63038397CC900EFF43FEFD68A6E8820FF0C03CAB924F7DF812
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...z............." ..0..............*... ...@....... ...............................w....`.................................s*..O....@.................. )...`......h)..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P .......................(......................................BSJB............v4.0.30319......l...L...#~......<...#Strings............#US.........#GUID...........#Blob......................3................................................ ...........^.................D.d.....d...t.7.....d...Y.d.....d.....d.....d...@.d...r.d.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Cryptography.OpenSsl.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):15624
            Entropy (8bit):6.84073937768766
            Encrypted:false
            SSDEEP:
            MD5:09D34FE80AF19BF5B77BBEFCC01F6E6F
            SHA1:0A4FC9635C6710682C6D7FE32F91DC28C29ED7BC
            SHA-256:F644B4FA91D1BDC0596F390C99A123C206D0115FDD18CE778A23254066F46270
            SHA-512:E8131DB3070617A09955EFC7D267B2687A6FCFB7BD061FE027B54721C461E4D7119A0E80DD346865D187BE548001064A900479E99922835D90EC1222659D3DEF
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....r..........." ..0..............)... ...@....... ...............................U....`..................................)..O....@...................)...`.......(..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................(......................................BSJB............v4.0.30319......l.......#~..X.......#Strings.... .......#US.$.......#GUID...4.......#Blob......................3..................................................|.....|...E.i.........p.....+.Q.....Q...[.J...q.Q...@.Q.....Q.....Q.....Q...'.Q...Y.Q.................c.....c.....c...).c...1.c...9.c...A.c...I.c...Q.c...Y.c...a.c...i.c...q.c...y.c.......................#.....+.:...+.P...3.f...;.

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Cryptography.Primitives.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):16136
            Entropy (8bit):6.783350992582665
            Encrypted:false
            SSDEEP:
            MD5:67BD5079FEA8657220315ED9B2DBAF97
            SHA1:63F0A66127FEF3021E2B64B53758FF202C3318FD
            SHA-256:13BC715968175667FEC2E02B13300F5DE2A867B754B79439D2633FF3F9240560
            SHA-512:05B77B8A04F623F79E91D3381FFBABE7865089EFEFBEB29CDB016856C80D2CDEEB72473872D237B9A23F937CEE82021165BFF05E51065C4F8DE71B5B273A6EA7
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...{x..........." ..0.............z+... ...@....... ..............................9.....`.................................'+..O....@...................)...`.......*..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................[+......H.......P ..H....................)......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob......................3................................................4...........r.................X.............(.........m.......................T.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Cryptography.X509Certificates.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):17184
            Entropy (8bit):6.739673851144617
            Encrypted:false
            SSDEEP:
            MD5:3CC8CAEBB57D05D1909F39A6D647B901
            SHA1:29F8797E4DD7F5BCD863FFBB7888029BD363361B
            SHA-256:5826E377C017BB5C872E173DB728BB38FF072D1E0FB26B8E19B9ECA088752918
            SHA-512:927D96034350439D2DE069018158A2A9F2C9BDEA8520AA09B3232ABD2C2283B41EEBD2A661A46333D4F95339B5191FC72F6F192FE7C6C6C4428BAD5661CC76C7
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...K............." ..0............../... ...@....... ....................................`.................................s/..O....@..H............... )...`......X...T............................................ ............... ..H............text........ ...................... ..`.rsrc...H....@......................@..@.reloc.......`......................@..B................./......H.......P .......................-......................................BSJB............v4.0.30319......l.......#~......T...#Strings............#US.........#GUID...........#Blob......................3................................-.....r...............'...................X.....k.....k...........k.....k...i.k...&.k...C.k.....k.....k.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Cryptography.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):2050328
            Entropy (8bit):6.67414937170935
            Encrypted:false
            SSDEEP:
            MD5:18921E60094E6EEB74476CA10F785368
            SHA1:CA39FBBF0481B521F289C189892CD4BDC6D2D09C
            SHA-256:028606C9C16ACDE6BC7874809E2417FE6FD7BA94D3DCFD04CFCE5A4C21F16FF4
            SHA-512:0BC5B20C232E9F13EC372FA6BE23DE495D9EE0FDBB577C104EBCDA0EE349F9282A68B3C88997337EC2ABF0DAC01885143BC9188B3308CAC5C1263112CDF8495F
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..............." .....`................................................... ...........`...@......@............... ..........................................d.... ...)..........P...p...............................................................H............text....V.......`.................. ..`.data.......p.......p..............@....reloc........... ..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Principal.Windows.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):186640
            Entropy (8bit):6.420537455369693
            Encrypted:false
            SSDEEP:
            MD5:7C560E02F8DFD723471F71CB71C0CCAA
            SHA1:C1EA98009AEA6C3B12E078965CA3472E44EDA305
            SHA-256:59815FEAB7B47ABF6E7D4231A7081452B256704A3834C6A927A9E74C03897B9F
            SHA-512:32120BCF4D3E5C7A5AE676688FA8F0102C752E059C5EAF8987B37EAF3436C6892F9D1E7B3C531DB808E1E554316E24ABB0E3848705517833309954EBD537B037
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .....`...@......................................................g.....`...@......@............... .......................................N...........)..........p...p...............................................................H............text....T.......`.................. ..`.data....&...p...0...p..............@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Principal.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):15656
            Entropy (8bit):6.8053996554852345
            Encrypted:false
            SSDEEP:
            MD5:C9285D5497F2850234F48A0CF5619C0F
            SHA1:1B3AEAF0C40E401C1A2B4C19EAD12314B5782DDF
            SHA-256:902D836B8CB066DC2279E4DE0979B5A380BDCCCCFA69634BA51111CAC2BE2F44
            SHA-512:5EE72864A21C23B1AF540DAD95D67348837467A3CE19478B02223EE220441E40388B97C8E1110452F32EC2FB04BB63B649E49860153B5B1DF3F4D37D1C37866B
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...J. ..........." ..0.............j)... ...@....... ....................................`..................................)..O....@..................()...`......$(..T............................................ ............... ..H............text...p.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................K)......H.......P ..T....................'......................................BSJB............v4.0.30319......l.......#~..4.......#Strings............#US.........#GUID...........#Blob......................3..................................................=...x.=...3.*...].....^.................I....._.................w.................G...................$.....$.....$...).$...1.$...9.$...A.$...I.$...Q.$...Y.$...a.$...i.$...q.$...y.$.......................#.....+.:...+.P...3.f...;.

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.SecureString.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):15664
            Entropy (8bit):6.831153527632702
            Encrypted:false
            SSDEEP:
            MD5:8CC719E1BA62CA6F7BAED90FDE41BF8A
            SHA1:6F28D219D46E0A87658E0C46C5DABEFAE795F121
            SHA-256:1AF90D82A617AFB3BCCFEEA39B6D18CFD3A7C93CC80C8B75DBFF0FD2E75E7BD8
            SHA-512:E693831E7C4DE5BF2BF955A64D27B84F9ACABDC2BC6D7F150C582CE05E430C36BF48B22680E9A9831AE73A0615FD522576C22DD015CDE7D629413E200E5F138C
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...y6..........." ..0..............)... ...@....... ..............................QU....`..................................)..O....@..................0)...`.......(..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................(......................................BSJB............v4.0.30319......l.......#~..D.......#Strings............#US.........#GUID...$.......#Blob......................3............................................................3.Z.........^.......B.....B...n.;.....m.....m.....B...S.B.....B...w.B.....B...:.B...G.B.................T.....T.....T...).T...1.T...9.T...A.T...Q.T. .Y.T...a.T...i.T...q.T...y.T.....T.....T.......................#.....+.

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ServiceModel.Web.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):17176
            Entropy (8bit):6.64645995156569
            Encrypted:false
            SSDEEP:
            MD5:E6CEF184273D2FE35362FF4E5D866FF7
            SHA1:F6A57545875E5B8E1C8C05C0040BE9EA78207E3E
            SHA-256:3D08EB5338C0C588C1ABD53FE726BAE0607E0B50312F0079B678E3759FA1ABBF
            SHA-512:83D7671DC0B7E99068C8F322B1A81B090B54379EBEE2F9D6FED4104A138BDA4202EB92394B003134B73B9A2317A6592AD304C1435C7EBE5DA1953B1761130477
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....1..........." ..0.................. ...@....... ..............................i(....`.................................7...O....@...................)...`......H-..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................k.......H.......P ..x....................,......................................BSJB............v4.0.30319......l.......#~..8.......#Strings............#US.........#GUID...........#Blob......................3................................&.....................?.................%.].....................&.................>.....[...................{...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.C...+.Y...3.o...;.

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ServiceProcess.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):16168
            Entropy (8bit):6.754179132368782
            Encrypted:false
            SSDEEP:
            MD5:E5C676801CA76BCBF074E99710503F02
            SHA1:63C05E75C9862CFEE2B26FCA0BE3F1FB4C37E175
            SHA-256:634A5D94940A58BC90AFC5DFC90839359B0A9B2F7E0D7F12CDDA3281DF96418F
            SHA-512:4CFB1A78F5698345174BBA119D51E48BC85A8381D8174231A7A2DD65C0281E726E34260B5EA5D1AD71DF5580070D4B4017CA4D3D9CF0592CA25600EE58FFD328
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....`..........." ..0..............+... ...@....... ...............................&....`.................................?+..O....@..................()...`......T*..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................s+......H.......P .......................)......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob......................3......................................!.........f...........\.....:...........B.^...H.^.....;.....^.....^...+.^.....^.....^.....^...p.^.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.C...+.Y...3.o...;.

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Text.Encoding.CodePages.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):862512
            Entropy (8bit):7.457167201577773
            Encrypted:false
            SSDEEP:
            MD5:ECB1B379B3BCB01ACB12FAEEDFC5D01E
            SHA1:69BBEA3B222FF7566FA746572022F77F81122AF7
            SHA-256:85F3296C927E27E28461F6325A05504C0AEA8B93CA79691542E2A9E9AF92D3C9
            SHA-512:CC3E2AF695AF5AF4CCFDD981B15175A2525EAEBEB9BCB87C094E23FB156C7A50651B6600961741A0CCB1F7ACF2D38394F5395A846736371CAA6A1FD21FB1643F
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...3l............" .........@......................................................g.....`...@......@............... .......................................B..p.......0)......<...8...p...............................................................H............text............................... ..`.data...`!.......0..................@....reloc..<...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Text.Encoding.Extensions.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):16160
            Entropy (8bit):6.7352349940283025
            Encrypted:false
            SSDEEP:
            MD5:7B3BDED48604BACF38173A19CB38F269
            SHA1:9D15D2AD99F7437C9AE1775898C739712F8E5F93
            SHA-256:A875D0785CAE18EE30DB531303C166BA1A1D30C0CA4AB8EDD38FE04056F91EAA
            SHA-512:A34CAD7DC195B6C5B8A5C89E3A93083B1D401B5F772807524CEDE69210B04BF8FE746D9925C2FDB18B8D0F7636CFDFE48CF26FB0095500739CDC48E141BF344A
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."!..0.............^*... ........@.. ....................................`..................................*..X....@.................. )...`.......)..T............................................ ............... ..H............text...d.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................@*......H........ ..0...................P .......................................:...f.r....j..:..........u.z..n...7..&.....:..75o.=n..j~~.Qe..S..H....B.u.:..S.......Jw..........."U.I".$.1.........J/D.\BSJB............v4.0.30319......`.......#~..`... ...#Strings............#GUID...........#Blob......................3......................................O........."...........;...........f.!...!.z.....z.....s.........;.......z...[.z.....z.....z.....z...B.z...O.z...v.............

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Text.Encoding.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):16152
            Entropy (8bit):6.725439980411438
            Encrypted:false
            SSDEEP:
            MD5:A16009A8EEBE01B264F1BD291D51DAFA
            SHA1:7B4646DF65B243BBF2134594B08082F7CFE8F4A1
            SHA-256:5F1FAA88187672DC240B18D4199BB8040BBE8F3F7EEC939DEC5ABB1407137D22
            SHA-512:8EE0BDDA4F5BCDEB139C0D225E10385DA131808E7279EBBF2ED81CED81797A4E9118FCBCBAE46C07545D0B9D5C0527B81FE63E8543FDDC55125560518E676B9F
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...ql............" ..0..............*... ...@....... ....................................`.................................a*..O....@...................)...`......x)..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P .......................(......................................BSJB............v4.0.30319......l...T...#~......T...#Strings............#US.........#GUID...(.......#Blob......................3......................................M...............x.....3.....7.....^.......m.....m...I.f..._.m.....m.....m...w.m.....m.....m...G.m.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Text.Json.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):1501464
            Entropy (8bit):6.712609643579495
            Encrypted:false
            SSDEEP:
            MD5:07C161588790210444DC12F77D7CE1A9
            SHA1:0F2E4407C0A4F25759A94488646B626DEA7D8785
            SHA-256:93B1E1E677045AF7AAF17A9BFA9EA81D944E0918A94EB3492B78B22948550D47
            SHA-512:7AF614FEC989F5AF4C5A8B6787109CEBB98DB23783C4CBBCA22847DB8A84C515FDD87978CE96DD42D2D1B48E2F27BFAEEC8456C422923C6DDF35FDA3F4C574C4
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....w............" .....0..........................................................Y.....`...@......@............... ..................................................)...........R..p...............................................................H............text...F........0.................. ..`.data....R...@...`...@..............@....reloc........... ..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Text.RegularExpressions.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):1022264
            Entropy (8bit):6.8216381706865095
            Encrypted:false
            SSDEEP:
            MD5:D02946E47FC19B1C831A811808342B75
            SHA1:55739760E02BAFDA656149D052EEF444E68FDD90
            SHA-256:0FECFAC9BDD40C258F720FAC301E3722EA9FC245119E43DD30D181A9B1072DBF
            SHA-512:74FBB915D948C26F91D6295539A119C9E2B5B0C9877CAAECD0AD02F06EEA26B85AA2BF05CFF12A00098508859CC039A21D3D8AD10E04E1A969D280CCE2323290
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....U..........." .........P...............................................p......cj....`...@......@............... ...........................................G...p..8)...P......p...p...............................................................H............text............................... ..`.data....)... ...0... ..............@....reloc.......P... ...P..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.Channels.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):133408
            Entropy (8bit):6.278452778470254
            Encrypted:false
            SSDEEP:
            MD5:03A17E0F4DA9EB9C6EBB6E10CA241757
            SHA1:612D03F4162282670D7276836B319F201DFACBD3
            SHA-256:985DF4C7AC42C3447490BEC7653F111E137A88AC633BDAB6D0FDFAD23CB22095
            SHA-512:39C1E597B35524E881902DC6F8946466EBAEFF404433A813DF7221DB316D3E1886A274065CF127740B31AD370F76D7C66B1FE7B965AD50482A0D624365922912
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...|.$..........." .........@......................................................_.....`...@......@............... ......................................L7.......... )..............p...............................................................H............text.............................. ..`.data....#.......0..................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.Overlapped.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):16144
            Entropy (8bit):6.739782129844139
            Encrypted:false
            SSDEEP:
            MD5:B27644E15572E13CAB812C2031D76610
            SHA1:CD2D27ECBB2E4D703CF2C253C6575CE1B53F3F24
            SHA-256:00EE20495CD0531670CC761FF6B29A0230CF7C8FE607FCAD79567C5D1D01FF57
            SHA-512:EFE0493109B04FAF580A745EC7FB120F0688C2E374F9447D06BFA742F2257E69E0E1544C3393AAE4EDB13B986396F20E90C2B32F480A75753FB8BC8E8500C8BD
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....~............"!..0..............*... ........@.. ...................................`.................................;*..P....@...................)...`......@)..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................p*......H........ ..p...................P ......................................k...O..`.:b.v.$.]..],vO.#0.l...B^.....]C....%].%.../...H......._...f.9{...qFid..,>l.....S\.8..cQ.n....xV$....{.]..6.s.\. sj...BSJB............v4.0.30319......`.......#~..p...H...#Strings............#GUID...........#Blob......................3......................................................4...........7.......c...{.....V.............c...t.....}.................9.....................................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.Tasks.Dataflow.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):489736
            Entropy (8bit):6.715658217779917
            Encrypted:false
            SSDEEP:
            MD5:3356784EF4FE8C2678C85D417848A48E
            SHA1:89E60DFB18514CA65A9606B93B7D2BA7B4BCA5FF
            SHA-256:FB97F3ACD266AE1F0D25BD4CB77818AE1D154FEA3B46F2C1A3ED1EDB842F46C9
            SHA-512:1C3AD7582BD3F5B77019D931EFEBBB3E79960AEF51D9624E00E183783E6F55CA2CA5BD09CF49B924C1970E10A92261230A14420D85694E04EC46F9A7DFE2107F
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...]y............" .........................................................P.......i....`...@......@............... ..................................l......,1...P...)...@......h"..p...........................................................p...H............text...2|.......................... ..`.data...M...........................@....reloc.......@.......@..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.Tasks.Parallel.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):133424
            Entropy (8bit):6.345631677255552
            Encrypted:false
            SSDEEP:
            MD5:E4248B0D435DD54DE832467B13489FAB
            SHA1:32F6B603442302F627BC5DABFCDB5AAAAD44281F
            SHA-256:43D450BB7B0D440ED0D7F9A933E68E69CC0E2591B5B4D6B81C682EB7DCE85548
            SHA-512:27A095A634F88193DA5B3507363B753B1008674789EA50C66E582CED633D48D6EC1042FE7BECDF65085E29F5BE979E9EF5BB7AA930E14DB21BD4C903AA94C575
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....#E..........." .........@............................................................`...@......@............... ......................................<4..........0)..........H...p...............................................................H............text............................... ..`.data....$.......0..................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.Tasks.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):17176
            Entropy (8bit):6.623536186140361
            Encrypted:false
            SSDEEP:
            MD5:4B0EBBC7AB26C4FA2712DC1D7A9A430E
            SHA1:7E4872B4C2DA8CD8C39421EECCFEDB644F7F5882
            SHA-256:71F1B7847ED8C9DF6DB99ED7B756E4B846FEC646D8A8033C16A3945378AFC964
            SHA-512:339EEC43B703566A3094718FF28066E2A6011C3DCBAABCB3C7079CBF466D88F91702FB6BD8342DF08046854B6AC0B37A756A4AE7AEF20FD9A2C5D63477B73674
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.................. ...@....... ....................................`..................................-..O....@...................)...`.......,..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................-......H.......P ......................@,......................................BSJB............v4.0.30319......l.......#~......H...#Strings....X.......#US.\.......#GUID...l.......#Blob......................3................................&.................o...w.o...2.\.........].................H.....^.....-...........v.................F...................V.....V.....V...).V...1.V...9.V...A.V...I.V...Q.V...Y.V...a.V...i.V...q.V...y.V.......................#.....+.:...+.P...3.f...;.

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.Thread.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):16184
            Entropy (8bit):6.77418439872863
            Encrypted:false
            SSDEEP:
            MD5:00FE534A33B1F18DD900DF89E17F73DE
            SHA1:0792678A143E8ABDD57837D4B67D187B74570835
            SHA-256:ECBE1CDE0DE93B08489005DE9B2BA627725DC55646735DCF0F027E0E1FCE6F6C
            SHA-512:5AD071C4574453FE242344696DB8D132386CB05398C241F003C5643CC843C354288BB2C9A91BB6E0B8DB3E126B747C34BFBD01B51255C82DC6C237B86686E73A
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."!..0.............^+... ........@.. ....................................`..................................+..P....@..................8)...`.......*..T............................................ ............... ..H............text...d.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................@+......H........ ..H...................P ......................................."r_....e6...@i..$...{.A;...;a.s7......i..>...b.Hg.u[..........4..$^..w..N......^...L>+..........%..&9y.;.. .T.9.........[BSJB............v4.0.30319......`...|...#~..........#Strings............#GUID...........#Blob......................3......................................].........U.@.....@...n.....`...........T.............y...0.!...9.!.................................u.............@...........

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.ThreadPool.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):16152
            Entropy (8bit):6.729725204835813
            Encrypted:false
            SSDEEP:
            MD5:C5F1D1ECF20663D3C1BC58887FB02131
            SHA1:FF1860873F1CC59E9EE1E95992CDF6BA3B8E30DB
            SHA-256:5913E28B4B0E1D9A722C378557FE4AF7DB39E8A5E916ACEF6EAEC9A78F5B4A35
            SHA-512:0B000EFC667A85D36793D01456886BEB56BB96D8AE89DE84E5D49B488092AFA272578733DAC2CB147F87E94A60F17DB8E0FD2EA72E868F331A9F07CEB44A85E2
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..............."!..0.............N*... ........@.. ....................................`..................................)..T....@...................)...`.......(..T............................................ ............... ..H............text...T.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................0*......H........ ..,...................P ........................................D2.m...)..4...Ya.....B...z...T5.{...g.cH!..........H.K......{...J..K~c*..D..4*h,K[..b...Efd&.y...S..&T..E6[..._.a..O[LBSJB............v4.0.30319......`.......#~..`... ...#Strings............#GUID...........#Blob......................3......................................P.........7...........P...........{.....6...................................p.......................W.....d...................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):84280
            Entropy (8bit):5.968460814469461
            Encrypted:false
            SSDEEP:
            MD5:932A0C2978B649703C40B260B1955D26
            SHA1:E9A4C055BC14B3A2DB5BC5D0CF838E79838CE8E0
            SHA-256:15CC9DB291B87042F1AB4319F8D04F4CD226F15BF88BF0810B31DCD50FB0BB7E
            SHA-512:51D6D767425FA1AFA0ACD5A149B99D4C62BAB174ECD7485211E9B9635EB876319E8AD2A96D9A7CEF26BEB855DA3661B26912F05014F6DC22CFFE33306D9988E4
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." ......... ............................................... ............`...@......@............... ..................................d....'....... ..8)......T...h...p...........................................................h...H............text............................... ..`.data...............................@....reloc..T...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Transactions.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):16656
            Entropy (8bit):6.711937162453506
            Encrypted:false
            SSDEEP:
            MD5:18BA1339DDC5D2FA9B78F7AC1C18624E
            SHA1:FEA42F32DF780D9E9B180B149BC051DCC4C2CECA
            SHA-256:033AD774B53A4CFF5AE9AD00AD51FB44FB7E34CCE86BB88E077046BBDE82094E
            SHA-512:692E2FB1E69480A1D3264ED6666A2F0CAB1E05CDD6EE85DAFD58BF495443094DCC5D94864A2ACA6E7525129DB4F1442C3B80B52FF2C129E06C86DE6330A10605
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..............-... ...@....... ..............................k.....`..................................-..O....@..x................)...`.......,..T............................................ ............... ..H............text........ ...................... ..`.rsrc...x....@......................@..@.reloc.......`......................@..B.................-......H.......P ......................@,......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob......................3................................$.....3.........0...........D...........o.....*.1.....1.....K.....1...i.1.....1.....1.....1...P.1...X.1.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........C.....L.....k...#.t...+.....+.....3.....;.

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ValueTuple.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):15648
            Entropy (8bit):6.81235116499574
            Encrypted:false
            SSDEEP:
            MD5:FA3ADB76CA6EB3A67A5E4B6B24338726
            SHA1:57EA6862DB7DE23B47C34A804C0F1C10E3BC19A2
            SHA-256:4B3C5F41F52F16E2F4EC27BE12610A8437DE61F2B4CE53E383521A74D7937F44
            SHA-512:906624CE50242A01B84603D8100AC37C73B55821D111EB56186EB2CB41BC27945FD69DCD140DEC88FAD42C5A62E5504F72E78B0C21BFC7DF39CD3C7290D84E6A
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....i..........." ..0..............)... ...@....... ...............................2....`..................................)..O....@..h............... )...`.......(..T............................................ ............... ..H............text........ ...................... ..`.rsrc...h....@......................@..@.reloc.......`......................@..B.................)......H.......P ......................D(......................................BSJB............v4.0.30319......l...,...#~..........#Strings....d.......#US.h.......#GUID...x...|...#Blob......................3......................................E.......................z...........+.....b...Q.b.....[.....b.....b...4.b.....b.....b.....b.....b.....i...........t.....t.....t...).t...1.t...9.t...A.t...I.t...Q.t...Y.t...a.t...i.t...q.t...y.t.......................#.....+.:...+.P...3.f...;.

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Windows.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):16136
            Entropy (8bit):6.713032229773769
            Encrypted:false
            SSDEEP:
            MD5:CF29C8C0F79AB74BB29D01A8CD114146
            SHA1:DFFFCA8A3FB3CA3DEFD6F74DEE30D0A2C3824A70
            SHA-256:60E61212B4413692C26885707CF656A94D9676FF416C009FECA45C13B45271AE
            SHA-512:FE22D7A38752FF490568F9041C8FC063EAF2828B9D136446BA2F183B6433CCD1D184A4B1355B13ABF2CDE428025EE0C36D42ACBB2006539A9EFF31A166432DB7
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..............*... ...@....... ..............................X.....`.................................Q*..O....@..X................)...`......t)..T............................................ ............... ..H............text........ ...................... ..`.rsrc...X....@......................@..@.reloc.......`......................@..B.................*......H.......P .......................(......................................BSJB............v4.0.30319......l...$...#~..........#Strings............#US.........#GUID...(...|...#Blob......................3......................................X.........U.............................y.....7.......k.................................u............. ...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.Linq.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):16152
            Entropy (8bit):6.701189252773519
            Encrypted:false
            SSDEEP:
            MD5:30E9D9AC1BBC20DF3488FA252015553E
            SHA1:FB9419C4C85DBD5A3E2A9419AD34B4635C6CB544
            SHA-256:79D0149A24692E7C6B2EEB854CFBF3400702ED3D6640AA471ECE856B59E269E8
            SHA-512:22BAE9984027A91DD7AAA53E05B387C20315153C30954E6770538D85C0990C2622BD16E42CF7C70DD88BC01975A886B99D8AFFBF859C2C339ED3A18D6BCDE5EA
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....\............" ..0.............B+... ...@....... ....................................`..................................*..O....@..X................)...`.......*..T............................................ ............... ..H............text...H.... ...................... ..`.rsrc...X....@......................@..@.reloc.......`......................@..B................#+......H.......P ..@....................)......................................BSJB............v4.0.30319......l...$...#~..........#Strings....@.......#US.D.......#GUID...T.......#Blob......................3................................................L.............................p.@.....@.....,.....@.....@.....@.....@.....@...l.@.....@.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........:.....C.....b...#.k...+.....+.....3.....;.

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.ReaderWriter.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):22328
            Entropy (8bit):6.376492073803144
            Encrypted:false
            SSDEEP:
            MD5:21D8FDE33639C09BE8AD7EA2CE430C39
            SHA1:EB5DFA19839787F0CD7C0F8008AAFDAD62E33182
            SHA-256:0EBF6E07AC4C055F6EAC71D86CB01C43FA3DF6954828FAEC2E9A491D28305CB1
            SHA-512:28545864610BD19F44A5D06671453CAB62A33BA92E786C5B2A2F089ADA33FE6E947F6D6223195AFA5016F7A5EC506B33A84CC3EBCE4421CA8240C459AA03CAE7
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."!..0..$...........B... ........@.. ..............................AM....`.................................wB..T....`..................8)...........A..T............................................ ............... ..H............text...."... ...$.................. ..`.rsrc........`.......&..............@..@.reloc...............,..............@..B.................B......H........ ... ..................P .......................................w.y.9e.)....w..N....5...V.IT......j..~...(.."......7..o.....M{f...jV.".l.+%J.....x._.....,...d..~C..u..c..A...E...!.fmBSJB............v4.0.30319......`...|...#~......8...#Strings............#GUID...$.......#Blob......................3............................................................G..... .......b...-.....f.......i.......................................[...............................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.Serialization.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):16680
            Entropy (8bit):6.632838369230027
            Encrypted:false
            SSDEEP:
            MD5:14A3984EA8B856B26EF616F614D5350C
            SHA1:CDD8701E19708B6916F3336BCA9B5D60777EB41D
            SHA-256:C9C61183DF3FB4E23A0D98D3A1464352D84BBF80DBF05B5F2DFD5FB8186CA4E1
            SHA-512:B99B727D1D0FCF453F6F1631C46D817A828B02A8E3D231A772E18433BA0133D0EED747C5E6563A9FC7CDBB75183C986F10DAA639AC8DF230DAE68AEA1A09A214
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....6"..........." ..0.............R,... ...@....... ....................................`..................................+..O....@..................()...`.......+..T............................................ ............... ..H............text...X.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................1,......H.......P ..<....................*......................................BSJB............v4.0.30319......l...4...#~..........#Strings....4.......#US.8.......#GUID...H.......#Blob......................3......................................".....................X.................*._....._...B.?....._...'._...Y._....._...3._....._...l._.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........:.....C.....b...#.k...+.....+.....3.....;.

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.XDocument.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):16136
            Entropy (8bit):6.774367058875485
            Encrypted:false
            SSDEEP:
            MD5:BE12DF6ED82876BE80A492350334C32D
            SHA1:929B139819B4AA89B251B0F7C79C84BB27255180
            SHA-256:5BF16937086393770381C25842CB35011942F78D0C9EA7DCDAF0161429288B8A
            SHA-512:CB4D30DD1EC8A1A5549BF06120C36275050714D4AC1049838A450D5345491E96C17EB18FD351280BA3808CED1D51C7F89EA7653091490C06AE98B7313CCC9C9F
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....q..........."!..0..............+... ........@.. ..............................Z.....`.................................q+..Z....@...................)...`.......*..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................+......H........ ......................P ......................................`....Uk..O..8.....P.g.:.....PJ.+F.".C.{.....c.^.6....ejIs9..Lc5]...-#..8...I..b..yC`.......us_.V....~...c.^^...5....&Ssc....BSJB............v4.0.30319......`.......#~..d.......#Strings............#GUID...$.......#Blob......................3................................................L.............................p.L.....L.....8.....L.....L.....L.....L.....L...l.L.....L.............................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.XPath.XDocument.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):30984
            Entropy (8bit):4.288581469269511
            Encrypted:false
            SSDEEP:
            MD5:63AF3D0B5B3681BA5BB2586E41014548
            SHA1:0E7A369FD101B66A96577FFB16FB188BDE100496
            SHA-256:865C8934588F79ACB1BF69D0D406198ECCAC4751BFABCC0F6BB4E6712459090E
            SHA-512:F82C6C4011F8B8C51AD506C22E5D4B1FCD4A3AFD10B9D0924CEFA54A5DD61E0DBFE972644ADB603AC0E75AE00DDD553D718E9BCB18F4CB95C25A3DEA9B323CC3
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................" ..... ... ...............................................P......3.....`...@......@............... ...................................... ........P...)...@......p...p...............................................................H............text...3........ .................. ..`.data.../....0.......0..............@....reloc.......@.......@..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.XPath.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):16184
            Entropy (8bit):6.732697208000902
            Encrypted:false
            SSDEEP:
            MD5:5A38DE4B1F1CEE04CE6CF96E1E07BA8B
            SHA1:D66CCD2E1589D58E3621BCF2E63CCAE509171519
            SHA-256:6AF1A8C435EF7BB1972E0509BBDD9A32B665949C248B6FD777833ABC527F290C
            SHA-512:3069EDB787B0BDB46E023AB71E34B817CE4E00EE9AE69F7D75DA4D3477824761D38B30690F012EA3B1F54D3A25EDCFE292C1AC615FF4F2C4E82127D448CA98DB
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....:..........."!..0..............*... ........@.. ...............................g....`..................................*..Z....@..h...............8)...`.......)..T............................................ ............... ..H............text........ ...................... ..`.rsrc...h....@......................@..@.reloc.......`......................@..B.................*......H........ ......................P ........................................w[zr..~.....8...<xq..W..xe...x.W.6pYMM..E..d..CJ..s...H.EKtfC V.Y7...6...o<g*.=.N.!..}".....R.r ....=.Q..*=yv.'.U>7.D{#..TBSJB............v4.0.30319......`.......#~......\...#Strings....P.......#GUID...`.......#Blob......................3......................................'.........C.............................g.{...%.{.....d.....{...|.{.....{.....{.....{...c.{.....{.............................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.XmlDocument.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):16152
            Entropy (8bit):6.767329523656509
            Encrypted:false
            SSDEEP:
            MD5:123A240246001C458E14CA32D40D56EC
            SHA1:473A3DF6DF0269BC824B6B90217CFA2141AF59C1
            SHA-256:BAE0097F29C72DC7095DB06156D11BE9949C28CD8FFE5605851FFA8308B443BA
            SHA-512:58AB7B7F06BC0A418B77DCBE8ABDC66850791B3D0AC4EB3819EA717B5B151B167B7CEE7ECDBDB86E66A1EF073B7E877ADB0C70F3B973E712DCB637BC504D0916
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....c............" ..0..............+... ...@....... ..............................;n....`.................................E+..O....@...................)...`......X*..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................y+......H.......P .......................)......................................BSJB............v4.0.30319......l.......#~..8.......#Strings............#US.........#GUID...........#Blob......................3................................................P.................<...........g.~...2.~.....1.....~.....~.....~.....~.....~...p.~.....~.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.XmlSerializer.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):18216
            Entropy (8bit):6.626651656502574
            Encrypted:false
            SSDEEP:
            MD5:59C396A982C075DEC28848C21B9B3287
            SHA1:49889A00099595C550AC919E381E030C11D84322
            SHA-256:9399F32559DCF33BE15D7F7C67BA6139602439BA848128715D3919084EFF0C8A
            SHA-512:1492AC135547ABA77EFFE2C1C8DA278CA04CF5C8836CE175682B163BA7BD392C10A2718A9667A1EA2F6DB4A7984550C5C511796183A29B5D7902D2C0A2F3E300
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....8............"!..0.............N3... ........@.. ....................................`..................................2..R....@..................()...`.......2..T............................................ ............... ..H............text...T.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................03......H........ ..4...................P ...............................................z..R+...x...].R.;.m.xd.........%k........_........>.....KG.`..g.......a.&...j....:.Q'L)J...@...r^\C....\.nuBSJB............v4.0.30319......`.......#~.. ...p...#Strings............#GUID...........#Blob......................3................................J.................................+.....F.....H.....N...............................................................................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):23848
            Entropy (8bit):6.279851716286934
            Encrypted:false
            SSDEEP:
            MD5:70B07221E2FF122EDC83D1CE7878F071
            SHA1:10DC2947E778C5D3279251214FFC4D6F537AAFBA
            SHA-256:C55AFCA244EA174CD7D26B81342B831D61D15F3D80EEE9406168F136CBCDD5B6
            SHA-512:DB0114AEA937A0443595C1CCF577D540FAEDCB632C0475B1C3CA26A5076CEFADF916196DE0CCB924A657428E77FE892748AE22D495668445B4E113C98B89EA85
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..*...........I... ...`....... ....................................`..................................H..O....`..8............4..()...........H..T............................................ ............... ..H............text...4)... ...*.................. ..`.rsrc...8....`.......,..............@..@.reloc...............2..............@..B.................I......H.......P ..4'...................G......................................BSJB............v4.0.30319......l...x...#~......X...#Strings....<%......#US.@%......#GUID...P%......#Blob......................3..................................................................S.....:.y...<.....O...................................................................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........:.....C.....b...#.k...+.....+.....3.....;.

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):50440
            Entropy (8bit):5.759917233301275
            Encrypted:false
            SSDEEP:
            MD5:91D003E2BCC6C343D3C752C9745F807C
            SHA1:A793B282D2125C2F9DD5FD0380DA475F92A804A7
            SHA-256:DE72057E9A2E41290B8BB3B829B101F420477726E134069A2E0C33270DEF210F
            SHA-512:7862E0B67DFA761F45078813AEDF06C3C1D06545FA1E5FAB72F64F1FC0B2153444789D9AB3F599521AF89B3702E20D3DEC0CDEA42EB0ECF649755B03A215E0AB
            Malicious:true
            Yara Hits:
            • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.dll, Author: Joe Security
            • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.dll, Author: Joe Security
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0................. ........... ...............................R....`.....................................O........................)..............T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......P .....................8.......................................BSJB............v4.0.30319......l....:..#~..d;..dR..#Strings...........#US........#GUID..........#Blob......................3............................-......................=..\..=.....=...=............; ..2.; ..T.M.....m=....m=....; ..9.; ....; ....; ....; .. .; ..P.; ................};....};....};..).};..1.};..9.};..A.};..Q.}; .Y.};..a.};..i.};..q.};..y.};....};....};......[.....d.........#.....+.

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\WindowsBase.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):16664
            Entropy (8bit):6.726952486721783
            Encrypted:false
            SSDEEP:
            MD5:AF65B24620A1E57D5AF9C71EE3AD9587
            SHA1:32E842B3D79AF9B8076F807481A8FE37E5537037
            SHA-256:54123FC5B700ACA49B87F05A94C42D65F094EEB4EF450CD51FCEB73DB303FAB4
            SHA-512:CEE9E50631869F2D0976217BAE8A3CE78DFF933EC62A4D2D148C72631EC37746160D64EAA959246A5E2A4FF9AFA0186171EDA5972D3AA3A732ACF1F1CCE00A13
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...V1*..........." ..0..............-... ...@....... ...................................`.................................O-..O....@..8................)...`......x,..T............................................ ............... ..H............text........ ...................... ..`.rsrc...8....@......................@..@.reloc.......`......................@..B.................-......H.......P .......................+......................................BSJB............v4.0.30319......l...p...#~......8...#Strings............#US.........#GUID...(.......#Blob......................3................................................................................r.....r...Q.(...g.r...6.r.....r.../.r...L.r.....r.....r..... ...........u.....u.....u...).u...1.u...9.u...A.u...I.u...Q.u...Y.u...a.u...i.u...q.u...y.u.......................#.....+.C...+.Y...3.o...;.

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\clrgc.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
            Category:dropped
            Size (bytes):668456
            Entropy (8bit):6.597516519981948
            Encrypted:false
            SSDEEP:
            MD5:7C9621181833865B9B9A77A9D1A9C1E9
            SHA1:0527DCF29FA178949BF268C534FDAA1E7D4620EF
            SHA-256:9B254C85D28E19C39B1E12C041A24519BFC22F083BCCF0D0855866F57782CADD
            SHA-512:C41CD072C569A098C47DDD240C9928422F54D0641A78E936D710AF0840C3C4063C28C7558B985A74DD08D7AD8D79484E6AE0A567CE6C03BFE88AABB002B24713
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........xM:..#i..#i..#i.a.i..#i."h..#i.."i..#io. h..#io.'h..#io.&h..#i..*h..#i..#h..#i...i..#i..!h..#iRich..#i........................PE..d...g^.g.........." ...(............@................................................|....`A........................................p...d......................\F......()...........+..p............................*..@............................................text............................... ..`.rdata..............................@..@.data...............................@....pdata..\F.......H..................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\clrjit.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
            Category:dropped
            Size (bytes):1785112
            Entropy (8bit):6.5488066688404585
            Encrypted:false
            SSDEEP:
            MD5:CAFAB1FF05FF429BD46CB78B2FF8E9E8
            SHA1:E02B3B243B6993C0ADD46CAB15BBB6549C602700
            SHA-256:0DFE34BE78144CAD7DB5B66A7FCA3D86178EC0F353AAFBA6C81EB72E797E383B
            SHA-512:F19B60D26D784B2000E67A8698F8915EF623EEE074DAB9B853BA927A20FF11AB267C4BA385971620470987240263F917199E1424F3D23D263382163D66435639
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......p...4.~.4.~.4.~.=...8.~.D@..3.~.4....~..B}.>.~..Bz.$.~..B{...~.'Ep.L.~.'E~.5.~.'E..5.~.'E|.5.~.Rich4.~.................PE..d....].g.........." ...(.4..........PA.......................................p.......*....`A........................................p................@.......P..t........)...P.......@..p.......................(....?..@............P..p............................text....3.......4.................. ..`.rdata.......P.......8..............@..@.data....h.......@..................@....pdata..t....P......................@..@.rsrc........@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\createdump.exe

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (console) x86-64, for MS Windows
            Category:dropped
            Size (bytes):61800
            Entropy (8bit):6.349970742890166
            Encrypted:false
            SSDEEP:
            MD5:4A80E852AD189E7269B336BF031BECA3
            SHA1:197FA04A68FBBBEE806FF9880F4B849349F88A1B
            SHA-256:B24FD57EC86913EA7364FE7CC981946D7D45A23D9868530BFF394DA84557B71B
            SHA-512:76196E5A4D3B2FD8561A0F16136EF53F9848BC8FE336E482C981A891C1C3689620AE5737E414457678DDAE64F716F967EF12093CE0F04B2B829B67D53D44696E
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........................!T.....!T.....!T......V............S......Sb............S.....Rich...................PE..d....^.g.........."....(.r...Z......@/.........@..........................................`.............................................................................h)......t......T...............................@............................................text....p.......r.................. ..`.rdata...=.......>...v..............@..@.data...`...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..t...........................@..B........................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\hostpolicy.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
            Category:dropped
            Size (bytes):393512
            Entropy (8bit):6.331878832760126
            Encrypted:false
            SSDEEP:
            MD5:25FD4181AB8B572A1BBFBA2F4A9EC239
            SHA1:B834DFC4C908B3CB8D3FC40771E6D0E900C7DE64
            SHA-256:65D61078B6B97884AD09AA12DA97D96F50F7D98E6D163C926AE199F9BB58A3CE
            SHA-512:38B708595E5A91194FDB089AE56E4051841C27406F8E770BB720EE9A5D66E6FB1CE8599F224071C2C23D30D832315C2A51A532677F121B383547F149385D1246
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........g/.D.A.D.A.D.A...B.N.A...E.N.A...D...A.M~.V.A.4.@.A.A.D.@...A.W.H.Z.A.W.A.E.A.W...E.A.W.C.E.A.RichD.A.........PE..d.../a.g.........." ...(.8..........P........................................ ............`A............................................ ...0....................2......().......... ...p.......................(.......@............P...............................text...\7.......8.................. ..`.rdata..(N...P...P...<..............@..@.data...............................@....pdata...2.......4..................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\mscordaccore_amd64_amd64_8.0.1124.51707.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
            Category:dropped
            Size (bytes):1338384
            Entropy (8bit):6.3581682679559135
            Encrypted:false
            SSDEEP:
            MD5:51EE5E6865F0D6F5A9C3F08181E263D1
            SHA1:9C0745545DA0AFD24881529FD5062A4343AF7762
            SHA-256:6C52462719DC63E935B967F796DF5E4D91B07D85792529D488455BF5D5A6E6A8
            SHA-512:D27FA79335606B41BA49E1060288504688A118FC4852634FC4D03C2E453262FF5966D381C055428BF3E01ABB9CF980DABA2A91EDF46EE428A5AB30F28871F3D4
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........f!...r...r...r..r...rh*.s...rh*.s...rh*.s...r.(.s...r.(.s...r...r...r.-.s...r.-.s...r.-.r...r.-.s...rRich...r........................PE..d....\.g.........." ...(.b................................................................`A.........................................g..p...Pi.......`..........<....F...&...p..........p.......................(...@...@............................................text...`a.......b.................. ..`.rdata...............f..............@..@.data................^..............@....pdata..<............l..............@..@.rsrc........`.......$..............@..@.reloc.......p.......*..............@..B........................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\mscordbi.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
            Category:dropped
            Size (bytes):1241616
            Entropy (8bit):6.3502741331068
            Encrypted:false
            SSDEEP:
            MD5:546589C51162826DB43BA02DF92496A2
            SHA1:06F12A763CD7F73063179B5AEB537EA67FA6AE71
            SHA-256:A91540E748CBC2C44C091ED618C785A5400C27A742AA6C6DA4CF80923DB00F7D
            SHA-512:D038979709A1F829BFC25FD06A1F9E38AC99376E619BD31885B083B6ED862FA76743F1B15621D39865E67769AD2953CA2A9B093C1F4530250FCCF38B164CD3CA
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............c..c..c...p.c..C...c..C...c..C...c......c......c..c..<c.....c......c.....c.....c.....c..Rich.c..........PE..d....\.g.........." ...(............0O...............................................g....`A........................................P...`....................@...........&......p...@:..p....................<..(....9..@............ ...............................text............................... ..`.rdata..(.... ......................@..@.data........ ......................@....pdata.......@......................@..@.rsrc...............................@..@.reloc..p...........................@..B................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\mscorlib.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):59696
            Entropy (8bit):5.652717651829639
            Encrypted:false
            SSDEEP:
            MD5:52CFF557AED4CBD8D59B899A761B82BA
            SHA1:E99FE78B96578A4A8036A07D431A3EB21FFA83C7
            SHA-256:2F8E23C3566B02B2F9E0E1B86D6D81D3CE0DF06C5B9AEB68CEB66B6B152ED099
            SHA-512:ED9B3A1BBA91FDEADCCFBDD63F10B72915EEFEA182564A62C163C34A865F00AFE81B72DC32FB55BA4D97803222ED934FB92861B6E16A9A58E785FCD2BDF8D1E9
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...{\............" ..0.................. ........... ....................... ............`.................................q...O.......(...............0)..............T............................................ ............... ..H............text....... ...................... ..`.rsrc...(...........................@..@.reloc..............................@..B........................H.......P ..................... .......................................BSJB............v4.0.30319......l...$O..#~...O..(b..#Strings............#US.........#GUID..........#Blob......................3................................e.....b/........L%.O...).O....RO..EP.......+..:.:4..J$:4...&S0...+.O...%.O...(:4...&:4...":4....:4....:4..U&:4....:4.................N.....N.....N..)..N..1..N..9..N..A..N..Q..N .Y..N..a..N..i..N..q..N..y..N.....N.....N......R.....[.....z...#.....+.

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\mscorrc.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
            Category:dropped
            Size (bytes):137016
            Entropy (8bit):3.906071951546616
            Encrypted:false
            SSDEEP:
            MD5:01691B7E80FFFF518797EF61B1358FBD
            SHA1:E188AE3623E459AF7A84442DAFB01E4E65744383
            SHA-256:7D2F7896B52606E9C77AD2A21C0BB8E765D9AA7FD2DE471E90A204C99655B83F
            SHA-512:BD9F20B74585E658C08EF0712FC8278E2DA6DC32236F4E88D574F614C4E9E1181764D93B88C7FB78C8394817D514651AFBFBA8AB6FE97FE27A1C73AA89A3548B
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......)%=.mDS.mDS.mDS.~...lDS.~.Q.lDS.RichmDS.PE..d....^.g.........." ...(.............................................................b....`.......................................................... ..................8)..............T............................................................................rdata..X...........................@..@.rsrc........ ......................@..@.....^.g........j...l...l........^.g.........................^.g........l...................................RSDS.n.H ..O......j.....D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\dlls\mscorrc\mscorrc.pdb...............................T....rdata..T........rdata$voltmd...l........rdata$zzzdbg.... ..P....rsrc$01....P:.......rsrc$02....................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\msquic.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
            Category:dropped
            Size (bytes):538136
            Entropy (8bit):6.299714405457925
            Encrypted:false
            SSDEEP:
            MD5:027854570A4412624BECEE78A10395C1
            SHA1:6B0E6BC0CD97F2CAC1B962BE868FC7CB621D77F8
            SHA-256:2D67E87859ECAEB15C4DD621B0983F1A9AD3E2AA9B11624C018A43E6D6B06BEC
            SHA-512:8593D309434C7954AA42E5BD63F76A5BAE783C8F2130798EA285032C71F890C4C1783614597EE2BA3DA3294A68CE636EA2A9DCB21A858A840C8D8F6316928D65
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~...:..:..:..:..;..<U..%..<U..1..<U..*..3......q...?..:.....q...8..TU.....TU..;..TUj.;..:...8..TU..;..Rich:..................PE..d......e.........." ...&.@...................................................p......7.....`A.........................................|..h....|..h........@.......:.......(...`......0...T..............................@............P..h............................text...q>.......@.................. ..`.rdata...C...P...D...D..............@..@.data...............................@....pdata...:.......<..................@..@_RDATA..............................@..@.rsrc....@.......B..................@..@.reloc.......`......................@..B........................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\netstandard.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):101160
            Entropy (8bit):5.502135579975956
            Encrypted:false
            SSDEEP:
            MD5:937A6DCE409FE67D60722137A5E860EC
            SHA1:9DC0849E2164D7B25F7F0F6DC3B9600EC431E914
            SHA-256:F56C741CC18D17CB031A9CDEB3DE3C4662CF80CB65F434DCA5DF328AC682C5C1
            SHA-512:B5379A528CDCB6F55A85002D89FCA19B2C2BC9461647E3B81791D63E8F2E0227B22427CB2A60393F3A6FC9B1E407E23E2B22AF93C378A16D83B232CA2DE74D79
            Malicious:true
            Yara Hits:
            • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\netstandard.dll, Author: Joe Security
            • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\netstandard.dll, Author: Joe Security
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....}............" ..0..X...........v... ........... ....................................`.................................?v..O.......8............b..()..........hu..T............................................ ............... ..H............text....V... ...X.................. ..`.rsrc...8............Z..............@..@.reloc...............`..............@..B................sv......H.......P ...T...................t......................................BSJB............v4.0.30319......l...`...#~..... ...#Strings.....Q......#US..Q......#GUID....R......#Blob......................3............................P...,......H.........5....:....'...m......,.@..5#.T..P4.T...7.J...B....i5....u:.T..n7.T..&1.T.....T.../.T..(7.T...(.T.............................)....1....9....A....Q.. .Y....a....i....q....y..........................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\Accessibility.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):21288
            Entropy (8bit):6.549187010093034
            Encrypted:false
            SSDEEP:
            MD5:1BE3BDB5A7AE01DEE891AA1847F9674C
            SHA1:B51E7473645851DBCF86A3ED2B10D008D0FC89D4
            SHA-256:CA47C553BDE2C213D73F8F61FA3FD62AF9C0FEF68F8A5AE7DF8F97FEC483C786
            SHA-512:DE920AD1AEF6E017E8D29D75FEA74F383B338CD55076509F068E1086FC5B584E91D3CA3BFCC778A6534C5AFBF3B8DBE35243ABFEE40ADF06D3BD3735FAF0D826
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......g...........!..... ...........?... ...@....... ..............................W8....@..................................>..O....@...............*..()...`....................................................... ............... ..H............text........ ... .................. ..`.rsrc........@......."..............@..@.reloc.......`.......(..............@..B.................>......H........ ......................P .............................................o.y....C.Y*....W.......J..S^=H.7...U]{*T.+B>d.....y.Z..E..<H.42hw#...Z.`....I.#.....H.mo..)........L....T..%...m;..BSJB............v4.0.30319......l...,...#~..........#Strings............#US. .......#GUID...0.......#Blob...........W.........%3........!...........7...................t...3..................................... ...............^.?...y.r...........?...............-.....D.....d.....

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\D3DCompiler_47_cor3.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
            Category:dropped
            Size (bytes):4916840
            Entropy (8bit):6.398149817011711
            Encrypted:false
            SSDEEP:
            MD5:A7349236212B0E5CEC2978F2CFA49A1A
            SHA1:5ABB08949162FD1985B89FFAD40AAF5FC769017E
            SHA-256:A05D04A270F68C8C6D6EA2D23BEBF8CD1D5453B26B5442FA54965F90F1C62082
            SHA-512:C7FF4F9146FEFEDC199360AA04236294349C881B3865EBC58C5646AD6B3F83FCA309DE1173F5EBF823A14BA65E5ADA77B46F20286D1EA62C37E17ADBC9A82D02
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........|3..]...]...]..e\...]...\.5.]..e...]..wX...]..wY...]..e^...]..eX.y.]..eY...]..e]...]..eU./.]..e....]..e_...].Rich..].................PE..d................." ......8..........<).......................................K.....B.K...`A........................................`%G.x....(G.P.....J.@.....H.......J.h&....J.....p.D.p....................S<.(...pR<.@............S<.(............................text.....8.......8................. ..`.rdata...F....8..P....8.............@..@.data...`....@G......@G.............@....pdata........H......@H.............@..@.rsrc...@.....J......@J.............@..@.reloc........J......PJ.............@..B........................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\DirectWriteForwarder.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (GUI) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):497928
            Entropy (8bit):6.798016576675432
            Encrypted:false
            SSDEEP:
            MD5:03B64A13771898736B4A1FFF03936C73
            SHA1:7856776ADA449B2C673A9F664A459DE7D4F3ABFE
            SHA-256:04708FAE22D33DACB6848B684076423CECB482A8BBA5A6E7ACE831AF8D71181D
            SHA-512:599BD1FF53A8B30BD15E3AFECD997911C9910D191C851B2F6B351553C0E3164402DD5D60C297635BDBB0AC06FCB90996AFBE22C58E80615AA417ABF57FD64A29
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......g.........." ..... ...@...............................................p.......2....`...@......@............... .......................................o..T$...p...)...`.. ...8%..................................................................H............text............ .................. ..`.data...B*...0...0...0..............@....reloc.. ....`.......`..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\Microsoft.VisualBasic.Forms.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):248120
            Entropy (8bit):6.375360725375493
            Encrypted:false
            SSDEEP:
            MD5:8EE5761329340A24421243CA8D145668
            SHA1:3177256BB50D9FF0299A5C608DA74299BCDFE494
            SHA-256:685C2B2676F712C4679D53EDE6CE0F777FD6C902206C0CE26016D6FF93285A4B
            SHA-512:B3713FC18A06BCC511D19C6CF30752EB722B0E6DD903A462FC132D68210D19A3256B33B651F98600073151B2A0B12CC1ECA66CA31EB95CE45AD9545C38EDA527
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................" ..... ...p............................................................`...@......@............... ...................................... [..........8)...........#..p...............................................................H............text............ .................. ..`.data...NX...0...`...0..............@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\Microsoft.VisualBasic.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):19256
            Entropy (8bit):6.538210673272441
            Encrypted:false
            SSDEEP:
            MD5:8A8A72CF1DB2F7562EBB3C2D6F82D48B
            SHA1:F48C9FC34680C59AE51D6D9D526B9531DD290B87
            SHA-256:19C60536ABB87F32D4CBEFB04573D30C6C57E7DB9ABD5E71635CF16B564999DA
            SHA-512:A937C88F42D9C3807B1F2A57D0230738D49E4C7B148ABAC265DE12DCE9FA4480559159D702D97BFE3E0CA5B898E3270883541CDAB6F240190BB4F0CB96462483
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....,............" ..0.............n7... ...@....... ...............................o....`..................................7..O....@..............."..8)...`......t6..8............................................ ............... ..H............text...t.... ...................... ..`.rsrc........@......................@..@.reloc.......`....... ..............@..B................O7......H.......P .......................5......................................BSJB............v4.0.30319......l...H...#~..........#Strings....4.......#US.8.......#GUID...H...\...#Blob......................3................................x.............................%.........*.....C.......(.....(...E.(.....(...`.(...}.(...,.(.....(...<.(...q.......0...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y...............................#.....+.5...3.

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\Microsoft.Win32.Registry.AccessControl.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):35080
            Entropy (8bit):4.657655761589639
            Encrypted:false
            SSDEEP:
            MD5:F59AB424A5833904EF2B94C3D5434066
            SHA1:195F50A2BDD5CD65EE41A461036EFD6670BDBAE6
            SHA-256:4CA6C832BF85E3626AB2DE7B03A3CBB9598EE2209F1AE107402B234D26B77475
            SHA-512:8ED16507E0046922CA7BE608289B6E50FBA6DDB68597E796FDE8C9CD6FBE2AC42BA6624DA84946E165A8A27F1BDBA05D0BFB8D4A4CAEC9BD6DA361D7DD2C4885
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....l"..........." .....0... ...............................................`............`...@......@............... ..........................................0....`...)...P..........p...............................................................H............text...x&.......0.................. ..`.data........@.......@..............@....reloc.......P.......P..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\Microsoft.Win32.SystemEvents.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):96520
            Entropy (8bit):6.258135074246479
            Encrypted:false
            SSDEEP:
            MD5:5C73CCBD3CC6F43609B12CE9372FC23A
            SHA1:B218BD86675D7AEC93F50EAAA3A9507A41CE3C18
            SHA-256:3C0CE16C85494D232CD6E90A4198D5DE7AEF9BA55AC31FCBE3E47CBD2F007597
            SHA-512:9857A6A755BAD1CDEFC2346B35B1EBF0BBE269B1316CE12BE71B064438F930B465660066CA27EB70222989EB7C06E27A3FBFD3B13C63933CA8827FC3FE2CD502
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....t............" ..... ... ...............................................P......7.....`...@......@............... ..................................d....(.......P...)...@..8...8...p...........................................................h...H............text...^........ .................. ..`.data........0.......0..............@....reloc..8....@.......@..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\Microsoft.WindowsDesktop.App.deps.json

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):31122
            Entropy (8bit):4.254451234672951
            Encrypted:false
            SSDEEP:
            MD5:992410D257B874C5C051E2F936AEFFC9
            SHA1:A7A5FC5AF900B0F2882E66B5906AC4A9F9126969
            SHA-256:2AC7D9610CC2E21697B8669EF104685F3D54D86133B3A487C3B0FE8AC2C95799
            SHA-512:AD5D31431216D53CD0D56F30D061BE31FBF664DD7C222FCD74EB7F3EF3125DD74B7FE916A8C718D04084D5542242FE413DB402E18A70E6A4541E0D3C7AAEBA34
            Malicious:false
            Reputation:unknown
            Preview:{.. "runtimeTarget": {.. "name": ".NETCoreApp,Version=v8.0/win-x64",.. "signature": "".. },.. "compilationOptions": {},.. "targets": {.. ".NETCoreApp,Version=v8.0": {},.. ".NETCoreApp,Version=v8.0/win-x64": {.. "Microsoft.WindowsDesktop.App.Runtime.win-x64/8.0.11": {.. "runtime": {.. "System.Diagnostics.EventLog.Messages.dll": {.. "assemblyVersion": "8.0.0.0",.. "fileVersion": "0.0.0.0".. },.. "Accessibility.dll": {.. "assemblyVersion": "4.0.0.0",.. "fileVersion": "8.0.1124.52103".. },.. "Microsoft.VisualBasic.dll": {.. "assemblyVersion": "10.1.0.0",.. "fileVersion": "8.0.1124.52103".. },.. "System.Design.dll": {.. "assemblyVersion": "8.0.0.0",.. "fileVersion": "8.0.1124.52103".. },.. "System.Drawing.Design.dll": {.. "assemblyVersion": "8.0.0.0",.. "fileVersion": "8.0.11

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\Microsoft.WindowsDesktop.App.runtimeconfig.json

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):183
            Entropy (8bit):4.514539177953965
            Encrypted:false
            SSDEEP:
            MD5:028F89BDFB171F8340D81E8B3BB788D1
            SHA1:8A52327E9E0CF99625657EFB5163A7DCD99993D0
            SHA-256:CE46B49660D2E25BDB86AD9D66194DFDCAA2594329CAA54A35A12EDC5DD45461
            SHA-512:E922060327113AC783BE2A36E912ABACD0B4BBBE0718266AF9B950FB5EEA2AD4454EB44D365EFB8252716F5490CD2ECC47CA60AF2440F69038B525E54D5DDD9C
            Malicious:false
            Reputation:unknown
            Preview:{.. "runtimeOptions": {.. "tfm": "net8.0",.. "rollForward": "LatestPatch",.. "framework": {.. "name": "Microsoft.NETCore.App",.. "version": "8.0.11".. }.. }..}

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\PenImc_cor3.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
            Category:dropped
            Size (bytes):157960
            Entropy (8bit):6.159623513096761
            Encrypted:false
            SSDEEP:
            MD5:D7FADA3E8981B4F890D833705E1D2E57
            SHA1:16336D145FFFA9909BF168184AD91A7A736823A0
            SHA-256:AD5F27ABE1FC1CC0E055EDE3EEDE4EEDB610AD24E2D8865B3D8E92780D2CE562
            SHA-512:959DCC645616AB1C4C0D6CFDCEF56D2B84F6E8AB5060EA59A98756D1B1F5BE0CAEAAC85221C0749364C2B2AE0966A420C7B4206045210D37B4C8C6B9A6068F67
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........h...;...;...;._;...;.H.:...;.H.:...;.H.:...;..:...;..:...;...;k..;BH.:...;BH.:...;BH3;...;..[;...;BH.:...;Rich...;................PE..d...&..g.........." ...).H..........p!....................................................`A.........................................................P...,...0..8....@...)......8.......p.......................(...`...@............p..h............................text...,D.......F.................. ..`.orpc........`.......J.............. ..`.rdata......p.......L..............@..@.data...............................@....pdata..8....0......................@..@.rsrc....,...P......................@..@.reloc..8............:..............@..B................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\PresentationCore.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):8542520
            Entropy (8bit):6.777737384095459
            Encrypted:false
            SSDEEP:
            MD5:387C46CB98DEA36D68CF91E0B3FE0F59
            SHA1:FE07857D156CA667D67B2329D25E6C8D8F12E747
            SHA-256:6E08A42418BDE7132B0C7708D4A1AD3583DBCE200CFA2B4A5178A1557451A7FB
            SHA-512:16C892DD9D592049D7F039C3D56176E738DBCD8BB1683F8EABE35D0561E4F72EFA2DCD4EC49B4753185DA3E7B264E3E5CBFCECC8A5CCC388997CC73133930AED
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................" .....p{..................................................0.......I....`...@......@............... ..................................P...l...h9...0..8)..........x..T...........................................................P...H............text....i{......p{................. ..`.data...w.....{.. ....{.............@....reloc.............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\PresentationFramework-SystemCore.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):39176
            Entropy (8bit):5.165843935981942
            Encrypted:false
            SSDEEP:
            MD5:C440D9D28DBD8046509B05A7F14651E0
            SHA1:23B33C7C2A6CC0F488A1C48153A59015EF5AC40D
            SHA-256:6A589D37966EBD20A83CD939C3594B58C21EF266E80BB2498B311C37F039184D
            SHA-512:315FB5C773433512E6E74F50B843CA37A95AE58155A6C36FE421AAA023006AF854E83D17EA9A0C324DAC68344083DB55527EFD47010D2A1F4A7AAA464D295424
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....o............" .....@... ...............................................p......2;....`...@......@............... ...............................................p...)...`..|.......T...............................................................H............text....7.......@.................. ..`.data........P.......P..............@....reloc..|....`.......`..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\PresentationFramework-SystemData.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):35096
            Entropy (8bit):5.083914546777479
            Encrypted:false
            SSDEEP:
            MD5:9F969E9EF0E3909CF96B0FC192EF055D
            SHA1:07725A12C138F6DD3B60BBCA66669CDB56821197
            SHA-256:7BF49779033BF5761125189F42A48D90D4CD7DA64B1E0018703309B87B85FDC4
            SHA-512:82BD9699B2E862B2824F3A092824C16EE54D8977CF0ABF110B374D812D2CF72508F9D5A44E4DA7BCC9F3D08774F7B2A9C72ABFBD1A1CE681E298EE0B8413372D
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....KR..........." .....0... ...............................................`......1O....`...@......@............... ...............................................`...)...P..|.......T...............................................................H............text....*.......0.................. ..`.data...c....@.......@..............@....reloc..|....P.......P..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\PresentationFramework-SystemDrawing.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):35088
            Entropy (8bit):4.87663598711105
            Encrypted:false
            SSDEEP:
            MD5:346DE6DEA75F29E413FD9C066E3133D9
            SHA1:6B7AE31DC6A2AB24ACA0A2F004A876EB4B59EA49
            SHA-256:A98E7C68CBDDA25ED8AF4CFB3A706D12690966816E8F36E6FDD80E5C2535D276
            SHA-512:624B548780937326A21D8364A4AFC3846DF2B76E336AF07BD38DB93FC32D7CF5491220DDCB97A645AEEA72464ED06F5C485AD760CC9FD9E4D1CDD421B170259B
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....X..........." .....0... ...............................................`............`...@......@............... ......................................l........`...)...P..t.......T...............................................................H............text...?&.......0.................. ..`.data........@.......@..............@....reloc..t....P.......P..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\PresentationFramework-SystemXml.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):35128
            Entropy (8bit):5.090440766326214
            Encrypted:false
            SSDEEP:
            MD5:B6E02EDEBF595E7DD6720940B859AB8B
            SHA1:A129DC264F0D35FF60CEA25BBC6841EEFABF0380
            SHA-256:0A706294C1FDA2A032B3F9B36BFA2598037DE55BAAC9500B8082E59879EDA13D
            SHA-512:841BFB0E926868536DAF2629AF09928701806FAD173EB205DE228ABA0EDD303FEF6B00C839265DB87474DE398F8D8DBDCF56DDEE2A0F6878E3C6A4F1457CBE78
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .....0... ...............................................`...........`...@......@............... ...............................................`..8)...P..\...x...T...............................................................H............text....+.......0.................. ..`.data........@.......@..............@....reloc..\....P.......P..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\PresentationFramework-SystemXmlLinq.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):30984
            Entropy (8bit):4.685919675494171
            Encrypted:false
            SSDEEP:
            MD5:2A81D19529D85EAEE32F47B5D6D0BB8C
            SHA1:A10BAFDF79ADB022CF2A9461B75BF4BA74F69C62
            SHA-256:F152525FC4C97B8CD9E90757C2F6994773B5C403E739F7208D86AEAEF2424CEB
            SHA-512:FC41AB5F3CE69A3B12A841C2655E4918E312B0308DA56A8A81F0EB9C4054D03DD1F26A71784277CA31C9A9853D15250C0881498E35AED54F816CC0054CE439A4
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...<.^..........." ..... ... ...............................................P.......*....`...@......@............... ......................................t...H....P...)...@..$.......T...............................................................H............text............ .................. ..`.data...2....0.......0..............@....reloc..$....@.......@..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\PresentationFramework.Aero.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):444728
            Entropy (8bit):6.441544109780686
            Encrypted:false
            SSDEEP:
            MD5:F3F72C09DF03EF2C1DFC0E1F7F824CC4
            SHA1:3AF42A62678D55B981C1A35DC9729F29564EB4A3
            SHA-256:B46E827DA11D413F6D90060118F2EAC18F8BDF321D3A9C75993F21FDD582B042
            SHA-512:F0693C6CAC6367F3006143B7C8C1C1083926E6DA37071793C5A0B3E1D21FA53F1B41C7A8212EACC21A9F2B8C904A18D242D65160C8EB944C917BFADFDC54AF39
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..._............." .....P...@......................................................Zz....`...@......@............... .......................................`..........8)......L...x...T...............................................................H............text...QE.......P.................. ..`.data....(...`...0...`..............@....reloc..L...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\PresentationFramework.Aero2.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):448784
            Entropy (8bit):6.4748385158021176
            Encrypted:false
            SSDEEP:
            MD5:58B890E2A2552236199BC5CAD2B5803C
            SHA1:4C9B738B52A8EFE711433693771CF4762551ECEC
            SHA-256:78431E4C00F2A1D85A30621AB19FABF7B6B38AC6A05BA8F35B13C31784ADDF55
            SHA-512:05306EF59BF96AD95003765A5AADEBAE8282D2E3A704EB0579A8FC185ADE45567C1C08FD91D8FFF625C88CC8BBBEB65049E1D300CBA567D7741ED659B6E01441
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...YF..........." .....`...@............................................................`...@......@............... .......................................`...........)......L...x...T...............................................................H............text....].......`.................. ..`.data....(...p...0...p..............@....reloc..L...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\PresentationFramework.AeroLite.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):239904
            Entropy (8bit):6.273268718932052
            Encrypted:false
            SSDEEP:
            MD5:E778DFC00E96993DEFFAA9BF9093447F
            SHA1:DA31DA9971B878E58A6608F66C580D65C6A6164F
            SHA-256:31D2FA5CF40A260B6D5362734BAA7BC81D332F479423C63E5308907EA0D95B3B
            SHA-512:AA90A8F31FE6B5EC50348F2AFBB196B8CCC32C3B0C90E28AF9BB1B27C097D66642F7F1A1530091F67C23DAB1D2C7CA715C4AB3CDB7BD4018A95580ACFA12FFD4
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .....@...0......................................................'V....`...@......@............... ......................................,+.......... )...p..T...X...T...............................................................H............text....1.......@.................. ..`.data...7....P... ...P..............@....reloc..T....p.......p..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\PresentationFramework.Classic.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):272696
            Entropy (8bit):6.428416039631875
            Encrypted:false
            SSDEEP:
            MD5:2C7F89018D58DB883F980F1E1CCD613A
            SHA1:A7E74D4223A3589E0B77A83FD4B10703DAD665A9
            SHA-256:7F85F0E9DF8D3C7F65086CEB5F019EEEF3759732D4BBF508F1B841B361FEF133
            SHA-512:1EB22247B29A9272F307DEDB3D287CC8743B01C2C15F20E3C4272E8BBABD739814D4810909EB6F40BCC081F6C57D5ED09C1E1009618A1FECAF82695CB5ACE4AB
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....y7..........." .........0............................................................`...@......@............... ......................................|4..........8)..........h...T...............................................................H............text............................... ..`.data............ ..................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\PresentationFramework.Luna.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):670008
            Entropy (8bit):6.4327209438895885
            Encrypted:false
            SSDEEP:
            MD5:2E74CC4B7E4F030D1CC8D704A0CBBC5A
            SHA1:65DAF984B2EAF7D0FED88FB6EB5E26F6100468EE
            SHA-256:F3AF7D7613C59A132546EA5470AD114A1BB7164A5C7032D2E89CDBF76EEE4D8E
            SHA-512:1F6D490931EAF01F722F46F354BFD3F1600B950E024F7543A92DD4988821BA3F0C165D41211592C1973F95780DF00E13A08C36BDA0C11B12EB0668A50F27DFB4
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...P._..........." .........@............................................................`...@......@............... .......................................R..........8)..............T...............................................................H............text.............................. ..`.data...j%.......0..................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\PresentationFramework.Royale.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):334104
            Entropy (8bit):6.391193013859732
            Encrypted:false
            SSDEEP:
            MD5:324D0511D5C9D11AB280D9CB389081CE
            SHA1:83B347C73F0C8E6F77A7C60ED0931495306CB078
            SHA-256:263AE84F12763565854BA0B5D6DC9EF18B06C8DE91B70B61FE3B0AD8153C87A9
            SHA-512:F7C14915CE2539041E14E5FE492FC8677A8BACF64324CB0E588DBB1033B376D5EE61641ECCE11727085486547100508CD170DC2D6B038F4788E4A63B4611872B
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...|*,..........." .........@............................................................`...@......@............... ......................................dI...........)......P.......T...............................................................H............text............................... ..`.data.... .......0..................@....reloc..P...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\PresentationFramework.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):16124216
            Entropy (8bit):6.814476137450262
            Encrypted:false
            SSDEEP:
            MD5:6735155439520F4D921DB5E4E404686A
            SHA1:E4531189A7D56B0613AD0C3F2B055A8518761A30
            SHA-256:8A9662AD0E8BD18108B54C2AC3F9AB78A10D2F97EE6DCF96A8A8E6FA0F9BA4CC
            SHA-512:857FF8B19560E054436ABF6E7A35938446AE1142F28BE060661CDC46FD101BC5B0EB014038ABE668BFF14DBD873B722F4946F1D97ED2B601D2BDD1D5D8C76026
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." ......................................................................`...@......@............... ..................................p........$......8)......./...j..T...........................................................p...H............text...^........................... ..`.data....... ....... ..............@....reloc.../.......0..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\PresentationNative_cor3.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
            Category:dropped
            Size (bytes):1237280
            Entropy (8bit):6.162110099362256
            Encrypted:false
            SSDEEP:
            MD5:1B7E26A5178D7E80EF9B5D1BF0C53763
            SHA1:F3CACDE5660E6DB3B96A19032707326434C4A1DA
            SHA-256:66E5D8D49F9645FD67C12324E0E947B8646779B502A3BC475E3A3AEB650E20BB
            SHA-512:BEE9C66DBCE0E9AB4AC06B5AA3A01E4FD33475A1BE74D92DC9A75C2A3CED6B441F8A76747F3CF09913E38BEAE055FA277C55267353CDA97ABD018146E7355B89
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......cC.l'".?'".?'".?.ZE?-".?7..>.".?7..>-".?7..>.".?3I.>(".?'".?H".?J..>.".?J..>&".?J.)?&".?'"A?%".?J..>&".?Rich'".?........................PE..d...~..f.........." ...)............0................................................e....`A............................................\...,...................`....... )..........`...p........................... ...@...............8............................text............................... ..`.rdata..............................@..@.data... ...........................@....pdata..`...........................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\PresentationUI.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):1288504
            Entropy (8bit):6.742425820701077
            Encrypted:false
            SSDEEP:
            MD5:F7183FDCE8CB0C87634A7B06FCD342ED
            SHA1:AF18D73AA328F07B6E4203BBA19CF5739A0BDD24
            SHA-256:0685950A665918C3BAB03FCBCA3B2225B4D89CA767B36933D95916109DC0AC2A
            SHA-512:CA61DF929D94BB821B0A8B60A72F89332D8758D280B9C953509E0246666D15DD608E19DCA8FFE9306EECBE8D855FC4FA88E44DF3BECEB64B0992845F51B12498
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .....`................................................................`...@......@............... ..................................@........B......8)...`..L....<..T...........................................................@...H............text...a\.......`.................. ..`.data........p.......p..............@....reloc..L....`... ...`..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ReachFramework.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):1603880
            Entropy (8bit):6.681021604686104
            Encrypted:false
            SSDEEP:
            MD5:CBA504652D0B8C7A9A27E95C2FB29ECD
            SHA1:7589D299DF2E85888C9C52A9E80CEAABE874075D
            SHA-256:3A3E191D33344A61230491EA53D5D5D43C9CE0A28F5B1F33FD191ACA1DFC63D3
            SHA-512:8F9ACB321443DC63FEA21FD8DF237537C870AB14C831A5A244722BF90A1B01A124EB91A4B7675C59EE7A79D4AF3EEF8422A9E3C624F3410EC7170329B0614803
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....^............" .........................................................P............`...@......@............... ..................................@...........P..()...0.......j..T...........................................................@...H............text............................... ..`.data...Mg.......p..................@....reloc.......0... ...0..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.CodeDom.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):489768
            Entropy (8bit):6.543289084686657
            Encrypted:false
            SSDEEP:
            MD5:23306836A578995369D9E3B20160162D
            SHA1:AEF3D43E061951D0E378DCE1F78BFD850B31C746
            SHA-256:78C196B3FA9D47AFB4271D649AFD4C5ECE8A11F8D98AAB20EEB757A93E584DF6
            SHA-512:BFF0F91D683AA1F062185D10A6E5D0D5DC09A7ECF786584D011338708A19A5D0CE67BE6AAACCCA123122EBF196A99C6D7DF4FA76C4229EFFCF2433AFE0AEADAA
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....&..........." .........................................................P............`...@......@............... ..........................................E...P..()...@.......2..p...............................................................H............text...I........................... ..`.data.../k.......p..................@....reloc.......@.......@..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Configuration.ConfigurationManager.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):1075512
            Entropy (8bit):6.617007995656606
            Encrypted:false
            SSDEEP:
            MD5:667ABF24A7F5787E91DF99F5DA3BAFAF
            SHA1:7EA95382812599C612E8000730DC87BF83C5C5E8
            SHA-256:14DFD86771CAB7F1109AA724FD78468ACD66546E6FD4EDB42A2FFD178B5FA1CE
            SHA-512:34C93DB1901A407582E763A02993A6AAB34839213BC0AC4666BB4F1CBAC704532DF01EE6A6368345C23AD8DE08731A049423896EAF2F7E1DA8181E227ACE7C33
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...Uy............" .....P...................................................@.......(....`...@......@............... .................................. ............@..8)... .......K..p........................................................... ...H............text....B.......P.................. ..`.data........`.......`..............@....reloc....... ... ... ..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Design.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):22320
            Entropy (8bit):6.402514096733514
            Encrypted:false
            SSDEEP:
            MD5:9E34EDA0CAB3A99CF19E8FAA1D4FA6AF
            SHA1:B5082B4B0C4F707ABB1866AF426895CD817F088D
            SHA-256:B09F28EE80F6013C41AE55BF17E108D3B5472082107281BE52D67997FDE4F98E
            SHA-512:95FA1612C4631D72DBAA80773BF8304D47608BD65AB9A03AFB678D00152963255A5F059956E21DCAB5D637BD990A0286CAE02AE3948FE00F828E35F725BB2FA4
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...D.k..........." ..0..$...........C... ...`....... ...............................d....`.................................gC..O....`..H...............0)...........B..8............................................ ............... ..H............text....#... ...$.................. ..`.rsrc...H....`.......&..............@..@.reloc...............,..............@..B.................C......H.......P ..."..................PB......................................BSJB............v4.0.30319......l...P...#~..........#Strings............#US.........#GUID.......`...#Blob......................3......................................:.........E.a.....a...^.A.......................P.....P...~.P...(.P.....P.....P...e.P...r.P...".P...<...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y...............................#.....+.>...3.

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Diagnostics.EventLog.Messages.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):801072
            Entropy (8bit):1.7804309671386955
            Encrypted:false
            SSDEEP:
            MD5:2FDFA0BE3629B2A6224A23705C970FB4
            SHA1:89B9E33FD8ED322CEDDEE7B65DEC19ED198F52E4
            SHA-256:76D31585D776808E78B96E781AB35E73785EB93A8B24D1C8181A9F255049138B
            SHA-512:9E9EE575559AF681632259CBD3372F94FD1A503C8E1E43DF51B30B811DA63CB7CE7D3B5BE81EA9D123A2037249E5D9400077C9143DFF41DFFDD4591180EAD628
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...U6............" ..0.............&)... ...@....... ..............................4.....`..................................(..O....@..l...............0)...`.......'..T............................................ ............... ..H............text...,.... ...................... ..`.rsrc...l....@......................@..@.reloc.......`......................@..B.................)......H.......P ......................H'......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID.......`...#Blob......................3..............................................-.....-...0.....M.................R.................h.....7...........[.....x...........D...................................).....1.....9.....I... .Q.....Y.....a.....i.....q.....y...............................#.....#.....+.....3.X...

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Diagnostics.EventLog.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):387336
            Entropy (8bit):6.563123248397923
            Encrypted:false
            SSDEEP:
            MD5:CA2396057B4C77D8FE6345236EA9DAAD
            SHA1:21A9812B6EE212A54E3814E6D641A947E2695B3C
            SHA-256:C8E7E5FFE3A9A09AF38DDB20148A946CB89EB72C70D43BA5665F34BBBB79BA8C
            SHA-512:801969AC5EB2F5AD9410484B061E40E728BA0C3F514C20C4A2B87C6845B0EDC3FE65B86095714E450068C75038226D51ED965CDD90281544A184B362E7434DA9
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .....P...`............................................................`...@......@............... ......................................L....%.......)......D....&..p...............................................................H............text....H.......P.................. ..`.data...hH...`...P...`..............@....reloc..D...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Diagnostics.PerformanceCounter.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):289056
            Entropy (8bit):6.546236808648804
            Encrypted:false
            SSDEEP:
            MD5:C3EF206250D124436762218A78C9F924
            SHA1:42D8BF5B0B35BEE16F2B9EE5C0DAF3C110481377
            SHA-256:ADDBC1E3DBF1909BF4241C3F20A800C62EEB88DB625C38B3473465434EB2F98C
            SHA-512:26AD9545A7644AEABA9B59CFCE9876F6837C0F9533285FC20D30063EC22F9A40B2C220535122818419070EB8B2DA61E9506FFA207D049F8E04BF78BB809D9CCA
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....m............" .........P...............................................@............`...@......@............... .......................................l.......@.. )...0.. ....!..p...............................................................H............text...D........................... ..`.data....;.......@..................@....reloc.. ....0.......0..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.DirectoryServices.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):1046808
            Entropy (8bit):6.687049724713412
            Encrypted:false
            SSDEEP:
            MD5:D54589AB8A3A360DC0259EEE18D8BEE8
            SHA1:5AF7D8A480DA267FF2031CDE2162E7210978501D
            SHA-256:7E82B794E7984E3F28577E575BB5DB8A93ED58F5830C382DEA3D535F6B93EE59
            SHA-512:11F8BE9BC04AD87BE9DD315087FB7372274565FB362572454F7D3372668FF833114E4B296713752A83FB2FE6590832FAF273D134421A690FAA55E4A790642925
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....k............" ......................................................................`...@......@............... ..................................|.......$f.......).......... G..p...............................................................H............text...9........................... ..`.data........ ....... ..............@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Drawing.Common.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):1530152
            Entropy (8bit):6.603277800750264
            Encrypted:false
            SSDEEP:
            MD5:410FAD2CD01E775423FB847EC280E424
            SHA1:D548D8496CD962F4EB72C0AA06255526DA300315
            SHA-256:2B146C28CDC81EF088C5382DA4209F86E44668514627034FAD85486EA5DDC74F
            SHA-512:3D0A445C00E452D64408F4D8F7D3D5C2B046CF22A451DC51D485079CE4A2606310DFE763C13BFF2A2E7E949F137477BEE27E7E80134B39B849BD2593A222DC77
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." ..... ...................................................0......u:....`...@......@............... ......................................,...p....0..()..........0...p...............................................................H............text............ .................. ..`.data...g....0.......0..............@....reloc........... ..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Drawing.Design.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):15656
            Entropy (8bit):6.807602341351472
            Encrypted:false
            SSDEEP:
            MD5:61453F8CD7847070B79449FF8E727C40
            SHA1:CE6BCF4DC52A41F24A4FEF09FC7FF83C25E343AA
            SHA-256:1C790D7DFFDB9A13AFC8C40BE17B27A9F5170EE2A326C8942FB32B60D57F15A2
            SHA-512:0971CD9D227FD72B9DF6952D6F7F3B88F42C6C9A87F1A79B61271738350D6E7896762E2A22B42D8F3EB0973DDFA142DDA3CFE7FCA7EB126201DCB112E6CC2FA1
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....w..........." ..0..............)... ...@....... ....................................`..................................)..O....@..................()...`.......(..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P ......................l(......................................BSJB............v4.0.30319......l...$...#~..........#Strings............#US.........#GUID.......h...#Blob......................3................................................5...........U.........................&.....&...n.&.....&.....&.....&...U.&...i.&.....&...3...................8.....8.....8...).8...1.8...9.8...A.8...I.8...Q.8...Y.8...a.8...i.8...q.8...y.8.....8.......................#.....+.>...3.

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Drawing.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):21800
            Entropy (8bit):6.346911052806656
            Encrypted:false
            SSDEEP:
            MD5:391B2342855CA46BC58DF5D2299E0EC8
            SHA1:12917A467CA35694037DA85B114537C8871329F1
            SHA-256:6AFD91B2AD9C8C2C20F780012E7505CB5912CDE31DCCCAA919CB17797789E4A3
            SHA-512:CE17FFC554C75999FB78D78E48A6AA49B3BEA4607853E204D4C4573AB7E4A09EB9324EAF7983E421301A32AA45CAEC79A567F08621EBE58503821B8B042D2ED3
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.."...........@... ...`....... ....................................`.................................U@..O....`..X............,..()...........?..8............................................ ............... ..H............text.... ... ...".................. ..`.rsrc...X....`.......$..............@..@.reloc...............*..............@..B.................@......H.......P ......................<?......................................BSJB............v4.0.30319......l.......#~..<...4...#Strings....p.......#US.t.......#GUID.......h...#Blob......................3..................................................................&.....".:...;.:...............'...........X.....u...........................................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y...............................#.....+.G...3.

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.IO.Packaging.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):293168
            Entropy (8bit):6.350845779242269
            Encrypted:false
            SSDEEP:
            MD5:84210178469BACF943DC254635D69531
            SHA1:94528463402EA1966448F27EA1A2F2E322B98048
            SHA-256:D858BE59D3D2EB100BA1D963CBFF906FF542EC3501A5921C34F59C04CB78E2DB
            SHA-512:5E54B901BB96F8C7DC69A0743D51E18C38ED48054F3B2F9E3F5E3FDD8D9A6C2C2E305ECC00821DB8830E995B387059DEADF2B647C0230E126B5AFC7958F0D75B
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....F..........." .........`...............................................P............`...@......@............... .......................................a.......P..0)...@......P$..p...............................................................H............text...Q........................... ..`.data...\O.......P..................@....reloc.......@.......@..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Printing.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (GUI) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):964888
            Entropy (8bit):6.5632484028499025
            Encrypted:false
            SSDEEP:
            MD5:A9044F1C09D0AFA04AEF35DADC7ACE87
            SHA1:6BC5ACDBB6B54F5471252F78C4FB67B45816E328
            SHA-256:6BD48D888F08A4FF0F50CE91D7D6C34102D2B9D666CDA8507D229F51D1D31443
            SHA-512:3D0ED06E7CB876A14D11CCC26718F61555D5833E8B0945BCB08F5588B383B43AC39241E33AA9DE42F9D8D6A1F8873623BBA198BBCE34F63FE313A97205E26FBC
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......g.........." ......................................................................`...@......@............... ..........................................4w.......)...p..@....C..p...............................................................H............text...o........................... ..`.data...P...........................@....reloc..@....p... ...p..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Resources.Extensions.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):137504
            Entropy (8bit):6.1471558414227365
            Encrypted:false
            SSDEEP:
            MD5:08FCD54AD4138EE5E62021B2425CE445
            SHA1:F948805EE11C86177C91900C61E58FE5735F0709
            SHA-256:9D5B00BA7B143C10BB7F316780CB86F6CAF930884BB2BCD73D0012B2D0A2113A
            SHA-512:32AC3844D02F49130CD81BEBCC1B873BAA4BFAFB1215DDBE54FBEAE4F4A28A263A69E7E37B1E79F8B0930B581CEFBF0F3E79051BAF3561C61E9269CB55F5146A
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...4@............" .........0............................................................`...@......@............... ..................................T...L5.......... )..............p...........................................................X...H............text...+........................... ..`.data............ ..................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Security.Cryptography.Pkcs.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):760072
            Entropy (8bit):6.636989340080861
            Encrypted:false
            SSDEEP:
            MD5:6055FB236B25B4F4D4AF6A323D4EFEB2
            SHA1:406E06FDE0CE408A16BED8FA58CFC6B76B4C89A0
            SHA-256:CF36A9DB83255969DFB2B576C26AF517898492F0277CA73C6749863F378A572E
            SHA-512:F234047A7E789C344A7AF3EB49872C618D397113C609FC5C02DC716ABA3E8F5B74E0E89EB2D5B46BBBC247F849E09DFAAD3C4196C5EDDC6DBBA2103BA414D599
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...VuK..........." .........................................................p............`...@......@............... ...........................................;...p...)...`.......:..p...............................................................H............text...:........................... ..`.data..............................@....reloc.......`.......`..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Security.Cryptography.ProtectedData.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):55600
            Entropy (8bit):5.61088610611008
            Encrypted:false
            SSDEEP:
            MD5:A3CB2A8A61E3A1005AB022533775D691
            SHA1:0FD1FCF02AAE83C1255A021EE77C7FF00CFD039D
            SHA-256:746884351C5C6440DF0DC91B33766B58E5C7B4844421A365E306BBE01801B452
            SHA-512:B5453F8987B2DFAF0C49C1B940A26821F09FD55A680B7BE0057E8C21F94C955114229F95E2324B3E9B8CBD61350A9C84E7E39E7F5B9D783A317F95B9AFC19E41
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....8..........." ......... ......................................................u.....`...@......@............... ..................................(...............0)......d...h...p...........................................................(...H............text....w.......................... ..`.data...............................@....reloc..d...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Security.Cryptography.Xml.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):456968
            Entropy (8bit):6.545201757271853
            Encrypted:false
            SSDEEP:
            MD5:E97213557B614219EEDB2310B329D87E
            SHA1:965ABD963F2B56BD0123CEDA85C2181FA99067B9
            SHA-256:ABD07FDF19D091900C42561A7EDB2FB80CED3409383A45853DDD87333F5F0C06
            SHA-512:028EEFFA40E21CDF310E829E5E12ED612C242D7C9E90F7C9C512ADA5C7BCE7604E49900D3FB371087EBCB0B65F71B79CF9A34B477BC7639B411E55418C386A9B
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...rm..........." .....P...p......................................................".....`...@......@............... ..................................l...$....(.......)......p...x;..p...........................................................p&..H............text....B.......P.................. ..`.data....[...`...`...`..............@....reloc..p...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Security.Permissions.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):186656
            Entropy (8bit):5.967840016140036
            Encrypted:false
            SSDEEP:
            MD5:967C7B91C3C204B371C281E6383527F5
            SHA1:144788A3D3E28C63F95A0FDC8063BCC0B13CDD6F
            SHA-256:3843D70BD0351B5CFB8EC8D3C4FCC05F5AAC7DEEE2349B32DAE659D637C54E10
            SHA-512:99278DAF66C5B6140A75643274CBA5890DAD47D9E26801AB096173459A37077AE348CDFC441C417BFF79959EE663F6BA720939A3EA3A64F335C89DF1093D3FE5
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...;............" ......... ......................................................PP....`...@......@............... ......................................85..@>...... )...........)..p...............................................................H............text....}.......................... ..`.data...............................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Threading.AccessControl.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):84248
            Entropy (8bit):6.021209151396337
            Encrypted:false
            SSDEEP:
            MD5:33835E8D3A83D2455F1B4BFD936B0E6B
            SHA1:D895DA254BAB2E81EC0341EADC0904414FA508B3
            SHA-256:0C44F1AAF5E878C7558BB24DE9705AC98CE7D96F556D23958AB48928C072F44E
            SHA-512:81AC3D4211B1F8ED0EF11DE09D4E6FDCCB9C21739C96C5835976F06C048F8F848DFF4D91C43940869FA3E53750256DAA39B07DDC72B75F2B2937AF8F33C8CF84
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...(sU..........." ......... ............................................... ......?.....`...@......@............... .......................................$..T.... ...)......(.......p...............................................................H............text............................... ..`.data...;...........................@....reloc..(...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Windows.Controls.Ribbon.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):1452344
            Entropy (8bit):6.693044162292628
            Encrypted:false
            SSDEEP:
            MD5:5147120D18480AAED7783533BB6ABDE8
            SHA1:250F9796C928922E0413075CB0A15FBFF6884095
            SHA-256:9F98280E67C2F309422F913DF2CD89523606BE9B3AE7B4858998F1771E53E777
            SHA-512:EC8E44B28E8343E95114461D8B7F35C7F5EC6EED12CA51D375445FCCE8DBFE2640F5FB8B6CEE03807401D5B1BBF38C52CA2FBCE02FA6270FCDA6172B8EE545BC
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................" .........@............................................................`...@......@............... ......................................LW..........8)..........HS..T...............................................................H............text............................... ..`.data............ ..................@....reloc........... ..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Windows.Extensions.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):117000
            Entropy (8bit):6.013220849595352
            Encrypted:false
            SSDEEP:
            MD5:A2F51224275E67D10E0034B7C1358C97
            SHA1:04E59E0124BB6A0FBAFC402FB8F4180F85DC3A13
            SHA-256:8A64981BE2E72C68555C3D9D402419D4C2E71012A53F3255DE9A1645938FA794
            SHA-512:5368A1C3FAB8E9B28800A3B7E3CF1D094B0E489AE33EF8C290D73B26D52731BE67FD08658CDCD01124ABDF3819A52D46FE83F104021426CDDDCF10693E1A8116
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .....`...0.......................................................Y....`...@......@............... .......................................+...........)..............p...............................................................H............text....^.......`.................. ..`.data........p... ...p..............@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Windows.Forms.Design.Editors.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):16672
            Entropy (8bit):6.671820812122299
            Encrypted:false
            SSDEEP:
            MD5:BB6638904BEE0C88A8002E95BD584AC3
            SHA1:6AAEF07D5FB9D234298634E1EDB2A0789745378A
            SHA-256:4F8C11A46AE02EC6822D9351FFC26A5A84D651D8FBF6E127ABCE4EA3A0FDC1FE
            SHA-512:52D0975570DE5BD89A9426930A10182279A6020DEBE9B5FFB8D512CE3A362D4683BE49F8B1CC26852AFFA1D723F4B29E935B5EE45AAEDAA1F61E1B967AE38648
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....S............" ..0.............n,... ...@....... ..............................x.....`..................................,..O....@.................. )...`......T+..8............................................ ............... ..H............text...t.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................M,......H.......P .......................*......................................BSJB............v4.0.30319......l... ...#~......p...#Strings............#US.........#GUID.......t...#Blob......................3................................................S...........s.........................~.....~.....~...6.~.....~.....~...s.~.....~...7.~...Q...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y...............................#.....+.>...3.

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Windows.Forms.Design.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):5564680
            Entropy (8bit):5.985659673404173
            Encrypted:false
            SSDEEP:
            MD5:158E8E1BBCF4F3043F38B784701ABA4F
            SHA1:C49132EA14AD0AEC31D0AB0AEC469D6DE9833203
            SHA-256:220B4E65D1B259D67B43F92044EB592F5A5F4E3EA54580DFC20A8A7A864F1512
            SHA-512:13B13DDE57F71AC31F096A5A689061E837D80D85565086892C6DD969C027F02F46BC519F9596323BC37B7BC79BAA8AF956D5D2052FDE0414D9DE47F77BE6F1C7
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....]............" ......Q.. ................................................T.......U...`...@......@............... ......................................,...t0....T..)....T..>..x...p...............................................................H............text...5.Q.......Q................. ..`.data.........Q.......Q.............@....reloc...>....T..@....T.............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Windows.Forms.Primitives.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):3012912
            Entropy (8bit):6.437573552926829
            Encrypted:false
            SSDEEP:
            MD5:8C3DC879543040A78B7A6D474EE1D687
            SHA1:2AA7EE2C6105057C2E27A0F35246DE900CFDA78D
            SHA-256:D01446CE62BEF9CFBE107CDFC1638728668BA24EE644BC3383E5B8E261CF6F6E
            SHA-512:86DA14B1D7E8B4C7E4D4E8BBAEB660D9FE98B9ABBD90B2B25E175AFF6AA311714729C1C0819452D1D14B5D44FCA318BE8F76E825BF41F10D79C4F9622D406CFE
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...#............." .....@,...................................................-......v....`...@......@............... ......................................H...T;....-.0)....-.,......p...............................................................H............text...U9,......@,................. ..`.data....^...P,..`...P,.............@....reloc..,.....-.. ....-.............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Windows.Forms.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):13564208
            Entropy (8bit):6.474450641055064
            Encrypted:false
            SSDEEP:
            MD5:3DD89A7A48BDE30DD8CAB47158C4FD99
            SHA1:1C7D59E353F8638F8C97C42163002B42B17C173E
            SHA-256:9CA5BF00175381B0FFA33C1C17782AD65A878392FA3C2C81C78AAB469BF5A718
            SHA-512:FA04D539B615A07754AA377BEECF1C4A8441BDB62BCAA64B8762D7350D75897310E94CDD363DB56EF107FC31992486CE44BBD6047E0FB8F9C7342466C34B05C4
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...9............." .....`...`............................................................`...@......@............... .......................................P..........0)...@..t....^..p...............................................................H............text....R.......`.................. ..`.data...N....p.......p..............@....reloc..t....@.......@..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Windows.Input.Manipulations.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):137480
            Entropy (8bit):6.277786438188969
            Encrypted:false
            SSDEEP:
            MD5:28E6186135F1531CF6E390D9E56BD777
            SHA1:826C3BC7F9000A51515D05EEB0873528AD58182F
            SHA-256:E7B1BAB4902DE190E305FD867753068B5AD8288941E0C50C026EAB4C86EA653C
            SHA-512:0B2FC0B939D708C85A254FD164EC2BEDE0E3B006FD19534019BB2F00CCB926D8EF5F746700932330518E7AE064FC6BAB96F1DAF7F0EE16A1ABB95A41E566C9C0
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....=3..........." .........0...........................................................`...@......@............... ......................................d3...........)..............T...............................................................H............text...}........................... ..`.data............ ..................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Windows.Presentation.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):31008
            Entropy (8bit):4.7440721082262245
            Encrypted:false
            SSDEEP:
            MD5:C2C160C246650DDE44181E53FD60B1D9
            SHA1:E7293641E6C04A68D3BEC11FD2E7274BD501E1E9
            SHA-256:7475BE73A09E6C38FB6B5101373EEDAF0E9E6386D8AE9909B16432A62ACC7F49
            SHA-512:28836A700F9117A55E00A77EEFD54D56FAD90D9E558EFC19854803380AEB767D6F0B67D32C013662375FA82FD8E0F6ABEF3AB3E7A1CFB268772AF120986DF300
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." ..... ... ...............................................P............`...@......@............... ......................................d...l....P.. )...@..(...H...T...............................................................H............text............ .................. ..`.data...J....0.......0..............@....reloc..(....@.......@..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Xaml.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):1419528
            Entropy (8bit):6.6865409104395175
            Encrypted:false
            SSDEEP:
            MD5:1130708833FF71818513517C6BCCC032
            SHA1:F5CA4BCF6EA7BC9CD0691CCCE31E083AB71B4699
            SHA-256:7CD9D44F7A57344695FD007925306457D965E6BD2EF8FFD75F5C8ADC0098A274
            SHA-512:4C8060B943BDCB3E005C094A87F4E9B6FB34EF7DF636A7404D4728B800274329FE6E3F80F7BF6A8B6D6FC71CDB88499C623E5F1E847FE5FD612115E058B755BA
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....DT..........." ......................................................................`...@......@............... .................................. ................)...`......p`..T........................................................... ...H............text............................... ..`.data....^.......`..................@....reloc.......`... ...`..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\UIAutomationClient.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):416024
            Entropy (8bit):6.538372605578582
            Encrypted:false
            SSDEEP:
            MD5:6DB074176DA012E2681BC5174E7F970C
            SHA1:4FE6E115055804CB4D66F19C2D254F4E5F60EE14
            SHA-256:2971954019C0DB8B16BA7DC54A53995AA1AFBA87CD06F3F685C036BA1096E6E7
            SHA-512:808FDED78F46B038AD06954D5B54EEA7866B516F04F5F0455BDDF403C33AC6C26EF3787B4DD7164846065DE1DC5C99BFDFE9D3BA2B851BF70CA4A10A5D267FA3
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...B)~..........." .........p...............................................0............`...@......@............... ..................................`.......,...0...)... ......`(..T...........................................................`...H............text...g........................... ..`.data....\.......`..................@....reloc....... ....... ..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\UIAutomationClientSideProviders.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):870696
            Entropy (8bit):6.698986862200009
            Encrypted:false
            SSDEEP:
            MD5:4E0C2D0430E0F018D8B2E2E9CDB701FF
            SHA1:D92E0623CC06BD5D061279D86281F72D7B98C099
            SHA-256:C2D1E219D08F79D3DED03B3BF38291BE834F46838966606D7C107C5B12D23923
            SHA-512:55FD0B05DA44D6E9FFBE85F805B9CA8057D132E69E37AAA8E24D810FD41CC6D73AB10E6C2165DD167F57BC863995E1911703D539468D8D32B8D2C62A792AC255
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...`w............" .....`................................................... ............`...@......@............... ...................................... ...@b... ..()......P....>..T...............................................................H............text....[.......`.................. ..`.data...e....p.......p..............@....reloc..P...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\UIAutomationProvider.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):59688
            Entropy (8bit):5.264861506482856
            Encrypted:false
            SSDEEP:
            MD5:4B3728799D7F5A02DC17ADB0DC6052C1
            SHA1:A68C803A2E5B55EFB47F51B76BB79858BA690C60
            SHA-256:0A4A98091C1A4A9851F84B1C8261CBF2243FA7E129930FDD872FB9E157A6D3E2
            SHA-512:4EAEDF5DDCEAA619FD16036378DCFDDBD548F5A9950BB4D7EEB3547CF8388BF96AB91749537CAEC3EAB7A253DD1F9CADA9BF75D920B0A3EE1EBB0F1850B1C635
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....7..........." ......... ............................................................`...@......@............... ..................................p.......\.......()......|.......T...........................................................p...H............text...k........................... ..`.data...n...........................@....reloc..|...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\UIAutomationTypes.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):313616
            Entropy (8bit):6.026991836318476
            Encrypted:false
            SSDEEP:
            MD5:06B95F6C6A53EE57B9714C54BEB0529B
            SHA1:BAD9AE72BBABBAC54D494D9A7671D813EF0843BC
            SHA-256:4B2C5FDFA7BEE4DC93B9EA93E1F83F0E27E1F44BBCBA4A059BFA3EA4355C0295
            SHA-512:E0BB1D8204C157D26CC5D91B96CEB7C30450D9A7618F71C7B145C335A508568BA5033C7FCA42B9CC16258103F5F7DA5592C55C007073CC7D9FD23F51793FD955
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....g............" .....P...@......................................................<.....`...@......@............... ..................................P...(;...........)..........(...T...........................................................P...H............text...`F.......P.................. ..`.data....'...`...0...`..............@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\WindowsBase.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):2255128
            Entropy (8bit):6.594323077678336
            Encrypted:false
            SSDEEP:
            MD5:21CFF665BF097A683FBD69C675D32509
            SHA1:1C424EA1ADAE721E9477E7159498C652F4C25836
            SHA-256:0438075ED22DAC7A30161F91753CC23878F2BAFD0FF8BB8AADF6355D74E06E6D
            SHA-512:E12F245ED79D1F03ACD5BB54BF16D763BD6D5817C2FFBCC8DE0F935B91A70333006A45A9B611A831D651D47E5022CEB98FCA486B65F3E1FFC99919DF5A362CBE
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....H............" .....@ ..................................................@"......."...`...@......@............... .................................. ...tj..<....@"..)...."..%......T........................................................... ...H............text....7 ......@ ................. ..`.data........P ......P .............@....reloc...%...."..0....".............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\WindowsFormsIntegration.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):211240
            Entropy (8bit):6.371730355309198
            Encrypted:false
            SSDEEP:
            MD5:672D8DB001F9F28782F48F70AFE1C8BD
            SHA1:1E909CB5336412A885E72F2CCCD7FD64FFB2BA70
            SHA-256:4B1D73D07E89EA0A2794E02C2B4072E9C0ACFB7E08355F0D59E3F27A6559DBB8
            SHA-512:D27D0E8DF83779741AAB3E08A0802765638434586420105812ED3DACC317A8C66361936D4ACE429E0EB7CCFBB1C1FD32D52AAB698710D514BBDB61F2EF99EC97
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....eD..........." .........`............................................................`...@......@............... .......................................J..x.......()......L.......T...............................................................H............text............................... ..`.data....O.......P..................@....reloc..L...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs\Microsoft.VisualBasic.Forms.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):25904
            Entropy (8bit):6.359318078933982
            Encrypted:false
            SSDEEP:
            MD5:AE5634493B63FF05BCF97525F169F89B
            SHA1:E1A053A5E6976AD7878E7EA20E656F1F81C52F1C
            SHA-256:234B02C0921D5DD842F150746C74786B62A74A8D7D1BEDC372C14A8DF3688DA9
            SHA-512:83ADB2C010374F0A0EF12B01901FED901B21879C01586B46CEFEDA0C853DC3F0A5D5967DE8BF417CF9DCE55FB2BCAC04C5A7AFECB79A8A75C3C4296BC28F77BA
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..2..........zP... ...`....... ...............................<....@.................................(P..O....`...............<..0)...........P............................................... ............... ..H............text....0... ...2.................. ..`.rsrc........`.......4..............@..@.reloc...............:..............@..B................\P......H.......P ..............d&..()...O......................................BSJB............v4.0.30319......l...\...#~......x...#Strings....@.......#US.D.......#GUID...T.......#Blob......................3....................................../.......................q...f.......Y.....Y.....Y...D.Y...a.Y.....Y...-.Y.................k.....k.....k...).k...1.k...9.k...A.k...I.k...Q.k...Y.k.......................#.....+.....3.@...;.a...C.u...K.....S.@...................@...............

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs\PresentationCore.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):108856
            Entropy (8bit):5.55982081559385
            Encrypted:false
            SSDEEP:
            MD5:21F464CA5E8543669B3D4F7F850120D1
            SHA1:24DEE3EE9D231280854D52C2FB433205BC5CD60C
            SHA-256:A4ABF60AECB415E9BC9FF86C610ADA254D6BE512B201EF7AEDC70BBBC367D1E9
            SHA-512:C4DC5D1D3159031807C8D95B34FB41D388BE5BEDC0315BDF9EC62BC733E5511BB3499480F8A880BD53DF222FAE158CAC3ABCD097183556E7F00D699F401A224D
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...S|N..........." ..0..v..........^.... ........... ....................................@.....................................O.......|...............8).......................................................... ............... ..H............text...dt... ...v.................. ..`.rsrc...|............x..............@..@.reloc...............~..............@..B................@.......H.......P ..8............%...m..p.......................................BSJB............v4.0.30319......l...0...#~..........#Strings....p.......#US.t.......#GUID...........#Blob......................3..................................................\.....\.....I...........1.....1...D.1...a.1.....1...-.1.................C.....C.....C...).C...1.C...9.C...A.C...I.C...Q.C.......................#.....+.....3.@...;.T...C.....K.....................|.Y...............................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs\PresentationFramework.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):196880
            Entropy (8bit):5.437068637220038
            Encrypted:false
            SSDEEP:
            MD5:2548D26A2474D048E23299FB802F4C21
            SHA1:FAC5692968626FD5709213F2AE35746726CCED74
            SHA-256:21C48E437976AF05FA5B941167868B97AE21F3E6D6B68193F66F8B6F6B3E6B5F
            SHA-512:6945B20E5B89A847A5B34DE86C44609AA9C4533477A5E8C2B2D17692DE4311FD5E594A6D00B5271A1A43DDCBAACEC2B8CF1B008454CFB2A91A1252A7CBF3AC7F
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...e............." ..0.................. ........... .......................@............@.....................................O........................)... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H.......P ..L............%..p...........................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................a.....a.....N...........6.....6...D.6...a.6.....6...-.6.................H.....H.....H...).H...1.H...9.H...A.H...I.H...Q.H.......................#.....+.....3.@...;.T...C.....K.......................^...............................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs\PresentationUI.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):45832
            Entropy (8bit):5.796067064534001
            Encrypted:false
            SSDEEP:
            MD5:4C6D713776416CA85EB0149B01410568
            SHA1:4479E53152E971C2ED37EB82C10676EBB2D05F98
            SHA-256:5C2A4E6DD8CCE15117B8B945D80AF8972751FA1A86D0FB6A46077D1D315B5A1E
            SHA-512:0BDD3BFB9A961E554937B3D9C11370DE632102EAFEA924D9BE63499C4AD996F862371A83C856C82A5792672F93265650CCD9E184502CBF9B7C5C43FFC5DF9A52
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?............." ..0.............>.... ........... ....................................@....................................O.......l................).......................................................... ............... ..H............text...D~... ...................... ..`.rsrc...l...........................@..@.reloc..............................@..B................ .......H.......P ..0............%...w..P.......................................BSJB............v4.0.30319......l...0...#~..........#Strings....l.......#US.p.......#GUID...........#Blob......................3..................................................Z.....Z.....G.........../...../...D./...a./...../...-./.................A.....A.....A...).A...1.A...9.A...A.A...I.A...Q.A.......................#.....+.....3.@...;.T...C.....K.....................z.W...............................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs\ReachFramework.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):39176
            Entropy (8bit):5.903780338359541
            Encrypted:false
            SSDEEP:
            MD5:CF2316DBE5C8CCAFB8F24F7C38DD7F43
            SHA1:D17FF3831EAFD789A2AE39C71E7694D34E9CBF45
            SHA-256:FAEEF94DB490BD62941DCFCC0623475A4ACD0C55BFE43105DE01F78B5DE65840
            SHA-512:CFF0AB03722A01680BA5AE92ABF6B12DD16F90C1BD82B62392E4AA8DD677C6582FC4B6C99C71C4CA722D8ADDB35A2D9025864881CF638276DEB2F172B7AACB02
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...si............" ..0..f..........F.... ........... ..............................5q....@....................................O.......l............p...).......................................................... ............... ..H............text...Ld... ...f.................. ..`.rsrc...l............h..............@..@.reloc...............n..............@..B................(.......H.......P ..X............%...]..X.......................................BSJB............v4.0.30319......l...<...#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................Z.....Z.....G.........../...../...D./...a./...../...-./.................A.....A.....A...).A...1.A...9.A...A.A...I.A...Q.A.......................#.....+.....3.@...;.T...C.....K.....................z.W...............................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs\System.Windows.Controls.Ribbon.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):18720
            Entropy (8bit):6.597258666219538
            Encrypted:false
            SSDEEP:
            MD5:9E2E6F79C723FB4FCE313F46DF9D302A
            SHA1:DCE146D43BF222ED159DFE95FFB048E340DAC565
            SHA-256:07C43ADE661039A2B3E3088FA2952A58D79D2C43E84B015873E80DA54E8AB64B
            SHA-512:FDB2E131729929DC083AE052B3EC0B84788A5B703F3C879B99C43A1940E56B163349349DEB7F261785E7C3289B74811FFF8C7E3A374AAABAFE2694A43C674786
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...LhV..........." ..0..............5... ...@....... ..............................J.....@..................................4..O....@............... .. )...`.......4............................................... ............... ..H............text...$.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................5......H.......P ..............0%......04......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID.......0...#Blob......................3..................................................j.....j.....W...........?.....?...D.?...a.?.....?...-.?.................Q.....Q.....Q...).Q...1.Q...9.Q...A.Q...I.Q...Q.Q......./.....8.....W...#.`...+.{...3.....;.....C.....K.......................g...............................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs\System.Windows.Forms.Design.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):149288
            Entropy (8bit):5.521544546091387
            Encrypted:false
            SSDEEP:
            MD5:0FD86F7B0017EF88DD046B55A18E991E
            SHA1:145D0B54F64E9D11CEE740C2723176F56E908BE7
            SHA-256:45E0757C200680922EA75D8FF10C067A33D53F88BA6FB7FF6BF615CCFBC48011
            SHA-512:B16444A5DBA749080B5487FA3C8CDD79D8738B3A80A5A11B0051B55B7B7189ECCF5FBB3F58B1B392CFBB43A18CBBFDBC38B79D1D0246F3FC6C3DCDEE6C484F1A
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..............." ..0..............3... ...@....... ....................................@..................................3..O....@..................()...`.......3............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................3......H.......P ..............h'.......3......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID.......0...#Blob......................3....................................../.......................q...........Y.....Y.....Y...D.Y...a.Y.....Y...-.Y.................k.....k.....k...).k...1.k...9.k...A.k...I.k...Q.k...Y.k......./.....8.....W...#.`...+.{...3.....;.....C.....K.....S.....................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs\System.Windows.Forms.Primitives.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):16168
            Entropy (8bit):6.740551847422449
            Encrypted:false
            SSDEEP:
            MD5:387CD23F2B8A13BF220F4783DF5D02D7
            SHA1:4938B4D6630578CFBB27795E1D5B475219A2E6ED
            SHA-256:879D0EDD3E516CFC3AD8B25B4D72917CF041FD253B6681547B065C0428F5BCD0
            SHA-512:2B67FC347A8869BACB8287EF58C9096737E7BB49DCE9B48F32148DFC238A6CAAA22F8287A6EF6C3AA803D8932495613668CA328BD753DCDD6F260A6623A16BAF
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....m............" ..0.............j+... ...@....... ....................................@..................................+..O....@..................()...`.......*............................................... ............... ..H............text...p.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................L+......H.......P ..............d%......|*......................................BSJB............v4.0.30319......l...D...#~..........#Strings............#US.........#GUID.......4...#Blob......................3....................................../.......................u...........].....].....]...D.]...a.].....]...-.].................o.....o.....o...).o...1.o...9.o...A.o...I.o...Q.o...Y.o......./.....8.....W...#.`...+.{...3.....;.....C.....K.....S.....................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs\System.Windows.Forms.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):365864
            Entropy (8bit):5.387914938188378
            Encrypted:false
            SSDEEP:
            MD5:FBF6F252506CE94FDA0055A1429C52F6
            SHA1:58C1FC08CE7CF9E2F9E8B99F1563F529FA4F01C5
            SHA-256:C1544BCF07DF78A174951269325A2BA2E9AD415BBF7E86D10E2EE182D1483130
            SHA-512:7F9F63B116DE1D0EB4871E60D5329EB164C2363DA8B3B73E44747CFDBD7EFF1D87C115BC02B231916968AD56105B9768EB03FE7550317143189A47684900E1BD
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....m..........." ..0..b..........n.... ........... ..............................y.....@.....................................O....................l..()........................................................... ............... ..H............text...ta... ...b.................. ..`.rsrc................d..............@..@.reloc...............j..............@..B................P.......H.......P ..P............%...Z..........................................BSJB............v4.0.30319......l...\...#~......L...#Strings............#US.........#GUID...(...(...#Blob......................3....................................../...........}.....}.....j...:.......R.....R.....R...D.R...a.R.....R...-.R.................d.....d.....d...).d...1.d...9.d...A.d...I.d...Q.d...Y.d......./.....8.....W...#.`...+.{...3.....;.....C.....K.....S.......................z.............

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs\System.Windows.Input.Manipulations.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):16680
            Entropy (8bit):6.700890399820885
            Encrypted:false
            SSDEEP:
            MD5:4706A9073F965FC7DB47253B19872C7C
            SHA1:B8135D42F4DEA340A412A55C4FE083C7D7A498B7
            SHA-256:ED020BF2149A04C93E6B793ACEB08F49171A50EEC3CD75C617FDA96A16C0DD84
            SHA-512:CCE875C61468B810032D924E41ABD1526AF0AA9FE7AD35C7CB4A6BA961A32096A68930BBE023AEE275D147E48F28DBB646F7C7C62046B4CFA7F810371D8F3B18
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..............,... ...@....... ....................................@..................................,..O....@..................()...`.......,............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................,......H.......P ..............@%.......,......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID.......4...#Blob......................3..................................................n.....n.....[...........C.....C...D.C...a.C.....C...-.C.................U.....U.....U...).U...1.U...9.U...A.U...I.U...Q.U......./.....8.....W...#.`...+.{...3.....;.....C.....K.......................k...............................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs\System.Xaml.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):65288
            Entropy (8bit):5.8352095949682425
            Encrypted:false
            SSDEEP:
            MD5:EC42CEDD51EDE17458430E37689BFF88
            SHA1:6440D99CFACAB57AF860F7D490485102EF3DB037
            SHA-256:743272682EEFC6D5DFCD04E4713E35E283E7FCFBEA0D7778CE156B0C3A609239
            SHA-512:D44AA8BC6AFAF1E4770FF86F73E948EC9633940DF758BC9F71ECBFD0FA64BF9A24361377334E26E4F61FDE7D441088B655418D2D0B4D11B3F37E019EA7101714
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.............~.... ........... .......................@.......n....@.................................,...O.......L................)... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...L...........................@..@.reloc....... ......................@..B................`.......H.......P ...............$..............................................BSJB............v4.0.30319......l...0...#~..........#Strings....`.......#US.d.......#GUID...t.......#Blob......................3..................................................W.....W.....D...........,.....,...D.,...a.,.....,...-.,.................>.....>.....>...).>...1.>...9.>...A.>...I.>...Q.>......./.....8.....W...#.`...+.{...3.....;.....C.....K.....................w.T...............................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs\UIAutomationClient.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):20280
            Entropy (8bit):6.5410479227178895
            Encrypted:false
            SSDEEP:
            MD5:C36479AA59561E111685AAA9DAC28970
            SHA1:7D2CA1A620C66D1219DE69F8046216DB9C08E963
            SHA-256:F7CBD8830E0E2C912F1CBE2CCA80F7F04B22B921012E2A8A37F89D84E2142D5A
            SHA-512:C01A99095A6F740F0EDCA8F8B0B593986000CEFCA8CE176B66D32EB02FEFA6CA6C5ADC74E5C7369A813888456A58D0BBFFFE6E653B7C91E16F886BFED4F5B7BD
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....o............" ..0..............:... ...@....... ...............................^....@..................................:..O....@...............&..8)...`......h:............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`.......$..............@..B.................:......H.......P ..@............%..X....9......................................BSJB............v4.0.30319......l...0...#~..........#Strings....x.......#US.|.......#GUID...........#Blob......................3..................................................^.....^.....K...........3.....3...D.3...a.3.....3...-.3.................E.....E.....E...).E...1.E...9.E...A.E...I.E...Q.E.......................#.....+.....3.@...;.T...C.....K.......................[.............................~.

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs\UIAutomationClientSideProviders.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):21264
            Entropy (8bit):6.378027218638458
            Encrypted:false
            SSDEEP:
            MD5:F97811009C3461779328B9C26E5819C7
            SHA1:D5AE4B01C13D1898CA432A0ECC299F498C145480
            SHA-256:4B8A3BBD89CB882B03E6894D2ECF9A7E7F390FCD251E61F70FD443AB9109B828
            SHA-512:0039733A8C4B187CF7FAC472D7275D4420D3CA45E120B7E2527E29BCF0188125FAF688A8CF5A3B961A62E30B7FED7F442E3A83498EFAC039990379CCDCB12E04
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..._............" ..0.. ...........>... ...@....... ..............................=z....@.................................D>..O....@...............*...)...`......(>............................................... ............... ..H............text........ ... .................. ..`.rsrc........@......."..............@..@.reloc.......`.......(..............@..B................x>......H.......P ..............0%..x....=......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID.......0...#Blob......................3..................................................k.....k.....X...........@.....@...D.@...a.@.....@...-.@.................R.....R.....R...).R...1.R...9.R...A.R...I.R...Q.R......./.....8.....W...#.`...+.{...3.....;.....C.....K.......................h...............................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs\UIAutomationProvider.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):15624
            Entropy (8bit):6.712251899360575
            Encrypted:false
            SSDEEP:
            MD5:C30055CD13F24CE05624388519215B7D
            SHA1:C6E73C1F8D6A17DDCF12CE6BA915B3898209D858
            SHA-256:E38358E23A2536BE5E13B2C58825E46496254A65E1D34254BC3ACCBD7C3C4DB7
            SHA-512:943D4D1D624062F87196C9CEBD02095D599FD9C1E114ACD1F8F68BEA0C315450315D095F334493CD07E4C66EA29DCDFCCBF90C704F806FBBF2432264C2D26D2D
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.............&(... ...@....... ....................................@..................................'..O....@...................)...`.......'............................................... ............... ..H............text...,.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P ..H............%......8'......................................BSJB............v4.0.30319......l...0...#~..........#Strings....|.......#US.........#GUID...........#Blob......................3..................................................`.....`.....M...........5.....5...D.5...a.5.....5...-.5.................G.....G.....G...).G...1.G...9.G...A.G...I.G...Q.G.......................#.....+.....3.@...;.T...C.....K.......................]...............................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs\UIAutomationTypes.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):18712
            Entropy (8bit):6.511406330443907
            Encrypted:false
            SSDEEP:
            MD5:606D534F068144A798C6245D708D57CB
            SHA1:2DA63ED0ABA94423B7871589718ED0E780C21448
            SHA-256:514667B9DE42178A7826C175729A2FD1868EC1D551D4454ACD941482EB48F4C2
            SHA-512:A9C088D2E66A540C778E347A81A5D95CC45EF26B5D2549F6CAF4F628F3EA6C852AE0360E724F2F90DD0510DF44787BDCA5452E310AD45B23A44F2E10F0A554BD
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...m............" ..0..............4... ...@....... ..............................D.....@..................................4..O....@..|............ ...)...`......t4............................................... ............... ..H............text........ ...................... ..`.rsrc...|....@......................@..@.reloc.......`......................@..B.................4......H.......P ..<............%..h....3......................................BSJB............v4.0.30319......l...0...#~..........#Strings....t.......#US.x.......#GUID...........#Blob......................3..................................................].....].....J...........2.....2...D.2...a.2.....2...-.2.................D.....D.....D...).D...1.D...9.D...A.D...I.D...Q.D.......................#.....+.....3.@...;.T...C.....K.......................Z.............................}.

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs\WindowsBase.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):86792
            Entropy (8bit):5.641668538868646
            Encrypted:false
            SSDEEP:
            MD5:B2039A80C01D3329B4641A2B5C6CCBF4
            SHA1:4176750277BFFBF605BFDC6AE47D6C053BA44D16
            SHA-256:24A8BE668FC14F68031AE2EEC80A0EF86EF8D6E4C49A144D769EA0B5DE7FC428
            SHA-512:77F3B84E9F83CE81CEF53BAF0AAB8829850958AFCFF57431E4CC7AECAEDEE7026CB3358320328A5C3ACEED48A0C6EB109280C82866A335CC3EF087CA83423E8D
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...j#............" ..0.. ...........?... ...@....... ....................................@..................................?..O....@..L............*...)...`......p?............................................... ............... ..H............text........ ... .................. ..`.rsrc...L....@......."..............@..@.reloc.......`.......(..............@..B.................?......H.......P .. ...........p%.......>......................................BSJB............v4.0.30319......l...0...#~..........#Strings....`.......#US.d.......#GUID...t.......#Blob......................3..................................................W.....W.....D...........,.....,...D.,...a.,.....,...-.,.................>.....>.....>...).>...1.>...9.>...A.>...I.>...Q.>.......................#.....+.....3.@...;.T...C.....K.....................w.T...............................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\cs\WindowsFormsIntegration.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):16152
            Entropy (8bit):6.75737496745177
            Encrypted:false
            SSDEEP:
            MD5:1FDE2DA31DA15C3DA3FA47CF53E532C7
            SHA1:55C4683ECC4E13BC3A5D783622852B84814EE3A3
            SHA-256:2875D6B2934C7AA14BAD9E2244BEBD81B0D3607990D51FE1490417A260062468
            SHA-512:CD86E72CFCBAEDEC1CF002408D2A2B6CCAFE40082A143AC5F94489D31B8530F5F84D3DD42509DDC52C1A48A0DCDD870FBE37BCA296027B0E8D0B32B4EF1FE932
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....6............" ..0..............+... ...@....... ....................................@..................................*..O....@...................)...`.......*............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P ..P............%......(*......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................c.....c.....P...........8.....8...D.8...a.8.....8...-.8.................J.....J.....J...).J...1.J...9.J...A.J...I.J...Q.J.......................#.....+.....3.@...;.T...C.....K.......................`...............................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de\Microsoft.VisualBasic.Forms.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):25896
            Entropy (8bit):6.3418289466796836
            Encrypted:false
            SSDEEP:
            MD5:C666F58AFC3361544F1AB87B09B23A5F
            SHA1:8A4FE4FB66EA32E036E4382AF1EA6C0682C4E658
            SHA-256:C2FB53D0ED5C02CEAD96B0D1CC496598158B22E2454EB8C885B4456AA36CAB6F
            SHA-512:3C9FA78B5D0810CE6A1E32D9FE1C6AAD322A48D26E6883CCF783FA50ED312779D7956F5099BCAD66DA7D965943F45E8372F61C8E935E0AC23BF64A6F7599EE74
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....e..........." ..0..2..........ZQ... ...`....... ....................................@..................................Q..O....`...............<..()...........P............................................... ............... ..H............text...`1... ...2.................. ..`.rsrc........`.......4..............@..@.reloc...............:..............@..B................<Q......H.......P ..............d&...*..lP......................................BSJB............v4.0.30319......l...\...#~......x...#Strings....@.......#US.D.......#GUID...T.......#Blob......................3......................................2.......................t...i.......\.....\.....\...G.\...d.\.....\...0.\.................n.....n.....n...).n...1.n...9.n...A.n...I.n...Q.n...Y.n.......................#.....+.....3.@...;.a...C.u...K.....S.@...................C...............

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de\PresentationCore.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):114456
            Entropy (8bit):5.43213175265876
            Encrypted:false
            SSDEEP:
            MD5:BEDD8931385D3036D23D55F0CA26A777
            SHA1:F44DFB11B501DAC30B79226D86D99F995B7BD85C
            SHA-256:3B265B930EF99386B632B4B55CBB964D29771ABC7713096852A29456A04EEBC9
            SHA-512:9DCB7DA72A26EFBAC0E424C455017135E97DA80FA5A9B1D5DDD3F834217A5DF6B613FC21E4C9449BF4CF3B22D5738A094F2FAADE7CA1CCCD8371D2D5154D5EB8
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....)............" ..0.............r.... ........... ....................................@................................. ...O.......|................)........................................................... ............... ..H............text...x.... ...................... ..`.rsrc...|...........................@..@.reloc..............................@..B................T.......H.......P ..<............%..............................................BSJB............v4.0.30319......l...0...#~..........#Strings....t.......#US.x.......#GUID...........#Blob......................3.................................................._....._.....L...........4.....4...G.4...d.4.....4...0.4.................F.....F.....F...).F...1.F...9.F...A.F...I.F...Q.F.......................#.....+.....3.@...;.T...C.....K.......................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de\PresentationFramework.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):213808
            Entropy (8bit):5.294743929990901
            Encrypted:false
            SSDEEP:
            MD5:51C76074868EA02890DBB1587C55C3B1
            SHA1:8B2C78A44539331F5182CE9731DD8F90BF4667D4
            SHA-256:B8A331C43A9381CDA29C49385AB73363D7642AEC63D880CD949B7D095BDB4910
            SHA-512:F97543A74662B6DF00AC475F32E35950B4A7CCBF1F4AA6CA762BC0D33652B688F57240CE99FD63D3CA3D4490CE754EAA44B202835CEF6DE36C678D8402383919
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...._..........." ..0.................. ...@....... ...............................,....@.................................L...O....@..................0)...`......0................................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B........................H.......P ..P............%.......-......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................d.....d.....Q...........9.....9...G.9...d.9.....9...0.9.................K.....K.....K...).K...1.K...9.K...A.K...I.K...Q.K.......................#.....+.....3.@...;.T...C.....K.......................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de\PresentationUI.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):47368
            Entropy (8bit):5.675520428006794
            Encrypted:false
            SSDEEP:
            MD5:31A89F0D8A86A7D4FDB89F9418473480
            SHA1:D5BE4E2DD0D8C03697E1650C0574A3C6286A5D84
            SHA-256:D87B0327BA2B98557D06DF81CAD2EF2F7B41DBC542D861AB82434F1AB2D81200
            SHA-512:8128576889A7433EE880DE1D0CCD9D119980AD03D4421B7A08AD6A4469883B208D8E6321947634CA144DA7C2F5A61DB70A3F2F6D916E7A122ED2345A422025EC
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.............6.... ........... ....................................@....................................O.......l................).......................................................... ............... ..H............text...<.... ...................... ..`.rsrc...l...........................@..@.reloc..............................@..B........................H.......P ..0............%...}..H.......................................BSJB............v4.0.30319......l...0...#~..........#Strings....l.......#US.p.......#GUID...........#Blob......................3..................................................].....].....J...........2.....2...G.2...d.2.....2...0.2.................D.....D.....D...).D...1.D...9.D...A.D...I.D...Q.D.......................#.....+.....3.@...;.T...C.....K.....................}.................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de\ReachFramework.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):39736
            Entropy (8bit):5.852263925136899
            Encrypted:false
            SSDEEP:
            MD5:0B50FC092F9103100AF909DC9AD34AFE
            SHA1:B6DA10CB5341C48E4EE50A1A0A241A28976F3A10
            SHA-256:4DC311EE531B1C786B770F6C1B262B592E30E65F0333CDF8D201867444EF646C
            SHA-512:85F5ED309F98854E30EB8C69E5E9F732FF6AA53B3725659364841CC738471E6E3EF57135207864F6DAC4AB625FD9EE0257CE40050A97902E5B100FDA261C8FBD
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....b..........." ..0..h............... ........... ...............................\....@.................................P...O.......l............r..8)..........4................................................ ............... ..H............text....g... ...h.................. ..`.rsrc...l............j..............@..@.reloc...............p..............@..B........................H.......P ..\............%...a..........................................BSJB............v4.0.30319......l...<...#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................].....].....J...........2.....2...G.2...d.2.....2...0.2.................D.....D.....D...).D...1.D...9.D...A.D...I.D...Q.D.......................#.....+.....3.@...;.T...C.....K.....................................................}.

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de\System.Windows.Controls.Ribbon.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):18704
            Entropy (8bit):6.579157650559837
            Encrypted:false
            SSDEEP:
            MD5:699B58502CF3DE72B03E685E1F93C2DF
            SHA1:6DDDF24C9446A3A4AE1A1D43E18BC91266D151C5
            SHA-256:2455DFFC076C7F0699ECEE0C518D9BA82257F47EEFA63CC124F640EF28222CBD
            SHA-512:0123C3C56B9D75D538C8C4F21E2A7C36D0F674249F1861D6054C477F287C091BE17D22DAD0018F42208B3A13536952203E4DF03216B4EF95621CAFB040EB0DCC
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....}..........." ..0.............F5... ...@....... ..............................f.....@..................................4..O....@............... ...)...`.......4............................................... ............... ..H............text...L.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................(5......H.......P ..............0%..(...X4......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID.......0...#Blob......................3..................................................m.....m.....Z...........B.....B...G.B...d.B.....B...0.B.................T.....T.....T...).T...1.T...9.T...A.T...I.T...Q.T......./.....8.....W...#.`...+.{...3.....;.....C.....K.......................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de\System.Windows.Forms.Design.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):149800
            Entropy (8bit):5.436623678645513
            Encrypted:false
            SSDEEP:
            MD5:4EF7BC320B1E080E41D09ADCD42B5B2E
            SHA1:08C5EDEBB988BEE457369D7580C5677E0ED4ECDC
            SHA-256:F5C8BAC7C9E7816DBCB4259AD9F74FD838CB19116320A1FDDD05B062FB574DD8
            SHA-512:634B790462AC193C1BA12E20F513AEB98A25135CE08C95350CF4E945957D8F339454A8CA9CDD09A7B809D2A05F193B42727E457E485953ADADB58FBB9160400B
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...r............." ..0..............5... ...@....... .............................../....@..................................5..O....@............... ..()...`......t5............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................5......H.......P ..............l'.......4......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID.......0...#Blob......................3......................................2.......................t...........\.....\.....\...G.\...d.\.....\...0.\.................n.....n.....n...).n...1.n...9.n...A.n...I.n...Q.n...Y.n......./.....8.....W...#.`...+.{...3.....;.....C.....K.....S.....................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de\System.Windows.Forms.Primitives.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):16168
            Entropy (8bit):6.732390437588582
            Encrypted:false
            SSDEEP:
            MD5:77762C3C58591FDFC24C6C8CDE84D2AF
            SHA1:1BB784251B122465D0C615BD864803BDA89BF956
            SHA-256:9F60D58B5167F73DF8DB508546B8F0F37D2918B0ECCB50B9B3600047B5617BB1
            SHA-512:C53602B3F8A4F76C67C85D7E9291DE67549F875012F7157D3363EB5371CC18AC7A35227B29E53314ED2BC462354B4A3A1A71039F4DFF72A237F449FB250E6FB2
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...r"............" ..0.............~+... ...@....... ...............................&....@.................................,+..O....@..................()...`.......+............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................`+......H.......P ..............h%..(....*......................................BSJB............v4.0.30319......l...D...#~...... ...#Strings............#US.........#GUID.......4...#Blob......................3......................................2.......................x...........`.....`.....`...G.`...d.`.....`...0.`.................r.....r.....r...).r...1.r...9.r...A.r...I.r...Q.r...Y.r......./.....8.....W...#.`...+.{...3.....;.....C.....K.....S.....................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de\System.Windows.Forms.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):374056
            Entropy (8bit):5.150587546921819
            Encrypted:false
            SSDEEP:
            MD5:0FDE4D0AD805D3338B020DFC0E470C21
            SHA1:FCFD7AAF86995822D4E06E976DD6C3E013434591
            SHA-256:CEF19C1FB6A2BF1FE00BA331C1A7481FC18E3B13FA0E089182A0BEB691E5545A
            SHA-512:B052CDA2220B9F380703AD32C05C0DC6B18D09E58F17B3C2B3897575832EC46D41ED402E775A24A09B9536ECDFC3AAC7B44664F78AB21B0D7F1344DC04575FA2
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...1'q..........." ..0.................. ........... ..............................&.....@.................................4...O.......................()........................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B................h.......H.......P ..P............%...y..........................................BSJB............v4.0.30319......l...\...#~......L...#Strings............#US.........#GUID...(...(...#Blob......................3......................................2.......................m...=.......U.....U.....U...G.U...d.U.....U...0.U.................g.....g.....g...).g...1.g...9.g...A.g...I.g...Q.g...Y.g......./.....8.....W...#.`...+.{...3.....;.....C.....K.....S.....................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de\System.Windows.Input.Manipulations.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):16656
            Entropy (8bit):6.714096865200814
            Encrypted:false
            SSDEEP:
            MD5:40690BDA9F8B2AB898D8DD0A54875514
            SHA1:E5E4A521868FB8F9E8B54786CFD836E0F488905E
            SHA-256:A7A710FDA81D23A409B0ED27E8E391002644478D774D818C4BDB92E3ED9C39DB
            SHA-512:25236106E61B608AF17998E12733960BF6220BF987D9698440EE6D7149F82D1FA2BBEB7046B688A0E3016189400E19B82CD24C9F048A70660E42F236C1F78125
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.............F-... ...@....... ....................................@..................................,..O....@...................)...`.......,............................................... ............... ..H............text...L.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................(-......H.......P ..............@%......X,......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID.......4...#Blob......................3..................................................q.....q.....^...........F.....F...G.F...d.F.....F...0.F.................X.....X.....X...).X...1.X...9.X...A.X...I.X...Q.X......./.....8.....W...#.`...+.{...3.....;.....C.....K.......................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de\System.Xaml.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):68904
            Entropy (8bit):5.7097357498526415
            Encrypted:false
            SSDEEP:
            MD5:34A151DF0B3818339952FA71B0BC81A0
            SHA1:44664AD8E92E4973F5E2357DB4F21960B89E65C0
            SHA-256:2BB26432D0388CE85F653456AEA04DC2729AF8DB8381EA4985875895061465B8
            SHA-512:80C32DC4F1832ACD300DB6AB55962DF12F79B538AA61716B27CE085B8E0EED98D6FEF27FEDF8CB2C59FC25DBF28A34CCAC8AD18B1420573756D2056777707FE2
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....@..........." ..0.............J.... ........... .......................@............@.....................................O.......L...............()... ....................................................... ............... ..H............text...P.... ...................... ..`.rsrc...L...........................@..@.reloc....... ......................@..B................,.......H.......P ...............$..x...\.......................................BSJB............v4.0.30319......l...0...#~..........#Strings....d.......#US.h.......#GUID...x.......#Blob......................3..................................................Z.....Z.....G.........../...../...G./...d./...../...0./.................A.....A.....A...).A...1.A...9.A...A.A...I.A...Q.A......./.....8.....W...#.`...+.{...3.....;.....C.....K.....................................................z.

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de\UIAutomationClient.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):20232
            Entropy (8bit):6.535836824312232
            Encrypted:false
            SSDEEP:
            MD5:19C3197AF8F779182A72A183F0984FC8
            SHA1:FFBA3005DFD6CE5EEECC976CB4029F348B9ECB84
            SHA-256:CBA7E0A04F7E473A7722A95D6A291F97A636473A969FD815490C472CB9D560FF
            SHA-512:79E1F73EE7D3FE509BD7397E5F6472C80BEFD38C1393BAC3C56C2EEC6309FD2DE994CC2430D6CF6B23524BD2325D009DF8B0C381A146BB880E7DD43651F6170A
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....@y..........." ..0.............n;... ...@....... ....................................@..................................;..O....@...............&...)...`.......;............................................... ............... ..H............text...t.... ...................... ..`.rsrc........@......................@..@.reloc.......`.......$..............@..B................P;......H.......P ..@............%.......:......................................BSJB............v4.0.30319......l...0...#~..........#Strings....x.......#US.|.......#GUID...........#Blob......................3..................................................a.....a.....N...........6.....6...G.6...d.6.....6...0.6.................H.....H.....H...).H...1.H...9.H...A.H...I.H...Q.H.......................#.....+.....3.@...;.T...C.....K.......................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de\UIAutomationClientSideProviders.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):21304
            Entropy (8bit):6.388305683752831
            Encrypted:false
            SSDEEP:
            MD5:FFB4EFC7062C6AD184B5CADA3E8088BB
            SHA1:67858652DCE8B98B9CBCED0219E6C998DA47A3AB
            SHA-256:D1F207A8C55F6F20B64AB42A668BA8230F56FDAB4EBEC982029E90A30E87E5E8
            SHA-512:A827AC297F167B541CA2A0DEB5AF17802A5FE34ED9FFE49FC3DB7FDB54ACBFB49500E95868D68825F4A37781B07C56292F73D671198A017D172949AF6C3D93FE
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..............." ..0.. ..........Z?... ...@....... ....................................@..................................?..O....@...............*..8)...`.......>............................................... ............... ..H............text...`.... ... .................. ..`.rsrc........@......."..............@..@.reloc.......`.......(..............@..B................<?......H.......P ..............4%..8...l>......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID.......0...#Blob......................3..................................................n.....n.....[...........C.....C...G.C...d.C.....C...0.C.................U.....U.....U...).U...1.U...9.U...A.U...I.U...Q.U......./.....8.....W...#.`...+.{...3.....;.....C.....K.......................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de\UIAutomationProvider.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):15640
            Entropy (8bit):6.706374592526618
            Encrypted:false
            SSDEEP:
            MD5:A4E7B196BBD1C1F8293DB884B85CC973
            SHA1:950B1E34AA8A5157CF57A765938A07B4663687A5
            SHA-256:8C231DC3E0A950E207662A8076FD2600A361ABF5353DFE3A3ECDD8E69C1B5ECC
            SHA-512:5912129CBBCC41F0994434371E3D3802D6AA027992DABB45A7B94EC3993569136BEE37C7982183E9BF3E71E1D66F72FFFC58B0CA094824DEC3EFAFE5B6EB3C04
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Z\-..........." ..0..............(... ...@....... ..............................Sl....@..................................'..O....@...................)...`.......'............................................... ............... ..H............text... .... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......P ..L............%......,'......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................c.....c.....P...........8.....8...G.8...d.8.....8...0.8.................J.....J.....J...).J...1.J...9.J...A.J...I.J...Q.J.......................#.....+.....3.@...;.T...C.....K.......................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de\UIAutomationTypes.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):18696
            Entropy (8bit):6.4740999787677715
            Encrypted:false
            SSDEEP:
            MD5:CB9FB8638BFADC9FF8DC0B8D20BC1506
            SHA1:D3F1193637431E55BDEC09976555BEB1E92556BE
            SHA-256:8D7C045EF96BF53ED8FD16861B1ED44E09B8C7C5BABD53487AFB30C37425ABA7
            SHA-512:F6DC95D6ADDC65D377615083E2811913C8CD202635C79CBA67B9C151163FB71EAA12311DE15807E0AD8EA173C3010203EB7D242FDEF0EAB3C54AEC806D78C678
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...._............" ..0..............4... ...@....... ...............................c....@.................................|4..O....@..|............ ...)...`......`4............................................... ............... ..H............text........ ...................... ..`.rsrc...|....@......................@..@.reloc.......`......................@..B.................4......H.......P ..@............%..P....3......................................BSJB............v4.0.30319......l...0...#~..........#Strings....x.......#US.|.......#GUID...........#Blob......................3..................................................`.....`.....M...........5.....5...G.5...d.5.....5...0.5.................G.....G.....G...).G...1.G...9.G...A.G...I.G...Q.G.......................#.....+.....3.@...;.T...C.....K.......................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de\WindowsBase.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):91424
            Entropy (8bit):5.49214071328584
            Encrypted:false
            SSDEEP:
            MD5:25432A8A35946099BB0864EE1658B1B2
            SHA1:83D88F3E18208BBBB7D2DC2E15569593F2A9B3FB
            SHA-256:5D314C117CE32D39FA4CF5B9F8ADB558B2D97C6C34A12F0CE00A985E62434997
            SHA-512:CE72795828883C11765D4B29D0652304F35776E03DEB7A5FB97E57E6C58578C9D3A69F29D0A4B2EBC1144225363ACEC4C40BD95AF0176DF9D4D1360EE8AA0776
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...+.g..........." ..0..2..........zQ... ...`....... ...............................&....@.................................(Q..O....`..L............<.. )...........Q............................................... ............... ..H............text....1... ...2.................. ..`.rsrc...L....`.......4..............@..@.reloc...............:..............@..B................\Q......H.......P ..$...........t%...+...P......................................BSJB............v4.0.30319......l...0...#~..........#Strings....d.......#US.h.......#GUID...x.......#Blob......................3..................................................Z.....Z.....G.........../...../...G./...d./...../...0./.................A.....A.....A...).A...1.A...9.A...A.A...I.A...Q.A.......................#.....+.....3.@...;.T...C.....K.....................................................z.

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\de\WindowsFormsIntegration.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):16176
            Entropy (8bit):6.768966039610907
            Encrypted:false
            SSDEEP:
            MD5:4C2BE3122E6A12B0836FCFC8A107F5B4
            SHA1:300551F978AE7F2417883D448FFCC3FF3BCBB15F
            SHA-256:491DA52190169BD034975E76C81D1A92F01B4B99E95E63B62F6198E10F589288
            SHA-512:7B21E504505CBDE0BC3F5AEB1A587400A131EC51A12A421C84486BCACCEF81D5F06898276894FCA617DE7C9C809ACAB8C56AA1B37F73F81C74DBDB27E6E4B935
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...b............." ..0.............r+... ...@....... ..............................<.....@................................. +..O....@..................0)...`.......+............................................... ............... ..H............text...x.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................T+......H.......P ..T............%.......*......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................f.....f.....S...........;.....;...G.;...d.;.....;...0.;.................M.....M.....M...).M...1.M...9.M...A.M...I.M...Q.M.......................#.....+.....3.@...;.T...C.....K.......................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es\Microsoft.VisualBasic.Forms.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):25912
            Entropy (8bit):6.320520829564289
            Encrypted:false
            SSDEEP:
            MD5:4C78ED6995DDE401F302A832ED69F4BB
            SHA1:F2D7A6E5A2138DBD9CA9B75FB453FF08520B6C69
            SHA-256:53578BEECB8FB12F3407C88E2F66808DA8433D04B157C26CA68A1A2850D8B147
            SHA-512:5F19B73843BED21ADA398E6D3CD24234B167A2C56A382B7FD7BFCC504BAB96132E67085DDB4761E132E2287195973CBC89A4322A497352F3A1B0B20DEBAF19C1
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....L............" ..0..2...........P... ...`....... ....................................@..................................P..O....`...............<..8)..........dP............................................... ............... ..H............text....0... ...2.................. ..`.rsrc........`.......4..............@..@.reloc...............:..............@..B.................P......H.......P ..............d&...)...O......................................BSJB............v4.0.30319......l...\...#~......x...#Strings....@.......#US.D.......#GUID...T.......#Blob......................3....................................../.......................q...f.......Y.....Y.....Y...D.Y...a.Y.....Y...-.Y.................k.....k.....k...).k...1.k...9.k...A.k...I.k...Q.k...Y.k.......................#.....+.....3.@...;.a...C.u...K.....S.@...................@.r.............

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es\PresentationCore.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):110344
            Entropy (8bit):5.364882789203223
            Encrypted:false
            SSDEEP:
            MD5:D0C253776C2C851EC059EBA27A4CF57A
            SHA1:3D380B9B4696A2220A546C98BF218B1F442FCEB3
            SHA-256:ACACA037B6B61C5DBD499854A2C4B7AB9FF20700FCABEDE6049C489633D81153
            SHA-512:619800C52B43E90C0C68E230BB929D8A1566B7CCE6EC262776170C0E879890DD3FBB702810801DCFC12179DC0B64E9D9B740C87E85994B083F67BC7BE4D922DA
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..|............... ........... ..............................}.....@.................................D...O.......|................)..........(................................................ ............... ..H............text....z... ...|.................. ..`.rsrc...|............~..............@..@.reloc..............................@..B................x.......H.......P ..8............%.. t..........................................BSJB............v4.0.30319......l...0...#~..........#Strings....p.......#US.t.......#GUID...........#Blob......................3..................................................\.....\.....I...........1.....1...D.1...a.1.....1...-.1.................C.....C.....C...).C...1.C...9.C...A.C...I.C...Q.C.......................#.....+.....3.@...;.T...C.....K.....................|.................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es\PresentationFramework.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):203528
            Entropy (8bit):5.203433477762658
            Encrypted:false
            SSDEEP:
            MD5:5F8A08C732FCDB9AF76B6FE8A0EBC648
            SHA1:07BA443CFE97CB4E63545347B8153EA0EDC33DFF
            SHA-256:DDBD06F1B4EAD097C752DB1C364CE30C983AC73585C3183809A57F912D38F7EE
            SHA-512:C30D62EDBA5518BECB27E5C9B7009D548F4D3183220F82564C578CDD74DFE80DC691D0AE5D9B1F66BADA0FF83D0C6B387E4CE3674C3E956351CBD646DE388F79
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...).@..........." ..0.............2.... ... ....... .......................`............@.....................................O.... ...................)...@....................................................... ............... ..H............text...8.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H.......P ..L............%......D.......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................a.....a.....N...........6.....6...D.6...a.6.....6...-.6.................H.....H.....H...).H...1.H...9.H...A.H...I.H...Q.H.......................#.....+.....3.@...;.T...C.....K.......................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es\PresentationUI.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):45832
            Entropy (8bit):5.642344627539478
            Encrypted:false
            SSDEEP:
            MD5:69162668617F935A3AE8218A96AEB306
            SHA1:81BEA86C59609BB7B93621611BB77688B299FF89
            SHA-256:DFC65C47A057CF76751FF8542EBE9930F107557DC842C56F32C1194071CBFAD0
            SHA-512:372C7C416BF6BF08B977299131B4DF032655A454334474A0659EB7B569BA89F8E222E1B93D79064685EF963BD2103E0111E0F5986EE1EE4AF3868C3FDF288035
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...1............" ..0.............n.... ........... ...............................s....@.....................................O.......l................)........................................................... ............... ..H............text...t~... ...................... ..`.rsrc...l...........................@..@.reloc..............................@..B................P.......H.......P ..0............%...x..........................................BSJB............v4.0.30319......l...0...#~..........#Strings....l.......#US.p.......#GUID...........#Blob......................3..................................................Z.....Z.....G.........../...../...D./...a./...../...-./.................A.....A.....A...).A...1.A...9.A...A.A...I.A...Q.A.......................#.....+.....3.@...;.T...C.....K.....................z.................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es\ReachFramework.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):39712
            Entropy (8bit):5.802424801855632
            Encrypted:false
            SSDEEP:
            MD5:DFC44E941B2DC530B167C76879D82870
            SHA1:A86A0D80D186A1B35CEA21236137DE29C66CF62B
            SHA-256:BFEDAB2783CDD3BAF61BC5F2983F952AEA7EAF06302FCEC41C6BABE469EF798D
            SHA-512:F95A5D725D6BE8EA8EA7BD37030A5A695B71F70897BA6FC918C1501E08F4BBE53606DE28F26F750D870845EF92C26E71318FD7780A25A782DDD4BEF2EC6E03D7
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..h............... ........... ....................................@.....................................O.......l............r.. )........................................................... ............... ..H............text....f... ...h.................. ..`.rsrc...l............j..............@..@.reloc...............p..............@..B.......................H.......P ..X............%..``..........................................BSJB............v4.0.30319......l...<...#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................Z.....Z.....G.........../...../...D./...a./...../...-./.................A.....A.....A...).A...1.A...9.A...A.A...I.A...Q.A.......................#.....+.....3.@...;.T...C.....K.....................z.................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es\System.Windows.Controls.Ribbon.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):18728
            Entropy (8bit):6.561913568875406
            Encrypted:false
            SSDEEP:
            MD5:5431D2ABA4DA16873544678A6E8E2D84
            SHA1:E21D1F9CC4D46AB3B280F6BDE290AC1BB54F1B3C
            SHA-256:DAC1C429B13C314F3A0734906EC76CFCFD0F057A636E118897BA2A7878F72FEA
            SHA-512:E2FF5777ABC5818A7CA269173512AD887B9E9A78F9248CE87C048BD129402ABBC2FB637EEFA0676584AB46A707D9EFDAFDC378591573C70B0BCFEE194ADBA9AC
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....FR..........." ..0.............N5... ...@....... ....................................@..................................4..O....@............... ..()...`.......4............................................... ............... ..H............text...T.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................05......H.......P ..............0%..0...`4......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID.......0...#Blob......................3..................................................j.....j.....W...........?.....?...D.?...a.?.....?...-.?.................Q.....Q.....Q...).Q...1.Q...9.Q...A.Q...I.Q...Q.Q......./.....8.....W...#.`...+.{...3.....;.....C.....K.......................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es\System.Windows.Forms.Design.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):149800
            Entropy (8bit):5.411751846849194
            Encrypted:false
            SSDEEP:
            MD5:BC0756D08E91784982C8118BCE92525B
            SHA1:A780976352DFF8F8E31BB462AD392F6386DB8184
            SHA-256:92F623B12773D20585B180DBA766936788F6ABECFD60FE29F8D462FE394A8D96
            SHA-512:12051847C48A4D513501900F75935194A0BA60D0347FE301DE5AFB8C541E68E1371C572DC56C2C52F11F70E14B8FFCE3CDAE67BCA34E3C44C792A5A70839D125
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....&............" ..0.............f4... ...@....... ..............................(.....@..................................4..O....@............... ..()...`.......3............................................... ............... ..H............text...l.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................H4......H.......P ..............h'......x3......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID.......0...#Blob......................3....................................../.......................q...........Y.....Y.....Y...D.Y...a.Y.....Y...-.Y.................k.....k.....k...).k...1.k...9.k...A.k...I.k...Q.k...Y.k......./.....8.....W...#.`...+.{...3.....;.....C.....K.....S.....................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es\System.Windows.Forms.Primitives.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):16176
            Entropy (8bit):6.744499488463166
            Encrypted:false
            SSDEEP:
            MD5:BF846DBDB7D4A196192F1D6A9186E5FF
            SHA1:CD742ED0061C0ADBEBA44B1F96022292CB17A8F2
            SHA-256:DBD766E2EA697CE5F51B8CE6790BE76D955E2FABEF259B31B050511DEEDBDCBA
            SHA-512:45C638F607AD2A6820EB2ED1B43E578AC72EFABB9D82CEE51F55F3112AB1B9F09964C951F6137A35E573D069ED06E3C57051FF7E2BB04BB87BEED1A175B77F94
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...3!$..........." ..0..............+... ...@....... ...............................i....@.................................0+..O....@..................0)...`.......+............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................d+......H.......P ..............d%..0....*......................................BSJB............v4.0.30319......l...D...#~..........#Strings............#US.........#GUID.......4...#Blob......................3....................................../.......................u...........].....].....]...D.]...a.].....]...-.].................o.....o.....o...).o...1.o...9.o...A.o...I.o...Q.o...Y.o......./.....8.....W...#.`...+.{...3.....;.....C.....K.....S.....................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es\System.Windows.Forms.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):366392
            Entropy (8bit):5.063228456432211
            Encrypted:false
            SSDEEP:
            MD5:DD5B6A8736DF218FE565F250FC405DDD
            SHA1:B81C4B31D8729FC073A4845C0EE1FA0732474F9E
            SHA-256:8781EE6C2BC26F5C0E8D7B5B0BA9CA8BBF4F24663AC8F7285797BA387E52BC4A
            SHA-512:1950D76256E8448CA5FCAEABD14DB50A8B6CB4D18584C0CCCCF59573589152F532FDE4F3EB9AB435EC46C46EA22875478DDD2CFED253F7037B312E0C9F90E94A
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..d..........6.... ........... ....................................@....................................O....................n..8).......................................................... ............... ..H............text...<c... ...d.................. ..`.rsrc................f..............@..@.reloc...............l..............@..B........................H.......P ..P............%...\..H.......................................BSJB............v4.0.30319......l...\...#~......L...#Strings............#US.........#GUID...(...(...#Blob......................3....................................../...........}.....}.....j...:.......R.....R.....R...D.R...a.R.....R...-.R.................d.....d.....d...).d...1.d...9.d...A.d...I.d...Q.d...Y.d......./.....8.....W...#.`...+.{...3.....;.....C.....K.....S.......................F.............

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es\System.Windows.Input.Manipulations.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):16664
            Entropy (8bit):6.679875404767612
            Encrypted:false
            SSDEEP:
            MD5:A23A34F4083E44B08A7DA87FD20CCC5F
            SHA1:3EEC1B921A04A32E2CF76EB9499E5FF72A6EBDE1
            SHA-256:0E8CD0F5852A7959FAFD9FBE2292DE5FF3EFD456C5056DCDA10EDE1BE2FF689C
            SHA-512:978B8E659499631ACC323CA5736F23A11A263C7459BECD935A1FF497B44FEB4883AEFBF2DE441930532EDC1761AE80B9D673463B982ED25B6EE2CD8D84FD0EED
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....A..........." ..0..............,... ...@....... ..............................0.....@..................................,..O....@...................)...`......h,............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................,......H.......P ..............@%.......+......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID.......4...#Blob......................3..................................................n.....n.....[...........C.....C...D.C...a.C.....C...-.C.................U.....U.....U...).U...1.U...9.U...A.U...I.U...Q.U......./.....8.....W...#.`...+.{...3.....;.....C.....K.......................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es\System.Xaml.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):66328
            Entropy (8bit):5.61734928016137
            Encrypted:false
            SSDEEP:
            MD5:D252729E381E8B60BAB6751442A9C0A6
            SHA1:2FF63A7AA83BC52861D9B2279233844D8C7391D2
            SHA-256:96476029DA6C447632F18FC822F8B159C794703310688A01782B091025F3AB47
            SHA-512:836ED211718A6482772A150C5F75F1B2941FF970A107CBC8BC3792777D70D147A8CD64E0F9D13AFC656EBB65D19DAD4FFB66FCCBA82C23DEAAD05C4511781A30
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...N............." ..0.................. ........... .......................@......#)....@.....................................O.......L................)... ....................................................... ............... ..H............text...$.... ...................... ..`.rsrc...L...........................@..@.reloc....... ......................@..B........................H.......P ...............$..P...0.......................................BSJB............v4.0.30319......l...0...#~..........#Strings....`.......#US.d.......#GUID...t.......#Blob......................3..................................................W.....W.....D...........,.....,...D.,...a.,.....,...-.,.................>.....>.....>...).>...1.>...9.>...A.>...I.>...Q.>......./.....8.....W...#.`...+.{...3.....;.....C.....K.....................w.................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es\UIAutomationClient.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):20232
            Entropy (8bit):6.4686056041588955
            Encrypted:false
            SSDEEP:
            MD5:007C7E3FA23D1FEA9527381E53E52AD7
            SHA1:6BABE203E4CB37BF22F3F4FF4406097D433C95B9
            SHA-256:A741C4065A7F7DEB0CD227BD7BDB9F76471421B8E4D9B367C429A6ECBCC15D24
            SHA-512:B5F577E57E20B26BB9F4E793E69E711AAC529065A75E06C98CD0FA77A57677BD35577495635A59B3EB7155BA0B8DA020A01665F1DB2D2D011B3740935AEB9146
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Rr............" ..0.............f:... ...@....... ....................................@..................................:..O....@...............&...)...`.......9............................................... ............... ..H............text...l.... ...................... ..`.rsrc........@......................@..@.reloc.......`.......$..............@..B................H:......H.......P ..@............%......x9......................................BSJB............v4.0.30319......l...0...#~..........#Strings....x.......#US.|.......#GUID...........#Blob......................3..................................................^.....^.....K...........3.....3...D.3...a.3.....3...-.3.................E.....E.....E...).E...1.E...9.E...A.E...I.E...Q.E.......................#.....+.....3.@...;.T...C.....K.....................................................~.

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es\UIAutomationClientSideProviders.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):21280
            Entropy (8bit):6.338591095807786
            Encrypted:false
            SSDEEP:
            MD5:F87CD3AC891E8E8F5EF0F1AAC661A261
            SHA1:CC3B559DF51E5F7AD49665BD847935F97C2086DD
            SHA-256:32C2755E5094FA43D9B0B9923AC3B2CABE3FAEA9A399AA74B49A5418981EBA14
            SHA-512:3CA5C08861E4113A64254F3304D61D41AEEAE10F598F9933E31633D00313720963F6EF98EE8175C84764A79DC3CDFD2A937A3FCF8FDA82DD962357AAED21013D
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.. ...........>... ...@....... ....................................@.................................D>..O....@...............*.. )...`......(>............................................... ............... ..H............text........ ... .................. ..`.rsrc........@......."..............@..@.reloc.......`.......(..............@..B................x>......H.......P ..............0%..x....=......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID.......0...#Blob......................3..................................................k.....k.....X...........@.....@...D.@...a.@.....@...-.@.................R.....R.....R...).R...1.R...9.R...A.R...I.R...Q.R......./.....8.....W...#.`...+.{...3.....;.....C.....K.......................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es\UIAutomationProvider.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):15672
            Entropy (8bit):6.710067906899224
            Encrypted:false
            SSDEEP:
            MD5:1E2BEFE7860972CB91FED32A685C705B
            SHA1:96A2E664261E1235E8259A56A62859A17EDB92A0
            SHA-256:10A59C86DE3615758CD0B58C8D4D636DBB8D850C20EF7B5E1338C43DACE7718A
            SHA-512:EB92D1CA48012E38816C9CE3E530D21A732A04424EFD7AB25BD695222F0AB67A24ADA76A97ED87DDCD4C745F60D5A6DD93D1B79EAC29A8EEB04B0A41BBBD4B96
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....T..........." ..0..............(... ...@....... ....................................@..................................'..O....@..................8)...`.......'............................................... ............... ..H............text...$.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P ..H............%......0'......................................BSJB............v4.0.30319......l...0...#~..........#Strings....|.......#US.........#GUID...........#Blob......................3..................................................`.....`.....M...........5.....5...D.5...a.5.....5...-.5.................G.....G.....G...).G...1.G...9.G...A.G...I.G...Q.G.......................#.....+.....3.@...;.T...C.....K.......................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es\UIAutomationTypes.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):18720
            Entropy (8bit):6.489780585469705
            Encrypted:false
            SSDEEP:
            MD5:7E3802F3B0BBE3BF0B7FB75DF51BCADF
            SHA1:7BDBD805AD4C5C7F0D8C2BD01574B1FF6CD526A7
            SHA-256:B864074F2F22E4A50C1A61539D886A8A47DD2C2E555F3F2F4C3D4D7D1CDC40A5
            SHA-512:4F7798EF4D4AA0170CEEECC923ED033FFEDF07BC102F73CA1E50810BC2F4A524437014B9AE38E05920B0653DB903F032D02AB4DF12B00E4B5D547D8CB5158DB4
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....$..........." ..0..............5... ...@....... ....................................@..................................4..O....@..|............ .. )...`.......4............................................... ............... ..H............text... .... ...................... ..`.rsrc...|....@......................@..@.reloc.......`......................@..B.................4......H.......P ..<............%......,4......................................BSJB............v4.0.30319......l...0...#~..........#Strings....t.......#US.x.......#GUID...........#Blob......................3..................................................].....].....J...........2.....2...D.2...a.2.....2...-.2.................D.....D.....D...).D...1.D...9.D...A.D...I.D...Q.D.......................#.....+.....3.@...;.T...C.....K.....................................................}.

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es\WindowsBase.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):89864
            Entropy (8bit):5.397707224705379
            Encrypted:false
            SSDEEP:
            MD5:066ABD7DE543A772314E53D9C4EF31FD
            SHA1:52FA8C2311CAB72BC228CAA181FDF6031A358C9F
            SHA-256:975D37C6B9935DEBB163DA4F63AD4CC9C4C4E06515964ED07C5D75AAD7035BD0
            SHA-512:D95AC2F4B59E9C323B64A0716707E367DBE56366165AF40C2DCE7C5B71AF636CFEA0258386044F9E41BF30C1B8E0D79BE649A9C4F6FD3DC4462515475896B5D7
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...4.k..........." ..0..,...........K... ...`....... ...................................@..................................J..O....`..L............6...)...........J............................................... ............... ..H............text....+... ...,.................. ..`.rsrc...L....`......................@..@.reloc...............4..............@..B.................J......H.......P .. ...........p%...$...J......................................BSJB............v4.0.30319......l...0...#~..........#Strings....`.......#US.d.......#GUID...t.......#Blob......................3..................................................W.....W.....D...........,.....,...D.,...a.,.....,...-.,.................>.....>.....>...).>...1.>...9.>...A.>...I.>...Q.>.......................#.....+.....3.@...;.T...C.....K.....................w.................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\es\WindowsFormsIntegration.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):16184
            Entropy (8bit):6.74225602728849
            Encrypted:false
            SSDEEP:
            MD5:91DCD3E636CBC7634BA89B6D5CE55A5F
            SHA1:214350224D2DFFC49C396C61452509857B4D73B5
            SHA-256:13E851C6268A03C1DFB235FD2A6E10A4EE5BE111C0A4909AC07F8119174E26F2
            SHA-512:0CB269E50FF8FF8AC36A0E7E1984A364EA949B41E532D5A75F9AE45272E324CF787C824AB3B2E1889EFAB8709DD6EF2137CF74B833A708C7A511B392A3BA7F1D
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....>..........." ..0..............+... ...@....... ....................................@..................................*..O....@..................8)...`.......*............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P ..P............%......(*......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................c.....c.....P...........8.....8...D.8...a.8.....8...-.8.................J.....J.....J...).J...1.J...9.J...A.J...I.J...Q.J.......................#.....+.....3.@...;.T...C.....K.......................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr\Microsoft.VisualBasic.Forms.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):25896
            Entropy (8bit):6.348681170461997
            Encrypted:false
            SSDEEP:
            MD5:D3FB0D42AC7A4D31E8F2F635E0407AF1
            SHA1:980EE8F86002289BC9AB70D956587E9C67497D03
            SHA-256:8678D1A1299D20642055B74A8E5A44DC62AE8EF1854AE6DF2AD7714DFD7BBCC2
            SHA-512:D81B433101A942542302F5C3D65A2DDE0E773B865A81CA9A08445EEAEF772E1C849F25891466931ECA110C0775849D30B2640E7E2E0EA190D4F65103EE92091A
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....L............" ..0..2..........JQ... ...`....... ...............................E....@..................................P..O....`...............<..()...........P............................................... ............... ..H............text...P1... ...2.................. ..`.rsrc........`.......4..............@..@.reloc...............:..............@..B................,Q......H.......P ..............d&...)..\P......................................BSJB............v4.0.30319......l...\...#~......x...#Strings....@.......#US.D.......#GUID...T.......#Blob......................3....................................../.......................t...i.......Y.....Y.....Y...D.Y...a.Y.....Y...-.Y.................n.....n.....n...).n...1.n...9.n...A.n...I.n...Q.n...Y.n.......................#.....+.....3.@...;.a...C.u...K.....S.@...................C.k.............

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr\PresentationCore.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):113424
            Entropy (8bit):5.3984139557746476
            Encrypted:false
            SSDEEP:
            MD5:95BB320960FD040AC3D21A2D3DB910CF
            SHA1:CFBC11544ADC4BBF67926E25638C0749EA6362CE
            SHA-256:C81A21127232561A3F751FD19BD5D95069043106AB56567E0CE0136C3398AF91
            SHA-512:93EA5FEE91D9AF7E85D0826198200B007713BAE2071C171EA948CEF2273F7433E9D184F24B0FF38E01E9C9DD844755621E9E1A3B067D2945D1095BD4C0A66C6E
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...1............" ..0.............j.... ........... ...............................[....@.....................................O.......|................)........................................................... ............... ..H............text...p.... ...................... ..`.rsrc...|...........................@..@.reloc..............................@..B................L.......H.......P ..<............%......|.......................................BSJB............v4.0.30319......l...0...#~..........#Strings....t.......#US.x.......#GUID...........#Blob......................3.................................................._....._.....L...........1.....1...D.1...a.1.....1...-.1.................F.....F.....F...).F...1.F...9.F...A.F...I.F...Q.F.......................#.....+.....3.@...;.T...C.....K.......................C...............................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr\PresentationFramework.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):207128
            Entropy (8bit):5.268318228101731
            Encrypted:false
            SSDEEP:
            MD5:BCBA06818B6EF5016FB19C91B8736870
            SHA1:E743148C130DE3AFA8F66FFE338636D1FF7F9C4C
            SHA-256:2EAF5C33BA68C4C453835EE9D3D29F9597DBEE470F2ACF03CD4C9F0EA6523B4E
            SHA-512:5D6A3418926494B633844A9DA970460BA8B642DB23374167DCC68D974B438170C119CA85C748C12AD900AF2922D609047562C6A908D0E48D43630F0DB1643662
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.................. ... ....... .......................`......h'....@.................................t...O.... ...................)...@......X................................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H.......P ..P............%..8...........................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................d.....d.....Q...........6.....6...D.6...a.6.....6...-.6.................K.....K.....K...).K...1.K...9.K...A.K...I.K...Q.K.......................#.....+.....3.@...;.T...C.....K.......................H...............................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr\PresentationUI.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):46856
            Entropy (8bit):5.697405540532719
            Encrypted:false
            SSDEEP:
            MD5:EC4D58C2DC2309B8D424ED8B214B6576
            SHA1:661041759A7F48AA97667EF20C31E926250B7FD5
            SHA-256:A3EEA22285ECD801E49D880F4BB5A6773CDDB12F79F5067FEEE5C9AAD438C41A
            SHA-512:2932819FA3A50C41CCB72A6CAB0CF621EFCF948C258D339F2003A3A4AC5C0BF25F205CF03517EBB9049D9846471935E83F24F3FB29F3276737E5A4AFA685CB4D
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...#g............" ..0.................. ........... ..............................N.....@.................................T...O.......l................)..........8................................................ ............... ..H............text........ ...................... ..`.rsrc...l...........................@..@.reloc..............................@..B........................H.......P ..0............%..8}..........................................BSJB............v4.0.30319......l...0...#~..........#Strings....l.......#US.p.......#GUID...........#Blob......................3..................................................].....].....J.........../...../...D./...a./...../...-./.................D.....D.....D...).D...1.D...9.D...A.D...I.D...Q.D.......................#.....+.....3.@...;.T...C.....K.....................}.A...............................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr\ReachFramework.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):40216
            Entropy (8bit):5.8332365983336505
            Encrypted:false
            SSDEEP:
            MD5:3976C6BBE0A193E0B1DFEB9A98814089
            SHA1:861D06E6CE6355432C0C78CE0809495866B994DE
            SHA-256:6C0904EEA7D292C5FF39AE631B79221B4592408197CD8C23D227E22EC2C08014
            SHA-512:6F2A9404C6ECA3F0865B6F7428CB496FF6CE0BD5C4548C83FA523617483E3C088B74050B444FD431674A487F9CF74CF0F2FD086205501579088D6AE213CBB060
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...m............" ..0..j..........b.... ........... ....................................@.....................................O.......l............t...).......................................................... ............... ..H............text...hi... ...j.................. ..`.rsrc...l............l..............@..@.reloc...............r..............@..B................D.......H.......P ..\............%...b..t.......................................BSJB............v4.0.30319......l...<...#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................].....].....J.........../...../...D./...a./...../...-./.................D.....D.....D...).D...1.D...9.D...A.D...I.D...Q.D.......................#.....+.....3.@...;.T...C.....K.....................}.A...............................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr\System.Windows.Controls.Ribbon.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):18744
            Entropy (8bit):6.56531888092451
            Encrypted:false
            SSDEEP:
            MD5:482AA934307BC06AB866B14AAC2908AF
            SHA1:A28DAE7D3AB1B1A9B477A9A7BE4A6D812E0C786C
            SHA-256:5CF5B438508107A002DB715024FB33CDE88741F2479AB48F551445EC5615E79D
            SHA-512:248006C4313A8EFDA79A7B0C85F99D6FED6893B9CFFB0E7434EBD0633A4D42469FF5272A888EA8663C92852B9C1CEBF4041581DEED63DDD6E9A8B7F087453112
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..............4... ...@....... ...............................'....@..................................4..O....@............... ..8)...`.......4............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................4......H.......P ..............0%.......4......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID.......0...#Blob......................3..................................................m.....m.....Z...........?.....?...D.?...a.?.....?...-.?.................T.....T.....T...).T...1.T...9.T...A.T...I.T...Q.T......./.....8.....W...#.`...+.{...3.....;.....C.....K.......................Q...............................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr\System.Windows.Forms.Design.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):150320
            Entropy (8bit):5.445583161830116
            Encrypted:false
            SSDEEP:
            MD5:FBB114249A07BCF32AAA22D5CABEBCF0
            SHA1:48172671480D3E067928D804B9D742B445945E16
            SHA-256:B592E5E6AEE9DC9537644AB67892454BFD06E2B04AD068A2D1BC30B3D4B475F7
            SHA-512:1A6F8F8B41C44D572FC61BCA63E73A08CF23AA5E17999FE3AE2C1194570D62498907FAC2C0D89FB4D1B0248CBD542091F1EA3C551859573225E2EB4E5530882A
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....D............" ..0..............7... ...@....... ....................................@..................................7..O....@..............."..0)...`......t7............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`....... ..............@..B.................7......H.......P ..............l'.......6......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID.......0...#Blob......................3....................................../.......................t...........Y.....Y.....Y...D.Y...a.Y.....Y...-.Y.................n.....n.....n...).n...1.n...9.n...A.n...I.n...Q.n...Y.n......./.....8.....W...#.`...+.{...3.....;.....C.....K.....S.......................k.............

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr\System.Windows.Forms.Primitives.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):16168
            Entropy (8bit):6.750755863502199
            Encrypted:false
            SSDEEP:
            MD5:2E54FC56BCC012B20F861150673582B0
            SHA1:D00D254FACE4053263CE0195D4F29A521414CE25
            SHA-256:DA2A5860BB0B7A9606929B0124A8F594869FEEB926F581807FCCE7133C2F6BE3
            SHA-512:F9BF9A8377D5B749278454E58A3DD41A7C55BB88585F6D1AC3D5567D3C041F5819DC9D1C8BA96CF97C90B22CABE8E44F28363591A083C76559FF097BB771A6B9
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...-............." ..0..............+... ...@....... ....................................@.................................D+..O....@..................()...`......(+............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................x+......H.......P ..............h%..@....*......................................BSJB............v4.0.30319......l...D...#~...... ...#Strings............#US.........#GUID.......4...#Blob......................3....................................../.......................x...........].....].....]...D.]...a.].....]...-.].................r.....r.....r...).r...1.r...9.r...A.r...I.r...Q.r...Y.r......./.....8.....W...#.`...+.{...3.....;.....C.....K.....S.......................o.............

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr\System.Windows.Forms.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):373048
            Entropy (8bit):5.145701380966742
            Encrypted:false
            SSDEEP:
            MD5:820C0F238ADCA2315C5F4F5DEC69C3AF
            SHA1:4C4634D9E340EA1A6E8F25127F9D57D3138A02EA
            SHA-256:92B230AB00171DE7422FA2AA31A5DB4C2306CCC8CB27EE09A382527078A83458
            SHA-512:FBF598EAF5A6677304C869CF27B71D2FF1207299866B31B24FE0AB4A2A5578360E6B960B0AEB26A0B7820BC04C614D49907BD061C64B841A33BFACE7EC07247A
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....4..........." ..0..~..........^.... ........... ....................................@.....................................O.......................8).......................................................... ............... ..H............text...d|... ...~.................. ..`.rsrc...............................@..@.reloc..............................@..B................@.......H.......P ..P............%...u..p.......................................BSJB............v4.0.30319......l...\...#~......L...#Strings............#US.........#GUID...(...(...#Blob......................3....................................../.......................m...=.......R.....R.....R...D.R...a.R.....R...-.R.................g.....g.....g...).g...1.g...9.g...A.g...I.g...Q.g...Y.g......./.....8.....W...#.`...+.{...3.....;.....C.....K.....S.......................d.............

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr\System.Windows.Input.Manipulations.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):16656
            Entropy (8bit):6.710396989938854
            Encrypted:false
            SSDEEP:
            MD5:C0CAC60CB3EC5E9BE51E1D307A3B0A67
            SHA1:990380D6B176DEE9B791B97EDEA5D56282E978E8
            SHA-256:C78E8B760ABF4BE088EBAEFDD7ABF9148D05B59860AE1FAF59210999002FF401
            SHA-512:67700BCDBEF3BB4F2AB664682C19C1950FAACFF4F3ADCAAAB1C870B8FFA26B65587C24659149AC1AA9B6F1D0FB0F117186DEB53E8DEDAACCD0A3CF3AACC59FC0
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.............6-... ...@....... ..............................!.....@..................................,..O....@...................)...`.......,............................................... ............... ..H............text...<.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................-......H.......P ..............@%......H,......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID.......4...#Blob......................3..................................................q.....q.....^...........C.....C...D.C...a.C.....C...-.C.................X.....X.....X...).X...1.X...9.X...A.X...I.X...Q.X......./.....8.....W...#.`...+.{...3.....;.....C.....K.......................U...............................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr\System.Xaml.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):67384
            Entropy (8bit):5.690104823546399
            Encrypted:false
            SSDEEP:
            MD5:3959D7B51A4C81293C96111365070983
            SHA1:A613420A40A3CCD4FDE953A5E6E849622C3FB525
            SHA-256:CFE10984552D3879FD74F662106FB77BCF0AE9372303139814B05F5504C385DD
            SHA-512:5651827C03B048B4B092116CEE01B0A504DC372F22DE6C2C31D3297ABE93FCFA17188334E3B4E4061B237C99E63B8C3D9F250AD077827B82CF588C5169CDC777
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....?l..........." ..0.................. ........... .......................@............@.................................X...O.......L...............8)... ......<................................................ ............... ..H............text........ ...................... ..`.rsrc...L...........................@..@.reloc....... ......................@..B........................H.......P ...............$..............................................BSJB............v4.0.30319......l...0...#~..........#Strings....d.......#US.h.......#GUID...x.......#Blob......................3..................................................Z.....Z.....G...........,.....,...D.,...a.,.....,...-.,.................A.....A.....A...).A...1.A...9.A...A.A...I.A...Q.A......./.....8.....W...#.`...+.{...3.....;.....C.....K.....................z.>...............................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr\UIAutomationClient.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):20272
            Entropy (8bit):6.511251969511784
            Encrypted:false
            SSDEEP:
            MD5:C54CDB46DF25BE995767265250F67440
            SHA1:BE0FFD380EFC5B2D829AE42DADECE4E2E99BBBCD
            SHA-256:BA93A54F1E100A889A239970D5CEC1765B067478EBEFADBFE0A2C4FCB8092BE9
            SHA-512:0BB58531A91A63CAEE19B283BC1AD7346EBE9319F614B6AEFD3D6E33FC8528D3B5AA83BA12CC29FFE981A71680523E14B8C84320BD1092633B406547AB2B747F
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..............:... ...@....... ....................................@..................................:..O....@...............&..0)...`......p:............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`.......$..............@..B.................:......H.......P ..@............%..`....9......................................BSJB............v4.0.30319......l...0...#~..........#Strings....x.......#US.|.......#GUID...........#Blob......................3..................................................a.....a.....N...........3.....3...D.3...a.3.....3...-.3.................H.....H.....H...).H...1.H...9.H...A.H...I.H...Q.H.......................#.....+.....3.@...;.T...C.....K.......................E...............................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr\UIAutomationClientSideProviders.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):21256
            Entropy (8bit):6.382823328323829
            Encrypted:false
            SSDEEP:
            MD5:095FA78188CC9D52A1DFA43F00484B4E
            SHA1:108A3F280E2101C33231155789707BA95C916381
            SHA-256:396C651F17CD4E6406FF7A3662ED3DBEA24B461E97C55A6FCD6D9359876B3786
            SHA-512:A424EB5098ACC71D360054821BAF8C8B02078A0CC737F757ACDF33FF313A9DAC1A2D38A9760739FB1B04A61CDB08BE2045EDFA96D38854F9A162CDF22E9AA26C
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.. ..........j?... ...@....... ..............................O.....@..................................?..O....@...............*...)...`.......>............................................... ............... ..H............text...p.... ... .................. ..`.rsrc........@......."..............@..@.reloc.......`.......(..............@..B................L?......H.......P ..............4%..H...|>......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID.......0...#Blob......................3..................................................n.....n.....[...........@.....@...D.@...a.@.....@...-.@.................U.....U.....U...).U...1.U...9.U...A.U...I.U...Q.U......./.....8.....W...#.`...+.{...3.....;.....C.....K.......................R...............................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr\UIAutomationProvider.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):15672
            Entropy (8bit):6.702564425433574
            Encrypted:false
            SSDEEP:
            MD5:5578FD05CE7FF4DEDDAD987B382A2DA4
            SHA1:764174B5F4829905FB0E66B7041508404B169CF2
            SHA-256:7F106837B27BD1757A455E5610570C7AE087A27D508559E18FBB33AB59EBC7DB
            SHA-512:ACF8E833686259AC2F091B07BD0A5F2BBB46462A7370155558255BC556BC5BFCD553D3398DF1A06C4C031552AE2D1843D3E772D1842345394D0724AFDDE93930
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....F..........." ..0..............(... ...@....... ...............................G....@..................................'..O....@..................8)...`.......'............................................... ............... ..H............text... .... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......P ..L............%......,'......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................c.....c.....P...........5.....5...D.5...a.5.....5...-.5.................J.....J.....J...).J...1.J...9.J...A.J...I.J...Q.J.......................#.....+.....3.@...;.T...C.....K.......................G...............................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr\UIAutomationTypes.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):18736
            Entropy (8bit):6.48669513668523
            Encrypted:false
            SSDEEP:
            MD5:AD87350830AC567A7C03272FD76A7945
            SHA1:96A315709FFE51E9F2FC7A9E9D3D240A59FAA776
            SHA-256:88D8BFEE5677AA39E88CC0DBC554B49B05369DCE01EA32D3FC3A96C47672472C
            SHA-512:12F5EB8ED1C9C702F377C5B72003BA7CEF3C90CE9210D46B76D4A7186B9B35C17153268BB12EB7878A42E732A28964CF54253AE2B3D03EC1C4A640A88C977042
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..............4... ...@....... ..............................*.....@..................................4..O....@..|............ ..0)...`......x4............................................... ............... ..H............text........ ...................... ..`.rsrc...|....@......................@..@.reloc.......`......................@..B.................4......H.......P ..@............%..h....3......................................BSJB............v4.0.30319......l...0...#~..........#Strings....x.......#US.|.......#GUID...........#Blob......................3..................................................`.....`.....M...........2.....2...D.2...a.2.....2...-.2.................G.....G.....G...).G...1.G...9.G...A.G...I.G...Q.G.......................#.....+.....3.@...;.T...C.....K.......................D...............................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr\WindowsBase.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):90928
            Entropy (8bit):5.45997805143496
            Encrypted:false
            SSDEEP:
            MD5:52E677EAC0DBA53DBEBF2A293A2E4B88
            SHA1:E2D73317A5FCDB2A86431FAEF686023A87AB8E99
            SHA-256:AE98E55D3415D1942FB3AC5483C51B0ADBBEFB1512F83C1DDB8BF2ADC4796238
            SHA-512:CF3724B3DD0F009C9997BF63B2E1E83AF88460EB54AC172D11CD6126D2A056D75EC95BD2E9B41D6F82FD1CE7FF7DCABB385F82DBEE109C5F3609923F7346D551
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..0...........N... ...`....... ...............................;....@..................................N..O....`..L............:..0)..........lN............................................... ............... ..H............text........ ...0.................. ..`.rsrc...L....`.......2..............@..@.reloc...............8..............@..B.................N......H.......P ..$...........t%..x(...M......................................BSJB............v4.0.30319......l...0...#~..........#Strings....d.......#US.h.......#GUID...x.......#Blob......................3..................................................Z.....Z.....G...........,.....,...D.,...a.,.....,...-.,.................A.....A.....A...).A...1.A...9.A...A.A...I.A...Q.A.......................#.....+.....3.@...;.T...C.....K.....................z.>...............................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\fr\WindowsFormsIntegration.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):16176
            Entropy (8bit):6.765738987598005
            Encrypted:false
            SSDEEP:
            MD5:1F4C751EDE923E869113D46A3F25AB0F
            SHA1:BB70BC66E16742CDBD518FB15E18A729F13A33D2
            SHA-256:E70DBE710EAEE1CCB4647C51C427A4A4C1787179DE3D84276DAB96C4809BF61B
            SHA-512:DC0EAFB6940E53FD7BD474BD001BEC1B788AD5E7E86623D401223AF3E770D9F4D9506A46B8E8D12C557C89318CADBD8DD68290AEBDDD1506317FDB2E54A77B03
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...E............." ..0.............r+... ...@....... ..............................R@....@................................. +..O....@..................0)...`.......+............................................... ............... ..H............text...x.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................T+......H.......P ..T............%.......*......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................f.....f.....S...........8.....8...D.8...a.8.....8...-.8.................M.....M.....M...).M...1.M...9.M...A.M...I.M...Q.M.......................#.....+.....3.@...;.T...C.....K.......................J...............................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it\Microsoft.VisualBasic.Forms.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):25896
            Entropy (8bit):6.286783910646218
            Encrypted:false
            SSDEEP:
            MD5:BEA722E16381615656E92D7C06FB7DFD
            SHA1:071DCAC978459083A618274510CD66ECCA6A96C1
            SHA-256:1C4D38071A09F5E5FE6FE069BEFA6AF29B0B6B0469416E2C82F0F479EF3FEF4F
            SHA-512:2D2074501C22EBECC24B1D893CE7A1D99F1D43215E690F2D4A53DCB32B5BCDBD2024288B7FA8F8D0FD83F330B31974C9312E15E52C0470E2C92660A83E9EF341
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..............." ..0..2.........."P... ...`....... ..............................a.....@..................................O..O....`...............<..()...........O............................................... ............... ..H............text...(0... ...2.................. ..`.rsrc........`.......4..............@..@.reloc...............:..............@..B.................P......H.......P ..............d&...(..4O......................................BSJB............v4.0.30319......l...\...#~......x...#Strings....@.......#US.D.......#GUID...T.......#Blob......................3....................................../.......................q...f.......Y.....Y.....Y...D.Y...a.Y.....Y...-.Y.................k.....k.....k...).k...1.k...9.k...A.k...I.k...Q.k...Y.k.......................#.....+.....3.@...;.a...C.u...K.....S.@.....................u.............

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it\PresentationCore.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):111920
            Entropy (8bit):5.3471971732097465
            Encrypted:false
            SSDEEP:
            MD5:F9D7B8C7FE1BBF469D4BFBACCC36FC4F
            SHA1:B5C24B9CD90CAEB5852070A77174E3C341D0FB01
            SHA-256:D39B946AC0B58F822C98498719E88B500D24398AEAF22A4FF5015C6A421DDCFF
            SHA-512:BA2ACB7F0EDEF69A3AF949F74C7FFDAECED2AE777BB84F7539DB8A51E678BFFCF843248090E89A21BEDBA9EC2B92D131B38DB8D592A4213DA20ADFCD2C01160D
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....#............" ..0.................. ........... ...............................]....@.....................................O.......|...............0)........................................................... ............... ..H............text........ ...................... ..`.rsrc...|...........................@..@.reloc..............................@..B.......................H.......P ..<............%...y..........................................BSJB............v4.0.30319......l...0...#~..........#Strings....t.......#US.x.......#GUID...........#Blob......................3..................................................\.....\.....I...........1.....1...D.1...a.1.....1...-.1.................C.....C.....C...).C...1.C...9.C...A.C...I.C...Q.C.......................#.....+.....3.@...;.T...C.....K.....................|.................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it\PresentationFramework.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):206120
            Entropy (8bit):5.209999530675242
            Encrypted:false
            SSDEEP:
            MD5:E5BCBFF309107E5B44219B159D522BF7
            SHA1:7D078B90BEFC48E3C0B81856AFAD94FABFE56DC9
            SHA-256:28BC6E945DEAF3DB473A771F75B8848A446B3275E2BD8C9FBE57DCE74D92E855
            SHA-512:3228057AFDFAA2623A048A97C7CA7D561AE215B4E05825F4DB60E1879F7EC0AA23BB8E153F261AF5A48864FDBB8F4BADB341354345A25886B3795C6036B031CA
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Q?..........." ..0.................. ... ....... .......................`.......6....@.....................................O.... ..................()...@....................................................... ............... ..H............text...$.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H.......P ..P............%......0.......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................a.....a.....N...........6.....6...D.6...a.6.....6...-.6.................H.....H.....H...).H...1.H...9.H...A.H...I.H...Q.H.......................#.....+.....3.@...;.T...C.....K.......................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it\PresentationUI.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):45880
            Entropy (8bit):5.642939299006571
            Encrypted:false
            SSDEEP:
            MD5:DED67B864302579DD9930BE19EB1872E
            SHA1:D7E073F5CA9A16F7643FD3A89BF68F7C38DD1B03
            SHA-256:9BE10FD7B81112CF83097493AA440B53044AF4217B596BC7747B5CFA68C73917
            SHA-512:A12BEEA1B21C91AD64484A1E2A88BF1B653CCDB4A79BC1B072D187984C5CD6F48436F909CD411E778805DFA704537ECA66367EA455EA64BB583DBC13E9C8B2A6
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.................. ........... ....................................@.................................d...O.......l...............8)..........H................................................ ............... ..H............text....~... ...................... ..`.rsrc...l...........................@..@.reloc..............................@..B........................H.......P ..0............%..Hx.........................................BSJB............v4.0.30319......l...0...#~..........#Strings....l.......#US.p.......#GUID...........#Blob......................3..................................................Z.....Z.....G.........../...../...D./...a./...../...-./.................A.....A.....A...).A...1.A...9.A...A.A...I.A...Q.A.......................#.....+.....3.@...;.T...C.....K.....................z.................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it\ReachFramework.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):39688
            Entropy (8bit):5.796713806630619
            Encrypted:false
            SSDEEP:
            MD5:652D847DA0E686C81158B4B5D5FFA21A
            SHA1:E5D8A25FD5873636760003A03A208E5866943FC8
            SHA-256:FD73ACB018AF2A07A72FC191C6FB05EE961CDA3071473FA2E2002918E361A189
            SHA-512:905B4734763BFF60E0D049430E63908E4B7CF381926AEC8A2051CB9F8F77E515079E8EB6B3AC4FFFB012D078C7883BB75BF913C45D8F981E6DC3B331DB606479
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....%..........." ..0..h............... ........... ...............................s....@.....................................O.......l............r...)........................................................... ............... ..H............text....g... ...h.................. ..`.rsrc...l............j..............@..@.reloc...............p..............@..B.......................H.......P ..\............%..p`..........................................BSJB............v4.0.30319......l...<...#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................Z.....Z.....G.........../...../...D./...a./...../...-./.................A.....A.....A...).A...1.A...9.A...A.A...I.A...Q.A.......................#.....+.....3.@...;.T...C.....K.....................z.................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it\System.Windows.Controls.Ribbon.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):18712
            Entropy (8bit):6.546515619793568
            Encrypted:false
            SSDEEP:
            MD5:F96B575064A2C184879A47CDAADCBA4F
            SHA1:A9E56706533A4BC2D22FFA18FECA9C65ACEF1CF1
            SHA-256:7687A88A17E5B90A760EB46F6B841EA41ACAD37679FC25EE1214F9C5C1FA2F73
            SHA-512:4BEBB88F7EBA886E586EBAA74C32243CBBBE5A01AF193CA3B094D38FDD51250BCED5E3A2496CFE121AF29F6A4F42076A5CDD1C48A0C35BE35C858E81342DED25
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..............4... ...@....... ...............................]....@..................................4..O....@............... ...)...`......h4............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................4......H.......P ..............0%.......3......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID.......0...#Blob......................3..................................................j.....j.....W...........?.....?...D.?...a.?.....?...-.?.................Q.....Q.....Q...).Q...1.Q...9.Q...A.Q...I.Q...Q.Q......./.....8.....W...#.`...+.{...3.....;.....C.....K.......................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it\System.Windows.Forms.Design.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):150832
            Entropy (8bit):5.405916717020478
            Encrypted:false
            SSDEEP:
            MD5:473015A427A2985908F2151FEEDD21E0
            SHA1:F144EF404913AA83A638D272866168D4914FE924
            SHA-256:78F0AD982DFC53400095806596517FD0400471A74508583FFCD19B4547A428EB
            SHA-512:3068F8223CFC4F66E39FC85A7A9139DCF656C794B11EACB999D5FE226BBFC1E5E4829B97528BAF84A3AB1CE859BD869BC328E6E8CE9DF6D8DFDCBC7889B67F2F
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....3..........." ..0..............8... ...@....... ...............................z....@.................................p8..O....@...............$..0)...`......T8............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......."..............@..B.................8......H.......P ..............l'..h....7......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID.......0...#Blob......................3....................................../.......................q...........Y.....Y.....Y...D.Y...a.Y.....Y...-.Y.................k.....k.....k...).k...1.k...9.k...A.k...I.k...Q.k...Y.k......./.....8.....W...#.`...+.{...3.....;.....C.....K.....S.....................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it\System.Windows.Forms.Primitives.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):16184
            Entropy (8bit):6.734786930730636
            Encrypted:false
            SSDEEP:
            MD5:18AAEB9D36B1999F31F355B82009DAC6
            SHA1:AB13F50DC0B9DAB714551BD3B7578F88F2300A99
            SHA-256:49B15D7FA1CBBEF3B5F13B3BD154ED2962ED46BB25C9FE2F80C999D050BEC2A1
            SHA-512:5B3279EA5793F51B57FFDF93D1C015CBA3B85741A97E0EAC6529A006F9A52B39BE56C9733049935D8BF9D2C271EFBFFB6C310DC962733BDA26AA2E48F1B08365
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...V.w..........." ..0..............+... ...@....... ..............................r{....@.................................<+..O....@..................8)...`...... +............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................p+......H.......P ..............h%..8....*......................................BSJB............v4.0.30319......l...D...#~...... ...#Strings............#US.........#GUID.......4...#Blob......................3....................................../.......................u...........].....].....]...D.]...a.].....]...-.].................o.....o.....o...).o...1.o...9.o...A.o...I.o...Q.o...Y.o......./.....8.....W...#.`...+.{...3.....;.....C.....K.....S.....................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it\System.Windows.Forms.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):368944
            Entropy (8bit):5.057134678237475
            Encrypted:false
            SSDEEP:
            MD5:B6210BBB5F88E10328EF882F905F530D
            SHA1:3ADDE25EAEE9DCF2B2D2447CF111C90C8078AAEF
            SHA-256:F6279ABC2DF21EBB550DD72D7042621D8A612C381A9189574022586D1A38D07C
            SHA-512:CB4E52E40CC48D1F0E0042A363340ABB753A26E3B2D4FE8A55B09BD36A782D8779EF3C384AC9B5B4FABE06AB1517F1F1ABFE4991E3F32BC4B3391DEE95D31488
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...{.3..........." ..0..n............... ........... ...............................9....@.................................T...O....................x..0)..........8................................................ ............... ..H............text....l... ...n.................. ..`.rsrc................p..............@..@.reloc...............v..............@..B........................H.......P ..P............%...f..........................................BSJB............v4.0.30319......l...\...#~......L...#Strings............#US.........#GUID...(...(...#Blob......................3....................................../...........}.....}.....j...:.......R.....R.....R...D.R...a.R.....R...-.R.................d.....d.....d...).d...1.d...9.d...A.d...I.d...Q.d...Y.d......./.....8.....W...#.`...+.{...3.....;.....C.....K.....S.......................I.............

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it\System.Windows.Input.Manipulations.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):16656
            Entropy (8bit):6.683289787365815
            Encrypted:false
            SSDEEP:
            MD5:01ADADF02D5786037F78AA6D2061AD0C
            SHA1:D6225D28995B5D5D075B9827209B7FBCF17E9341
            SHA-256:494D862307B6A77B284767CEDE680F9702CDECEA42FD17A9833DBD255E6108A6
            SHA-512:ADADB331DD9894C9F92B5083EA2B8B2C38C8CADFA83288AD28388F4479C01F5C67293BA4D852202C4221FCDA054DB75EB207EB38F76DAE798BB30C200FC2F022
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...[{............" ..0..............-... ...@....... ....................................@..................................,..O....@...................)...`.......,............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................,......H.......P ..............@%...... ,......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID.......4...#Blob......................3..................................................n.....n.....[...........C.....C...D.C...a.C.....C...-.C.................U.....U.....U...).U...1.U...9.U...A.U...I.U...Q.U......./.....8.....W...#.`...+.{...3.....;.....C.....K.......................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it\System.Xaml.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):66336
            Entropy (8bit):5.636420346356481
            Encrypted:false
            SSDEEP:
            MD5:2B7011580C2708804269424DCB9FC9EA
            SHA1:C3DC3B97F8A3139CD463BD466C4D8DEFD071337F
            SHA-256:5B0F1D3AF37A785FA5E388D8295C075008721B03083F01577E4AB56C2D739925
            SHA-512:16127F7B2DA75A8DDCA17A11408E3410625B8E16B3B843D46D57E171772957D456C8ED97DA22F670BAEB6E495A5DA053195EC6109BB92156F47C74545B64CAD1
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.................. ........... .......................@......CS....@.................................@...O.......L............... )... ......$................................................ ............... ..H............text........ ...................... ..`.rsrc...L...........................@..@.reloc....... ......................@..B................t.......H.......P ...............$..............................................BSJB............v4.0.30319......l...0...#~..........#Strings....d.......#US.h.......#GUID...x.......#Blob......................3..................................................W.....W.....D...........,.....,...D.,...a.,.....,...-.,.................>.....>.....>...).>...1.>...9.>...A.>...I.>...Q.>......./.....8.....W...#.`...+.{...3.....;.....C.....K.....................w.................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it\UIAutomationClient.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):20240
            Entropy (8bit):6.4953457209883405
            Encrypted:false
            SSDEEP:
            MD5:36F62E486BFD38213067630579A3D4A8
            SHA1:E4A1DF2FA217A851D4EA2F1242ED50F8A6FA0A02
            SHA-256:0722C2F2741783A2CDFF3C30880DFB24A1190593D5E627B131221BEFCA1B0941
            SHA-512:0223D01D45CC3DA04D91FEE6AF144C9D6959D8DD9117A56CFC2F651F4A32E0F1E55A0554714E5984B13A9408319DD40205D784E2C14A4718110A147AD8DDA50B
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...3.X..........." ..0..............:... ...@....... ...............................2....@..................................:..O....@...............&...)...`......x:............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`.......$..............@..B.................:......H.......P ..@............%..h....9......................................BSJB............v4.0.30319......l...0...#~..........#Strings....x.......#US.|.......#GUID...........#Blob......................3..................................................^.....^.....K...........3.....3...D.3...a.3.....3...-.3.................E.....E.....E...).E...1.E...9.E...A.E...I.E...Q.E.......................#.....+.....3.@...;.T...C.....K.....................................................~.

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it\UIAutomationClientSideProviders.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):21256
            Entropy (8bit):6.3524026139349985
            Encrypted:false
            SSDEEP:
            MD5:101F10EA63D54AEB216268360CAF6BFD
            SHA1:C77D3AA8D72FA09683D29C163FCB5B893487F331
            SHA-256:8F5089F347E43C076100D06470F5345036FCC6B15824986B705FB5F449BBDFB1
            SHA-512:C30EA232DE4871539F206EF4B8BA59F18500D849F7FDC60E8BBB66DAE4C1B27D8D3E5A3D8084B301F150DE77740FC4C302E0AC45359C9F8C0353809EFA4D546B
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.. ...........?... ...@....... ...............................M....@..................................>..O....@...............*...)...`.......>............................................... ............... ..H............text........ ... .................. ..`.rsrc........@......."..............@..@.reloc.......`.......(..............@..B.................>......H.......P ..............4%.......>......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID.......0...#Blob......................3..................................................k.....k.....X...........@.....@...D.@...a.@.....@...-.@.................R.....R.....R...).R...1.R...9.R...A.R...I.R...Q.R......./.....8.....W...#.`...+.{...3.....;.....C.....K.......................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it\UIAutomationProvider.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):15624
            Entropy (8bit):6.7025399990987236
            Encrypted:false
            SSDEEP:
            MD5:C112F7FF16838A366B24D6C98DFB3782
            SHA1:C53B677E8B6FC37AA11081B7D326FFE4EBBD0286
            SHA-256:7415ED22ECCCAC19243893D33172A59FA980D7069EFF3835C6BA55091BD855AE
            SHA-512:3E8B0D6F9435B9BA90882E72CC349569521770F93E1722F0062031264E6F72CDFE19B737F48191F411D873B6BBB127343706972A8BCC976CCA7AFECE321BE44A
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...I^............" ..0..............(... ...@....... ....................................@..................................'..O....@...................)...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......P ..L............%.......'......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................`.....`.....M...........5.....5...D.5...a.5.....5...-.5.................G.....G.....G...).G...1.G...9.G...A.G...I.G...Q.G.......................#.....+.....3.@...;.T...C.....K.......................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it\UIAutomationTypes.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):18696
            Entropy (8bit):6.486812768912176
            Encrypted:false
            SSDEEP:
            MD5:7F898FFEB37FD6840661923FDCF8BBC6
            SHA1:68FC4D1B3AD6906C23A8753AA6C82A5DB0B2353F
            SHA-256:75C43AE421BB5847EBC1771D384C17CBF2D0768B1B79DC5B7DE962F5241436AC
            SHA-512:1FB4043E21E39E368777174E1FA5F27425241A97F498B2209AD17DEA00ECCD9325B8C9F6E59BF656A20ECAE5BCBBE82E6247C8C7C1635ACD5C006055C31C6DBE
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...k............." ..0..............5... ...@....... ..............................O.....@..................................4..O....@..|............ ...)...`.......4............................................... ............... ..H............text...$.... ...................... ..`.rsrc...|....@......................@..@.reloc.......`......................@..B.................5......H.......P ..@............%......04......................................BSJB............v4.0.30319......l...0...#~..........#Strings....x.......#US.|.......#GUID...........#Blob......................3..................................................].....].....J...........2.....2...D.2...a.2.....2...-.2.................D.....D.....D...).D...1.D...9.D...A.D...I.D...Q.D.......................#.....+.....3.@...;.T...C.....K.....................}.................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it\WindowsBase.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):91448
            Entropy (8bit):5.414187767090916
            Encrypted:false
            SSDEEP:
            MD5:36BB856F0FC155720FE39B31C7EAEAC1
            SHA1:344AEBE65AEBD8EBF49380432F3BB7A18DE8849A
            SHA-256:D280B34B98BF7B792893A2A028BB01F54214285F33F12A083069912611D0C560
            SHA-512:88B493951EDBDF8B86B35E2C45308534A09FA79CCE5368EC2D56E457BBC5AD55E8855B6230C09C9A5FEAC3127D01551FE845AE74C61DB0A66B3BC64DFDA48488
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...+.w..........." ..0..2...........Q... ...`....... ..............................(.....@.................................xQ..O....`..L............<..8)..........\Q............................................... ............... ..H............text....1... ...2.................. ..`.rsrc...L....`.......4..............@..@.reloc...............:..............@..B.................Q......H.......P ..$...........t%..h+...P......................................BSJB............v4.0.30319......l...0...#~..........#Strings....d.......#US.h.......#GUID...x.......#Blob......................3..................................................W.....W.....D...........,.....,...D.,...a.,.....,...-.,.................>.....>.....>...).>...1.>...9.>...A.>...I.>...Q.>.......................#.....+.....3.@...;.T...C.....K.....................w.................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\it\WindowsFormsIntegration.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):16176
            Entropy (8bit):6.742979580520431
            Encrypted:false
            SSDEEP:
            MD5:26B6077A936619DD7D425E564DE7C0DB
            SHA1:F2B9901F5B9FE843270DC0128D2A513913A1A181
            SHA-256:7FBB8341B6E86DF3D443293265898F9D930115E97E395E5197B07EEFA04F78A4
            SHA-512:2D5D2B9AC59ACC62938E4FB8C411230D90842DA00F7B484AFA67FBB4C4D95EE126C74F918E17E0A49AA8EADAB39B802B2B8EB694F9D32CBD514FC29A08047DDE
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..............+... ...@....... ...............................%....@..................................*..O....@..................0)...`.......*............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P ..T............%......$*......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................c.....c.....P...........8.....8...D.8...a.8.....8...-.8.................J.....J.....J...).J...1.J...9.J...A.J...I.J...Q.J.......................#.....+.....3.@...;.T...C.....K.......................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja\Microsoft.VisualBasic.Forms.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):26416
            Entropy (8bit):6.507447349915193
            Encrypted:false
            SSDEEP:
            MD5:08DCCC4956FC1201DE324C50E80A0605
            SHA1:E216957944C4B8BEA1A7AE6E3461B78E3610C0A5
            SHA-256:0D12ADDC30045D7A729973AB67DA707640B9B970122783FC0281FC53322FA4E4
            SHA-512:1F88C2C88EC1A5B36756EFE721E5F76E2F2EE7A699E89703976B0F038AF749500391F3031C004A03A9F218421C7C758E3D10435AF0CFEF33B0C6C124170D8451
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..4..........ZS... ...`....... ....................................@..................................S..O....`...............>..0)...........R............................................... ............... ..H............text...`3... ...4.................. ..`.rsrc........`.......6..............@..@.reloc...............<..............@..B................<S......H.......P ..............d&...,..lR......................................BSJB............v4.0.30319......l...\...#~......x...#Strings....@.......#US.D.......#GUID...T.......#Blob......................3......................................2.......................t...i.......\.....\.....\...G.\...d.\.....\...0.\.................n.....n.....n...).n...1.n...9.n...A.n...I.n...Q.n...Y.n.......................#.....+.....3.@...;.a...C.u...K.....S.@...................C...............

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja\PresentationCore.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):122648
            Entropy (8bit):5.864789300685279
            Encrypted:false
            SSDEEP:
            MD5:897B45C709DC38512BDAAC4E69D6D3B1
            SHA1:7FE529A23AB5CFFCD0C3C4587CD9F72E146CCA25
            SHA-256:5AE3A22983DD208E356818768096A4435408D5B2F3C252E5425B0E8DC993AF5A
            SHA-512:C6C752105F634677AD12B17035E5D797B561B5896E9F58C579E4570012743EA1CEF1D8B32A11D5262BCB7C92FF0CAC857FEDB9CD390FBB3C60598DD1FFB7EB4B
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....6..........." ..0.............r.... ........... ....................... ............@................................. ...O.......|................)........................................................... ............... ..H............text...x.... ...................... ..`.rsrc...|...........................@..@.reloc..............................@..B................T.......H.......P ..<............%..............................................BSJB............v4.0.30319......l...0...#~..........#Strings....t.......#US.x.......#GUID...........#Blob......................3.................................................._....._.....L...........4.....4...G.4...d.4.....4...0.4.................F.....F.....F...).F...1.F...9.F...A.F...I.F...Q.F.......................#.....+.....3.@...;.T...C.....K.......................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja\PresentationFramework.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):226600
            Entropy (8bit):5.784845539200001
            Encrypted:false
            SSDEEP:
            MD5:7ECD9F688236DB6F6ECDA1570DC42B3B
            SHA1:A9A04C60DE8D84B3EB9F9DBA10CFD42CE59AED08
            SHA-256:8E047C524A4A5C0D9D1746EFE3BF899A4F360C6CB6A2E730C6E224FC4E6797D1
            SHA-512:627F959BE257B421C89B02F19A1ADDD6070BCD80C302D4D6EACBFC19EE088FB9FD605330CEA869BED270DB1203B5F1A83CEE9E8E9F4CDA4239F2407B0E2365D7
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...p.+..........." ..0..B..........n`... ........... ...............................k....@..................................`..O....................L..()...........`............................................... ............... ..H............text...t@... ...B.................. ..`.rsrc................D..............@..@.reloc...............J..............@..B................P`......H.......P ..P............%...9..._......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................d.....d.....Q...........9.....9...G.9...d.9.....9...0.9.................K.....K.....K...).K...1.K...9.K...A.K...I.K...Q.K.......................#.....+.....3.@...;.T...C.....K.......................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja\PresentationUI.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):49432
            Entropy (8bit):6.091665491411624
            Encrypted:false
            SSDEEP:
            MD5:D2F0FB1A0F5FF152431CCB9101DF5D12
            SHA1:26D2D7FB31B19E95B3526DCDE01463CF14F044B1
            SHA-256:345DA79FAFC5107A7A20E2200492BE5AFFBFE768141F2F64DE8ABB94602F97D0
            SHA-512:4B3445C4A39AB48FE503DD9370E4958FC643BB4A73793C14E13C6D0BA21CCC6CEE665537514A1C43C508B0F5C6FA3E14BF070F12CF8EDB9A4E57A3ECBB5536E7
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....tK..........." ..0................. ........... ....................................@.................................t...O.......l................)..........X................................................ ............... ..H............text....... ...................... ..`.rsrc...l...........................@..@.reloc..............................@..B........................H.......P ..0............%..X..........................................BSJB............v4.0.30319......l...0...#~..........#Strings....l.......#US.p.......#GUID...........#Blob......................3..................................................].....].....J...........2.....2...G.2...d.2.....2...0.2.................D.....D.....D...).D...1.D...9.D...A.D...I.D...Q.D.......................#.....+.....3.@...;.T...C.....K.....................}.................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja\ReachFramework.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):42256
            Entropy (8bit):6.146263572523623
            Encrypted:false
            SSDEEP:
            MD5:B78F8E9E90C6147C2BF9A0310BE01FF3
            SHA1:16E9678677811992B7DFD3EF6775CE58B2D34556
            SHA-256:A50DC7D5C4ABE60A7814C9D82A38BE610CD2DECE577CE9FFD4E56D88A7DD7094
            SHA-512:0DC95C1DAAA8B490E027B34D5E95EF14346622C5B7BDDD8C6B6BC2FCAC0C64BD0A6E1C24DF409026F3361702025435B9E57191E906889206F94FF95017486C4E
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..r............... ........... ....................................@.................................h...O.......l............|...)..........L................................................ ............... ..H............text....p... ...r.................. ..`.rsrc...l............t..............@..@.reloc...............z..............@..B........................H.......P ..\............%.. j.........................................BSJB............v4.0.30319......l...<...#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................].....].....J...........2.....2...G.2...d.2.....2...0.2.................D.....D.....D...).D...1.D...9.D...A.D...I.D...Q.D.......................#.....+.....3.@...;.T...C.....K.....................................................}.

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja\System.Windows.Controls.Ribbon.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):19240
            Entropy (8bit):6.636194554517918
            Encrypted:false
            SSDEEP:
            MD5:B95CFD1754B132960C4D7F6D108907F9
            SHA1:D892EB7BC4F64A210E3E7C121E0F00D2F83465F4
            SHA-256:7622D4A374B669986794FCAE0C7DEE74621A171C7F623E8361C2F09D094AEFD5
            SHA-512:B9F5D281941E5CE458448FDEFCCC6A589686B479D9E2EDD044B90DDF14D79BDB1A8DE81BF10D12226F69F07C3B81C29CB549A417444B8B265345BE486900DAF8
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...C.'..........." ..0.............v6... ...@....... ....................................@.................................$6..O....@..............."..()...`.......6............................................... ............... ..H............text...|.... ...................... ..`.rsrc........@......................@..@.reloc.......`....... ..............@..B................X6......H.......P ..............0%..X....5......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID.......0...#Blob......................3..................................................m.....m.....Z...........B.....B...G.B...d.B.....B...0.B.................T.....T.....T...).T...1.T...9.T...A.T...I.T...Q.T......./.....8.....W...#.`...+.{...3.....;.....C.....K.......................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja\System.Windows.Forms.Design.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):155952
            Entropy (8bit):5.807156277840667
            Encrypted:false
            SSDEEP:
            MD5:021CD0FD0EA26B2CD4D2808BA9454247
            SHA1:8B5B0432860D4DA57FF653EC64543A8CB4A197E5
            SHA-256:A4516A03BA706CDBED614BAF5C97AEE878A85E2FD926DDEED14815DB80E605BD
            SHA-512:23EC15185B8D996421BD57EEF13C321FB51C565BD344EFD570A1A7F0260124E2C3CEF19062E1C6B2E8FA04BFAA7ABA85D6D0B4AA4F1ECBA4DDE19E15B6610C1A
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.... ............" ..0..............L... ...`....... ..............................O}....@..................................L..O....`...............8..0)..........dL............................................... ............... ..H............text....,... ...................... ..`.rsrc........`.......0..............@..@.reloc...............6..............@..B.................L......H.......P ..............l'..x$...K......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID.......0...#Blob......................3......................................2.......................t...........\.....\.....\...G.\...d.\.....\...0.\.................n.....n.....n...).n...1.n...9.n...A.n...I.n...Q.n...Y.n......./.....8.....W...#.`...+.{...3.....;.....C.....K.....S.....................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja\System.Windows.Forms.Primitives.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):16680
            Entropy (8bit):6.736126316338831
            Encrypted:false
            SSDEEP:
            MD5:6F4C8959CBC7B99D6E965E37DD6852ED
            SHA1:71C88E273B590EF28B8B6D390277594AF3782A9A
            SHA-256:83D7EE6976EFCED164C78A6A1BA223AB591CBC2302EE827AF9465E370998E4E7
            SHA-512:C5169E0FC1A062498C12FD17757A63D6F7E732426DA7C1B67D278247F1C00AEE5E2923769C88ECC79EDE3085FC20D0B411820260BF7A0592FF0282EF012C1DB5
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....6............" ..0.............~,... ...@....... ....................................@.................................,,..O....@..................()...`.......,............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................`,......H.......P ..............h%..(....+......................................BSJB............v4.0.30319......l...D...#~...... ...#Strings............#US.........#GUID.......4...#Blob......................3......................................2.......................x...........`.....`.....`...G.`...d.`.....`...0.`.................r.....r.....r...).r...1.r...9.r...A.r...I.r...Q.r...Y.r......./.....8.....W...#.`...+.{...3.....;.....C.....K.....S.....................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja\System.Windows.Forms.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):409400
            Entropy (8bit):5.678733342214301
            Encrypted:false
            SSDEEP:
            MD5:F8B8C2A383E5EFB77BA1A5D6BDABE635
            SHA1:FD2FD58263FD3B874BCDA1A4C9F0EBB35C347A04
            SHA-256:16EE8CE6FFDDADD490F2D21D76971E8CC3E8813CF2334857EF6BB8E837838A94
            SHA-512:3595CE1FFA57A534B8EA192D80FDFF98243799C9A3A27C7D73E24398A035AF7476DB4F6CB116CA97658C01C8AEEDCB347FA49FC129B54E393A4C783C87C3951D
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...z.7..........." ..0..............*... ...@....... ..............................@-....@..................................)..O....@..................8)...`.......)............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P ..P............%...... )......................................BSJB............v4.0.30319......l...\...#~......L...#Strings............#US.........#GUID...(...(...#Blob......................3......................................2.......................m...=.......U.....U.....U...G.U...d.U.....U...0.U.................g.....g.....g...).g...1.g...9.g...A.g...I.g...Q.g...Y.g......./.....8.....W...#.`...+.{...3.....;.....C.....K.....S.....................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja\System.Windows.Input.Manipulations.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):16656
            Entropy (8bit):6.816678980043377
            Encrypted:false
            SSDEEP:
            MD5:FB59C5D892AE7599B12E7DA7A32B0621
            SHA1:5BF952F6CC026EAD7B7A458BA5E305A8CF05AD24
            SHA-256:0729F4B198049979C316EDBB83A374C4B6EBE6640F2393CA97BF022619E90B81
            SHA-512:D8E3B45999D34974BCBBB5E183FFF71C1991D49A8C13F3256D3EB8E3C737CEC47E5CF1F3A4CFE485DEEA8F2819E20637FDD5F51A3B43EB7B6BF2F4C32B413222
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...z............" ..0..............-... ...@....... ..............................Q.....@..................................-..O....@...................)...`......p-............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................-......H.......P ..............@%.......,......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID.......4...#Blob......................3..................................................q.....q.....^...........F.....F...G.F...d.F.....F...0.F.................X.....X.....X...).X...1.X...9.X...A.X...I.X...Q.X......./.....8.....W...#.`...+.{...3.....;.....C.....K.......................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja\System.Xaml.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):74520
            Entropy (8bit):6.115495104696865
            Encrypted:false
            SSDEEP:
            MD5:497853A270160963F58E36CCECB56299
            SHA1:2FFB4AB90670BABA75F785EF7938210CF25F89D6
            SHA-256:5549D1EEE440414ACE7D071D49940BAA5B73ECF278258B6AD21793646952DCDA
            SHA-512:02C7E20B258F23BE217CAFDF7B4C5263AF2111FCDE23AB36112EA44B472BC61E7B90D0A2479879EEBD241DF938BE2107D3BBDBF64884FBF65DB3731A5ED725DE
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.............J.... ... ....... .......................`.......e....@.....................................O.... ..L................)...@....................................................... ............... ..H............text...P.... ...................... ..`.rsrc...L.... ......................@..@.reloc.......@......................@..B................,.......H.......P ...............$..x...\.......................................BSJB............v4.0.30319......l...0...#~..........#Strings....d.......#US.h.......#GUID...x.......#Blob......................3..................................................Z.....Z.....G.........../...../...G./...d./...../...0./.................A.....A.....A...).A...1.A...9.A...A.A...I.A...Q.A......./.....8.....W...#.`...+.{...3.....;.....C.....K.....................................................z.

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja\UIAutomationClient.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):20792
            Entropy (8bit):6.665574504591982
            Encrypted:false
            SSDEEP:
            MD5:FC943A25DAD97B24839D5514F092791E
            SHA1:FAD75364FCF039601648B78ED75116AC632E3D14
            SHA-256:4D6F3E21644D4B72B6A50468A869A3F70B04F8DC0C8A64CC85C9DCBF2E244B15
            SHA-512:EE6656812C99C29D504F2347FAA8DCC82BCA88A27E58CFB0337C1330C63B6F7EAB81C432606FB9D9AB95A31B30EB8C6CE6C580791D3D3C663D85EC837C549BCC
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....$..........." ..0..............=... ...@....... ...................................@..................................<..O....@...............(..8)...`.......<............................................... ............... ..H............text........ ...................... ..`.rsrc........@....... ..............@..@.reloc.......`.......&..............@..B.................<......H.......P ..@............%...... <......................................BSJB............v4.0.30319......l...0...#~..........#Strings....x.......#US.|.......#GUID...........#Blob......................3..................................................a.....a.....N...........6.....6...G.6...d.6.....6...0.6.................H.....H.....H...).H...1.H...9.H...A.H...I.H...Q.H.......................#.....+.....3.@...;.T...C.....K.......................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja\UIAutomationClientSideProviders.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):21768
            Entropy (8bit):6.439197190092991
            Encrypted:false
            SSDEEP:
            MD5:6FFC37F6478E4ED9887BACAFD0692145
            SHA1:BD467869EC304B4F19986DC5CEACA714E5227B54
            SHA-256:A19DD216052927A7CE5F9F99EC76A261CAA36FA93CD05E82ECB3D339148EBDA8
            SHA-512:25FF841A14DFCDB12DF581F2CC6A8BB0DECC81CB471D28A5B4BBCDF52C768B855C6ABAAF3BA5814010658F4824C7233AD14D8101792728CA65F9256C0FA34F84
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...,............." ..0.."...........@... ...`....... ..............................,.....@..................................?..O....`...............,...)...........?............................................... ............... ..H............text.... ... ...".................. ..`.rsrc........`.......$..............@..@.reloc...............*..............@..B.................?......H.......P ..............4%.......?......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID.......0...#Blob......................3..................................................n.....n.....[...........C.....C...G.C...d.C.....C...0.C.................U.....U.....U...).U...1.U...9.U...A.U...I.U...Q.U......./.....8.....W...#.`...+.{...3.....;.....C.....K.......................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja\UIAutomationProvider.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):15624
            Entropy (8bit):6.732849634593725
            Encrypted:false
            SSDEEP:
            MD5:96C2E24D5EED53F32BE71291AD73D981
            SHA1:04E437C2613F611AED05C2B31DBE4CB99A18950A
            SHA-256:A944AC13FEC2DEA8DFD22EEEE5B1D36439665EC1A4B89BD14606A617775E1B46
            SHA-512:5F367CFFCCA42E0392C60963A028F4176869440DF2C3F3EEEA73AC64304B0A4A36DE2F9692E5B756BAC9EF0C80E4D0EF86421D999D46CEB0E3070518B2E807EB
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...t{............" ..0.............B(... ...@....... ..............................c9....@..................................'..O....@...................)...`.......'............................................... ............... ..H............text...H.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................$(......H.......P ..L............%......T'......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................c.....c.....P...........8.....8...G.8...d.8.....8...0.8.................J.....J.....J...).J...1.J...9.J...A.J...I.J...Q.J.......................#.....+.....3.@...;.T...C.....K.......................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja\UIAutomationTypes.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):18744
            Entropy (8bit):6.590563806142506
            Encrypted:false
            SSDEEP:
            MD5:DEFE425F3165EB3E3915860BEFEAF999
            SHA1:DDB5BEB4FE076C207C31B32C80C25F188A69FCF9
            SHA-256:C5036EDEF12302796A03515E216497CEB804268ECF6B6235F7384E636488D8D9
            SHA-512:60E3568BD759C5FD46627EAF4ED873E4C2E8B39B6D1A985752CB576E852ED805D7967E6BD296ACAAEEC394EDECF5713A300712711B1DC898F8AD7A5026E0C889
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....O..........." ..0.............^5... ...@....... ....................................@..................................5..O....@..|............ ..8)...`.......4............................................... ............... ..H............text...d.... ...................... ..`.rsrc...|....@......................@..@.reloc.......`......................@..B................@5......H.......P ..@............%......p4......................................BSJB............v4.0.30319......l...0...#~..........#Strings....x.......#US.|.......#GUID...........#Blob......................3..................................................`.....`.....M...........5.....5...G.5...d.5.....5...0.5.................G.....G.....G...).G...1.G...9.G...A.G...I.G...Q.G.......................#.....+.....3.@...;.T...C.....K.......................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja\WindowsBase.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):99640
            Entropy (8bit):5.919321365541572
            Encrypted:false
            SSDEEP:
            MD5:B44BBFDF277BE68F16635AD41A55A4FE
            SHA1:2100784693927F6936F743CC3BF90B54F838491F
            SHA-256:A3931FDDE8D4B512C2AB03335F9EB81EDF5A45868C4165F2A5092DB518D52CB1
            SHA-512:885E3B9EEA9EAECDCDB902074DD347AED3713F30F37995ACEB6C80E81C0EEC2EC0D699F359DC6CDFB2A035B526230EE781C3A88EFDF67B649391F6F4D1C5EF61
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...~.0..........." ..0..R...........p... ........... ..............................eK....@..................................p..O.......L............\..8)..........dp............................................... ............... ..H............text....P... ...R.................. ..`.rsrc...L............T..............@..@.reloc...............Z..............@..B.................p......H.......P ..$...........t%..pJ...o......................................BSJB............v4.0.30319......l...0...#~..........#Strings....d.......#US.h.......#GUID...x.......#Blob......................3..................................................Z.....Z.....G.........../...../...G./...d./...../...0./.................A.....A.....A...).A...1.A...9.A...A.A...I.A...Q.A.......................#.....+.....3.@...;.T...C.....K.....................................................z.

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ja\WindowsFormsIntegration.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):16696
            Entropy (8bit):6.741587548553531
            Encrypted:false
            SSDEEP:
            MD5:798B09737ECDFE08E9336BE610E26C90
            SHA1:CCEA4286BC9B3051F29D70D380B73917E88E95EB
            SHA-256:897F0BA2C288D702BCF1DD155DB9B506ED8B37DB982C11AC8AD689D27650DB65
            SHA-512:CAC1FA85DD5A6C24380CA53CA8A95D69DFD8C5C728866F27B20735772E750BD7FB7032FA21800FE12605EF2271CC2A6DF4698B2F72072A558270675018E9DE28
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....y............" ..0..............,... ...@....... ....................................@..................................+..O....@..................8)...`.......+............................................... ............... ..H............text... .... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................+......H.......P ..T............%......,+......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................f.....f.....S...........;.....;...G.;...d.;.....;...0.;.................M.....M.....M...).M...1.M...9.M...A.M...I.M...Q.M.......................#.....+.....3.@...;.T...C.....K.......................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko\Microsoft.VisualBasic.Forms.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):25896
            Entropy (8bit):6.516647486465198
            Encrypted:false
            SSDEEP:
            MD5:4EE5CDCE9B57555F28576AE1591494D4
            SHA1:CCFF78A8260E990433A54C490519D4AF1B9E1B26
            SHA-256:EA5E800D2D4A57C420DCF22E005B9F6FE287172D14F6E2998E5F63038A029571
            SHA-512:2512A6BA0C1A54416256D172A9CDBF426E1E69224E5EBF8238831857741BA24A33744E7E2C35467BC2211C1F94F990F8AD90151A45AE6ABDB7D125142F21B2B0
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..2..........jQ... ...`....... ..............................n.....@..................................Q..O....`...............<..()...........P............................................... ............... ..H............text...p1... ...2.................. ..`.rsrc........`.......4..............@..@.reloc...............:..............@..B................LQ......H.......P ..............d&...*..|P......................................BSJB............v4.0.30319......l...\...#~......x...#Strings....@.......#US.D.......#GUID...T.......#Blob......................3....................................../.......................t...i.......Y.....Y.....Y...D.Y...a.Y.....Y...-.Y.................n.....n.....n...).n...1.n...9.n...A.n...I.n...Q.n...Y.n.......................#.....+.....3.@...;.a...C.u...K.....S.@...................C.k.............

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko\PresentationCore.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):114480
            Entropy (8bit):5.9917978051092105
            Encrypted:false
            SSDEEP:
            MD5:5DF02B508ED8481679986A6301B9FF82
            SHA1:6DBB4767A855E0F9EF1B95276D365351064AA493
            SHA-256:88E4EDE665DED758F67FA9322B38F6A94CE0B75064B80D7831CBB350A88D92ED
            SHA-512:5C938E7376A35AF07A48E772774EBCBF2E1AD3058002C5C11D3DF299E8EDDF9F0654148E0E67C78C188D0D7C180729FC0F627B55EF1CD3CAC4D986C56479AABF
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0................. ........... ..............................2<....@.................................x...O.......|...............0)..........\................................................ ............... ..H............text....... ...................... ..`.rsrc...|...........................@..@.reloc..............................@..B........................H.......P ..<............%..P..........................................BSJB............v4.0.30319......l...0...#~..........#Strings....t.......#US.x.......#GUID...........#Blob......................3.................................................._....._.....L...........1.....1...D.1...a.1.....1...-.1.................F.....F.....F...).F...1.F...9.F...A.F...I.F...Q.F.......................#.....+.....3.@...;.T...C.....K.......................C...............................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko\PresentationFramework.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):211728
            Entropy (8bit):5.91124927540932
            Encrypted:false
            SSDEEP:
            MD5:7AB05AF580A59425BF8625EA869B524F
            SHA1:EB59582A7654BC8590B4A6A54FF9D3BC35437CA1
            SHA-256:26391E45505D16DC708468F8325732CCE331DBE231892B3FD69D7569AC02612F
            SHA-512:D07A976B3C35BCCBE3EB45A9FDCB9F3549A227F859E899733F250EBDFA4A6CC1FE2189505FC6FFDAB38435FBC0F46C3750E070EC363006F234497897F452D8BB
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....K............" ..0..............&... ...@....... ...................................@..................................%..O....@...................)...`.......%............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................%......H.......P ..P............%...... %......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................d.....d.....Q...........6.....6...D.6...a.6.....6...-.6.................K.....K.....K...).K...1.K...9.K...A.K...I.K...Q.K.......................#.....+.....3.@...;.T...C.....K.......................H...............................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko\PresentationUI.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):46352
            Entropy (8bit):6.094049928276998
            Encrypted:false
            SSDEEP:
            MD5:2A6B47E135440421E6F0450425B65B9A
            SHA1:1FBC6696996B089373E8B877919CBD01580CA95C
            SHA-256:149A1B247174FDE8E134B6D179027A03E98AAF1B12D1A48693F2CEB1A1C8A69F
            SHA-512:8FA6E69608FA58119A93EFEDC4FC741AE6024529D72EB61555085CB90E6A5EA6C393B06F92B36197A0099564B2E3E99A5BD380F6335F274AF7A304F7A3E648D9
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.............~.... ........... ....................................@.................................,...O.......l................)........................................................... ............... ..H............text........ ...................... ..`.rsrc...l...........................@..@.reloc..............................@..B................`.......H.......P ..0............%...z..........................................BSJB............v4.0.30319......l...0...#~..........#Strings....l.......#US.p.......#GUID...........#Blob......................3..................................................].....].....J.........../...../...D./...a./...../...-./.................D.....D.....D...).D...1.D...9.D...A.D...I.D...Q.D.......................#.....+.....3.@...;.T...C.....K.....................}.A...............................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko\ReachFramework.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):40720
            Entropy (8bit):6.176212598280188
            Encrypted:false
            SSDEEP:
            MD5:4B48C45DE6419847E9DA13BC1DCAF714
            SHA1:0CDB5A0386071C2086EA515CD61A49C68C7E0CB1
            SHA-256:20FEF8186E9A3E7F704623D49DA9DF28B15592E97C75A735C92365875D65D5F0
            SHA-512:3D1025FD3AE0CEF6AB613338787863C015E2670E81F47C5A1715E086D76069A174C77E2974EFAB2D990ECCC446ABC4B940F650F81CB736D68C1817173F32959D
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...J............" ..0..l..........B.... ........... ....................................@.....................................O.......l............v...).......................................................... ............... ..H............text...Hj... ...l.................. ..`.rsrc...l............n..............@..@.reloc...............t..............@..B................$.......H.......P ..\............%...c..T.......................................BSJB............v4.0.30319......l...<...#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................].....].....J.........../...../...D./...a./...../...-./.................D.....D.....D...).D...1.D...9.D...A.D...I.D...Q.D.......................#.....+.....3.@...;.T...C.....K.....................}.A...............................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko\System.Windows.Controls.Ribbon.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):18704
            Entropy (8bit):6.7211619680094445
            Encrypted:false
            SSDEEP:
            MD5:16723F6DCD2CD01EE79DB30EF6B3DA09
            SHA1:29E2AF9A4464425F1849529955031EF8BA885701
            SHA-256:D361DB1FDA7B31E67BEE4303697D5D29C6BE89E0419660552CE59DC3E1BA52FF
            SHA-512:1DF6E1C41ACF4CF3BD59EFB362E516C1384C6002747FA1292C8573830D7E3C757CB0B371FB8620242CFD913A9C015D16C027370FC16E9462FEB76B6E76B41465
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....`..........." ..0..............5... ...@....... ...............................&....@.................................L5..O....@............... ...)...`......05............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................5......H.......P ..............0%.......4......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID.......0...#Blob......................3..................................................m.....m.....Z...........?.....?...D.?...a.?.....?...-.?.................T.....T.....T...).T...1.T...9.T...A.T...I.T...Q.T......./.....8.....W...#.`...+.{...3.....;.....C.....K.......................Q...............................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko\System.Windows.Forms.Design.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):151312
            Entropy (8bit):5.804255560880302
            Encrypted:false
            SSDEEP:
            MD5:F6C9F994DA313FBD3FE0B67C9231605F
            SHA1:0B889D3FAFED634422D8C894CC70B80F82419BCB
            SHA-256:89E5541679999BE39DA781CD8EF35A618E2B474DB0D4DEB577B58FFEC218205D
            SHA-512:94C382C880AFA138FDE20A08F1240308FD11EACDD6013C8F1131CDDA8E61259D3961BEAA70D0B34D3740D5C18AA6532900279C9A65ED145CD2E9509F5DAE73B4
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..............." ..0..............;... ...@....... ..............................?.....@..................................;..O....@...............&...)...`.......;............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`.......$..............@..B.................;......H.......P ..............l'.......;......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID.......0...#Blob......................3....................................../.......................t...........Y.....Y.....Y...D.Y...a.Y.....Y...-.Y.................n.....n.....n...).n...1.n...9.n...A.n...I.n...Q.n...Y.n......./.....8.....W...#.`...+.{...3.....;.....C.....K.....S.......................k.............

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko\System.Windows.Forms.Primitives.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):16160
            Entropy (8bit):6.844849247673115
            Encrypted:false
            SSDEEP:
            MD5:413D040B60BB564ADBAA3118E1454139
            SHA1:6465A13EB3F453BD1AB75767022DDDDD33F9313D
            SHA-256:EC495B608CD06F4D3C5FF398BD878F2835A0369EBFDC1C8717CA4A348338E482
            SHA-512:9B382C26C5DD931A2DA3A5BF8EFC728ED7CD4A250572DC8BA6DA6B8AD3272A0BC89EB011F6095AB3E3C2650A60A3055E3D0CD0939E8562E1AA1F6A4D4EC5B158
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....@;..........." ..0..............+... ...@....... ....................................@..................................+..O....@.................. )...`.......+............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................+......H.......P ..............h%.......+......................................BSJB............v4.0.30319......l...D...#~...... ...#Strings............#US.........#GUID.......4...#Blob......................3....................................../.......................x...........].....].....]...D.]...a.].....]...-.].................r.....r.....r...).r...1.r...9.r...A.r...I.r...Q.r...Y.r......./.....8.....W...#.`...+.{...3.....;.....C.....K.....S.......................o.............

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko\System.Windows.Forms.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):370984
            Entropy (8bit):5.8484984570350225
            Encrypted:false
            SSDEEP:
            MD5:960CF02CE2C0615A270A4CDDB837B805
            SHA1:01006DE5E6C29FA6632BA46A0A90D4E5CBFABD89
            SHA-256:94CF7D9EF64B1DA9AF14849F9D914C1A41B0B5DC53275A1E8965B6F9A79B47AF
            SHA-512:B5CBAE1E04081148F7EC4F632FC789696CC03831C3ED744D1AB2A161410FF7F5063375ADC7361FB7F76868EC6E9BFB6462EF834967789AAA0924A6B0F774D6D9
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....^..........." ..0..v............... ........... ....................................@.................................d...O.......................()..........H................................................ ............... ..H............text....u... ...v.................. ..`.rsrc................x..............@..@.reloc...............~..............@..B........................H.......P ..P............%..(o.........................................BSJB............v4.0.30319......l...\...#~......L...#Strings............#US.........#GUID...(...(...#Blob......................3....................................../.......................m...=.......R.....R.....R...D.R...a.R.....R...-.R.................g.....g.....g...).g...1.g...9.g...A.g...I.g...Q.g...Y.g......./.....8.....W...#.`...+.{...3.....;.....C.....K.....S.......................d.............

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko\System.Windows.Input.Manipulations.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):16664
            Entropy (8bit):6.784021848290164
            Encrypted:false
            SSDEEP:
            MD5:390D6E91BCE36B30DAADBE4CC8CA79F1
            SHA1:DDCDF50FB4F0F6BD0E26B2A5108D32E76FC7510E
            SHA-256:ABE19450C3F25709249185FC923496A9E90FC14978562E88B1327EB28C993C4A
            SHA-512:1403C843FAA2451B1A38D8CA6E879C781E900A8C22429C36B0779916B817FF7DACB95F0D47E499F899DD60713FF6B3D41341391D84170614A8DAB2D7427F0C4E
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..............-... ...@....... ....................................@..................................,..O....@...................)...`.......,............................................... ............... ..H............text...4.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................-......H.......P ..............@%......@,......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID.......4...#Blob......................3..................................................q.....q.....^...........C.....C...D.C...a.C.....C...-.C.................X.....X.....X...).X...1.X...9.X...A.X...I.X...Q.X......./.....8.....W...#.`...+.{...3.....;.....C.....K.......................U...............................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko\System.Xaml.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):69944
            Entropy (8bit):6.231572140427828
            Encrypted:false
            SSDEEP:
            MD5:B329649CBAFDADAC403FA955F8AE86B5
            SHA1:937BCADD02AA92A09B1D5FCBA298539BFA08A5EF
            SHA-256:B2617FC499C9296D3B72AFC6AE01286FD801129FA5E884ABEEB34EB7B51653F0
            SHA-512:8DE3B72375C9E97B40A8320E2397934283268694D58F19FC7BD4D0EF80BD391818BA7FBB9A4DBF818402317EFBDBF58CE51BAA757404565E8F8A2191DF91F77E
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...I.x..........." ..0.............z.... ........... .......................@......>.....@.................................(...O.......L...............8)... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...L...........................@..@.reloc....... ......................@..B................\.......H.......P ...............$..............................................BSJB............v4.0.30319......l...0...#~..........#Strings....d.......#US.h.......#GUID...x.......#Blob......................3..................................................Z.....Z.....G...........,.....,...D.,...a.,.....,...-.,.................A.....A.....A...).A...1.A...9.A...A.A...I.A...Q.A......./.....8.....W...#.`...+.{...3.....;.....C.....K.....................z.>...............................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko\UIAutomationClient.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):20232
            Entropy (8bit):6.72816860275359
            Encrypted:false
            SSDEEP:
            MD5:016E6EC394EE11B9E7431B449E8C8A7F
            SHA1:F800966F47132CCDD6B153C4EA28C462A5DE5089
            SHA-256:7E7310EF28709E90F4ED36E46DB70531CE975045F1922FFF2C1FCECA6649321A
            SHA-512:6E14970A9A3BD4C35373B57906E60D5F747495E80F6EEDFC6513384AEC1A441D5CF341900796935EB6621DDF6FB1D26E044128D1096B284A2C0C4B7E067AB5B8
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....\..........." ..0..............;... ...@....... ..............................gi....@.................................T;..O....@...............&...)...`......8;............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`.......$..............@..B.................;......H.......P ..@............%..(....:......................................BSJB............v4.0.30319......l...0...#~..........#Strings....x.......#US.|.......#GUID...........#Blob......................3..................................................a.....a.....N...........3.....3...D.3...a.3.....3...-.3.................H.....H.....H...).H...1.H...9.H...A.H...I.H...Q.H.......................#.....+.....3.@...;.T...C.....K.......................E...............................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko\UIAutomationClientSideProviders.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):21272
            Entropy (8bit):6.486179065476304
            Encrypted:false
            SSDEEP:
            MD5:BEB5012EDA7310E36845C0EC735FA555
            SHA1:0F332A9D6F92CD293ADFC599FF50E77C89054909
            SHA-256:EEB1B5F23C8992894E05CBB11496295A673C50D8B38C4698E28F5DA697A582AB
            SHA-512:A62326E3127DD279E3C4BE3F48073E16379442761F4E3A97B4B0583753E01B94708EF40839B0598E894815ACB5C19E3E636320D5ECBA0447920D38B39A21DFBB
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.. ...........>... ...@....... ...................................@..................................>..O....@...............*...)...`......d>............................................... ............... ..H............text........ ... .................. ..`.rsrc........@......."..............@..@.reloc.......`.......(..............@..B.................>......H.......P ..............4%.......=......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID.......0...#Blob......................3..................................................n.....n.....[...........@.....@...D.@...a.@.....@...-.@.................U.....U.....U...).U...1.U...9.U...A.U...I.U...Q.U......./.....8.....W...#.`...+.{...3.....;.....C.....K.......................R...............................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko\UIAutomationProvider.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):15672
            Entropy (8bit):6.716671016564232
            Encrypted:false
            SSDEEP:
            MD5:B921113C47A86A72272BADD659552066
            SHA1:72A79A1C8E16F412ADD01B42DC7A1362BFC0716B
            SHA-256:ADD9C18BD97DB5D67D31839F7BD028E5CDAAFEE4197A1B2942BD4B3A3D38B73C
            SHA-512:F5B3407F7B28797C4143ECF7F68C58E3609B85F0BAFE29C4192903EF4D3450CB96C452D88A2EA0D5AA5A9C5132C5A50F6380D8ED1F8C5ED32E34783AB58DB38C
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....>............" ..0.............2(... ...@....... ..............................S.....@..................................'..O....@..................8)...`.......'............................................... ............... ..H............text...8.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P ..L............%......D'......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................c.....c.....P...........5.....5...D.5...a.5.....5...-.5.................J.....J.....J...).J...1.J...9.J...A.J...I.J...Q.J.......................#.....+.....3.@...;.T...C.....K.......................G...............................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko\UIAutomationTypes.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):18696
            Entropy (8bit):6.5248483653663865
            Encrypted:false
            SSDEEP:
            MD5:C6DE1D7E6D58C3A7699CC6F0438D796F
            SHA1:E11467AFA6DEB404B18C7DC20F8D395B3AA3C92E
            SHA-256:7DD91064779552147441BE14284802E3C189B96AFC5F68E99922539FC35BE8CE
            SHA-512:EFEB29601AB281264399FFD866D80E80FA2AE663B2981554A96F9D84FCAB7746638427A6CB8F782C2DCCC8FCE3B5AC0AEC5A0028B51BE24147AD4CC454A22297
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...W. ..........." ..0..............4... ...@....... ....................................@.................................44..O....@..|............ ...)...`.......4............................................... ............... ..H............text........ ...................... ..`.rsrc...|....@......................@..@.reloc.......`......................@..B................h4......H.......P ..@............%.......3......................................BSJB............v4.0.30319......l...0...#~..........#Strings....x.......#US.|.......#GUID...........#Blob......................3..................................................`.....`.....M...........2.....2...D.2...a.2.....2...-.2.................G.....G.....G...).G...1.G...9.G...A.G...I.G...Q.G.......................#.....+.....3.@...;.T...C.....K.......................D...............................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko\WindowsBase.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):92472
            Entropy (8bit):6.0493202269799315
            Encrypted:false
            SSDEEP:
            MD5:392CC2129023D82900D24938E6F14BFA
            SHA1:01DB557AA08D2A39E079B6FFF96CBDA3DAB32CA0
            SHA-256:22ADCE7FB1A398887CD7BE08A020A315518B6EB88B4E30E6A0A6040FCA64B81C
            SHA-512:560E5548B682DA47FDC4E39652E627019F5BD83E1F499DE425564817AB73D29506387CD7D69D8A7C08F7A50C2586A4CB94538290D3FB10B8146445162B9D7172
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..6...........T... ...`....... ....................................@..................................T..O....`..L............@..8)...........T............................................... ............... ..H............text....5... ...6.................. ..`.rsrc...L....`.......8..............@..@.reloc...............>..............@..B.................T......H.......P ..$...........t%.......T......................................BSJB............v4.0.30319......l...0...#~..........#Strings....d.......#US.h.......#GUID...x.......#Blob......................3..................................................Z.....Z.....G...........,.....,...D.,...a.,.....,...-.,.................A.....A.....A...).A...1.A...9.A...A.A...I.A...Q.A.......................#.....+.....3.@...;.T...C.....K.....................z.>...............................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ko\WindowsFormsIntegration.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):16168
            Entropy (8bit):6.8282803966225964
            Encrypted:false
            SSDEEP:
            MD5:599977543D575DC9E92EEA3C4716DCDF
            SHA1:A6540ED42F564B7ECEE9B5D28A2300D84C86213A
            SHA-256:63B4B807CA756A38132280C91FC9CE10B2975324E393202C2E129099B22FB73D
            SHA-512:915FFB25FAD2720E26612B7246C44C4FF7A7593144A2CB5E1E13AC49F8D2209D868628D7D27E1B13908A560AB188A8D7BD5DD32F40062F0BCC3FA6DF7F31ADF2
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.............r+... ...@....... ...................................@................................. +..O....@..................()...`.......+............................................... ............... ..H............text...x.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................T+......H.......P ..T............%.......*......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................f.....f.....S...........8.....8...D.8...a.8.....8...-.8.................M.....M.....M...).M...1.M...9.M...A.M...I.M...Q.M.......................#.....+.....3.@...;.T...C.....K.......................J...............................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl\Microsoft.VisualBasic.Forms.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):25912
            Entropy (8bit):6.363901863615136
            Encrypted:false
            SSDEEP:
            MD5:1CEE2E80FDFA08CD8FF571772A5F933A
            SHA1:EFA5AC804650CE1D3B5AC8DDDD309CAA8A8E4FF2
            SHA-256:AC6DCF25910FA436D3CB7E0F5BC0832FBA6806912B0CC1078B9319B9F07F47F3
            SHA-512:C79B48868CDEF5184B03E53CB12633AD0EB07723D9065029BE63E2D64EFC2E863DFCCFE63BB5095440B35DF6D8AAAF86D741B4524B9E33310038386EEF1A1088
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....%..........." ..0..2...........P... ...`....... ....................................@..................................P..O....`...............<..8)..........lP............................................... ............... ..H............text....0... ...2.................. ..`.rsrc........`.......4..............@..@.reloc...............:..............@..B.................P......H.......P ..............d&...)...O......................................BSJB............v4.0.30319......l...\...#~......x...#Strings....@.......#US.D.......#GUID...T.......#Blob......................3....................................../.......................t...i.......\.....\.....\...D.\...a.\.....\...-.\.................n.....n.....n...).n...1.n...9.n...A.n...I.n...Q.n...Y.n.......................#.....+.....3.@...;.a...C.u...K.....S.@...................C.Y.............

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl\PresentationCore.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):113416
            Entropy (8bit):5.588503811122278
            Encrypted:false
            SSDEEP:
            MD5:9AAC26DE24BA8B31706EA58AC955DC69
            SHA1:1D31F2AD6F649096A93DBDD6DAE41AB693C01B0F
            SHA-256:5A7CA71A7A19A4161FD32371236678B9F36AA753FB02CEAF9B71020BDD4C974C
            SHA-512:C84D338642D0A3028B30D95B75CA07EB1623F13390556284D2220BAC7159185F2B32C906613F14778CE363083EF017F72C26ED3F51BE0039E3B7EEEB3D9BDADF
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0................. ........... ...................................@.....................................O.......|................)..........l................................................ ............... ..H............text........ ...................... ..`.rsrc...|...........................@..@.reloc..............................@..B........................H.......P ..<............%..`..........................................BSJB............v4.0.30319......l...0...#~..........#Strings....t.......#US.x.......#GUID...........#Blob......................3.................................................._....._.....L...........4.....4...D.4...a.4.....4...-.4.................F.....F.....F...).F...1.F...9.F...A.F...I.F...Q.F.......................#.....+.....3.@...;.T...C.....K.......................1...............................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl\PresentationFramework.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):209720
            Entropy (8bit):5.4710841358494555
            Encrypted:false
            SSDEEP:
            MD5:A51EC794659695B8264A74D35C7A681B
            SHA1:F77DF4EAA77DED2A737ECC1306248D96CCE6C7AB
            SHA-256:A61976C56327F2831DC9DF65CF38EC961267799C6F1D2A02765D439907F64BAE
            SHA-512:CFEDBFEB8EC4DB9D67477514C8E49A10E4E897E38485EA9101FEA127E370344D26E33D50CEC3BCB97768A663EAC00490AC8F428836E99FF161EFC52D9C37D3CD
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.................. ... ....... .......................`.......,....@.....................................O.... ..................8)...@......h................................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H.......P ..P............%..H...........................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................d.....d.....Q...........9.....9...D.9...a.9.....9...-.9.................K.....K.....K...).K...1.K...9.K...A.K...I.K...Q.K.......................#.....+.....3.@...;.T...C.....K.......................6...............................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl\PresentationUI.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):46384
            Entropy (8bit):5.78472141990417
            Encrypted:false
            SSDEEP:
            MD5:02A84DBDDA51D3C88ADD75A472B8B404
            SHA1:DD1E0B7D6403A407D7992F3CE67E200EF546CBD4
            SHA-256:180CDF536E24A6DB8D3F39699B0DA463602150F583A292C7D70DA7F3EF7B8E27
            SHA-512:EC943DA37C0360FB7C8EA52F706F5ADF509EE6C5237DD69237BADE88A696B9F5583D8CCA966A3D0A69B27D89D0480F5FAA99430F11F8AB3B26C5DFB64856D539
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....<............" ..0................. ........... ..............................E.....@.....................................O.......l...............0)..........h................................................ ............... ..H............text....... ...................... ..`.rsrc...l...........................@..@.reloc..............................@..B........................H.......P ..0............%..hz.........................................BSJB............v4.0.30319......l...0...#~..........#Strings....l.......#US.p.......#GUID...........#Blob......................3..................................................].....].....J...........2.....2...D.2...a.2.....2...-.2.................D.....D.....D...).D...1.D...9.D...A.D...I.D...Q.D.......................#.....+.....3.@...;.T...C.....K.....................}./...............................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl\ReachFramework.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):40208
            Entropy (8bit):5.91906094725466
            Encrypted:false
            SSDEEP:
            MD5:6B7D0D3C4C21CAED153D2026C283A1BC
            SHA1:07D4508CAEE6A082A05B8472C89F52A80C083011
            SHA-256:07B51EE4C31E98D3B2496899660E94AC4FCCB510AB5A0CD40417034FAF098011
            SHA-512:9EDC6CEEC164688F25D7B4BC7757C36A374954DEF13E465822505FF8C419B12A49933DFC42E11F43F507C49658FC1433267FB1BB24852D108650E81FE1EBCA90
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....C..........." ..0..j.............. ........... ..............................(.....@.................................p...O.......l............t...)..........T................................................ ............... ..H............text....h... ...j.................. ..`.rsrc...l............l..............@..@.reloc...............r..............@..B........................H.......P ..\............%..(b.........................................BSJB............v4.0.30319......l...<...#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................].....].....J...........2.....2...D.2...a.2.....2...-.2.................D.....D.....D...).D...1.D...9.D...A.D...I.D...Q.D.......................#.....+.....3.@...;.T...C.....K.....................}./...............................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl\System.Windows.Controls.Ribbon.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):18744
            Entropy (8bit):6.615534990847778
            Encrypted:false
            SSDEEP:
            MD5:16EADF240D91491111872E765865F51E
            SHA1:BA11EA786F26CFB6A3F441960273B92315C2F66E
            SHA-256:DD5B309F2ECB452B93A5215593F40BF7C56855E146FBEFD5C0F493BA2A5C5910
            SHA-512:D8B8EA39056CEE47A079CEE436D945CF3874602773781F2CB64671346C7B24B06D9A4D25A8D42D2D927F89D4EBF1DEAC1654EC66FDDCD24FD2602CF5881DC2AA
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...%............." ..0..............5... ...@....... ..............................6.....@.................................45..O....@............... ..8)...`.......5............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................h5......H.......P ..............0%..h....4......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID.......0...#Blob......................3..................................................m.....m.....Z...........B.....B...D.B...a.B.....B...-.B.................T.....T.....T...).T...1.T...9.T...A.T...I.T...Q.T......./.....8.....W...#.`...+.{...3.....;.....C.....K.......................?...............................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl\System.Windows.Forms.Design.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):149296
            Entropy (8bit):5.49716303474043
            Encrypted:false
            SSDEEP:
            MD5:F2EB3A090328AC2A04A986E2D29F807C
            SHA1:BE01410481CA748601A2AC0031D1F5FA846507C0
            SHA-256:44B6E9873A695FF18FDA8BA2DAA21E7C210CAB304E6C67F9EC092E69582E3415
            SHA-512:FC1A3D379F6C1962DCAA88A6A4CF63FE7A28ADD3EEB80320C523A53FD81ECDEF0571F8EF97FC20F829DD408674D0B0D7E17ED2B0A770F7839D4285BD438AA95F
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.............Z3... ...@....... ...............................i....@..................................3..O....@..................0)...`.......2............................................... ............... ..H............text...`.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................<3......H.......P ..............l'......l2......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID.......0...#Blob......................3....................................../.......................t...........\.....\.....\...D.\...a.\.....\...-.\.................n.....n.....n...).n...1.n...9.n...A.n...I.n...Q.n...Y.n......./.....8.....W...#.`...+.{...3.....;.....C.....K.....S.......................Y.............

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl\System.Windows.Forms.Primitives.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):16176
            Entropy (8bit):6.744798953618253
            Encrypted:false
            SSDEEP:
            MD5:0A6392E98F90F55C93ABCB5D031BE39A
            SHA1:321CDB2DEEE50D1FA73DB60AB473B301906E2802
            SHA-256:88ABBF749B10C555753B22F53D2E0E2AF5729DFA4745A09ECC1B38E11D601F10
            SHA-512:2BE1808B83C5AB1360B8D6990DE14E83D1255E32A357E84A7F5B5AE3ADF4E71CDB5AF00FE4BF485D19A82D2147E3945A4A235E2A4BFC9662FA0E6E1ECC6480EA
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....n............" ..0.............^+... ...@....... ...............................=....@..................................+..O....@..................0)...`.......*............................................... ............... ..H............text...d.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................@+......H.......P ..............h%......p*......................................BSJB............v4.0.30319......l...D...#~...... ...#Strings............#US.........#GUID.......4...#Blob......................3....................................../.......................x...........`.....`.....`...D.`...a.`.....`...-.`.................r.....r.....r...).r...1.r...9.r...A.r...I.r...Q.r...Y.r......./.....8.....W...#.`...+.{...3.....;.....C.....K.....S.......................].............

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl\System.Windows.Forms.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):366376
            Entropy (8bit):5.329091897373038
            Encrypted:false
            SSDEEP:
            MD5:FEC4E7F7436893CDD25B9A9389180484
            SHA1:ABA660F3CA5FF97344CB5B6596098687A45003C3
            SHA-256:FDF4A10B30387750B6D08B9B050A6A166F03054A29A4AD3599674158B547C5D7
            SHA-512:3C479DF85024691089D9658B26203DB2EFC5B68439D01867ACB0A79C3A070B48C4ED0371BB834F75E6C1714B8B658A40537DFC863FCF3A38DFB5A770B0DEAC72
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....v............" ..0..d.............. ........... ..............................h.....@.....................................O....................n..()........................................................... ............... ..H............text....c... ...d.................. ..`.rsrc................f..............@..@.reloc...............l..............@..B.......................H.......P ..P............%..`]..........................................BSJB............v4.0.30319......l...\...#~......L...#Strings............#US.........#GUID...(...(...#Blob......................3....................................../.......................m...=.......U.....U.....U...D.U...a.U.....U...-.U.................g.....g.....g...).g...1.g...9.g...A.g...I.g...Q.g...Y.g......./.....8.....W...#.`...+.{...3.....;.....C.....K.....S.......................R.............

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl\System.Windows.Input.Manipulations.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):16680
            Entropy (8bit):6.742493914191548
            Encrypted:false
            SSDEEP:
            MD5:C8D02E38B683CC82B5DF8DA7D4DD7A32
            SHA1:2C84CB090E9DBE3F84456D32C2617FE5CA4670F9
            SHA-256:303F9138526E26A9B163C434B51E2DFB99F96E16D491F6BF2C4B9924DFC469DF
            SHA-512:2F7B8793CFF3F4D1A1C04263358D1880EDDBE57E9E8217D43F0DF95444BF33CF165C0FE401372EC06B7FF90AECD67185476BA2AA883441A877CFB1E9B05099BC
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..............." ..0.............~-... ...@....... ...............................>....@.................................,-..O....@..................()...`.......-............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................`-......H.......P ..............@%..P....,......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID.......4...#Blob......................3..................................................q.....q.....^...........F.....F...D.F...a.F.....F...-.F.................X.....X.....X...).X...1.X...9.X...A.X...I.X...Q.X......./.....8.....W...#.`...+.{...3.....;.....C.....K.......................C...............................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl\System.Xaml.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):69936
            Entropy (8bit):5.869986248437176
            Encrypted:false
            SSDEEP:
            MD5:898432B8C438539AB40532710F8174D0
            SHA1:23B92EFECD2CD1C8797BA7744DD8FEABE1C0E97A
            SHA-256:91A98BD74DA15E84F11EAD5327E4273E22FEC510E85F7237554721AC4AB0EB1A
            SHA-512:F2E326F050C75CC546E0BD01DF248BEF82312801A26EEA42EA5562E3E29FA837D70094C92D0444C614A8FA63FD9742784F88565ADA8EABA2FD00895A2DE5B8DB
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...\.d..........." ..0.................. ........... .......................@............@.....................................O.......L...............0)... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...L...........................@..@.reloc....... ......................@..B........................H.......P ...............$.. ...........................................BSJB............v4.0.30319......l...0...#~..........#Strings....d.......#US.h.......#GUID...x.......#Blob......................3..................................................Z.....Z.....G.........../...../...D./...a./...../...-./.................A.....A.....A...).A...1.A...9.A...A.A...I.A...Q.A......./.....8.....W...#.`...+.{...3.....;.....C.....K.....................z.,...............................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl\UIAutomationClient.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):20280
            Entropy (8bit):6.5792159305857325
            Encrypted:false
            SSDEEP:
            MD5:7DAA904B86B8F034FD1CDF5999C6321A
            SHA1:FE36FE11074F9C5C073C472F9D9E1891F16964D0
            SHA-256:74AE898F126BEFD2DF1CA7268870223323E06DA4F101DABCD6CA068A1F4C32ED
            SHA-512:33FAA5EE1F5C097D536F033ED956C9F8BBC5B0E32A2EA12D4B71254812D420DCDFAF8E8BF087A54CD039D2B0E660AE5D9EDA5D290C0365417485919E87E6DEFD
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...W(............" ..0.............f;... ...@....... ..............................v.....@..................................;..O....@...............&..8)...`.......:............................................... ............... ..H............text...l.... ...................... ..`.rsrc........@......................@..@.reloc.......`.......$..............@..B................H;......H.......P ..@............%......x:......................................BSJB............v4.0.30319......l...0...#~..........#Strings....x.......#US.|.......#GUID...........#Blob......................3..................................................a.....a.....N...........6.....6...D.6...a.6.....6...-.6.................H.....H.....H...).H...1.H...9.H...A.H...I.H...Q.H.......................#.....+.....3.@...;.T...C.....K.......................3...............................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl\UIAutomationClientSideProviders.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):21288
            Entropy (8bit):6.377595511606088
            Encrypted:false
            SSDEEP:
            MD5:B5B07273B791A86A6BD9F6021E2B3015
            SHA1:11D3AECE0AE5D861CBAC0620D13807789827EBDB
            SHA-256:40E71048E663089362F4D910A72ED2CBC4DC686BE5DEEC73FF1227A1D7EEB133
            SHA-512:08489C06DA89BB9BB2EC0642B0BEEB3E2F631243C38222BC815C6914FC70F7970595F86BF78146D7DFFA4A1BC0E8431D33ACEB48294B52631DBC4326544D79A2
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.. ...........>... ...@....... ...............................&....@..................................>..O....@...............*..()...`.......>............................................... ............... ..H............text........ ... .................. ..`.rsrc........@......."..............@..@.reloc.......`.......(..............@..B.................>......H.......P ..............4%.......>......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID.......0...#Blob......................3..................................................n.....n.....[...........C.....C...D.C...a.C.....C...-.C.................U.....U.....U...).U...1.U...9.U...A.U...I.U...Q.U......./.....8.....W...#.`...+.{...3.....;.....C.....K.......................@...............................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl\UIAutomationProvider.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):15624
            Entropy (8bit):6.724688893243293
            Encrypted:false
            SSDEEP:
            MD5:104B2B8FD1A2022CD751CF7EC8E3F7FB
            SHA1:8A5B020C038D15871E3E5677EFEB899AEA5F2E15
            SHA-256:6173A5813203ECA0F888518A481A4182200BFA492C384BCD618717BC5A330CC2
            SHA-512:8D4C6A9F9241C844658841D65DBB45B6CE05746735EA3368693BD8C2B3CB5C1F7A56C9DA2CE86CEF34B9B2E6565579F33F195739E50E35A899EFBBEB3A2B93FF
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.............J(... ...@....... ..............................{4....@..................................'..O....@...................)...`.......'............................................... ............... ..H............text...P.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................,(......H.......P ..L............%......\'......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................c.....c.....P...........8.....8...D.8...a.8.....8...-.8.................J.....J.....J...).J...1.J...9.J...A.J...I.J...Q.J.......................#.....+.....3.@...;.T...C.....K.......................5...............................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl\UIAutomationTypes.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):18736
            Entropy (8bit):6.487684668583385
            Encrypted:false
            SSDEEP:
            MD5:85CF6DF35E05852C297B1CA117560DFF
            SHA1:EDE984A9775B629571AA876E9BFA7DD4FD21E699
            SHA-256:410FDB4F34AB690C45E732637CCB1353B6808EC1A9D27738792626D6BB0FA2E3
            SHA-512:6ADD4B9F8B9A6DA10308BE3960A7A2329064DCF53E2D1A738D6503A3148C5AA3B6B2E4EA508533D29019AF85618110FAB7BFDA2CB0E53B78B80A622594DCE144
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..............4... ...@....... ...............................O....@.................................l4..O....@..|............ ..0)...`......P4............................................... ............... ..H............text........ ...................... ..`.rsrc...|....@......................@..@.reloc.......`......................@..B.................4......H.......P ..@............%..@....3......................................BSJB............v4.0.30319......l...0...#~..........#Strings....x.......#US.|.......#GUID...........#Blob......................3..................................................`.....`.....M...........5.....5...D.5...a.5.....5...-.5.................G.....G.....G...).G...1.G...9.G...A.G...I.G...Q.G.......................#.....+.....3.@...;.T...C.....K.......................2...............................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl\WindowsBase.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):90928
            Entropy (8bit):5.6238842721783655
            Encrypted:false
            SSDEEP:
            MD5:6C73688E879CAA9E4C2740A43C45B9A0
            SHA1:58E8BDD64DED794842000079566D84EE0E4A5BE2
            SHA-256:671D896EF2DED3343E579C38E00EDBAFF72244C80F19F9F5CE873B4AFC841F64
            SHA-512:5001298AE4A3E087860CA9AA0BCD35A92D0122922E476AB96D8BC9A4921E8F85A1FA864745E6D94C12F02EC9583EE4D33E28933A0163E2E28CCC949B80434D90
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....y..........." ..0..0...........N... ...`....... ....................................@..................................M..O....`..L............:..0)...........M............................................... ............... ..H............text... .... ...0.................. ..`.rsrc...L....`.......2..............@..@.reloc...............8..............@..B.................M......H.......P ..$...........t%...'..,M......................................BSJB............v4.0.30319......l...0...#~..........#Strings....d.......#US.h.......#GUID...x.......#Blob......................3..................................................Z.....Z.....G.........../...../...D./...a./...../...-./.................A.....A.....A...).A...1.A...9.A...A.A...I.A...Q.A.......................#.....+.....3.@...;.T...C.....K.....................z.,...............................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pl\WindowsFormsIntegration.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):16184
            Entropy (8bit):6.7683521156911235
            Encrypted:false
            SSDEEP:
            MD5:D3E76690C7C421B476BA5CD527368098
            SHA1:BCE0BC5B78BFA5FDFCDAFAF6A9E88426BC99759C
            SHA-256:84C82CB7A784B2148EBEE1C5328ADEAA8C8DD2C76B7A2A172434E1E7EFBFC8C2
            SHA-512:471F1EF7620805C216B92AC1A7FA69C677F513EE0FED36D12DBCD32982650C26E8E994676CAEB844C30020E3CE9F6131D7B759AE259BC689D46BBD8831AD4582
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....X..........." ..0.............R+... ...@....... ...............................&....@..................................+..O....@..................8)...`.......*............................................... ............... ..H............text...X.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................4+......H.......P ..T............%......d*......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................f.....f.....S...........;.....;...D.;...a.;.....;...-.;.................M.....M.....M...).M...1.M...9.M...A.M...I.M...Q.M.......................#.....+.....3.@...;.T...C.....K.......................8...............................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR\Microsoft.VisualBasic.Forms.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):25896
            Entropy (8bit):6.3311656433819286
            Encrypted:false
            SSDEEP:
            MD5:696DC55F1A5F3A63BA243B2A396B0079
            SHA1:631BAE7B4D11486E030F21DDE41CAF83B66BB43B
            SHA-256:F5715108D4D68BE1B3B318E7A1853A9E6928E45A0042E341878A2690236CED01
            SHA-512:D778BAB3B4679D65856B75B61BD6675725E8B995F5D314130685CD732B628A0F7DD9FF89ACF4FD32E32BAFFDFDF373CBECDEC2B1608CDBF215DA37BED59E77B0
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..2...........P... ...`....... ..............................u.....@.................................\P..O....`...............<..()..........@P............................................... ............... ..H............text....0... ...2.................. ..`.rsrc........`.......4..............@..@.reloc...............:..............@..B.................P......H.......P .. ...........p&..P)...O......................................BSJB............v4.0.30319......l...\...#~..........#Strings....L.......#US.P.......#GUID...`.......#Blob......................3......................................5.......................w...u......._....._....._...J._...g._....._...3._.................q.....q.....q...).q...1.q...9.q...A.q...I.q...Q.q...Y.q.......................#.....+.....3.@...;.a...C.u...K.....S.@...................O...............

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR\PresentationCore.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):109832
            Entropy (8bit):5.4127561765195935
            Encrypted:false
            SSDEEP:
            MD5:9A111F1377F3BFA745D055C47CB7E540
            SHA1:D050BBAEFD9D9D5810758EBAF8C55F2ECD61B172
            SHA-256:E4941578DE3F6D6480ED6460FC7285F4F1A0557C5A152FCD7ADA763D3FC30CAA
            SHA-512:B2F1836B8292A73A53990CB0FE9E163086D5574C518707600AE37E786758A7E3E425C828ED302183ABD8E714350DADC00F809217FB3623025CD1843891181DF0
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Tk..........." ..0..z..........6.... ........... ....................................@....................................O.......|................).......................................................... ............... ..H............text...<y... ...z.................. ..`.rsrc...|............|..............@..@.reloc..............................@..B........................H.......P ..@............%...r..H.......................................BSJB............v4.0.30319......l...0...#~..........#Strings....x.......#US.|.......#GUID...........#Blob......................3..................................................b.....b.....O...........7.....7...J.7...g.7.....7...3.7.................I.....I.....I...).I...1.I...9.I...A.I...I.I...Q.I.......................#.....+.....3.@...;.T...C.....K.......................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR\PresentationFramework.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):203040
            Entropy (8bit):5.274780308958065
            Encrypted:false
            SSDEEP:
            MD5:6927261E8C7A38A01E41221A3A897327
            SHA1:D8E3EF99ED64F4A8632CA41BC938CCED7FC7A828
            SHA-256:4B767CC1F712C3C620637B3033CBCB58D982721131F8FFA68638593B352225D0
            SHA-512:1F1B6374009DA7E49BC5419BEB88809F61A9135D531BEDE94BA5E0A40A39089340AEB1F522D8500C7387B99B089D2E342E1B3008B96F7657E9E2616488DBC23B
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...e............." ..0.................. ... ....... .......................`............@.....................................O.... .................. )...@....................................................... ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H.......P ..T............%..x...........................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................g.....g.....T...........<.....<...J.<...g.<.....<...3.<.................N.....N.....N...).N...1.N...9.N...A.N...I.N...Q.N.......................#.....+.....3.@...;.T...C.....K.......................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR\PresentationUI.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):45840
            Entropy (8bit):5.680362303617112
            Encrypted:false
            SSDEEP:
            MD5:EAFC11296D4001C4CA1063BC4FC1A535
            SHA1:FEF082F171FBC528F97C8725404E9E72910953A9
            SHA-256:F0B86AF69D7C202A85347C09AC65EFECBD32DD21A7A0AC184D5ED5E8D4CB55D4
            SHA-512:88393682DE08A3495B44758FBA1BD563BDB040739B5BB9692BD81D097B763567CF0A03D653D79130F3727F3F43129D7412DE9306A8D9F5DF279D153B4B8007E0
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....n..........." ..0.................. ........... ..............................;d....@.....................................O.......l................)........................................................... ............... ..H............text....~... ...................... ..`.rsrc...l...........................@..@.reloc..............................@..B.......................H.......P ..8............%...x..........................................BSJB............v4.0.30319......l...0...#~..........#Strings....t.......#US.x.......#GUID...........#Blob......................3..................................................`.....`.....M...........5.....5...J.5...g.5.....5...3.5.................G.....G.....G...).G...1.G...9.G...A.G...I.G...Q.G.......................#.....+.....3.@...;.T...C.....K.......................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR\ReachFramework.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):39176
            Entropy (8bit):5.8209791059009985
            Encrypted:false
            SSDEEP:
            MD5:93A7A3681C12A25ABEE1B5191486C944
            SHA1:6D4486700FF1DFA19C40F1306B5C1485A90B7974
            SHA-256:A6E2151A3B534BED84F2D5BEA6570C13B213F9E32FE36A51D79A0E46155E0ED9
            SHA-512:C92CA2A225C14EB67228DD5641B7E547A3D946110450FE00A198963ECA12C605A43F252034D5B9C6F2F60AD039E8CF5A4BBF74B5EB2D768286EA8E8803CEFDBA
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...z.6..........." ..0..f............... ........... ....................................@....................................O.......l............p...)........................................................... ............... ..H............text... d... ...f.................. ..`.rsrc...l............h..............@..@.reloc...............n..............@..B........................H.......P ..d............%..x]..,.......................................BSJB............v4.0.30319......l...<...#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................`.....`.....M...........5.....5...J.5...g.5.....5...3.5.................G.....G.....G...).G...1.G...9.G...A.G...I.G...Q.G.......................#.....+.....3.@...;.T...C.....K.......................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR\System.Windows.Controls.Ribbon.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):18720
            Entropy (8bit):6.572907011159451
            Encrypted:false
            SSDEEP:
            MD5:2033FEBDE20E87000BFC58EA3D056C31
            SHA1:9790C02B97FE1F8EC0C3C5933DB17D8EC4724FCE
            SHA-256:DD5A5090EDDFA12B666EB30B19FA872D1FE41537FD451AED4DBFC7C4A93ACF95
            SHA-512:3B2528026219B8DB1CB3464B816F418A92FD477B1905F7503699AE96D7391F019A818476014BDBF567A419D478A2183E43C58B8FFF39317ACC2073723ACE45D3
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Jiw..........." ..0..............5... ...@....... ....................................@..................................4..O....@............... .. )...`.......4............................................... ............... ..H............text...$.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................5......H.......P ..............8%......04......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID.......0...#Blob......................3..................................................p.....p.....]...........E.....E...J.E...g.E.....E...3.E.................W.....W.....W...).W...1.W...9.W...A.W...I.W...Q.W......./.....8.....W...#.`...+.{...3.....;.....C.....K.......................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR\System.Windows.Forms.Design.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):149256
            Entropy (8bit):5.432087611387099
            Encrypted:false
            SSDEEP:
            MD5:6CB2ACA232C03D418F81925C04828DE5
            SHA1:72BFFFB0915AEB32B43A4A59A339B3A8FD081717
            SHA-256:FE4146475FE189E4E53A88A0E7D76BD89754C0ACC0042EA4370FEB43C7C6312E
            SHA-512:B11412E0FACAB86F59D938532AA0AA70242ED61244EFFDAACEC845767714FEDB695F09E12B95239A1A23A9F1715DF3F1C218C4B6AA0BDBC067C70AB9661C4385
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B&............" ..0..............2... ...@....... ..............................G.....@.................................P2..O....@...................)...`......42............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................2......H.......P ..<............'..(....1......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID.......0...#Blob......................3......................................5.......................w..........._....._....._...J._...g._....._...3._.................q.....q.....q...).q...1.q...9.q...A.q...I.q...Q.q...Y.q......./.....8.....W...#.`...+.{...3.....;.....C.....K.....S.....................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR\System.Windows.Forms.Primitives.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):16168
            Entropy (8bit):6.733567629492749
            Encrypted:false
            SSDEEP:
            MD5:2885E8BBA9F83D681B968AD9CEF13B11
            SHA1:A440505F0F756D3B18D907E866D731EB77CFA99A
            SHA-256:5BACE635761B1ED11046213D673C94D347CEE2360F7180D3FF310567DF6EEC9D
            SHA-512:2F8932B6CCA7E114CC5D56F41F47B76D30CEB4AEF55964F50E7617599024EF65718D080D80E95CFEE648EFEF09EB89D465190584B37AAE61C48242614B32E933
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...g............." ..0.............j+... ...@....... ...............................u....@..................................+..O....@..................()...`.......*............................................... ............... ..H............text...p.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................L+......H.......P ..............l%......|*......................................BSJB............v4.0.30319......l...D...#~......$...#Strings............#US.........#GUID.......4...#Blob......................3......................................5.......................{...........c.....c.....c...J.c...g.c.....c...3.c.................u.....u.....u...).u...1.u...9.u...A.u...I.u...Q.u...Y.u......./.....8.....W...#.`...+.{...3.....;.....C.....K.....S.....................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR\System.Windows.Forms.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):359192
            Entropy (8bit):5.12537074675582
            Encrypted:false
            SSDEEP:
            MD5:320A31E500B99F09EF6B891512341747
            SHA1:4DF8D61697A0B262B98BDF7A13CB8926287FA32F
            SHA-256:8F8A2F1C7D5002BB11FECB370CCEC495ED0CFE39E6EAC810D724FA35BACE1ABA
            SHA-512:28D92248E748B26DFCD49E365129EA6207D885F5AE000333A562C3C9AE56FAFBB8DC32214C2DE6E4FF33977304D3E7271B3204E14D1217C1F2C3E8E36999B0CC
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....E..........." ..0..H...........g... ........... ....................................@.................................Xg..O....................R...)..........<g............................................... ............... ..H............text....G... ...H.................. ..`.rsrc................J..............@..@.reloc...............P..............@..B.................g......H.......P ..\............%...A...f......................................BSJB............v4.0.30319......l...\...#~......X...#Strings.... .......#US.$.......#GUID...4...(...#Blob......................3......................................5.......................p...I.......X.....X.....X...J.X...g.X.....X...3.X.................j.....j.....j...).j...1.j...9.j...A.j...I.j...Q.j...Y.j......./.....8.....W...#.`...+.{...3.....;.....C.....K.....S.....................*...............

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR\System.Windows.Input.Manipulations.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):16664
            Entropy (8bit):6.696456224037584
            Encrypted:false
            SSDEEP:
            MD5:31AFD76107179D54BDCE69918A45F696
            SHA1:EA0F25AB8AC3F63873A5ED300DA4F6CEB8FE5FC7
            SHA-256:8A667566DD1FEA5147F4C53D27A231007633808DEB7C5706387F3BC1E6131DC7
            SHA-512:7EF3509AAFBC3D635CAF4FA0B90E79F77A85FA1D0E0E809BAABA2061083FA8711C4D86C688A6BA6D551B15E7F665FB0F3CCA4A94DC8B951E4D6F3A3969C80C0E
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....r............" ..0..............-... ...@....... ...............................O....@..................................,..O....@...................)...`.......,............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................,......H.......P ..............H%...... ,......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID.......4...#Blob......................3..................................................t.....t.....a...........I.....I...J.I...g.I.....I...3.I.................[.....[.....[...).[...1.[...9.[...A.[...I.[...Q.[......./.....8.....W...#.`...+.{...3.....;.....C.....K.......................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR\System.Xaml.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):65800
            Entropy (8bit):5.6936042371104865
            Encrypted:false
            SSDEEP:
            MD5:D11BDBD6A7955591BC62CCBB89BBFC96
            SHA1:6BD43FBCEEAE6F3982D62747554332582E4747E5
            SHA-256:4DA501C570D2ED257489201D9F76C7DB234B836DAC1986AF5418AE6802D1296B
            SHA-512:8B9DE22273C0A93C332FCF5C1CFAF6AF3A96A9C1C4C7D7DF852EF65DD850A2B2392D8C21EEC6EAE8B67DB5C7D0DE37F640482E527292F7032EBC613479DC8BB0
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...TO............" ..0.................. ........... .......................@......m.....@.....................................O.......L................)... ......|................................................ ............... ..H............text........ ...................... ..`.rsrc...L...........................@..@.reloc....... ......................@..B........................H.......P ...............$..............................................BSJB............v4.0.30319......l...0...#~..........#Strings....l.......#US.p.......#GUID...........#Blob......................3..................................................].....].....J...........2.....2...J.2...g.2.....2...3.2.................D.....D.....D...).D...1.D...9.D...A.D...I.D...Q.D......./.....8.....W...#.`...+.{...3.....;.....C.....K.....................................................}.

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR\UIAutomationClient.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):20256
            Entropy (8bit):6.500092283948831
            Encrypted:false
            SSDEEP:
            MD5:2409B567D6FF4C8785ACBBD1FB209F4D
            SHA1:9565B9AC1C1F4FA90B2C87367BAA2A895967016B
            SHA-256:8EF5936DB26B9945CFC2011B988F9706AA0C1FD97151F2FD845FAC4414CFA9DF
            SHA-512:6C4EAB5404ABFDC58931EF24C82144F608057E78682A719F143FC0CCBBBB20175EC05C785D7EC2B33B36D63231377A7E2B3730E8323214B76BE9D212E8436A81
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...M.c..........." ..0..............:... ...@....... ...............................>....@.................................D:..O....@...............&.. )...`......(:............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`.......$..............@..B................x:......H.......P ..H............%.......9......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................d.....d.....Q...........9.....9...J.9...g.9.....9...3.9.................K.....K.....K...).K...1.K...9.K...A.K...I.K...Q.K.......................#.....+.....3.@...;.T...C.....K.......................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR\UIAutomationClientSideProviders.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):21280
            Entropy (8bit):6.336268451084481
            Encrypted:false
            SSDEEP:
            MD5:CB9B1F61B2087A49B469FEF227C7FAEF
            SHA1:694745934C8E5B6640E6045A12746CD6A34814F9
            SHA-256:03EAE5BB6644E1D3FDBD268A137606DE2E724AFBDA589FDEA6448F81D1001AAB
            SHA-512:7AE420471E417E73445D88373555651036282B862B463A70F865295F45DF4B5CA691E15685F621990665BECEC6D047D24338B6C372853FD8087D1D0C4ED7A745
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...+B\..........." ..0.. ...........>... ...@....... ..............................F.....@.................................0>..O....@...............*.. )...`.......>............................................... ............... ..H............text........ ... .................. ..`.rsrc........@......."..............@..@.reloc.......`.......(..............@..B................d>......H.......P ..............<%..X....=......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID.......0...#Blob......................3..................................................q.....q.....^...........F.....F...J.F...g.F.....F...3.F.................X.....X.....X...).X...1.X...9.X...A.X...I.X...Q.X......./.....8.....W...#.`...+.{...3.....;.....C.....K.......................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR\UIAutomationProvider.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):15648
            Entropy (8bit):6.712253048724575
            Encrypted:false
            SSDEEP:
            MD5:56C2924F578AB995842CC8E6521AEC7B
            SHA1:8BD826A9DD40B56BC5E2BF7BBD37FC045709BFAE
            SHA-256:35D4080898897788165CE2B5C4EC760BA572782FFBA6F1080D717C6505883587
            SHA-512:494368B0960241196376D07283145B8030D6C707D865FCEF72894337549DA20BE956CD0A653AE5C4FF0419C50D42EA6C9B9C6CC72748AAC59153917C57759B99
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.............&(... ...@....... ....................................@..................................'..O....@.................. )...`.......'............................................... ............... ..H............text...,.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P ..P............%......8'......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................f.....f.....S...........;.....;...J.;...g.;.....;...3.;.................M.....M.....M...).M...1.M...9.M...A.M...I.M...Q.M.......................#.....+.....3.@...;.T...C.....K.......................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR\UIAutomationTypes.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):18720
            Entropy (8bit):6.493288942194911
            Encrypted:false
            SSDEEP:
            MD5:8C47FD927E9A681A831BE2739DCA112A
            SHA1:8B24EC935FD4DB641DEFF53EC281CC5ACFEBB429
            SHA-256:078A0738BCC1258DFA6B1218FFD978801C97DB8A470565AEC2F0B50F84288FF6
            SHA-512:E42BF381A119F240B5DAA062E5852198EA0F2ABA8BE5F49E6E2B884AC00A37765DD9392349E1482F62634DE56B2E1219EABF7DA29D69EF4B4D8315B4FA80DA7C
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...3............." ..0..............4... ...@....... ...................................@..................................4..O....@..|............ .. )...`.......4............................................... ............... ..H............text........ ...................... ..`.rsrc...|....@......................@..@.reloc.......`......................@..B.................4......H.......P ..D............%..p....4......................................BSJB............v4.0.30319......l...0...#~..........#Strings....|.......#US.........#GUID...........#Blob......................3..................................................c.....c.....P...........8.....8...J.8...g.8.....8...3.8.................J.....J.....J...).J...1.J...9.J...A.J...I.J...Q.J.......................#.....+.....3.@...;.T...C.....K.......................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR\WindowsBase.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):89400
            Entropy (8bit):5.471917912548602
            Encrypted:false
            SSDEEP:
            MD5:D989AC1313A44E20144F0A31A01A067B
            SHA1:77FC2FD7A46AFA78AE3D4D1E5285CFA1DD4F96D5
            SHA-256:2F3EF615508A5C7C19CCB60AB7A4B6A87CFB011C34AD688893A026ABB161A1D8
            SHA-512:2EEFAE5148B134095148B7573CA1B946D5F1403506D32145FAF7A03CDCCA1ED6AE4264126700499339F6FDFABB2F33002A6127FF4C70510C6026C2150C452E14
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..*..........RI... ...`....... ..............................7s....@..................................I..O....`..L............4..8)...........H............................................... ............... ..H............text...X)... ...*.................. ..`.rsrc...L....`.......,..............@..@.reloc...............2..............@..B................4I......H.......P ..,...........|%..."..dH......................................BSJB............v4.0.30319......l...0...#~..........#Strings....l.......#US.p.......#GUID...........#Blob......................3..................................................].....].....J...........2.....2...J.2...g.2.....2...3.2.................D.....D.....D...).D...1.D...9.D...A.D...I.D...Q.D.......................#.....+.....3.@...;.T...C.....K.....................................................}.

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR\WindowsFormsIntegration.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):16144
            Entropy (8bit):6.729831599652097
            Encrypted:false
            SSDEEP:
            MD5:0ACC42F49EDB9F1B890A70F7DB71DE9C
            SHA1:38A9070D42CED3C42719B84356B80A8276EF7172
            SHA-256:AF95BD7A1E0DF002124526268041D24E61778CAB857F88D4016445092FEDF870
            SHA-512:268CA693129606054A67A537E4BCDE520A1613930CBD8F537CA8E6FCA16ACED5A76DC3FE199A3943ABB79365A3A8BC1D559C32CD5EF402398F1A295DE9133F8E
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..............*... ...@....... ..............................]8....@..................................*..O....@...................)...`.......*............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P ..\............%..X....*......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................i.....i.....V...........>.....>...J.>...g.>.....>...3.>.................P.....P.....P...).P...1.P...9.P...A.P...I.P...Q.P.......................#.....+.....3.@...;.T...C.....K.......................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru\Microsoft.VisualBasic.Forms.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):26920
            Entropy (8bit):6.461412993064052
            Encrypted:false
            SSDEEP:
            MD5:01984496A5398B1A0E27F22781A6424E
            SHA1:9093044BEAFA0FA8C76BB31AA24602A895FD2219
            SHA-256:C38AA3A15F6993775BD91E8411E3350BDF15B8A20ED49BD4267EBDE55E25D67F
            SHA-512:E0109EFB905FCF50C0D81BF1B5E905667241691A942AC8160B39AB9B8F9FC09738C2706FC6D5208A717FB045B808B828DC2AB525BD82B95FD7005AA73895DD0E
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...4.>..........." ..0..6...........U... ...`....... ...............................f....@..................................T..O....`...............@..()...........T............................................... ............... ..H............text... 5... ...6.................. ..`.rsrc........`.......8..............@..@.reloc...............>..............@..B.................T......H.......P ..............d&...-..,T......................................BSJB............v4.0.30319......l...\...#~......x...#Strings....@.......#US.D.......#GUID...T.......#Blob......................3....................................../.......................q...f.......Y.....Y.....Y...D.Y...a.Y.....Y...-.Y.................k.....k.....k...).k...1.k...9.k...A.k...I.k...Q.k...Y.k.......................#.....+.....3.@...;.a...C.u...K.....S.@.....................u.............

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru\PresentationCore.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):138520
            Entropy (8bit):5.547587208802839
            Encrypted:false
            SSDEEP:
            MD5:4AB43934469BECFF0533AFECBC2558D9
            SHA1:1EB4F46B11F9E5C634572408642394A55E341187
            SHA-256:2B5B4C6798F2CBCECE30CBEBE8CD43CCB1E40600329092467C29A49753D74243
            SHA-512:BFF9C14D815F765B2C582E965570BAA68C7E9C10E699ADFBEF887A6CBDA0434B5D234013AB7F2A2B50AECBE14627063ED8840899ED4DCBDEE2C8F21BC17B81E2
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...s.#..........." ..0.................. ... ....... .......................`......sw....@.....................................O.... ..|................)...@....................................................... ............... ..H............text... .... ...................... ..`.rsrc...|.... ......................@..@.reloc.......@......................@..B........................H.......P ..<............%......,.......................................BSJB............v4.0.30319......l...0...#~..........#Strings....t.......#US.x.......#GUID...........#Blob......................3..................................................\.....\.....I...........1.....1...D.1...a.1.....1...-.1.................C.....C.....C...).C...1.C...9.C...A.C...I.C...Q.C.......................#.....+.....3.@...;.T...C.....K.....................|.................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru\PresentationFramework.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):257808
            Entropy (8bit):5.430349084047802
            Encrypted:false
            SSDEEP:
            MD5:052637D0A216585C213C0D193DDA2876
            SHA1:6D59927AF626A95BA4BB406B467A071900AD2549
            SHA-256:B4C81C63E89D819AC5F2BB232373F15C80E4A98DD3A924A905B4519535FFC496
            SHA-512:DA7A9891785CD929B5DC6E17C69920DB62D89CC0F10C7290CC62181C605BC61A3A347377087226B2DBB06F95F59A5FB46C0A44A99BB5396623BBF1999CE56D15
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.................. ........... ....................... ............@.................................4...O........................)........................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B................h.......H.......P ..P............%..............................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................a.....a.....N...........6.....6...D.6...a.6.....6...-.6.................H.....H.....H...).H...1.H...9.H...A.H...I.H...Q.H.......................#.....+.....3.@...;.T...C.....K.......................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru\PresentationUI.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):54568
            Entropy (8bit):5.813107953316309
            Encrypted:false
            SSDEEP:
            MD5:E6EB8A88F93E051DDA0F9451607F23DA
            SHA1:F19583B5EF8594B8A8D7C25FAA85ECB4EE64DDCD
            SHA-256:C46992815EC208B0C4107F208566DFB5720CD846E923864C22A61FC8B3E2340D
            SHA-512:AEBCAC018AD94F3CE7131FF4A074F6B0CAEB8070C17F19F7A0F0F3EDBA7578DFA149AF32D5427B380845333A9072FD06477E294FE3A72A87D92E6423BF47012D
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...WQ............" ..0.................. ........... ....................... ............@.....................................O.......l...............()........................................................... ............... ..H............text........ ...................... ..`.rsrc...l...........................@..@.reloc..............................@..B........................H.......P ..0............%......(.......................................BSJB............v4.0.30319......l...0...#~..........#Strings....l.......#US.p.......#GUID...........#Blob......................3..................................................Z.....Z.....G.........../...../...D./...a./...../...-./.................A.....A.....A...).A...1.A...9.A...A.A...I.A...Q.A.......................#.....+.....3.@...;.T...C.....K.....................z.................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru\ReachFramework.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):44304
            Entropy (8bit):6.012072730335424
            Encrypted:false
            SSDEEP:
            MD5:B9299DFBD4418835B3160FF65274A5FB
            SHA1:F4E12C7324820462F933EEFA70581F3A8BD627E4
            SHA-256:C32C4A1C304BB14644F34C554BFD0F0D7947E74C72B49FF5420F6645C6CE444F
            SHA-512:F14C11F274C619C8B8291E436FDE5C8ACF55DCD2D5066013EAE4900BB410A52DEE2095528D467A0B1EF876FB4A98697BFBBA129807454018BC875BE41CD11564
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..."[@..........." ..0..z............... ........... ....................................@.....................................O.......l................)........................................................... ............... ..H............text....z... ...z.................. ..`.rsrc...l............|..............@..@.reloc..............................@..B.......................H.......P ..\............%..`s..........................................BSJB............v4.0.30319......l...<...#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................Z.....Z.....G.........../...../...D./...a./...../...-./.................A.....A.....A...).A...1.A...9.A...A.A...I.A...Q.A.......................#.....+.....3.@...;.T...C.....K.....................z.................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru\System.Windows.Controls.Ribbon.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):19720
            Entropy (8bit):6.599704210963045
            Encrypted:false
            SSDEEP:
            MD5:4BCCAC7457C3940B45FBE9C973FF1D1F
            SHA1:140381C4644E93B761914F9F0264D48C89F5A31B
            SHA-256:CBDE140E9BC4835088FBC0E9ED7952B1BD7362241BB06CB92106E03BBF4151B4
            SHA-512:7B3CD72C326D8B6B1D624427B98817362FCDCF59F6AF395A6DBAB44BA5ABF4FD38580590AA9A681A451D193B5EC841EB3F70D6073F97615BE0A0FA9AD609E525
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...1............" ..0.............&8... ...@....... ...................................@..................................7..O....@...............$...)...`.......7............................................... ............... ..H............text...,.... ...................... ..`.rsrc........@......................@..@.reloc.......`......."..............@..B.................8......H.......P ..............0%......87......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID.......0...#Blob......................3..................................................j.....j.....W...........?.....?...D.?...a.?.....?...-.?.................Q.....Q.....Q...).Q...1.Q...9.Q...A.Q...I.Q...Q.Q......./.....8.....W...#.`...+.{...3.....;.....C.....K.......................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru\System.Windows.Forms.Design.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):163112
            Entropy (8bit):5.713586048969182
            Encrypted:false
            SSDEEP:
            MD5:DF08F067C1968953E7A1282A462614D2
            SHA1:21A3E636C9F48BB5B89C03BC5C5BF64D23BE51A7
            SHA-256:1001B196135968493353966EDED2C8D1306F8474A1417BAF922041A77D8C9EDB
            SHA-512:862BB5B266828F996F929B17E6BF4A92B37B8CFCE8AAB2126FE02AA65F3CED2A5772B526DB06EA75C07AF56C3EE53CE5823F30C865AD35913C0E489A2591421E
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...\._..........." ..0..J...........i... ........... ....................................@.................................Hi..O....................T..()..........,i............................................... ............... ..H............text....I... ...J.................. ..`.rsrc................L..............@..@.reloc...............R..............@..B................|i......H.......P ..............l'..@A...h......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID.......0...#Blob......................3....................................../.......................q...........Y.....Y.....Y...D.Y...a.Y.....Y...-.Y.................k.....k.....k...).k...1.k...9.k...A.k...I.k...Q.k...Y.k......./.....8.....W...#.`...+.{...3.....;.....C.....K.....S.....................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru\System.Windows.Forms.Primitives.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):16680
            Entropy (8bit):6.728400051228888
            Encrypted:false
            SSDEEP:
            MD5:F880CA179C620B35847D0FA2D46F9F10
            SHA1:3813214716BC8120EFEB30631C7AC9F583E68903
            SHA-256:31E9B140F0082E8A5D7EF5859A8CB8499FD1C70AC0D07AA7BA631D5EF7DE450F
            SHA-512:B9D15E5ABD1B98BA745570F25F0B475B63C2D8924B04F1D3FAAF1C6CBDF5447EEEB8E8E997A81DC98D2DF2803F58DD993ADAEB2F5ED7F76DB96A5AF0AB3146B9
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Z............" ..0..............,... ...@....... ..............................J.....@.................................<,..O....@..................()...`...... ,............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................p,......H.......P ..............h%..8....+......................................BSJB............v4.0.30319......l...D...#~...... ...#Strings............#US.........#GUID.......4...#Blob......................3....................................../.......................u...........].....].....]...D.]...a.].....]...-.].................o.....o.....o...).o...1.o...9.o...A.o...I.o...Q.o...Y.o......./.....8.....W...#.`...+.{...3.....;.....C.....K.....S.....................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru\System.Windows.Forms.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):476984
            Entropy (8bit):5.279361368090579
            Encrypted:false
            SSDEEP:
            MD5:BEDB4C770DAB620C9B791AA5DAB48C72
            SHA1:C8771C91123D996D726F434C007AAB110900D617
            SHA-256:5ED62527CCF36312888BBF5B9096D637C444AE4A9E26F6E8277DD996E6B8F0F6
            SHA-512:985AE737B6BDAA2A87D814D694A6F6EB3CAC21CF360AC56733E8ACF1FE7741C6DF98F2FE06EE64485C43F0992D2B636CCB9F31973FB51BF2D02FD8C51BD9A72C
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....?#..........." ..0.............~3... ...@....... ..............................1.....@.................................,3..O....@..................8)...`.......3............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................`3......H.......P ..P............%.......2......................................BSJB............v4.0.30319......l...\...#~......L...#Strings............#US.........#GUID...(...(...#Blob......................3....................................../...........}.....}.....j...:.......R.....R.....R...D.R...a.R.....R...-.R.................d.....d.....d...).d...1.d...9.d...A.d...I.d...Q.d...Y.d......./.....8.....W...#.`...+.{...3.....;.....C.....K.....S.......................I.............

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru\System.Windows.Input.Manipulations.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):17208
            Entropy (8bit):6.772197444958431
            Encrypted:false
            SSDEEP:
            MD5:D89BDB9181656B6CD972659F9B8F1112
            SHA1:54991593D7F8BE05B6BDF5A569505AF2194787E2
            SHA-256:4A94488985B9F3F4A0F8E5168D8FD69D99B1651600E530E7A61DE2347C223EBF
            SHA-512:CF979D37423B739EE151B79F395EF956C509C3F9A96EE1516AFB7E1CE8051F4CE6EF647C66A3F9CC3D7FB3618E0419928311212DD1F9572AB6EF88A20C11A9A3
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.............F/... ...@....... ..............................=.....@.....................................O....@..................8)...`....................................................... ............... ..H............text...L.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................(/......H.......P ..............@%......X.......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID.......4...#Blob......................3..................................................n.....n.....[...........C.....C...D.C...a.C.....C...-.C.................U.....U.....U...).U...1.U...9.U...A.U...I.U...Q.U......./.....8.....W...#.`...+.{...3.....;.....C.....K.......................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru\System.Xaml.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):84776
            Entropy (8bit):5.708091097181237
            Encrypted:false
            SSDEEP:
            MD5:C609EF08B50C8A2A5474F581FB753562
            SHA1:E3D85F4E2CA7FB70C060F0CC9262FABCDDAD5F59
            SHA-256:8F0356FFCD0FD10C2DD2BFB94F42CAF57BD26500DFB1D23A5079E639B533A2C9
            SHA-512:20E24F11B34C421F3FF24B0EB65098680E614A74B17DD074C67479D1D3C4B5BA51368CC4E8E51FFECA6CE1D05761CAE1BB48312255B430A343173A567652892C
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..............." ..0..............7... ...@....... ..............................l.....@.................................p7..O....@..L............"..()...`......T7............................................... ............... ..H............text........ ...................... ..`.rsrc...L....@......................@..@.reloc.......`....... ..............@..B.................7......H.......P ...............$.......6......................................BSJB............v4.0.30319......l...0...#~..........#Strings....d.......#US.h.......#GUID...x.......#Blob......................3..................................................W.....W.....D...........,.....,...D.,...a.,.....,...-.,.................>.....>.....>...).>...1.>...9.>...A.>...I.>...Q.>......./.....8.....W...#.`...+.{...3.....;.....C.....K.....................w.................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru\UIAutomationClient.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):21776
            Entropy (8bit):6.564239115952037
            Encrypted:false
            SSDEEP:
            MD5:D34EFB58FD0FAAC21D2D3DA07EB78CC5
            SHA1:2CD1A38C13E8B090E4951C881A8936CE0E3C2C92
            SHA-256:C7BE1090C9603ED320E7C22562536AB85764F13ADD5821CD294CF22E6E7E524A
            SHA-512:6B7BF0F4358FC3A2934C021E0488BD8018E9054DFF6AD6D4315638573EE1F348649459303C7C7FF7F2B9C58A621CE782BC3FB2D8C235A5C095E8F8E9B4EFC410
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....H..........." ..0.."..........F@... ...`....... ..............................&/....@..................................?..O....`...............,...)...........?............................................... ............... ..H............text...L ... ...".................. ..`.rsrc........`.......$..............@..@.reloc...............*..............@..B................(@......H.......P ..@............%......X?......................................BSJB............v4.0.30319......l...0...#~..........#Strings....x.......#US.|.......#GUID...........#Blob......................3..................................................^.....^.....K...........3.....3...D.3...a.3.....3...-.3.................E.....E.....E...).E...1.E...9.E...A.E...I.E...Q.E.......................#.....+.....3.@...;.T...C.....K.....................~.................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru\UIAutomationClientSideProviders.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):22288
            Entropy (8bit):6.490748871945668
            Encrypted:false
            SSDEEP:
            MD5:D7F21990565B50F054F7C92A3B98325C
            SHA1:FA0ECFC3B4985CA256C7D374E31E36531E79611A
            SHA-256:AFABFC705398511DAAF7950F56BE1079BEAB727E806E70D99577E1491CB95268
            SHA-512:3801A3D22974D36DF9598EF50D1492F200CC1BA703EFCF032EDF90336FB629245FD5E85166885D551495BBAF6269D8A5EE531AFD9B0C7EB12D583E15C2757EF3
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..$...........C... ...`....... ...............................p....@.................................@C..O....`...................)..........$C............................................... ............... ..H............text....#... ...$.................. ..`.rsrc........`.......&..............@..@.reloc...............,..............@..B................tC......H.......P ..............4%..p....B......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID.......0...#Blob......................3..................................................k.....k.....X...........@.....@...D.@...a.@.....@...-.@.................R.....R.....R...).R...1.R...9.R...A.R...I.R...Q.R......./.....8.....W...#.`...+.{...3.....;.....C.....K.......................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru\UIAutomationProvider.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):15624
            Entropy (8bit):6.744527703876673
            Encrypted:false
            SSDEEP:
            MD5:CAA19A93368050CFA2570CE2DEE2006C
            SHA1:44707BA3406BCE810F9F0F93B3C170CBB03219D3
            SHA-256:CEA2EE041AD30131E502905FBE97C3AB7362A7DA6B84A4FB06013204FC1F704C
            SHA-512:01FFD27E7F621C365F5268AED209AD005EC9E4F6AF7A70ED886B24464F71190B5221723B4D6260E88038BDD2294BEF61F47408BDCC9001EB09BC6A51D5EEE741
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.............r(... ...@....... ....................................@................................. (..O....@...................)...`.......(............................................... ............... ..H............text...x.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................T(......H.......P ..L............%.......'......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................`.....`.....M...........5.....5...D.5...a.5.....5...-.5.................G.....G.....G...).G...1.G...9.G...A.G...I.G...Q.G.......................#.....+.....3.@...;.T...C.....K.......................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru\UIAutomationTypes.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):19208
            Entropy (8bit):6.538925043135208
            Encrypted:false
            SSDEEP:
            MD5:C560707E8BBC7B994EF9AED54BBE696E
            SHA1:22CE4926A2829A3513E29CF3211C727D38A82A2F
            SHA-256:4B463C96F8F9546D9610C41D65FB912C6188D4B9450E24E005D71F3B626E4A11
            SHA-512:C73B5F3C070DC42220C8E3A5218B0A02061A2450A0177AEFB67F847025FF9FD1FFA3ADE3646AD427448D7C70FF0C1AC68CA5627C160436F16EE5F0B1487D01DC
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...=............." ..0..............6... ...@....... ..............................E6....@.................................46..O....@..|............"...)...`.......6............................................... ............... ..H............text........ ...................... ..`.rsrc...|....@......................@..@.reloc.......`....... ..............@..B................h6......H.......P ..@............%.......5......................................BSJB............v4.0.30319......l...0...#~..........#Strings....x.......#US.|.......#GUID...........#Blob......................3..................................................].....].....J...........2.....2...D.2...a.2.....2...-.2.................D.....D.....D...).D...1.D...9.D...A.D...I.D...Q.D.......................#.....+.....3.@...;.T...C.....K.....................}.................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru\WindowsBase.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):111880
            Entropy (8bit):5.5542253857261334
            Encrypted:false
            SSDEEP:
            MD5:BBA2F2F2E0563D72FFDDFBED1FDD63B3
            SHA1:474B08260C04ECF90F87835D6426BD94E474C3ED
            SHA-256:696C530B25DA8621714D22EF8E137CCC4634755F077EA064D7C95B8E403C6393
            SHA-512:4439747E1A9961948CB653A85FEE8D7B379B69364AAA67075F3AA012C4D670320C0E930139AEAB719E624E1FC52B3013DD47F117CE4B31D08A2176D18BF6D116
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...~P............" ..0.............2.... ........... ....................................@....................................O.......L................).......................................................... ............... ..H............text...8.... ...................... ..`.rsrc...L...........................@..@.reloc..............................@..B........................H.......P ..$...........t%...z..D.......................................BSJB............v4.0.30319......l...0...#~..........#Strings....d.......#US.h.......#GUID...x.......#Blob......................3..................................................W.....W.....D...........,.....,...D.,...a.,.....,...-.,.................>.....>.....>...).>...1.>...9.>...A.>...I.>...Q.>.......................#.....+.....3.@...;.T...C.....K.....................w.................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\ru\WindowsFormsIntegration.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):16696
            Entropy (8bit):6.802489951900105
            Encrypted:false
            SSDEEP:
            MD5:414B5E6AC6A5D5ADE62757CCA774B2BF
            SHA1:06D5F67D76564CB86E594331D586E6D82FF25918
            SHA-256:1EEF9B6721F7C1B28870320B7DC3C84EEDAEAFC08AEE30146E2511625C0345CB
            SHA-512:746F7FC20BADA12C1EED9B930682BA116F8BB78BC2CDDF7DCB31D0C46345AE29CDA6E7ED37675FB7520EC5701D3CA12AA7E19E10F3987AFAAB50E0F6F74F62E9
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..............." ..0..............,... ...@....... ..............................8]....@..................................,..O....@..................8)...`.......,............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................,......H.......P ..T............%..h....,......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................c.....c.....P...........8.....8...D.8...a.8.....8...-.8.................J.....J.....J...).J...1.J...9.J...A.J...I.J...Q.J.......................#.....+.....3.@...;.T...C.....K.......................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr\Microsoft.VisualBasic.Forms.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):25392
            Entropy (8bit):6.405651344599737
            Encrypted:false
            SSDEEP:
            MD5:87ACE9AE39C4C09FA58499E949185CA1
            SHA1:8EE59712A4431360E5EAB159493552CB3A8553B6
            SHA-256:385BC803EE75756C18E19A5C0E93FD56F2FA1AE0EC7B2322E431D13985FB4084
            SHA-512:0709D1BB83E0E955D7499CE0646FB6F5EB2E49D3AC24DCFCE6EFEB3397C211E2B3F551BED094106DE6525C0D059F4E78F7C6F8890D0E071B9AC25B6390917BC9
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..0...........O... ...`....... ....................................@..................................O..O....`...............:..0)..........dO............................................... ............... ..H............text..../... ...0.................. ..`.rsrc........`.......2..............@..@.reloc...............8..............@..B.................O......H.......P ..............d&...(...N......................................BSJB............v4.0.30319......l...\...#~......x...#Strings....@.......#US.D.......#GUID...T.......#Blob......................3....................................../.......................t...i.......Y.....Y.....Y...D.Y...a.Y.....Y...-.Y.................k.....k.....k...).k...1.k...9.k...A.k...I.k...Q.k...Y.k.......................#.....+.....3.@...;.a...C.u...K.....S.@...................C.q.............

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr\PresentationCore.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):107808
            Entropy (8bit):5.52346064168231
            Encrypted:false
            SSDEEP:
            MD5:FFE7CC4D33416C1E57678823E9B8E73F
            SHA1:6A240AFECBD6AA87D170F641CD4FE189E5E70B6E
            SHA-256:24F9408A22703A7224C96ECE6666D7C6CA212A4490A77724E1FB9A9DDE046760
            SHA-512:B307AA3B6156AD677917CCC75BE0FCD73C2DF2BE962E07A8047E0BC238717FBFC32245DA49A882E3C393BFE358C378388D79B7409AC8101EAA5F6671601912F2
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....{h..........." ..0..r.............. ........... ..............................;.....@.................................p...O.......|............|.. )..........T................................................ ............... ..H............text....p... ...r.................. ..`.rsrc...|............t..............@..@.reloc...............z..............@..B........................H.......P ..<............%..Hj.........................................BSJB............v4.0.30319......l...0...#~..........#Strings....t.......#US.x.......#GUID...........#Blob......................3.................................................._....._.....L...........1.....1...D.1...a.1.....1...-.1.................C.....C.....C...).C...1.C...9.C...A.C...I.C...Q.C.......................#.....+.....3.@...;.T...C.....K.......................I...............................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr\PresentationFramework.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):196408
            Entropy (8bit):5.397628332248177
            Encrypted:false
            SSDEEP:
            MD5:C5463D9A40C4A735E057AABD12F2CC98
            SHA1:CB12026EB00177E9F6AA66E47FF671F618836C18
            SHA-256:5D9D1E2CB1ED36218EC073C2424BF2BB58656AC40DF5AF57F4D2C761FB422015
            SHA-512:DBA4D225D3FA6C7817EA5D026AA2A118ABBB48D8242242398BADFC06B369EB7382AA49F37C27697D782EBC7A85840544BBB673265CB358CB1B6552FA19276ED3
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.............F.... ........... .......................@............@.....................................O.......................8)... ....................................................... ............... ..H............text...L.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B................(.......H.......P ..P............%......X.......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................d.....d.....Q...........6.....6...D.6...a.6.....6...-.6.................H.....H.....H...).H...1.H...9.H...A.H...I.H...Q.H.......................#.....+.....3.@...;.T...C.....K.......................N...............................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr\PresentationUI.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):44848
            Entropy (8bit):5.777034598953757
            Encrypted:false
            SSDEEP:
            MD5:9C9CE77C70A7FA70695C865AECF2D94E
            SHA1:2AEAF73F8F8AC6DBC07E781F20F8A54D89498665
            SHA-256:8F4C61B69DAFE696C6A70657DE2EFF60D2A12461A95DC86657C3E6FFF0322C64
            SHA-512:CAF029020CDD97254526BA9351AC79A5B5870D687B73D76DBDF88F58BC128B334DECE2A1D0C024DB8DA6FA9EBA25B2EFF658ED6F5065C06ACDA98772F97963B4
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..|..........6.... ........... ..............................Q.....@....................................O.......l...............0).......................................................... ............... ..H............text...<{... ...|.................. ..`.rsrc...l............~..............@..@.reloc..............................@..B........................H.......P ..0............%...t..H.......................................BSJB............v4.0.30319......l...0...#~..........#Strings....l.......#US.p.......#GUID...........#Blob......................3..................................................].....].....J.........../...../...D./...a./...../...-./.................A.....A.....A...).A...1.A...9.A...A.A...I.A...Q.A.......................#.....+.....3.@...;.T...C.....K.....................}.G...............................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr\ReachFramework.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):38712
            Entropy (8bit):5.933008815332872
            Encrypted:false
            SSDEEP:
            MD5:B8F0F66F7AD0A512D381A69EC9AFB98E
            SHA1:FC32523DB1FCAB9196687E6CB466D21F30A5C808
            SHA-256:661DB0F7DE28266C01D45B8BBC336730242A47D079CBBB1AD0FDC077C386E8CB
            SHA-512:A7692110B1113EB729FC0293CB61085AA466417C6C0B1118E6818619DB1ECC9D5D25365E195078B76F67A846D82A220D23F8F85E5FFEB89F90505C28F36055A3
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....k............" ..0..d.............. ........... ..............................*.....@.....................................O.......l............n..8)........................................................... ............... ..H............text....c... ...d.................. ..`.rsrc...l............f..............@..@.reloc...............l..............@..B.......................H.......P ..\............%..X]..........................................BSJB............v4.0.30319......l...<...#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................].....].....J.........../...../...D./...a./...../...-./.................A.....A.....A...).A...1.A...9.A...A.A...I.A...Q.A.......................#.....+.....3.@...;.T...C.....K.....................}.G...............................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr\System.Windows.Controls.Ribbon.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):18704
            Entropy (8bit):6.574331231098304
            Encrypted:false
            SSDEEP:
            MD5:82B10FE9B3DBA1D0419C3A06A3D0B4DE
            SHA1:44FBB6487EC437DCA00FCBFD8D825F7B5A02CEBE
            SHA-256:B70CFF46E9308979F64C23267F0B1F6A2EC8A85B992F9F3FA8A8780EA2262225
            SHA-512:6A1CD2BC62BDFF52B529364D59ADCEBE5985B35E87DA19440EFC1AA3A3964720EE2B96A2C7165CA9757BFC2DF02B61017DAC413A7C6BA2A151CCE192A808D148
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.... {..........." ..0..............4... ...@....... ...............................'....@.................................l4..O....@............... ...)...`......P4............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................4......H.......P ..............0%.......3......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID.......0...#Blob......................3..................................................m.....m.....Z...........?.....?...D.?...a.?.....?...-.?.................Q.....Q.....Q...).Q...1.Q...9.Q...A.Q...I.Q...Q.Q......./.....8.....W...#.`...+.{...3.....;.....C.....K.......................W...............................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr\System.Windows.Forms.Design.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):148792
            Entropy (8bit):5.49430849750309
            Encrypted:false
            SSDEEP:
            MD5:98107B6C061E29412AEA6FC4C99BC56D
            SHA1:EB29F85B87C5718248FE6495A6765BED9A502B73
            SHA-256:373A90F9BE0B3619C539B9300D61EEDB6FAC282577379CFFFFD9CCE9B52C2764
            SHA-512:F887415B753FE52AA4F4FA26765BA2A958411E1BF4992B94E2FB57CAEFE40745ACC9ED9000CDD08E8948046DA854BEC86BDFCAC8A1CA01E67B4EE1B31A784251
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...G............" ..0.............R1... ...@....... ....................................@..................................1..O....@..................8)...`.......0............................................... ............... ..H............text...X.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................41......H.......P ..............l'......d0......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID.......0...#Blob......................3....................................../.......................t...........Y.....Y.....Y...D.Y...a.Y.....Y...-.Y.................k.....k.....k...).k...1.k...9.k...A.k...I.k...Q.k...Y.k......./.....8.....W...#.`...+.{...3.....;.....C.....K.....S.......................q.............

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr\System.Windows.Forms.Primitives.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):16168
            Entropy (8bit):6.758677540080937
            Encrypted:false
            SSDEEP:
            MD5:4F6990DEE02F59142C4D5040F83FB7A4
            SHA1:1D99C6E88ECDCC523600C87CA7DD503FD7A12060
            SHA-256:BC7D846B7C1E9993E3CE082C7A26BB8031CCAF9AB953C79D4EC25D763D0AF084
            SHA-512:1ABFD651DE13969FAE3FDBD6D1B7FDA58C44267389F32939279DF28529F9AEA819B59BD5C4C7F3412FEF13102227C341B5AF017FC9C6217D64812F4C2BD6EB33
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..............+... ...@....... ....................................@.................................4+..O....@..................()...`.......+............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................h+......H.......P ..............h%..0....*......................................BSJB............v4.0.30319......l...D...#~...... ...#Strings............#US.........#GUID.......4...#Blob......................3....................................../.......................x...........].....].....]...D.]...a.].....]...-.].................o.....o.....o...).o...1.o...9.o...A.o...I.o...Q.o...Y.o......./.....8.....W...#.`...+.{...3.....;.....C.....K.....S.......................u.............

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr\System.Windows.Forms.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):361784
            Entropy (8bit):5.2716570184546265
            Encrypted:false
            SSDEEP:
            MD5:3EE409732311639B99C05CBE9EF247B5
            SHA1:B47BC46E2EA0059E65AEF7A121E93F60E816ADF4
            SHA-256:907CE71127433714CA0C93236D0908F15145C41069FAA0A5E55CF2E84447B939
            SHA-512:5001DB537B6640D36D10429CA6931F7908D4F964F7E98739492A7DCD944916D444FFFB636707511B440988915F79660E4628EA6098EB4A84C9300F69D0E29E49
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....P............" ..0..R...........q... ........... ..............................g.....@..................................p..O....................\..8)...........p............................................... ............... ..H............text....Q... ...R.................. ..`.rsrc................T..............@..@.reloc...............Z..............@..B.................p......H.......P ..P............%..xJ...p......................................BSJB............v4.0.30319......l...\...#~......L...#Strings............#US.........#GUID...(...(...#Blob......................3....................................../.......................m...=.......R.....R.....R...D.R...a.R.....R...-.R.................d.....d.....d...).d...1.d...9.d...A.d...I.d...Q.d...Y.d......./.....8.....W...#.`...+.{...3.....;.....C.....K.....S.......................j.............

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr\System.Windows.Input.Manipulations.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):16648
            Entropy (8bit):6.695897690802554
            Encrypted:false
            SSDEEP:
            MD5:7C5FB928FBABB065BF0398D0B12C03D4
            SHA1:5A5C01B408842AA6F76048814FF223E24C1FDB75
            SHA-256:16B8592DB186105513B85DD43541B9F554158CC8901CDAD2C4F6F077DDAEB1C0
            SHA-512:F2AAD4AA9AA5972948500D329999BA3CDD9E0ECE6996F7C0FE429BF7ACF6C220DC7739387D833FBF5960640312819726551EBDE89FB2654E24D84F0E272718E6
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@.8..........." ..0..............,... ...@....... ....................................@..................................,..O....@...................)...`......x,............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................,......H.......P ..............@%.......+......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID.......4...#Blob......................3..................................................q.....q.....^...........C.....C...D.C...a.C.....C...-.C.................U.....U.....U...).U...1.U...9.U...A.U...I.U...Q.U......./.....8.....W...#.`...+.{...3.....;.....C.....K.......................[...............................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr\System.Xaml.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):65328
            Entropy (8bit):5.829516250538524
            Encrypted:false
            SSDEEP:
            MD5:4D552C07CC494319D6FE18CF9C0C8242
            SHA1:812FD50184F399899107308057400AE50ABCDE7E
            SHA-256:ABA3E4C4243AA37E596F7F5746BD9E5C220CC297E8FFAC2938E7D8697235BE8B
            SHA-512:81F1623E3023900469B762AA37AEC830E882FAF79A9B6CCE89A4F3EC180B8A2EF5CCFDB24F328278E5275E3CC27D44A3CD47975392A82840921D82F57D4590B7
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...M.D..........." ..0.............z.... ........... .......................@............@.................................(...O.......L...............0)... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...L...........................@..@.reloc....... ......................@..B................\.......H.......P ...............$..............................................BSJB............v4.0.30319......l...0...#~..........#Strings....d.......#US.h.......#GUID...x.......#Blob......................3..................................................Z.....Z.....G...........,.....,...D.,...a.,.....,...-.,.................>.....>.....>...).>...1.>...9.>...A.>...I.>...Q.>......./.....8.....W...#.`...+.{...3.....;.....C.....K.....................z.D...............................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr\UIAutomationClient.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):20264
            Entropy (8bit):6.502961275918569
            Encrypted:false
            SSDEEP:
            MD5:D69755309718204D29B586CA99C63A65
            SHA1:52AD964E6136E91BD8333A6008EBAFC069EDC4C1
            SHA-256:3F0266C947790F2D5C1CFCA184B65027D83077BBA7698C8E77E884355D48A446
            SHA-512:3E7AB6AF72BDA00770C0C716531BAD1B9F4FEBC08CBE9C3503AE6C531273B7ED927021B1B480B8C07F27B19277537C9653B2795504EAD1F66270452433D92ACC
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...S............." ..0..............:... ...@....... ...............................D....@..................................9..O....@...............&..()...`.......9............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`.......$..............@..B.................9......H.......P ..@............%...... 9......................................BSJB............v4.0.30319......l...0...#~..........#Strings....x.......#US.|.......#GUID...........#Blob......................3..................................................a.....a.....N...........3.....3...D.3...a.3.....3...-.3.................E.....E.....E...).E...1.E...9.E...A.E...I.E...Q.E.......................#.....+.....3.@...;.T...C.....K.......................K...............................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr\UIAutomationClientSideProviders.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):21256
            Entropy (8bit):6.367222053838259
            Encrypted:false
            SSDEEP:
            MD5:5B6C9D8848976B2FF9E38928CB704461
            SHA1:AC70F3A945E2B98664E30DEC95E116C70ADD40A6
            SHA-256:1D1F2EED557E40ED6D8926CB886624A68AB7CDC057552A40B2E75CC8CE8E1DA6
            SHA-512:E65B6DBB7B310EA64B6C898F913EA0D03B488C7F4EE696E5101FCC1545D30FEBBEE0559CDDDD167D5B6A0E1BE93D0BD5328A4C7F386A69B774E613630A71032A
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....7............" ..0.. ..........z>... ...@....... ....................................@.................................(>..O....@...............*...)...`.......>............................................... ............... ..H............text........ ... .................. ..`.rsrc........@......."..............@..@.reloc.......`.......(..............@..B................\>......H.......P ..............4%..X....=......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID.......0...#Blob......................3..................................................n.....n.....[...........@.....@...D.@...a.@.....@...-.@.................R.....R.....R...).R...1.R...9.R...A.R...I.R...Q.R......./.....8.....W...#.`...+.{...3.....;.....C.....K.......................X...............................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr\UIAutomationProvider.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):15648
            Entropy (8bit):6.718243549907076
            Encrypted:false
            SSDEEP:
            MD5:3D05D0569DABEB25B4326DB61F0B5679
            SHA1:CD62ABC8BC5ADADBB96999F26123E281A429A8E6
            SHA-256:9650589E2E933D37F1F820AEAF3B81238CFE9CFB1565B37D51FA6AF3D7679683
            SHA-512:D7150AE64523CDBA9CBA428243D4181AE008EA8F349AA36CB68101FF335E77F82EFD5FD3E9974B61222CFAC461041041F3971486A046C2E3D00CD9ADA0EFB859
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....j............" ..0.............2(... ...@....... ....................................@..................................'..O....@.................. )...`.......'............................................... ............... ..H............text...8.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P ..L............%......D'......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................c.....c.....P...........5.....5...D.5...a.5.....5...-.5.................G.....G.....G...).G...1.G...9.G...A.G...I.G...Q.G.......................#.....+.....3.@...;.T...C.....K.......................M...............................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr\UIAutomationTypes.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):18696
            Entropy (8bit):6.490840001034783
            Encrypted:false
            SSDEEP:
            MD5:2FCAF6A517921A88E0452857E465F6AC
            SHA1:E86E482638CEE2E098733D17E69F8F7B1D512914
            SHA-256:97FBD14A4AE7CD4792A490CA6BCB6F81C910EB70AC786FAEFF284D06FB459867
            SHA-512:28FBF5AD4469DBCEC98B13F72C51B195DC4438B14516AC2DC6CBCB31E3F3ECEE0155351D18D79C96FFEC9161CB9847695134635DBD48817E9F505BF6EC4B2939
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..............4... ...@....... ..............................=.....@.................................L4..O....@..|............ ...)...`......04............................................... ............... ..H............text........ ...................... ..`.rsrc...|....@......................@..@.reloc.......`......................@..B.................4......H.......P ..@............%.. ....3......................................BSJB............v4.0.30319......l...0...#~..........#Strings....x.......#US.|.......#GUID...........#Blob......................3..................................................`.....`.....M...........2.....2...D.2...a.2.....2...-.2.................D.....D.....D...).D...1.D...9.D...A.D...I.D...Q.D.......................#.....+.....3.@...;.T...C.....K.......................J...............................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr\WindowsBase.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):85272
            Entropy (8bit):5.606235712976173
            Encrypted:false
            SSDEEP:
            MD5:52A96D4AB2C9BD4E4DCD0AA854B44A40
            SHA1:90A635F4C2EA7FF3E1A05C2C6609CCE01D566936
            SHA-256:5FF7D24DA9D4CB20799BBF34C35948E4D15E728D476C7E4E964FBD8E10F62E60
            SHA-512:8D46EDEDB411AE72B6016B0F39665FD5D045129EABDB6BB3F10310C398277D10FA32CDDD5E1C05150B9926E6AE04270DE8000AB140FCDD7AD9365136AAC3B496
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Y>..........." ..0..............9... ...@....... .............................../....@.................................H9..O....@..L............$...)...`......,9............................................... ............... ..H............text........ ...................... ..`.rsrc...L....@......................@..@.reloc.......`......."..............@..B................|9......H.......P ..$...........t%..8....8......................................BSJB............v4.0.30319......l...0...#~..........#Strings....d.......#US.h.......#GUID...x.......#Blob......................3..................................................Z.....Z.....G...........,.....,...D.,...a.,.....,...-.,.................>.....>.....>...).>...1.>...9.>...A.>...I.>...Q.>.......................#.....+.....3.@...;.T...C.....K.....................z.D...............................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr\WindowsFormsIntegration.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):16144
            Entropy (8bit):6.731160475044457
            Encrypted:false
            SSDEEP:
            MD5:647B1BCC7D041EE3C4220D98251F1229
            SHA1:C66093BCDB4ECC193CDBAA93CED7FC055B42631F
            SHA-256:3D6897BE0292A83365E7D75182918EE5814D2E6DD769B782EFDBBC5D94773786
            SHA-512:D0F647ACB50C4715BC76D81CFED0035E1FFCADF1A98DC61EAED48809BFB8C66F0F8B9C6B3F4404685D17ED92900039D4FB3F606BFE357CD59469B8413FEE4C60
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..............*... ...@....... ....................................@.................................x*..O....@...................)...`......\*............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P ..T............%..8....)......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................f.....f.....S...........8.....8...D.8...a.8.....8...-.8.................J.....J.....J...).J...1.J...9.J...A.J...I.J...Q.J.......................#.....+.....3.@...;.T...C.....K.......................P...............................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\vcruntime140_cor3.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
            Category:dropped
            Size (bytes):119888
            Entropy (8bit):6.600983758182253
            Encrypted:false
            SSDEEP:
            MD5:CAF9EDDED91C1F6C0022B278C16679AA
            SHA1:4812DA5EB86A93FB0ADC5BB60A4980EE8B0AD33A
            SHA-256:02C6AA0E6E624411A9F19B0360A7865AB15908E26024510E5C38A9C08362C35A
            SHA-512:32AC84642A9656609C45A6B649B222829BE572B5FDEB6D5D93ACEA203E02816CF6C06063334470E8106871BDC9F2F3C7F0D1D3E554DA1832BA1490F644E18362
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......|6..8W..8W..8W..s/..:W..1/S.3W..8W...W..8W..9W......(W......'W......-W......9W....?.9W......9W..Rich8W..........PE..d................." ...(."...d............................................................`A........................................0u..4...d}..........................PP...........^..p............................\..@............@...............................text............................... ..`fothk........0...................... ..`.rdata...C...@...D...&..............@..@.data................j..............@....pdata...............n..............@..@_RDATA...............z..............@..@.rsrc................|..............@..@.reloc..............................@..B................................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\wpfgfx_cor3.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
            Category:dropped
            Size (bytes):1964344
            Entropy (8bit):6.322438173889707
            Encrypted:false
            SSDEEP:
            MD5:F7372C2A2C9819A2E6343AB513CCAAFE
            SHA1:4FC9CFA32D41F4EE2BE4098B9A9D36616BFC53EC
            SHA-256:3A9B23244309599EC9AE6F327580D063BAFC99192753229DCB3BE133E05C849C
            SHA-512:DAED3EE85A557F354ADF02AE00434A210456C5F4DA497B4962B6B90948F23EBBFE70CA8753C2F9D4EECFDC077DBF03208D73E84A56D9E24BDA202A336FE83713
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........EL...L...L...X..N...X..M...E...B...\...D...\...F...\...~...X..K...X..]...L...N.............M.....b.M...L...O.......M...RichL...........................PE..d...<..g.........." ...).J...........,.......................................P............`A............................................T...4...@................K......8)......d7...%..p....................'..(.......@............`..h......`....................text....H.......J.................. ..`.rdata...i...`...j...N..............@..@.data...........t..................@....pdata...K.......L...,..............@..@.didat..(............x..............@....rsrc................z..............@..@.reloc..d7.......8..................@..B........................................................................................................................................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans\Microsoft.VisualBasic.Forms.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):25384
            Entropy (8bit):6.4713368558590965
            Encrypted:false
            SSDEEP:
            MD5:490D6784A6955650BD8C8FD456497058
            SHA1:95BC4B25594C23167E68CE140203E4009D4C17D6
            SHA-256:1EFD1A3B153C8B0207637E42141D2C18B9037DFA270B2258D448490B00049364
            SHA-512:D4349CA07A358CC1D66D7A9011CA2A8E2E5E48494074B4D98910BE9EF1E6A3EDECCA4AD939130CEF65DFA77B8AE60A3F2C8B87122A89B434DE2142F275765B7E
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Z............." ..0..0...........N... ...`....... ..............................&.....@.................................\N..O....`...............:..()..........@N............................................... ............... ..H............text........ ...0.................. ..`.rsrc........`.......2..............@..@.reloc...............8..............@..B.................N......H.......P ..(...........x&..H'...M......................................BSJB............v4.0.30319......l...\...#~..........#Strings....T.......#US.X.......#GUID...h.......#Blob......................3....................................../.......................q...u.......Y.....Y.....Y...D.Y...a.Y.....Y...-.Y.................k.....k.....k...).k...1.k...9.k...A.k...I.k...Q.k...Y.k.......................#.....+.....3.@...;.a...C.u...K.....S.@...................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans\PresentationCore.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):100656
            Entropy (8bit):6.057706880912735
            Encrypted:false
            SSDEEP:
            MD5:59DD0A722E03842979F393A22A7F801B
            SHA1:AD8FAAD07B1DEA2A4675DD2BE08C22A44C7C0BD4
            SHA-256:C93E7826ACCBEFF1B3164098144ADE49ECB850D6A6C307FB25B5FFA3D5C9DEE8
            SHA-512:8F2ECA7F2F3379A68A68AE2C41A7332EE796566594DE6652DD1571F5FB533690251BB11574605DCAF955C532D5D666A1E3AFB3312C030A9DFBEB2F6F569F0624
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....M..........." ..0..V..........bt... ........... ....................................@..................................t..O.......|............`..0)...........s............................................... ............... ..H............text...hT... ...V.................. ..`.rsrc...|............X..............@..@.reloc...............^..............@..B................Dt......H.......P ..D............%...M..ts......................................BSJB............v4.0.30319......l...0...#~..........#Strings....|.......#US.........#GUID...........#Blob......................3..................................................\.....\.....I...........1.....1...D.1...a.1.....1...-.1.................C.....C.....C...).C...1.C...9.C...A.C...I.C...Q.C.......................#.....+.....3.@...;.T...C.....K.....................|.................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans\PresentationFramework.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):183600
            Entropy (8bit):6.029926373952167
            Encrypted:false
            SSDEEP:
            MD5:42068A31E9DAD65503D61B7B02075872
            SHA1:ED2E85B4F8718FF0FE4206FAC550CD3B4D9C7DCC
            SHA-256:752226373B0F9A845280D2EDE36012070EDA54B1816EAA9A9813C579147921EE
            SHA-512:28C96B4C69844E0B7AF1CB3590A5CBA65A548DF1B3C9A5957CFF4DE1AA7C7772F2D0B8224963FA94452F26081EBEF743142E21561C278D5F47E7B0724572F42B
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...#............" ..0.............&.... ........... ....................................@....................................O.......................0)........................................................... ............... ..H............text...,.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......P ..X............%......8.......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................a.....a.....N...........6.....6...D.6...a.6.....6...-.6.................H.....H.....H...).H...1.H...9.H...A.H...I.H...Q.H.......................#.....+.....3.@...;.T...C.....K.......................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans\PresentationUI.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):43320
            Entropy (8bit):6.124946352507213
            Encrypted:false
            SSDEEP:
            MD5:E8C7D737B5F2D3D62841D58006ACC5E2
            SHA1:6F703620E1C63A7EB801FDEE839BB5C1503B3D78
            SHA-256:0089760F2EEC12E9FF39091FD978A9695304521DB2B2F9E905D44D48F0CCCA87
            SHA-512:790B00E7AD88ED2D2F2480AE3392DA4B472321A206F439968C0E18372E06B2BB6921ACF9BAA387FD1DAD63C31B0FF3B95BFAB3F0C1AC5A1FA044BA4C2A88E1E8
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...2............." ..0..v............... ........... ..............................us....@.................................8...O.......l...............8)........................................................... ............... ..H............text....t... ...v.................. ..`.rsrc...l............x..............@..@.reloc...............~..............@..B................l.......H.......P ..<............%...n..........................................BSJB............v4.0.30319......l...0...#~..........#Strings....x.......#US.|.......#GUID...........#Blob......................3..................................................Z.....Z.....G.........../...../...D./...a./...../...-./.................A.....A.....A...).A...1.A...9.A...A.A...I.A...Q.A.......................#.....+.....3.@...;.T...C.....K.....................z.................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans\ReachFramework.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):37168
            Entropy (8bit):6.198982776870836
            Encrypted:false
            SSDEEP:
            MD5:850434157F000BAB65BD772B2E8B106B
            SHA1:7CDD2784C8B5238C3DF613F3FC74768820679276
            SHA-256:E2802A4A7220255B319AEB7DDF7F5F6856C782748ED7412623A962DD91AC3917
            SHA-512:5E2933BF9B36B6ACD3536518D0E544DD2619C37E62E3227F9292996662B1332A7C3C48D6D02CFD1EA41FB98DA0A4AA67E8C00019B21B867BA4BE7B6B09F4FCC6
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..../..........." ..0..^...........}... ........... ....................................@.................................T}..O.......l............h..0)..........8}............................................... ............... ..H............text....]... ...^.................. ..`.rsrc...l............`..............@..@.reloc...............f..............@..B.................}......H.......P ..h............%...W...|......................................BSJB............v4.0.30319......l...<...#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................Z.....Z.....G.........../...../...D./...a./...../...-./.................A.....A.....A...).A...1.A...9.A...A.A...I.A...Q.A.......................#.....+.....3.@...;.T...C.....K.....................z.................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans\System.Windows.Controls.Ribbon.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):18744
            Entropy (8bit):6.60129502055421
            Encrypted:false
            SSDEEP:
            MD5:56803E53A38A0913BC1C98DD9AD4EBE3
            SHA1:9B350888606D2F94731BD89B16E45938B51EB23F
            SHA-256:AF3B943FCD4B658A5AEFAE65085466AA941DB40AB94B6D93921FA313A009FD0E
            SHA-512:0CB96646FAAAE95AEB61ECD75332C86215C56D2F6FBD5167B2DA725BE868D1C88FBB14CF5F3FEE64559E644A1E269E37D421A15C8B74B477B650A27C1009C6C7
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....A..........." ..0..............4... ...@....... ..............................K.....@..................................3..O....@............... ..8)...`.......3............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................3......H.......P ..............<%.......3......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID.......0...#Blob......................3..................................................j.....j.....W...........?.....?...D.?...a.?.....?...-.?.................Q.....Q.....Q...).Q...1.Q...9.Q...A.Q...I.Q...Q.Q......./.....8.....W...#.`...+.{...3.....;.....C.....K.......................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans\System.Windows.Forms.Design.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):145192
            Entropy (8bit):5.763013462430825
            Encrypted:false
            SSDEEP:
            MD5:7F9AC02A6E92417CC355BEABCBB5F261
            SHA1:FB6A97C95D316DD6143CCA81419D21D95A08B8A0
            SHA-256:9411632D87AD1C96E849A1FBF883743B127D5E7A1E5C961379FE96AE835CF6D2
            SHA-512:FD0A2D6138CF10E8A08166BDD57093B1F60B7960782671B140A142650AE39EC99DDD3FA873C3C991A91142B8AA635FC0AF7E68F5CEF83BA8D161644C3C846383
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....f............" ..0.............^"... ...@....... ...............................'....@.................................."..O....@..................()...`.......!............................................... ............... ..H............text...d.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................@"......H.......P ..P............'......p!......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID... ...0...#Blob......................3....................................../.......................q...........Y.....Y.....Y...D.Y...a.Y.....Y...-.Y.................k.....k.....k...).k...1.k...9.k...A.k...I.k...Q.k...Y.k......./.....8.....W...#.`...+.{...3.....;.....C.....K.....S.....................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans\System.Windows.Forms.Primitives.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):16184
            Entropy (8bit):6.751660901168085
            Encrypted:false
            SSDEEP:
            MD5:AA8A1CC7FE6BEFFCA5B21CBBFC638D80
            SHA1:C6E49218852F3CBE2113771F6E3BD5CC274CDC6E
            SHA-256:E862F329258D9675A3067E45E0A747A64BE6DB5857694F9D82DDAF548BEAB970
            SHA-512:6F0518E704E4B7A9B55676F905AA11836BCF69991C50164546407E6B4C5F7C50AE45E66B74D4A38F250EC0F804BD0A28DAF6E7F24C891AE3C0D2D940B7ED487B
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...U.'..........." ..0..............*... ...@....... ..............................|.....@..................................*..O....@..................8)...`.......*............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P .. ...........p%.......*......................................BSJB............v4.0.30319......l...D...#~......(...#Strings............#US.........#GUID.......4...#Blob......................3....................................../.......................u...........].....].....]...D.]...a.].....]...-.].................o.....o.....o...).o...1.o...9.o...A.o...I.o...Q.o...Y.o......./.....8.....W...#.`...+.{...3.....;.....C.....K.....S....................... .............

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans\System.Windows.Forms.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):319792
            Entropy (8bit):5.937221398082348
            Encrypted:false
            SSDEEP:
            MD5:5461223E522CD274FF51A2EC24CCB63E
            SHA1:A16D14A360FD4172269811F0D038AB12EF6EE919
            SHA-256:38A68E4CA0CC34CF71BCCA0C8936242851424EDB6E2555BB7EE7915FC2A74084
            SHA-512:ACD8508CE2602DA0F50FCF9330C7083B67D2877ED6535A2C4365C6DB0DC00AE161A1A6C23BB321A769E6EF0A1ABE01F2027A8841DE182B42860016E0B80138AC
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...$.p..........." ..0.................. ........... ....................... ...........@.................................P...O.......................0)..........4................................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......P ..d............%..............................................BSJB............v4.0.30319......l...\...#~......`...#Strings....(.......#US.,.......#GUID...<...(...#Blob......................3....................................../...........}.....}.....j...I.......R.....R.....R...D.R...a.R.....R...-.R.................d.....d.....d...).d...1.d...9.d...A.d...I.d...Q.d...Y.d......./.....8.....W...#.`...+.{...3.....;.....C.....K.....S.......................X.............

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans\System.Windows.Input.Manipulations.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):16688
            Entropy (8bit):6.711617381461609
            Encrypted:false
            SSDEEP:
            MD5:ACA187D29B606A58EF05E86C14028963
            SHA1:BD53DD4E9AABD5C9630D119D8ABD0783075716ED
            SHA-256:97B59F1025B4DF9E7C356B7D1A99BBD661072D3C16A6595DE602CEA233799E28
            SHA-512:52B04E4C236568344EEFD97805FA356C30CA51E75C7BA3F55B2025E61668E72B6D801DC5AD75234B1E08519BD75A90347A7CCECB7FD6D8ADE12C6054921D4FAF
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...p.b..........." ..0.............R,... ...@....... ....................................@..................................,..O....@..................0)...`.......+............................................... ............... ..H............text...X.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................4,......H.......P ..............L%......d+......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID.......4...#Blob......................3..................................................n.....n.....[...........C.....C...D.C...a.C.....C...-.C.................U.....U.....U...).U...1.U...9.U...A.U...I.U...Q.U......./.....8.....W...#.`...+.{...3.....;.....C.....K.......................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans\System.Xaml.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):61200
            Entropy (8bit):6.420220106519639
            Encrypted:false
            SSDEEP:
            MD5:849718FC53262F836664F0213D467EB4
            SHA1:DC8E86CFD53E0B79606140269981E9129EEFD334
            SHA-256:B14B7EE883CBFF9A8FBF0A7FC0667EEA3CE80FD569CCDA2CAA036C499FA29BCC
            SHA-512:E537808CDC1E461783B2963DFFBB0278C4CD3AC85A2FDD284AEF2301203C1931AD166CC50C7BF41885657E94A89EDBB4DB2C149F0F630673C9CC037247331742
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....78..........." ..0.............>.... ........... ....................... ....../+....@.....................................O.......L................)........................................................... ............... ..H............text...D.... ...................... ..`.rsrc...L...........................@..@.reloc..............................@..B................ .......H.......P ...............$..`...P.......................................BSJB............v4.0.30319......l...0...#~..........#Strings....p.......#US.t.......#GUID...........#Blob......................3..................................................W.....W.....D...........,.....,...D.,...a.,.....,...-.,.................>.....>.....>...).>...1.>...9.>...A.>...I.>...Q.>......./.....8.....W...#.`...+.{...3.....;.....C.....K.....................w.................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans\UIAutomationClient.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):19760
            Entropy (8bit):6.66174081164747
            Encrypted:false
            SSDEEP:
            MD5:5D397F7807FF2C09373D283FD627145E
            SHA1:A917D484533B55E5806084FF820EFE103EF07758
            SHA-256:BA860C59EC805BB02FE1172E5EB32A195AF7B3D3434BEEC211962FD8D7787061
            SHA-512:2CEB91293138D24E3EF64E80E353151EB1D1465F89325A2AE1A956BCA1BB34C0DE4626FEE2915E3E5157A78647BD33D1CDF5C3B9B5AA63B2E9B2957DFBC3BD97
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....J..........." ..0..............8... ...@....... ..............................*.....@.................................H8..O....@...............$..0)...`......,8............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......."..............@..B................|8......H.......P ..L............%.......7......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................^.....^.....K...........3.....3...D.3...a.3.....3...-.3.................E.....E.....E...).E...1.E...9.E...A.E...I.E...Q.E.......................#.....+.....3.@...;.T...C.....K.....................................................~.

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans\UIAutomationClientSideProviders.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):20784
            Entropy (8bit):6.490617479987086
            Encrypted:false
            SSDEEP:
            MD5:779B08F1A8FB34664B63C6454323BE43
            SHA1:8AC3212E1EA062BE2A66F054599877E5F06AA85A
            SHA-256:B1B60C0E65DFA1FABE469E4C1C8926B9E5849D8246D09CA4C252F5E6C3CD14B1
            SHA-512:4F7E8613A4ADEF6913198A2B4F4153C690CF552749C8693FA3376B8D7B977DBA40C612A3FBD930EAF7E8DF6469AC167B44537E050FF91F565F0B464C6DE262B6
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...-g............" ..0.............V=... ...@....... ..............................$.....@..................................=..O....@...............(..0)...`.......<............................................... ............... ..H............text...\.... ...................... ..`.rsrc........@....... ..............@..@.reloc.......`.......&..............@..B................8=......H.......P ..............@%..(...h<......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID.......0...#Blob......................3..................................................k.....k.....X...........@.....@...D.@...a.@.....@...-.@.................R.....R.....R...).R...1.R...9.R...A.R...I.R...Q.R......./.....8.....W...#.`...+.{...3.....;.....C.....K.......................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans\UIAutomationProvider.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):15648
            Entropy (8bit):6.715632613755419
            Encrypted:false
            SSDEEP:
            MD5:160044D1EB22D2CF2A86A5829EE7FA05
            SHA1:238B28F0A28A7522A2AC863C876A898548321DF2
            SHA-256:FF8BC34AABCF8BCF592125F4FD0B53E0847236FEDD6617CFEAF710F0B9C555CA
            SHA-512:9CE7D167AFE4CD3AF6DD3D4967C56F5DC3BE2638CF2EF9474CA56966F59371AA571638BBC3DC35D254E0F838729435DEF829DB782CEAF954A5113536471B7C46
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0............."(... ...@....... ....................................@..................................'..O....@.................. )...`.......'............................................... ............... ..H............text...(.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P ..T............%......4'......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................`.....`.....M...........5.....5...D.5...a.5.....5...-.5.................G.....G.....G...).G...1.G...9.G...A.G...I.G...Q.G.......................#.....+.....3.@...;.T...C.....K.......................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans\UIAutomationTypes.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):18736
            Entropy (8bit):6.484384345017832
            Encrypted:false
            SSDEEP:
            MD5:8CAA0B278D33ADBED5BB1CE471196283
            SHA1:DC1692AC1704923CD2F1B903BB1E6945E3D6871D
            SHA-256:7B81011782B4CF22CF17361A44BCF1384E04232F6CF29238A387C0591A4CF0BB
            SHA-512:D2F62B145B502DD2C8B04DAC6015722F9AB473B2CBA081B86DD05E1C26C26575B7A6FBC6CD18B85FC42ACEE5629B643782BD694E3E6AD09889FD437D64F25220
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....s............" ..0..............3... ...@....... ....................................@..................................3..O....@..|............ ..0)...`.......3............................................... ............... ..H............text........ ...................... ..`.rsrc...|....@......................@..@.reloc.......`......................@..B.................3......H.......P ..H............%..x....3......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................].....].....J...........2.....2...D.2...a.2.....2...-.2.................D.....D.....D...).D...1.D...9.D...A.D...I.D...Q.D.......................#.....+.....3.@...;.T...C.....K.....................}.................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans\WindowsBase.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):79160
            Entropy (8bit):6.161818524820003
            Encrypted:false
            SSDEEP:
            MD5:3D187CA28155C10DB0637BC35674B02A
            SHA1:5E39E3473A60D0EC3C3B5B55D1280A8A1BA12BFE
            SHA-256:42D708B546835A6A394E1C20B52A347D3A04D7A8E2889D267B56486D46777818
            SHA-512:AA5D11F27F5386CCB83FC7CC7C5F02BE76FA6221FF5C16E28690DCDD66F8B238070A318DC5480E7B0E79B1DE7AB5049346F15FD8A5F3FF8305BC556222B98467
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...).i..........." ..0..............!... ...@....... ....................................@.................................d!..O....@..L...............8)...`......H!............................................... ............... ..H............text........ ...................... ..`.rsrc...L....@......................@..@.reloc.......`......................@..B.................!......H.......P ..0............%..H.... ......................................BSJB............v4.0.30319......l...0...#~..........#Strings....p.......#US.t.......#GUID...........#Blob......................3..................................................W.....W.....D...........,.....,...D.,...a.,.....,...-.,.................>.....>.....>...).>...1.>...9.>...A.>...I.>...Q.>.......................#.....+.....3.@...;.T...C.....K.....................w.................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hans\WindowsFormsIntegration.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):16136
            Entropy (8bit):6.76715181102615
            Encrypted:false
            SSDEEP:
            MD5:206D6BBB3AE15D8C02C11E6B6E6D1F57
            SHA1:473CC313646405E9CC29A7764B4370275E3144AF
            SHA-256:B47371BAC8C12A88DC8DCF1CE32B6E1FC016AE8F1A48035879150A509E56C8E0
            SHA-512:C7BF875FDC1D1CE64F55D10C05360F573B5BF91F75AEB4C3DC76CC7D6637B75D74D1E20C2963AFBCA3921A7BA9B619C2252104F805222FD4D13AEACE67B1663C
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...nzz..........." ..0..............*... ...@....... ....................................@.................................d*..O....@...................)...`......H*............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P ..`............%.......)......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................c.....c.....P...........8.....8...D.8...a.8.....8...-.8.................J.....J.....J...).J...1.J...9.J...A.J...I.J...Q.J.......................#.....+.....3.@...;.T...C.....K.......................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant\Microsoft.VisualBasic.Forms.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):25392
            Entropy (8bit):6.4719323670053885
            Encrypted:false
            SSDEEP:
            MD5:452F01DFAAD2F03D194285E8AE01C8A4
            SHA1:1530EF9E67E0E41C64269F83F32FB2388FC6DA6B
            SHA-256:52D2BEFC538D009EE8C615704602676AB30CD10CBA69E4B86D33C07D908191B0
            SHA-512:8FFE4BCAA7560AC33871C50FDF3D256AFD949C1D0AB947D16FCE160C78254A0EECC74447183084ED367CF29F3ED241D5B19ADD6BBD536F5D08898744B751AF2A
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...b-t..........." ..0..0...........N... ...`....... ....................................@.................................lN..O....`...............:..0)..........PN............................................... ............... ..H............text........ ...0.................. ..`.rsrc........`.......2..............@..@.reloc...............8..............@..B.................N......H.......P ..(...........x&..X'...M......................................BSJB............v4.0.30319......l...\...#~..........#Strings....T.......#US.X.......#GUID...h.......#Blob......................3....................................../.......................q...u.......Y.....Y.....Y...D.Y...a.Y.....Y...-.Y.................k.....k.....k...).k...1.k...9.k...A.k...I.k...Q.k...Y.k.......................#.....+.....3.@...;.a...C.u...K.....S.@...................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant\PresentationCore.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):101680
            Entropy (8bit):6.070089322754285
            Encrypted:false
            SSDEEP:
            MD5:534ED9A5A4668804E0A54FD5FDF74796
            SHA1:1837F7663F108E4A899DD2F999D32C3B493697C6
            SHA-256:E31C1284A4C579CC6A5197E523CDCB9313BBE8BAC7748E7E29E99E4BC693C4CE
            SHA-512:3EDEF3DC412A5DF2A96B47D7C0DA653847CBD18C697823184A7B592122F9C8326E13CCCED277214C4D4E77E0CBE0B00ECF2D151FE850F4984CB85657D55F5982
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....>..........." ..0..Z...........x... ........... ....................................@..................................x..O.......|............d..0)..........|x............................................... ............... ..H............text....X... ...Z.................. ..`.rsrc...|............\..............@..@.reloc...............b..............@..B.................x......H.......P ..D............%..hR...w......................................BSJB............v4.0.30319......l...0...#~..........#Strings....|.......#US.........#GUID...........#Blob......................3..................................................\.....\.....I...........1.....1...D.1...a.1.....1...-.1.................C.....C.....C...).C...1.C...9.C...A.C...I.C...Q.C.......................#.....+.....3.@...;.T...C.....K.....................|.................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant\PresentationFramework.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):184112
            Entropy (8bit):6.028596850810894
            Encrypted:false
            SSDEEP:
            MD5:BE1D1D15EFC29CDCCE44EB70E0DD9D96
            SHA1:8866788CC67FA37B91BB7B09A2237E63FD7500A0
            SHA-256:00A4A0A92721FA6748D6892082CC709FE611FD66E2C7F6923726898C4548DF2B
            SHA-512:39E6CC8C32F173B98B974619F90193AF9962C6DE909C25D21A5BD0105C5B632326320DC75745AAD91F596235D38F3A0AC7DA43D160C5C3F851C78DF069FDDF35
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...]#............" ..0................. ........... ....................................@.....................................O.......................0)........................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......P ..X............%..X...........................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................a.....a.....N...........6.....6...D.6...a.6.....6...-.6.................H.....H.....H...).H...1.H...9.H...A.H...I.H...Q.H.......................#.....+.....3.@...;.T...C.....K.......................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant\PresentationUI.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):43304
            Entropy (8bit):6.1560158038632995
            Encrypted:false
            SSDEEP:
            MD5:9F1D4B4CA53D6A3C0A5508789D03D40D
            SHA1:6BE51E84B05034008F4F377D70C3987DB297FA96
            SHA-256:0CF57E9DFBFBA02B03F3227A45852294FA1724A4EB5DD0C2AD00F84CF63E355E
            SHA-512:B15A42529D994F6DF5BAB1782F624A9F9826D61615C1EFD4DE24DF674BFBE8748335FBECBA286390000DECD7623B699BA50473FC0F9C2C100505EE2C1EACB2A1
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....9,..........." ..0..v..........R.... ........... ..............................gl....@.....................................O.......l...............().......................................................... ............... ..H............text...Xu... ...v.................. ..`.rsrc...l............x..............@..@.reloc...............~..............@..B................4.......H.......P ..<............%...n..d.......................................BSJB............v4.0.30319......l...0...#~..........#Strings....x.......#US.|.......#GUID...........#Blob......................3..................................................Z.....Z.....G.........../...../...D./...a./...../...-./.................A.....A.....A...).A...1.A...9.A...A.A...I.A...Q.A.......................#.....+.....3.@...;.T...C.....K.....................z.................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant\ReachFramework.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):37688
            Entropy (8bit):6.175436920892876
            Encrypted:false
            SSDEEP:
            MD5:ECE84BB1E3A6E7D4D047876D658CE372
            SHA1:48ED047F2AE8B76CAC7E2A031A4F0CE24C7A2767
            SHA-256:EE3B47F1268386081BEDCB06E3F6EAAA8E9B6093C4CE11C41EA5BD84A7E430B1
            SHA-512:BCC1FAB7CC787F23E6828C1438716450E2C1ED486A86CD9BA8B6ADC4B881201377CACAAA6A6ABC20B53685CDD5D4E3335771592523568E4E18EF9473117058E8
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..... ..........." ..0..`...........~... ........... ..............................z7....@.................................<~..O.......l............j..8).......... ~............................................... ............... ..H............text....^... ...`.................. ..`.rsrc...l............b..............@..@.reloc...............h..............@..B................p~......H.......P ..h............%...W...}......................................BSJB............v4.0.30319......l...<...#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................Z.....Z.....G.........../...../...D./...a./...../...-./.................A.....A.....A...).A...1.A...9.A...A.A...I.A...Q.A.......................#.....+.....3.@...;.T...C.....K.....................z.................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant\System.Windows.Controls.Ribbon.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):18744
            Entropy (8bit):6.607819616828451
            Encrypted:false
            SSDEEP:
            MD5:5829C4C236698F7D8323FCB636402EE6
            SHA1:E774616E441C5F7BEF4B45D957C8A858BC2334DA
            SHA-256:A4868BAF8195F197A7F7E9353456D69C7709E7A59D1FAE95576ACB648361601A
            SHA-512:0BA9B1CFA11EDFB67C34E2D3211FBD8C810A2D8974994796BDCD4E324ADB98E39706F1E8208007E0D741CCAA1C4DCD4E6A03E0445A6AF53115EEF8E9B6FF1D2C
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....%z..........." ..0..............4... ...@....... ....................................@..................................3..O....@............... ..8)...`.......3............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................3......H.......P ..............<%......$3......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID.......0...#Blob......................3..................................................j.....j.....W...........?.....?...D.?...a.?.....?...-.?.................Q.....Q.....Q...).Q...1.Q...9.Q...A.Q...I.Q...Q.Q......./.....8.....W...#.`...+.{...3.....;.....C.....K.......................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant\System.Windows.Forms.Design.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):145208
            Entropy (8bit):5.781950558638988
            Encrypted:false
            SSDEEP:
            MD5:D0C6E5FCBA994435A15DBE59919AAFF2
            SHA1:35F1C9F8EF1AC6BF234CF64903CB0E5B4E7D7768
            SHA-256:F3CAA30EC46D559E3A201974A8C20BDE12BB91EF3E9E2B2E9C5888D3490F59B5
            SHA-512:23B69027F3C54D8A020A572D754742D26470EEE9327437ABF509BA4F530338DA8FF5DED90B97C51D493DEC2E6FE25D59A94A2353FF1D0871A67879C8E8B10E44
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...NO............" ..0..............#... ...@....... .............................../....@..................................#..O....@..................8)...`.......#............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................#......H.......P ..P............'..`....#......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID... ...0...#Blob......................3....................................../.......................q...........Y.....Y.....Y...D.Y...a.Y.....Y...-.Y.................k.....k.....k...).k...1.k...9.k...A.k...I.k...Q.k...Y.k......./.....8.....W...#.`...+.{...3.....;.....C.....K.....S.....................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant\System.Windows.Forms.Primitives.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):16168
            Entropy (8bit):6.760556007253415
            Encrypted:false
            SSDEEP:
            MD5:CFE790A65D23A1126236B64591B15390
            SHA1:12B826AE6B8DFD22B86824C1222F126A1CA7A63A
            SHA-256:604322CDBD4B9DA03DA43996C34591AC98948682551D2CCDBEEAC6EEBCAFA52F
            SHA-512:314ABDFECE8041450124C5994301F7F926CB5D12D39D3DBBDC5A9C322FA7A182900E69233F06C9E8CB0D94E065FD1108D142EB151C038021E154972A78C43FAC
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...b0............" ..0..............+... ...@....... ....................................@..................................*..O....@..................()...`.......*............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P .. ...........p%......(*......................................BSJB............v4.0.30319......l...D...#~......(...#Strings............#US.........#GUID.......4...#Blob......................3....................................../.......................u...........].....].....]...D.]...a.].....]...-.].................o.....o.....o...).o...1.o...9.o...A.o...I.o...Q.o...Y.o......./.....8.....W...#.`...+.{...3.....;.....C.....K.....S....................... .............

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant\System.Windows.Forms.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):325416
            Entropy (8bit):5.955745664549379
            Encrypted:false
            SSDEEP:
            MD5:BD4AD1882FA390758C5A9BE119F844F0
            SHA1:3386BC8112A5AA9C2AC8A5773C97779D586EE253
            SHA-256:23431C9784061E3B1830F275E6401D20FB5AA8021913348E798C90433E847E36
            SHA-512:F0A18FFC7F30D1502610E5B578D768FD573CCBD00CCB2308F338531E5F682604DB5E2F9C123C61916FC355C10E2598BE35200CC332DB293CD571CDD4BFA80060
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....D..........." ..0.................. ........... .......................@............@.................................h...O.......................()... ......L................................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H.......P ..d............%..............................................BSJB............v4.0.30319......l...\...#~......`...#Strings....(.......#US.,.......#GUID...<...(...#Blob......................3....................................../...........}.....}.....j...I.......R.....R.....R...D.R...a.R.....R...-.R.................d.....d.....d...).d...1.d...9.d...A.d...I.d...Q.d...Y.d......./.....8.....W...#.`...+.{...3.....;.....C.....K.....S.......................X.............

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant\System.Windows.Input.Manipulations.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):16648
            Entropy (8bit):6.71487097251255
            Encrypted:false
            SSDEEP:
            MD5:5E244EF14F598A003C6F4FFB1A8EDA88
            SHA1:FF16053554B225264ADD68437AB0354F1D95C4E6
            SHA-256:673709F3BF51CA359AA2D7C5A8D97A70EA3388B7458D36334BBD7FC9A3C134D8
            SHA-512:09B43A293E93F25D1DE4AD13C57BFB63359936E929628AEBAC9558540125983627740103CC5208425FAB160DB3414E9165041504DEC882921844145C2E205006
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....'..........." ..0.............Z,... ...@....... ...............................2....@..................................,..O....@...................)...`.......+............................................... ............... ..H............text...`.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................<,......H.......P ..............L%.. ...l+......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID.......4...#Blob......................3..................................................n.....n.....[...........C.....C...D.C...a.C.....C...-.C.................U.....U.....U...).U...1.U...9.U...A.U...I.U...Q.U......./.....8.....W...#.`...+.{...3.....;.....C.....K.......................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant\System.Xaml.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):60720
            Entropy (8bit):6.420222849404551
            Encrypted:false
            SSDEEP:
            MD5:CBF0F8AAAEE0C24F9FA6A0A0D2A71C06
            SHA1:E0CF1FF31D39CABA4507C2C06CA4504A61C4BDFB
            SHA-256:1464ED352FC8BED9E0A55A165C8D2C5056B3F9968D41E5FB7AD3B0120F4FC2D4
            SHA-512:61BD85AC4E13F63CF9D60E443045C0C4CC07893301775F9285B1810CC506835650392BFBCAD69297F886184E057776A32B6715A83E5F6B705B8A7D33051136BD
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....4>..........." ..0.................. ........... ....................... .......n....@.................................L...O.......L...............0)..........0................................................ ............... ..H............text........ ...................... ..`.rsrc...L...........................@..@.reloc..............................@..B........................H.......P ...............$..............................................BSJB............v4.0.30319......l...0...#~..........#Strings....p.......#US.t.......#GUID...........#Blob......................3..................................................W.....W.....D...........,.....,...D.,...a.,.....,...-.,.................>.....>.....>...).>...1.>...9.>...A.>...I.>...Q.>......./.....8.....W...#.`...+.{...3.....;.....C.....K.....................w.................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant\UIAutomationClient.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):19760
            Entropy (8bit):6.654845100955123
            Encrypted:false
            SSDEEP:
            MD5:D09EBB2EAAD5F72626D0015F20AA5715
            SHA1:F7A75931B8BCF26DB8BAF3C2F20CE5EF75C8FE01
            SHA-256:4058ECDFFC6C24DE345D16022DD9093C11DB404751351137900C9ACA220CBDEC
            SHA-512:4D52F3DFB9522A5018C41704D7D4CA64C7C65BD1A08E0B0383C2A6CC1FB1B96EF4D89035B1DC52B9C797D4E20480DF4353D181405546F06E11421237EBE2FA4A
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...^............." ..0..............8... ...@....... ..............................B.....@.................................08..O....@...............$..0)...`.......8............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......."..............@..B................d8......H.......P ..L............%.......7......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................^.....^.....K...........3.....3...D.3...a.3.....3...-.3.................E.....E.....E...).E...1.E...9.E...A.E...I.E...Q.E.......................#.....+.....3.@...;.T...C.....K.....................................................~.

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant\UIAutomationClientSideProviders.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):20776
            Entropy (8bit):6.519890421795635
            Encrypted:false
            SSDEEP:
            MD5:5418F59E0A61432E3DCCAE0AB05F5F11
            SHA1:DA5068E22689505E1196F677D384F71C71E3F843
            SHA-256:B2A1598CA5692B40B70786DD78F8E08AC6C88758D3FC0A60E060C10813612EEA
            SHA-512:F6C1DFD9982AF2004D33B4DBE68C125C92D390ECCCD24E3059E9F2C71242D5C15129369715DA68C38A1B08E917B72BD9D50366B36B3AD1780323EBA0B5E7F071
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Nh............" ..0..............=... ...@....... ...............................O....@.................................l=..O....@...............(..()...`......P=............................................... ............... ..H............text........ ...................... ..`.rsrc........@....... ..............@..@.reloc.......`.......&..............@..B.................=......H.......P ..............@%.......<......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID.......0...#Blob......................3..................................................k.....k.....X...........@.....@...D.@...a.@.....@...-.@.................R.....R.....R...).R...1.R...9.R...A.R...I.R...Q.R......./.....8.....W...#.`...+.{...3.....;.....C.....K.......................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant\UIAutomationProvider.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):15632
            Entropy (8bit):6.714659279464153
            Encrypted:false
            SSDEEP:
            MD5:7892E7076249A1432A4C5378AA0F9BEF
            SHA1:1AD4CF06BD012A5BB9D388408AA1AA0004574466
            SHA-256:A3D1DF97BEC13E7FBF76BD4E998062BEEC05F3D2240566DDAFB2BDA5E7DDA7AC
            SHA-512:E9E885E4A5F964C1F8152A5D8EF528D3AD5C691D82FA9F2E9924DE632F42094ABF3FA11AF3DF64A23269A733D35D66FE527372805F380E1C65EC62C329D11BCD
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0............."(... ...@....... ...............................l....@..................................'..O....@...................)...`.......'............................................... ............... ..H............text...(.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P ..T............%......4'......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................`.....`.....M...........5.....5...D.5...a.5.....5...-.5.................G.....G.....G...).G...1.G...9.G...A.G...I.G...Q.G.......................#.....+.....3.@...;.T...C.....K.......................................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant\UIAutomationTypes.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):18712
            Entropy (8bit):6.511000390492484
            Encrypted:false
            SSDEEP:
            MD5:33B0DD95F456FEB59123415193F0D642
            SHA1:EF314E64B65EFF7FCB0637C8230AE8346A7A75BD
            SHA-256:27CDED3153F70963588815C30D153557BB6E362E6331FE2925D592D782F48A1C
            SHA-512:2A7B973A1602D239CBC444020BC92225796841CBEF53368C97AF032B99B961B78CDBCE4D6928BB34F1F2597C5189BE83DF50FB5740A6AAC68AF2F038A7B42347
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...S............" ..0.............>4... ...@....... ...............................r....@..................................3..O....@..|............ ...)...`.......3............................................... ............... ..H............text...D.... ...................... ..`.rsrc...|....@......................@..@.reloc.......`......................@..B................ 4......H.......P ..H............%......P3......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................].....].....J...........2.....2...D.2...a.2.....2...-.2.................D.....D.....D...).D...1.D...9.D...A.D...I.D...Q.D.......................#.....+.....3.@...;.T...C.....K.....................}.................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant\WindowsBase.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):80688
            Entropy (8bit):6.161273158935894
            Encrypted:false
            SSDEEP:
            MD5:BF271F33FF6F35BAF0C4EBFCDD5504DD
            SHA1:97009F7D0A06B24C5C014CD725D87BFE60EF69BB
            SHA-256:EF9C94EC09A7FB945F3F79774C3E8F44A08DEC0C3FE706C964E9F7DF617245F6
            SHA-512:5AEF6D0504C954611D32D6E066B15B07DCF40F0843416F00652B9DBFD2931DAD10F9B41D056C3B585D59269749CA83A0532BC2C0CB9AE6D84001BCBDADFE76DC
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P............." ..0.............>&... ...@....... ...............................c....@..................................%..O....@..L...............0)...`.......%............................................... ............... ..H............text...D.... ...................... ..`.rsrc...L....@......................@..@.reloc.......`......................@..B................ &......H.......P ..0............%......P%......................................BSJB............v4.0.30319......l...0...#~..........#Strings....p.......#US.t.......#GUID...........#Blob......................3..................................................W.....W.....D...........,.....,...D.,...a.,.....,...-.,.................>.....>.....>...).>...1.>...9.>...A.>...I.>...Q.>.......................#.....+.....3.@...;.T...C.....K.....................w.................................

            C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\zh-Hant\WindowsFormsIntegration.resources.dll

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):16184
            Entropy (8bit):6.754600268039491
            Encrypted:false
            SSDEEP:
            MD5:2A703A1418BBB91A31FED82C1E7A42BD
            SHA1:37709C363844A3331B5E769C381FA165A301026F
            SHA-256:3C0F75EECF5C4643F42B9AB2E8EC0F05E291E6471341914DC8DAFD54D43C6396
            SHA-512:34A2DE30462DA5229CB9B0B880665C51964F6F20A5A1DD15F7E722E36A2CF9CA08BDD4BEA4A4434F36CB551FC8D014BB5087DF440B519E39411259223720B218
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..............*... ...@....... ..............................V.....@.................................\*..O....@..................8)...`......@*............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P ..`............%.......)......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................c.....c.....P...........8.....8...D.8...a.8.....8...-.8.................J.....J.....J...).J...1.J...9.J...A.J...I.J...Q.J.......................#.....+.....3.@...;.T...C.....K.......................................................

            C:\Program Files\dotnet\swidtag\Microsoft Windows Desktop Runtime - 8.0.11 (x64).swidtag

            Download File
            Process:C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.be\windowsdesktop-runtime-8.0.11-win-x64.exe
            File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text
            Category:dropped
            Size (bytes):490
            Entropy (8bit):5.402469886568641
            Encrypted:false
            SSDEEP:
            MD5:8223B507DA5F5E5D7164FD46CDFB1B60
            SHA1:CB33FD6404609CE964EA857643BD983CA1AD3C55
            SHA-256:702F1FC5FEF52A67ABE7159CD56D6AEF320861E91F565D936742F62BDD26CF7A
            SHA-512:422B19D43E341D468DB788415EF6A1E7BCCA53F42A73F95A394283BE268FED89D04B30AF4DDF07D8559CC4F8836D694D9CFB375406C53AD611DD967663C3C38E
            Malicious:false
            Reputation:unknown
            Preview:.<?xml version="1.0" encoding="utf-8"?>.<SoftwareIdentity tagId="wix:bundle/BD40E761-3E88-4202-9B53-26C6BED3D467" name="Microsoft Windows Desktop Runtime - 8.0.11 (x64)" version="8.0.11.34221" versionScheme="multipartnumeric" xmlns="http://standards.iso.org/iso/19770/-2/2015/schema.xsd">. <Entity name="Microsoft Corporation" regid="microsoft.com" role="softwareCreator tagCreator" />. <Meta persistentId="wix:bundle.upgrade/7F5F299F-5EB1-6FC0-6D86-FB7931E33C68" />.</SoftwareIdentity>

            C:\ProgramData\Package Cache\.unverified\dotnet_host_8.0.11_win_x64.msi (copy)

            Download File
            Process:C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.be\windowsdesktop-runtime-8.0.11-win-x64.exe
            File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Microsoft .NET Host - 8.0.11 (x64), Author: Microsoft Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Microsoft .NET Host - 8.0.11 (x64)., Template: x64;1033, Revision Number: {821DC2A6-AEB1-4796-80C6-7F7EC027B94F}, Create Time/Date: Thu Oct 17 23:43:58 2024, Last Saved Time/Date: Thu Oct 17 23:43:58 2024, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.14.1.9323), Security: 2
            Category:dropped
            Size (bytes):0
            Entropy (8bit):0.0
            Encrypted:false
            SSDEEP:
            MD5:AEF2D4D02B45FA95D8ABCAC57E60D21B
            SHA1:11C91E25DCF7F1357AB0FB0A6307A71B45DAB754
            SHA-256:EBE13E660C208681E2F1C10FA59D8B37540F2E6187751703FA5BBB5F4B300EB1
            SHA-512:C78E41D5B2C845C106B088881CF72DDDF64BE09F72D7AC6078E944E7C9F6AFB428E0BAD7FEC45BB539AD04694467FC302E0A915522123FE02F80BFE1762C2EF1
            Malicious:false
            Reputation:unknown
            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\ProgramData\Package Cache\.unverified\dotnet_hostfxr_8.0.11_win_x64.msi (copy)

            Download File
            Process:C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.be\windowsdesktop-runtime-8.0.11-win-x64.exe
            File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Microsoft .NET Host FX Resolver - 8.0.11 (x64), Author: Microsoft Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Microsoft .NET Host FX Resolver - 8.0.11 (x64)., Template: x64;1033, Revision Number: {EBC96263-55B4-4BCE-B9C8-B460A20F0BE4}, Create Time/Date: Thu Oct 17 23:36:28 2024, Last Saved Time/Date: Thu Oct 17 23:36:28 2024, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.14.1.9323), Security: 2
            Category:dropped
            Size (bytes):0
            Entropy (8bit):0.0
            Encrypted:false
            SSDEEP:
            MD5:D73DE5788AB129F16AFDD990D8E6BFA9
            SHA1:88CB87AF50EA4999E2079D9269CE64C8EB1A584E
            SHA-256:4F9AC5A094E9B1B4F0285E6E69C2E914E42DCC184DFE6FE93894F8E03CA6C193
            SHA-512:BFC32F9A20E30045F5207446C6AB6E8EF49A3FD7A5A41491C2242E10FEE8EFD2F82F81C3FF3BF7681E5E660FDE065A315A89D87E9F488C863421FE1D6381BA3B
            Malicious:false
            Reputation:unknown
            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\ProgramData\Package Cache\.unverified\windowsdesktop_runtime_8.0.11_win_x64.msi (copy)

            Download File
            Process:C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.be\windowsdesktop-runtime-8.0.11-win-x64.exe
            File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Microsoft Windows Desktop Runtime - 8.0.11 (x64), Author: Microsoft Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Microsoft Windows Desktop Runtime - 8.0.11 (x64)., Template: x64;1033, Revision Number: {51C0D04F-9A7A-4CAC-B790-6E8C4887FA33}, Create Time/Date: Tue Oct 22 02:30:28 2024, Last Saved Time/Date: Tue Oct 22 02:30:28 2024, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.14.1.9323), Security: 2
            Category:dropped
            Size (bytes):0
            Entropy (8bit):0.0
            Encrypted:false
            SSDEEP:
            MD5:230FED97D6F8EAB7800E2316FEF53C00
            SHA1:7A97F51462584F6A8CC9EB08DA654DEA4D2B7FBA
            SHA-256:C9AAA2AB9905ABBBECFF1AD3C3ECBAE1F4D7FE8A063F3BFD2FCFE5176FCB169D
            SHA-512:E0AF63D92AECC632B1273E63B5327D2CA9EA3D7A086807205043E4BC76050A22DE786E419C1D95A8A8521F39AF8C4DC6CF9563DD88E3174E5E87A2D30A6F2352
            Malicious:false
            Reputation:unknown
            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\ProgramData\Package Cache\{362B4D0D-8438-44DA-86B2-FEC44E000FCA}v64.44.23191\dotnet-host-8.0.11-win-x64.msi (copy)

            Download File
            Process:C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.be\windowsdesktop-runtime-8.0.11-win-x64.exe
            File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Microsoft .NET Host - 8.0.11 (x64), Author: Microsoft Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Microsoft .NET Host - 8.0.11 (x64)., Template: x64;1033, Revision Number: {821DC2A6-AEB1-4796-80C6-7F7EC027B94F}, Create Time/Date: Thu Oct 17 23:43:58 2024, Last Saved Time/Date: Thu Oct 17 23:43:58 2024, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.14.1.9323), Security: 2
            Category:dropped
            Size (bytes):0
            Entropy (8bit):0.0
            Encrypted:false
            SSDEEP:
            MD5:AEF2D4D02B45FA95D8ABCAC57E60D21B
            SHA1:11C91E25DCF7F1357AB0FB0A6307A71B45DAB754
            SHA-256:EBE13E660C208681E2F1C10FA59D8B37540F2E6187751703FA5BBB5F4B300EB1
            SHA-512:C78E41D5B2C845C106B088881CF72DDDF64BE09F72D7AC6078E944E7C9F6AFB428E0BAD7FEC45BB539AD04694467FC302E0A915522123FE02F80BFE1762C2EF1
            Malicious:false
            Reputation:unknown
            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\ProgramData\Package Cache\{C0790AA0-0F40-4836-85B2-677B87625E63}v64.44.23253\windowsdesktop-runtime-8.0.11-win-x64.msi (copy)

            Download File
            Process:C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.be\windowsdesktop-runtime-8.0.11-win-x64.exe
            File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Microsoft Windows Desktop Runtime - 8.0.11 (x64), Author: Microsoft Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Microsoft Windows Desktop Runtime - 8.0.11 (x64)., Template: x64;1033, Revision Number: {51C0D04F-9A7A-4CAC-B790-6E8C4887FA33}, Create Time/Date: Tue Oct 22 02:30:28 2024, Last Saved Time/Date: Tue Oct 22 02:30:28 2024, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.14.1.9323), Security: 2
            Category:dropped
            Size (bytes):0
            Entropy (8bit):0.0
            Encrypted:false
            SSDEEP:
            MD5:230FED97D6F8EAB7800E2316FEF53C00
            SHA1:7A97F51462584F6A8CC9EB08DA654DEA4D2B7FBA
            SHA-256:C9AAA2AB9905ABBBECFF1AD3C3ECBAE1F4D7FE8A063F3BFD2FCFE5176FCB169D
            SHA-512:E0AF63D92AECC632B1273E63B5327D2CA9EA3D7A086807205043E4BC76050A22DE786E419C1D95A8A8521F39AF8C4DC6CF9563DD88E3174E5E87A2D30A6F2352
            Malicious:false
            Reputation:unknown
            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\ProgramData\Package Cache\{F59C11F0-D73F-452B-8D1D-8C33B82D8507}v64.44.23191\dotnet-hostfxr-8.0.11-win-x64.msi (copy)

            Download File
            Process:C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.be\windowsdesktop-runtime-8.0.11-win-x64.exe
            File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Microsoft .NET Host FX Resolver - 8.0.11 (x64), Author: Microsoft Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Microsoft .NET Host FX Resolver - 8.0.11 (x64)., Template: x64;1033, Revision Number: {EBC96263-55B4-4BCE-B9C8-B460A20F0BE4}, Create Time/Date: Thu Oct 17 23:36:28 2024, Last Saved Time/Date: Thu Oct 17 23:36:28 2024, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.14.1.9323), Security: 2
            Category:dropped
            Size (bytes):0
            Entropy (8bit):0.0
            Encrypted:false
            SSDEEP:
            MD5:D73DE5788AB129F16AFDD990D8E6BFA9
            SHA1:88CB87AF50EA4999E2079D9269CE64C8EB1A584E
            SHA-256:4F9AC5A094E9B1B4F0285E6E69C2E914E42DCC184DFE6FE93894F8E03CA6C193
            SHA-512:BFC32F9A20E30045F5207446C6AB6E8EF49A3FD7A5A41491C2242E10FEE8EFD2F82F81C3FF3BF7681E5E660FDE065A315A89D87E9F488C863421FE1D6381BA3B
            Malicious:false
            Reputation:unknown
            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\ProgramData\Package Cache\{bd40e761-3e88-4202-9b53-26c6bed3d467}\state.rsm

            Download File
            Process:C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.be\windowsdesktop-runtime-8.0.11-win-x64.exe
            File Type:data
            Category:dropped
            Size (bytes):858
            Entropy (8bit):2.273510311932124
            Encrypted:false
            SSDEEP:
            MD5:BD2BCB5600C10E5B263F8087484CE254
            SHA1:880AFEAB23A6D2D6453BDEADB0A6632B309BF983
            SHA-256:08F88998E1685BE5CF9FA3CB00602C1687317B95B1234042254203014E557B38
            SHA-512:830951F49760B15C114494C7394589C79B810E2BCE21319E29249B6D1A499F5C4BFD57457A779E60909245C39DB42EF129C92477EC831E18E5B37E4257C8E9E7
            Malicious:false
            Reputation:unknown
            Preview:V.......................................................................................................................................................................................................................................................................W.i.x.B.u.n.d.l.e.F.o.r.c.e.d.R.e.s.t.a.r.t.P.a.c.k.a.g.e.....................W.i.x.B.u.n.d.l.e.L.a.s.t.U.s.e.d.S.o.u.r.c.e.........................................W.i.x.B.u.n.d.l.e.N.a.m.e.....0...M.i.c.r.o.s.o.f.t. .W.i.n.d.o.w.s. .D.e.s.k.t.o.p. .R.u.n.t.i.m.e. .-. .8...0...1.1. .(.x.6.4.).............W.i.x.B.u.n.d.l.e.O.r.i.g.i.n.a.l.S.o.u.r.c.e..... ...C.:.\.U.s.e.r.s.\.c.a.l.i.\.D.e.s.k.t.o.p.\.m.i.e.r.d.a...e.x.e.............W.i.x.B.u.n.d.l.e.O.r.i.g.i.n.a.l.S.o.u.r.c.e.F.o.l.d.e.r.........C.:.\.U.s.e.r.s.\.c.a.l.i.\.D.e.s.k.t.o.p.\.................................................

            C:\ProgramData\Package Cache\{bd40e761-3e88-4202-9b53-26c6bed3d467}\windowsdesktop-runtime-8.0.11-win-x64.exe

            Download File
            Process:C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.be\windowsdesktop-runtime-8.0.11-win-x64.exe
            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
            Category:dropped
            Size (bytes):622840
            Entropy (8bit):7.159432362429182
            Encrypted:false
            SSDEEP:
            MD5:FBA0B1010E82EE3896E104749F505F54
            SHA1:E7E43E8DA6AF9CD6A6B740B8F70CAEB5FBFDA730
            SHA-256:4AAE588970B5DE7E67C0C46B19D7E671E8186D5FD7082C1F602F57F1CED0E516
            SHA-512:91BD3515BDE8CEE82529636025F70B3CA9447338417B6B4F37074E57D5FB810BE030F92B0A42FEA0D4692979250C01462A41C2477DCF972F1F7554248AF16543
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........[..................L..............................................h......h.Q.....9.....h.....Rich...........PE..L......f.....................|......K.............@..........................`............@.................................D...........<;...........W..h)... ...=...|..T....................|..........@...........................................text.............................. ..`.rdata..|...........................@..@.data...............................@....wixburn8...........................@..@.rsrc...<;.......<..................@..@.reloc...=... ...>..................@..B........................................................................................................................................................................................................................................................

            C:\Users\user\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_8.0.11_(x64)_20241211073554.log

            Download File
            Process:C:\Windows\Temp\{93F26B59-68D6-4D87-89B4-59703B612E2C}\.cr\mierda.exe
            File Type:ASCII text, with very long lines (333), with CRLF line terminators
            Category:modified
            Size (bytes):16138
            Entropy (8bit):5.529341036850777
            Encrypted:false
            SSDEEP:
            MD5:F5CBEA6344F49D722E20FD3366475B30
            SHA1:CA55D875568470A919340FA55A72E9DF82549296
            SHA-256:881A1F768A2636A1E583B7627FB321B7607A10909D1442F4D4F2A509111248C9
            SHA-512:C34EC08253623097832E3283A63D349E11FEA785E26E6520331FE36C39BD75F687246D4A7994F6872ED6F827EDBA3EB1626589E8674031D2CE53052BC2A76343
            Malicious:false
            Reputation:unknown
            Preview:[1944:1940][2024-12-11T07:35:53]i001: Burn v3.14.1.9323, Windows v10.0 (Build 19045: Service Pack 0), path: C:\Windows\Temp\{93F26B59-68D6-4D87-89B4-59703B612E2C}\.cr\mierda.exe..[1944:1940][2024-12-11T07:35:53]i000: Initializing string variable 'BUNDLEMONIKER' to value 'Microsoft Windows Desktop Runtime - 8.0.11 (x64)'..[1944:1940][2024-12-11T07:35:53]i000: Initializing string variable 'PRODUCT_NAME' to value 'Microsoft Windows Desktop Runtime - 8.0.11 (x64)'..[1944:1940][2024-12-11T07:35:53]i000: Initializing string variable 'LINK_PREREQ_PAGE' to value 'https://go.microsoft.com/fwlink/?linkid=846817'..[1944:1940][2024-12-11T07:35:53]i009: Command Line: '-burn.clean.room=C:\Users\user\Desktop\mierda.exe -burn.filehandle.attached=652 -burn.filehandle.self=680'..[1944:1940][2024-12-11T07:35:53]i000: Setting string variable 'WixBundleOriginalSource' to value 'C:\Users\user\Desktop\mierda.exe'..[1944:1940][2024-12-11T07:35:53]i000: Setting string variable 'WixBundleOriginalSourceFolder' t

            C:\Users\user\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_8.0.11_(x64)_20241211073554_000_dotnet_runtime_8.0.11_win_x64.msi.log

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:Unicode text, UTF-16, little-endian text, with very long lines (319), with CRLF line terminators
            Category:dropped
            Size (bytes):482890
            Entropy (8bit):3.847455047772905
            Encrypted:false
            SSDEEP:
            MD5:34F0350B877507724FDF0ADC0B643CC1
            SHA1:2D27C37BBE789EC973EF404377D3EA54E0C3E128
            SHA-256:A1775F301A0E05508E6150E617E1E3BB76883F3DA917AFAF78CAA3A31AE1270A
            SHA-512:41BEB79416911C925E72A8A5993579718A64D0928E967A460E5E82A3301E5C864B949669DCDD832F9EABA34E5206A37CA95BB1E4DDF1D52E2555700AB7441D78
            Malicious:false
            Reputation:unknown
            Preview:..=.=.=. .V.e.r.b.o.s.e. .l.o.g.g.i.n.g. .s.t.a.r.t.e.d.:. .1.1./.1.2./.2.0.2.4. . .0.7.:.3.6.:.0.1. . .B.u.i.l.d. .t.y.p.e.:. .S.H.I.P. .U.N.I.C.O.D.E. .5...0.0...1.0.0.1.1...0.0. . .C.a.l.l.i.n.g. .p.r.o.c.e.s.s.:. .C.:.\.W.i.n.d.o.w.s.\.T.e.m.p.\.{.B.B.1.4.F.8.D.D.-.1.5.8.9.-.4.F.6.8.-.8.1.C.A.-.1.1.4.6.A.B.4.E.D.B.3.2.}.\...b.e.\.w.i.n.d.o.w.s.d.e.s.k.t.o.p.-.r.u.n.t.i.m.e.-.8...0...1.1.-.w.i.n.-.x.6.4...e.x.e. .=.=.=.....M.S.I. .(.c.). .(.6.8.:.A.C.). .[.0.7.:.3.6.:.0.1.:.7.6.1.].:. .R.e.s.e.t.t.i.n.g. .c.a.c.h.e.d. .p.o.l.i.c.y. .v.a.l.u.e.s.....M.S.I. .(.c.). .(.6.8.:.A.C.). .[.0.7.:.3.6.:.0.1.:.7.6.1.].:. .M.a.c.h.i.n.e. .p.o.l.i.c.y. .v.a.l.u.e. .'.D.e.b.u.g.'. .i.s. .0.....M.S.I. .(.c.). .(.6.8.:.A.C.). .[.0.7.:.3.6.:.0.1.:.7.6.1.].:. .*.*.*.*.*.*.*. .R.u.n.E.n.g.i.n.e.:..... . . . . . . . . . . .*.*.*.*.*.*.*. .P.r.o.d.u.c.t.:. .C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.P.a.c.k.a.g.e. .C.a.c.h.e.\.{.9.C.8.0.2.1.3.E.-.9.0.7.9.-.4.5.6.1.-.8.D.5.7.-.1.F.D.D.0.D.6.2.2.5.1.F.}.v.6.4...4.4...

            C:\Users\user\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_8.0.11_(x64)_20241211073554_001_dotnet_hostfxr_8.0.11_win_x64.msi.log

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:Unicode text, UTF-16, little-endian text, with very long lines (401), with CRLF line terminators
            Category:dropped
            Size (bytes):98634
            Entropy (8bit):3.801308722994676
            Encrypted:false
            SSDEEP:
            MD5:D6AD3412E83F25AC2AF4C094AE63BE84
            SHA1:51BC813A4F63B9E235A958CDEB14BCDB3C562807
            SHA-256:6467F56B3BC6ACD22D2AC2B65621FC6ACACB2EC84B95AC68BF6A6FADC4789217
            SHA-512:99E89517F21CBBD73BD98663EEFE00E25B938E362A50DAB27E0F5E92190AA32B1436D60A2F1C7024FC391F8566C8BE42CCB3207F53DC2BA0AA6BB79CE621D8CB
            Malicious:false
            Reputation:unknown
            Preview:..=.=.=. .V.e.r.b.o.s.e. .l.o.g.g.i.n.g. .s.t.a.r.t.e.d.:. .1.1./.1.2./.2.0.2.4. . .0.7.:.3.6.:.0.9. . .B.u.i.l.d. .t.y.p.e.:. .S.H.I.P. .U.N.I.C.O.D.E. .5...0.0...1.0.0.1.1...0.0. . .C.a.l.l.i.n.g. .p.r.o.c.e.s.s.:. .C.:.\.W.i.n.d.o.w.s.\.T.e.m.p.\.{.B.B.1.4.F.8.D.D.-.1.5.8.9.-.4.F.6.8.-.8.1.C.A.-.1.1.4.6.A.B.4.E.D.B.3.2.}.\...b.e.\.w.i.n.d.o.w.s.d.e.s.k.t.o.p.-.r.u.n.t.i.m.e.-.8...0...1.1.-.w.i.n.-.x.6.4...e.x.e. .=.=.=.....M.S.I. .(.c.). .(.6.8.:.8.C.). .[.0.7.:.3.6.:.0.9.:.9.7.5.].:. .R.e.s.e.t.t.i.n.g. .c.a.c.h.e.d. .p.o.l.i.c.y. .v.a.l.u.e.s.....M.S.I. .(.c.). .(.6.8.:.8.C.). .[.0.7.:.3.6.:.0.9.:.9.7.5.].:. .M.a.c.h.i.n.e. .p.o.l.i.c.y. .v.a.l.u.e. .'.D.e.b.u.g.'. .i.s. .0.....M.S.I. .(.c.). .(.6.8.:.8.C.). .[.0.7.:.3.6.:.0.9.:.9.7.5.].:. .*.*.*.*.*.*.*. .R.u.n.E.n.g.i.n.e.:..... . . . . . . . . . . .*.*.*.*.*.*.*. .P.r.o.d.u.c.t.:. .C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.P.a.c.k.a.g.e. .C.a.c.h.e.\.{.F.5.9.C.1.1.F.0.-.D.7.3.F.-.4.5.2.B.-.8.D.1.D.-.8.C.3.3.B.8.2.D.8.5.0.7.}.v.6.4...4.4...

            C:\Users\user\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_8.0.11_(x64)_20241211073554_002_dotnet_host_8.0.11_win_x64.msi.log

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:Unicode text, UTF-16, little-endian text, with very long lines (386), with CRLF line terminators
            Category:dropped
            Size (bytes):108924
            Entropy (8bit):3.7884370291923712
            Encrypted:false
            SSDEEP:
            MD5:8D07A5F8BF65A7F0815A0BE7BDF9EE28
            SHA1:DB095377171C06C3B51284B0C055720D86AC768D
            SHA-256:4791E48ED2632AED1C6B607FA86589731B7B9385126963A0A97BE1A15318996B
            SHA-512:49402E9D0B9E5F25FAA362A802C4B4292AB636B1753BAB06ADD7EBDC52CF382557902E60ABB7B0C4AA36266C2640C169095B077962A20F2B5AD79F83BC6645F0
            Malicious:false
            Reputation:unknown
            Preview:..=.=.=. .V.e.r.b.o.s.e. .l.o.g.g.i.n.g. .s.t.a.r.t.e.d.:. .1.1./.1.2./.2.0.2.4. . .0.7.:.3.6.:.1.1. . .B.u.i.l.d. .t.y.p.e.:. .S.H.I.P. .U.N.I.C.O.D.E. .5...0.0...1.0.0.1.1...0.0. . .C.a.l.l.i.n.g. .p.r.o.c.e.s.s.:. .C.:.\.W.i.n.d.o.w.s.\.T.e.m.p.\.{.B.B.1.4.F.8.D.D.-.1.5.8.9.-.4.F.6.8.-.8.1.C.A.-.1.1.4.6.A.B.4.E.D.B.3.2.}.\...b.e.\.w.i.n.d.o.w.s.d.e.s.k.t.o.p.-.r.u.n.t.i.m.e.-.8...0...1.1.-.w.i.n.-.x.6.4...e.x.e. .=.=.=.....M.S.I. .(.c.). .(.6.8.:.C.8.). .[.0.7.:.3.6.:.1.1.:.0.2.9.].:. .R.e.s.e.t.t.i.n.g. .c.a.c.h.e.d. .p.o.l.i.c.y. .v.a.l.u.e.s.....M.S.I. .(.c.). .(.6.8.:.C.8.). .[.0.7.:.3.6.:.1.1.:.0.2.9.].:. .M.a.c.h.i.n.e. .p.o.l.i.c.y. .v.a.l.u.e. .'.D.e.b.u.g.'. .i.s. .0.....M.S.I. .(.c.). .(.6.8.:.C.8.). .[.0.7.:.3.6.:.1.1.:.0.2.9.].:. .*.*.*.*.*.*.*. .R.u.n.E.n.g.i.n.e.:..... . . . . . . . . . . .*.*.*.*.*.*.*. .P.r.o.d.u.c.t.:. .C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.P.a.c.k.a.g.e. .C.a.c.h.e.\.{.3.6.2.B.4.D.0.D.-.8.4.3.8.-.4.4.D.A.-.8.6.B.2.-.F.E.C.4.4.E.0.0.0.F.C.A.}.v.6.4...4.4...

            C:\Users\user\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_8.0.11_(x64)_20241211073554_003_windowsdesktop_runtime_8.0.11_win_x64.msi.log

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:Unicode text, UTF-16, little-endian text, with very long lines (319), with CRLF line terminators
            Category:dropped
            Size (bytes):871860
            Entropy (8bit):3.8314348216232266
            Encrypted:false
            SSDEEP:
            MD5:261344C09CA6B02DABCF69CF9959099E
            SHA1:53E45A3B61335507D639F211CC9C85FD90D03411
            SHA-256:94D52914E86BC02A0022B0E5437C43E5BD98FF3C483158F6F1642052F50E533B
            SHA-512:04B64AF40B9196FB556F498B6AAD73102A4828BDB8E79A5359D7957ABE647B7D93194FABB4A15AA82124D499183DFDF6BE77BA54AE9F8EBD392254E7D573A910
            Malicious:false
            Reputation:unknown
            Preview:..=.=.=. .V.e.r.b.o.s.e. .l.o.g.g.i.n.g. .s.t.a.r.t.e.d.:. .1.1./.1.2./.2.0.2.4. . .0.7.:.3.6.:.1.2. . .B.u.i.l.d. .t.y.p.e.:. .S.H.I.P. .U.N.I.C.O.D.E. .5...0.0...1.0.0.1.1...0.0. . .C.a.l.l.i.n.g. .p.r.o.c.e.s.s.:. .C.:.\.W.i.n.d.o.w.s.\.T.e.m.p.\.{.B.B.1.4.F.8.D.D.-.1.5.8.9.-.4.F.6.8.-.8.1.C.A.-.1.1.4.6.A.B.4.E.D.B.3.2.}.\...b.e.\.w.i.n.d.o.w.s.d.e.s.k.t.o.p.-.r.u.n.t.i.m.e.-.8...0...1.1.-.w.i.n.-.x.6.4...e.x.e. .=.=.=.....M.S.I. .(.c.). .(.6.8.:.3.C.). .[.0.7.:.3.6.:.1.2.:.2.2.5.].:. .R.e.s.e.t.t.i.n.g. .c.a.c.h.e.d. .p.o.l.i.c.y. .v.a.l.u.e.s.....M.S.I. .(.c.). .(.6.8.:.3.C.). .[.0.7.:.3.6.:.1.2.:.2.2.5.].:. .M.a.c.h.i.n.e. .p.o.l.i.c.y. .v.a.l.u.e. .'.D.e.b.u.g.'. .i.s. .0.....M.S.I. .(.c.). .(.6.8.:.3.C.). .[.0.7.:.3.6.:.1.2.:.2.2.5.].:. .*.*.*.*.*.*.*. .R.u.n.E.n.g.i.n.e.:..... . . . . . . . . . . .*.*.*.*.*.*.*. .P.r.o.d.u.c.t.:. .C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.P.a.c.k.a.g.e. .C.a.c.h.e.\.{.C.0.7.9.0.A.A.0.-.0.F.4.0.-.4.8.3.6.-.8.5.B.2.-.6.7.7.B.8.7.6.2.5.E.6.3.}.v.6.4...4.4...

            C:\Windows\Installer\5596c4.msi

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Microsoft .NET Runtime - 8.0.11 (x64), Author: Microsoft Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Microsoft .NET Runtime - 8.0.11 (x64)., Template: x64;1033, Revision Number: {D9788553-CDFF-4792-87FA-89ADA20ADBA7}, Create Time/Date: Thu Oct 17 23:36:38 2024, Last Saved Time/Date: Thu Oct 17 23:36:38 2024, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.14.1.9323), Security: 2
            Category:dropped
            Size (bytes):27566080
            Entropy (8bit):7.994779231183715
            Encrypted:true
            SSDEEP:
            MD5:B9C6D23462ADEF092B8A5B7880531B03
            SHA1:9E8C4F7F48D38FB54A93789A583852869C074F2D
            SHA-256:2E23DA54AA1FF64DE09021AB089C1BE6D4A323BDF0D8F46F78B5C6A33DF83109
            SHA-512:18623991C5690E516541EAF867F22B3A1A02317392178943143BEDC7F7EDA5E02E69665C3C4A5FA50ADE516A191BBBF16FD71E60F3225F660FB10EBC25CD01A5
            Malicious:false
            Reputation:unknown
            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Windows\Installer\MSI9B67.tmp

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
            Category:dropped
            Size (bytes):224328
            Entropy (8bit):6.660576026391609
            Encrypted:false
            SSDEEP:
            MD5:928F4B0FC68501395F93AD524A36148C
            SHA1:084590B18957CA45B4A0D4576D1CC72966C3EA10
            SHA-256:2BF33A9B9980E44D21D48F04CC6AC4EED4C68F207BD5990B7D3254A310B944AE
            SHA-512:7F2163F651693F9B73A67E90B5C820AF060A23502667A5C32C3BEB2D6B043F5459F22D61072A744089D622C05502D80F7485E0F86EB6D565FF711D5680512372
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S-...L.I.L.I.L.Ir*.H.L.Ir*.H.L.IE$.H.L.IE$.H.L.IE$.H.L.Ir*.H.L.Ir*.H.L.Ir*.H.L.I.L.I.L.I.%.H0L.I.%.H.L.I.%.I.L.I.L`I.L.I.%.H.L.IRich.L.I........PE..L......f...........!.........R......Q........ ......................................K8....@..........................................`..x............D..H(...p......@...T...............................@............ ..,............................text...K........................... ..`.rdata..T.... ......................@..@.data....#...0......................@....rsrc...x....`....... ..............@..@.reloc.......p.......&..............@..B........................................................................................................................................................................................................................................................................................

            C:\Windows\Installer\MSI9D0E.tmp

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:data
            Category:dropped
            Size (bytes):69889
            Entropy (8bit):5.6444312209137975
            Encrypted:false
            SSDEEP:
            MD5:E3D9A8DDF227C3BE975FB98F1B7A3FED
            SHA1:C8C1B0999250A83EF730231AD1A82285B94E4F06
            SHA-256:92538B6B05CC890CAA89643DEC035019F418BBEB3D3E27F1CAD690DC53E76846
            SHA-512:BE7F0643076733D66A6EE504B106D1EED200664F1230B0DDA17FA088C696645A21DEFBFB64BCF639639FD8521E03D3610D5649277F1C1D78165A5EB07611DAF5
            Malicious:false
            Reputation:unknown
            Preview:...@IXOS.@.....@.<.Y.@.....@.....@.....@.....@.....@......&.{9C80213E-9079-4561-8D57-1FDD0D62251F}%.Microsoft .NET Runtime - 8.0.11 (x64)!.dotnet-runtime-8.0.11-win-x64.msi.@.....@.Z,@.@.....@........&.{D9788553-CDFF-4792-87FA-89ADA20ADBA7}.....@.....@.....@.....@.......@.....@.....@.......@....%.Microsoft .NET Runtime - 8.0.11 (x64)......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration.....@.....@.....@.]....&.{F81D99A3-0880-5654-AED5-B1AA39FA6285}R.02:\Software\Classes\Installer\Dependencies\dotnet_runtime_64.44.23191_x64\Version.@.......@.....@.....@......&.{E6B3315F-85DE-56F4-AA3E-2A4820293382}D.C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\.version.@.......@.....@.....@......&.{115BDECA-5A1C-5E3D-8EC7-4C45804415E5}H.C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\clretwrc.dll.@.......@.....@.....@......&.{605499FF-1868-5A10-9952-9F413E0E17EA}E.C:\Pr

            C:\Windows\Installer\MSIB760.tmp

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:data
            Category:dropped
            Size (bytes):2798
            Entropy (8bit):5.747899345208144
            Encrypted:false
            SSDEEP:
            MD5:A4EB86059CDEAB4298EB520CDCE8D35D
            SHA1:750F50FFB4ED8BA999CCAE04B56865DC73760D6A
            SHA-256:86FE7CFBC88449BF834CAB38272FF1320557F946B85D757314A314DCD80064BB
            SHA-512:4AFC76A6E2FB823DDE21D5B5AF271184B27F260E5F9F1F0D47D7409ADFDA77A9337FDB74CDD6A639D24874ECB8CC01B87BAEA236E29FB97940B00485C572055D
            Malicious:false
            Reputation:unknown
            Preview:...@IXOS.@.....@.<.Y.@.....@.....@.....@.....@.....@......&.{F59C11F0-D73F-452B-8D1D-8C33B82D8507}..Microsoft .NET Host FX Resolver - 8.0.11 (x64)!.dotnet-hostfxr-8.0.11-win-x64.msi.@.....@.Z,@.@.....@........&.{EBC96263-55B4-4BCE-B9C8-B460A20F0BE4}.....@.....@.....@.....@.......@.....@.....@.......@......Microsoft .NET Host FX Resolver - 8.0.11 (x64)......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration.....@.....@.....@.]....&.{4FD6DFC4-5859-531B-9E4A-DE2781CCA754}V.02:\Software\Classes\Installer\Dependencies\Dotnet_CLI_HostFxr_64.44.23191_x64\Version.@.......@.....@.....@......&.{88F54D57-4C26-5E97-B6AB-FB77E26C265C}3.C:\Program Files\dotnet\host\fxr\8.0.11\hostfxr.dll.@.......@.....@.....@......&.{8EC524B8-7864-5ACE-B320-2D36216EBC12}?.02:\SOFTWARE\dotnet\Setup\InstalledVersions\x64\hostfxr\Version.@.......@.....@.....@........InstallFiles..Copying new files&.File: [1], Dire

            C:\Windows\Installer\MSIBB5A.tmp

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:data
            Category:dropped
            Size (bytes):4235
            Entropy (8bit):5.717604418585785
            Encrypted:false
            SSDEEP:
            MD5:335A03626AC3D31EAA83CD83D23E5B68
            SHA1:23DD3370C519EAE3EA55F631AFB489B177942607
            SHA-256:5022D0788509FCB01E521B0292867C926A7F26087C4B889B438494EDDBBFFBCD
            SHA-512:F0BB871A0D968F3BF12711A56C8698FD6199F0C4370952C66B90F4B5C2BBCEA3A2A13340490B1593C4AABCA10BA754EFCF73FF4616109701C838C5378271FC82
            Malicious:false
            Reputation:unknown
            Preview:...@IXOS.@.....@.<.Y.@.....@.....@.....@.....@.....@......&.{362B4D0D-8438-44DA-86B2-FEC44E000FCA}".Microsoft .NET Host - 8.0.11 (x64)..dotnet-host-8.0.11-win-x64.msi.@.....@.Z,@.@.....@........&.{821DC2A6-AEB1-4796-80C6-7F7EC027B94F}.....@.....@.....@.....@.......@.....@.....@.......@....".Microsoft .NET Host - 8.0.11 (x64)......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration.....@.....@.....@.]....&.{7ECCA0D4-8C88-50DD-A538-CDC29B9350D1}Q.02:\Software\Classes\Installer\Dependencies\Dotnet_CLI_SharedHost_8.0_x64\Version.@.......@.....@.....@......&.{45399BBB-DDA5-4386-A2E9-618FB3C54A18}".C:\Program Files\dotnet\dotnet.exe.@.......@.....@.....@......&.{EA9C3F98-F9B1-5212-8980-CFEAF2B15E0D}B.22:\SOFTWARE\dotnet\Setup\InstalledVersions\x64\sharedhost\Version.@.......@.....@.....@......&.{E4E008C8-57A8-5040-BB34-03024B15B6C5}?.02:\SOFTWARE\dotnet\Setup\InstalledVersions\x64\Install

            C:\Windows\Installer\MSIC35C.tmp

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:data
            Category:dropped
            Size (bytes):154785
            Entropy (8bit):5.595879007425996
            Encrypted:false
            SSDEEP:
            MD5:9024B182D9042DAC3A4373B8827BF374
            SHA1:07E982CA29A3CC70462CECA699A1D990495B345C
            SHA-256:B34FB6EF06B109EF0E4742DC07F99C84B7D1781010067A402E83A1C55E169470
            SHA-512:0043E50BE53BE7627883D0A089AFE8931BE7F8AC3350A9C82DB811BA4179AA6EA03F10677B4060D7B87281399CCBA5CBD20F5C90382E80312422760929062224
            Malicious:false
            Reputation:unknown
            Preview:...@IXOS.@.....@.<.Y.@.....@.....@.....@.....@.....@......&.{C0790AA0-0F40-4836-85B2-677B87625E63}0.Microsoft Windows Desktop Runtime - 8.0.11 (x64)).windowsdesktop-runtime-8.0.11-win-x64.msi.@.....@.Z,@.@.....@........&.{51C0D04F-9A7A-4CAC-B790-6E8C4887FA33}.....@.....@.....@.....@.......@.....@.....@.......@....0.Microsoft Windows Desktop Runtime - 8.0.11 (x64)......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration.....@.....@.....@.]....&.{4213F37B-7D6F-5A55-BF9B-BDF2827B9691}Z.02:\Software\Classes\Installer\Dependencies\windowsdesktop_runtime_64.44.23253_x64\Version.@.......@.....@.....@......&.{04220165-4406-550C-A381-981D09686CAC}T.C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\Accessibility.dll.@.......@.....@.....@......&.{19D9349A-B353-5593-A8FE-2CBCBECDB149}Z.C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\D3DCompiler_47_cor3.dll.@.

            C:\Windows\Installer\SourceHash{362B4D0D-8438-44DA-86B2-FEC44E000FCA}

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:Composite Document File V2 Document, Cannot read section info
            Category:dropped
            Size (bytes):20480
            Entropy (8bit):1.172077043856403
            Encrypted:false
            SSDEEP:
            MD5:E862766571D9F2499D08F4D27F9A0605
            SHA1:BB77B12ACA904D81B992740E3F8578375962E7BA
            SHA-256:0787E33B9E11FD7F3CA96F4D149E5E697E6B7C937B744A7FBB8CBBFF4B046F81
            SHA-512:EDB05AA0E1A51EA52312F0D3C165EB892828093074165EA0106E26A6D1CEBCB689858550097078E26A21866D3DCD3B7C7B62CC48D74B69795942F2A4171807E1
            Malicious:false
            Reputation:unknown
            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Windows\Installer\SourceHash{9C80213E-9079-4561-8D57-1FDD0D62251F}

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:Composite Document File V2 Document, Cannot read section info
            Category:dropped
            Size (bytes):20480
            Entropy (8bit):1.1758445904787322
            Encrypted:false
            SSDEEP:
            MD5:C0CAB301F8F9C4408674D784B3967AFE
            SHA1:8AF8515A4327F24B28C29349119A1D2243B8B20D
            SHA-256:A9EAA4F9D3ECCEC4120606D39222E56C17793C1839BE9F9BBA5BEFEB0F74CFA9
            SHA-512:F5C36045E8CA2F65D87447B153E66F46E8AE94CC5BDEC447B10C77225421FA1AE473B4B344049D1C3304A6775172D46A8940996A72478AF7B5051424F842FBE0
            Malicious:false
            Reputation:unknown
            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Windows\Installer\SourceHash{C0790AA0-0F40-4836-85B2-677B87625E63}

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:Composite Document File V2 Document, Cannot read section info
            Category:dropped
            Size (bytes):20480
            Entropy (8bit):1.1798262733232967
            Encrypted:false
            SSDEEP:
            MD5:1BD81759022AC40BC125F5972C61CDD9
            SHA1:C7C71C63F3629706CC5E3F09CE2F019C23FC7455
            SHA-256:72696DFF970D5572B2D30F46CE9292DC829EC98296C27A85CCF30D01FA8E44D4
            SHA-512:720ACB3B321891CD258A81B1A6D3A4F2D98A8DD692F2D7E0F387D6D824C61F99B7E51152FE8AADD52BB431A1AEAB7B88F4F8ADB4BED5BFB787A9E82F855A5F0F
            Malicious:false
            Reputation:unknown
            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Windows\Installer\SourceHash{F59C11F0-D73F-452B-8D1D-8C33B82D8507}

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:Composite Document File V2 Document, Cannot read section info
            Category:dropped
            Size (bytes):20480
            Entropy (8bit):1.1742501069810731
            Encrypted:false
            SSDEEP:
            MD5:5F4F0007D54345AB841560CDC3034375
            SHA1:C521F801118C141F69EF67FDB04038FBCC034539
            SHA-256:7BC46857A9D907C3D1BF826B09F22D2C36C68B599228C73EA746D286A71F027D
            SHA-512:E81568A05C66D4AB7AD480D380F629B92A1F93B0ED33D792EFF457286F150EAE40ACFEF983C81EAE4EA8229E1B219FF0E9F4F5307BFC98E7BA9A3D1699F76A7D
            Malicious:false
            Reputation:unknown
            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
            Category:dropped
            Size (bytes):454234
            Entropy (8bit):5.356164742182314
            Encrypted:false
            SSDEEP:
            MD5:272440AE177B8C668A07CCEF3C82299D
            SHA1:6EE419284515A955ED43944EBF49EDBA31180732
            SHA-256:742D9C5AEF534F12BCF97E5C21AB3BE778C716F9A6BEF43B6A19B1C73CBD9FC8
            SHA-512:F9E66AD0840347AE014CC24D9A72C6AF240F46086B0F13DDEE641D2D89579508D20A45463C78C149EEE6769B19F1398BACC24A08B36EC5EBE0246AD5564B8E96
            Malicious:false
            Reputation:unknown
            Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

            C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.ba\1028\thm.wxl

            Download File
            Process:C:\Windows\Temp\{93F26B59-68D6-4D87-89B4-59703B612E2C}\.cr\mierda.exe
            File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
            Category:dropped
            Size (bytes):5611
            Entropy (8bit):6.235572422524166
            Encrypted:false
            SSDEEP:
            MD5:B9428C94444693B5E3A392C8D0B95170
            SHA1:0FB22D01F1C11CF74E844C19C96C41B1C0515D71
            SHA-256:C0413EDFD13FD27EEAB7B8CE60963668236466C48F4173C29F84093011C281AF
            SHA-512:70212889F8F8A070FBCC81EF6121999518F2BC7EF369E2A38B3F0F825870E88B9327F837DE884C52E6AC0A1C750F07121CD17EDC2E932C993C73A43275AC1180
            Malicious:false
            Reputation:unknown
            Preview:<?xml version="1.0" encoding="utf-8"?>..<WixLouserzation Culture="en-us" Language="1033" xmlns="http://schemas.microsoft.com/wix/2006/louserzation">.. <String Id="Caption">[WixBundleName] ....</String>.. <String Id="Title">[BUNDLEMONIKER]</String>.. <String Id="Motto">............. 10 ...............? ......!</String>.. <String Id="ConfirmCancelMessage">.......?</String>.. <String Id="ExecuteUpgradeRelatedBundleMessage">...</String>.. <String Id="HelpHeader">......</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - ................. ......................../passive | /quiet - .... UI ........... UI.... ........... UI ........../norestart - ................UI ....

            C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.ba\1029\thm.wxl

            Download File
            Process:C:\Windows\Temp\{93F26B59-68D6-4D87-89B4-59703B612E2C}\.cr\mierda.exe
            File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
            Category:dropped
            Size (bytes):6283
            Entropy (8bit):5.412515462910997
            Encrypted:false
            SSDEEP:
            MD5:27411946EF45B3B8236319421770E5AD
            SHA1:D00D3E2D4FA3429F2578325DE364DFCCE51D8FD4
            SHA-256:C92D3EFD72D6D14148F9931128EE4143AFFD1DA517EB358AB88ED4138C1434A4
            SHA-512:FF24B47504D6E752F1FA5BD388DA75338078F72B5D17094D2BC9426B35A55DE097629C3EC53356723253A8D7373DCB2B2D921BDF0BE6FD4A524C9AA8913277EB
            Malicious:false
            Reputation:unknown
            Preview:<?xml version="1.0" encoding="utf-8"?>..<WixLouserzation Culture="en-us" Language="1033" xmlns="http://schemas.microsoft.com/wix/2006/louserzation">.. <String Id="Caption">Instala.n. program pro [WixBundleName]</String>.. <String Id="Title">[BUNDLEMONIKER]</String>.. <String Id="Motto">Pot.ebujete jenom prost.ed., textov. editor a 10 minut .asu.....Jste p.ipraveni? Dejme se tedy do toho!</String>.. <String Id="ConfirmCancelMessage">Opravdu chcete akci zru.it?</String>.. <String Id="ExecuteUpgradeRelatedBundleMessage">P.edchoz. verze</String>.. <String Id="HelpHeader">N.pov.da k instalaci</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [adres..] . Nainstaluje, oprav., odinstaluje nebo.. vytvo.. .plnou m.stn. kopii svazku v adres..i. V.choz. mo.nost. je instalace...../passive | /quiet . Zobraz. minim.ln. u.ivatelsk. rozhran. bez v.zev nebo nezobraz. ..dn. u.ivatelsk. rozhran. a.. ..dn. v.zvy. V.choz.

            C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.ba\1031\thm.wxl

            Download File
            Process:C:\Windows\Temp\{93F26B59-68D6-4D87-89B4-59703B612E2C}\.cr\mierda.exe
            File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
            Category:dropped
            Size (bytes):6321
            Entropy (8bit):5.144950913547635
            Encrypted:false
            SSDEEP:
            MD5:B45249A2238A5568B377E58D4CE89E9A
            SHA1:57A68133AF7EF4062559D9144D9CDA4AA28722FB
            SHA-256:0C4203A81DCD01D53378036AF78CFFCF9E9A5AF7754DFBDD56584AE74C21CC61
            SHA-512:6485548B9F4E0CDBD2876B0FC4DCA5C125D260E237E994EE67823EDC72C358CDAD4E1170DF62E67A0D1249F54EE6BEA26741CBF8EAFE952154E182008F31665B
            Malicious:false
            Reputation:unknown
            Preview:<?xml version="1.0" encoding="utf-8"?>..<WixLouserzation Culture="en-us" Language="1033" xmlns="http://schemas.microsoft.com/wix/2006/louserzation">.. <String Id="Caption">[WixBundleName]-Installer</String>.. <String Id="Title">[BUNDLEMONIKER]</String>.. <String Id="Motto">Sie ben.tigen nur eine Shell, einen Text-Editor und 10 Minuten Zeit.....Bereit? Los geht's!</String>.. <String Id="ConfirmCancelMessage">M.chten Sie den Vorgang wirklich abbrechen?</String>.. <String Id="ExecuteUpgradeRelatedBundleMessage">Vorherige Version</String>.. <String Id="HelpHeader">Hilfe zum Setup</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [Verzeichnis] - installiert, repariert, deinstalliert oder.. erstellt eine vollst.ndige lokale Kopie des Bundles im Verzeichnis. Installieren ist die Standardeinstellung...../passive | /quiet - zeigt eine minimale Benutzeroberfl.che ohne Eingabeaufforderungen oder keine.. Benutzeroberfl.che und keine Eingabeaufforderungen a

            C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.ba\1036\thm.wxl

            Download File
            Process:C:\Windows\Temp\{93F26B59-68D6-4D87-89B4-59703B612E2C}\.cr\mierda.exe
            File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
            Category:dropped
            Size (bytes):6389
            Entropy (8bit):5.15785538021277
            Encrypted:false
            SSDEEP:
            MD5:9F779700FF90DF7211AE3A3340DDD5FC
            SHA1:A4E05D7A489B095AF4805660D7BAB4F2DA3AF34C
            SHA-256:6AF5C2BC88B1E5CE188A97DD9204061D66369EC2689B3657AFF1DC6188F44F22
            SHA-512:5DCA90FDB1B498BC982CC8489DD13ED492A7856B701D9FB43D46EF01D40B49D9888E7AC35BB5962DCF72241F05A4E006130F94372A7C4D7542B708E71B0663A4
            Malicious:false
            Reputation:unknown
            Preview:<?xml version="1.0" encoding="utf-8"?>..<WixLouserzation Culture="en-us" Language="1033" xmlns="http://schemas.microsoft.com/wix/2006/louserzation">.. <String Id="Caption">Programme d'installation de [WixBundleName]</String>.. <String Id="Title">[BUNDLEMONIKER]</String>.. <String Id="Motto">Vous avez juste besoin d'un interpr.teur de commandes, d'un .diteur de texte et de 10.minutes...... vos marques.? Pr.t.? Partez.!</String>.. <String Id="ConfirmCancelMessage">Voulez-vous vraiment annuler ?</String>.. <String Id="ExecuteUpgradeRelatedBundleMessage">Version pr.c.dente</String>.. <String Id="HelpHeader">Aide . l'installation</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [r.pertoire] - installe, r.pare, d.sinstalle ou.. cr.e une copie locale compl.te du bundle dans le r.pertoire. Install est l'option par d.faut...../passive | /quiet - affiche une interface utilisateur minimale, sans invite, ou n'affiche .. ni interface utilisate

            C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.ba\1040\thm.wxl

            Download File
            Process:C:\Windows\Temp\{93F26B59-68D6-4D87-89B4-59703B612E2C}\.cr\mierda.exe
            File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
            Category:dropped
            Size (bytes):6153
            Entropy (8bit):5.08027497707843
            Encrypted:false
            SSDEEP:
            MD5:347BE63418F507E7F2A086726E96FCA8
            SHA1:E42E9EBFA654134CF243841BEED2370BA12A627D
            SHA-256:344ACD0D3665BA489EB30EBC0F902C625E1AD33A4E2B5BA7CDD7E463658D5557
            SHA-512:3BBA2E5A3F5407274EDDB076702E640646DFC7EF43AD9F08C05E99F0ECCA67E6F9DE2DBE4E3743A74107165B935D36C979CEE23A22ADCF6139D5BEC47B541325
            Malicious:false
            Reputation:unknown
            Preview:<?xml version="1.0" encoding="utf-8"?>..<WixLouserzation Culture="en-us" Language="1033" xmlns="http://schemas.microsoft.com/wix/2006/louserzation">.. <String Id="Caption">Programma di installazione di [WixBundleName]</String>.. <String Id="Title">[BUNDLEMONIKER]</String>.. <String Id="Motto">Bastano solo una shell, un editor di testo e 10 minuti di tempo.....Pronti per iniziare?</String>.. <String Id="ConfirmCancelMessage">Annullare?</String>.. <String Id="ExecuteUpgradeRelatedBundleMessage">Versione precedente</String>.. <String Id="HelpHeader">Guida alla configurazione</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - installa, ripara, disinstalla o.. crea una copia locale completa del bundle nella directory. L'opzione predefinita . install...../passive | /quiet - visualizza un'interfaccia utente minima senza prompt oppure non visualizza alcuna interfaccia utente.. n. prompt. Per impostazione predefinita, viene visualizzata l'inte

            C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.ba\1041\thm.wxl

            Download File
            Process:C:\Windows\Temp\{93F26B59-68D6-4D87-89B4-59703B612E2C}\.cr\mierda.exe
            File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
            Category:dropped
            Size (bytes):7130
            Entropy (8bit):5.924193901706645
            Encrypted:false
            SSDEEP:
            MD5:E5FD798D4BBDD419A602423A699E2854
            SHA1:2ECE478D5CE4DE0C0A864F14CEA6BD365F008D81
            SHA-256:00AEC52B4564BC07302881FCFD510F7CCA535AC9E05CFD95A86738171626F6C4
            SHA-512:AB3B93B635211F112D8D820861FE77E9D7C67018688A6A2A1B82532EA9A97609F02E7E9B0DC658202CE0441554A3CB2622F6EDC61456E0D250AA8F3DF4BCBBF5
            Malicious:false
            Reputation:unknown
            Preview:<?xml version="1.0" encoding="utf-8"?>..<WixLouserzation Culture="en-us" Language="1033" xmlns="http://schemas.microsoft.com/wix/2006/louserzation">.. <String Id="Caption">[WixBundleName] .......</String>.. <String Id="Title">[BUNDLEMONIKER]</String>.. <String Id="Motto">.............. ............ 10 ....................</String>.. <String Id="ConfirmCancelMessage">.......?</String>.. <String Id="ExecuteUpgradeRelatedBundleMessage">........</String>.. <String Id="HelpHeader">..........</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - ............ ......... .................................................. ..................

            C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.ba\1042\thm.wxl

            Download File
            Process:C:\Windows\Temp\{93F26B59-68D6-4D87-89B4-59703B612E2C}\.cr\mierda.exe
            File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
            Category:dropped
            Size (bytes):6175
            Entropy (8bit):6.0499722174257835
            Encrypted:false
            SSDEEP:
            MD5:F59A0369A337B58A797DDBB5EBBDCADC
            SHA1:4E6C9501ED901B5C1D4B6713A632E899D223679B
            SHA-256:1B1B0700AA6677AFE3581B8B3F4934BF85F4750C544A108E1D5F1B688078E1CF
            SHA-512:B12134295DDDF5FC4F63E23C98C837AA02E5FCFF5191087FDC7C0B044F472487987966282B8955421DBFD480707305E0E7AF65F307655F876615AB36C24786B8
            Malicious:false
            Reputation:unknown
            Preview:<?xml version="1.0" encoding="utf-8"?>..<WixLouserzation Culture="en-us" Language="1033" xmlns="http://schemas.microsoft.com/wix/2006/louserzation">.. <String Id="Caption">[WixBundleName] .. ...</String>.. <String Id="Title">[BUNDLEMONIKER]</String>.. <String Id="Motto">., ... ..., 10.. ... ... ..............? .....!</String>.. <String Id="ConfirmCancelMessage">........?</String>.. <String Id="ExecuteUpgradeRelatedBundleMessage">.. ..</String>.. <String Id="HelpHeader">.. ...</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - ..... ... .. .. .... .., .., .. .... ...... ... .........../passive | /quiet - .... .. .. UI. ..... UI ... ..... .... ..... ..... UI. .. ..... .....

            C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.ba\1045\thm.wxl

            Download File
            Process:C:\Windows\Temp\{93F26B59-68D6-4D87-89B4-59703B612E2C}\.cr\mierda.exe
            File Type:XML 1.0 document, Unicode text, UTF-8 text, with very long lines (343), with CRLF line terminators
            Category:dropped
            Size (bytes):6421
            Entropy (8bit):5.347808263199206
            Encrypted:false
            SSDEEP:
            MD5:8CFBEE02F1C88567CD9AA747FF27182E
            SHA1:ED18F294EC1E36629900DB42797F1499DB080F4F
            SHA-256:D92B3838DE7A1685CCBD04FC9C123704FBD198BFD284D8FAECE4A3663494E75A
            SHA-512:63C53C29382BADB2AECFB67284755CAE978AF114F957A1B3466B91DE8559D6DD4B2BD4B993589E3AD25AB316E90D2C99479A4589057DC8B80C88BB552E7EA519
            Malicious:false
            Reputation:unknown
            Preview:<?xml version="1.0" encoding="utf-8"?>..<WixLouserzation Culture="en-us" Language="1033" xmlns="http://schemas.microsoft.com/wix/2006/louserzation">.. <String Id="Caption">Instalator pakietu [WixBundleName]</String>.. <String Id="Title">[BUNDLEMONIKER]</String>.. <String Id="Motto">Potrzebujemy tylko pow.oki, edytora tekstu i 10 minut czasu.....Wszystko gotowe? Zaczynamy!</String>.. <String Id="ConfirmCancelMessage">Czy na pewno chcesz anulowa.?</String>.. <String Id="ExecuteUpgradeRelatedBundleMessage">Poprzednia wersja</String>.. <String Id="HelpHeader">Pomoc dotycz.ca instalacji</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [katalog] - Instaluje, naprawia, odinstalowuje.. lub tworzy pe.n. lokaln. kopi. pakietu w katalogu. Domy.lnie jest u.ywany prze..cznik install...../passive | /quiet - Wy.wietla ograniczony interfejs u.ytkownika bez monit.w albo nie wy.wietla ani interfejsu u.ytkownika,.. ani monit.w. Domy.lnie jest wy.wi

            C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.ba\1046\thm.wxl

            Download File
            Process:C:\Windows\Temp\{93F26B59-68D6-4D87-89B4-59703B612E2C}\.cr\mierda.exe
            File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
            Category:dropped
            Size (bytes):6068
            Entropy (8bit):5.196129338199214
            Encrypted:false
            SSDEEP:
            MD5:88CB193F0B0C15023D789E0F8FCE3E03
            SHA1:38E1390A410D751C6376F5E23A0933FA08C8AEC5
            SHA-256:4D6A2D306ABE77E7DBDB2609F6198B4CF99B3F9DC15B9DC72951592AD2F64384
            SHA-512:B894E05C79C95D03481211DE8FCDE00D79767AD3B3483AC95D8B16421D719473D7A9829D996B60EC1ABC3830048FEEA1CF49BACAAA3ADDA0DFD5971EC2EA5F1A
            Malicious:false
            Reputation:unknown
            Preview:<?xml version="1.0" encoding="utf-8"?>..<WixLouserzation Culture="en-us" Language="1033" xmlns="http://schemas.microsoft.com/wix/2006/louserzation">.. <String Id="Caption">Instalador do [WixBundleName]</String>.. <String Id="Title">[BUNDLEMONIKER]</String>.. <String Id="Motto">Voc. s. precisa de um shell, um editor de texto e 10 minutos de seu tempo.....Tudo pronto? Ent.o, vamos nessa!</String>.. <String Id="ConfirmCancelMessage">Tem certeza de que deseja cancelar?</String>.. <String Id="ExecuteUpgradeRelatedBundleMessage">Vers.o anterior</String>.. <String Id="HelpHeader">Ajuda de Instala..o</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [diret.rio] - instala, repara, desinstala ou.. cria uma c.pia local completa do pacote no diret.rio. Install . o padr.o..../passive | /quiet - exibe a interface do usu.rio m.nima sem nenhum prompt ou n.o exibe nenhuma interface do usu.rio e.. nenhum prompt. Por padr.o, a interface do usu.rio e t

            C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.ba\1049\thm.wxl

            Download File
            Process:C:\Windows\Temp\{93F26B59-68D6-4D87-89B4-59703B612E2C}\.cr\mierda.exe
            File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
            Category:dropped
            Size (bytes):8007
            Entropy (8bit):5.451843005546111
            Encrypted:false
            SSDEEP:
            MD5:1D628F2E1DBAA25BDD8CF2D7F2A9CAF2
            SHA1:5C4F2A69772A20088779E7288FB37CFB6EAF4C42
            SHA-256:C7CC8E0BDD4F82DA33984F553B576412DF69C5E1E5B8479542D024CB6B41D050
            SHA-512:F6D3969F48B42A2F6EED8EFDA3A9EB5F5D9A4B69C6039BD7EB72CDB1E01B2C69DC4BECAA8133B7DDD7A6325CBB17BC56FB11BAFA7FADFD1AFA9A84B6FE3CA0EC
            Malicious:false
            Reputation:unknown
            Preview:<?xml version="1.0" encoding="utf-8"?>..<WixLouserzation Culture="en-us" Language="1033" xmlns="http://schemas.microsoft.com/wix/2006/louserzation">.. <String Id="Caption">.......... [WixBundleName]</String>.. <String Id="Title">[BUNDLEMONIKER]</String>.. <String Id="Motto">... ......... ...... ........, ......... ........ . 10...... ..................? ..... ........!</String>.. <String Id="ConfirmCancelMessage">.. ............. ...... ........?</String>.. <String Id="ExecuteUpgradeRelatedBundleMessage">.......... ......</String>.. <String Id="HelpHeader">....... .. .........</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [.......] . ........., .............., ........ ..... ........ ...... ......... ..... ...... . ......

            C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.ba\1055\thm.wxl

            Download File
            Process:C:\Windows\Temp\{93F26B59-68D6-4D87-89B4-59703B612E2C}\.cr\mierda.exe
            File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
            Category:dropped
            Size (bytes):6154
            Entropy (8bit):5.342211356119282
            Encrypted:false
            SSDEEP:
            MD5:2897BAEC061B9A89661744685FE3C217
            SHA1:904753D6DAF2EE3A05319F045E4F2028A8AB576C
            SHA-256:285E32E649EB71A68F29BCA7321A6CADE50D79F94DD89E50ECE1197DD70E7633
            SHA-512:574F3FEC930CF960DD9725CE1298501D7AD88AC59EFCFB61032A2C3F3BBB12EF91BBC1CA63D1516DAD93FA202C25655754AE1C5BC6607B5CA7A0209F7A55576E
            Malicious:false
            Reputation:unknown
            Preview:<?xml version="1.0" encoding="utf-8"?>..<WixLouserzation Culture="en-us" Language="1033" xmlns="http://schemas.microsoft.com/wix/2006/louserzation">.. <String Id="Caption">[WixBundleName] Y.kleyicisi</String>.. <String Id="Title">[BUNDLEMONIKER]</String>.. <String Id="Motto">Yaln.zca bir kabu.a, bir metin d.zenleyicisine ve 10 dakikal.k bir zamana ihtiyac.n.z var.....Haz.r m.s.n.z? Haydi ba.layal.m!</String>.. <String Id="ConfirmCancelMessage">.ptal etmek istedi.inizden emin misiniz?</String>.. <String Id="ExecuteUpgradeRelatedBundleMessage">.nceki s.r.m</String>.. <String Id="HelpHeader">Kurulum Yard.m.</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [dizin] - y.kler, onar.r, kald.r.r ya da.. dizindeki paketin tam bir yerel kopyas.n. olu.turur. Varsay.lan install de.eridir...../passive | /quiet - en az d.zeyde istemsiz UI g.sterir ya da hi. UI g.stermez ve.. istem yoktur. Varsay.lan olarak UI ve t.m istemler g.

            C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.ba\2052\thm.wxl

            Download File
            Process:C:\Windows\Temp\{93F26B59-68D6-4D87-89B4-59703B612E2C}\.cr\mierda.exe
            File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
            Category:dropped
            Size (bytes):5574
            Entropy (8bit):6.2165153145467595
            Encrypted:false
            SSDEEP:
            MD5:ED946A363E47DCC77017EC10B1032C54
            SHA1:C37B26426B51F9E5F405EF7798833FC017E653D4
            SHA-256:3BB9CE59BA1C4B76FA6B35F544E2B04C85387053EDD8B25D8C8D4FE637FB0A85
            SHA-512:FC65E04A87E5ADD299B71F1332D47F9E4D46F7F97139BBAF101CE0A1D7DF9D7DB8C33E4625CA9748C7607F4D43FF93E612B57ACD38DD5264FC6924446BF881BE
            Malicious:false
            Reputation:unknown
            Preview:<?xml version="1.0" encoding="utf-8"?>..<WixLouserzation Culture="en-us" Language="1033" xmlns="http://schemas.microsoft.com/wix/2006/louserzation">.. <String Id="Caption">[WixBundleName] ....</String>.. <String Id="Title">[BUNDLEMONIKER]</String>.. <String Id="Motto">...... shell............ 10 ..............? ...? ......!</String>.. <String Id="ConfirmCancelMessage">.......?</String>.. <String Id="ExecuteUpgradeRelatedBundleMessage">....</String>.. <String Id="HelpHeader">......</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [..] - .......... ..................Install ........../passive | /quiet - ..... UI ......... UI ... ........ UI ........../norestart - ................

            C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.ba\3082\thm.wxl

            Download File
            Process:C:\Windows\Temp\{93F26B59-68D6-4D87-89B4-59703B612E2C}\.cr\mierda.exe
            File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
            Category:dropped
            Size (bytes):6048
            Entropy (8bit):5.110353724144242
            Encrypted:false
            SSDEEP:
            MD5:1474C297B47C24D9E8E937CCBF50C4B2
            SHA1:012226924911C23DCC220BD653C329A304B2BA58
            SHA-256:FAB76FA9382A7793309C9B07D5BAAA3EFD8553172D46F8B69E22E30B635BB146
            SHA-512:3428682ED3EC803E709B30251C4233DB7C825EEFBFD718777211B6B80CD5EE36CBA1D08850E6294D4C4148E8D640171FD62764CBEDD7C9AC3BD628B48BF010F5
            Malicious:false
            Reputation:unknown
            Preview:<?xml version="1.0" encoding="utf-8"?>..<WixLouserzation Culture="en-us" Language="1033" xmlns="http://schemas.microsoft.com/wix/2006/louserzation">.. <String Id="Caption">Instalador de [WixBundleName]</String>.. <String Id="Title">[BUNDLEMONIKER]</String>.. <String Id="Motto">Solo necesita un shell, un editor de texto y 10 minutos......Preparados? .Listos? .Ya!</String>.. <String Id="ConfirmCancelMessage">.Est. seguro de que desea cancelar?</String>.. <String Id="ExecuteUpgradeRelatedBundleMessage">Versi.n anterior</String>.. <String Id="HelpHeader">Ayuda de configuraci.n</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - instala, repara, desinstala o.. crea una copia local completa del paquete en el directorio. Install es la opci.n predeterminada...../passive | /quiet - muestra una IU m.nima sin peticiones, o bien no muestra la IU .. ni las peticiones. De forma predeterminada, se muestran la IU y todas las peticiones...../nore

            C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.ba\BootstrapperApplicationData.xml

            Download File
            Process:C:\Windows\Temp\{93F26B59-68D6-4D87-89B4-59703B612E2C}\.cr\mierda.exe
            File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with very long lines (600), with CRLF line terminators
            Category:dropped
            Size (bytes):8048
            Entropy (8bit):3.7601200674134136
            Encrypted:false
            SSDEEP:
            MD5:78123FF0EDB239E15DB54110981296CA
            SHA1:94AC7DD635D70F116F7189E307B9F97B504B2274
            SHA-256:57ABBEA8CD2EAF13A952B40C361F0693FF771B2B8588B6AB5D3804358F7E25D0
            SHA-512:1A34C427E8C4548585FE6F374DC101989C8BAC860E02A94C955DF5ECDB6E36EEB2633A776AF5136BA9A6A0741FADBE3A456BF1D2BAB214EC2839B8B137FCA3A5
            Malicious:false
            Reputation:unknown
            Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.B.o.o.t.s.t.r.a.p.p.e.r.A.p.p.l.i.c.a.t.i.o.n.D.a.t.a. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.x./.2.0.1.0./.B.o.o.t.s.t.r.a.p.p.e.r.A.p.p.l.i.c.a.t.i.o.n.D.a.t.a.".>..... . .<.W.i.x.B.a.l.C.o.n.d.i.t.i.o.n. .C.o.n.d.i.t.i.o.n.=.".(.(.V.e.r.s.i.o.n.N.T. .&.g.t.;. .v.6...1.). .O.R. .(.V.e.r.s.i.o.n.N.T. .=. .v.6...1. .A.N.D. .S.e.r.v.i.c.e.P.a.c.k.L.e.v.e.l. .&.g.t.;.=. .1.).).". .M.e.s.s.a.g.e.=.".#.(.l.o.c...F.a.i.l.u.r.e.N.o.t.S.u.p.p.o.r.t.e.d.C.u.r.r.e.n.t.O.p.e.r.a.t.i.n.g.S.y.s.t.e.m.).". ./.>..... . .<.W.i.x.B.a.l.C.o.n.d.i.t.i.o.n. .C.o.n.d.i.t.i.o.n.=.".V.e.r.s.i.o.n.N.T.6.4.". .M.e.s.s.a.g.e.=.".#.(.l.o.c...F.a.i.l.u.r.e.N.o.t.S.u.p.p.o.r.t.e.d.X.8.6.O.p.e.r.a.t.i.n.g.S.y.s.t.e.m.).". ./.>..... . .<.W.i.x.B.u.n.d.l.e.P.r.o.p.e.r.t.i.e.s. .D.i.s.p.l.a.y.N.a.m.e.=.".M.i.c.r.o.s.o.f.t. .W.i.n.d.o.w.s. .D.e.s.k.t.o.p. .R.u.n.t.i.m.e. .-. .8...0...1.1. .(.x.6.

            C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.ba\bg.png

            Download File
            Process:C:\Windows\Temp\{93F26B59-68D6-4D87-89B4-59703B612E2C}\.cr\mierda.exe
            File Type:PNG image data, 620 x 418, 8-bit/color RGBA, non-interlaced
            Category:dropped
            Size (bytes):4601
            Entropy (8bit):6.635104571353389
            Encrypted:false
            SSDEEP:
            MD5:9EB0320DFBF2BD541E6A55C01DDC9F20
            SHA1:EB282A66D29594346531B1FF886D455E1DCD6D99
            SHA-256:9095BF7B6BAA0107B40A4A6D727215BE077133A190F4CA9BD89A176842141E79
            SHA-512:9ADA3A1757A493FBB004BD767FAB8F77430AF69D71479F340B8B8EDE904CC94CD733700DB593A4A2D2E1184C0081FD0648318D867128E1CB461021314990931D
            Malicious:false
            Reputation:unknown
            Preview:.PNG........IHDR...l.........Z..|....sRGB.........gAMA......a.....pHYs..........o.d... IDATx^..}.].]...}...&..+.Ij.D..qp.b.......v(....h.[...E|.:.+.h..N...V.....`K.....BR.[....l...z_=.....K..n.....o...s.=.nf.s.9'........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................N~.......S.Y.v.>{A......S?..H.`..H.`..H.`..H.`..H.`..H.`..H.`..H.`..H.`..H.`..H.`..H.`..H.`..H.`..H.`..H.`..H.`..H.`..H.`..H.`..H.`..H.`..H.`..H.`..H.`..H.`..H.`..H.`..H.`..H.`..H.`..H.`..H.`..H.`..

            C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.ba\eula.rtf

            Download File
            Process:C:\Windows\Temp\{93F26B59-68D6-4D87-89B4-59703B612E2C}\.cr\mierda.exe
            File Type:Rich Text Format data, version 1, ANSI, code page 1252, default middle east language ID 1025
            Category:dropped
            Size (bytes):47889
            Entropy (8bit):5.0783959060546975
            Encrypted:false
            SSDEEP:
            MD5:CC06442CFC33D0AE6509143325C05110
            SHA1:FC635958A57B88F63545CBEE1A37E3458CC547B0
            SHA-256:72F2E7B06C562F1DD6CB3F6EFDCCD9AE620A183E598856AB3CBA6D712254824A
            SHA-512:4D8A79347104501D89150A738DE24F700DC5D54D7CB05359C853A1189BF12B42E53B9E0B0D4A963C6AAA027D46D80A01AB2740BEE5D145C3597F1A7EFB48D4A9
            Malicious:false
            Reputation:unknown
            Preview:{\rtf1\adeflang1025\ansi\ansicpg1252\uc1\adeff31507\deff0\stshfdbch31505\stshfloch31506\stshfhich31506\stshfbi31507\deflang1033\deflangfe1033\themelang1033\themelangfe0\themelangcs0{\fonttbl{\f0\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman;}{\f0\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman;}..{\f37\fbidi \fswiss\fcharset0\fprq2{\*\panose 020f0502020204030204}userbri;}{\flomajor\f31500\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman;}..{\fdbmajor\f31501\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman;}{\fhimajor\f31502\fbidi \fswiss\fcharset0\fprq2{\*\panose 020f0302020204030204}userbri Light;}..{\fbimajor\f31503\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman;}{\flominor\f31504\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman;}..{\fdbminor\f31505\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Tim

            C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.ba\thm.wxl

            Download File
            Process:C:\Windows\Temp\{93F26B59-68D6-4D87-89B4-59703B612E2C}\.cr\mierda.exe
            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):5714
            Entropy (8bit):5.130490122689639
            Encrypted:false
            SSDEEP:
            MD5:D5070CB3387A0A22B7046AE5AB53F371
            SHA1:BC9DA146A42BBF9496DE059AC576869004702A97
            SHA-256:81A68046B06E09385BE8449373E7CEB9E79F7724C3CF11F0B18A4489A8D4926A
            SHA-512:8FCF621FB9CE74725C3712E06E5B37B619145078491E828C6069E153359DE3BD5486663B1FA6F3BCF1C994D5C556B9964EA1A1355100A634A6C700EF37D381E3
            Malicious:false
            Reputation:unknown
            Preview:<?xml version="1.0" encoding="utf-8"?>..<WixLouserzation Culture="en-us" Language="1033" xmlns="http://schemas.microsoft.com/wix/2006/louserzation">.. <String Id="Caption">[WixBundleName] Installer</String>.. <String Id="Title">[BUNDLEMONIKER]</String>.. <String Id="Motto">You just need a shell, a text editor and 10 minutes of your time.....Ready? Set? Let's go!</String>.. <String Id="ConfirmCancelMessage">Are you sure you want to cancel?</String>.. <String Id="ExecuteUpgradeRelatedBundleMessage">Previous version</String>.. <String Id="HelpHeader">Setup Help</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - installs, repairs, uninstalls or.. creates a complete local copy of the bundle in directory. Install is the default...../passive | /quiet - displays minimal UI with no prompts or displays no UI and.. no prompts. By default UI and all prompts are displayed...../norestart - suppress any attempts to restart. By default UI will prompt

            C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.ba\thm.xml

            Download File
            Process:C:\Windows\Temp\{93F26B59-68D6-4D87-89B4-59703B612E2C}\.cr\mierda.exe
            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):11327
            Entropy (8bit):5.15671975859509
            Encrypted:false
            SSDEEP:
            MD5:302563A713B142EE41B59E3EEAC53A90
            SHA1:1340E90CC3C6C5FC19A7FEB61D7779F4A4F0FDB5
            SHA-256:83CA096F7BA2C83FC3B3AEB697B8139A788FA35EB8632943E26BB9FFF7C78E63
            SHA-512:C9D4DFC20802BB542178300D1044BB94B35593B834AB0B50875A32953F890E48DA456199128500E2C1FEE26EAAF8C2C4FCAFFB308B37914215F900CDD5C4CBC8
            Malicious:false
            Reputation:unknown
            Preview:<?xml version="1.0" encoding="utf-8"?>..<Theme xmlns="http://wixtoolset.org/schemas/thmutil/2010">.. <Window Width="660" Height="468" HexStyle="100a0000" FontId="0">#(loc.Caption)</Window>.. <Font Id="0" Height="-12" Weight="500" Foreground="000000" Background="FFFFFF">Segoe UI</Font>.. <Font Id="1" Height="-24" Weight="900" Foreground="FFFFFF" Background="D42B51">Segoe UI</Font>.. <Font Id="2" Height="-22" Weight="500" Foreground="666666">Segoe UI</Font>.. <Font Id="3" Height="-12" Weight="500" Foreground="000000" Background="FFFFFF">Segoe UI</Font>.. <Font Id="4" Height="-12" Weight="500" Foreground="ff0000" Background="FFFFFF" Underline="yes">Segoe UI</Font>.. <Font Id="5" Height="-14" Weight="500" Foreground="444444">Segoe UI</Font>.... <Text Name="Title" X="11" Y="11" Width="-11" Height="64" FontId="1" Visible="yes" Center="yes" DisablePrefix="yes">#(loc.Title)</Text>.... <Page Name="Help">.. <Text X="0" Y="0" Width="620" Height="75" FontId="1" />..

            C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\.ba\wixstdba.dll

            Download File
            Process:C:\Windows\Temp\{93F26B59-68D6-4D87-89B4-59703B612E2C}\.cr\mierda.exe
            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
            Category:dropped
            Size (bytes):195528
            Entropy (8bit):6.6344579318141585
            Encrypted:false
            SSDEEP:
            MD5:F1919C6BD85D7A78A70C228A5B227FBE
            SHA1:71647EBF4E7BED3BC1663D520419AC550FE630FF
            SHA-256:DCEA15F3710822FFC262E62EC04CC7BBBF0F33F5D1A853609FBFB65CB6A45640
            SHA-512:C7FF9B19C9BF320454A240C6ABBC382950176A6BEFCE05EA73150EEB0085D0B6ED5B65B2DCB4B04621EF9CCA1D5C4E59C6682B9C85D1D5845E5CE3E5EEDFD2EB
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........S...S...S...6...Y...6...........C.......B.......L...6...F...6...R...6...N...S...........J.......R.......R...S.k.R.......R...RichS...................PE..L...k..f...........!......................................................................@..............................................................'..........p...T..............................@...............T............................text...k........................... ..`.rdata..............................@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................

            C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\dotnet_host_8.0.11_win_x64.msi

            Download File
            Process:C:\Windows\Temp\{93F26B59-68D6-4D87-89B4-59703B612E2C}\.cr\mierda.exe
            File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Microsoft .NET Host - 8.0.11 (x64), Author: Microsoft Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Microsoft .NET Host - 8.0.11 (x64)., Template: x64;1033, Revision Number: {821DC2A6-AEB1-4796-80C6-7F7EC027B94F}, Create Time/Date: Thu Oct 17 23:43:58 2024, Last Saved Time/Date: Thu Oct 17 23:43:58 2024, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.14.1.9323), Security: 2
            Category:dropped
            Size (bytes):720896
            Entropy (8bit):6.4600879618022065
            Encrypted:false
            SSDEEP:
            MD5:AEF2D4D02B45FA95D8ABCAC57E60D21B
            SHA1:11C91E25DCF7F1357AB0FB0A6307A71B45DAB754
            SHA-256:EBE13E660C208681E2F1C10FA59D8B37540F2E6187751703FA5BBB5F4B300EB1
            SHA-512:C78E41D5B2C845C106B088881CF72DDDF64BE09F72D7AC6078E944E7C9F6AFB428E0BAD7FEC45BB539AD04694467FC302E0A915522123FE02F80BFE1762C2EF1
            Malicious:false
            Reputation:unknown
            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\dotnet_hostfxr_8.0.11_win_x64.msi

            Download File
            Process:C:\Windows\Temp\{93F26B59-68D6-4D87-89B4-59703B612E2C}\.cr\mierda.exe
            File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Microsoft .NET Host FX Resolver - 8.0.11 (x64), Author: Microsoft Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Microsoft .NET Host FX Resolver - 8.0.11 (x64)., Template: x64;1033, Revision Number: {EBC96263-55B4-4BCE-B9C8-B460A20F0BE4}, Create Time/Date: Thu Oct 17 23:36:28 2024, Last Saved Time/Date: Thu Oct 17 23:36:28 2024, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.14.1.9323), Security: 2
            Category:dropped
            Size (bytes):790528
            Entropy (8bit):6.679922945107014
            Encrypted:false
            SSDEEP:
            MD5:D73DE5788AB129F16AFDD990D8E6BFA9
            SHA1:88CB87AF50EA4999E2079D9269CE64C8EB1A584E
            SHA-256:4F9AC5A094E9B1B4F0285E6E69C2E914E42DCC184DFE6FE93894F8E03CA6C193
            SHA-512:BFC32F9A20E30045F5207446C6AB6E8EF49A3FD7A5A41491C2242E10FEE8EFD2F82F81C3FF3BF7681E5E660FDE065A315A89D87E9F488C863421FE1D6381BA3B
            Malicious:false
            Reputation:unknown
            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Windows\Temp\{BB14F8DD-1589-4F68-81CA-1146AB4EDB32}\windowsdesktop_runtime_8.0.11_win_x64.msi

            Download File
            Process:C:\Windows\Temp\{93F26B59-68D6-4D87-89B4-59703B612E2C}\.cr\mierda.exe
            File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Microsoft Windows Desktop Runtime - 8.0.11 (x64), Author: Microsoft Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Microsoft Windows Desktop Runtime - 8.0.11 (x64)., Template: x64;1033, Revision Number: {51C0D04F-9A7A-4CAC-B790-6E8C4887FA33}, Create Time/Date: Tue Oct 22 02:30:28 2024, Last Saved Time/Date: Tue Oct 22 02:30:28 2024, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.14.1.9323), Security: 2
            Category:dropped
            Size (bytes):30486528
            Entropy (8bit):7.995102741216996
            Encrypted:true
            SSDEEP:
            MD5:230FED97D6F8EAB7800E2316FEF53C00
            SHA1:7A97F51462584F6A8CC9EB08DA654DEA4D2B7FBA
            SHA-256:C9AAA2AB9905ABBBECFF1AD3C3ECBAE1F4D7FE8A063F3BFD2FCFE5176FCB169D
            SHA-512:E0AF63D92AECC632B1273E63B5327D2CA9EA3D7A086807205043E4BC76050A22DE786E419C1D95A8A8521F39AF8C4DC6CF9563DD88E3174E5E87A2D30A6F2352
            Malicious:false
            Reputation:unknown
            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Windows\Temp\~DF40C13B7B15E4D3E9.TMP

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:Composite Document File V2 Document, Cannot read section info
            Category:dropped
            Size (bytes):20480
            Entropy (8bit):1.5809508498119202
            Encrypted:false
            SSDEEP:
            MD5:B84C9CF883BA338D6EBEEB20B003EA1C
            SHA1:E4C09274661CC9BA80EFD5F98E5F5CD1431C2A4F
            SHA-256:439F19B1CFE2C21525F2E8BAEFAE463DA0CE84556F032C5A5D30AE20052A12E4
            SHA-512:E9BE9C87D4187FD9779FD7388E8767DF7CFC6C9E36837F4520B86CE10EBA307CA1F0A80D55976535101B40D0DF2000CA17DF94BCAF98B87FB4A85EA77FDBFD9F
            Malicious:false
            Reputation:unknown
            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Windows\Temp\~DF4432D95706980A37.TMP

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:data
            Category:dropped
            Size (bytes):32768
            Entropy (8bit):0.07992663949499662
            Encrypted:false
            SSDEEP:
            MD5:76F80871844D53B66E47517D78AD0A94
            SHA1:0FD44E38BE90A7A92DAD36AD21BAB27775CDA4D3
            SHA-256:26250C5843A798C2632D4E4FF0B25CEEBBB4E64E702172BC60C128DEA3D19BA2
            SHA-512:457E8E1247A6E96F2CE7BFD1A9B5F53228AC182CE679F0DD2CC1FC39AB86109D0E8F25475DF25AE815F10D9C8CBD73930182AFC20DC38D889ACFF155232E3E4D
            Malicious:false
            Reputation:unknown
            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Windows\Temp\~DF7CCE73570ED8880C.TMP

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:data
            Category:dropped
            Size (bytes):69632
            Entropy (8bit):0.13311996009994845
            Encrypted:false
            SSDEEP:
            MD5:404530EC565AB0CDCE888840A097EED9
            SHA1:2B7F2A6225A1F016B8CB4379DD04DB5B827AE2B2
            SHA-256:04B9A6894EAC1778F9B9598AEFE8B7F763F2800665D24E5064ACA7E1D8570449
            SHA-512:E105A694A8D82AF28812280A6068CDC85F8443A229541FD2B07725627FDD95F26EE4FA7E782157F4BC86417F5DAFC76D228F3A649CEA3DA03442CBFBE2D729E7
            Malicious:false
            Reputation:unknown
            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Windows\Temp\~DF828E988EBFC49203.TMP

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:Composite Document File V2 Document, Cannot read section info
            Category:dropped
            Size (bytes):20480
            Entropy (8bit):1.5743373163717986
            Encrypted:false
            SSDEEP:
            MD5:AC370A1F53FB693D016B4B7E2B82C7AE
            SHA1:0C37C22864213DDE42BF5AC5C3BA78BD2C9AB497
            SHA-256:F2A2B332C63BBEC9148225B7E6FFA5E8D27ED94CAB41051D54210C5CB1E99589
            SHA-512:429E1F09B92CB95171019C5315CB44C47AD6EB73947CF54FE8DA6C10D5D0E862FB803727DEB60CD548CE06B07B982B32F445D614C0F046B68B199447E1CEBE84
            Malicious:false
            Reputation:unknown
            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Windows\Temp\~DF86AE54F682E7157B.TMP

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:Composite Document File V2 Document, Cannot read section info
            Category:dropped
            Size (bytes):32768
            Entropy (8bit):1.2566101201206403
            Encrypted:false
            SSDEEP:
            MD5:B0EC68561F9D40B420535564EB9D0E94
            SHA1:E5F52F4AEC9FF8D70B2B8988E03113C40A93A830
            SHA-256:2116F08B5F6CB8A979903072730D6794EC3A4CEFFA43B198FDA24E1CDDA3F99B
            SHA-512:9ACA341E094C9125D39FAF2DABF9D1B22A863EF629E69D21C86C8BEC22A09ACE8938DFAA2F59A62D0FA80F294FBF301AC5731B0FB211E255475BB29F5CBFA99A
            Malicious:false
            Reputation:unknown
            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Windows\Temp\~DF8A51156A50E58CE0.TMP

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:data
            Category:dropped
            Size (bytes):69632
            Entropy (8bit):0.14657262586456882
            Encrypted:false
            SSDEEP:
            MD5:37923DC0F652314F37B247D2845B1A0F
            SHA1:4242779D4AFAEFC997FA12E95EDFD16A17AA78C3
            SHA-256:7EBC6DE51D71FDE9ABC184EC36046B3D7636DF816C90C7B99EA1BD6EA90BB028
            SHA-512:08579C7F6F87DB1539F04726E8EF250174561472FC803F18F9F2BC73B81CBC4E9C650468457A385DB35F2D6A77ABB2D20F83D6F6FD88EEBF2F7F45B891E9A6FA
            Malicious:false
            Reputation:unknown
            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Windows\Temp\~DF8B7B17B00AC2A482.TMP

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:Composite Document File V2 Document, Cannot read section info
            Category:dropped
            Size (bytes):32768
            Entropy (8bit):1.2346261898275301
            Encrypted:false
            SSDEEP:
            MD5:581A6AA74052327A6AAF714C96AAA667
            SHA1:29AE1D2B9B1F4048A23F272FE73EB1D30179F670
            SHA-256:B5D08FBE89D080E3B33A38A9F861605A0375D0DF0267A5FDB2CCE1F36055D1B9
            SHA-512:328A70C8184722F8E0E7657E3D03C59B6A7E42EB14A2ED47130FBF7DC399E836C48F075018670EA176B6CC840223F4962BDBA14FB52CB34A2378E491CB177774
            Malicious:false
            Reputation:unknown
            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Windows\Temp\~DF943CFDAFAB80D888.TMP

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:Composite Document File V2 Document, Cannot read section info
            Category:dropped
            Size (bytes):32768
            Entropy (8bit):1.258278747504009
            Encrypted:false
            SSDEEP:
            MD5:E1BE51CE8F4999B4BAD29DE61E6F2F2F
            SHA1:3E165C9AFB0BE517B070C4FC28921D7A5439CD1B
            SHA-256:1EAE615D73E580CF454C1CDC8AAF62D6E0C84A60F597FF4B224DE404D03E66EA
            SHA-512:E88FA9AF439D9C0F2CE43B257C8E8419DDDBAFFFF8AB88461CAC7AD504E01BA1B6CD1C8407652A37BC3A778348A94531EA1508D596AF85B55465727E424B3CA8
            Malicious:false
            Reputation:unknown
            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Windows\Temp\~DF9AC0F052E80BCDDD.TMP

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:Composite Document File V2 Document, Cannot read section info
            Category:dropped
            Size (bytes):32768
            Entropy (8bit):1.263330518972975
            Encrypted:false
            SSDEEP:
            MD5:3EF38AEF13B912F06226D143D27F0430
            SHA1:752F7801F9C733020586F10AE280D23329CE5156
            SHA-256:349DDB4B86129CCBF91FEDD15FD7F71D16DF5EE17B6B8860F4FA9F3588FD72E5
            SHA-512:CAC99119CA98DB5A8725E84E920F4194F1CA80183565F95A4449BC96E970D5987BF4825A8C6D43B68208DB16E6785FC733E5285583212E7C734158408F0C7E8A
            Malicious:false
            Reputation:unknown
            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Windows\Temp\~DFAC9D63F69D1CEEA6.TMP

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:data
            Category:dropped
            Size (bytes):32768
            Entropy (8bit):0.07797218943672189
            Encrypted:false
            SSDEEP:
            MD5:4EC4E492EBEB753C4F915B31950AC8D0
            SHA1:BAB5F87173442D8517A72AC17FF1B1FEA71FD97E
            SHA-256:0131417FA5FCD6603F9E5C496DCDE4DA9F61E0231178304D3D6F24C1BF820498
            SHA-512:BF6FAAA6126B3844CD53371FF6729E23BF760ECC498BF1A86D5DA873B35BF7F41AE58C91F030A90D03789B50A59A5A92424B71795D4EE576B11C6A7A342C1046
            Malicious:false
            Reputation:unknown
            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Windows\Temp\~DFAF5F3BD65DAFE8A4.TMP

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:Composite Document File V2 Document, Cannot read section info
            Category:dropped
            Size (bytes):20480
            Entropy (8bit):1.5718302353410916
            Encrypted:false
            SSDEEP:
            MD5:197DB7AE7C890FAAE5231CEF7A235F72
            SHA1:63F5652E16E161EB582DE73EE4EA9B70AB6F73F7
            SHA-256:01169698C744979B27737B1A4FC61391B5C88AEC862923981F8AFCE572433DD4
            SHA-512:337B1E199CD68C50F7B1D4B37F1912A20161A3C80A4265E15D5A8648DEB7DCD5A7A52D20A39285F83626FD0A10091AA2D98474D223AE7F168B4224B7FE8CF088
            Malicious:false
            Reputation:unknown
            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Windows\Temp\~DFC2AC08FCA2B253B3.TMP

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:data
            Category:dropped
            Size (bytes):32768
            Entropy (8bit):0.08281527213831316
            Encrypted:false
            SSDEEP:
            MD5:2A0B79DBE619C0E70DF317DAD2E18737
            SHA1:D801F2062B2C13D6E7930A00B761D39AFFC5E320
            SHA-256:1FD9433E37DE47CB3D93BFA8A1DAC5361DA2817751766301829BB1879984ABCB
            SHA-512:B83541807F79B4DDF02DC375721C3988480C2AF4BC5AEE7986A4F2C922265D834FF7F3D20486E1EF839C9A7B39590D7C283110FFD80DBD0315FB02DB41140731
            Malicious:false
            Reputation:unknown
            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Windows\Temp\~DFD2A995F12E23310E.TMP

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:data
            Category:dropped
            Size (bytes):69632
            Entropy (8bit):0.14944156727739877
            Encrypted:false
            SSDEEP:
            MD5:A0E6A08935DCF5F2ADEC4F7168E48D68
            SHA1:FE2E19D537870AE6AF59C70978F475751DBC80D9
            SHA-256:EF366E484CF1BEC6B5772C6C96E3D2EF7962BB523BF40F462F26950FECA9A208
            SHA-512:205830E911F6F5F0563E8A4A5F7DE13E086396FF58A909624ED0654A0C06B6DF8EDE26BB1977B9850E65D1F5D7C7D57C7A033D05688981628AAC3282D70E1E6B
            Malicious:false
            Reputation:unknown
            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Windows\Temp\~DFD85DCF42FA2B3C60.TMP

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:Composite Document File V2 Document, Cannot read section info
            Category:dropped
            Size (bytes):20480
            Entropy (8bit):1.5418410850684272
            Encrypted:false
            SSDEEP:
            MD5:A8382CEC18672954E8415B3EFC7740EA
            SHA1:7FA9D4CB398B1D791997394B34B30DA86558B566
            SHA-256:6764EEB2E10826F993449DEB5DDBB7460168C2B131C5BEE1C3F18F6645C89B7E
            SHA-512:6B234C507A290C0ADA49E263295657A7E7D604707387508078BA110476D22EDECB792BA94FF2C919366C63E4E81F675A018C8951DB7591E9C2525CD5257AF13F
            Malicious:false
            Reputation:unknown
            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Windows\Temp\~DFE5610B362F5DC90E.TMP

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:data
            Category:dropped
            Size (bytes):69632
            Entropy (8bit):0.14568537072753568
            Encrypted:false
            SSDEEP:
            MD5:C38B55D7EFD09B83580D76B923504108
            SHA1:6DB99AA43B176A14A9E8FDD8CE113500A0A7A105
            SHA-256:E8F71E2BD482558539484EFB427F374C4CE97920854384C60FC2BAAAF9E30D0F
            SHA-512:A11EFE9B8E9BB346851DA2AE7C4500745B983A176CE367EF08A88DF07B139BF54BCEBD11DAAF0539819F0EEB42A9CB010655AC036D34DF3BFA3583D1150DF13B
            Malicious:false
            Reputation:unknown
            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Windows\Temp\~DFF5AEA9DA03D41B03.TMP

            Download File
            Process:C:\Windows\System32\msiexec.exe
            File Type:data
            Category:dropped
            Size (bytes):32768
            Entropy (8bit):0.07937653477243305
            Encrypted:false
            SSDEEP:
            MD5:6439878FA337DD7B769919FF5C35359F
            SHA1:8620735C219A9D25C02E9E6E9A9391A23603C1E8
            SHA-256:763703258878870A0265B0870A7B877F8496E2A800139B82572AFD15D8449FFA
            SHA-512:4A51F4D7DC1E4932A9A6A5E3BF6B611BC515DAC3FFAFBA3C8E40E0C9F1D9A108A028BA02DDC32EE60F0B424482904E7594BA049EE58FD4CB59A85EB268DB6FAD
            Malicious:false
            Reputation:unknown
            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            Static File Info

            General

            File type:PE32 executable (GUI) Intel 80386, for MS Windows
            Entropy (8bit):7.999462452894318
            TrID:
            • Win32 Executable (generic) a (10002005/4) 99.96%
            • Generic Win/DOS Executable (2004/3) 0.02%
            • DOS Executable Generic (2002/1) 0.02%
            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
            File name:mierda.exe
            File size:58'495'680 bytes
            MD5:fba1071515dcdf3c4d27d1eb0a7b4769
            SHA1:de8b686327fe59314011c23133ed234f255403f5
            SHA256:7a418127fb8510cfefc6b9db220168b851ef2748f8252829997b3c61510c830a
            SHA512:fd6f0ac18e77f92b78c41aa2f3e19b9d1de6e63a0e4a517c897e68dafa5131f734d39f0b1dc9ea09a3b0949805d72ef6f82efb1f6a689ab055048705f43cff7b
            SSDEEP:1572864:9YOEyy8B1R+IHfnRSrk0Z6p+Wp2/d7Tp4yIy2To:aOEyy84IHAOQQ2/JTD6
            TLSH:CCD73372B1715267F3BA51B3DD50A21436A8F23C6600899DE3DCEC3D5E270D727BAA60
            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........[........................L...........................................................h.......h.Q.......9.....h.......Rich...

            File Icon

            Icon Hash:2d2e3797b32b2b99

            Static PE Info

            General

            Entrypoint:0x43054b
            Entrypoint Section:.text
            Digitally signed:true
            Imagebase:0x400000
            Subsystem:windows gui
            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE, REMOVABLE_RUN_FROM_SWAP, NET_RUN_FROM_SWAP
            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
            Time Stamp:0x66F1E680 [Mon Sep 23 22:06:56 2024 UTC]
            TLS Callbacks:
            CLR (.Net) Version:
            OS Version Major:6
            OS Version Minor:0
            File Version Major:6
            File Version Minor:0
            Subsystem Version Major:6
            Subsystem Version Minor:0
            Import Hash:15c8c157ab5b8b7133c4a38e5957e81c

            Authenticode Signature

            Signature Valid:true
            Signature Issuer:CN=Microsoft Code Signing PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
            Signature Validation Error:The operation completed successfully
            Error Number:0
            Not Before, Not After
            • 22/02/2024 21:25:52 19/02/2025 21:25:52
            Subject Chain
            • CN=.NET, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
            Version:3
            Thumbprint MD5:430565BEA94CD2EBC1BA24A3A2D7FC84
            Thumbprint SHA-1:724C8D7BBEB78F2618147BF7BA8060AC308B7468
            Thumbprint SHA-256:A7F501CB1578B030063B4490C3DAD52AFA6820FCB0CA047961B459E7DC43BDDF
            Serial:33000003D2DA19165D6DC749AF0000000003D2
            Instruction
            call 00007F811CF1F926h
            jmp 00007F811CF1F20Fh
            int3
            int3
            int3
            int3
            int3
            int3
            int3
            int3
            int3
            int3
            int3
            mov eax, dword ptr [esp+08h]
            mov ecx, dword ptr [esp+10h]
            or ecx, eax
            mov ecx, dword ptr [esp+0Ch]
            jne 00007F811CF1F39Bh
            mov eax, dword ptr [esp+04h]
            mul ecx
            retn 0010h
            push ebx
            mul ecx
            mov ebx, eax
            mov eax, dword ptr [esp+08h]
            mul dword ptr [esp+14h]
            add ebx, eax
            mov eax, dword ptr [esp+08h]
            mul ecx
            add edx, ebx
            pop ebx
            retn 0010h
            int3
            int3
            int3
            int3
            int3
            int3
            int3
            int3
            int3
            int3
            int3
            int3
            cmp cl, 00000040h
            jnc 00007F811CF1F3A7h
            cmp cl, 00000020h
            jnc 00007F811CF1F398h
            shld edx, eax, cl
            shl eax, cl
            ret
            mov edx, eax
            xor eax, eax
            and cl, 0000001Fh
            shl edx, cl
            ret
            xor eax, eax
            xor edx, edx
            ret
            int3
            push ecx
            lea ecx, dword ptr [esp+04h]
            sub ecx, eax
            sbb eax, eax
            not eax
            and ecx, eax
            mov eax, esp
            and eax, FFFFF000h
            cmp ecx, eax
            jc 00007F811CF1F39Eh
            mov eax, ecx
            pop ecx
            xchg eax, esp
            mov eax, dword ptr [eax]
            mov dword ptr [esp], eax
            ret
            sub eax, 00001000h
            test dword ptr [eax], eax
            jmp 00007F811CF1F379h
            int3
            int3
            int3
            cmp cl, 00000040h
            jnc 00007F811CF1F3A7h
            cmp cl, 00000020h
            jnc 00007F811CF1F398h
            shrd eax, edx, cl
            shr edx, cl
            ret
            mov eax, edx
            xor edx, edx
            and cl, 0000001Fh
            shr eax, cl
            ret
            xor eax, eax
            xor edx, edx
            ret
            push ebp
            mov ebp, esp
            NameVirtual AddressVirtual Size Is in Section
            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_IMPORT0x68d440xb4.rdata
            IMAGE_DIRECTORY_ENTRY_RESOURCE0x6e0000x3b3c.rsrc
            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
            IMAGE_DIRECTORY_ENTRY_SECURITY0x37c69380x2988
            IMAGE_DIRECTORY_ENTRY_BASERELOC0x720000x3dec.reloc
            IMAGE_DIRECTORY_ENTRY_DEBUG0x67c900x54.rdata
            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
            IMAGE_DIRECTORY_ENTRY_TLS0x67ce40x18.rdata
            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x616d80x40.rdata
            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_IAT0x4b0000x3d0.rdata
            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x688c40x100.rdata
            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

            Sections

            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
            .text0x10000x49fd30x4a000bb47277f1937986a08f1166869ae6891False0.5405570365287162data6.571283684099415IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            .rdata0x4b0000x1f37c0x1f400178fbc2ec400c7613bf63111a999e057False0.301046875data5.077493236089487IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
            .data0x6b0000x181c0xc0059e43e6fcd8d2214332b5e578549f172False0.23372395833333334firmware 2005 v9319 (revision 0) \261\031\277DN\346@\273 V2, 0 bytes or less, at 0 0 bytes , at 0 0 bytes 2.8509991018798697IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
            .wixburn0x6d0000x380x20000c5c931e90e566e84a059c8dde34d6dFalse0.130859375data0.7553431641059085IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
            .rsrc0x6e0000x3b3c0x3c0057bd2fdd5a1be67435c61cff9cd74f8fFalse0.3345703125data5.49323831477733IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
            .reloc0x720000x3dec0x3e001f930e56b9699bd5e218b4e3d202f8e3False0.8092237903225806data6.787105083720788IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
            NameRVASizeTypeLanguageCountryZLIB Complexity
            RT_ICON0x6e1780x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States0.43185920577617326
            RT_MESSAGETABLE0x6ea200x2840dataEnglishUnited States0.28823757763975155
            RT_GROUP_ICON0x712600x14dataEnglishUnited States1.15
            RT_VERSION0x712740x3f4dataEnglishUnited States0.41304347826086957
            RT_MANIFEST0x716680x4d2XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (1174), with CRLF line terminatorsEnglishUnited States0.47568881685575365
            DLLImport
            ADVAPI32.dllRegCloseKey, RegOpenKeyExW, RegCreateKeyExW, RegDeleteKeyW, RegDeleteValueW, RegEnumKeyExW, RegEnumValueW, RegQueryInfoKeyW, RegQueryValueExW, RegSetValueExW, OpenProcessToken, AdjustTokenPrivileges, LookupPrivilegeValueW, InitiateSystemShutdownExW, GetUserNameW, CloseEventLog, OpenEventLogW, ReportEventW, ConvertStringSecurityDescriptorToSecurityDescriptorW, CreateWellKnownSid, InitializeAcl, DecryptFileW, SetEntriesInAclW, ChangeServiceConfigW, CloseServiceHandle, ControlService, OpenSCManagerW, OpenServiceW, QueryServiceStatus, SetNamedSecurityInfoW, CheckTokenMembership, AllocateAndInitializeSid, SetEntriesInAclA, SetSecurityDescriptorOwner, SetSecurityDescriptorGroup, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, GetTokenInformation, CryptDestroyHash, CryptHashData, CryptCreateHash, CryptGetHashParam, CryptReleaseContext, CryptAcquireContextW, QueryServiceConfigW
            USER32.dllPeekMessageW, PostMessageW, IsWindow, WaitForInputIdle, PostQuitMessage, GetMessageW, TranslateMessage, MsgWaitForMultipleObjects, PostThreadMessageW, GetMonitorInfoW, MonitorFromPoint, IsDialogMessageW, LoadCursorW, LoadBitmapW, SetWindowLongW, GetWindowLongW, GetCursorPos, MessageBoxW, CreateWindowExW, UnregisterClassW, RegisterClassW, DefWindowProcW, DispatchMessageW
            OLEAUT32.dllVariantInit, SysAllocString, VariantClear, SysFreeString
            GDI32.dllDeleteDC, DeleteObject, SelectObject, StretchBlt, GetObjectW, CreateCompatibleDC
            SHELL32.dllCommandLineToArgvW, SHGetFolderPathW, ShellExecuteExW
            ole32.dllCoUninitialize, CoInitializeEx, CoInitialize, StringFromGUID2, CoCreateInstance, CoTaskMemFree, CoInitializeSecurity, CLSIDFromProgID
            KERNEL32.dllGetFileType, GetStdHandle, InitializeCriticalSectionAndSpinCount, SetLastError, RtlUnwind, CreateFileW, CloseHandle, ExitProcess, CreateFileA, SetFilePointer, WriteFile, GetLastError, GetCurrentProcessId, GetSystemDirectoryW, LoadLibraryW, lstrlenA, HeapSetInformation, GetModuleHandleW, GetProcAddress, LocalFree, SetCurrentDirectoryW, GetCurrentDirectoryW, CreateDirectoryW, DeleteFileW, FindClose, FindFirstFileW, FindNextFileW, GetFileAttributesW, GetTempFileNameW, RemoveDirectoryW, SetFileAttributesW, GetTempPathW, MoveFileExW, FormatMessageW, lstrlenW, MultiByteToWideChar, IsValidCodePage, LCMapStringW, ExpandEnvironmentStringsW, GetFileSizeEx, GetFullPathNameW, ReadFile, SetFilePointerEx, SetFileTime, Sleep, GlobalAlloc, GlobalFree, CopyFileW, GetLocalTime, GetModuleFileNameW, CompareStringW, HeapAlloc, HeapReAlloc, HeapFree, HeapSize, GetProcessHeap, FreeLibrary, InitializeCriticalSection, DeleteCriticalSection, ReleaseMutex, GetCurrentProcess, FindFirstFileExW, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, CreateProcessW, GetVersionExW, VerSetConditionMask, GetVolumePathNameW, EnterCriticalSection, LeaveCriticalSection, GetSystemTime, GetWindowsDirectoryW, GetNativeSystemInfo, GetSystemWow64DirectoryW, GetModuleHandleExW, GetComputerNameW, VerifyVersionInfoW, GetDateFormatW, GetUserDefaultUILanguage, GetUserDefaultLangID, GetSystemDefaultLangID, GetStringTypeW, DuplicateHandle, LoadLibraryExW, CreateEventW, ProcessIdToSessionId, ConnectNamedPipe, SetNamedPipeHandleState, CreateNamedPipeW, WaitForSingleObject, GetProcessId, OpenProcess, CreateThread, GetExitCodeThread, SetEvent, WaitForMultipleObjects, LocalFileTimeToFileTime, SetEndOfFile, ResetEvent, DosDateTimeToFileTime, CompareStringA, GetExitCodeProcess, SetThreadExecutionState, CopyFileExW, CreateMutexW, CreateFileMappingW, MapViewOfFile, UnmapViewOfFile, GetThreadLocale, GetStartupInfoW, IsDebuggerPresent, GetACP, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetStdHandle, FlushFileBuffers, GetConsoleCP, GetConsoleMode, DecodePointer, WriteConsoleW, GetModuleHandleA, VirtualAlloc, VirtualFree, SystemTimeToTzSpecificLocalTime, SystemTimeToFileTime, GetCurrentThreadId, WideCharToMultiByte, InitializeSListHead, GetSystemTimeAsFileTime, QueryPerformanceCounter, IsProcessorFeaturePresent, TerminateProcess, SetUnhandledExceptionFilter, UnhandledExceptionFilter, LoadLibraryExA, VirtualQuery, VirtualProtect, GetSystemInfo, RaiseException, GetTimeZoneInformation
            RPCRT4.dllUuidCreate

            Possible Origin

            Language of compilation systemCountry where language is spokenMap
            EnglishUnited States