Analysis
-
max time kernel
188s -
max time network
186s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
20-05-2022 13:36
Static task
static1
Behavioral task
behavioral1
Sample
kaspersky4win202121.6.7.351en_33704.exe
Resource
win10v2004-20220414-en
General
-
Target
kaspersky4win202121.6.7.351en_33704.exe
-
Size
3.6MB
-
MD5
d22579c4d6f351c59ad338e69bda18ba
-
SHA1
7f2c6cfdbb9b536d9bced67db491c293c153b470
-
SHA256
448a4c6974bdd870938875f1123295230cbeff6540dbb4f2c4836778e2118773
-
SHA512
c5b34d6efef8278cc71d39f5730c412a0d9b07c9d2790eaada6b5a37022aabd460362fb531680e2ec8383693fe5ee7b669138e9d25043fde92b2c6e5ea17b1f7
Malware Config
Signatures
-
Blocklisted process makes network request 1 IoCs
Processes:
msiexec.exeflow pid process 59 4008 msiexec.exe -
Downloads MZ/PE file
-
Drops file in Drivers directory 6 IoCs
Processes:
MsiExec.exedescription ioc process File opened for modification C:\Windows\system32\DRIVERS\SET9D25.tmp MsiExec.exe File created C:\Windows\system32\DRIVERS\SET9D25.tmp MsiExec.exe File opened for modification C:\Windows\system32\DRIVERS\klif.sys MsiExec.exe File opened for modification C:\Windows\system32\DRIVERS\SET9D36.tmp MsiExec.exe File created C:\Windows\system32\DRIVERS\SET9D36.tmp MsiExec.exe File opened for modification C:\Windows\system32\DRIVERS\klflt.sys MsiExec.exe -
Executes dropped EXE 3 IoCs
Processes:
netcoreinstaller_x86.exenetcoreinstaller_x86.exewindowsdesktop-runtime-5.0.10-win-x86.exepid process 1356 netcoreinstaller_x86.exe 2312 netcoreinstaller_x86.exe 3048 windowsdesktop-runtime-5.0.10-win-x86.exe -
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
netcoreinstaller_x86.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Control Panel\International\Geo\Nation netcoreinstaller_x86.exe -
Loads dropped DLL 62 IoCs
Processes:
kaspersky4win202121.6.7.351en_33704.exenetcoreinstaller_x86.exeMsiExec.exeMsiExec.exeMsiExec.exeMsiExec.exeMsiExec.exeMsiExec.exeMsiExec.exerundll32.exepid process 3240 kaspersky4win202121.6.7.351en_33704.exe 3240 kaspersky4win202121.6.7.351en_33704.exe 3240 kaspersky4win202121.6.7.351en_33704.exe 3240 kaspersky4win202121.6.7.351en_33704.exe 3240 kaspersky4win202121.6.7.351en_33704.exe 3240 kaspersky4win202121.6.7.351en_33704.exe 3240 kaspersky4win202121.6.7.351en_33704.exe 3240 kaspersky4win202121.6.7.351en_33704.exe 3240 kaspersky4win202121.6.7.351en_33704.exe 3240 kaspersky4win202121.6.7.351en_33704.exe 3240 kaspersky4win202121.6.7.351en_33704.exe 3240 kaspersky4win202121.6.7.351en_33704.exe 3240 kaspersky4win202121.6.7.351en_33704.exe 3240 kaspersky4win202121.6.7.351en_33704.exe 3240 kaspersky4win202121.6.7.351en_33704.exe 3240 kaspersky4win202121.6.7.351en_33704.exe 3240 kaspersky4win202121.6.7.351en_33704.exe 3240 kaspersky4win202121.6.7.351en_33704.exe 3240 kaspersky4win202121.6.7.351en_33704.exe 3240 kaspersky4win202121.6.7.351en_33704.exe 3240 kaspersky4win202121.6.7.351en_33704.exe 3240 kaspersky4win202121.6.7.351en_33704.exe 3240 kaspersky4win202121.6.7.351en_33704.exe 3240 kaspersky4win202121.6.7.351en_33704.exe 3240 kaspersky4win202121.6.7.351en_33704.exe 3240 kaspersky4win202121.6.7.351en_33704.exe 3240 kaspersky4win202121.6.7.351en_33704.exe 3240 kaspersky4win202121.6.7.351en_33704.exe 3240 kaspersky4win202121.6.7.351en_33704.exe 3240 kaspersky4win202121.6.7.351en_33704.exe 3240 kaspersky4win202121.6.7.351en_33704.exe 3240 kaspersky4win202121.6.7.351en_33704.exe 2312 netcoreinstaller_x86.exe 2208 MsiExec.exe 3440 MsiExec.exe 5060 MsiExec.exe 2200 MsiExec.exe 3240 kaspersky4win202121.6.7.351en_33704.exe 828 MsiExec.exe 828 MsiExec.exe 828 MsiExec.exe 828 MsiExec.exe 828 MsiExec.exe 828 MsiExec.exe 828 MsiExec.exe 828 MsiExec.exe 828 MsiExec.exe 828 MsiExec.exe 828 MsiExec.exe 828 MsiExec.exe 828 MsiExec.exe 828 MsiExec.exe 828 MsiExec.exe 828 MsiExec.exe 828 MsiExec.exe 828 MsiExec.exe 828 MsiExec.exe 1156 MsiExec.exe 1156 MsiExec.exe 2308 MsiExec.exe 2308 MsiExec.exe 2264 rundll32.exe -
Adds Run key to start application 2 TTPs 2 IoCs
Processes:
windowsdesktop-runtime-5.0.10-win-x86.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce windowsdesktop-runtime-5.0.10-win-x86.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{ba8ab6bd-ad21-447e-b617-feee84353247} = "\"C:\\ProgramData\\Package Cache\\{ba8ab6bd-ad21-447e-b617-feee84353247}\\windowsdesktop-runtime-5.0.10-win-x86.exe\" /burn.runonce" windowsdesktop-runtime-5.0.10-win-x86.exe -
Checks for any installed AV software in registry 1 TTPs 1 IoCs
Processes:
kaspersky4win202121.6.7.351en_33704.exedescription ioc process Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast kaspersky4win202121.6.7.351en_33704.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Processes:
kaspersky4win202121.6.7.351en_33704.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA kaspersky4win202121.6.7.351en_33704.exe -
Enumerates connected drives 3 TTPs 24 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
Processes:
msiexec.exedescription ioc process File opened (read-only) \??\B: msiexec.exe File opened (read-only) \??\E: msiexec.exe File opened (read-only) \??\G: msiexec.exe File opened (read-only) \??\J: msiexec.exe File opened (read-only) \??\N: msiexec.exe File opened (read-only) \??\W: msiexec.exe File opened (read-only) \??\Z: msiexec.exe File opened (read-only) \??\F: msiexec.exe File opened (read-only) \??\K: msiexec.exe File opened (read-only) \??\M: msiexec.exe File opened (read-only) \??\O: msiexec.exe File opened (read-only) \??\S: msiexec.exe File opened (read-only) \??\V: msiexec.exe File opened (read-only) \??\Y: msiexec.exe File opened (read-only) \??\A: msiexec.exe File opened (read-only) \??\I: msiexec.exe File opened (read-only) \??\L: msiexec.exe File opened (read-only) \??\P: msiexec.exe File opened (read-only) \??\R: msiexec.exe File opened (read-only) \??\U: msiexec.exe File opened (read-only) \??\X: msiexec.exe File opened (read-only) \??\H: msiexec.exe File opened (read-only) \??\Q: msiexec.exe File opened (read-only) \??\T: msiexec.exe -
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
Processes:
kaspersky4win202121.6.7.351en_33704.exedescription ioc process File opened for modification \??\PhysicalDrive0 kaspersky4win202121.6.7.351en_33704.exe -
Drops file in Program Files directory 64 IoCs
Processes:
msiexec.exedescription ioc process File created C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\5.0.10\System.Xml.XPath.XDocument.dll msiexec.exe File created C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\5.0.10\System.Security.Cryptography.ProtectedData.dll msiexec.exe File created C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\5.0.10\zh-Hant\WindowsBase.resources.dll msiexec.exe File created C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\5.0.10\api-ms-win-core-memory-l1-1-0.dll msiexec.exe File created C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\5.0.10\System.Data.dll msiexec.exe File created C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\5.0.10\api-ms-win-crt-multibyte-l1-1-0.dll msiexec.exe File created C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\5.0.10\PresentationCore.dll msiexec.exe File created C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\5.0.10\pt-BR\UIAutomationClientSideProviders.resources.dll msiexec.exe File created C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\5.0.10\ru\UIAutomationClientSideProviders.resources.dll msiexec.exe File created C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\5.0.10\api-ms-win-core-processthreads-l1-1-1.dll msiexec.exe File created C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\5.0.10\de\WindowsFormsIntegration.resources.dll msiexec.exe File created C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\5.0.10\System.Design.dll msiexec.exe File created C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\5.0.10\ja\Microsoft.VisualBasic.Forms.resources.dll msiexec.exe File created C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\5.0.10\zh-Hant\System.Xaml.resources.dll msiexec.exe File created C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\5.0.10\zh-Hant\System.Windows.Controls.Ribbon.resources.dll msiexec.exe File created C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\5.0.10\System.Net.WebSockets.dll msiexec.exe File created C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\5.0.10\System.IO.FileSystem.dll msiexec.exe File created C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\5.0.10\System.IO.FileSystem.Watcher.dll msiexec.exe File created C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\5.0.10\api-ms-win-core-timezone-l1-1-0.dll msiexec.exe File created C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\5.0.10\de\PresentationCore.resources.dll msiexec.exe File created C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\5.0.10\fr\System.Windows.Forms.resources.dll msiexec.exe File created C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\5.0.10\System.CodeDom.dll msiexec.exe File created C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\5.0.10\System.Diagnostics.Tracing.dll msiexec.exe File created C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\5.0.10\System.IO.Compression.ZipFile.dll msiexec.exe File created C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\5.0.10\pl\System.Windows.Forms.resources.dll msiexec.exe File created C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\5.0.10\cs\System.Windows.Input.Manipulations.resources.dll msiexec.exe File created C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\5.0.10\de\PresentationFramework.resources.dll msiexec.exe File created C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\5.0.10\ucrtbase.dll msiexec.exe File created C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\5.0.10\tr\UIAutomationClient.resources.dll msiexec.exe File created C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\5.0.10\Microsoft.Win32.SystemEvents.dll msiexec.exe File created C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\5.0.10\pt-BR\Microsoft.VisualBasic.Forms.resources.dll msiexec.exe File created C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\5.0.10\System.Security.AccessControl.dll msiexec.exe File created C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\5.0.10\it\ReachFramework.resources.dll msiexec.exe File created C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\5.0.10\pl\System.Xaml.resources.dll msiexec.exe File created C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\5.0.10\System.Collections.Immutable.dll msiexec.exe File created C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\5.0.10\zh-Hans\System.Xaml.resources.dll msiexec.exe File created C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\5.0.10\wpfgfx_cor3.dll msiexec.exe File created C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\5.0.10\System.Reflection.Emit.Lightweight.dll msiexec.exe File created C:\Program Files (x86)\dotnet\host\fxr\5.0.10\hostfxr.dll msiexec.exe File created C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\5.0.10\ru\Microsoft.VisualBasic.Forms.resources.dll msiexec.exe File created C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\5.0.10\System.Diagnostics.EventLog.Messages.dll msiexec.exe File created C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\5.0.10\ja\System.Xaml.resources.dll msiexec.exe File created C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\5.0.10\tr\UIAutomationProvider.resources.dll msiexec.exe File created C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\5.0.10\System.Linq.dll msiexec.exe File created C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\5.0.10\System.Runtime.Serialization.Json.dll msiexec.exe File created C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\5.0.10\System.Xml.XmlSerializer.dll msiexec.exe File created C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\5.0.10\ja\UIAutomationTypes.resources.dll msiexec.exe File created C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\5.0.10\de\UIAutomationProvider.resources.dll msiexec.exe File created C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\5.0.10\it\UIAutomationClient.resources.dll msiexec.exe File created C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\5.0.10\System.ComponentModel.DataAnnotations.dll msiexec.exe File created C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\5.0.10\ko\PresentationFramework.resources.dll msiexec.exe File created C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\5.0.10\PresentationFramework.Royale.dll msiexec.exe File created C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\5.0.10\api-ms-win-crt-process-l1-1-0.dll msiexec.exe File created C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\5.0.10\api-ms-win-core-datetime-l1-1-0.dll msiexec.exe File created C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\5.0.10\fr\UIAutomationProvider.resources.dll msiexec.exe File created C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\5.0.10\zh-Hans\Microsoft.VisualBasic.Forms.resources.dll msiexec.exe File created C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\5.0.10\it\Microsoft.VisualBasic.Forms.resources.dll msiexec.exe File created C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\5.0.10\it\PresentationFramework.resources.dll msiexec.exe File created C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\5.0.10\api-ms-win-core-string-l1-1-0.dll msiexec.exe File created C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\5.0.10\mscorrc.dll msiexec.exe File created C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\5.0.10\System.Net.NameResolution.dll msiexec.exe File created C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\5.0.10\ko\WindowsBase.resources.dll msiexec.exe File created C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\5.0.10\System.Numerics.Vectors.dll msiexec.exe File created C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\5.0.10\System.Security.Cryptography.Primitives.dll msiexec.exe -
Drops file in Windows directory 54 IoCs
Processes:
msiexec.exekaspersky4win202121.6.7.351en_33704.exeMsiExec.exedescription ioc process File opened for modification C:\Windows\Installer\MSI6DA6.tmp msiexec.exe File created C:\Windows\Installer\inprogressinstallinfo.ipi msiexec.exe File created C:\Windows\Installer\SourceHash{EEC610D2-6934-4567-A658-092A1429A21A} msiexec.exe File created C:\Windows\Installer\SourceHash{17675144-2D5B-4BA3-AF21-A65F7D824149} msiexec.exe File created C:\Windows\Installer\e581762.msi msiexec.exe File opened for modification C:\Windows\Installer\MSI3B34.tmp msiexec.exe File created C:\Windows\Installer\e58176b.msi msiexec.exe File opened for modification C:\Windows\Installer\MSI6218.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSI7D2A.tmp msiexec.exe File created C:\Windows\Installer\SourceHash{6B8073CD-C1A2-522D-9F21-48D28742584A} msiexec.exe File created C:\Windows\Installer\e58175e.msi msiexec.exe File opened for modification C:\Windows\Installer\MSI47A9.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSI569E.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSI804A.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSI8D2D.tmp msiexec.exe File opened for modification C:\Windows\Installer\e58175f.msi msiexec.exe File created C:\Windows\Installer\e581767.msi msiexec.exe File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log msiexec.exe File opened for modification C:\Windows\Installer\MSI7FCC.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSI879E.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSI901D.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSI6DE6.tmp msiexec.exe File created C:\Windows\Installer\SourceHash{29F55E7D-9FB8-4F1D-A233-1F5995CB0FF5} msiexec.exe File opened for modification C:\Windows\installer kaspersky4win202121.6.7.351en_33704.exe File opened for modification C:\Windows\Installer\MSI62C5.tmp msiexec.exe File created C:\Windows\Inf\oem1.PNF MsiExec.exe File opened for modification C:\Windows\Installer\e58175b.msi msiexec.exe File opened for modification C:\Windows\Installer\e581767.msi msiexec.exe File opened for modification C:\Windows\Installer\MSI8E95.tmp msiexec.exe File opened for modification C:\Windows\INF\setupapi.dev.log MsiExec.exe File opened for modification C:\Windows\Installer\MSI7C8D.tmp msiexec.exe File created C:\Windows\Inf\oem0.PNF MsiExec.exe File opened for modification C:\Windows\Installer\MSI7F00.tmp msiexec.exe File opened for modification C:\Windows\Installer\ msiexec.exe File opened for modification C:\Windows\Installer\MSI9A8F.tmp msiexec.exe File created C:\Windows\Installer\e58176a.msi msiexec.exe File opened for modification C:\Windows\Installer\e58176b.msi msiexec.exe File opened for modification C:\Windows\security\logs\scecomp.log MsiExec.exe File created C:\Windows\Installer\e58175b.msi msiexec.exe File opened for modification C:\Windows\Installer\MSI2B61.tmp msiexec.exe File created C:\Windows\Installer\e581763.msi msiexec.exe File created C:\Windows\Installer\SourceHash{DCE5198A-7449-4F9F-A630-C8363759D0FB} msiexec.exe File opened for modification C:\Windows\Installer\MSI6DD5.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSI3FC9.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSI220A.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSI3332.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSI38D2.tmp msiexec.exe File created C:\Windows\Installer\e581766.msi msiexec.exe File opened for modification C:\Windows\Installer\MSI6538.tmp msiexec.exe File created C:\Windows\Installer\e58175f.msi msiexec.exe File opened for modification C:\Windows\Installer\MSI34D9.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSI6518.tmp msiexec.exe File opened for modification C:\Windows\Installer\e581763.msi msiexec.exe File opened for modification C:\Windows\Installer\MSI903D.tmp msiexec.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1756 4768 WerFault.exe -
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
Processes:
taskmgr.exedescription ioc process Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A taskmgr.exe -
Modifies data under HKEY_USERS 11 IoCs
Processes:
msiexec.exedescription ioc process Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1f msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\21 msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\22 msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\1E\52C64B7E msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\1F msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\20 msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\20 msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\21 msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22 msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\23 msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e msiexec.exe -
Modifies registry class 64 IoCs
Processes:
msiexec.exewindowsdesktop-runtime-5.0.10-win-x86.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_HostFxr_40.40.30412_x86\DisplayName = "Microsoft .NET Host FX Resolver - 5.0.10 (x86)" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\2D016CEE439676546A8590A241922AA1\MainFeature msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\44157671B5D23AB4FA126AF5D7281494 msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\09A36D9EF01591778593A5FD7ABFEE98\2D016CEE439676546A8590A241922AA1 msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\dotnet_runtime_40.40.30412_x86\DisplayName = "Microsoft .NET Runtime - 5.0.10 (x86)" msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\44157671B5D23AB4FA126AF5D7281494\Assignment = "1" msiexec.exe Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Dotnet_CLI_HostFxr_40.40.30412_x86 msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_SharedHost_40.40.30412_x86\ = "{EEC610D2-6934-4567-A658-092A1429A21A}" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\2D016CEE439676546A8590A241922AA1\ProductName = "Microsoft .NET Host - 5.0.10 (x86)" msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D7E55F928BF9D1F42A33F19559BCF05F\Language = "1033" msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D7E55F928BF9D1F42A33F19559BCF05F\AuthorizedLUAApp = "0" msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\2D016CEE439676546A8590A241922AA1 msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A8915ECD9447F9F46A038C6373950DBF\Version = "673740498" msiexec.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\44157671B5D23AB4FA126AF5D7281494\Clients = 3a0000000000 msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D7E55F928BF9D1F42A33F19559BCF05F\ProductName = "Microsoft .NET Host FX Resolver - 5.0.10 (x86)" msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\2D016CEE439676546A8590A241922AA1\Assignment = "1" msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\2D016CEE439676546A8590A241922AA1\AdvertiseFlags = "388" msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A8915ECD9447F9F46A038C6373950DBF\InstanceType = "0" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{ba8ab6bd-ad21-447e-b617-feee84353247}\DisplayName = "Microsoft Windows Desktop Runtime - 5.0.10 (x86)" windowsdesktop-runtime-5.0.10-win-x86.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\44157671B5D23AB4FA126AF5D7281494\SourceList msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_SharedHost_40.40.30412_x86\Version = "40.40.30412" msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\2D016CEE439676546A8590A241922AA1\DeploymentFlags = "3" msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A8915ECD9447F9F46A038C6373950DBF msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\44157671B5D23AB4FA126AF5D7281494\Version = "673740492" msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\44157671B5D23AB4FA126AF5D7281494\DeploymentFlags = "3" msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D7E55F928BF9D1F42A33F19559BCF05F msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\09A36D9EF01591778593A5FD7ABFEE98 msiexec.exe Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\windowsdesktop_runtime_40.40.30418_x86 windowsdesktop-runtime-5.0.10-win-x86.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\44157671B5D23AB4FA126AF5D7281494\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{17675144-2D5B-4BA3-AF21-A65F7D824149}v40.40.30412\\" msiexec.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D7E55F928BF9D1F42A33F19559BCF05F\Clients = 3a0000000000 msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A8915ECD9447F9F46A038C6373950DBF\SourceList\PackageName = "windowsdesktop-runtime-5.0.10-win-x86.msi" msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\D7E55F928BF9D1F42A33F19559BCF05F msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D7E55F928BF9D1F42A33F19559BCF05F\SourceList\Media\1 = ";" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A8915ECD9447F9F46A038C6373950DBF\ProductName = "Microsoft Windows Desktop Runtime - 5.0.10 (x86)" msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\AA1644174A05EB3706BEB692B2C005BB msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\2D016CEE439676546A8590A241922AA1\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{EEC610D2-6934-4567-A658-092A1429A21A}v40.40.30412\\" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A8915ECD9447F9F46A038C6373950DBF\PackageCode = "9913F1AAD116C7946963E7D2EC909F63" msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\windowsdesktop_runtime_40.40.30418_x86\Dependents\{ba8ab6bd-ad21-447e-b617-feee84353247} windowsdesktop-runtime-5.0.10-win-x86.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{ba8ab6bd-ad21-447e-b617-feee84353247}\Version = "5.0.10.30418" windowsdesktop-runtime-5.0.10-win-x86.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D7E55F928BF9D1F42A33F19559BCF05F\SourceList\Media msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\2D016CEE439676546A8590A241922AA1 msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\2D016CEE439676546A8590A241922AA1\InstanceType = "0" msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\2D016CEE439676546A8590A241922AA1\SourceList msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{ba8ab6bd-ad21-447e-b617-feee84353247}\Dependents\{ba8ab6bd-ad21-447e-b617-feee84353247} windowsdesktop-runtime-5.0.10-win-x86.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_SharedHost_40.40.30412_x86\DisplayName = "Microsoft .NET Host - 5.0.10 (x86)" msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\A8915ECD9447F9F46A038C6373950DBF msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A8915ECD9447F9F46A038C6373950DBF\Language = "1033" msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\2D016CEE439676546A8590A241922AA1\Version = "673740492" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\2D016CEE439676546A8590A241922AA1\SourceList\PackageName = "dotnet-host-5.0.10-win-x86.msi" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A8915ECD9447F9F46A038C6373950DBF\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{DCE5198A-7449-4F9F-A630-C8363759D0FB}v40.40.30418\\" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\44157671B5D23AB4FA126AF5D7281494\SourceList\Media\1 = ";" msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_SharedHost_40.40.30412_x86\Dependents\{ba8ab6bd-ad21-447e-b617-feee84353247} windowsdesktop-runtime-5.0.10-win-x86.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A8915ECD9447F9F46A038C6373950DBF\AdvertiseFlags = "388" msiexec.exe Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\{ba8ab6bd-ad21-447e-b617-feee84353247} windowsdesktop-runtime-5.0.10-win-x86.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\44157671B5D23AB4FA126AF5D7281494 msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\2D016CEE439676546A8590A241922AA1\Language = "1033" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\AA1644174A05EB3706BEB692B2C005BB\A8915ECD9447F9F46A038C6373950DBF msiexec.exe Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\dotnet_runtime_40.40.30412_x86 msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\44157671B5D23AB4FA126AF5D7281494\PackageCode = "49E073FD48B58FB43BA918334E0BF8FE" msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\dotnet_runtime_40.40.30412_x86\Dependents windowsdesktop-runtime-5.0.10-win-x86.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D7E55F928BF9D1F42A33F19559BCF05F\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{29F55E7D-9FB8-4F1D-A233-1F5995CB0FF5}v40.40.30412\\" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\2D016CEE439676546A8590A241922AA1\SourceList\Media\1 = ";" msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D7E55F928BF9D1F42A33F19559BCF05F\Assignment = "1" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\A8915ECD9447F9F46A038C6373950DBF\Provider msiexec.exe -
Processes:
kaspersky4win202121.6.7.351en_33704.exedescription ioc process Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e kaspersky4win202121.6.7.351en_33704.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e75490f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e4190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e kaspersky4win202121.6.7.351en_33704.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c000000010000000400000000100000190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e199604000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e kaspersky4win202121.6.7.351en_33704.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 kaspersky4win202121.6.7.351en_33704.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 kaspersky4win202121.6.7.351en_33704.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 kaspersky4win202121.6.7.351en_33704.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 kaspersky4win202121.6.7.351en_33704.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 kaspersky4win202121.6.7.351en_33704.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 5c000000010000000400000000080000190000000100000010000000749966cecc95c1874194ca7203f9b6200f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d4304000000010000001000000087ce0b7b2a0e4900e158719b37a893722000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 kaspersky4win202121.6.7.351en_33704.exe -
Suspicious behavior: EnumeratesProcesses 27 IoCs
Processes:
taskmgr.exekaspersky4win202121.6.7.351en_33704.exemsiexec.exeMsiExec.exepid process 5112 taskmgr.exe 5112 taskmgr.exe 5112 taskmgr.exe 5112 taskmgr.exe 5112 taskmgr.exe 5112 taskmgr.exe 5112 taskmgr.exe 5112 taskmgr.exe 5112 taskmgr.exe 3240 kaspersky4win202121.6.7.351en_33704.exe 3240 kaspersky4win202121.6.7.351en_33704.exe 4008 msiexec.exe 4008 msiexec.exe 4008 msiexec.exe 4008 msiexec.exe 4008 msiexec.exe 4008 msiexec.exe 4008 msiexec.exe 4008 msiexec.exe 1156 MsiExec.exe 1156 MsiExec.exe 1156 MsiExec.exe 1156 MsiExec.exe 4008 msiexec.exe 4008 msiexec.exe 1156 MsiExec.exe 1156 MsiExec.exe -
Suspicious behavior: LoadsDriver 1 IoCs
Processes:
pid process 668 -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
taskmgr.exewindowsdesktop-runtime-5.0.10-win-x86.exemsiexec.exedescription pid process Token: SeDebugPrivilege 5112 taskmgr.exe Token: SeSystemProfilePrivilege 5112 taskmgr.exe Token: SeCreateGlobalPrivilege 5112 taskmgr.exe Token: 33 5112 taskmgr.exe Token: SeIncBasePriorityPrivilege 5112 taskmgr.exe Token: SeShutdownPrivilege 3048 windowsdesktop-runtime-5.0.10-win-x86.exe Token: SeIncreaseQuotaPrivilege 3048 windowsdesktop-runtime-5.0.10-win-x86.exe Token: SeSecurityPrivilege 4008 msiexec.exe Token: SeCreateTokenPrivilege 3048 windowsdesktop-runtime-5.0.10-win-x86.exe Token: SeAssignPrimaryTokenPrivilege 3048 windowsdesktop-runtime-5.0.10-win-x86.exe Token: SeLockMemoryPrivilege 3048 windowsdesktop-runtime-5.0.10-win-x86.exe Token: SeIncreaseQuotaPrivilege 3048 windowsdesktop-runtime-5.0.10-win-x86.exe Token: SeMachineAccountPrivilege 3048 windowsdesktop-runtime-5.0.10-win-x86.exe Token: SeTcbPrivilege 3048 windowsdesktop-runtime-5.0.10-win-x86.exe Token: SeSecurityPrivilege 3048 windowsdesktop-runtime-5.0.10-win-x86.exe Token: SeTakeOwnershipPrivilege 3048 windowsdesktop-runtime-5.0.10-win-x86.exe Token: SeLoadDriverPrivilege 3048 windowsdesktop-runtime-5.0.10-win-x86.exe Token: SeSystemProfilePrivilege 3048 windowsdesktop-runtime-5.0.10-win-x86.exe Token: SeSystemtimePrivilege 3048 windowsdesktop-runtime-5.0.10-win-x86.exe Token: SeProfSingleProcessPrivilege 3048 windowsdesktop-runtime-5.0.10-win-x86.exe Token: SeIncBasePriorityPrivilege 3048 windowsdesktop-runtime-5.0.10-win-x86.exe Token: SeCreatePagefilePrivilege 3048 windowsdesktop-runtime-5.0.10-win-x86.exe Token: SeCreatePermanentPrivilege 3048 windowsdesktop-runtime-5.0.10-win-x86.exe Token: SeBackupPrivilege 3048 windowsdesktop-runtime-5.0.10-win-x86.exe Token: SeRestorePrivilege 3048 windowsdesktop-runtime-5.0.10-win-x86.exe Token: SeShutdownPrivilege 3048 windowsdesktop-runtime-5.0.10-win-x86.exe Token: SeDebugPrivilege 3048 windowsdesktop-runtime-5.0.10-win-x86.exe Token: SeAuditPrivilege 3048 windowsdesktop-runtime-5.0.10-win-x86.exe Token: SeSystemEnvironmentPrivilege 3048 windowsdesktop-runtime-5.0.10-win-x86.exe Token: SeChangeNotifyPrivilege 3048 windowsdesktop-runtime-5.0.10-win-x86.exe Token: SeRemoteShutdownPrivilege 3048 windowsdesktop-runtime-5.0.10-win-x86.exe Token: SeUndockPrivilege 3048 windowsdesktop-runtime-5.0.10-win-x86.exe Token: SeSyncAgentPrivilege 3048 windowsdesktop-runtime-5.0.10-win-x86.exe Token: SeEnableDelegationPrivilege 3048 windowsdesktop-runtime-5.0.10-win-x86.exe Token: SeManageVolumePrivilege 3048 windowsdesktop-runtime-5.0.10-win-x86.exe Token: SeImpersonatePrivilege 3048 windowsdesktop-runtime-5.0.10-win-x86.exe Token: SeCreateGlobalPrivilege 3048 windowsdesktop-runtime-5.0.10-win-x86.exe Token: SeRestorePrivilege 4008 msiexec.exe Token: SeTakeOwnershipPrivilege 4008 msiexec.exe Token: SeRestorePrivilege 4008 msiexec.exe Token: SeTakeOwnershipPrivilege 4008 msiexec.exe Token: SeRestorePrivilege 4008 msiexec.exe Token: SeTakeOwnershipPrivilege 4008 msiexec.exe Token: SeRestorePrivilege 4008 msiexec.exe Token: SeTakeOwnershipPrivilege 4008 msiexec.exe Token: SeRestorePrivilege 4008 msiexec.exe Token: SeTakeOwnershipPrivilege 4008 msiexec.exe Token: SeRestorePrivilege 4008 msiexec.exe Token: SeTakeOwnershipPrivilege 4008 msiexec.exe Token: SeRestorePrivilege 4008 msiexec.exe Token: SeTakeOwnershipPrivilege 4008 msiexec.exe Token: SeRestorePrivilege 4008 msiexec.exe Token: SeTakeOwnershipPrivilege 4008 msiexec.exe Token: SeRestorePrivilege 4008 msiexec.exe Token: SeTakeOwnershipPrivilege 4008 msiexec.exe Token: SeRestorePrivilege 4008 msiexec.exe Token: SeTakeOwnershipPrivilege 4008 msiexec.exe Token: SeRestorePrivilege 4008 msiexec.exe Token: SeTakeOwnershipPrivilege 4008 msiexec.exe Token: SeRestorePrivilege 4008 msiexec.exe Token: SeTakeOwnershipPrivilege 4008 msiexec.exe Token: SeRestorePrivilege 4008 msiexec.exe Token: SeTakeOwnershipPrivilege 4008 msiexec.exe Token: SeRestorePrivilege 4008 msiexec.exe -
Suspicious use of FindShellTrayWindow 34 IoCs
Processes:
taskmgr.exepid process 5112 taskmgr.exe 5112 taskmgr.exe 5112 taskmgr.exe 5112 taskmgr.exe 5112 taskmgr.exe 5112 taskmgr.exe 5112 taskmgr.exe 5112 taskmgr.exe 5112 taskmgr.exe 5112 taskmgr.exe 5112 taskmgr.exe 5112 taskmgr.exe 5112 taskmgr.exe 5112 taskmgr.exe 5112 taskmgr.exe 5112 taskmgr.exe 5112 taskmgr.exe 5112 taskmgr.exe 5112 taskmgr.exe 5112 taskmgr.exe 5112 taskmgr.exe 5112 taskmgr.exe 5112 taskmgr.exe 5112 taskmgr.exe 5112 taskmgr.exe 5112 taskmgr.exe 5112 taskmgr.exe 5112 taskmgr.exe 5112 taskmgr.exe 5112 taskmgr.exe 5112 taskmgr.exe 5112 taskmgr.exe 5112 taskmgr.exe 5112 taskmgr.exe -
Suspicious use of SendNotifyMessage 34 IoCs
Processes:
taskmgr.exepid process 5112 taskmgr.exe 5112 taskmgr.exe 5112 taskmgr.exe 5112 taskmgr.exe 5112 taskmgr.exe 5112 taskmgr.exe 5112 taskmgr.exe 5112 taskmgr.exe 5112 taskmgr.exe 5112 taskmgr.exe 5112 taskmgr.exe 5112 taskmgr.exe 5112 taskmgr.exe 5112 taskmgr.exe 5112 taskmgr.exe 5112 taskmgr.exe 5112 taskmgr.exe 5112 taskmgr.exe 5112 taskmgr.exe 5112 taskmgr.exe 5112 taskmgr.exe 5112 taskmgr.exe 5112 taskmgr.exe 5112 taskmgr.exe 5112 taskmgr.exe 5112 taskmgr.exe 5112 taskmgr.exe 5112 taskmgr.exe 5112 taskmgr.exe 5112 taskmgr.exe 5112 taskmgr.exe 5112 taskmgr.exe 5112 taskmgr.exe 5112 taskmgr.exe -
Suspicious use of WriteProcessMemory 32 IoCs
Processes:
kaspersky4win202121.6.7.351en_33704.exenetcoreinstaller_x86.exenetcoreinstaller_x86.exemsiexec.exedescription pid process target process PID 3240 wrote to memory of 1356 3240 kaspersky4win202121.6.7.351en_33704.exe netcoreinstaller_x86.exe PID 3240 wrote to memory of 1356 3240 kaspersky4win202121.6.7.351en_33704.exe netcoreinstaller_x86.exe PID 3240 wrote to memory of 1356 3240 kaspersky4win202121.6.7.351en_33704.exe netcoreinstaller_x86.exe PID 1356 wrote to memory of 2312 1356 netcoreinstaller_x86.exe netcoreinstaller_x86.exe PID 1356 wrote to memory of 2312 1356 netcoreinstaller_x86.exe netcoreinstaller_x86.exe PID 1356 wrote to memory of 2312 1356 netcoreinstaller_x86.exe netcoreinstaller_x86.exe PID 2312 wrote to memory of 3048 2312 netcoreinstaller_x86.exe windowsdesktop-runtime-5.0.10-win-x86.exe PID 2312 wrote to memory of 3048 2312 netcoreinstaller_x86.exe windowsdesktop-runtime-5.0.10-win-x86.exe PID 2312 wrote to memory of 3048 2312 netcoreinstaller_x86.exe windowsdesktop-runtime-5.0.10-win-x86.exe PID 4008 wrote to memory of 2208 4008 msiexec.exe MsiExec.exe PID 4008 wrote to memory of 2208 4008 msiexec.exe MsiExec.exe PID 4008 wrote to memory of 2208 4008 msiexec.exe MsiExec.exe PID 4008 wrote to memory of 3440 4008 msiexec.exe MsiExec.exe PID 4008 wrote to memory of 3440 4008 msiexec.exe MsiExec.exe PID 4008 wrote to memory of 3440 4008 msiexec.exe MsiExec.exe PID 4008 wrote to memory of 5060 4008 msiexec.exe MsiExec.exe PID 4008 wrote to memory of 5060 4008 msiexec.exe MsiExec.exe PID 4008 wrote to memory of 5060 4008 msiexec.exe MsiExec.exe PID 4008 wrote to memory of 2200 4008 msiexec.exe MsiExec.exe PID 4008 wrote to memory of 2200 4008 msiexec.exe MsiExec.exe PID 4008 wrote to memory of 2200 4008 msiexec.exe MsiExec.exe PID 4008 wrote to memory of 828 4008 msiexec.exe MsiExec.exe PID 4008 wrote to memory of 828 4008 msiexec.exe MsiExec.exe PID 4008 wrote to memory of 828 4008 msiexec.exe MsiExec.exe PID 4008 wrote to memory of 1156 4008 msiexec.exe MsiExec.exe PID 4008 wrote to memory of 1156 4008 msiexec.exe MsiExec.exe PID 4008 wrote to memory of 1156 4008 msiexec.exe MsiExec.exe PID 4008 wrote to memory of 2308 4008 msiexec.exe MsiExec.exe PID 4008 wrote to memory of 2308 4008 msiexec.exe MsiExec.exe PID 3240 wrote to memory of 2264 3240 kaspersky4win202121.6.7.351en_33704.exe rundll32.exe PID 3240 wrote to memory of 2264 3240 kaspersky4win202121.6.7.351en_33704.exe rundll32.exe PID 3240 wrote to memory of 2264 3240 kaspersky4win202121.6.7.351en_33704.exe rundll32.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\kaspersky4win202121.6.7.351en_33704.exe"C:\Users\Admin\AppData\Local\Temp\kaspersky4win202121.6.7.351en_33704.exe"1⤵
- Loads dropped DLL
- Checks for any installed AV software in registry
- Checks whether UAC is enabled
- Writes to the Master Boot Record (MBR)
- Drops file in Windows directory
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\D11469C0-D852-11EC-A58B-FAA17377EC03\netcoreinstaller_x86.exe"C:\Users\Admin\AppData\Local\Temp\D11469C0-D852-11EC-A58B-FAA17377EC03\netcoreinstaller_x86.exe" /q /norestart2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\Temp\{A5675CE5-0233-4C84-BB6A-B07DF5C9454A}\.cr\netcoreinstaller_x86.exe"C:\Windows\Temp\{A5675CE5-0233-4C84-BB6A-B07DF5C9454A}\.cr\netcoreinstaller_x86.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\D11469C0-D852-11EC-A58B-FAA17377EC03\netcoreinstaller_x86.exe" -burn.filehandle.attached=540 -burn.filehandle.self=688 /q /norestart3⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\Temp\{7BB663A6-3AC3-4236-9B13-EA541075B2C0}\.be\windowsdesktop-runtime-5.0.10-win-x86.exe"C:\Windows\Temp\{7BB663A6-3AC3-4236-9B13-EA541075B2C0}\.be\windowsdesktop-runtime-5.0.10-win-x86.exe" -q -burn.elevated BurnPipe.{D381ADE6-3294-40B8-9A90-199E28973E78} {DA5A8ED2-AD28-46D8-BDE5-CD3B72E5645D} 23124⤵
- Executes dropped EXE
- Adds Run key to start application
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\rundll32.exe"C:\Windows\system32\rundll32.exe" "C:\Users\Admin\AppData\Local\Temp\0CEAD1CE-D853-11EC-A58B-FAA17377EC03\GetSI.dll",SaveReportRunDllEntry "C:\Users\Admin\AppData\Local\Temp\0CEAD1CE-D853-11EC-A58B-FAA17377EC03\0CEAD1CF-D853-11EC-A58B-FAA17377EC03"2⤵
- Loads dropped DLL
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 444 -p 4768 -ip 47681⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 4768 -s 8441⤵
- Program crash
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 6DC3EE57F605F96596CBF6F056B2E29E2⤵
- Loads dropped DLL
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding ACFD1E9600E747D5CE332482378D430C2⤵
- Loads dropped DLL
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding F3C892854DD5DC7EFE2B2B7CF4FCCDF12⤵
- Loads dropped DLL
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 8C3EEDA5DC1DB2CC0602C2D790E711352⤵
- Loads dropped DLL
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding C8C02D52B7048986B7EC05ADB6BDC99E2⤵
- Loads dropped DLL
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding B2CDEA442CAB11CD23DFE12C67587F7A E Global\MSI00002⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\MsiExec.exeC:\Windows\System32\MsiExec.exe -Embedding F418EBF5113F09B73CA7081058167B8A E Global\MSI00002⤵
- Drops file in Drivers directory
- Loads dropped DLL
- Drops file in Windows directory
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\ProgramData\Kaspersky Lab Setup Files\KFA21.6.7.351.0.36.0\product.msiFilesize
13.4MB
MD573c45b47f1cc3059f8ab8dc5e133f9c3
SHA15f0a7432345ef685b98f8ab5423c088fb28fcdf7
SHA2569f562fd622a92ed39f95633e0f3e0bad6647b8057b01a3daa14cd3883d652621
SHA5121ca782413fa68e081e2257ac3ddefa86ba75a6b9211b1728fc678f9c5148bcf1affc476debe44b4af42b731764809f6889fc08ea4585712bee9cbef0035cae18
-
C:\Users\Admin\AppData\Local\Temp\76FF988A258DCE115AB8AF1A3777CE30\System.Windows.Interactivity.dllFilesize
39KB
MD53ab57a33a6e3a1476695d5a6e856c06a
SHA1dabb4ecffd0c422a8eebff5d4ec8116a6e90d7e7
SHA2564aace8c8a330ae8429cd8cc1b6804076d3a9ffd633470f91fd36bdd25bb57876
SHA51258dbfcf9199d72d370e2d98b8ef2713d74207a597c9494b0ecf5e4c7bf7cf60c5e85f4a92b2a1896dff63d9d5107f0d81d7dddbc7203e9e559ab7219eca0df92
-
C:\Users\Admin\AppData\Local\Temp\76FF988A258DCE115AB8AF1A3777CE30\System.Windows.Interactivity.dllFilesize
39KB
MD53ab57a33a6e3a1476695d5a6e856c06a
SHA1dabb4ecffd0c422a8eebff5d4ec8116a6e90d7e7
SHA2564aace8c8a330ae8429cd8cc1b6804076d3a9ffd633470f91fd36bdd25bb57876
SHA51258dbfcf9199d72d370e2d98b8ef2713d74207a597c9494b0ecf5e4c7bf7cf60c5e85f4a92b2a1896dff63d9d5107f0d81d7dddbc7203e9e559ab7219eca0df92
-
C:\Users\Admin\AppData\Local\Temp\76FF988A258DCE115AB8AF1A3777CE30\System.Windows.Interactivity.dllFilesize
39KB
MD53ab57a33a6e3a1476695d5a6e856c06a
SHA1dabb4ecffd0c422a8eebff5d4ec8116a6e90d7e7
SHA2564aace8c8a330ae8429cd8cc1b6804076d3a9ffd633470f91fd36bdd25bb57876
SHA51258dbfcf9199d72d370e2d98b8ef2713d74207a597c9494b0ecf5e4c7bf7cf60c5e85f4a92b2a1896dff63d9d5107f0d81d7dddbc7203e9e559ab7219eca0df92
-
C:\Users\Admin\AppData\Local\Temp\76FF988A258DCE115AB8AF1A3777CE30\System.Windows.Interactivity.dllFilesize
39KB
MD53ab57a33a6e3a1476695d5a6e856c06a
SHA1dabb4ecffd0c422a8eebff5d4ec8116a6e90d7e7
SHA2564aace8c8a330ae8429cd8cc1b6804076d3a9ffd633470f91fd36bdd25bb57876
SHA51258dbfcf9199d72d370e2d98b8ef2713d74207a597c9494b0ecf5e4c7bf7cf60c5e85f4a92b2a1896dff63d9d5107f0d81d7dddbc7203e9e559ab7219eca0df92
-
C:\Users\Admin\AppData\Local\Temp\76FF988A258DCE115AB8AF1A3777CE30\kasperskylab.setup.ui.common.dllFilesize
36KB
MD53afb680f223a9a271d498438f525b3a4
SHA143f04d25396dc0684718e222ae4acdb578515a15
SHA256c4e276c67f3482f9ec572f5c89a5e93ce9a5b5dd0ede7c0143e03c903e6b9dc2
SHA512e4b970917eab44202873c57e5ff4a7123bcd77b0611a210ea79d29fa2943dd2c2c2a4fb017b7543d2d3c8a64dedcb66d881559e2945f05252805e14bbb0463a6
-
C:\Users\Admin\AppData\Local\Temp\76FF988A258DCE115AB8AF1A3777CE30\kasperskylab.setup.ui.common.dllFilesize
36KB
MD53afb680f223a9a271d498438f525b3a4
SHA143f04d25396dc0684718e222ae4acdb578515a15
SHA256c4e276c67f3482f9ec572f5c89a5e93ce9a5b5dd0ede7c0143e03c903e6b9dc2
SHA512e4b970917eab44202873c57e5ff4a7123bcd77b0611a210ea79d29fa2943dd2c2c2a4fb017b7543d2d3c8a64dedcb66d881559e2945f05252805e14bbb0463a6
-
C:\Users\Admin\AppData\Local\Temp\76FF988A258DCE115AB8AF1A3777CE30\kasperskylab.setup.ui.common.dllFilesize
36KB
MD53afb680f223a9a271d498438f525b3a4
SHA143f04d25396dc0684718e222ae4acdb578515a15
SHA256c4e276c67f3482f9ec572f5c89a5e93ce9a5b5dd0ede7c0143e03c903e6b9dc2
SHA512e4b970917eab44202873c57e5ff4a7123bcd77b0611a210ea79d29fa2943dd2c2c2a4fb017b7543d2d3c8a64dedcb66d881559e2945f05252805e14bbb0463a6
-
C:\Users\Admin\AppData\Local\Temp\76FF988A258DCE115AB8AF1A3777CE30\kasperskylab.setup.ui.common.dllFilesize
36KB
MD53afb680f223a9a271d498438f525b3a4
SHA143f04d25396dc0684718e222ae4acdb578515a15
SHA256c4e276c67f3482f9ec572f5c89a5e93ce9a5b5dd0ede7c0143e03c903e6b9dc2
SHA512e4b970917eab44202873c57e5ff4a7123bcd77b0611a210ea79d29fa2943dd2c2c2a4fb017b7543d2d3c8a64dedcb66d881559e2945f05252805e14bbb0463a6
-
C:\Users\Admin\AppData\Local\Temp\76FF988A258DCE115AB8AF1A3777CE30\kasperskylab.setup.ui.core.dllFilesize
554KB
MD5697cc02611bc0e88f7c99c3f56a1cfdf
SHA13e071dbbde938360de8d65d6e845283730a20be0
SHA256b94fd6847a7fd5dff6747a0f7f40d09907010b5ace319e5fbb7d2a1bbe4f31db
SHA512862e661e01a429ac272de4d0f41db07686bcfb48ffa95de372c3a63babf9a67a464046bb380e9b7203cb86efedba4caa88a93d3cf70c4ada536f4fdc82039633
-
C:\Users\Admin\AppData\Local\Temp\76FF988A258DCE115AB8AF1A3777CE30\kasperskylab.setup.ui.core.dllFilesize
554KB
MD5697cc02611bc0e88f7c99c3f56a1cfdf
SHA13e071dbbde938360de8d65d6e845283730a20be0
SHA256b94fd6847a7fd5dff6747a0f7f40d09907010b5ace319e5fbb7d2a1bbe4f31db
SHA512862e661e01a429ac272de4d0f41db07686bcfb48ffa95de372c3a63babf9a67a464046bb380e9b7203cb86efedba4caa88a93d3cf70c4ada536f4fdc82039633
-
C:\Users\Admin\AppData\Local\Temp\76FF988A258DCE115AB8AF1A3777CE30\kasperskylab.setup.ui.dllFilesize
411KB
MD5d164fe9b987a04ddf392c5f74111b652
SHA1d30ec335d14ae9d2c89d9da6c03186b9a98ab759
SHA2560538cf06c51bf73723b7268b4d8c8a9d6816208c70864d48f6dc6524f8fcb8e3
SHA512babf81b060af65726cad629b0264bb103332f3c1946512e7d8d216720f5457ce08a3aa1659ef9a950677f8787228390667a6e5518b6bdd27e2cd83628ce4fa47
-
C:\Users\Admin\AppData\Local\Temp\76FF988A258DCE115AB8AF1A3777CE30\kasperskylab.setup.ui.dllFilesize
411KB
MD5d164fe9b987a04ddf392c5f74111b652
SHA1d30ec335d14ae9d2c89d9da6c03186b9a98ab759
SHA2560538cf06c51bf73723b7268b4d8c8a9d6816208c70864d48f6dc6524f8fcb8e3
SHA512babf81b060af65726cad629b0264bb103332f3c1946512e7d8d216720f5457ce08a3aa1659ef9a950677f8787228390667a6e5518b6bdd27e2cd83628ce4fa47
-
C:\Users\Admin\AppData\Local\Temp\76FF988A258DCE115AB8AF1A3777CE30\kasperskylab.setup.ui.interoplayer.dllFilesize
56KB
MD5a1c4d1834b0405b9c05059d9f328eada
SHA1987b143e0a66a82a190d1bcd37093e404b2d3c1a
SHA256d6857160692566c8a96ca576e8a2358dcb170a9c15532f7901bdd3acd64e8cd1
SHA5128a019ec63efeb2d4429b085df990cb08e58836bce1a8e1301cc699f710449d51aed5723e430bf9daa1ec67000c094bdb2a7becfffefe97abc28e4bf26acaf2e0
-
C:\Users\Admin\AppData\Local\Temp\76FF988A258DCE115AB8AF1A3777CE30\kasperskylab.setup.ui.interoplayer.dllFilesize
56KB
MD5a1c4d1834b0405b9c05059d9f328eada
SHA1987b143e0a66a82a190d1bcd37093e404b2d3c1a
SHA256d6857160692566c8a96ca576e8a2358dcb170a9c15532f7901bdd3acd64e8cd1
SHA5128a019ec63efeb2d4429b085df990cb08e58836bce1a8e1301cc699f710449d51aed5723e430bf9daa1ec67000c094bdb2a7becfffefe97abc28e4bf26acaf2e0
-
C:\Users\Admin\AppData\Local\Temp\76FF988A258DCE115AB8AF1A3777CE30\kasperskylab.ui.core.localization.dllFilesize
197KB
MD5d1aceaa1032d4ca0e4debcf80ea3f994
SHA11d02c597b45cc1ac1e797aad6f91e2933c7659c4
SHA2565c8e515fe772503ce120f2027d986246e906eb6e05449eafdf182a82648e9fea
SHA512d7ebb6c5aac70acefddf364e8200ee69ae789fa992ea94f297b47375c3c5b30227fece2c299176430c81545835372c327e2cebc221d9df017023ebf4c7667edd
-
C:\Users\Admin\AppData\Local\Temp\76FF988A258DCE115AB8AF1A3777CE30\kasperskylab.ui.core.localization.dllFilesize
197KB
MD5d1aceaa1032d4ca0e4debcf80ea3f994
SHA11d02c597b45cc1ac1e797aad6f91e2933c7659c4
SHA2565c8e515fe772503ce120f2027d986246e906eb6e05449eafdf182a82648e9fea
SHA512d7ebb6c5aac70acefddf364e8200ee69ae789fa992ea94f297b47375c3c5b30227fece2c299176430c81545835372c327e2cebc221d9df017023ebf4c7667edd
-
C:\Users\Admin\AppData\Local\Temp\76FF988A258DCE115AB8AF1A3777CE30\setup.dllFilesize
5.7MB
MD5ec285b2826e5f727d1791c4ca8b28b86
SHA1143f7eceac20b3f496895038de580d32deb35189
SHA256dde4224c6512c43987ab994d9cadd2ecf96e534499c98cdae0aa4147a6c56d98
SHA51294de9225e9f67a791fa281935097454800d802a0917724b1f00021cb75b84aab41e290e993e36d05ee485eb71e94a94db92e72d3944dd0f10d308e6d9c57739f
-
C:\Users\Admin\AppData\Local\Temp\76FF988A258DCE115AB8AF1A3777CE30\sharpvectorconverterswpf.dllFilesize
140KB
MD59a1c23a4009fa87a1c06c7e49884d5b7
SHA1fdbb54540c259d2f953aa6eadad272b827cd8786
SHA2562495be7da238496b4f82f6d26b76ca6d84dead6e9b7d4e4613d544909c3c7d62
SHA5123cadfb88720d7dad374fa3a80d07a727b80ce1d7ef8e3d4ccc4fd19566f013257a853420e8751d70f1ca70d0494a565ad6c654798816a6e5cb716de6d6c035ab
-
C:\Users\Admin\AppData\Local\Temp\76FF988A258DCE115AB8AF1A3777CE30\sharpvectorconverterswpf.dllFilesize
140KB
MD59a1c23a4009fa87a1c06c7e49884d5b7
SHA1fdbb54540c259d2f953aa6eadad272b827cd8786
SHA2562495be7da238496b4f82f6d26b76ca6d84dead6e9b7d4e4613d544909c3c7d62
SHA5123cadfb88720d7dad374fa3a80d07a727b80ce1d7ef8e3d4ccc4fd19566f013257a853420e8751d70f1ca70d0494a565ad6c654798816a6e5cb716de6d6c035ab
-
C:\Users\Admin\AppData\Local\Temp\76FF988A258DCE115AB8AF1A3777CE30\sharpvectorcore.dllFilesize
203KB
MD560443b3f133242785e9e2be5e42fea70
SHA15b73151fc51f24606dd9ac9da6ef138a899d65a6
SHA256021ec01b901771a145134c137e5697e4ed68fc80a60102a93278339d4d1c10ea
SHA51262e657e19da293dc3d471b8f9eb5e46b88665b3b9e3f167737aada18fd2d176ee424c68f695ea6acadd65c634b88ca87ebc53bf7241ecc0c45e337cbfaf987a5
-
C:\Users\Admin\AppData\Local\Temp\76FF988A258DCE115AB8AF1A3777CE30\sharpvectorcore.dllFilesize
203KB
MD560443b3f133242785e9e2be5e42fea70
SHA15b73151fc51f24606dd9ac9da6ef138a899d65a6
SHA256021ec01b901771a145134c137e5697e4ed68fc80a60102a93278339d4d1c10ea
SHA51262e657e19da293dc3d471b8f9eb5e46b88665b3b9e3f167737aada18fd2d176ee424c68f695ea6acadd65c634b88ca87ebc53bf7241ecc0c45e337cbfaf987a5
-
C:\Users\Admin\AppData\Local\Temp\76FF988A258DCE115AB8AF1A3777CE30\sharpvectorcss.dllFilesize
111KB
MD53050634315befbf4d5caf52e4e048a0c
SHA1b1cb9a7580067696b055a194865da6ff6ef2563e
SHA2561a95cfbf80d7b0894c9c43986ff0d721eacb264a8cb3be376fda062a7b2515bf
SHA51247b89364a8100ef2d045f763d8c022a9e7a622a73c4e3dce8844241a79a812fbdcbf477f3d92becb65149d52780d60f130f4e2e66982942bd42c34bb569f3111
-
C:\Users\Admin\AppData\Local\Temp\76FF988A258DCE115AB8AF1A3777CE30\sharpvectorcss.dllFilesize
111KB
MD53050634315befbf4d5caf52e4e048a0c
SHA1b1cb9a7580067696b055a194865da6ff6ef2563e
SHA2561a95cfbf80d7b0894c9c43986ff0d721eacb264a8cb3be376fda062a7b2515bf
SHA51247b89364a8100ef2d045f763d8c022a9e7a622a73c4e3dce8844241a79a812fbdcbf477f3d92becb65149d52780d60f130f4e2e66982942bd42c34bb569f3111
-
C:\Users\Admin\AppData\Local\Temp\76FF988A258DCE115AB8AF1A3777CE30\sharpvectordom.dllFilesize
58KB
MD585e503b71136f3bc74ff0ef6cdb3d9a7
SHA1d0561021da3eb17db7524d872b9ac9b1f4aafc5c
SHA256c9cd2edbd879d8c02443b73e489182e01aa7149d40bf76ae2185e726b2d13fa1
SHA5126d1c08daaffa4bca68f8830340d6502fcfc466fa284aa36f45222ddb9e074172999da1877763af279fcd29a5470d45152fe2012cbd3fdb8db73eb667f679e818
-
C:\Users\Admin\AppData\Local\Temp\76FF988A258DCE115AB8AF1A3777CE30\sharpvectordom.dllFilesize
58KB
MD585e503b71136f3bc74ff0ef6cdb3d9a7
SHA1d0561021da3eb17db7524d872b9ac9b1f4aafc5c
SHA256c9cd2edbd879d8c02443b73e489182e01aa7149d40bf76ae2185e726b2d13fa1
SHA5126d1c08daaffa4bca68f8830340d6502fcfc466fa284aa36f45222ddb9e074172999da1877763af279fcd29a5470d45152fe2012cbd3fdb8db73eb667f679e818
-
C:\Users\Admin\AppData\Local\Temp\76FF988A258DCE115AB8AF1A3777CE30\sharpvectormodel.dllFilesize
1009KB
MD56b9e04e3b7395579b5f415d978298804
SHA17c3a32a711169ac8f67ee768b4a9d42219a7d712
SHA256ca09c51aa4edf34e768a47ce42f46eb27ad3440a994f91c346c88bb11a95a027
SHA512e02ac37ae6a1944e79387ea707ba47689ba4f82679f8a43f194c916328a476e5078c4905914bf26ff90402b6849c798f52cd768f5948dfdf4c9d7420cb5877ae
-
C:\Users\Admin\AppData\Local\Temp\76FF988A258DCE115AB8AF1A3777CE30\sharpvectormodel.dllFilesize
1009KB
MD56b9e04e3b7395579b5f415d978298804
SHA17c3a32a711169ac8f67ee768b4a9d42219a7d712
SHA256ca09c51aa4edf34e768a47ce42f46eb27ad3440a994f91c346c88bb11a95a027
SHA512e02ac37ae6a1944e79387ea707ba47689ba4f82679f8a43f194c916328a476e5078c4905914bf26ff90402b6849c798f52cd768f5948dfdf4c9d7420cb5877ae
-
C:\Users\Admin\AppData\Local\Temp\76FF988A258DCE115AB8AF1A3777CE30\sharpvectorrenderingwpf.dllFilesize
206KB
MD5b702259023e476152668d86f87d237e4
SHA1dd6d289578a0f511eb1b584ad5de6c62a14617f7
SHA25661c385ecd399aa0b27c9e3eb3a6b711b3495a847dd3e85fa9b0e4aa2f2c1cf5a
SHA51212c7f4d40299bf5bc2e8079f05909964630d2aa9136bad46a93ebb97e9f54e1fa05f034d9e5f9c6957f624893f2ce21d43577f68abf823d7641c30337c5f08df
-
C:\Users\Admin\AppData\Local\Temp\76FF988A258DCE115AB8AF1A3777CE30\sharpvectorrenderingwpf.dllFilesize
206KB
MD5b702259023e476152668d86f87d237e4
SHA1dd6d289578a0f511eb1b584ad5de6c62a14617f7
SHA25661c385ecd399aa0b27c9e3eb3a6b711b3495a847dd3e85fa9b0e4aa2f2c1cf5a
SHA51212c7f4d40299bf5bc2e8079f05909964630d2aa9136bad46a93ebb97e9f54e1fa05f034d9e5f9c6957f624893f2ce21d43577f68abf823d7641c30337c5f08df
-
C:\Users\Admin\AppData\Local\Temp\76FF988A258DCE115AB8AF1A3777CE30\sharpvectorruntimewpf.dllFilesize
71KB
MD58da086d45599a753a69cf412b3f2b3c5
SHA1cf9da270a296b9721df0c8b53644be094f722206
SHA25698e513bd578e6bb34dedb71c9f0ffc747733357ba907bce7628a659f33a4dac4
SHA51259be5cbfc8bc813b23379bc4e66442a9b4233b4e2d56dbad297ab0d1767fd18fa130ab9266fb22dd83d15737e3d08637504ebba4b5c1a3c40382c03402ef2d45
-
C:\Users\Admin\AppData\Local\Temp\76FF988A258DCE115AB8AF1A3777CE30\sharpvectorruntimewpf.dllFilesize
71KB
MD58da086d45599a753a69cf412b3f2b3c5
SHA1cf9da270a296b9721df0c8b53644be094f722206
SHA25698e513bd578e6bb34dedb71c9f0ffc747733357ba907bce7628a659f33a4dac4
SHA51259be5cbfc8bc813b23379bc4e66442a9b4233b4e2d56dbad297ab0d1767fd18fa130ab9266fb22dd83d15737e3d08637504ebba4b5c1a3c40382c03402ef2d45
-
C:\Users\Admin\AppData\Local\Temp\BF220A1B-D852-11EC-A58B-FAA17377EC03\Cleaner\cleanapi.dllFilesize
5.3MB
MD57fd8b00fc4e191041774143d16490a06
SHA1055e3b607c4a20b5d108d9f65622eca48ed23022
SHA2563090237c9e1733b43c2429a13624e51fdc6752d11d2924b6da93113150887cda
SHA5122654993f78f8bccf0fc52e099bd083555c04eddca7d7bd0f99c6a2885b33dd96af7776e6398fa75a9d6afddf9f19c9cee9c7d3ff3d9213d9aa722d0db2bcae4e
-
C:\Users\Admin\AppData\Local\Temp\D11469C0-D852-11EC-A58B-FAA17377EC03\netcoreinstaller_x86.exeFilesize
47.0MB
MD54812acf0af9df3ef84352b36ce5b78ba
SHA163d1bcceea4be42040b3f26843a5fbe852249346
SHA256932aa09d36603d1b8d1957a0b606d13505e5627b4d5deb9e12edd001b14258d1
SHA5126ab85e0e2e034252abbe1a7642e679d22de44e3c5702519224378c6cdfcecacd2397b0c974ac83bccab6e632178dd001d4e2c3e1ea925c0d8f9b2cb40a9c17ec
-
C:\Users\Admin\AppData\Local\Temp\D11469C0-D852-11EC-A58B-FAA17377EC03\netcoreinstaller_x86.exeFilesize
47.0MB
MD54812acf0af9df3ef84352b36ce5b78ba
SHA163d1bcceea4be42040b3f26843a5fbe852249346
SHA256932aa09d36603d1b8d1957a0b606d13505e5627b4d5deb9e12edd001b14258d1
SHA5126ab85e0e2e034252abbe1a7642e679d22de44e3c5702519224378c6cdfcecacd2397b0c974ac83bccab6e632178dd001d4e2c3e1ea925c0d8f9b2cb40a9c17ec
-
C:\Users\Admin\AppData\Local\Temp\E9C9A6DC-D852-11EC-A58B-FAA17377EC03\cbi.dllFilesize
130KB
MD5c45f572975214926ea7f47e5054917dd
SHA18763ce141a150e8e089e19a313d8d8ba1e6609c6
SHA256c9d6a5ec18c61b1df882e84ae8cb209b5dc96c8f1b275729d5210edd5df0a1dc
SHA5120b9d494dc8c98c5c75f00bbbed1e1ba93a249312b5086b9b96f4e27fcb20381534c1126e94ae0ba2bd8987579775ef167f6dda056386c27ec1026726ae2371b8
-
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_5.0.10_(x86)_20220520153805_000_dotnet_runtime_5.0.10_win_x86.msi.logFilesize
2KB
MD5429960518ea1277bca7054a2b15cf7e7
SHA1fddc3c8b8e1d74bbc9f041eb5df82a15d1474af2
SHA2560f49e6620e3e4eb68ab0b948145bb4083edb7ab02c859b5511c3d42ff8f750a7
SHA512dc412e0becdc078810a1d3e1fd9d32e3eab67f8d88085931fc50e1b89720d7e8561d455e1a25adf21f97dfcffb48aee19ae52a33b4ca665f0c90a075c0d124f5
-
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_5.0.10_(x86)_20220520153805_001_dotnet_hostfxr_5.0.10_win_x86.msi.logFilesize
2KB
MD594d66ec7931c788b670eda9b2b6cb0c6
SHA1d8f9c4cd571e46e2fed6637afb58128588bf01a6
SHA2566d72ca2586a0b90003fd952a77a438e170f92dae5a13c979b69dc61b16ca12c1
SHA512b99da2b0be402bc37545b7846961d01e9f57ec30a3dcb4030f92b26094b9402434fbcdfbfbd7c45be9dd2f73be2b89fee7ece0ba42e6ea40b663e27dbce56ab1
-
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_5.0.10_(x86)_20220520153805_002_dotnet_host_5.0.10_win_x86.msi.logFilesize
2KB
MD5e49667628ee208f049885fbf2958602a
SHA17174a2f39be0f976507eebcd9f1d923c159b77e8
SHA256353c27420cc2fe82e9bd41bf4e3df1864b8ba357bbb48195d56174ac29318013
SHA5122b8c095090ecbfa01bd3c74ea691ad4af22d8781df5060cb0bfaf736a124e7dbf4c7b5302d8358be28b4b5410318bd42ccaf93394d9a2e94fa267ba11a87dee6
-
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_5.0.10_(x86)_20220520153805_003_windowsdesktop_runtime_5.0.10_win_x86.msi.logFilesize
2KB
MD585883699f5b690c9fff710c8041ad874
SHA1735b1bd7117ccf9c1ec3ce60af570149cc02b7f2
SHA256d592cc575c7e4c586b65de23f2c5c0911a44aa66156b1de68d12c6283cd09fca
SHA51277577db972f15222dd766f27f5fae8bf2c23ad7d21dfc775b9f60b1a229c88cf588589d3edb65911da084208399a956b58608b082a36b71940ba3f37dedef946
-
C:\Users\Admin\AppData\Local\Temp\kl-install-2022-05-20-15-38-37_KFA.21.6.7.351.logFilesize
1KB
MD551892c446c14a900d86e5d7bb8a72196
SHA1da50cd579c26d2cd5561bc7022fb66491c8f00ea
SHA25647bf1715b6beb8a68c044481a409a974107b944bf387e77870a3d7eb11633127
SHA512f6a2a550a66f22e8beb7c3f039f372b1a6739692a53d4e3f73d4187b4b8eac195adb00c70403c45c870e021d65866d9d6a7efd7abb719832a8f55df16a9a3eee
-
C:\Windows\Installer\MSI2B61.tmpFilesize
215KB
MD5e05884f57bc8bc8e131c2b0e50cedef0
SHA129c6cbd9f66e91f6e221f0ddaf1a651685f197df
SHA2567548a0f20cb0ae214da3f0a4d3f21a59c6f50ce9f2e5bd666a471d6bb70be74c
SHA512dfc94133ea0c81b8cde4be8510f65a1d1a606c2f9340f90173e7fad705a7ee6e30784a52d02364ba7673daa7beb15a8b913078464a6dd16aacbba717690a5ed3
-
C:\Windows\Installer\MSI2B61.tmpFilesize
215KB
MD5e05884f57bc8bc8e131c2b0e50cedef0
SHA129c6cbd9f66e91f6e221f0ddaf1a651685f197df
SHA2567548a0f20cb0ae214da3f0a4d3f21a59c6f50ce9f2e5bd666a471d6bb70be74c
SHA512dfc94133ea0c81b8cde4be8510f65a1d1a606c2f9340f90173e7fad705a7ee6e30784a52d02364ba7673daa7beb15a8b913078464a6dd16aacbba717690a5ed3
-
C:\Windows\Installer\MSI34D9.tmpFilesize
215KB
MD5e05884f57bc8bc8e131c2b0e50cedef0
SHA129c6cbd9f66e91f6e221f0ddaf1a651685f197df
SHA2567548a0f20cb0ae214da3f0a4d3f21a59c6f50ce9f2e5bd666a471d6bb70be74c
SHA512dfc94133ea0c81b8cde4be8510f65a1d1a606c2f9340f90173e7fad705a7ee6e30784a52d02364ba7673daa7beb15a8b913078464a6dd16aacbba717690a5ed3
-
C:\Windows\Installer\MSI34D9.tmpFilesize
215KB
MD5e05884f57bc8bc8e131c2b0e50cedef0
SHA129c6cbd9f66e91f6e221f0ddaf1a651685f197df
SHA2567548a0f20cb0ae214da3f0a4d3f21a59c6f50ce9f2e5bd666a471d6bb70be74c
SHA512dfc94133ea0c81b8cde4be8510f65a1d1a606c2f9340f90173e7fad705a7ee6e30784a52d02364ba7673daa7beb15a8b913078464a6dd16aacbba717690a5ed3
-
C:\Windows\Installer\MSI3B34.tmpFilesize
215KB
MD5e05884f57bc8bc8e131c2b0e50cedef0
SHA129c6cbd9f66e91f6e221f0ddaf1a651685f197df
SHA2567548a0f20cb0ae214da3f0a4d3f21a59c6f50ce9f2e5bd666a471d6bb70be74c
SHA512dfc94133ea0c81b8cde4be8510f65a1d1a606c2f9340f90173e7fad705a7ee6e30784a52d02364ba7673daa7beb15a8b913078464a6dd16aacbba717690a5ed3
-
C:\Windows\Installer\MSI3B34.tmpFilesize
215KB
MD5e05884f57bc8bc8e131c2b0e50cedef0
SHA129c6cbd9f66e91f6e221f0ddaf1a651685f197df
SHA2567548a0f20cb0ae214da3f0a4d3f21a59c6f50ce9f2e5bd666a471d6bb70be74c
SHA512dfc94133ea0c81b8cde4be8510f65a1d1a606c2f9340f90173e7fad705a7ee6e30784a52d02364ba7673daa7beb15a8b913078464a6dd16aacbba717690a5ed3
-
C:\Windows\Installer\MSI569E.tmpFilesize
215KB
MD5e05884f57bc8bc8e131c2b0e50cedef0
SHA129c6cbd9f66e91f6e221f0ddaf1a651685f197df
SHA2567548a0f20cb0ae214da3f0a4d3f21a59c6f50ce9f2e5bd666a471d6bb70be74c
SHA512dfc94133ea0c81b8cde4be8510f65a1d1a606c2f9340f90173e7fad705a7ee6e30784a52d02364ba7673daa7beb15a8b913078464a6dd16aacbba717690a5ed3
-
C:\Windows\Installer\MSI569E.tmpFilesize
215KB
MD5e05884f57bc8bc8e131c2b0e50cedef0
SHA129c6cbd9f66e91f6e221f0ddaf1a651685f197df
SHA2567548a0f20cb0ae214da3f0a4d3f21a59c6f50ce9f2e5bd666a471d6bb70be74c
SHA512dfc94133ea0c81b8cde4be8510f65a1d1a606c2f9340f90173e7fad705a7ee6e30784a52d02364ba7673daa7beb15a8b913078464a6dd16aacbba717690a5ed3
-
C:\Windows\Installer\MSI6218.tmpFilesize
143KB
MD5b13a11b78e4489522f385e230eb28cee
SHA173b633bb9b21faea9a5be0027ccaad4617dfa8af
SHA25627da2dd2a1be36e5604a00809674f18a4cfa5c561f846b2ba30135ec392caa66
SHA512bfb18f24193fc2c149bf4bfaafadca44cc422df9aa858bec04b116fbdc0b91292e01939c027eafee3ca6051d56cd70b31eb7099fd213312cf25e8327444db671
-
C:\Windows\Installer\MSI6218.tmpFilesize
143KB
MD5b13a11b78e4489522f385e230eb28cee
SHA173b633bb9b21faea9a5be0027ccaad4617dfa8af
SHA25627da2dd2a1be36e5604a00809674f18a4cfa5c561f846b2ba30135ec392caa66
SHA512bfb18f24193fc2c149bf4bfaafadca44cc422df9aa858bec04b116fbdc0b91292e01939c027eafee3ca6051d56cd70b31eb7099fd213312cf25e8327444db671
-
C:\Windows\Installer\MSI62C5.tmpFilesize
143KB
MD5b13a11b78e4489522f385e230eb28cee
SHA173b633bb9b21faea9a5be0027ccaad4617dfa8af
SHA25627da2dd2a1be36e5604a00809674f18a4cfa5c561f846b2ba30135ec392caa66
SHA512bfb18f24193fc2c149bf4bfaafadca44cc422df9aa858bec04b116fbdc0b91292e01939c027eafee3ca6051d56cd70b31eb7099fd213312cf25e8327444db671
-
C:\Windows\Installer\MSI62C5.tmpFilesize
143KB
MD5b13a11b78e4489522f385e230eb28cee
SHA173b633bb9b21faea9a5be0027ccaad4617dfa8af
SHA25627da2dd2a1be36e5604a00809674f18a4cfa5c561f846b2ba30135ec392caa66
SHA512bfb18f24193fc2c149bf4bfaafadca44cc422df9aa858bec04b116fbdc0b91292e01939c027eafee3ca6051d56cd70b31eb7099fd213312cf25e8327444db671
-
C:\Windows\Installer\MSI6518.tmpFilesize
143KB
MD5b13a11b78e4489522f385e230eb28cee
SHA173b633bb9b21faea9a5be0027ccaad4617dfa8af
SHA25627da2dd2a1be36e5604a00809674f18a4cfa5c561f846b2ba30135ec392caa66
SHA512bfb18f24193fc2c149bf4bfaafadca44cc422df9aa858bec04b116fbdc0b91292e01939c027eafee3ca6051d56cd70b31eb7099fd213312cf25e8327444db671
-
C:\Windows\Temp\{7BB663A6-3AC3-4236-9B13-EA541075B2C0}\.ba\wixstdba.dllFilesize
188KB
MD5e5d8eaa8b7dc311a115484dbbf797e82
SHA1399d7532402748c535863abee1d06c789be114c3
SHA256ed6d806a19dc309da425030bd3351beb856e26cdef96b93c267443d6458a1772
SHA512a59f4e5ca73044545ba5112f80e838c41b01729a7582f1cbbd17daa87366295950f03840a4518404d07ed3f590ac0950ebbd4166b8930cdde9c910c0a8e10d48
-
C:\Windows\Temp\{7BB663A6-3AC3-4236-9B13-EA541075B2C0}\.be\windowsdesktop-runtime-5.0.10-win-x86.exeFilesize
603KB
MD5de1b21bc90e2620571ce85e23738bcd5
SHA1c089423117aa449647e9538ff9cb364a12ad3112
SHA256d788f5b56c19fe2765ffbfd8ffc2c90ceff2637e808e5c4c93b3240ca877d183
SHA51291b0e6c83fc1e717a8902b420cb5afdc650c4808346dacaed6ccb7e1422d42a5802a82e7537a8542d1c4ceed6d81aa63bc991c7b1842cdaadf057917c7a58018
-
C:\Windows\Temp\{7BB663A6-3AC3-4236-9B13-EA541075B2C0}\.be\windowsdesktop-runtime-5.0.10-win-x86.exeFilesize
603KB
MD5de1b21bc90e2620571ce85e23738bcd5
SHA1c089423117aa449647e9538ff9cb364a12ad3112
SHA256d788f5b56c19fe2765ffbfd8ffc2c90ceff2637e808e5c4c93b3240ca877d183
SHA51291b0e6c83fc1e717a8902b420cb5afdc650c4808346dacaed6ccb7e1422d42a5802a82e7537a8542d1c4ceed6d81aa63bc991c7b1842cdaadf057917c7a58018
-
C:\Windows\Temp\{7BB663A6-3AC3-4236-9B13-EA541075B2C0}\dotnet_host_5.0.10_win_x86.msiFilesize
688KB
MD5becf180bfacfd8f9c485c7c880b5ca29
SHA1bd30b6c2f2135390e99742c67a334058eb736027
SHA256763b6b89ba725dde252eed0ab05999d3bd2083fc75a678e5dad3a6d42f06cbe3
SHA512282e4f8bea37041aa722e7ba95fc525077929491046127d7458cbb9dd51b08be454945619f65252e4c9b94934bfe32fd729231d6b850af7de39721e10d904977
-
C:\Windows\Temp\{7BB663A6-3AC3-4236-9B13-EA541075B2C0}\dotnet_hostfxr_5.0.10_win_x86.msiFilesize
740KB
MD56892e029ebd5350efe21d62bb88c5b9c
SHA16678f8838894112cfd150e1458fc59551f26b523
SHA2565a40a4f296337aabe4e13ad9171e0422f71d4efd605695af1833336dced80fe8
SHA5129ac0c074cb1c4dcc9c7df3522bca45e4b5b2215e3def87acdf04c8ec79f768c4bf6925aadf3baf2599f117b4250a453f1cc6f6ee51ac3bf5a5144bc07c0db0e0
-
C:\Windows\Temp\{7BB663A6-3AC3-4236-9B13-EA541075B2C0}\dotnet_runtime_5.0.10_win_x86.msiFilesize
21.8MB
MD50f08ed276ea9cedaf97fbfcf2a6edace
SHA15d76fdc455faf420558182cd5e3b50ac015d34cc
SHA256af479f3a4a9a73116f95d155518538cee1aa70de1be7d6cceafcba25f2fc66a4
SHA51299dd15676e451e0dae305adde9f8adb07552d8f24f616e48f6f1e281d8e2483550f73c2973d0776cdd8f6b84271cab87ccc7cdfee7b192532ebb5fa54afd8746
-
C:\Windows\Temp\{7BB663A6-3AC3-4236-9B13-EA541075B2C0}\windowsdesktop_runtime_5.0.10_win_x86.msiFilesize
24.8MB
MD511159067fdad538aef60c4ab42c49c87
SHA16521363decd8f44e7b64438534dc7fae9c7161e5
SHA2562ec14c6e966cc590922a14c7879f670efd6d3e0a2db8c1b972e0e48aae031f6e
SHA51200246837de5d488b73840449ccc1c17207845182333a281ea3b65670e148071164c41c4d7e0830531ae5383f2b4955e767cc79d6545ddf2f81b87d0f6d7f703e
-
C:\Windows\Temp\{A5675CE5-0233-4C84-BB6A-B07DF5C9454A}\.cr\netcoreinstaller_x86.exeFilesize
603KB
MD5de1b21bc90e2620571ce85e23738bcd5
SHA1c089423117aa449647e9538ff9cb364a12ad3112
SHA256d788f5b56c19fe2765ffbfd8ffc2c90ceff2637e808e5c4c93b3240ca877d183
SHA51291b0e6c83fc1e717a8902b420cb5afdc650c4808346dacaed6ccb7e1422d42a5802a82e7537a8542d1c4ceed6d81aa63bc991c7b1842cdaadf057917c7a58018
-
C:\Windows\Temp\{A5675CE5-0233-4C84-BB6A-B07DF5C9454A}\.cr\netcoreinstaller_x86.exeFilesize
603KB
MD5de1b21bc90e2620571ce85e23738bcd5
SHA1c089423117aa449647e9538ff9cb364a12ad3112
SHA256d788f5b56c19fe2765ffbfd8ffc2c90ceff2637e808e5c4c93b3240ca877d183
SHA51291b0e6c83fc1e717a8902b420cb5afdc650c4808346dacaed6ccb7e1422d42a5802a82e7537a8542d1c4ceed6d81aa63bc991c7b1842cdaadf057917c7a58018
-
memory/828-215-0x0000000000000000-mapping.dmp
-
memory/1156-221-0x0000000000000000-mapping.dmp
-
memory/1356-182-0x0000000000000000-mapping.dmp
-
memory/2200-209-0x0000000000000000-mapping.dmp
-
memory/2208-197-0x0000000000000000-mapping.dmp
-
memory/2264-223-0x0000000000000000-mapping.dmp
-
memory/2308-222-0x0000000000000000-mapping.dmp
-
memory/2312-185-0x0000000000000000-mapping.dmp
-
memory/3048-189-0x0000000000000000-mapping.dmp
-
memory/3240-148-0x00000000064F0000-0x0000000006500000-memory.dmpFilesize
64KB
-
memory/3240-161-0x0000000007D80000-0x0000000007DA2000-memory.dmpFilesize
136KB
-
memory/3240-177-0x0000000006540000-0x0000000006552000-memory.dmpFilesize
72KB
-
memory/3240-162-0x0000000007E50000-0x0000000007EE2000-memory.dmpFilesize
584KB
-
memory/3240-136-0x0000000003770000-0x000000000377E000-memory.dmpFilesize
56KB
-
memory/3240-139-0x0000000006090000-0x00000000060F6000-memory.dmpFilesize
408KB
-
memory/3240-171-0x0000000008110000-0x000000000812C000-memory.dmpFilesize
112KB
-
memory/3240-132-0x0000000077D80000-0x0000000077D90000-memory.dmpFilesize
64KB
-
memory/3240-142-0x0000000006760000-0x00000000067EA000-memory.dmpFilesize
552KB
-
memory/3240-174-0x00000000080F0000-0x00000000080FE000-memory.dmpFilesize
56KB
-
memory/3240-145-0x0000000007360000-0x0000000007392000-memory.dmpFilesize
200KB
-
memory/3240-180-0x000000000B9D0000-0x000000000B9D8000-memory.dmpFilesize
32KB
-
memory/3240-130-0x0000000077D80000-0x0000000077D90000-memory.dmpFilesize
64KB
-
memory/3240-178-0x000000000BA00000-0x000000000BA38000-memory.dmpFilesize
224KB
-
memory/3240-168-0x00000000082D0000-0x00000000083CC000-memory.dmpFilesize
1008KB
-
memory/3240-153-0x0000000006510000-0x0000000006518000-memory.dmpFilesize
32KB
-
memory/3240-131-0x0000000077D80000-0x0000000077D90000-memory.dmpFilesize
64KB
-
memory/3240-158-0x0000000007D40000-0x0000000007D74000-memory.dmpFilesize
208KB
-
memory/3240-165-0x0000000008130000-0x0000000008162000-memory.dmpFilesize
200KB
-
memory/3240-179-0x0000000008750000-0x000000000875E000-memory.dmpFilesize
56KB
-
memory/3440-201-0x0000000000000000-mapping.dmp
-
memory/5060-205-0x0000000000000000-mapping.dmp