71a83ef659aa734ae2dfcf7e106f3003e03fd29931e50ce9cf7f926cabd5ff06

Analysis

max time kernel
210s
max time network
210s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
29/12/2022, 15:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

kaspersky-21.2.16.590.exe
Size

2.8MB
MD5

051a4c0c1f78a4acfd61af4a00c04d9a
SHA1

a7d5522903f48c89f24f8893c480b8eb0360198e
SHA256

71a83ef659aa734ae2dfcf7e106f3003e03fd29931e50ce9cf7f926cabd5ff06
SHA512

1b4f8dd6f7f48ec130587782936a10e016cb69234fef30b2b19ee2eb1948f7b1ff15a0085746d122018db65d89748681c2df51da011cb145093cbdb473e389d7
SSDEEP

49152:alINc3mvkxv9HnIyB8cKGdUDUe2QK0m0zJgHvQtuEG2EeyByoyjf02yt8o15D0:8INc3vbHnIyB8dGdU4e9Vzxtu/2ndogI

Score

8^/10

bootkit evasion persistence trojan

Malware Config

Signatures

Blocklisted process makes network request 1 IoCs

flow	pid	Process
56	3480	msiexec.exe

Executes dropped EXE 1 IoCs

pid	Process
4944	TEST_WPF.EXE

Loads dropped DLL 10 IoCs

pid	Process
2044	kaspersky-21.2.16.590.exe
4944	TEST_WPF.EXE
2044	kaspersky-21.2.16.590.exe
2244	MsiExec.exe
2244	MsiExec.exe
2244	MsiExec.exe
2244	MsiExec.exe
2244	MsiExec.exe
2244	MsiExec.exe
2244	MsiExec.exe

Checks for any installed AV software in registry 1 TTPs 48 IoCs

Security Software Discovery

T1063

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\KasperskyLab\IEOverride\Main\XDomainRequest	kaspersky-21.2.16.590.exe
Key opened	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\KasperskyLab\IEOverride\Viewport	kaspersky-21.2.16.590.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\KasperskyLab\IEOverride\RtfConverterFlags	kaspersky-21.2.16.590.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\KasperskyLab\IEOverride\Main\CSS_Compat	kaspersky-21.2.16.590.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\KasperskyLab\IEOverride\Main\Play_Background_Sounds	kaspersky-21.2.16.590.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\KasperskyLab\IEOverride\Main\Show image placeholders	kaspersky-21.2.16.590.exe
Key opened	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\KasperskyLab\IEOverride\International	kaspersky-21.2.16.590.exe
Key opened	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\KasperskyLab\IEOverride\International\Scripts\4	kaspersky-21.2.16.590.exe
Key opened	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\KasperskyLab\IEOverride\Main	kaspersky-21.2.16.590.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\KasperskyLab\IEOverride\Main\Use_DlgBox_Colors	kaspersky-21.2.16.590.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\KasperskyLab\IEOverride\Main\Expand Alt Text	kaspersky-21.2.16.590.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\KasperskyLab\IEOverride\Main\Disable Script Debugger	kaspersky-21.2.16.590.exe
Key opened	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\KasperskyLab\IEOverride\International\Scripts	kaspersky-21.2.16.590.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\KasperskyLab\IEOverride\Main\Display Inline Videos	kaspersky-21.2.16.590.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\KasperskyLab\IEOverride\Main\Print_Background	kaspersky-21.2.16.590.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\KasperskyLab\IEOverride\Main\DisableScriptDebuggerIE	kaspersky-21.2.16.590.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\KasperskyLab\IEOverride\Main\Cleanup HTCs	kaspersky-21.2.16.590.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\KasperskyLab\IEOverride\Main\Anchor Underline	kaspersky-21.2.16.590.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\KasperskyLab\IEOverride\Main\Display Inline Images	kaspersky-21.2.16.590.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\KasperskyLab\IEOverride\Main\DOMStorage	kaspersky-21.2.16.590.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\KasperskyLab\IEOverride\Main\UseHR	kaspersky-21.2.16.590.exe
Key opened	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\KasperskyLab\IEOverride\Settings	kaspersky-21.2.16.590.exe
Key opened	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\KasperskyLab\IEOverride\Text Scaling	kaspersky-21.2.16.590.exe
Key queried	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\KasperskyLab	kaspersky-21.2.16.590.exe
Key created	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\KasperskyLab\IEOverride\Main	kaspersky-21.2.16.590.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\KasperskyLab\IEOverride\Main\Disable Diagnostics Mode	kaspersky-21.2.16.590.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\KasperskyLab\IEOverride\Main\Move System Caret	kaspersky-21.2.16.590.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\KasperskyLab\IEOverride\Main\Enable Browser Extensions = "no"	kaspersky-21.2.16.590.exe
Key opened	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Software\KasperskyLab\IEOverride	kaspersky-21.2.16.590.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\KasperskyLab\IEOverride\Main\Play_Animations	kaspersky-21.2.16.590.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\KasperskyLab\IEOverride\Main\XMLHTTP	kaspersky-21.2.16.590.exe
Key created	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Software\KasperskyLab\IEOverride\Main	kaspersky-21.2.16.590.exe
Key created	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\KasperskyLab	kaspersky-21.2.16.590.exe
Key created	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\KasperskyLab\IEOverride	kaspersky-21.2.16.590.exe
Key queried	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\KasperskyLab\IEOverride	kaspersky-21.2.16.590.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\AVP18.0.0	msiexec.exe
Key opened	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\KasperskyLab\IEOverride\MenuExt	kaspersky-21.2.16.590.exe
Key opened	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\KasperskyLab\IEOverride\International\Scripts\3	kaspersky-21.2.16.590.exe
Key queried	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\KasperskyLab\IEOverride\Main	kaspersky-21.2.16.590.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\KasperskyLab\IEOverride\Main\UseSWRender = "1"	kaspersky-21.2.16.590.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\KasperskyLab\IEOverride\Main\Q300829	kaspersky-21.2.16.590.exe
Key opened	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\KasperskyLab\IEOverride\Styles	kaspersky-21.2.16.590.exe
Key opened	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\KasperskyLab\IEOverride\AdvancedOptions\DISAMBIGUATION	kaspersky-21.2.16.590.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast	kaspersky-21.2.16.590.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\KasperskyLab\IEOverride\Main\SmoothScroll	kaspersky-21.2.16.590.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\KasperskyLab\IEOverride\Main\Enable AutoImageResize	kaspersky-21.2.16.590.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\KasperskyLab\IEOverride\Main\JScriptProfileCacheEventDelay	kaspersky-21.2.16.590.exe
Key opened	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\KasperskyLab\IEOverride\Larger Hit Test	kaspersky-21.2.16.590.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	kaspersky-21.2.16.590.exe

Enumerates connected drives 3 TTPs 24 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1067

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	kaspersky-21.2.16.590.exe

Drops file in Windows directory 11 IoCs

description	ioc	Process
File opened for modification	C:\Windows\installer	kaspersky-21.2.16.590.exe
File created	C:\Windows\Installer\e5988ae.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e5988ae.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI90FB.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI9245.tmp	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI9216.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI9275.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI95D2.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI971B.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI9789.tmp	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies system certificate store 2 TTPs 13 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 5c000000010000000400000000100000190000000100000010000000ea6089055218053dd01e37e1d806eedf0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254830400000001000000100000001bfe69d191b71933a372a80fe155e5b52000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd	kaspersky-21.2.16.590.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	kaspersky-21.2.16.590.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	kaspersky-21.2.16.590.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	kaspersky-21.2.16.590.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	kaspersky-21.2.16.590.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E	kaspersky-21.2.16.590.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 190000000100000010000000ea6089055218053dd01e37e1d806eedf0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254832000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd	kaspersky-21.2.16.590.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0400000001000000100000001bfe69d191b71933a372a80fe155e5b50f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e190000000100000010000000ea6089055218053dd01e37e1d806eedf2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd	kaspersky-21.2.16.590.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	kaspersky-21.2.16.590.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	kaspersky-21.2.16.590.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	kaspersky-21.2.16.590.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 5c000000010000000400000000080000190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa604000000010000001000000087ce0b7b2a0e4900e158719b37a893722000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	kaspersky-21.2.16.590.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd	kaspersky-21.2.16.590.exe

Suspicious behavior: EnumeratesProcesses 22 IoCs

pid	Process
2044	kaspersky-21.2.16.590.exe
2044	kaspersky-21.2.16.590.exe
2044	kaspersky-21.2.16.590.exe
2044	kaspersky-21.2.16.590.exe
2044	kaspersky-21.2.16.590.exe
2044	kaspersky-21.2.16.590.exe
2044	kaspersky-21.2.16.590.exe
2044	kaspersky-21.2.16.590.exe
2044	kaspersky-21.2.16.590.exe
2044	kaspersky-21.2.16.590.exe
2044	kaspersky-21.2.16.590.exe
2044	kaspersky-21.2.16.590.exe
2044	kaspersky-21.2.16.590.exe
2044	kaspersky-21.2.16.590.exe
2044	kaspersky-21.2.16.590.exe
2044	kaspersky-21.2.16.590.exe
2044	kaspersky-21.2.16.590.exe
2044	kaspersky-21.2.16.590.exe
2044	kaspersky-21.2.16.590.exe
2044	kaspersky-21.2.16.590.exe
2044	kaspersky-21.2.16.590.exe
2044	kaspersky-21.2.16.590.exe

Suspicious use of AdjustPrivilegeToken 48 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2044	kaspersky-21.2.16.590.exe
Token: SeIncreaseQuotaPrivilege	2044	kaspersky-21.2.16.590.exe
Token: SeSecurityPrivilege	3480	msiexec.exe
Token: SeCreateTokenPrivilege	2044	kaspersky-21.2.16.590.exe
Token: SeAssignPrimaryTokenPrivilege	2044	kaspersky-21.2.16.590.exe
Token: SeLockMemoryPrivilege	2044	kaspersky-21.2.16.590.exe
Token: SeIncreaseQuotaPrivilege	2044	kaspersky-21.2.16.590.exe
Token: SeMachineAccountPrivilege	2044	kaspersky-21.2.16.590.exe
Token: SeTcbPrivilege	2044	kaspersky-21.2.16.590.exe
Token: SeSecurityPrivilege	2044	kaspersky-21.2.16.590.exe
Token: SeTakeOwnershipPrivilege	2044	kaspersky-21.2.16.590.exe
Token: SeLoadDriverPrivilege	2044	kaspersky-21.2.16.590.exe
Token: SeSystemProfilePrivilege	2044	kaspersky-21.2.16.590.exe
Token: SeSystemtimePrivilege	2044	kaspersky-21.2.16.590.exe
Token: SeProfSingleProcessPrivilege	2044	kaspersky-21.2.16.590.exe
Token: SeIncBasePriorityPrivilege	2044	kaspersky-21.2.16.590.exe
Token: SeCreatePagefilePrivilege	2044	kaspersky-21.2.16.590.exe
Token: SeCreatePermanentPrivilege	2044	kaspersky-21.2.16.590.exe
Token: SeBackupPrivilege	2044	kaspersky-21.2.16.590.exe
Token: SeRestorePrivilege	2044	kaspersky-21.2.16.590.exe
Token: SeShutdownPrivilege	2044	kaspersky-21.2.16.590.exe
Token: SeDebugPrivilege	2044	kaspersky-21.2.16.590.exe
Token: SeAuditPrivilege	2044	kaspersky-21.2.16.590.exe
Token: SeSystemEnvironmentPrivilege	2044	kaspersky-21.2.16.590.exe
Token: SeChangeNotifyPrivilege	2044	kaspersky-21.2.16.590.exe
Token: SeRemoteShutdownPrivilege	2044	kaspersky-21.2.16.590.exe
Token: SeUndockPrivilege	2044	kaspersky-21.2.16.590.exe
Token: SeSyncAgentPrivilege	2044	kaspersky-21.2.16.590.exe
Token: SeEnableDelegationPrivilege	2044	kaspersky-21.2.16.590.exe
Token: SeManageVolumePrivilege	2044	kaspersky-21.2.16.590.exe
Token: SeImpersonatePrivilege	2044	kaspersky-21.2.16.590.exe
Token: SeCreateGlobalPrivilege	2044	kaspersky-21.2.16.590.exe
Token: SeRestorePrivilege	3480	msiexec.exe
Token: SeTakeOwnershipPrivilege	3480	msiexec.exe
Token: SeRestorePrivilege	3480	msiexec.exe
Token: SeTakeOwnershipPrivilege	3480	msiexec.exe
Token: SeRestorePrivilege	3480	msiexec.exe
Token: SeTakeOwnershipPrivilege	3480	msiexec.exe
Token: SeRestorePrivilege	3480	msiexec.exe
Token: SeTakeOwnershipPrivilege	3480	msiexec.exe
Token: SeRestorePrivilege	3480	msiexec.exe
Token: SeTakeOwnershipPrivilege	3480	msiexec.exe
Token: SeRestorePrivilege	3480	msiexec.exe
Token: SeTakeOwnershipPrivilege	3480	msiexec.exe
Token: SeRestorePrivilege	3480	msiexec.exe
Token: SeTakeOwnershipPrivilege	3480	msiexec.exe
Token: SeRestorePrivilege	3480	msiexec.exe
Token: SeTakeOwnershipPrivilege	3480	msiexec.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2044	kaspersky-21.2.16.590.exe

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
2044	kaspersky-21.2.16.590.exe
2044	kaspersky-21.2.16.590.exe
2044	kaspersky-21.2.16.590.exe
2044	kaspersky-21.2.16.590.exe
2044	kaspersky-21.2.16.590.exe
2044	kaspersky-21.2.16.590.exe
2044	kaspersky-21.2.16.590.exe
2044	kaspersky-21.2.16.590.exe
2044	kaspersky-21.2.16.590.exe
2044	kaspersky-21.2.16.590.exe
2044	kaspersky-21.2.16.590.exe
2044	kaspersky-21.2.16.590.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2044 wrote to memory of 4944	2044	kaspersky-21.2.16.590.exe	91
PID 2044 wrote to memory of 4944	2044	kaspersky-21.2.16.590.exe	91
PID 2044 wrote to memory of 4944	2044	kaspersky-21.2.16.590.exe	91
PID 3480 wrote to memory of 2244	3480	msiexec.exe	94
PID 3480 wrote to memory of 2244	3480	msiexec.exe	94
PID 3480 wrote to memory of 2244	3480	msiexec.exe	94

C:\Users\Admin\AppData\Local\Temp\kaspersky-21.2.16.590.exe
"C:\Users\Admin\AppData\Local\Temp\kaspersky-21.2.16.590.exe"
1⤵
- Loads dropped DLL
- Checks for any installed AV software in registry
- Checks whether UAC is enabled
- Writes to the Master Boot Record (MBR)
- Drops file in Windows directory
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2044
- C:\Users\Admin\AppData\Local\Temp\C0201F59-8798-11ED-B5DD-66300FA194E6\TEST_WPF.EXE
  "C:\Users\Admin\AppData\Local\Temp\C0201F59-8798-11ED-B5DD-66300FA194E6\TEST_WPF.EXE" "C:\Users\Admin\AppData\Local\Temp\F30D8D6A8978DE115BDD6603F01A496E\setup.dll"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4944

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Blocklisted process makes network request
- Checks for any installed AV software in registry
- Enumerates connected drives
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3480
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 256FFD75E2D8395E2A2653F0628C8479
  2⤵
  - Loads dropped DLL
  PID:2244

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

Security Software Discovery

T1063

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Kaspersky Lab Setup Files\KAV21.2.16.590.0.200.0\product.msi

Filesize
13.3MB

MD5
07b2cc915aede54b916f0d4c1ad118fe

SHA1
7fa05ab802b3a94a7cab65b5bfa02b9b38f35043

SHA256
95e0842f099a94e9fee60971212d8f20870114e88a5a7154b4dd557dbc51fd2f

SHA512
53d4dd35cafe18c3d866b6fc440ea4a01a0e1fbf19f13fc411fec9d103e24a41e2bcf0a1d16e83ae91b80c59fc14b0e38bc5e4612ea3e579edb227fa54700c3c

Download Submit
C:\Users\Admin\AppData\Local\Temp\C0201F59-8798-11ED-B5DD-66300FA194E6\TEST_WPF.EXE

Filesize
25KB

MD5
ae4e9414ab1c809d6ed98e8e60a0f2f9

SHA1
d82aeac85306ed3045803d05eaec0f800fc1fbd4

SHA256
ae5346661f9f0fd6dd550af1ff60e214f61326cb5ce0baddef1bbe58e0d48e42

SHA512
7fdb0bab8fe1b8395037aa9eee7b12a6e3f521fcf8f110a568051a283044d6846e2d9577800e2693336f47b5506a25207a955b52aed2e26336f06e10d6c3de5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\C0201F59-8798-11ED-B5DD-66300FA194E6\TEST_WPF.EXE

Filesize
25KB

MD5
ae4e9414ab1c809d6ed98e8e60a0f2f9

SHA1
d82aeac85306ed3045803d05eaec0f800fc1fbd4

SHA256
ae5346661f9f0fd6dd550af1ff60e214f61326cb5ce0baddef1bbe58e0d48e42

SHA512
7fdb0bab8fe1b8395037aa9eee7b12a6e3f521fcf8f110a568051a283044d6846e2d9577800e2693336f47b5506a25207a955b52aed2e26336f06e10d6c3de5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\C0201F59-8798-11ED-B5DD-66300FA194E6\TEST_WPF.EXE.config

Filesize
215B

MD5
291d5cf5b0752c78eaefa2c1d099cdd6

SHA1
39d2c6a4ac22c219de3bf7e44733e4d02e4a08d8

SHA256
8a09e9d24204a2e4dcbb2ace67e06e7a04934fa7b1741579aa2ccddc3eeb7a8d

SHA512
0b10053abfdbc49a35191ad7e8e73bee0550ef50fb1cd5fe368e3e21260e948d91521e74e6a7ad31547aa4ab3d157ce8a17ad60632e0e27c82436bcb0da15c34

Download Submit
C:\Users\Admin\AppData\Local\Temp\C0201F5A-8798-11ED-B5DD-66300FA194E6\Cleaner\cleanapi.dll

Filesize
5.2MB

MD5
8ffe3a1d89cf4dcb0284ed5c78c98a9a

SHA1
683308ae8e3e1786bea08d2019bccb800b9d0942

SHA256
fba0d077cf54eb3d17dbdb3eca754a116492bc004ee6c445abf6c24c244c26fa

SHA512
8b258e4b1922db509348319b3c51ec042b6e761acc32d5bf17d3a5a57ab4bf28e452fe6391712f2b83387d8f8ce66610dd81aa570b9f87aab7bd89cda861ca1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\F30D8D6A8978DE115BDD6603F01A496E\setup.dll

Filesize
5.4MB

MD5
2f671ef0834015fb62e164c245975572

SHA1
92cee28181b78ec13dc7265a1ec21b92932e7d78

SHA256
6751cc59a8645fe24d01586d2930fd6abcaa5ec94393cccdaf096f05cb784ea8

SHA512
4b7982c806d68c2ed9019ce5694a1a7e0d7300ff36537b716e7b7a5e1521333359d3944a3b1c8c4d479aed112ddb8515ab5a6efb4d6a7082907d653ec08022e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\F30D8D6A8978DE115BDD6603F01A496E\setup.dll

Filesize
5.4MB

MD5
2f671ef0834015fb62e164c245975572

SHA1
92cee28181b78ec13dc7265a1ec21b92932e7d78

SHA256
6751cc59a8645fe24d01586d2930fd6abcaa5ec94393cccdaf096f05cb784ea8

SHA512
4b7982c806d68c2ed9019ce5694a1a7e0d7300ff36537b716e7b7a5e1521333359d3944a3b1c8c4d479aed112ddb8515ab5a6efb4d6a7082907d653ec08022e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\F30D8D6A8978DE115BDD6603F01A496E\setup.dll

Filesize
5.4MB

MD5
2f671ef0834015fb62e164c245975572

SHA1
92cee28181b78ec13dc7265a1ec21b92932e7d78

SHA256
6751cc59a8645fe24d01586d2930fd6abcaa5ec94393cccdaf096f05cb784ea8

SHA512
4b7982c806d68c2ed9019ce5694a1a7e0d7300ff36537b716e7b7a5e1521333359d3944a3b1c8c4d479aed112ddb8515ab5a6efb4d6a7082907d653ec08022e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\kl-install-2022-12-29-16-52-08_KAV.21.2.16.590.log

Filesize
1KB

MD5
53584c4dbe329ca8ea32f482f861f8ec

SHA1
35192c6b3d81eae3bee29aa8ad902b7c7fdbc1f3

SHA256
330be7de20e4da5cb46d7b8c7e51a3b388504c7f11b70b6ac12233acfd6a3067

SHA512
99a1ba81f4c738e01f1b2de56e9593506a7c6f333a74ef21efac3b464f8506cb3476267650b3ef159e0e2298f51a7ddb2ab7bd14fe15cd1721785eadf6ac0cc0

Download Submit
C:\Windows\Installer\MSI90FB.tmp

Filesize
129KB

MD5
ed778f183e7a8ecb706637395fa62e0c

SHA1
e0af59bb912300ac2c135488d45f132ab7ce93d6

SHA256
7c13e55e8c08f6bdc9f611eb984de7e390578d6ccbfd53f48e4309278b20e41a

SHA512
372fab3ffbcaeecfbd69ba59b495ecc1fa5020f59d6b28dbc6a984bcc7d6ea2ab0d114d1a0ade54650858772eb516bf23417ffca66322a591bb6f2547efe1eff

Download Submit
C:\Windows\Installer\MSI90FB.tmp

Filesize
129KB

MD5
ed778f183e7a8ecb706637395fa62e0c

SHA1
e0af59bb912300ac2c135488d45f132ab7ce93d6

SHA256
7c13e55e8c08f6bdc9f611eb984de7e390578d6ccbfd53f48e4309278b20e41a

SHA512
372fab3ffbcaeecfbd69ba59b495ecc1fa5020f59d6b28dbc6a984bcc7d6ea2ab0d114d1a0ade54650858772eb516bf23417ffca66322a591bb6f2547efe1eff

Download Submit
C:\Windows\Installer\MSI9216.tmp

Filesize
129KB

MD5
ed778f183e7a8ecb706637395fa62e0c

SHA1
e0af59bb912300ac2c135488d45f132ab7ce93d6

SHA256
7c13e55e8c08f6bdc9f611eb984de7e390578d6ccbfd53f48e4309278b20e41a

SHA512
372fab3ffbcaeecfbd69ba59b495ecc1fa5020f59d6b28dbc6a984bcc7d6ea2ab0d114d1a0ade54650858772eb516bf23417ffca66322a591bb6f2547efe1eff

Download Submit
C:\Windows\Installer\MSI9216.tmp

Filesize
129KB

MD5
ed778f183e7a8ecb706637395fa62e0c

SHA1
e0af59bb912300ac2c135488d45f132ab7ce93d6

SHA256
7c13e55e8c08f6bdc9f611eb984de7e390578d6ccbfd53f48e4309278b20e41a

SHA512
372fab3ffbcaeecfbd69ba59b495ecc1fa5020f59d6b28dbc6a984bcc7d6ea2ab0d114d1a0ade54650858772eb516bf23417ffca66322a591bb6f2547efe1eff

Download Submit
C:\Windows\Installer\MSI9245.tmp

Filesize
129KB

MD5
ed778f183e7a8ecb706637395fa62e0c

SHA1
e0af59bb912300ac2c135488d45f132ab7ce93d6

SHA256
7c13e55e8c08f6bdc9f611eb984de7e390578d6ccbfd53f48e4309278b20e41a

SHA512
372fab3ffbcaeecfbd69ba59b495ecc1fa5020f59d6b28dbc6a984bcc7d6ea2ab0d114d1a0ade54650858772eb516bf23417ffca66322a591bb6f2547efe1eff

Download Submit
C:\Windows\Installer\MSI9245.tmp

Filesize
129KB

MD5
ed778f183e7a8ecb706637395fa62e0c

SHA1
e0af59bb912300ac2c135488d45f132ab7ce93d6

SHA256
7c13e55e8c08f6bdc9f611eb984de7e390578d6ccbfd53f48e4309278b20e41a

SHA512
372fab3ffbcaeecfbd69ba59b495ecc1fa5020f59d6b28dbc6a984bcc7d6ea2ab0d114d1a0ade54650858772eb516bf23417ffca66322a591bb6f2547efe1eff

Download Submit
C:\Windows\Installer\MSI9275.tmp

Filesize
2.3MB

MD5
3520af12d4ca61438ff210a1c6db3423

SHA1
6a095f80d9bafc6a795b44cb4822f3c659524ef0

SHA256
be0708ac07826c8833367e925050fce263376a31bd28362e003dc35147d84eb4

SHA512
fb5e167ce94f4c495392dfdb1c11ad8f37b42f1f439dee6535b3dbc4c8b9b8ee5dbeb37dfcc014bac033fa89fdb13088d901d2d72d164d512589f171732e5ff4

Download Submit
C:\Windows\Installer\MSI9275.tmp

Filesize
2.3MB

MD5
3520af12d4ca61438ff210a1c6db3423

SHA1
6a095f80d9bafc6a795b44cb4822f3c659524ef0

SHA256
be0708ac07826c8833367e925050fce263376a31bd28362e003dc35147d84eb4

SHA512
fb5e167ce94f4c495392dfdb1c11ad8f37b42f1f439dee6535b3dbc4c8b9b8ee5dbeb37dfcc014bac033fa89fdb13088d901d2d72d164d512589f171732e5ff4

Download Submit
C:\Windows\Installer\MSI95D2.tmp

Filesize
2.3MB

MD5
3520af12d4ca61438ff210a1c6db3423

SHA1
6a095f80d9bafc6a795b44cb4822f3c659524ef0

SHA256
be0708ac07826c8833367e925050fce263376a31bd28362e003dc35147d84eb4

SHA512
fb5e167ce94f4c495392dfdb1c11ad8f37b42f1f439dee6535b3dbc4c8b9b8ee5dbeb37dfcc014bac033fa89fdb13088d901d2d72d164d512589f171732e5ff4

Download Submit
C:\Windows\Installer\MSI95D2.tmp

Filesize
2.3MB

MD5
3520af12d4ca61438ff210a1c6db3423

SHA1
6a095f80d9bafc6a795b44cb4822f3c659524ef0

SHA256
be0708ac07826c8833367e925050fce263376a31bd28362e003dc35147d84eb4

SHA512
fb5e167ce94f4c495392dfdb1c11ad8f37b42f1f439dee6535b3dbc4c8b9b8ee5dbeb37dfcc014bac033fa89fdb13088d901d2d72d164d512589f171732e5ff4

Download Submit
C:\Windows\Installer\MSI971B.tmp

Filesize
350KB

MD5
266852d7e5fe57e15a3d8df31c967bad

SHA1
487caca831e70884b6bef211e36b879da214aa9a

SHA256
eeb2822005a162b9419def458fbda59d0bbe26b27d0dc2e71ec4078501ca8159

SHA512
2528a10d88a7cd009364404edcf814c4ba73b8fdaa031ac449e486c2f8f587a95bc7064796b7c59c7b0d9a5d3fa58e06ff0c3189f383fbf6f8f60d6b0996aa30

Download Submit
C:\Windows\Installer\MSI971B.tmp

Filesize
350KB

MD5
266852d7e5fe57e15a3d8df31c967bad

SHA1
487caca831e70884b6bef211e36b879da214aa9a

SHA256
eeb2822005a162b9419def458fbda59d0bbe26b27d0dc2e71ec4078501ca8159

SHA512
2528a10d88a7cd009364404edcf814c4ba73b8fdaa031ac449e486c2f8f587a95bc7064796b7c59c7b0d9a5d3fa58e06ff0c3189f383fbf6f8f60d6b0996aa30

Download Submit
C:\Windows\Installer\MSI9789.tmp

Filesize
2.3MB

MD5
3520af12d4ca61438ff210a1c6db3423

SHA1
6a095f80d9bafc6a795b44cb4822f3c659524ef0

SHA256
be0708ac07826c8833367e925050fce263376a31bd28362e003dc35147d84eb4

SHA512
fb5e167ce94f4c495392dfdb1c11ad8f37b42f1f439dee6535b3dbc4c8b9b8ee5dbeb37dfcc014bac033fa89fdb13088d901d2d72d164d512589f171732e5ff4

Download Submit
C:\Windows\Installer\MSI9789.tmp

Filesize
2.3MB

MD5
3520af12d4ca61438ff210a1c6db3423

SHA1
6a095f80d9bafc6a795b44cb4822f3c659524ef0

SHA256
be0708ac07826c8833367e925050fce263376a31bd28362e003dc35147d84eb4

SHA512
fb5e167ce94f4c495392dfdb1c11ad8f37b42f1f439dee6535b3dbc4c8b9b8ee5dbeb37dfcc014bac033fa89fdb13088d901d2d72d164d512589f171732e5ff4

Download Submit
memory/2044-136-0x000000000BE58000-0x000000000BE60000-memory.dmp

Filesize
32KB

Download
memory/2044-134-0x0000000077F00000-0x0000000077F10000-memory.dmp

Filesize
64KB

Download
memory/2044-133-0x0000000077F00000-0x0000000077F10000-memory.dmp

Filesize
64KB

Download
memory/2044-132-0x0000000077F00000-0x0000000077F10000-memory.dmp

Filesize
64KB

Download
memory/4944-182-0x0000000077F10000-0x0000000077F20000-memory.dmp

Filesize
64KB

Download
memory/4944-198-0x0000000077F10000-0x0000000077F20000-memory.dmp

Filesize
64KB

Download
memory/4944-162-0x0000000077F10000-0x0000000077F20000-memory.dmp

Filesize
64KB

Download
memory/4944-163-0x0000000077F10000-0x0000000077F20000-memory.dmp

Filesize
64KB

Download
memory/4944-164-0x0000000077F10000-0x0000000077F20000-memory.dmp

Filesize
64KB

Download
memory/4944-165-0x0000000077F10000-0x0000000077F20000-memory.dmp

Filesize
64KB

Download
memory/4944-166-0x0000000077F10000-0x0000000077F20000-memory.dmp

Filesize
64KB

Download
memory/4944-167-0x0000000077F10000-0x0000000077F20000-memory.dmp

Filesize
64KB

Download
memory/4944-168-0x0000000077F10000-0x0000000077F20000-memory.dmp

Filesize
64KB

Download
memory/4944-169-0x0000000077F10000-0x0000000077F20000-memory.dmp

Filesize
64KB

Download
memory/4944-170-0x0000000077F10000-0x0000000077F20000-memory.dmp

Filesize
64KB

Download
memory/4944-171-0x0000000077F10000-0x0000000077F20000-memory.dmp

Filesize
64KB

Download
memory/4944-172-0x0000000077F10000-0x0000000077F20000-memory.dmp

Filesize
64KB

Download
memory/4944-173-0x0000000077F10000-0x0000000077F20000-memory.dmp

Filesize
64KB

Download
memory/4944-174-0x0000000077F10000-0x0000000077F20000-memory.dmp

Filesize
64KB

Download
memory/4944-175-0x0000000077F10000-0x0000000077F20000-memory.dmp

Filesize
64KB

Download
memory/4944-176-0x0000000077F10000-0x0000000077F20000-memory.dmp

Filesize
64KB

Download
memory/4944-177-0x0000000077F10000-0x0000000077F20000-memory.dmp

Filesize
64KB

Download
memory/4944-178-0x0000000077F10000-0x0000000077F20000-memory.dmp

Filesize
64KB

Download
memory/4944-179-0x0000000077F10000-0x0000000077F20000-memory.dmp

Filesize
64KB

Download
memory/4944-180-0x0000000077F10000-0x0000000077F20000-memory.dmp

Filesize
64KB

Download
memory/4944-181-0x0000000077F10000-0x0000000077F20000-memory.dmp

Filesize
64KB

Download
memory/4944-159-0x0000000077F10000-0x0000000077F20000-memory.dmp

Filesize
64KB

Download
memory/4944-183-0x0000000077F10000-0x0000000077F20000-memory.dmp

Filesize
64KB

Download
memory/4944-184-0x0000000077F10000-0x0000000077F20000-memory.dmp

Filesize
64KB

Download
memory/4944-185-0x0000000077F10000-0x0000000077F20000-memory.dmp

Filesize
64KB

Download
memory/4944-186-0x0000000077F10000-0x0000000077F20000-memory.dmp

Filesize
64KB

Download
memory/4944-187-0x0000000077F10000-0x0000000077F20000-memory.dmp

Filesize
64KB

Download
memory/4944-188-0x0000000077F10000-0x0000000077F20000-memory.dmp

Filesize
64KB

Download
memory/4944-190-0x0000000077F10000-0x0000000077F20000-memory.dmp

Filesize
64KB

Download
memory/4944-189-0x0000000077F10000-0x0000000077F20000-memory.dmp

Filesize
64KB

Download
memory/4944-191-0x0000000077F10000-0x0000000077F20000-memory.dmp

Filesize
64KB

Download
memory/4944-192-0x0000000077F10000-0x0000000077F20000-memory.dmp

Filesize
64KB

Download
memory/4944-193-0x0000000077F10000-0x0000000077F20000-memory.dmp

Filesize
64KB

Download
memory/4944-194-0x0000000077F10000-0x0000000077F20000-memory.dmp

Filesize
64KB

Download
memory/4944-195-0x0000000077F10000-0x0000000077F20000-memory.dmp

Filesize
64KB

Download
memory/4944-196-0x0000000077F10000-0x0000000077F20000-memory.dmp

Filesize
64KB

Download
memory/4944-161-0x0000000077F10000-0x0000000077F20000-memory.dmp

Filesize
64KB

Download
memory/4944-199-0x0000000077F10000-0x0000000077F20000-memory.dmp

Filesize
64KB

Download
memory/4944-201-0x0000000077F10000-0x0000000077F20000-memory.dmp

Filesize
64KB

Download
memory/4944-200-0x0000000077F10000-0x0000000077F20000-memory.dmp

Filesize
64KB

Download
memory/4944-197-0x0000000077F10000-0x0000000077F20000-memory.dmp

Filesize
64KB

Download
memory/4944-202-0x0000000077F10000-0x0000000077F20000-memory.dmp

Filesize
64KB

Download
memory/4944-203-0x0000000077F10000-0x0000000077F20000-memory.dmp

Filesize
64KB

Download
memory/4944-204-0x0000000077F10000-0x0000000077F20000-memory.dmp

Filesize
64KB

Download
memory/4944-206-0x00000000056A0000-0x0000000005A21000-memory.dmp

Filesize
3.5MB

Download
memory/4944-207-0x0000000004E20000-0x0000000004F60000-memory.dmp

Filesize
1.2MB

Download
memory/4944-208-0x0000000006030000-0x000000000662E000-memory.dmp

Filesize
6.0MB

Download
memory/4944-209-0x0000000006630000-0x0000000006996000-memory.dmp

Filesize
3.4MB

Download
memory/4944-210-0x0000000005000000-0x000000000509C000-memory.dmp

Filesize
624KB

Download
memory/4944-211-0x00000000050A0000-0x0000000005106000-memory.dmp

Filesize
408KB

Download
memory/4944-212-0x0000000005CC0000-0x0000000005F46000-memory.dmp

Filesize
2.5MB

Download
memory/4944-213-0x00000000069A0000-0x0000000006B1C000-memory.dmp

Filesize
1.5MB

Download
memory/4944-160-0x0000000077F10000-0x0000000077F20000-memory.dmp

Filesize
64KB

Download
memory/4944-215-0x0000000005F50000-0x0000000005F88000-memory.dmp

Filesize
224KB

Download
memory/4944-216-0x0000000007510000-0x0000000007550000-memory.dmp

Filesize
256KB

Download
memory/4944-217-0x0000000007640000-0x0000000007648000-memory.dmp

Filesize
32KB

Download
memory/4944-218-0x0000000007700000-0x000000000770E000-memory.dmp

Filesize
56KB

Download
memory/4944-158-0x0000000077F10000-0x0000000077F20000-memory.dmp

Filesize
64KB

Download
memory/4944-157-0x0000000077F10000-0x0000000077F20000-memory.dmp

Filesize
64KB

Download
memory/4944-156-0x0000000077F10000-0x0000000077F20000-memory.dmp

Filesize
64KB

Download
memory/4944-152-0x0000000077F10000-0x0000000077F20000-memory.dmp

Filesize
64KB

Download
memory/4944-154-0x0000000077F10000-0x0000000077F20000-memory.dmp

Filesize
64KB

Download
memory/4944-155-0x0000000077F10000-0x0000000077F20000-memory.dmp

Filesize
64KB

Download
memory/4944-153-0x0000000077F10000-0x0000000077F20000-memory.dmp

Filesize
64KB

Download
memory/4944-151-0x0000000077F10000-0x0000000077F20000-memory.dmp

Filesize
64KB

Download
memory/4944-150-0x0000000077F10000-0x0000000077F20000-memory.dmp

Filesize
64KB

Download
memory/4944-149-0x0000000077F10000-0x0000000077F20000-memory.dmp

Filesize
64KB

Download
memory/4944-147-0x0000000077F10000-0x0000000077F20000-memory.dmp

Filesize
64KB

Download
memory/4944-148-0x0000000077F10000-0x0000000077F20000-memory.dmp

Filesize
64KB

Download
memory/4944-145-0x0000000077F10000-0x0000000077F20000-memory.dmp

Filesize
64KB

Download
memory/4944-146-0x0000000077F10000-0x0000000077F20000-memory.dmp

Filesize
64KB

Download
memory/4944-142-0x00000000003B0000-0x00000000003B8000-memory.dmp

Filesize
32KB

Download
memory/4944-141-0x0000000005130000-0x000000000569C000-memory.dmp

Filesize
5.4MB

Download