hxxps://www[.]mediafire[.]com/file/03kfosc4wwal7ah/kaspersky[.]rar/file

Analysis

max time kernel
150s
max time network
152s
platform
windows11-21h2_x64
resource
win11-20240214-en
resource tags

arch:x64arch:x86image:win11-20240214-enlocale:en-usos:windows11-21h2-x64system
submitted
17/02/2024, 20:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/03kfosc4wwal7ah/kaspersky.rar/file

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2008	kis21.3.10.391abar_en_35770(1).exe

Loads dropped DLL 1 IoCs

pid	Process
2008	kis21.3.10.391abar_en_35770(1).exe

Checks for any installed AV software in registry 1 TTPs 45 IoCs

Security Software Discovery

T1518.001

description	ioc	Process
Key queried	\REGISTRY\USER\S-1-5-21-1118208250-2584473247-1767544961-1000\Software\KasperskyLab\IEOverride\Main	kis21.3.10.391abar_en_35770(1).exe
Key opened	\REGISTRY\USER\S-1-5-21-1118208250-2584473247-1767544961-1000\Software\KasperskyLab\IEOverride	kis21.3.10.391abar_en_35770(1).exe
Key value queried	\REGISTRY\USER\S-1-5-21-1118208250-2584473247-1767544961-1000\Software\KasperskyLab\IEOverride\Main\Play_Background_Sounds	kis21.3.10.391abar_en_35770(1).exe
Key value queried	\REGISTRY\USER\S-1-5-21-1118208250-2584473247-1767544961-1000\Software\KasperskyLab\IEOverride\Main\Disable Script Debugger	kis21.3.10.391abar_en_35770(1).exe
Key value queried	\REGISTRY\USER\S-1-5-21-1118208250-2584473247-1767544961-1000\Software\KasperskyLab\IEOverride\Main\Disable Diagnostics Mode	kis21.3.10.391abar_en_35770(1).exe
Key opened	\REGISTRY\USER\S-1-5-21-1118208250-2584473247-1767544961-1000\Software\KasperskyLab\IEOverride\Main	kis21.3.10.391abar_en_35770(1).exe
Key value queried	\REGISTRY\USER\S-1-5-21-1118208250-2584473247-1767544961-1000\Software\KasperskyLab\IEOverride\Main\Use_DlgBox_Colors	kis21.3.10.391abar_en_35770(1).exe
Key value queried	\REGISTRY\USER\S-1-5-21-1118208250-2584473247-1767544961-1000\Software\KasperskyLab\IEOverride\Main\Display Inline Videos	kis21.3.10.391abar_en_35770(1).exe
Key value queried	\REGISTRY\USER\S-1-5-21-1118208250-2584473247-1767544961-1000\Software\KasperskyLab\IEOverride\Main\Play_Animations	kis21.3.10.391abar_en_35770(1).exe
Key value queried	\REGISTRY\USER\S-1-5-21-1118208250-2584473247-1767544961-1000\Software\KasperskyLab\IEOverride\Main\Print_Background	kis21.3.10.391abar_en_35770(1).exe
Key opened	\REGISTRY\USER\S-1-5-21-1118208250-2584473247-1767544961-1000\Software\KasperskyLab\IEOverride\International	kis21.3.10.391abar_en_35770(1).exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1118208250-2584473247-1767544961-1000\Software\KasperskyLab\IEOverride\Main\Enable Browser Extensions = "no"	kis21.3.10.391abar_en_35770(1).exe
Key value queried	\REGISTRY\USER\S-1-5-21-1118208250-2584473247-1767544961-1000\Software\KasperskyLab\IEOverride\Main\Move System Caret	kis21.3.10.391abar_en_35770(1).exe
Key value queried	\REGISTRY\USER\S-1-5-21-1118208250-2584473247-1767544961-1000\Software\KasperskyLab\IEOverride\Main\XDomainRequest	kis21.3.10.391abar_en_35770(1).exe
Key opened	\REGISTRY\USER\S-1-5-21-1118208250-2584473247-1767544961-1000\Software\KasperskyLab\IEOverride\International\Scripts	kis21.3.10.391abar_en_35770(1).exe
Key opened	\REGISTRY\USER\S-1-5-21-1118208250-2584473247-1767544961-1000\Software\KasperskyLab\IEOverride\Viewport	kis21.3.10.391abar_en_35770(1).exe
Key opened	\REGISTRY\USER\S-1-5-21-1118208250-2584473247-1767544961-1000\Software\KasperskyLab\IEOverride\MenuExt	kis21.3.10.391abar_en_35770(1).exe
Key opened	\REGISTRY\USER\S-1-5-21-1118208250-2584473247-1767544961-1000\Software\KasperskyLab\IEOverride\Styles	kis21.3.10.391abar_en_35770(1).exe
Key opened	\REGISTRY\USER\S-1-5-21-1118208250-2584473247-1767544961-1000\Software\KasperskyLab\IEOverride\International\Scripts\3	kis21.3.10.391abar_en_35770(1).exe
Key created	\REGISTRY\USER\S-1-5-21-1118208250-2584473247-1767544961-1000\Software\KasperskyLab\IEOverride\Main	kis21.3.10.391abar_en_35770(1).exe
Key created	\REGISTRY\USER\S-1-5-21-1118208250-2584473247-1767544961-1000\Software\KasperskyLab\IEOverride	kis21.3.10.391abar_en_35770(1).exe
Key value queried	\REGISTRY\USER\S-1-5-21-1118208250-2584473247-1767544961-1000\Software\KasperskyLab\IEOverride\Main\Display Inline Images	kis21.3.10.391abar_en_35770(1).exe
Key value queried	\REGISTRY\USER\S-1-5-21-1118208250-2584473247-1767544961-1000\Software\KasperskyLab\IEOverride\Main\UseHR	kis21.3.10.391abar_en_35770(1).exe
Key value queried	\REGISTRY\USER\S-1-5-21-1118208250-2584473247-1767544961-1000\Software\KasperskyLab\IEOverride\Main\DOMStorage	kis21.3.10.391abar_en_35770(1).exe
Key value queried	\REGISTRY\USER\S-1-5-21-1118208250-2584473247-1767544961-1000\Software\KasperskyLab\IEOverride\Main\JScriptProfileCacheEventDelay	kis21.3.10.391abar_en_35770(1).exe
Key value queried	\REGISTRY\USER\S-1-5-21-1118208250-2584473247-1767544961-1000\Software\KasperskyLab\IEOverride\Main\CSS_Compat	kis21.3.10.391abar_en_35770(1).exe
Key opened	\REGISTRY\USER\S-1-5-21-1118208250-2584473247-1767544961-1000\Software\KasperskyLab\IEOverride\AdvancedOptions\DISAMBIGUATION	kis21.3.10.391abar_en_35770(1).exe
Key opened	\REGISTRY\USER\S-1-5-21-1118208250-2584473247-1767544961-1000\Software\KasperskyLab\IEOverride\International\Scripts\4	kis21.3.10.391abar_en_35770(1).exe
Key created	\REGISTRY\USER\S-1-5-21-1118208250-2584473247-1767544961-1000\Software\KasperskyLab	kis21.3.10.391abar_en_35770(1).exe
Key queried	\REGISTRY\USER\S-1-5-21-1118208250-2584473247-1767544961-1000\Software\KasperskyLab	kis21.3.10.391abar_en_35770(1).exe
Key value queried	\REGISTRY\USER\S-1-5-21-1118208250-2584473247-1767544961-1000\Software\KasperskyLab\IEOverride\Main\SmoothScroll	kis21.3.10.391abar_en_35770(1).exe
Key value queried	\REGISTRY\USER\S-1-5-21-1118208250-2584473247-1767544961-1000\Software\KasperskyLab\IEOverride\Main\XMLHTTP	kis21.3.10.391abar_en_35770(1).exe
Key value queried	\REGISTRY\USER\S-1-5-21-1118208250-2584473247-1767544961-1000\Software\KasperskyLab\IEOverride\Main\Q300829	kis21.3.10.391abar_en_35770(1).exe
Key opened	\REGISTRY\USER\S-1-5-21-1118208250-2584473247-1767544961-1000\Software\KasperskyLab\IEOverride\Larger Hit Test	kis21.3.10.391abar_en_35770(1).exe
Key value queried	\REGISTRY\USER\S-1-5-21-1118208250-2584473247-1767544961-1000\Software\KasperskyLab\IEOverride\Main\DisableScriptDebuggerIE	kis21.3.10.391abar_en_35770(1).exe
Key value queried	\REGISTRY\USER\S-1-5-21-1118208250-2584473247-1767544961-1000\Software\KasperskyLab\IEOverride\Main\Enable AutoImageResize	kis21.3.10.391abar_en_35770(1).exe
Key queried	\REGISTRY\USER\S-1-5-21-1118208250-2584473247-1767544961-1000\Software\KasperskyLab\IEOverride	kis21.3.10.391abar_en_35770(1).exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1118208250-2584473247-1767544961-1000\Software\KasperskyLab\IEOverride\Main\UseSWRender = "1"	kis21.3.10.391abar_en_35770(1).exe
Key value queried	\REGISTRY\USER\S-1-5-21-1118208250-2584473247-1767544961-1000\Software\KasperskyLab\IEOverride\RtfConverterFlags	kis21.3.10.391abar_en_35770(1).exe
Key value queried	\REGISTRY\USER\S-1-5-21-1118208250-2584473247-1767544961-1000\Software\KasperskyLab\IEOverride\Main\Anchor Underline	kis21.3.10.391abar_en_35770(1).exe
Key value queried	\REGISTRY\USER\S-1-5-21-1118208250-2584473247-1767544961-1000\Software\KasperskyLab\IEOverride\Main\Expand Alt Text	kis21.3.10.391abar_en_35770(1).exe
Key value queried	\REGISTRY\USER\S-1-5-21-1118208250-2584473247-1767544961-1000\Software\KasperskyLab\IEOverride\Main\Show image placeholders	kis21.3.10.391abar_en_35770(1).exe
Key value queried	\REGISTRY\USER\S-1-5-21-1118208250-2584473247-1767544961-1000\Software\KasperskyLab\IEOverride\Main\Cleanup HTCs	kis21.3.10.391abar_en_35770(1).exe
Key opened	\REGISTRY\USER\S-1-5-21-1118208250-2584473247-1767544961-1000\Software\KasperskyLab\IEOverride\Settings	kis21.3.10.391abar_en_35770(1).exe
Key opened	\REGISTRY\USER\S-1-5-21-1118208250-2584473247-1767544961-1000\Software\KasperskyLab\IEOverride\Text Scaling	kis21.3.10.391abar_en_35770(1).exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1118208250-2584473247-1767544961-1000_Classes\Local Settings	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\kaspersky.rar:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
2936	msedge.exe
2936	msedge.exe
764	msedge.exe
764	msedge.exe
2464	msedge.exe
2464	msedge.exe
3592	identity_helper.exe
3592	identity_helper.exe
2028	msedge.exe
2028	msedge.exe
2008	kis21.3.10.391abar_en_35770(1).exe
2008	kis21.3.10.391abar_en_35770(1).exe
2008	kis21.3.10.391abar_en_35770(1).exe
2008	kis21.3.10.391abar_en_35770(1).exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs

pid	Process
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeRestorePrivilege	3952	7zG.exe
Token: 35	3952	7zG.exe
Token: SeSecurityPrivilege	3952	7zG.exe
Token: SeSecurityPrivilege	3952	7zG.exe

Suspicious use of FindShellTrayWindow 42 IoCs

pid	Process
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
3952	7zG.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
2008	kis21.3.10.391abar_en_35770(1).exe
2008	kis21.3.10.391abar_en_35770(1).exe
2008	kis21.3.10.391abar_en_35770(1).exe
2008	kis21.3.10.391abar_en_35770(1).exe
2008	kis21.3.10.391abar_en_35770(1).exe
2008	kis21.3.10.391abar_en_35770(1).exe
2008	kis21.3.10.391abar_en_35770(1).exe
2008	kis21.3.10.391abar_en_35770(1).exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 764 wrote to memory of 1628	764	msedge.exe	75
PID 764 wrote to memory of 1628	764	msedge.exe	75
PID 764 wrote to memory of 2516	764	msedge.exe	77
PID 764 wrote to memory of 2516	764	msedge.exe	77
PID 764 wrote to memory of 2516	764	msedge.exe	77
PID 764 wrote to memory of 2516	764	msedge.exe	77
PID 764 wrote to memory of 2516	764	msedge.exe	77
PID 764 wrote to memory of 2516	764	msedge.exe	77
PID 764 wrote to memory of 2516	764	msedge.exe	77
PID 764 wrote to memory of 2516	764	msedge.exe	77
PID 764 wrote to memory of 2516	764	msedge.exe	77
PID 764 wrote to memory of 2516	764	msedge.exe	77
PID 764 wrote to memory of 2516	764	msedge.exe	77
PID 764 wrote to memory of 2516	764	msedge.exe	77
PID 764 wrote to memory of 2516	764	msedge.exe	77
PID 764 wrote to memory of 2516	764	msedge.exe	77
PID 764 wrote to memory of 2516	764	msedge.exe	77
PID 764 wrote to memory of 2516	764	msedge.exe	77
PID 764 wrote to memory of 2516	764	msedge.exe	77
PID 764 wrote to memory of 2516	764	msedge.exe	77
PID 764 wrote to memory of 2516	764	msedge.exe	77
PID 764 wrote to memory of 2516	764	msedge.exe	77
PID 764 wrote to memory of 2516	764	msedge.exe	77
PID 764 wrote to memory of 2516	764	msedge.exe	77
PID 764 wrote to memory of 2516	764	msedge.exe	77
PID 764 wrote to memory of 2516	764	msedge.exe	77
PID 764 wrote to memory of 2516	764	msedge.exe	77
PID 764 wrote to memory of 2516	764	msedge.exe	77
PID 764 wrote to memory of 2516	764	msedge.exe	77
PID 764 wrote to memory of 2516	764	msedge.exe	77
PID 764 wrote to memory of 2516	764	msedge.exe	77
PID 764 wrote to memory of 2516	764	msedge.exe	77
PID 764 wrote to memory of 2516	764	msedge.exe	77
PID 764 wrote to memory of 2516	764	msedge.exe	77
PID 764 wrote to memory of 2516	764	msedge.exe	77
PID 764 wrote to memory of 2516	764	msedge.exe	77
PID 764 wrote to memory of 2516	764	msedge.exe	77
PID 764 wrote to memory of 2516	764	msedge.exe	77
PID 764 wrote to memory of 2516	764	msedge.exe	77
PID 764 wrote to memory of 2516	764	msedge.exe	77
PID 764 wrote to memory of 2516	764	msedge.exe	77
PID 764 wrote to memory of 2516	764	msedge.exe	77
PID 764 wrote to memory of 2936	764	msedge.exe	78
PID 764 wrote to memory of 2936	764	msedge.exe	78
PID 764 wrote to memory of 5568	764	msedge.exe	79
PID 764 wrote to memory of 5568	764	msedge.exe	79
PID 764 wrote to memory of 5568	764	msedge.exe	79
PID 764 wrote to memory of 5568	764	msedge.exe	79
PID 764 wrote to memory of 5568	764	msedge.exe	79
PID 764 wrote to memory of 5568	764	msedge.exe	79
PID 764 wrote to memory of 5568	764	msedge.exe	79
PID 764 wrote to memory of 5568	764	msedge.exe	79
PID 764 wrote to memory of 5568	764	msedge.exe	79
PID 764 wrote to memory of 5568	764	msedge.exe	79
PID 764 wrote to memory of 5568	764	msedge.exe	79
PID 764 wrote to memory of 5568	764	msedge.exe	79
PID 764 wrote to memory of 5568	764	msedge.exe	79
PID 764 wrote to memory of 5568	764	msedge.exe	79
PID 764 wrote to memory of 5568	764	msedge.exe	79
PID 764 wrote to memory of 5568	764	msedge.exe	79
PID 764 wrote to memory of 5568	764	msedge.exe	79
PID 764 wrote to memory of 5568	764	msedge.exe	79
PID 764 wrote to memory of 5568	764	msedge.exe	79
PID 764 wrote to memory of 5568	764	msedge.exe	79

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/file/03kfosc4wwal7ah/kaspersky.rar/file
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff85653cb8,0x7fff85653cc8,0x7fff85653cd8
  2⤵
  PID:1628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1868,10004867642607095746,11044998967393082376,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1880 /prefetch:2
  2⤵
  PID:2516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1868,10004867642607095746,11044998967393082376,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1868,10004867642607095746,11044998967393082376,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2520 /prefetch:8
  2⤵
  PID:5568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,10004867642607095746,11044998967393082376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,10004867642607095746,11044998967393082376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:2920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,10004867642607095746,11044998967393082376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:1
  2⤵
  PID:1100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,10004867642607095746,11044998967393082376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,10004867642607095746,11044998967393082376,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
  2⤵
  PID:1796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,10004867642607095746,11044998967393082376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
  2⤵
  PID:5240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1868,10004867642607095746,11044998967393082376,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5788 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,10004867642607095746,11044998967393082376,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:1
  2⤵
  PID:6040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,10004867642607095746,11044998967393082376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6168 /prefetch:1
  2⤵
  PID:3384
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1868,10004867642607095746,11044998967393082376,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,10004867642607095746,11044998967393082376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6724 /prefetch:1
  2⤵
  PID:1280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,10004867642607095746,11044998967393082376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:5736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,10004867642607095746,11044998967393082376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:5624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,10004867642607095746,11044998967393082376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7044 /prefetch:1
  2⤵
  PID:2972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,10004867642607095746,11044998967393082376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7364 /prefetch:1
  2⤵
  PID:3432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,10004867642607095746,11044998967393082376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7900 /prefetch:1
  2⤵
  PID:4004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,10004867642607095746,11044998967393082376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
  2⤵
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,10004867642607095746,11044998967393082376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7372 /prefetch:1
  2⤵
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,10004867642607095746,11044998967393082376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7408 /prefetch:1
  2⤵
  PID:2596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,10004867642607095746,11044998967393082376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8096 /prefetch:1
  2⤵
  PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,10004867642607095746,11044998967393082376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,10004867642607095746,11044998967393082376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7056 /prefetch:1
  2⤵
  PID:6136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1868,10004867642607095746,11044998967393082376,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7512 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,10004867642607095746,11044998967393082376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8472 /prefetch:1
  2⤵
  PID:2700

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6084

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3964

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1904

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\kaspersky\" -spe -an -ai#7zMap5807:80:7zEvent1285
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3952

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\kaspersky\serials for (Kaspersky Premium 2023).txt
1⤵
PID:5556

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\kaspersky\serials for (Kaspersky Premium 2023).txt
1⤵
PID:5232

C:\Users\Admin\Downloads\kaspersky\kis21.3.10.391abar_en_35770(1).exe
"C:\Users\Admin\Downloads\kaspersky\kis21.3.10.391abar_en_35770(1).exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks for any installed AV software in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Software Discovery

T1518

Security Software Discovery

T1518.001

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fc9ad6481dbd849d589d50f5988c7fcb

SHA1
87cebc5ed3afcfda307b9a4972d2eadbaf0fa854

SHA256
7eb4a4ffb8ad7997365e51b970221549031ac53f87816263fedc1a594cf22556

SHA512
79ec0e21d8bb64c9ff746e93a7a16e37b20c7aae47416697c967306393b738ef27a3ed9dd11881cb191289046e49df3c714fbce697e5023cff67eb8ba17a23ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
10543cff4244ba9573e896d93dd93b0d

SHA1
86ec732c2bd7cf79eff3706de989d56741cacc99

SHA256
1322bb5a9c367632455f72995535accae63fda8fd417c01f101e74259dd8930a

SHA512
cc4ba45f2ba4643b84a4723bef85d7be098f750b3f806d0fd596fa3f6b0fbd48aed50527855a01e96d3568eb6f1ac3319f812cd5bd253ed229f89bc227c7b449

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
0bd1c0aa01dc0b1ffaed1a0fe14642a9

SHA1
baf8c3585737012f2114c45e49e609882cbc5adf

SHA256
9b2126994a14ef7a6b0ed41fc52884e0fcd3d3799d0cc4661670a65c90a76a42

SHA512
874238732042e513494a88186248a742a9c0a4196effb822378442bb8107af7e81af8852a4d5b28e6ebe66fce1bb9b1b89a2cdf2f6f6fb3c63b9238691292a98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9fa00ac293677cbb82d45e71d5e3bbf7

SHA1
325b8aa0ddd3e073c12df43235916f40bd0d2aba

SHA256
c45d98d4e4c9215140a86ec162430120263870a727f196e1e4416e9aaf1a283c

SHA512
f6872db57563794a934d67b6e40662410eea7381304b7c26338559210be460768f0177338b35f5cd4530a7b7c8c7e0e1c9105da9590902008c5ac22ff2f4a8e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
dc89d9c88c918520788c0e7f0dd73e4a

SHA1
c71d2d72446ce678098cfa2b2f9d079384899ce4

SHA256
c36b4bc4c549a18c355a59ca3c4f6fcf8684aee1a351581072ffcd0c16609361

SHA512
d58817617a8f305426246b42f2deb45538d69ce1e3c3f395c1e4f3f54bf0b19e7c655fb5f72dc48e3c69a2e0b9a1bd3867c177694c39d7c3695e4a83240aec2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
35144e2b1d2bba5dc860168cecb38980

SHA1
c8129231b7b1f74f701d08118d5e94a4101af08d

SHA256
4c0c58de504c92abbbb1b016ce1a596045945f3b710d0438cd1277c075513e4e

SHA512
f4853dc1eead99a92fd10e999dd8ad55cc5989732bda2e36d1679380552230174c3bc5b3590b8fcbd54f4796a645a718e9fa803108101f2c41dc5857087a7d15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
509961b25d04c012ae5bf025fbe03ca2

SHA1
5283d76b8022e5fbe90a18a43bb9066295ec511c

SHA256
2035b1e3fc318344333a8005712cdd2d9845d5f84079b0c18b6cfb54774fdce8

SHA512
6eab937965f271c4b32a33e02f90bda2dff0ca36f70934bb062c698973062df24582e4b4a3506b65f75f9bb2be7c32c5794a7056a4cd62d6c64d1f74d489cb64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
25KB

MD5
6eebeb9a797a13b043f5b62db4f35dfd

SHA1
78509b1bf703579a1df798428e88727e802446d5

SHA256
e27034dcf63239ae5f57bff6dfed2c4c139c9a5c5183526b1b82e65e20c442aa

SHA512
19fbfd65018b2fe66e8867b676be2e90efa9b48b4bd4d98ff0e6c12f9cee6129dcd3344eca50097cc1879bed4c5c680a792ab219d7ad00da4a4d0d62d02d8cac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580eb1.TMP

Filesize
872B

MD5
4af41e6eea63c6e1ca64f5e2c2816f6e

SHA1
eb465800c8880cb84ae4f8356f912e0519ced58e

SHA256
4e4d5fc07bbc29f404cf96b7ce38d55e0a8e8e5684a6dc5fbc86cc8f691c88b1

SHA512
e717ff64281006d7aafef37668113258cf4bc426bb14d54310bd655bff4fd252c6ea1478ab029972d0909de6b3e1d0aa34724f7c62fc6c5f376d3fa74d385ec9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c7a630e4-3c72-46d1-93b0-15dfe448d71d.tmp

Filesize
3KB

MD5
490146d8020784d44798bbfdfb2fc5c8

SHA1
1387d96470a5d2941728afdd77e9abec5a984cac

SHA256
cbc04cc22c3ab7bb1394aefe9ce08c87f2dfd2da0b4213ff19c43615287e9479

SHA512
6ec09421934992d81d5845c78a3245976d22b2e95de56712f4928f279cfb6b8856bc278b7b40280f9625b5b140fb9f1c43c311c681eedd4cea155865a2c4d598

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
48038d3e3884098b8580d48bec33ab6a

SHA1
0b0b9523dd791c9352c3e727970c5dcaad7c38ae

SHA256
eed7c475f8f9f46537a058e543f23f0155fc511422aecd4bf420a6aea4b3112a

SHA512
f377d2cb2c13fc305ec93b22299fed66863fd984e8a39deee29bf3cd62036f04fb4e9932303a07ded54fec022403efb037684efaee30afa508379f601a14a026

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
02839a695eddf14a69db3dc10931f33c

SHA1
deb55d62c82f5d85698f844c54e2e96f5a02c11c

SHA256
1bf20ef89c4e7404f4d29dccea1f0013419637ddbd185a76b04a2a4b9cad5aaf

SHA512
c7f3817d469cf505e6c092594eea689378f102757145105ee1c5c4d431f6a89619e6bddb0d0e551c72b81025fbd3d86cada5326081bb4666833e1802afdde4de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a3f4d2a1bf1accc93e25e59f660ecd3a

SHA1
145116138a8ea4092ca767a11c8eaf512a6f3062

SHA256
edfbbe950fd7c492424d3ea2f3f006ed8621fe6c1d3e27535ff6d587c820fe1f

SHA512
43af144093cad2ba529ac7490e0edc798292705bb3fed246b411598f58febf729fd2edb834d78460184ed33c9d37ce27b05cb639566bf076662139461701a751

Download Submit
C:\Users\Admin\AppData\Local\Temp\4997C4D87DDCEE11DA7AEEE6F2A1C2D3\setup.dll

Filesize
3.3MB

MD5
db66a387c2329047258c84b15e1e03a8

SHA1
e11bc2fae225f2ff806a16264c214aa6ec92f36d

SHA256
387d40e66d822bdc6d80b5b2565e717ae576630ebdf5c6255c306ea9399d7ef3

SHA512
e695d34ad3e673276dd08375d34565ae841cc97ccb77b7d785d7adca96113191c32f84373a5268bf9956dc6e56275d8c23588074c58d6ca02fec5cb2968a3f97

Download Submit
C:\Users\Admin\AppData\Local\Temp\8D4C7995-CDD7-11EE-ADA7-EE6E2F1A2C3D\select_lang_page.html

Filesize
2KB

MD5
9818986f73d4d69be2ab6266736a8bf1

SHA1
5609a493daa3080f912e6712e986877c3a511ec5

SHA256
4fb37c2c380b0dcc458c71cebc1ad4a51b6bc291662148728497075a19d75031

SHA512
d757d03a97323d435382c3e90b5115a00b6596285cf151e545cecdb8b9a52e0d5d32b3e98d07f40ec165e6ab14821f84843b94c7507b89afae8d92db10c52068

Download Submit
C:\Users\Admin\Downloads\kaspersky.rar

Filesize
320KB

MD5
6979816aa1bf154f272b60281d3f0d7a

SHA1
ab1385236b849c91dca92e56a7bdcfc8d5329998

SHA256
12b29708500aeb893df3a61f9487805751c77829592222d29076d52fc3167f73

SHA512
c680d2c37f0bf7e3d6d9ee32e8c97769c3a24157ab8959e6f0baa9eb3f595e2c1e19a88dcd725341b709886ef089315f8443709eac2442fb747489ae2083221d

Download Submit
C:\Users\Admin\Downloads\kaspersky.rar:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\kaspersky\kis21.3.10.391abar_en_35770(1).exe

Filesize
2.7MB

MD5
241b40200bd1ceca5acbef6e1397d64a

SHA1
747f69ea7fd30ca8fd50d1fd7f4542f6164d5df9

SHA256
ae67724a136f9faf93888bbf1375a306598b8c8bfcf17e22381afa75f9e2ea2a

SHA512
1aac2c79573ef92fadc13f9324e78e8097a656f98e3891043b20d8f15ff55f6ea3d8812efc7049c1d26c54feb98470469f1046e5012020405a3d5e8a06e3fa76

Download Submit
C:\Users\Admin\Downloads\kaspersky\serials for (Kaspersky Premium 2023).txt

Filesize
468B

MD5
ba19ab8f8f3970bd4872376ec8349df9

SHA1
424fe88eabdf378bc94c38ba589554c7e7b697ee

SHA256
f11ba97c95487c00a1d3caddd1bbab17b08d6717ad641669340fbf682a439011

SHA512
fbc622baa1ee204574099d4a7a8c09090ab42147dc55527769cf088275046ba5ed95900692743349c13d189827fd20feb66eeea66323418199794c932d66d11f

Download Submit
memory/2008-468-0x0000000077CB0000-0x0000000077CC0000-memory.dmp

Filesize
64KB

Download
memory/2008-469-0x0000000077CB0000-0x0000000077CC0000-memory.dmp

Filesize
64KB

Download
memory/2008-470-0x0000000077CB0000-0x0000000077CC0000-memory.dmp

Filesize
64KB

Download
memory/2008-471-0x0000000077B74000-0x0000000077B75000-memory.dmp

Filesize
4KB

Download