182699e264a70636924b994cebad5b06ccdcd96480be3a6b970816f3adba4f45

Analysis

max time kernel
50s
max time network
141s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
04/05/2024, 15:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

kaspersky4win202121.16.6.467en_39970.exe
Size

4.2MB
MD5

88a9e8f8edfd369e7a45d35ecbd788ab
SHA1

6c58421606592ea59418b9f79983d018c19bda06
SHA256

182699e264a70636924b994cebad5b06ccdcd96480be3a6b970816f3adba4f45
SHA512

6892707be382751b466d43227172b8da913f531e4f257527e7b50e87bf1226a8c6730f9eaa9c617549440049695fdbc317e3d39b4d325382c8e4e0ee540bf2ab
SSDEEP

98304:qO/RG6LkIN84klIci68xnTznF2uHozbMUoTV7G0dj1AmKs3/B:hL24kDi6eTznqbMUoTxGy5t/B

Score

6^/10

bootkit evasion persistence trojan

Malware Config

Signatures

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	kaspersky4win202121.16.6.467en_39970.exe

Downloads MZ/PE file

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	kaspersky4win202121.16.6.467en_39970.exe

Checks for VirtualBox DLLs, possible anti-VM trick 1 TTPs 1 IoCs

Certain files are specific to VirtualBox VMs and can be used to detect execution in a VM.

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\VBoxMiniRdrDN	kaspersky4win202121.16.6.467en_39970.exe

Executes dropped EXE 1 IoCs

pid	Process
2380	kaspersky4win202121.16.6.467en_39970.exe

Loads dropped DLL 44 IoCs

pid	Process
2844	kaspersky4win202121.16.6.467en_39970.exe
2380	kaspersky4win202121.16.6.467en_39970.exe
2380	kaspersky4win202121.16.6.467en_39970.exe
2380	kaspersky4win202121.16.6.467en_39970.exe
2380	kaspersky4win202121.16.6.467en_39970.exe
2380	kaspersky4win202121.16.6.467en_39970.exe
2380	kaspersky4win202121.16.6.467en_39970.exe
2380	kaspersky4win202121.16.6.467en_39970.exe
2380	kaspersky4win202121.16.6.467en_39970.exe
2380	kaspersky4win202121.16.6.467en_39970.exe
2380	kaspersky4win202121.16.6.467en_39970.exe
2380	kaspersky4win202121.16.6.467en_39970.exe
2380	kaspersky4win202121.16.6.467en_39970.exe
2380	kaspersky4win202121.16.6.467en_39970.exe
2380	kaspersky4win202121.16.6.467en_39970.exe
2380	kaspersky4win202121.16.6.467en_39970.exe
2380	kaspersky4win202121.16.6.467en_39970.exe
2380	kaspersky4win202121.16.6.467en_39970.exe
2380	kaspersky4win202121.16.6.467en_39970.exe
2380	kaspersky4win202121.16.6.467en_39970.exe
2380	kaspersky4win202121.16.6.467en_39970.exe
2380	kaspersky4win202121.16.6.467en_39970.exe
2380	kaspersky4win202121.16.6.467en_39970.exe
2380	kaspersky4win202121.16.6.467en_39970.exe
2380	kaspersky4win202121.16.6.467en_39970.exe
2380	kaspersky4win202121.16.6.467en_39970.exe
2380	kaspersky4win202121.16.6.467en_39970.exe
2380	kaspersky4win202121.16.6.467en_39970.exe
2380	kaspersky4win202121.16.6.467en_39970.exe
2380	kaspersky4win202121.16.6.467en_39970.exe
2380	kaspersky4win202121.16.6.467en_39970.exe
2380	kaspersky4win202121.16.6.467en_39970.exe
2380	kaspersky4win202121.16.6.467en_39970.exe
2380	kaspersky4win202121.16.6.467en_39970.exe
2380	kaspersky4win202121.16.6.467en_39970.exe
2380	kaspersky4win202121.16.6.467en_39970.exe
2380	kaspersky4win202121.16.6.467en_39970.exe
2380	kaspersky4win202121.16.6.467en_39970.exe
2380	kaspersky4win202121.16.6.467en_39970.exe
2380	kaspersky4win202121.16.6.467en_39970.exe
2380	kaspersky4win202121.16.6.467en_39970.exe
2380	kaspersky4win202121.16.6.467en_39970.exe
2380	kaspersky4win202121.16.6.467en_39970.exe
2380	kaspersky4win202121.16.6.467en_39970.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde	kaspersky4win202121.16.6.467en_39970.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	kaspersky4win202121.16.6.467en_39970.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	kaspersky4win202121.16.6.467en_39970.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	kaspersky4win202121.16.6.467en_39970.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	kaspersky4win202121.16.6.467en_39970.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436	kaspersky4win202121.16.6.467en_39970.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1096	chrome.exe
1096	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2844 wrote to memory of 2380	2844	kaspersky4win202121.16.6.467en_39970.exe	28
PID 2844 wrote to memory of 2380	2844	kaspersky4win202121.16.6.467en_39970.exe	28
PID 2844 wrote to memory of 2380	2844	kaspersky4win202121.16.6.467en_39970.exe	28
PID 2844 wrote to memory of 2380	2844	kaspersky4win202121.16.6.467en_39970.exe	28
PID 2844 wrote to memory of 2380	2844	kaspersky4win202121.16.6.467en_39970.exe	28
PID 2844 wrote to memory of 2380	2844	kaspersky4win202121.16.6.467en_39970.exe	28
PID 2844 wrote to memory of 2380	2844	kaspersky4win202121.16.6.467en_39970.exe	28
PID 1096 wrote to memory of 1368	1096	chrome.exe	31
PID 1096 wrote to memory of 1368	1096	chrome.exe	31
PID 1096 wrote to memory of 1368	1096	chrome.exe	31
PID 1096 wrote to memory of 2164	1096	chrome.exe	33
PID 1096 wrote to memory of 2164	1096	chrome.exe	33
PID 1096 wrote to memory of 2164	1096	chrome.exe	33
PID 1096 wrote to memory of 2164	1096	chrome.exe	33
PID 1096 wrote to memory of 2164	1096	chrome.exe	33
PID 1096 wrote to memory of 2164	1096	chrome.exe	33
PID 1096 wrote to memory of 2164	1096	chrome.exe	33
PID 1096 wrote to memory of 2164	1096	chrome.exe	33
PID 1096 wrote to memory of 2164	1096	chrome.exe	33
PID 1096 wrote to memory of 2164	1096	chrome.exe	33
PID 1096 wrote to memory of 2164	1096	chrome.exe	33
PID 1096 wrote to memory of 2164	1096	chrome.exe	33
PID 1096 wrote to memory of 2164	1096	chrome.exe	33
PID 1096 wrote to memory of 2164	1096	chrome.exe	33
PID 1096 wrote to memory of 2164	1096	chrome.exe	33
PID 1096 wrote to memory of 2164	1096	chrome.exe	33
PID 1096 wrote to memory of 2164	1096	chrome.exe	33
PID 1096 wrote to memory of 2164	1096	chrome.exe	33
PID 1096 wrote to memory of 2164	1096	chrome.exe	33
PID 1096 wrote to memory of 2164	1096	chrome.exe	33
PID 1096 wrote to memory of 2164	1096	chrome.exe	33
PID 1096 wrote to memory of 2164	1096	chrome.exe	33
PID 1096 wrote to memory of 2164	1096	chrome.exe	33
PID 1096 wrote to memory of 2164	1096	chrome.exe	33
PID 1096 wrote to memory of 2164	1096	chrome.exe	33
PID 1096 wrote to memory of 2164	1096	chrome.exe	33
PID 1096 wrote to memory of 2164	1096	chrome.exe	33
PID 1096 wrote to memory of 2164	1096	chrome.exe	33
PID 1096 wrote to memory of 2164	1096	chrome.exe	33
PID 1096 wrote to memory of 2164	1096	chrome.exe	33
PID 1096 wrote to memory of 2164	1096	chrome.exe	33
PID 1096 wrote to memory of 2164	1096	chrome.exe	33
PID 1096 wrote to memory of 2164	1096	chrome.exe	33
PID 1096 wrote to memory of 2164	1096	chrome.exe	33
PID 1096 wrote to memory of 2164	1096	chrome.exe	33
PID 1096 wrote to memory of 2164	1096	chrome.exe	33
PID 1096 wrote to memory of 2164	1096	chrome.exe	33
PID 1096 wrote to memory of 2164	1096	chrome.exe	33
PID 1096 wrote to memory of 2164	1096	chrome.exe	33
PID 1096 wrote to memory of 1064	1096	chrome.exe	34
PID 1096 wrote to memory of 1064	1096	chrome.exe	34
PID 1096 wrote to memory of 1064	1096	chrome.exe	34
PID 1096 wrote to memory of 1832	1096	chrome.exe	35
PID 1096 wrote to memory of 1832	1096	chrome.exe	35
PID 1096 wrote to memory of 1832	1096	chrome.exe	35
PID 1096 wrote to memory of 1832	1096	chrome.exe	35
PID 1096 wrote to memory of 1832	1096	chrome.exe	35
PID 1096 wrote to memory of 1832	1096	chrome.exe	35
PID 1096 wrote to memory of 1832	1096	chrome.exe	35
PID 1096 wrote to memory of 1832	1096	chrome.exe	35
PID 1096 wrote to memory of 1832	1096	chrome.exe	35
PID 1096 wrote to memory of 1832	1096	chrome.exe	35
PID 1096 wrote to memory of 1832	1096	chrome.exe	35
PID 1096 wrote to memory of 1832	1096	chrome.exe	35

C:\Users\Admin\AppData\Local\Temp\kaspersky4win202121.16.6.467en_39970.exe
"C:\Users\Admin\AppData\Local\Temp\kaspersky4win202121.16.6.467en_39970.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2844
- C:\Windows\temp\0571BD24F2A0FE118B4065F95D1A461C\kaspersky4win202121.16.6.467en_39970.exe
  "C:\Windows\temp\0571BD24F2A0FE118B4065F95D1A461C\kaspersky4win202121.16.6.467en_39970.exe" -initialNonSecureSetupPath="C:\Users\Admin\AppData\Local\Temp\kaspersky4win202121.16.6.467en_39970.exe"
  2⤵
  - Checks whether UAC is enabled
  - Writes to the Master Boot Record (MBR)
  - Checks for VirtualBox DLLs, possible anti-VM trick
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies system certificate store
  PID:2380

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6719758,0x7fef6719768,0x7fef6719778
  2⤵
  PID:1368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1104 --field-trial-handle=1288,i,7699809609756815291,14350319053674674470,131072 /prefetch:2
  2⤵
  PID:2164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1504 --field-trial-handle=1288,i,7699809609756815291,14350319053674674470,131072 /prefetch:8
  2⤵
  PID:1064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1604 --field-trial-handle=1288,i,7699809609756815291,14350319053674674470,131072 /prefetch:8
  2⤵
  PID:1832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2252 --field-trial-handle=1288,i,7699809609756815291,14350319053674674470,131072 /prefetch:1
  2⤵
  PID:2584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2268 --field-trial-handle=1288,i,7699809609756815291,14350319053674674470,131072 /prefetch:1
  2⤵
  PID:2632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1408 --field-trial-handle=1288,i,7699809609756815291,14350319053674674470,131072 /prefetch:2
  2⤵
  PID:1916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2156 --field-trial-handle=1288,i,7699809609756815291,14350319053674674470,131072 /prefetch:1
  2⤵
  PID:2784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3444 --field-trial-handle=1288,i,7699809609756815291,14350319053674674470,131072 /prefetch:8
  2⤵
  PID:860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3556 --field-trial-handle=1288,i,7699809609756815291,14350319053674674470,131072 /prefetch:8
  2⤵
  PID:2096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3448 --field-trial-handle=1288,i,7699809609756815291,14350319053674674470,131072 /prefetch:8
  2⤵
  PID:2872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3996 --field-trial-handle=1288,i,7699809609756815291,14350319053674674470,131072 /prefetch:1
  2⤵
  PID:1964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2452 --field-trial-handle=1288,i,7699809609756815291,14350319053674674470,131072 /prefetch:1
  2⤵
  PID:996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2700 --field-trial-handle=1288,i,7699809609756815291,14350319053674674470,131072 /prefetch:1
  2⤵
  PID:2076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1040 --field-trial-handle=1288,i,7699809609756815291,14350319053674674470,131072 /prefetch:1
  2⤵
  PID:2452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3980 --field-trial-handle=1288,i,7699809609756815291,14350319053674674470,131072 /prefetch:8
  2⤵
  PID:2352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2352 --field-trial-handle=1288,i,7699809609756815291,14350319053674674470,131072 /prefetch:1
  2⤵
  PID:2896

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Kaspersky Lab Setup Files\SAAS21.16.6.467.0.34.0\kdscrl.rdb

Filesize
3KB

MD5
79a78149e4ef2e6e09cc061338c7b151

SHA1
99505d2461a18f16d4d185603887c60e226347ee

SHA256
e6c0da20fc5d9eda24e4128faa5641f8b2d39951e0a0236c013e1f1efcbf83fd

SHA512
a3baf55b373b943f8f1c8840cdc2f02a94aed436c54fdcb8cf6eeac9b5840a5e1a11be0c70460da0c17f6fda1b01b87f4e2a688abb5ddeb7819301a1354d688e

Download Submit
C:\ProgramData\Kaspersky Lab Setup Files\SAAS21.17.7.539.0.26.0\au_setup_42EE31F3-0A2F-11EF-B804-569FD5A164C1\startup.exe

Filesize
4.3MB

MD5
260bc696a290b577637dd305dba16d1c

SHA1
26c796834379e6675b9e3e7b9c96af05d05faa35

SHA256
12b6ee96f7f0581f6b9633067bf7bbe638463d135eaeb06f620442b59cdaa9f1

SHA512
eabc234fefb9f704be6c92600ebfe7ec3335e15c1be84f4d3684dbfa0771cc8ba58c7bbad50d93940cba3446649ef85f84a17ee925fdc6bd6ed5ce9c5ad72c10

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1

Filesize
867B

MD5
c5dfb849ca051355ee2dba1ac33eb028

SHA1
d69b561148f01c77c54578c10926df5b856976ad

SHA256
cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b

SHA512
88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
02e59eb96125631fdf4b4cbe8557399e

SHA1
97abc1210d21ee151193239500bed0b2c1bdb403

SHA256
8b6ba1c8fd62e0f44c4e6947df10674630710e90e63906875242ccf863f3a7f8

SHA512
7b0ef17337d28c9447da380e2d2c877029b0cd227c994a05afa3741de0f7e02ed7995404202f097908f0e6dc6a6d31e8023c83030b327b0b8c007393ed395dc2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6cbd547d731e63318cdede21c936fbd9

SHA1
fc9d8114ce0bd5eb80e6226acd1564fec8c26c5c

SHA256
96ff81f82ef630725896f22df300c0a545e81da9b5b674b0c4d19c8b594cb27f

SHA512
a7f590c1a889e2e8ab708fc13b290e9c258466224e634bb515d4e2bac82c97e2bd59481a224336a5994a55e62bd5366139682b069a9b79e6019297bea7088b7c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4f3014339a2b893b8f22848e6f930253

SHA1
c6bb896fec174c04c06347a123b277978f55fd05

SHA256
7a7b1e01f84044ca0cf027ab71e654093552aff4d61438f4fa10ab87fef26b3b

SHA512
38f4bd116d258114345e7c7dab12c45a1ef5cbac3f152e20480309734a9f2a097ab14e271b2330986ee39957bc38d2aba6acb58fbde43342e4a6fe7d65f58f82

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1

Filesize
242B

MD5
76d58d299276d589894c4cfdfdf44390

SHA1
64137c1c1ca64bf021275405cefc46b85146da85

SHA256
08ed8d3c115f3a4be8e00c487652476c444984c90fa747a2b502fee55d00ca74

SHA512
b940f44b22a9799b20480aa1d4d3eb06a6a36b457356326dba087a8145788a5203b09df8084e9ed59c39c1005d2206f5a1bbf0ea5b04dd0dec77c243191336ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026

Filesize
19KB

MD5
63dbcaee419c287c164643d4ccebcb1e

SHA1
eeb12b80f3d6cad460051eef77c8b7934d3adbfd

SHA256
98800c993468ea7b8f29a55457e46b20792f99d4f1a8c35d5844366ec41bdb44

SHA512
15094477f4a0912cb8e5090069755b6ead4ff33f02ca10aabd1a1c98102f74b1339d5d4f3de23a6573332b940327c4ac2e6ef90cf9d4ac6d3482a99a87f7d3c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
0c4a8ce58a49f8af5330502635df77c4

SHA1
fad87365ca2b04e0302c2be17f3d716920577467

SHA256
4d24937a1857386eec940939781f84ee447778919b9e82df960d2e981fb9979c

SHA512
49a2588d699aab2992a294ab1f3f1eb29b499343d507ab218e3b06c39c6313ed629e234ef1a74ac5e02322abaca3dbd8435f02c0fb7ac7dc71bfd17c2bfb9804

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
361B

MD5
3844ffd10703cd873cb957cb117912a4

SHA1
a5de5453231d8ab166d6cdc69cdd76016eff6833

SHA256
2408d37cebbc683f6f1483c819d020cea43cbdc1ed4cecf3a532a9a3df1ebf82

SHA512
26e42fa0031d33720dc720f6bfc383c9c8a96c2c973f2e834a40178c4d5c2228442924c2897273b06f6d3a1b7d4ece9ab1de16fbe8eed5126d52a8fe6deba7ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
361B

MD5
9e18373cd879ed0f67aa6e7ec8018f41

SHA1
08b4a0d87f77aa223ecc8dc89bc34ce2b98a87fd

SHA256
5095b50a4671f02749d7e5354eafd0c59b439f5ad3701c654c105f1494b2d211

SHA512
77aa9d2cdb35501d9d771fc86170011d2f499e8722b1aaebc72b5cf00a0b7753fba69d044b8c676c11e3b08e1b248d9ca474c508a121ef705c5e8dda87c42ee2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
5c0adfbd4f3e16ee4b3298eba50bc4c0

SHA1
6402a79b4512c530ac0ab95a6eb379871b6aa15e

SHA256
600ed5be7ff5c20b64c34de7c48b866142d07f00e350edd2e90674f01fbf45d4

SHA512
81987b54cd6aca1ccf877ff9263cf1c421c9bc5dd906a65adb9cdd998f488ee6afa4f488fee3c5d7b740491d44d5e0d118869b76e0859838792c7247bca0a121

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
486cc4ea4102cc3b8a3072645ed507f3

SHA1
fa7a4d66c39fda4b261cde04c583872f75f98eaf

SHA256
689c121a78566dd4b95110f8d29d9d6443d33aec6bb550673cab79df2444286f

SHA512
8fd7af991afab1159301dadfbac0df1ff989d4951396b36a0c889bd0209e3c26d9b0b664f92385fc27cba690eb7ad8d755047c9f221832095a6dfb1cd6ed0d1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c305940e379aaf2f4163e0b419811f52

SHA1
56af78e43a72c56a81e3629a9f0158fa5ce7f86d

SHA256
c8673467a0a40def9a13130667a132a45c26d3316400cffb65c127ca7c94df66

SHA512
b0e791dc154249c95a6cbbe893b5414344264bac7217f94fc77309bb0d5f790668f753fd77a192a18a28cd8005c414fcba9859083844ac5ce61471bf57356499

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\0F13EE24F2A0FE118B4065F95D1A461C\kl.ui.framework.uikit.b2c.dll

Filesize
543KB

MD5
fb389c9c3c063163f5609608405f66bc

SHA1
0d2d249335b82941aaa7aeb58947c12cadf04ff8

SHA256
7e97138fe069a260a05bad7beddc31fc54d0909f36728ab0efa761e7580393df

SHA512
c169b1e6fecd432517f58bac541820c4fde5fefd847b9dd4544d290f95334b8fc392b26cd02eebeb30aaddb87885bd35b1f0c46644b1e5b9e9c84115afebf0f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar26D9.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
\Users\Admin\AppData\Local\Temp\0F13EE24F2A0FE118B4065F95D1A461C\System.Windows.Interactivity.dll

Filesize
39KB

MD5
3ab57a33a6e3a1476695d5a6e856c06a

SHA1
dabb4ecffd0c422a8eebff5d4ec8116a6e90d7e7

SHA256
4aace8c8a330ae8429cd8cc1b6804076d3a9ffd633470f91fd36bdd25bb57876

SHA512
58dbfcf9199d72d370e2d98b8ef2713d74207a597c9494b0ecf5e4c7bf7cf60c5e85f4a92b2a1896dff63d9d5107f0d81d7dddbc7203e9e559ab7219eca0df92

Download Submit
\Users\Admin\AppData\Local\Temp\0F13EE24F2A0FE118B4065F95D1A461C\kl.setup.ui.core.dll

Filesize
89KB

MD5
78fb3f1e9f69beca863af1ff7713249c

SHA1
65e00f042db34b385d9bfd0100a3b13efd79df5e

SHA256
323aa8d8707a030bf245d6031b7fb439c929a3a24c5621a03276114691e45aac

SHA512
79bcfa36dfb3b1a6e04d06a5d85fce6574831d5684ae55c9e08784ee6a585bde5c649438103d40edd85da3bb8fd1d27b00be16fd421d32502da3587468ee8ced

Download Submit
\Users\Admin\AppData\Local\Temp\0F13EE24F2A0FE118B4065F95D1A461C\kl.setup.ui.dll

Filesize
279KB

MD5
bb9df6ed16bad5bbcde9b106e11dff6f

SHA1
5a18c06282442a241e42ea45eb636cc77bf7d95c

SHA256
dc5f2821548e5a660fc920224846994da0169972f18a15e04fc9943a6a08f734

SHA512
12d3c0ec2cc0224614cd8dcc81bb0f5610a0b836420628722d3409775f1c186b9d7cadb9a61bf5ce5f5ae1c99fa408ad14900f7f8b83c0b5073180786f9123a6

Download Submit
\Users\Admin\AppData\Local\Temp\0F13EE24F2A0FE118B4065F95D1A461C\kl.setup.ui.interoplayer.dll

Filesize
56KB

MD5
a54a9d1185edd71b120010d131f0dbea

SHA1
e24ebb90da9840cb2b813bac4409c9525258d864

SHA256
a7d59379fdfa59c21b114b087b16028480f976efa12e3a197fff3729f28f3bb3

SHA512
c16e90afa3c9d49c6fb8af03e027e927c6ae582f28ffd6cbcb79178a47346327bef6ee8791cc0c04643ca7204c964c19c270f6c8609f1225bdcaf7d5f3c94c49

Download Submit
\Users\Admin\AppData\Local\Temp\0F13EE24F2A0FE118B4065F95D1A461C\kl.setup.ui.visuals.dll

Filesize
417KB

MD5
5bcc51f3bb85949e37ffc08cf1501f70

SHA1
f2d6067c3084e5c0af33b6e4bb9837b3f05a8f83

SHA256
fdcbe09d8c6ee7681e88bbf7bbcc6c87f089d034e00df6a422c3482f4a99a2bd

SHA512
950d8bf52222c1ba6c5173b3a9385737b4b414a259d72adee921b524b790113f473e00b5961972b19ad5dd2349fc1ba5c7b3541086c5b93a11238992a0e3c8a5

Download Submit
\Users\Admin\AppData\Local\Temp\0F13EE24F2A0FE118B4065F95D1A461C\kl.ui.framework.dll

Filesize
235KB

MD5
aeb7ba2ce5574025a985313bdde99cfb

SHA1
7e7d4d90a11c317c5d3b5065d47ef4209296cdaa

SHA256
92d7b5ad2e92e72804223e71cde8350ba7f0561e5e1b8c0002ce88e3e88f6ef0

SHA512
bd0aa5b5ac94076d6d6607cf704bcd89cabf43d3f99042fee8b653a0674c315ac9e464f0aef091998152f6b107a47034b541021efaf759bf250f6f99a91ba572

Download Submit
\Users\Admin\AppData\Local\Temp\0F13EE24F2A0FE118B4065F95D1A461C\kl.ui.framework.localization.dll

Filesize
281KB

MD5
ccf2531b77412b4eb5410888bd3eeb42

SHA1
ccc53ff2ac5b21d2a026b9f3431a016aee08dcb6

SHA256
170a04a3141b1c4f2606c3ba78d687972db6319d85d7a45f59958cc9f1fd05bd

SHA512
6eefd54ed14076cbd391e95817ce53c4bf69bae7d3c6f75f682d8e26f236cb2e4b9153c54fe358e1f833e9661cdc010686a2a5136fa70d77ca7f81cd59e32909

Download Submit
\Users\Admin\AppData\Local\Temp\0F13EE24F2A0FE118B4065F95D1A461C\kl.ui.framework.uikit.dll

Filesize
2.5MB

MD5
7076c5eb43353580a88554a458c393dc

SHA1
74d9ec58d4ef5d0a7a69fe6500b47c6873ed87ba

SHA256
294055db0edebad0b62f5690d65c401ff3c859bb2ce913c7840142ea344f0f24

SHA512
81c88f67e55c415a5fe48c07d020069cd494c7eaafb8c79475093121121d7360c9a72e79f9f64c6700f4a90a923ae876064d0a942c2cda3a6914c1b07a218515

Download Submit
\Users\Admin\AppData\Local\Temp\0F13EE24F2A0FE118B4065F95D1A461C\setup.dll

Filesize
5.5MB

MD5
e34dce5943a4af2e2f49d56241ab50a9

SHA1
85e7c363a6847f7784ecddd23e05c0694649c2fc

SHA256
6df2127ff01bbd7a48841146043ca7f41235441862817950a30aac68b2661fbd

SHA512
bf096925b529d956548aeabc87ea0442fa9edaf602cb26e54827d342ed997cb4709f5659bb9075f8a41788ee977ac9a505329c397f830f4d9c6c69fdf837f153

Download Submit
\Users\Admin\AppData\Local\Temp\0F13EE24F2A0FE118B4065F95D1A461C\sharpvectorconverterswpf.dll

Filesize
137KB

MD5
ca5e6167b66c384f62e56fe0e1757af3

SHA1
4d8912deab579d0ad3bfa7477f7377d03260ec1f

SHA256
a9edc78bc8dd9e6ab098c96d2f26949bf8cc7c1f1071c5d96154022dac685979

SHA512
53d2828ea80ba1c9726240859c42deddf3b384bfdc173763804d5c0e59bc531de519720c8f396cba3851768be14ebed5f8f6ed501d2a99055f2abab9c920ce5a

Download Submit
\Users\Admin\AppData\Local\Temp\0F13EE24F2A0FE118B4065F95D1A461C\sharpvectorcore.dll

Filesize
201KB

MD5
f6004bd10ff1bced912d389a48138323

SHA1
349d4f7bb69dec14ce5051c1ce4d7aaf33ce9ab8

SHA256
fa2c2216181125daaf69ce4c7e2addc9df98e09845a27292b9775ff8d568ac39

SHA512
550af5c8d54f4987a7c05347c9fa21a6cac5817ed410c5f9358bed6d13648c0c55be2426ea3b221f82b635e91f2a2c505f07703ae93392754c870853073536d5

Download Submit
\Users\Admin\AppData\Local\Temp\0F13EE24F2A0FE118B4065F95D1A461C\sharpvectorcss.dll

Filesize
109KB

MD5
25e40483458b8083eb12d38b6cead136

SHA1
9158642854dcdc9b2610272e181d98526b3547cc

SHA256
1a87d710b34b187f75e9213c95ab5eb129da63906f122035e7badf7044c929c9

SHA512
381ba47f815cfc4fe665913a49f8e53121dcad53c8e63ffc3d61663a2b5db0fc3fb2e3e8784fe5a0fd058ccb0687317c11e01debf4c596795f7cae5fd45dcadb

Download Submit
\Users\Admin\AppData\Local\Temp\0F13EE24F2A0FE118B4065F95D1A461C\sharpvectordom.dll

Filesize
55KB

MD5
b97a47906b78413d18249eaa15c0933b

SHA1
ccf1951838e20c52cdc440cea34f88101310dbb3

SHA256
5fd8cfbe80ec610463ab092b74e2c22b2651f30dd0660849d09210e70eca7254

SHA512
b490641ca358c270e77e587c5ecff4ad60848384348603d576212e4da133d30087aa32ed11037d19de8f3f6777711255f5a6a9a66ddfa0abb87d893d72619af5

Download Submit
\Users\Admin\AppData\Local\Temp\0F13EE24F2A0FE118B4065F95D1A461C\sharpvectormodel.dll

Filesize
997KB

MD5
ff09404438a1aaf5bafa792a504e7631

SHA1
7e78ad564aba274bf70c5320e39ae5061b30572a

SHA256
ccf8359d7862330ebb1dd0a5f50b9e12e43b1763ef64cde5417960774d1dcf11

SHA512
8b90210aa69b69b9e4e06a721a444ca9e50bcb87648fffdd2f47f2056ad52c55a2228547c45757a804b3b76ced8bf8899918f5c4a23f2139061bdff1dcf23db5

Download Submit
\Users\Admin\AppData\Local\Temp\0F13EE24F2A0FE118B4065F95D1A461C\sharpvectorrenderingwpf.dll

Filesize
203KB

MD5
619044935bd3151b6d1fef1e06ce5323

SHA1
f5d5e2b4171465ef022ed85ea7ff1e70c7b2a581

SHA256
5b6dc4ff32972e022a3a457d319ffc756c915b8f9be4fa62a550f2e361aca5f2

SHA512
d5f4cc32d6ccecd4accdb78913badc5190adea1df1e173d5b47ef2c522cadf4d2f198deb25440aa1360c03ba90fe734f3f8a3b63b38e7b7c54b8d3ecaad06cd4

Download Submit
\Users\Admin\AppData\Local\Temp\0F13EE24F2A0FE118B4065F95D1A461C\sharpvectorruntimewpf.dll

Filesize
69KB

MD5
cef0c0a808a94ef99fc4dc3472691a21

SHA1
637ea1d4def4e840d73af915d0118db2c8c9f2bc

SHA256
186fb849e9284fda5ed5ea84b1bb7a73b4321afa063df2fa4812b7f0dd857761

SHA512
0f764d85f76fe2fdcf094120f379e0841b74f710b6857722687334bd7a01329d79ab653e825c323110c9e67999429c70efe2c213b7a6a77d1d939f1829f5ad67

Download Submit
\Windows\Temp\0571BD24F2A0FE118B4065F95D1A461C\kaspersky4win202121.16.6.467en_39970.exe

Filesize
4.2MB

MD5
88a9e8f8edfd369e7a45d35ecbd788ab

SHA1
6c58421606592ea59418b9f79983d018c19bda06

SHA256
182699e264a70636924b994cebad5b06ccdcd96480be3a6b970816f3adba4f45

SHA512
6892707be382751b466d43227172b8da913f531e4f257527e7b50e87bf1226a8c6730f9eaa9c617549440049695fdbc317e3d39b4d325382c8e4e0ee540bf2ab

Download Submit
memory/2380-284-0x0000000072E10000-0x00000000734FE000-memory.dmp

Filesize
6.9MB

Download
memory/2380-296-0x0000000072E10000-0x00000000734FE000-memory.dmp

Filesize
6.9MB

Download
memory/2380-162-0x00000000069C0000-0x00000000069CE000-memory.dmp

Filesize
56KB

Download
memory/2380-128-0x0000000006180000-0x000000000618A000-memory.dmp

Filesize
40KB

Download
memory/2380-158-0x0000000006A10000-0x0000000006A2C000-memory.dmp

Filesize
112KB

Download
memory/2380-129-0x0000000006180000-0x000000000618A000-memory.dmp

Filesize
40KB

Download
memory/2380-154-0x0000000008750000-0x000000000884A000-memory.dmp

Filesize
1000KB

Download
memory/2380-120-0x0000000005E80000-0x0000000005E90000-memory.dmp

Filesize
64KB

Download
memory/2380-150-0x0000000006DA0000-0x0000000006DD2000-memory.dmp

Filesize
200KB

Download
memory/2380-93-0x0000000008210000-0x0000000008498000-memory.dmp

Filesize
2.5MB

Download
memory/2380-181-0x0000000072E10000-0x00000000734FE000-memory.dmp

Filesize
6.9MB

Download
memory/2380-125-0x0000000005E80000-0x0000000005E90000-memory.dmp

Filesize
64KB

Download
memory/2380-191-0x0000000072E10000-0x00000000734FE000-memory.dmp

Filesize
6.9MB

Download
memory/2380-108-0x0000000007110000-0x0000000007198000-memory.dmp

Filesize
544KB

Download
memory/2380-113-0x0000000007110000-0x0000000007198000-memory.dmp

Filesize
544KB

Download
memory/2380-102-0x0000000006FA0000-0x0000000007008000-memory.dmp

Filesize
416KB

Download
memory/2380-97-0x0000000006FA0000-0x0000000007008000-memory.dmp

Filesize
416KB

Download
memory/2380-283-0x0000000072E1E000-0x0000000072E1F000-memory.dmp

Filesize
4KB

Download
memory/2380-137-0x00000000061D0000-0x00000000061F2000-memory.dmp

Filesize
136KB

Download
memory/2380-133-0x0000000006300000-0x0000000006334000-memory.dmp

Filesize
208KB

Download
memory/2380-166-0x0000000006E30000-0x0000000006E42000-memory.dmp

Filesize
72KB

Download
memory/2380-89-0x0000000006F50000-0x0000000006F96000-memory.dmp

Filesize
280KB

Download
memory/2380-85-0x00000000034B0000-0x00000000034C6000-memory.dmp

Filesize
88KB

Download
memory/2380-437-0x0000000006180000-0x000000000618A000-memory.dmp

Filesize
40KB

Download
memory/2380-547-0x0000000072E10000-0x00000000734FE000-memory.dmp

Filesize
6.9MB

Download
memory/2380-548-0x0000000072E10000-0x00000000734FE000-memory.dmp

Filesize
6.9MB

Download
memory/2380-81-0x00000000035D0000-0x000000000360C000-memory.dmp

Filesize
240KB

Download
memory/2380-53-0x0000000002B50000-0x0000000002B96000-memory.dmp

Filesize
280KB

Download
memory/2380-49-0x0000000072E10000-0x00000000734FE000-memory.dmp

Filesize
6.9MB

Download
memory/2380-48-0x0000000072E10000-0x00000000734FE000-memory.dmp

Filesize
6.9MB

Download
memory/2380-45-0x0000000000670000-0x000000000067E000-memory.dmp

Filesize
56KB

Download
memory/2380-41-0x0000000072E1E000-0x0000000072E1F000-memory.dmp

Filesize
4KB

Download
memory/2380-8-0x0000000077280000-0x0000000077290000-memory.dmp

Filesize
64KB

Download
memory/2380-9-0x0000000077280000-0x0000000077290000-memory.dmp

Filesize
64KB

Download
memory/2380-10-0x0000000077280000-0x0000000077290000-memory.dmp

Filesize
64KB

Download
memory/2844-0-0x00000000772A0000-0x00000000772B0000-memory.dmp

Filesize
64KB

Download
memory/2844-1-0x00000000772A0000-0x00000000772B0000-memory.dmp

Filesize
64KB

Download
memory/2844-2-0x00000000772A0000-0x00000000772B0000-memory.dmp

Filesize
64KB

Download