182699e264a70636924b994cebad5b06ccdcd96480be3a6b970816f3adba4f45

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
04/05/2024, 15:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

kaspersky4win202121.16.6.467en_39970.exe
Size

4.2MB
MD5

88a9e8f8edfd369e7a45d35ecbd788ab
SHA1

6c58421606592ea59418b9f79983d018c19bda06
SHA256

182699e264a70636924b994cebad5b06ccdcd96480be3a6b970816f3adba4f45
SHA512

6892707be382751b466d43227172b8da913f531e4f257527e7b50e87bf1226a8c6730f9eaa9c617549440049695fdbc317e3d39b4d325382c8e4e0ee540bf2ab
SSDEEP

98304:qO/RG6LkIN84klIci68xnTznF2uHozbMUoTV7G0dj1AmKs3/B:hL24kDi6eTznqbMUoTxGy5t/B

Score

6^/10

bootkit evasion persistence trojan

Malware Config

Signatures

Checks for any installed AV software in registry 1 TTPs 1 IoCs

Security Software Discovery

T1518.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast	startup.exe

Checks whether UAC is enabled 1 TTPs 2 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	kaspersky4win202121.16.6.467en_39970.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	startup.exe

Downloads MZ/PE file

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	kaspersky4win202121.16.6.467en_39970.exe

Checks for VirtualBox DLLs, possible anti-VM trick 1 TTPs 1 IoCs

Certain files are specific to VirtualBox VMs and can be used to detect execution in a VM.

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\VBoxMiniRdrDN	kaspersky4win202121.16.6.467en_39970.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\installer	startup.exe

Executes dropped EXE 4 IoCs

pid	Process
1476	kaspersky4win202121.16.6.467en_39970.exe
388	startup.exe
2324	startup.exe
5044	kaspersky4win202121.16.6.467en_39970.exe

Loads dropped DLL 64 IoCs

pid	Process
1476	kaspersky4win202121.16.6.467en_39970.exe
1476	kaspersky4win202121.16.6.467en_39970.exe
1476	kaspersky4win202121.16.6.467en_39970.exe
1476	kaspersky4win202121.16.6.467en_39970.exe
1476	kaspersky4win202121.16.6.467en_39970.exe
1476	kaspersky4win202121.16.6.467en_39970.exe
1476	kaspersky4win202121.16.6.467en_39970.exe
1476	kaspersky4win202121.16.6.467en_39970.exe
1476	kaspersky4win202121.16.6.467en_39970.exe
1476	kaspersky4win202121.16.6.467en_39970.exe
1476	kaspersky4win202121.16.6.467en_39970.exe
1476	kaspersky4win202121.16.6.467en_39970.exe
1476	kaspersky4win202121.16.6.467en_39970.exe
1476	kaspersky4win202121.16.6.467en_39970.exe
1476	kaspersky4win202121.16.6.467en_39970.exe
1476	kaspersky4win202121.16.6.467en_39970.exe
1476	kaspersky4win202121.16.6.467en_39970.exe
1476	kaspersky4win202121.16.6.467en_39970.exe
1476	kaspersky4win202121.16.6.467en_39970.exe
1476	kaspersky4win202121.16.6.467en_39970.exe
1476	kaspersky4win202121.16.6.467en_39970.exe
1476	kaspersky4win202121.16.6.467en_39970.exe
1476	kaspersky4win202121.16.6.467en_39970.exe
1476	kaspersky4win202121.16.6.467en_39970.exe
1476	kaspersky4win202121.16.6.467en_39970.exe
1476	kaspersky4win202121.16.6.467en_39970.exe
1476	kaspersky4win202121.16.6.467en_39970.exe
1476	kaspersky4win202121.16.6.467en_39970.exe
1476	kaspersky4win202121.16.6.467en_39970.exe
1476	kaspersky4win202121.16.6.467en_39970.exe
1476	kaspersky4win202121.16.6.467en_39970.exe
1476	kaspersky4win202121.16.6.467en_39970.exe
1476	kaspersky4win202121.16.6.467en_39970.exe
1476	kaspersky4win202121.16.6.467en_39970.exe
1476	kaspersky4win202121.16.6.467en_39970.exe
1476	kaspersky4win202121.16.6.467en_39970.exe
1476	kaspersky4win202121.16.6.467en_39970.exe
1476	kaspersky4win202121.16.6.467en_39970.exe
1476	kaspersky4win202121.16.6.467en_39970.exe
1476	kaspersky4win202121.16.6.467en_39970.exe
1476	kaspersky4win202121.16.6.467en_39970.exe
2324	startup.exe
2324	startup.exe
2324	startup.exe
2324	startup.exe
2324	startup.exe
2324	startup.exe
2324	startup.exe
2324	startup.exe
2324	startup.exe
2324	startup.exe
2324	startup.exe
2324	startup.exe
2324	startup.exe
2324	startup.exe
2324	startup.exe
2324	startup.exe
2324	startup.exe
2324	startup.exe
2324	startup.exe
2324	startup.exe
2324	startup.exe
2324	startup.exe
2324	startup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133593120614274309"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 040000000100000010000000c5dfb849ca051355ee2dba1ac33eb0280f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b1400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba953030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad190000000100000010000000d0fd3c9c380d7b65e26b9a3fedd39b8f2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f	startup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 5c000000010000000400000000080000190000000100000010000000d0fd3c9c380d7b65e26b9a3fedd39b8f030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba9531400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b0b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab040000000100000010000000c5dfb849ca051355ee2dba1ac33eb0282000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f	startup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD	kaspersky4win202121.16.6.467en_39970.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 0f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b1400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba953030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f	kaspersky4win202121.16.6.467en_39970.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 190000000100000010000000d0fd3c9c380d7b65e26b9a3fedd39b8f030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba9531400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b0b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f	kaspersky4win202121.16.6.467en_39970.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD	startup.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2324	startup.exe
2324	startup.exe
2032	chrome.exe
2032	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
2324	startup.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3616 wrote to memory of 1476	3616	kaspersky4win202121.16.6.467en_39970.exe	83
PID 3616 wrote to memory of 1476	3616	kaspersky4win202121.16.6.467en_39970.exe	83
PID 3616 wrote to memory of 1476	3616	kaspersky4win202121.16.6.467en_39970.exe	83
PID 1476 wrote to memory of 388	1476	kaspersky4win202121.16.6.467en_39970.exe	92
PID 1476 wrote to memory of 388	1476	kaspersky4win202121.16.6.467en_39970.exe	92
PID 1476 wrote to memory of 388	1476	kaspersky4win202121.16.6.467en_39970.exe	92
PID 388 wrote to memory of 2324	388	startup.exe	93
PID 388 wrote to memory of 2324	388	startup.exe	93
PID 388 wrote to memory of 2324	388	startup.exe	93
PID 1476 wrote to memory of 5044	1476	kaspersky4win202121.16.6.467en_39970.exe	95
PID 1476 wrote to memory of 5044	1476	kaspersky4win202121.16.6.467en_39970.exe	95
PID 1476 wrote to memory of 5044	1476	kaspersky4win202121.16.6.467en_39970.exe	95
PID 2032 wrote to memory of 4832	2032	chrome.exe	108
PID 2032 wrote to memory of 4832	2032	chrome.exe	108
PID 2032 wrote to memory of 4316	2032	chrome.exe	109
PID 2032 wrote to memory of 4316	2032	chrome.exe	109
PID 2032 wrote to memory of 4316	2032	chrome.exe	109
PID 2032 wrote to memory of 4316	2032	chrome.exe	109
PID 2032 wrote to memory of 4316	2032	chrome.exe	109
PID 2032 wrote to memory of 4316	2032	chrome.exe	109
PID 2032 wrote to memory of 4316	2032	chrome.exe	109
PID 2032 wrote to memory of 4316	2032	chrome.exe	109
PID 2032 wrote to memory of 4316	2032	chrome.exe	109
PID 2032 wrote to memory of 4316	2032	chrome.exe	109
PID 2032 wrote to memory of 4316	2032	chrome.exe	109
PID 2032 wrote to memory of 4316	2032	chrome.exe	109
PID 2032 wrote to memory of 4316	2032	chrome.exe	109
PID 2032 wrote to memory of 4316	2032	chrome.exe	109
PID 2032 wrote to memory of 4316	2032	chrome.exe	109
PID 2032 wrote to memory of 4316	2032	chrome.exe	109
PID 2032 wrote to memory of 4316	2032	chrome.exe	109
PID 2032 wrote to memory of 4316	2032	chrome.exe	109
PID 2032 wrote to memory of 4316	2032	chrome.exe	109
PID 2032 wrote to memory of 4316	2032	chrome.exe	109
PID 2032 wrote to memory of 4316	2032	chrome.exe	109
PID 2032 wrote to memory of 4316	2032	chrome.exe	109
PID 2032 wrote to memory of 4316	2032	chrome.exe	109
PID 2032 wrote to memory of 4316	2032	chrome.exe	109
PID 2032 wrote to memory of 4316	2032	chrome.exe	109
PID 2032 wrote to memory of 4316	2032	chrome.exe	109
PID 2032 wrote to memory of 4316	2032	chrome.exe	109
PID 2032 wrote to memory of 4316	2032	chrome.exe	109
PID 2032 wrote to memory of 4316	2032	chrome.exe	109
PID 2032 wrote to memory of 4316	2032	chrome.exe	109
PID 2032 wrote to memory of 4656	2032	chrome.exe	110
PID 2032 wrote to memory of 4656	2032	chrome.exe	110
PID 2032 wrote to memory of 3884	2032	chrome.exe	111
PID 2032 wrote to memory of 3884	2032	chrome.exe	111
PID 2032 wrote to memory of 3884	2032	chrome.exe	111
PID 2032 wrote to memory of 3884	2032	chrome.exe	111
PID 2032 wrote to memory of 3884	2032	chrome.exe	111
PID 2032 wrote to memory of 3884	2032	chrome.exe	111
PID 2032 wrote to memory of 3884	2032	chrome.exe	111
PID 2032 wrote to memory of 3884	2032	chrome.exe	111
PID 2032 wrote to memory of 3884	2032	chrome.exe	111
PID 2032 wrote to memory of 3884	2032	chrome.exe	111
PID 2032 wrote to memory of 3884	2032	chrome.exe	111
PID 2032 wrote to memory of 3884	2032	chrome.exe	111
PID 2032 wrote to memory of 3884	2032	chrome.exe	111
PID 2032 wrote to memory of 3884	2032	chrome.exe	111
PID 2032 wrote to memory of 3884	2032	chrome.exe	111
PID 2032 wrote to memory of 3884	2032	chrome.exe	111
PID 2032 wrote to memory of 3884	2032	chrome.exe	111
PID 2032 wrote to memory of 3884	2032	chrome.exe	111

C:\Users\Admin\AppData\Local\Temp\kaspersky4win202121.16.6.467en_39970.exe
"C:\Users\Admin\AppData\Local\Temp\kaspersky4win202121.16.6.467en_39970.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3616
- C:\Windows\temp\D3830834F2A0FE1119706E701426A969\kaspersky4win202121.16.6.467en_39970.exe
  "C:\Windows\temp\D3830834F2A0FE1119706E701426A969\kaspersky4win202121.16.6.467en_39970.exe" -initialNonSecureSetupPath="C:\Users\Admin\AppData\Local\Temp\kaspersky4win202121.16.6.467en_39970.exe"
  2⤵
  - Checks whether UAC is enabled
  - Writes to the Master Boot Record (MBR)
  - Checks for VirtualBox DLLs, possible anti-VM trick
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies system certificate store
  - Suspicious use of WriteProcessMemory
  PID:1476
- - C:\ProgramData\Kaspersky Lab Setup Files\SAAS21.17.7.539.0.26.0\au_setup_4395AE5C-0A2F-11EF-9107-E60741629A96\startup.exe
    "C:\ProgramData\Kaspersky Lab Setup Files\SAAS21.17.7.539.0.26.0\au_setup_4395AE5C-0A2F-11EF-9107-E60741629A96\startup.exe" -initialNonSecureSetupPath="C:\Users\Admin\AppData\Local\Temp\kaspersky4win202121.16.6.467en_39970.exe" -auto_update_mode="C:\Users\Admin\AppData\Local\Temp\kaspersky4win202121.16.6.467en_39970.exe" /-self_remove -l=en -xpos=270 -ypos=58 -prevsetupver=21.16.6.467.0.34.0
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:388
  - - C:\Windows\temp\E58BEA74F2A0FE1119706E701426A969\startup.exe
      "C:\Windows\temp\E58BEA74F2A0FE1119706E701426A969\startup.exe" -initialNonSecureSetupPath="C:\Users\Admin\AppData\Local\Temp\kaspersky4win202121.16.6.467en_39970.exe" -auto_update_mode="C:\Users\Admin\AppData\Local\Temp\kaspersky4win202121.16.6.467en_39970.exe" /-self_remove -l=en -xpos=270 -ypos=58 -prevsetupver=21.16.6.467.0.34.0
      4⤵
      Checks for any installed AV software in registry
      Checks whether UAC is enabled
      Drops file in Windows directory
      Executes dropped EXE
      Loads dropped DLL
      Modifies system certificate store
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of FindShellTrayWindow
      PID:2324
- - C:\Windows\temp\D3830834F2A0FE1119706E701426A969\kaspersky4win202121.16.6.467en_39970.exe
    "C:\Windows\temp\D3830834F2A0FE1119706E701426A969\kaspersky4win202121.16.6.467en_39970.exe" -cleanup="C:\Users\Admin\AppData\Local\Temp\95EA5934F2A0FE1119706E701426A969;1476"
    3⤵
    - Executes dropped EXE
    PID:5044

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x12c,0x130,0x134,0x108,0x138,0x7ff91f35cc40,0x7ff91f35cc4c,0x7ff91f35cc58
  2⤵
  PID:4832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1868,i,9970192219279514874,9904850451136097870,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1864 /prefetch:2
  2⤵
  PID:4316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2200,i,9970192219279514874,9904850451136097870,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  PID:4656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2264,i,9970192219279514874,9904850451136097870,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2608 /prefetch:8
  2⤵
  PID:3884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3172,i,9970192219279514874,9904850451136097870,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:1560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3200,i,9970192219279514874,9904850451136097870,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:4460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4436,i,9970192219279514874,9904850451136097870,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4560 /prefetch:1
  2⤵
  PID:4276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4784,i,9970192219279514874,9904850451136097870,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4804 /prefetch:8
  2⤵
  PID:4348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4788,i,9970192219279514874,9904850451136097870,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4848 /prefetch:8
  2⤵
  PID:2580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4108,i,9970192219279514874,9904850451136097870,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4840 /prefetch:8
  2⤵
  PID:4628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4548,i,9970192219279514874,9904850451136097870,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4776 /prefetch:8
  2⤵
  PID:3716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4728,i,9970192219279514874,9904850451136097870,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3712 /prefetch:1
  2⤵
  PID:4344

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:1808

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4952

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

Software Discovery

T1518

Security Software Discovery

T1518.001

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Kaspersky Lab Setup Files\SAAS21.16.6.467.0.34.0\kdscrl.rdb

Filesize
3KB

MD5
79a78149e4ef2e6e09cc061338c7b151

SHA1
99505d2461a18f16d4d185603887c60e226347ee

SHA256
e6c0da20fc5d9eda24e4128faa5641f8b2d39951e0a0236c013e1f1efcbf83fd

SHA512
a3baf55b373b943f8f1c8840cdc2f02a94aed436c54fdcb8cf6eeac9b5840a5e1a11be0c70460da0c17f6fda1b01b87f4e2a688abb5ddeb7819301a1354d688e

Download Submit
C:\ProgramData\Kaspersky Lab Setup Files\SAAS21.17.7.539.0.26.0\au_setup_4395AE5C-0A2F-11EF-9107-E60741629A96\dynamic.ini

Filesize
4B

MD5
e36958bcec33d3c12c6e505707acfedb

SHA1
4133ec0e83e4c69b6c0094b47bfd1408f0c8d4c5

SHA256
b7f560303ee2cca55615b53fcff87c6ab2c55f9e71a6cea93c61b572213e7075

SHA512
a6313c15506f91f41084508420b7072f641df7419d8f280f0307aae9a2fd0c0d4ec3fa60ac10f8ac46e949de6478737727c45bb629dde19a060d905f0beeb7f9

Download Submit
C:\ProgramData\Kaspersky Lab Setup Files\SAAS21.17.7.539.0.26.0\au_setup_4395AE5C-0A2F-11EF-9107-E60741629A96\startup.exe

Filesize
4.3MB

MD5
260bc696a290b577637dd305dba16d1c

SHA1
26c796834379e6675b9e3e7b9c96af05d05faa35

SHA256
12b6ee96f7f0581f6b9633067bf7bbe638463d135eaeb06f620442b59cdaa9f1

SHA512
eabc234fefb9f704be6c92600ebfe7ec3335e15c1be84f4d3684dbfa0771cc8ba58c7bbad50d93940cba3446649ef85f84a17ee925fdc6bd6ed5ce9c5ad72c10

Download Submit
C:\ProgramData\Kaspersky Lab Setup Files\SAAS21.17.7.539.0.26.0\au_setup_4395AE5C-0A2F-11EF-9107-E60741629A96\static.ini

Filesize
650B

MD5
d8876a389760187ad7c61273003559a4

SHA1
22f88ab501c3c80d910380d6ad1095942d6287d7

SHA256
8c1c14d54c044c9ff4a8671211cc270a508a326a1df3765f5f7b570a9a028fde

SHA512
9cbe27c771c6caf7200bf566e43d0cc57692f28ef278c2b65426f0c64d6e49559c5577f4c5f414d51af329eb5a8b03c6f3c76829782cdc277665a0e89266c289

Download Submit
C:\ProgramData\Kaspersky Lab Setup Files\SAAS21.17.7.539.0.26.0\common.z

Filesize
12.3MB

MD5
eed93de5e824b0f5ec19ffb08c762d0a

SHA1
c762131265e97852676c91f3b3fd347bdc65a561

SHA256
1d330ecad037e118c9ab03518d08364d440885ca5b2e28404d26fa29784e7b81

SHA512
2c35e58bc1241ed57e17e9f81a6ea89ced6f959a27d4aee476fa7903785a435de044387e06ca7212cea9f66cad51d1f39aff5de49266a9e590714719e2698cdd

Download Submit
C:\ProgramData\Kaspersky Lab Setup Files\SAAS21.17.7.539.0.26.0\coreproduct.z

Filesize
40.8MB

MD5
35d2f5e74b8c26d9fc7bfd50009687db

SHA1
cabd6de1fe3d44c1a07736f291b78749ec93f3f6

SHA256
43e98fa78dc0a6c0fdc0b568f7cc74086b3044e805933aadff3124ca1966e3fc

SHA512
74c80d06ccbc2db09629001b182c2e82d4e959bdebef81d696f980fa41877f32806bca5e7783557100aac308ec1a195cb2f128b985b18b8f8a6f774b37c65296

Download Submit
C:\ProgramData\Kaspersky Lab Setup Files\SAAS21.17.7.539.0.26.0\coreproductgdpr.z

Filesize
72KB

MD5
6ebc22368653defa32f79d3b8162eed1

SHA1
22244ecdfd4b79d4a6c6b06ed11248837b4e2c07

SHA256
a6c4148930c59de861fc6ab8dacf18deb964e95e129307b3e79f1b9bce66b22f

SHA512
7e2a7b05c82b567d0a638eed9381e7377f0707606db6572a267e39659ca613030c6cf563d55af4cf2ffd6b8340bebf99db0e7cc518ed23523aaa8e13a4eaf809

Download Submit
C:\ProgramData\Kaspersky Lab Setup Files\SAAS21.17.7.539.0.26.0\coreproductnogdpr.z

Filesize
70KB

MD5
8cc4c148341f3fda73cae881bbc7f412

SHA1
aa57d35476332c098df6b948f67f1d7a5b6c1795

SHA256
a93f4bda16eab6555098a7b87c8c8d47121795df89bf103f42fc4fa305b9eb8c

SHA512
cf50152a0c7ac590f95ba78fa2e3d99ff1092b4fff35c225ae4573eb754a2a156d0877bb9017480968e15b68d7068ea54209d07d57ddb9be05febe2810945add

Download Submit
C:\ProgramData\Kaspersky Lab Setup Files\SAAS21.17.7.539.0.26.0\coreproductx64.z

Filesize
8.8MB

MD5
aaeba91567b8fc62dd07a5ba51c3115d

SHA1
35bec6d4025a65ec0702d5e583de2df075b6894b

SHA256
74bb596a16ac5cb3ee43dba88739523ad3cd5fdae4cfaed0b35d4ced07efc0e6

SHA512
71b0264ff437ab5ab85f62891bb85d6d49ddf8d91abbc6df98cec6907183d4975b79c7188b5ec77f56a2604d9d372c7b6ddf9fa814994d61bcc7bf54ebcb304d

Download Submit
C:\ProgramData\Kaspersky Lab Setup Files\SAAS21.17.7.539.0.26.0\ipm.cab

Filesize
130KB

MD5
211a9d0a16096ff14d6a92a27851bc2c

SHA1
72d81722b5752b8613ad1e5a4c4e603a328ecb4e

SHA256
28d87b842d57651e59fffd9f6606a0836797b2b3b91c98a39955abd0b933c17e

SHA512
005daa952e6d72aa9b852cf91050470c4d5a706a04287a9f23101ccc36d76ef636d2d3cb3ef40d1ec54289b6f259e2b8fd97fbf9c8c5302362bf0118d8ebf382

Download Submit
C:\ProgramData\Kaspersky Lab Setup Files\SAAS21.17.7.539.0.26.0\kdscrl.rdb.z

Filesize
5KB

MD5
2bba1d164c3e753221d404549d2f8f09

SHA1
14164a43a90c6f57efb462b0c932321215c324cc

SHA256
161f3b13b6d49395a8cac0409c04833eac1b0b08804f1d00fdeecd7ad59c755a

SHA512
5e3541f8a069436c635652ad43a1bf7734fea9a2dec4d0dbfd972219c5672babf65dd10679f90516f781018cead3ab701a63ea2d315d50836363780a37633918

Download Submit
C:\ProgramData\Kaspersky Lab Setup Files\SAAS21.17.7.539.0.26.0\kleaner.cab

Filesize
2.7MB

MD5
b05dc0f26174e395870932a32ae7aa24

SHA1
6a115be45812088e6c2ba1479d83bd957af01d43

SHA256
965bc91c9688f0459cacc8df4b324faef2d0de17daa0efce72d3d878235ee4ea

SHA512
0f4115d530a9220cae57fdf81dd427c917bdbe153c1655c4e8de4d4094be0b532189089eb70a01f2c3d3689f2ffb1c1f9fe9920b732a55688a7cb85a1e5dfac3

Download Submit
C:\ProgramData\Kaspersky Lab Setup Files\SAAS21.17.7.539.0.26.0\product.cab

Filesize
7.8MB

MD5
b68f79eeb8e7930ab9966f356cdadf66

SHA1
85c2514b850ca85f5b114ebd167aa24f79072231

SHA256
3cf812170ee95cd7f4650a326461f471fc8048bab056eac4228bbdd54e333eff

SHA512
e098c7133e6b7c50a89fde06e743ae62eec583a7fe22843205d197e347a3fb51e17caee8049e42d228d8635e8626d6deafd0e8dec76c2a9d7cb6a2dc0869caf0

Download Submit
C:\ProgramData\Kaspersky Lab Setup Files\SAAS21.17.7.539.0.26.0\product.msi

Filesize
15.4MB

MD5
a2e03d2c45b2c2a5e8622f16590aa0ee

SHA1
77e8e8c492689bd610fb2a071a1419b860df9169

SHA256
9a44b267a7824d5b2b1b5416db2a724c400d8b493b932c90790be10975f88b3b

SHA512
60719d0bf6653e4d49f6f028a5da63fa8bbb276afbf83dd12065fb2c9bd8e9621f8f8991f0ce5d3265b87715de0a574de8bca71b799d564838398c88c83e88cf

Download Submit
C:\ProgramData\Kaspersky Lab Setup Files\SAAS21.17.7.539.0.26.0\startup.bin

Filesize
4.3MB

MD5
1442f7f8cf8f7ea5ad4145bfd02b4a7b

SHA1
6b881d919ab936711b932431fd7458a6da7e7935

SHA256
05bd54142dc1228d534b583c58b474424e478244e5be10c4f7c32104cd1ffa96

SHA512
9f0dc78f127a01a82b84b57e3f08298a42413bfa536c6d94f60a49d4489ba5287485e21ef9efa0fe31635b4a3a92573ef456da47ef134fd4bdd3447105c77491

Download Submit
C:\ProgramData\Kaspersky Lab Setup Files\SAAS21.17.7.539.0.26.0\startup_m.bin

Filesize
4.3MB

MD5
dc14bcaf014f7ca55af31153d83a8cc7

SHA1
85ee93bf5d88acbd023b81a1b36afb6256937787

SHA256
6b7b2ee86061d2ff1f6f4c443b7456d38210444995dae3ef19a68b8a9027eea2

SHA512
88b1355bada2582b986d080838d8b2beaf965c50364a637c648620f964cc4fb349853797a455f419430319f8f66cc5367a41e1659145923f5769671117c2cf33

Download Submit
C:\ProgramData\Kaspersky Lab Setup Files\SAAS21.17.7.539.0.26.0\startup_o.bin

Filesize
4.3MB

MD5
00efbe8107ce6c1f8a7329155ec9b8f9

SHA1
0a7b92ff6965f735906d048d3788cb4f339d46ac

SHA256
ee6f9b1343601033f591f645b4cba8963128fb72b7622593631082e6a85bc296

SHA512
838722f988102f2f0322f128c57c95d42ff45dd9c078f3b01f9bcdd85e0ef907d70a5dea79e5094d8c431d05a7a5e84f7039e75d424a8968fced232a319a9667

Download Submit
C:\ProgramData\Kaspersky Lab Setup Files\SAAS21.17.7.539.0.26.0\x64.cab

Filesize
8.6MB

MD5
40e8ad9eb69fb0450d217f8e5b3f956d

SHA1
f3704e8f12dc528ee153b6ab5075d481d409f659

SHA256
95a2f07804f6b21dd03e01734a3094406f9b358d8a4fa1b39504a28c0a20a443

SHA512
b474e9b464d6073669f70f47a378363d0ade7810ffe2ab3441994a062b817f9630c8dd4b55924109af6f60ec17f09a5be57c4058206084b57d6e80ed610da7e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
8a84a6da9140523070472fa407e0d168

SHA1
658c4f74c5b5859993d5aa627df8638d81a62d1f

SHA256
3f4ecc7fc4d94c2d5bef9967aca9429b7c4fbe1f6f77c2ebca5f177be307667d

SHA512
40e5bdbeb10ab03bafc1c309ada32aea9f878213bfd97f1e65ff0a25f69db2a0cebdcc272ab076fb5a738f97f9d6038818df1ec651bf9fdb2d865bcd951b4058

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
8657858345b8d5606e8c88a33c8d76d6

SHA1
38adfeb26dc82e2c81be500ed4e19c43306bb56f

SHA256
25ab36b7fce7c0f6b0165437509c3c63ba897740f06bc4a8fa7d6efe958dbe95

SHA512
5a25ff53ba4c543e00e9a7c690a223d4c903a847dea0797f7694074ea6606d47d006e267592876caa8578acdaf5f32a48d1ec0733cde16ef2bb06116889742fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
4f807f9e9b390cff6c9dec03835d4888

SHA1
a5e95d1f44927229062760a3a5d3d75a46e65cb7

SHA256
277ce41abe47ab571972d3ac3f2e656a35801369ab22ffc1bad037a504f4ea69

SHA512
7df728fc135549a2fd1d9e974ad2cc06940efe2b1de1a0dde3a8da0d1037262e093434b8cdd187261ef2abf54a7940c8967c2dc8a5495322eb73fe44fd1b8ac9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
ba4dc93cc6ea7fe7de447f84198c4999

SHA1
daf9356ddb85ddccf07c4416da26b2e6514cdbb9

SHA256
3706a99d6d43905c49730aeb028a51087c60169ae2576ab534bfa5e7c91337fa

SHA512
105ad7c35e3a26f880e378c733ae7e64cf01240905f81a4e1426127838e1033b95f749d494c2df19889eac3dfa6ba1c8d7cb58e7269ecc1844e0cec223ab7638

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0805f72daf15df4d530ba86f52a7c155

SHA1
10e6018c7cf645018940b2f976c004ec11bfbd3e

SHA256
2f6bc63108d95554ce32b054da2a951dcc0aadc282f8293ba7ff44ddab47c58f

SHA512
adddbeb4dff3dfa2a8fcf152e26f226f5bf2cb8ed071ad58788562883c3e360b2eec29cb9e05baacfd0aa617612eacb879493465ca4f4794a377dcdd7500f598

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8a28d7eda5ce38e3c21a6b074fb5665a

SHA1
d8b66896a9344350067dfcba7d0d2853cf70366e

SHA256
e64807813e12169ae1e2dca70ae92ec4d46276da9fc742d2311d895a550b8e9d

SHA512
5db36830aff466ff385724040bba4b012bc10b8bd858a4c286713df6e61a1300dd96978134344b6ddebfabb313bf560e6bb73057c1c977fd304f9d48379e20de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\df262272-b090-4d87-8405-41685ed16e89.tmp

Filesize
15KB

MD5
d6e7354a5040c92bf5363a81897a5a91

SHA1
dee6fc9f2880f401868c2840976c80184f3b31d0

SHA256
19f4d9cdc728aec614c2d756c216c8078ae4c18e26653b6a5a66cba8c9b1abaa

SHA512
763552891eb9e4a8c9b3c719fe3af48c75a9fab951526e2f89c9a12c468c221303cfb4d9410f3aac44bea7819a1fcf5af1ee52c27244f5295f1f4df22eac9ca3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
152KB

MD5
e55f0f50ab0dffda50d2d3bfcc4bab11

SHA1
eb3384ff7d00d17d4070e71766b4e68fc64efc14

SHA256
7ee655c4a84b6e4f9ab40923352afb6a1c81dd67bb1e585b581af980370fcf8c

SHA512
4bb98665ecc79e0f827dc24f30591db36008daaaae780fe3163ad361c90caf29b4e73245a3ca89fd58a36108c711b7384a29a0895f1780f7d2e63c131b482b77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
152KB

MD5
67e0185d7357840de70fcb15b813c165

SHA1
147d5e6a4cd99515a6ef93da8bc9c47d1f05d1dc

SHA256
5e7521ee378d382255570e66f73b113288e48c2e4913d6fc9f21494e09b6c141

SHA512
cb50a2c07e0ce1f09674689ae0e1674ddbb88f235192030484875a145fa11686612b21adc3cd345ac7b7a937b09a9816dc8faf2ef39e773fcc53c8116b4e70d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\4395AE5A-0A2F-11EF-9107-E60741629A96\GuiStrings.loc

Filesize
22KB

MD5
09c4e9f41c4b8bfdb6bf8916af730ecd

SHA1
a215913aa718b459d8e3c13dfd22e5246dcff38c

SHA256
57bf969d3c10d5be0a4b31b8e530c1e005622c8dc809ee4fbd4c214f3b3e9a37

SHA512
7767639c5e068fd3e83a527dfce0345c902673e50102a6c5ba3998ffa2d16f0417a74bee15fce9b6825eabe94f6d36c4528cc70c4541294415b26b9f0f64937e

Download Submit
C:\Users\Admin\AppData\Local\Temp\4395AE5A-0A2F-11EF-9107-E60741629A96\GuiStrings_SAAS.loc

Filesize
3B

MD5
ecaa88f7fa0bf610a5a26cf545dcd3aa

SHA1
57218c316b6921e2cd61027a2387edc31a2d9471

SHA256
f1945cd6c19e56b3c1c78943ef5ec18116907a4ca1efc40a57d48ab1db7adfc5

SHA512
37c783b80b1d458b89e712c2dfe2777050eff0aefc9f6d8beedee77807d9aeb2e27d14815cf4f0229b1d36c186bb5f2b5ef55e632b108cc41e9fb964c39b42a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\4395AE5A-0A2F-11EF-9107-E60741629A96\GuiStrings_en_SAAS.loc

Filesize
826B

MD5
73518d2509327e2b7af9298d91739e6a

SHA1
5c0a1c913077f47cd7e31a2cc5d9036b580e2e9a

SHA256
4c7f4982c97275fa28a02008cf4162d3b43e7fcfb7ff82a5d9be2026ae60af82

SHA512
b660f49634d7926ce9bc865c90ac2049f372a1925a067f4d72348a481f0a9dd1509620682c94353e863bd2b7996b5153b3b4d5a866100904ced0791cc8bb6023

Download Submit
C:\Users\Admin\AppData\Local\Temp\4395AE5A-0A2F-11EF-9107-E60741629A96\downloader_neutral.ini

Filesize
18KB

MD5
bb9bf373d67d691eb9f6a5e3144b6689

SHA1
ae02905ce098157282361bbdb617eb55ba381d0d

SHA256
fbfbe77ff3250a85c2c57bb1e7db45a33f3b7dd462a06632b9b8c4df86d553c9

SHA512
3226ab24aaaabe5876a526e7cba56087b8302885b54743dc3c8c22cf0178b333ed973cb9e296e6273f9810255adf233f8e69db272ddaa95e68630f48a2b06ac1

Download Submit
C:\Users\Admin\AppData\Local\Temp\4395AE5A-0A2F-11EF-9107-E60741629A96\downloader_neutral_SAAS.ini

Filesize
1KB

MD5
1f8ce4b3a1aee2eb28b106927cf8b76f

SHA1
61135884830bea7800c798bd8ad1074b13222aa4

SHA256
b61d7e0071a6eb32a09a26105f0144fdde42fbeb0bbbf8b9997b8e3431dc81e4

SHA512
a363e74a76616ebcea3b90fbf39c31168ebb0b0064f87c750c9754d20efc114101447b1d1c6d56589a1c47d21a46e043ab20d0dae24cc0c72c093737578afd50

Download Submit
C:\Users\Admin\AppData\Local\Temp\4395AE5A-0A2F-11EF-9107-E60741629A96\ksde_ksn_en.txt

Filesize
12KB

MD5
ebaae1ee96cb2332f77b480d7bf789a8

SHA1
d345fc263dc27e9c7cb1763f1fd500cab4010b57

SHA256
8de6c161d40720c4833d958e0183ae91d5065c5bc172a117af1359358c31d4df

SHA512
436cc7bf740488baf8fb10f822e5828b707d1b09700386f739aa39abf4b06ab2bd29e931a16f2daa72ecb1f018b9460c7122cf6c560200dd4b1ac3e54d0f72af

Download Submit
C:\Users\Admin\AppData\Local\Temp\4395AE5A-0A2F-11EF-9107-E60741629A96\mykasperskyfeatures_en.txt

Filesize
4KB

MD5
7e36c7041de240449ea43ae1f0db8722

SHA1
a4ca96537f6b04ce2ce3bf87bd41148671e5d6bf

SHA256
af50a9aedf400814f0ba5387469f8fda12b7ac7ac059a2fbe4646884d17fc6fb

SHA512
30b99fa0e3707394f8166b9fbdd369738af4257431aff6594386d8644fb43c32180d2e60503e408804f935eda0569e6c62043f78d7ca0f1afc38410418046d86

Download Submit
C:\Users\Admin\AppData\Local\Temp\48048D60-0A2F-11EF-9107-E60741629A96\GuiStrings_en.loc

Filesize
38KB

MD5
bed8f768a0abffbb66c4d3c01877b235

SHA1
f5ded780443a5edba2a3254eb4a066c2fc8afdf1

SHA256
0809d52010c89ea9f57551daea9a5ee8fa6ce56656c7504e00fb9b521f4cc821

SHA512
213ddd2fbd8d8dfd500dffaffa4e8dbcfc25beb1627fea8c33326aea371527f9129643f96bfe4be9bf7f6e8e454671eb676aa73447a0890985de70d4b3385862

Download Submit
C:\Users\Admin\AppData\Local\Temp\48048D60-0A2F-11EF-9107-E60741629A96\downloader_en.ini

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Local\Temp\95EA5934F2A0FE1119706E701426A969\System.Windows.Interactivity.dll

Filesize
39KB

MD5
3ab57a33a6e3a1476695d5a6e856c06a

SHA1
dabb4ecffd0c422a8eebff5d4ec8116a6e90d7e7

SHA256
4aace8c8a330ae8429cd8cc1b6804076d3a9ffd633470f91fd36bdd25bb57876

SHA512
58dbfcf9199d72d370e2d98b8ef2713d74207a597c9494b0ecf5e4c7bf7cf60c5e85f4a92b2a1896dff63d9d5107f0d81d7dddbc7203e9e559ab7219eca0df92

Download Submit
C:\Users\Admin\AppData\Local\Temp\95EA5934F2A0FE1119706E701426A969\kl.setup.ui.core.dll

Filesize
89KB

MD5
78fb3f1e9f69beca863af1ff7713249c

SHA1
65e00f042db34b385d9bfd0100a3b13efd79df5e

SHA256
323aa8d8707a030bf245d6031b7fb439c929a3a24c5621a03276114691e45aac

SHA512
79bcfa36dfb3b1a6e04d06a5d85fce6574831d5684ae55c9e08784ee6a585bde5c649438103d40edd85da3bb8fd1d27b00be16fd421d32502da3587468ee8ced

Download Submit
C:\Users\Admin\AppData\Local\Temp\95EA5934F2A0FE1119706E701426A969\kl.setup.ui.dll

Filesize
279KB

MD5
bb9df6ed16bad5bbcde9b106e11dff6f

SHA1
5a18c06282442a241e42ea45eb636cc77bf7d95c

SHA256
dc5f2821548e5a660fc920224846994da0169972f18a15e04fc9943a6a08f734

SHA512
12d3c0ec2cc0224614cd8dcc81bb0f5610a0b836420628722d3409775f1c186b9d7cadb9a61bf5ce5f5ae1c99fa408ad14900f7f8b83c0b5073180786f9123a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\95EA5934F2A0FE1119706E701426A969\kl.setup.ui.interoplayer.dll

Filesize
56KB

MD5
a54a9d1185edd71b120010d131f0dbea

SHA1
e24ebb90da9840cb2b813bac4409c9525258d864

SHA256
a7d59379fdfa59c21b114b087b16028480f976efa12e3a197fff3729f28f3bb3

SHA512
c16e90afa3c9d49c6fb8af03e027e927c6ae582f28ffd6cbcb79178a47346327bef6ee8791cc0c04643ca7204c964c19c270f6c8609f1225bdcaf7d5f3c94c49

Download Submit
C:\Users\Admin\AppData\Local\Temp\95EA5934F2A0FE1119706E701426A969\kl.setup.ui.visuals.dll

Filesize
417KB

MD5
5bcc51f3bb85949e37ffc08cf1501f70

SHA1
f2d6067c3084e5c0af33b6e4bb9837b3f05a8f83

SHA256
fdcbe09d8c6ee7681e88bbf7bbcc6c87f089d034e00df6a422c3482f4a99a2bd

SHA512
950d8bf52222c1ba6c5173b3a9385737b4b414a259d72adee921b524b790113f473e00b5961972b19ad5dd2349fc1ba5c7b3541086c5b93a11238992a0e3c8a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\95EA5934F2A0FE1119706E701426A969\kl.ui.framework.dll

Filesize
235KB

MD5
aeb7ba2ce5574025a985313bdde99cfb

SHA1
7e7d4d90a11c317c5d3b5065d47ef4209296cdaa

SHA256
92d7b5ad2e92e72804223e71cde8350ba7f0561e5e1b8c0002ce88e3e88f6ef0

SHA512
bd0aa5b5ac94076d6d6607cf704bcd89cabf43d3f99042fee8b653a0674c315ac9e464f0aef091998152f6b107a47034b541021efaf759bf250f6f99a91ba572

Download Submit
C:\Users\Admin\AppData\Local\Temp\95EA5934F2A0FE1119706E701426A969\kl.ui.framework.localization.dll

Filesize
281KB

MD5
ccf2531b77412b4eb5410888bd3eeb42

SHA1
ccc53ff2ac5b21d2a026b9f3431a016aee08dcb6

SHA256
170a04a3141b1c4f2606c3ba78d687972db6319d85d7a45f59958cc9f1fd05bd

SHA512
6eefd54ed14076cbd391e95817ce53c4bf69bae7d3c6f75f682d8e26f236cb2e4b9153c54fe358e1f833e9661cdc010686a2a5136fa70d77ca7f81cd59e32909

Download Submit
C:\Users\Admin\AppData\Local\Temp\95EA5934F2A0FE1119706E701426A969\kl.ui.framework.uikit.b2c.dll

Filesize
543KB

MD5
fb389c9c3c063163f5609608405f66bc

SHA1
0d2d249335b82941aaa7aeb58947c12cadf04ff8

SHA256
7e97138fe069a260a05bad7beddc31fc54d0909f36728ab0efa761e7580393df

SHA512
c169b1e6fecd432517f58bac541820c4fde5fefd847b9dd4544d290f95334b8fc392b26cd02eebeb30aaddb87885bd35b1f0c46644b1e5b9e9c84115afebf0f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\95EA5934F2A0FE1119706E701426A969\kl.ui.framework.uikit.dll

Filesize
2.5MB

MD5
7076c5eb43353580a88554a458c393dc

SHA1
74d9ec58d4ef5d0a7a69fe6500b47c6873ed87ba

SHA256
294055db0edebad0b62f5690d65c401ff3c859bb2ce913c7840142ea344f0f24

SHA512
81c88f67e55c415a5fe48c07d020069cd494c7eaafb8c79475093121121d7360c9a72e79f9f64c6700f4a90a923ae876064d0a942c2cda3a6914c1b07a218515

Download Submit
C:\Users\Admin\AppData\Local\Temp\95EA5934F2A0FE1119706E701426A969\setup.dll

Filesize
5.5MB

MD5
e34dce5943a4af2e2f49d56241ab50a9

SHA1
85e7c363a6847f7784ecddd23e05c0694649c2fc

SHA256
6df2127ff01bbd7a48841146043ca7f41235441862817950a30aac68b2661fbd

SHA512
bf096925b529d956548aeabc87ea0442fa9edaf602cb26e54827d342ed997cb4709f5659bb9075f8a41788ee977ac9a505329c397f830f4d9c6c69fdf837f153

Download Submit
C:\Users\Admin\AppData\Local\Temp\95EA5934F2A0FE1119706E701426A969\sharpvectorconverterswpf.dll

Filesize
137KB

MD5
ca5e6167b66c384f62e56fe0e1757af3

SHA1
4d8912deab579d0ad3bfa7477f7377d03260ec1f

SHA256
a9edc78bc8dd9e6ab098c96d2f26949bf8cc7c1f1071c5d96154022dac685979

SHA512
53d2828ea80ba1c9726240859c42deddf3b384bfdc173763804d5c0e59bc531de519720c8f396cba3851768be14ebed5f8f6ed501d2a99055f2abab9c920ce5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\95EA5934F2A0FE1119706E701426A969\sharpvectorcore.dll

Filesize
201KB

MD5
f6004bd10ff1bced912d389a48138323

SHA1
349d4f7bb69dec14ce5051c1ce4d7aaf33ce9ab8

SHA256
fa2c2216181125daaf69ce4c7e2addc9df98e09845a27292b9775ff8d568ac39

SHA512
550af5c8d54f4987a7c05347c9fa21a6cac5817ed410c5f9358bed6d13648c0c55be2426ea3b221f82b635e91f2a2c505f07703ae93392754c870853073536d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\95EA5934F2A0FE1119706E701426A969\sharpvectorcss.dll

Filesize
109KB

MD5
25e40483458b8083eb12d38b6cead136

SHA1
9158642854dcdc9b2610272e181d98526b3547cc

SHA256
1a87d710b34b187f75e9213c95ab5eb129da63906f122035e7badf7044c929c9

SHA512
381ba47f815cfc4fe665913a49f8e53121dcad53c8e63ffc3d61663a2b5db0fc3fb2e3e8784fe5a0fd058ccb0687317c11e01debf4c596795f7cae5fd45dcadb

Download Submit
C:\Users\Admin\AppData\Local\Temp\95EA5934F2A0FE1119706E701426A969\sharpvectordom.dll

Filesize
55KB

MD5
b97a47906b78413d18249eaa15c0933b

SHA1
ccf1951838e20c52cdc440cea34f88101310dbb3

SHA256
5fd8cfbe80ec610463ab092b74e2c22b2651f30dd0660849d09210e70eca7254

SHA512
b490641ca358c270e77e587c5ecff4ad60848384348603d576212e4da133d30087aa32ed11037d19de8f3f6777711255f5a6a9a66ddfa0abb87d893d72619af5

Download Submit
C:\Users\Admin\AppData\Local\Temp\95EA5934F2A0FE1119706E701426A969\sharpvectormodel.dll

Filesize
997KB

MD5
ff09404438a1aaf5bafa792a504e7631

SHA1
7e78ad564aba274bf70c5320e39ae5061b30572a

SHA256
ccf8359d7862330ebb1dd0a5f50b9e12e43b1763ef64cde5417960774d1dcf11

SHA512
8b90210aa69b69b9e4e06a721a444ca9e50bcb87648fffdd2f47f2056ad52c55a2228547c45757a804b3b76ced8bf8899918f5c4a23f2139061bdff1dcf23db5

Download Submit
C:\Users\Admin\AppData\Local\Temp\95EA5934F2A0FE1119706E701426A969\sharpvectorrenderingwpf.dll

Filesize
203KB

MD5
619044935bd3151b6d1fef1e06ce5323

SHA1
f5d5e2b4171465ef022ed85ea7ff1e70c7b2a581

SHA256
5b6dc4ff32972e022a3a457d319ffc756c915b8f9be4fa62a550f2e361aca5f2

SHA512
d5f4cc32d6ccecd4accdb78913badc5190adea1df1e173d5b47ef2c522cadf4d2f198deb25440aa1360c03ba90fe734f3f8a3b63b38e7b7c54b8d3ecaad06cd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\95EA5934F2A0FE1119706E701426A969\sharpvectorruntimewpf.dll

Filesize
69KB

MD5
cef0c0a808a94ef99fc4dc3472691a21

SHA1
637ea1d4def4e840d73af915d0118db2c8c9f2bc

SHA256
186fb849e9284fda5ed5ea84b1bb7a73b4321afa063df2fa4812b7f0dd857761

SHA512
0f764d85f76fe2fdcf094120f379e0841b74f710b6857722687334bd7a01329d79ab653e825c323110c9e67999429c70efe2c213b7a6a77d1d939f1829f5ad67

Download Submit
C:\Users\Admin\AppData\Local\Temp\F5D84084F2A0FE1119706E701426A969\kl.setup.ui.core.dll

Filesize
89KB

MD5
2c8f5ec07cb84d844e3fdee32b2a8e00

SHA1
2e27daffed27a7e6ee3adc50eef1710da318ca32

SHA256
8d5bd8184fbc3f79ea9edc2c25e1a5a935514518c3fba89bde308c06722375f9

SHA512
ef37109b456a68d55dee8a45340e25cb9901909b30f9f882f62060951bec20d838561dbe5ebe0480aa2feb668c6ffbb2137ed2f69cd3d6337c6f38cf395f6eca

Download Submit
C:\Users\Admin\AppData\Local\Temp\F5D84084F2A0FE1119706E701426A969\kl.setup.ui.dll

Filesize
278KB

MD5
1bebc399a1b31eabc3361169df0316d1

SHA1
56091143fafa680dc65dd5f2b5d6fafa94590041

SHA256
894914e74da8c8faf8bb9b34e0f9b586db3cb248c3f6edb715a7cb8c930dd66b

SHA512
d0d1fb7e23391a352f6bb3d5756dbbcd5a3558e0c477b265453931940a223dfa31cafe20232a9d08fbb127158bce325dd8b769e7bb62907be89019cd3f02f1ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\F5D84084F2A0FE1119706E701426A969\kl.setup.ui.interoplayer.dll

Filesize
56KB

MD5
baf69d3c6977161e0c2b631b3f9958d4

SHA1
a1b2982c11811c4e5f6bce95f3072a855d11c369

SHA256
e6392d0cf3a5984034ca0b346476d7482243550ddd0c65a8c0ff2f03a15867bc

SHA512
2fb765d07638d239b666d4043f9ae75e91dc271ddf399dfe5bfd1c894bcabb95e6e965b478f5208687d9ebaa18cdafd6fc3400cd47694fd9db4ac30f3f1d5839

Download Submit
C:\Users\Admin\AppData\Local\Temp\F5D84084F2A0FE1119706E701426A969\kl.setup.ui.visuals.dll

Filesize
420KB

MD5
6181240bc579d2dfb176a1ca260f5a90

SHA1
eb13b6cd4a242c8399396795d1863954b8d79507

SHA256
b07c4d99d4cbb62b31a425e60c993b809c7043518a9ef0b7b561abd180a1b768

SHA512
f5bb4bdd05836c494a560dc9aa16d62d29b90df7c5854d4a97b8e274890dd1476de955637237867a666c1f08785f5dc06d571e023b124530ee87cf6fdb98689f

Download Submit
C:\Users\Admin\AppData\Local\Temp\F5D84084F2A0FE1119706E701426A969\kl.ui.framework.dll

Filesize
264KB

MD5
2ad2ab4f8517da8e2efdfed22ad49f1e

SHA1
55916e3e5c4c40cf2e5644fbad07baf31459673e

SHA256
6efe8efc6701c80d59ad33bd139aeca1b47a27f49d3ccc16ed01a49da9bfc2e7

SHA512
12800c7d475af627c98cecb6e6c2de8247094166126978e24bd8be3f7193828781e853ee10b3133c989d625f0e2860ce4551369d864748b70db4ec220c515bbd

Download Submit
C:\Users\Admin\AppData\Local\Temp\F5D84084F2A0FE1119706E701426A969\kl.ui.framework.localization.dll

Filesize
283KB

MD5
079ac68d4beb2ab9602d754b09ff652b

SHA1
90032834cc5cffd0b00119e4e38b5f4c5f877e4c

SHA256
9377c35b19c30ee75c010b1e592796daf1d3493b397ef9d61a1c63a5ab30a88e

SHA512
53782adc516950888ec69b21e744fe4d7f8567223e7c067e362800c78e3621dc148d5aa19f6011962bece1ada3691ef1ef40838a8072480c54aeedb2f4e0c9b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\F5D84084F2A0FE1119706E701426A969\kl.ui.framework.uikit.b2c.dll

Filesize
631KB

MD5
445e34aa976419cae54e13ede8d41ce5

SHA1
98ca3ee808f97ae16970b0fcefd3387bd07278eb

SHA256
a255bb5dfaa685d7443dbc8bb7fca71417c8f0b1f617ade7077ee437a23a9b24

SHA512
86b4084cf781d4efbb814fce3ed6ca48addbf4c15c5ed3630673350cf65056a80e2a9bc00581a45ae370a64f0bc720d506622eccd9d7ef170814faab1cce14c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\F5D84084F2A0FE1119706E701426A969\kl.ui.framework.uikit.dll

Filesize
2.7MB

MD5
18defb1e3b7460f592a8ca61e4b40ff0

SHA1
8f8f7d7d1ee8a048d162603cc21a0f4c40b9036b

SHA256
02a884babc5584fec80b227eb1c52dc800c516f1117ff9637617ad84c632da9d

SHA512
7cbdc0c113a0c7ff9628674a8a23f4224290455d4a9a41a66889d01baf1f28b0175197c3078a791ecf6b2052c3fdfc35cf38cfae5bf5917bde80f82499d40b12

Download Submit
C:\Users\Admin\AppData\Local\Temp\F5D84084F2A0FE1119706E701426A969\setup.dll

Filesize
5.5MB

MD5
0bf11445ce2c07a3ab2a52a4adb87e8f

SHA1
77016ae035079d52db244311dfdcf1157eea2c69

SHA256
5adfffdd80d872741e7c8f3211f6f36da9d1ed0c78089348d747dbe6281ec1d3

SHA512
7e9dddb2df5ffede79a835e30dd82319a1b366966dfd4ff45e4b6c46157ca2d381e68a766a3db743158066f95b6ad2ce61b375e86ae84855d39239858cfd1046

Download Submit
C:\Users\Admin\AppData\Local\Temp\discovery.cfg

Filesize
30KB

MD5
0791a1abf0cf4e7f36d2637f24dad244

SHA1
8928899ce4fb63b9dcf960f84d3b92d7d3c2b547

SHA256
35deae832278c47afbcb6e8c940f5bfc66d5b3fceba6ef6c2411b2c5065a70eb

SHA512
9e507bcd5054d9952319ea0795fd796f6915263a3251db10b632df6eacdf419d5f1c101f91cb9d39768f07fea3af1156af10e5b34792bf9378da840f78a30613

Download Submit
C:\Users\Admin\AppData\Local\Temp\discovery.cfg

Filesize
30KB

MD5
3fa19a8557ed744aec4ef2ec5a811cc6

SHA1
e1b9fd36e09a08288faeab2b118cdec6cc0f6af8

SHA256
d49e70514b13ea14956073482d1e763a538e5ffbd48e0ffade7daf558fdfa74a

SHA512
38f1cd871001dd1a3d8e7e07a28a6e696d6dfdabe0b1ef9bb94f7886e0dd0f344a6b17729938699652eed0009d6e60ba677037bd5826e309be1adb4879207efb

Download Submit
C:\Windows\Temp\D3830834F2A0FE1119706E701426A969\kaspersky4win202121.16.6.467en_39970.exe

Filesize
4.2MB

MD5
88a9e8f8edfd369e7a45d35ecbd788ab

SHA1
6c58421606592ea59418b9f79983d018c19bda06

SHA256
182699e264a70636924b994cebad5b06ccdcd96480be3a6b970816f3adba4f45

SHA512
6892707be382751b466d43227172b8da913f531e4f257527e7b50e87bf1226a8c6730f9eaa9c617549440049695fdbc317e3d39b4d325382c8e4e0ee540bf2ab

Download Submit
memory/388-199-0x0000000077252000-0x0000000077253000-memory.dmp

Filesize
4KB

Download
memory/388-198-0x00000000773C0000-0x00000000773D0000-memory.dmp

Filesize
64KB

Download
memory/388-197-0x00000000773C0000-0x00000000773D0000-memory.dmp

Filesize
64KB

Download
memory/388-196-0x00000000773C0000-0x00000000773D0000-memory.dmp

Filesize
64KB

Download
memory/1476-162-0x0000000007FD0000-0x0000000007FE2000-memory.dmp

Filesize
72KB

Download
memory/1476-89-0x0000000006F80000-0x0000000006FC6000-memory.dmp

Filesize
280KB

Download
memory/1476-9-0x00000000773B0000-0x00000000773C0000-memory.dmp

Filesize
64KB

Download
memory/1476-8-0x00000000773B0000-0x00000000773C0000-memory.dmp

Filesize
64KB

Download
memory/1476-11-0x0000000077252000-0x0000000077253000-memory.dmp

Filesize
4KB

Download
memory/1476-7-0x00000000773B0000-0x00000000773C0000-memory.dmp

Filesize
64KB

Download
memory/1476-41-0x0000000073A0E000-0x0000000073A0F000-memory.dmp

Filesize
4KB

Download
memory/1476-45-0x0000000003910000-0x000000000391E000-memory.dmp

Filesize
56KB

Download
memory/1476-52-0x0000000073A00000-0x00000000741B0000-memory.dmp

Filesize
7.7MB

Download
memory/1476-51-0x0000000005E70000-0x0000000005EB6000-memory.dmp

Filesize
280KB

Download
memory/1476-53-0x0000000073A00000-0x00000000741B0000-memory.dmp

Filesize
7.7MB

Download
memory/1476-81-0x0000000006510000-0x000000000654C000-memory.dmp

Filesize
240KB

Download
memory/1476-85-0x0000000006C10000-0x0000000006C26000-memory.dmp

Filesize
88KB

Download
memory/1476-93-0x0000000007460000-0x00000000076E8000-memory.dmp

Filesize
2.5MB

Download
memory/1476-98-0x0000000073A00000-0x00000000741B0000-memory.dmp

Filesize
7.7MB

Download
memory/1476-102-0x0000000007A20000-0x0000000007A88000-memory.dmp

Filesize
416KB

Download
memory/1476-115-0x00000000061D0000-0x0000000006258000-memory.dmp

Filesize
544KB

Download
memory/1476-122-0x0000000073A00000-0x00000000741B0000-memory.dmp

Filesize
7.7MB

Download
memory/1476-127-0x0000000006340000-0x0000000006350000-memory.dmp

Filesize
64KB

Download
memory/1476-172-0x000000000C050000-0x000000000C05E000-memory.dmp

Filesize
56KB

Download
memory/1476-171-0x000000000C080000-0x000000000C0B8000-memory.dmp

Filesize
224KB

Download
memory/1476-141-0x00000000079E0000-0x0000000007A02000-memory.dmp

Filesize
136KB

Download
memory/1476-146-0x0000000007F90000-0x0000000007FC2000-memory.dmp

Filesize
200KB

Download
memory/1476-512-0x0000000073A00000-0x00000000741B0000-memory.dmp

Filesize
7.7MB

Download
memory/1476-158-0x0000000007AD0000-0x0000000007ADE000-memory.dmp

Filesize
56KB

Download
memory/1476-154-0x0000000007C90000-0x0000000007CAC000-memory.dmp

Filesize
112KB

Download
memory/1476-150-0x0000000008150000-0x000000000824A000-memory.dmp

Filesize
1000KB

Download
memory/1476-142-0x0000000007CB0000-0x0000000007D42000-memory.dmp

Filesize
584KB

Download
memory/1476-137-0x0000000007A90000-0x0000000007AC4000-memory.dmp

Filesize
208KB

Download
memory/2324-310-0x0000000007C30000-0x0000000007C64000-memory.dmp

Filesize
208KB

Download
memory/2324-210-0x0000000077390000-0x00000000773A0000-memory.dmp

Filesize
64KB

Download
memory/2324-266-0x0000000003BB0000-0x0000000003BBE000-memory.dmp

Filesize
56KB

Download
memory/2324-212-0x0000000077252000-0x0000000077253000-memory.dmp

Filesize
4KB

Download
memory/2324-349-0x000000000BEC0000-0x000000000BEC8000-memory.dmp

Filesize
32KB

Download
memory/2324-322-0x0000000008080000-0x0000000008092000-memory.dmp

Filesize
72KB

Download
memory/2324-320-0x0000000007FF0000-0x0000000007FFE000-memory.dmp

Filesize
56KB

Download
memory/2324-318-0x0000000008000000-0x000000000801C000-memory.dmp

Filesize
112KB

Download
memory/2324-316-0x00000000080E0000-0x00000000081DA000-memory.dmp

Filesize
1000KB

Download
memory/2324-314-0x0000000007CF0000-0x0000000007D22000-memory.dmp

Filesize
200KB

Download
memory/2324-312-0x0000000007C70000-0x0000000007C92000-memory.dmp

Filesize
136KB

Download
memory/2324-303-0x00000000075B0000-0x000000000764E000-memory.dmp

Filesize
632KB

Download
memory/2324-209-0x0000000077390000-0x00000000773A0000-memory.dmp

Filesize
64KB

Download
memory/2324-289-0x0000000007320000-0x0000000007368000-memory.dmp

Filesize
288KB

Download
memory/2324-285-0x0000000006FB0000-0x0000000006FC6000-memory.dmp

Filesize
88KB

Download
memory/2324-208-0x0000000077390000-0x00000000773A0000-memory.dmp

Filesize
64KB

Download
memory/2324-297-0x00000000074A0000-0x000000000750A000-memory.dmp

Filesize
424KB

Download
memory/2324-272-0x0000000006150000-0x0000000006196000-memory.dmp

Filesize
280KB

Download
memory/2324-292-0x0000000007730000-0x00000000079F0000-memory.dmp

Filesize
2.8MB

Download
memory/2324-281-0x0000000006BD0000-0x0000000006C12000-memory.dmp

Filesize
264KB

Download
memory/3616-3-0x0000000077252000-0x0000000077253000-memory.dmp

Filesize
4KB

Download
memory/3616-1-0x00000000773C0000-0x00000000773D0000-memory.dmp

Filesize
64KB

Download
memory/3616-0-0x00000000773C0000-0x00000000773D0000-memory.dmp

Filesize
64KB

Download
memory/3616-2-0x00000000773C0000-0x00000000773D0000-memory.dmp

Filesize
64KB

Download
memory/5044-511-0x00000000773B0000-0x00000000773C0000-memory.dmp

Filesize
64KB

Download
memory/5044-510-0x00000000773B0000-0x00000000773C0000-memory.dmp

Filesize
64KB

Download
memory/5044-509-0x00000000773B0000-0x00000000773C0000-memory.dmp

Filesize
64KB

Download