hxxps://streamz[.]b-cdn[.]net/K2[.]zip

Analysis

max time kernel
134s
max time network
129s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
23-05-2024 00:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://streamz.b-cdn.net/K2.zip

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

lnstall.exe

pid process

4072 lnstall.exe

pid	process
4072	lnstall.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133608991652548094"	chrome.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Local Settings chrome.exe
NTFS ADS 1 IoCs

Processes:

chrome.exe

description ioc process

File opened for modification C:\Users\Admin\Downloads\K2.zip:Zone.Identifier chrome.exe
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

3876 chrome.exe
3876 chrome.exe
4640 chrome.exe
4640 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

Processes:

chrome.exe

pid process

3876 chrome.exe
3876 chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Local Settings	chrome.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\K2.zip:Zone.Identifier	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	3876	chrome.exe
Token: SeCreatePagefilePrivilege	3876	chrome.exe
Token: SeShutdownPrivilege	3876	chrome.exe
Token: SeCreatePagefilePrivilege	3876	chrome.exe
Token: SeShutdownPrivilege	3876	chrome.exe
Token: SeCreatePagefilePrivilege	3876	chrome.exe
Token: SeShutdownPrivilege	3876	chrome.exe
Token: SeCreatePagefilePrivilege	3876	chrome.exe
Token: SeShutdownPrivilege	3876	chrome.exe
Token: SeCreatePagefilePrivilege	3876	chrome.exe
Token: SeShutdownPrivilege	3876	chrome.exe
Token: SeCreatePagefilePrivilege	3876	chrome.exe
Token: SeShutdownPrivilege	3876	chrome.exe
Token: SeCreatePagefilePrivilege	3876	chrome.exe
Token: SeShutdownPrivilege	3876	chrome.exe
Token: SeCreatePagefilePrivilege	3876	chrome.exe
Token: SeShutdownPrivilege	3876	chrome.exe
Token: SeCreatePagefilePrivilege	3876	chrome.exe
Token: SeShutdownPrivilege	3876	chrome.exe
Token: SeCreatePagefilePrivilege	3876	chrome.exe
Token: SeShutdownPrivilege	3876	chrome.exe
Token: SeCreatePagefilePrivilege	3876	chrome.exe
Token: SeShutdownPrivilege	3876	chrome.exe
Token: SeCreatePagefilePrivilege	3876	chrome.exe
Token: SeShutdownPrivilege	3876	chrome.exe
Token: SeCreatePagefilePrivilege	3876	chrome.exe
Token: SeShutdownPrivilege	3876	chrome.exe
Token: SeCreatePagefilePrivilege	3876	chrome.exe
Token: SeShutdownPrivilege	3876	chrome.exe
Token: SeCreatePagefilePrivilege	3876	chrome.exe
Token: SeShutdownPrivilege	3876	chrome.exe
Token: SeCreatePagefilePrivilege	3876	chrome.exe
Token: SeShutdownPrivilege	3876	chrome.exe
Token: SeCreatePagefilePrivilege	3876	chrome.exe
Token: SeShutdownPrivilege	3876	chrome.exe
Token: SeCreatePagefilePrivilege	3876	chrome.exe
Token: SeShutdownPrivilege	3876	chrome.exe
Token: SeCreatePagefilePrivilege	3876	chrome.exe
Token: SeShutdownPrivilege	3876	chrome.exe
Token: SeCreatePagefilePrivilege	3876	chrome.exe
Token: SeShutdownPrivilege	3876	chrome.exe
Token: SeCreatePagefilePrivilege	3876	chrome.exe
Token: SeShutdownPrivilege	3876	chrome.exe
Token: SeCreatePagefilePrivilege	3876	chrome.exe
Token: SeShutdownPrivilege	3876	chrome.exe
Token: SeCreatePagefilePrivilege	3876	chrome.exe
Token: SeShutdownPrivilege	3876	chrome.exe
Token: SeCreatePagefilePrivilege	3876	chrome.exe
Token: SeShutdownPrivilege	3876	chrome.exe
Token: SeCreatePagefilePrivilege	3876	chrome.exe
Token: SeShutdownPrivilege	3876	chrome.exe
Token: SeCreatePagefilePrivilege	3876	chrome.exe
Token: SeShutdownPrivilege	3876	chrome.exe
Token: SeCreatePagefilePrivilege	3876	chrome.exe
Token: SeShutdownPrivilege	3876	chrome.exe
Token: SeCreatePagefilePrivilege	3876	chrome.exe
Token: SeShutdownPrivilege	3876	chrome.exe
Token: SeCreatePagefilePrivilege	3876	chrome.exe
Token: SeShutdownPrivilege	3876	chrome.exe
Token: SeCreatePagefilePrivilege	3876	chrome.exe
Token: SeShutdownPrivilege	3876	chrome.exe
Token: SeCreatePagefilePrivilege	3876	chrome.exe
Token: SeShutdownPrivilege	3876	chrome.exe
Token: SeCreatePagefilePrivilege	3876	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

Processes:

chrome.exe7zG.exe

pid	process
3876	chrome.exe
3876	chrome.exe
3876	chrome.exe
3876	chrome.exe
3876	chrome.exe
3876	chrome.exe
3876	chrome.exe
3876	chrome.exe
3876	chrome.exe
3876	chrome.exe
3876	chrome.exe
3876	chrome.exe
3876	chrome.exe
3876	chrome.exe
3876	chrome.exe
3876	chrome.exe
3876	chrome.exe
3876	chrome.exe
3876	chrome.exe
3876	chrome.exe
3876	chrome.exe
3876	chrome.exe
3876	chrome.exe
3876	chrome.exe
3876	chrome.exe
3876	chrome.exe
3876	chrome.exe
3876	chrome.exe
3876	chrome.exe
3876	chrome.exe
3876	chrome.exe
3876	chrome.exe
3876	chrome.exe
2060	7zG.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

chrome.exe

pid	process
3876	chrome.exe
3876	chrome.exe
3876	chrome.exe
3876	chrome.exe
3876	chrome.exe
3876	chrome.exe
3876	chrome.exe
3876	chrome.exe
3876	chrome.exe
3876	chrome.exe
3876	chrome.exe
3876	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3876 wrote to memory of 1904	3876	chrome.exe	chrome.exe
PID 3876 wrote to memory of 1904	3876	chrome.exe	chrome.exe
PID 3876 wrote to memory of 716	3876	chrome.exe	chrome.exe
PID 3876 wrote to memory of 716	3876	chrome.exe	chrome.exe
PID 3876 wrote to memory of 716	3876	chrome.exe	chrome.exe
PID 3876 wrote to memory of 716	3876	chrome.exe	chrome.exe
PID 3876 wrote to memory of 716	3876	chrome.exe	chrome.exe
PID 3876 wrote to memory of 716	3876	chrome.exe	chrome.exe
PID 3876 wrote to memory of 716	3876	chrome.exe	chrome.exe
PID 3876 wrote to memory of 716	3876	chrome.exe	chrome.exe
PID 3876 wrote to memory of 716	3876	chrome.exe	chrome.exe
PID 3876 wrote to memory of 716	3876	chrome.exe	chrome.exe
PID 3876 wrote to memory of 716	3876	chrome.exe	chrome.exe
PID 3876 wrote to memory of 716	3876	chrome.exe	chrome.exe
PID 3876 wrote to memory of 716	3876	chrome.exe	chrome.exe
PID 3876 wrote to memory of 716	3876	chrome.exe	chrome.exe
PID 3876 wrote to memory of 716	3876	chrome.exe	chrome.exe
PID 3876 wrote to memory of 716	3876	chrome.exe	chrome.exe
PID 3876 wrote to memory of 716	3876	chrome.exe	chrome.exe
PID 3876 wrote to memory of 716	3876	chrome.exe	chrome.exe
PID 3876 wrote to memory of 716	3876	chrome.exe	chrome.exe
PID 3876 wrote to memory of 716	3876	chrome.exe	chrome.exe
PID 3876 wrote to memory of 716	3876	chrome.exe	chrome.exe
PID 3876 wrote to memory of 716	3876	chrome.exe	chrome.exe
PID 3876 wrote to memory of 716	3876	chrome.exe	chrome.exe
PID 3876 wrote to memory of 716	3876	chrome.exe	chrome.exe
PID 3876 wrote to memory of 716	3876	chrome.exe	chrome.exe
PID 3876 wrote to memory of 716	3876	chrome.exe	chrome.exe
PID 3876 wrote to memory of 716	3876	chrome.exe	chrome.exe
PID 3876 wrote to memory of 716	3876	chrome.exe	chrome.exe
PID 3876 wrote to memory of 716	3876	chrome.exe	chrome.exe
PID 3876 wrote to memory of 716	3876	chrome.exe	chrome.exe
PID 3876 wrote to memory of 716	3876	chrome.exe	chrome.exe
PID 3876 wrote to memory of 908	3876	chrome.exe	chrome.exe
PID 3876 wrote to memory of 908	3876	chrome.exe	chrome.exe
PID 3876 wrote to memory of 3592	3876	chrome.exe	chrome.exe
PID 3876 wrote to memory of 3592	3876	chrome.exe	chrome.exe
PID 3876 wrote to memory of 3592	3876	chrome.exe	chrome.exe
PID 3876 wrote to memory of 3592	3876	chrome.exe	chrome.exe
PID 3876 wrote to memory of 3592	3876	chrome.exe	chrome.exe
PID 3876 wrote to memory of 3592	3876	chrome.exe	chrome.exe
PID 3876 wrote to memory of 3592	3876	chrome.exe	chrome.exe
PID 3876 wrote to memory of 3592	3876	chrome.exe	chrome.exe
PID 3876 wrote to memory of 3592	3876	chrome.exe	chrome.exe
PID 3876 wrote to memory of 3592	3876	chrome.exe	chrome.exe
PID 3876 wrote to memory of 3592	3876	chrome.exe	chrome.exe
PID 3876 wrote to memory of 3592	3876	chrome.exe	chrome.exe
PID 3876 wrote to memory of 3592	3876	chrome.exe	chrome.exe
PID 3876 wrote to memory of 3592	3876	chrome.exe	chrome.exe
PID 3876 wrote to memory of 3592	3876	chrome.exe	chrome.exe
PID 3876 wrote to memory of 3592	3876	chrome.exe	chrome.exe
PID 3876 wrote to memory of 3592	3876	chrome.exe	chrome.exe
PID 3876 wrote to memory of 3592	3876	chrome.exe	chrome.exe
PID 3876 wrote to memory of 3592	3876	chrome.exe	chrome.exe
PID 3876 wrote to memory of 3592	3876	chrome.exe	chrome.exe
PID 3876 wrote to memory of 3592	3876	chrome.exe	chrome.exe
PID 3876 wrote to memory of 3592	3876	chrome.exe	chrome.exe
PID 3876 wrote to memory of 3592	3876	chrome.exe	chrome.exe
PID 3876 wrote to memory of 3592	3876	chrome.exe	chrome.exe
PID 3876 wrote to memory of 3592	3876	chrome.exe	chrome.exe
PID 3876 wrote to memory of 3592	3876	chrome.exe	chrome.exe
PID 3876 wrote to memory of 3592	3876	chrome.exe	chrome.exe
PID 3876 wrote to memory of 3592	3876	chrome.exe	chrome.exe
PID 3876 wrote to memory of 3592	3876	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://streamz.b-cdn.net/K2.zip
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3876

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff98bd0ab58,0x7ff98bd0ab68,0x7ff98bd0ab78
2⤵
PID:1904

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1680 --field-trial-handle=1788,i,9864584554829073703,10332171110423654227,131072 /prefetch:2
2⤵
PID:716

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1788,i,9864584554829073703,10332171110423654227,131072 /prefetch:8
2⤵
PID:908

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2152 --field-trial-handle=1788,i,9864584554829073703,10332171110423654227,131072 /prefetch:8
2⤵
PID:3592

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3016 --field-trial-handle=1788,i,9864584554829073703,10332171110423654227,131072 /prefetch:1
2⤵
PID:4912

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3036 --field-trial-handle=1788,i,9864584554829073703,10332171110423654227,131072 /prefetch:1
2⤵
PID:5084

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4672 --field-trial-handle=1788,i,9864584554829073703,10332171110423654227,131072 /prefetch:8
2⤵
PID:2320

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4796 --field-trial-handle=1788,i,9864584554829073703,10332171110423654227,131072 /prefetch:8
2⤵
- NTFS ADS
PID:4304

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4876 --field-trial-handle=1788,i,9864584554829073703,10332171110423654227,131072 /prefetch:8
2⤵
PID:2060

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4024 --field-trial-handle=1788,i,9864584554829073703,10332171110423654227,131072 /prefetch:8
2⤵
PID:1528

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4036 --field-trial-handle=1788,i,9864584554829073703,10332171110423654227,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4640

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1432

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3680

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\K2\" -spe -an -ai#7zMap24023:66:7zEvent29293
1⤵
- Suspicious use of FindShellTrayWindow
PID:2060

C:\Users\Admin\Downloads\K2\lnstall.exe
"C:\Users\Admin\Downloads\K2\lnstall.exe"
1⤵
- Executes dropped EXE
PID:4072

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
1d85e530c6b523ff82ad8d41467b0a48

SHA1
ff590a70b1d0ce3a8f8e5193cacc8f1e2230b5de

SHA256
f55b819e32271730ac57569a11fdfa2bc8028b9a7306fbd109c3e6673bd73246

SHA512
9b29647123121c7e1f8ac08c94cde2cd072098a91e844d31025e98675b7188da4d89c39f4279722922ce6f426adbc8aaad04d6ba93b859ad814cdec644a871e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
41604caba1c5017973652944bca9b60c

SHA1
d19557760ca741bcb6ffa92f27389f060e941f55

SHA256
02ef4398e8b202f40dd569330197bf70bb14cb03a43da911b30d9d9956f2feff

SHA512
f09b614257895126e076c1c63a01ade0c317896ee3e16befac6bff468a24bf7212d38601b1e270c5acea841d33740e570ec561eaf9e17043fb29a590f34cbb2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
90ac8ca28be0642a0a21069bd5dce279

SHA1
db23190ae77ee8cf56c615fa6d4450c05fb948d7

SHA256
5f1132a759a076d7116193de018b6c6ca35371196adce8d6a0a3fab85f98d831

SHA512
e89f12831dae7b3ab69de06a4f18177d1cd4f2fb87959fe2f9ec89333b9544f1fa1f111a1af04f07c1deb77195b27d1fd0385fd5d17bb60f63e1d112dac756e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
94KB

MD5
d4a963764535d829298bfe61b9554b87

SHA1
7fd01fe6d03c96e9099f728740b84b21f10588c2

SHA256
27226a92fe295f5809607d3ffcdefcb14bf9c3b15e0534ed6f5fb96452147586

SHA512
3616772decc7f6c3ec2c0bb61423cd5f5edc98ca24c0504a7bbd5840c5e408862e97bd49d53670af012d1957f89511315a678921bd402295e1f910686109ca24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5902b5.TMP

Filesize
87KB

MD5
6e490b30076d33873d28ea26b98b3971

SHA1
ce3f006168c4d5fff8654460007dceff98835748

SHA256
2b7c01280324e5b2788b2cad82c33c35a0c71da926eff47e75c1c486cd6cba47

SHA512
7e518d040743549b459e898aa26e49bf42c158390d7a1d375c1eb4b2aec65a84e83e24f1af100d6350b6b1d9720b28407d47f0aad0008501948547bc7beb5ed5

Download Submit
C:\Users\Admin\Downloads\K2.zip.crdownload

Filesize
875KB

MD5
2190a3cd216ef98fa9816bf8a7c66787

SHA1
3b87f6cf85fc240c063909019e74fca9aa876b5e

SHA256
64c44396ea255d0b42efe7fc20f53124bd0fc35204b3f71f094150c44a247dc9

SHA512
d6b1a448c21870915306cb52be2edfe23619e6ec833aec6f4b3fac7c299921ead559eb1e4d7c23bebe7d7ca6a7d58bbd029a3eb679ef61e6a53720d12a7c4d78

Download Submit
C:\Users\Admin\Downloads\K2.zip:Zone.Identifier

Filesize
68B

MD5
ee70ad52813e418fb671743083d34d5b

SHA1
a8dd9699f3128ebe9223d2ed0d703f67ec18a6cd

SHA256
e16895d1628876c8f66e58dadd29b5f463dfe0fb7e25462c9c8edefad0f4e8f7

SHA512
410b592d4483c0e140e6bc9fc9f65e46657b00abd924129b8e26926a6149e8be95d3e8ad95855fd19fbc537f1cb48d123a68a64724ad9b40986cd739444eee28

Download Submit
C:\Users\Admin\Downloads\K2\lnstall.exe

Filesize
1.8MB

MD5
098ac4621ee0e855e0710710736c2955

SHA1
ce7b88657c3449d5d05591314aaa43bd3e32bdaa

SHA256
46afbf1cbd2e1b5e108c133d4079faddc7347231b0c48566fd967a3070745e7f

SHA512
3042785b81bd18b641f0a2b5d8aec8ef86f9bf1269421fb96d1db35a913e744eaff16d9da7a02c8001435d59befb9f26bc0bbfa6e794811abf4282ed68b185fe

Download Submit
\??\pipe\crashpad_3876_YRGCCVOBDDINHNSD

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit