Analysis Overview
Threat Level: Likely malicious
The file https://www.kaspersky.ru/downloads/free-virus-removal-tool was found to be: Likely malicious.
Malicious Activity Summary
Sets service image path in registry
Drops file in Drivers directory
Downloads MZ/PE file
Reads user/profile data of web browsers
Loads dropped DLL
Executes dropped EXE
Checks installed software on the system
Adds Run key to start application
Checks for any installed AV software in registry
Writes to the Master Boot Record (MBR)
Enumerates connected drives
Checks for VirtualBox DLLs, possible anti-VM trick
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Uses Volume Shadow Copy WMI provider
Suspicious use of WriteProcessMemory
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of SendNotifyMessage
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Enumerates system info in registry
NTFS ADS
Suspicious behavior: LoadsDriver
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-11 17:18
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-11 17:18
Reported
2024-06-11 17:24
Platform
win11-20240426-en
Max time kernel
340s
Max time network
338s
Command Line
Signatures
Downloads MZ/PE file
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\Drivers\8789c6ed.sys | C:\Users\Admin\AppData\Local\Temp\{1493dd12-d486-4ba5-82c8-80a1195a365c}\49e70d0f.exe | N/A |
| File created | C:\Windows\System32\Drivers\klupd_8789c6eda_arkmon.sys | C:\Users\Admin\AppData\Local\Temp\{1493dd12-d486-4ba5-82c8-80a1195a365c}\49e70d0f.exe | N/A |
Sets service image path in registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\8789c6ed\ImagePath = "System32\\Drivers\\8789c6ed.sys" | C:\Users\Admin\AppData\Local\Temp\{1493dd12-d486-4ba5-82c8-80a1195a365c}\49e70d0f.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\klupd_8789c6eda_arkmon\ImagePath = "System32\\Drivers\\klupd_8789c6eda_arkmon.sys" | C:\Users\Admin\AppData\Local\Temp\{1493dd12-d486-4ba5-82c8-80a1195a365c}\49e70d0f.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\klupd_8789c6eda_klbg\ImagePath = "System32\\Drivers\\klupd_8789c6eda_klbg.sys" | C:\Users\Admin\AppData\Local\Temp\{1493dd12-d486-4ba5-82c8-80a1195a365c}\49e70d0f.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\klupd_8789c6eda_klark\ImagePath = "System32\\Drivers\\klupd_8789c6eda_klark.sys" | C:\Users\Admin\AppData\Local\Temp\{1493dd12-d486-4ba5-82c8-80a1195a365c}\49e70d0f.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\klupd_8789c6eda_mark\ImagePath = "System32\\Drivers\\klupd_8789c6eda_mark.sys" | C:\Users\Admin\AppData\Local\Temp\{1493dd12-d486-4ba5-82c8-80a1195a365c}\49e70d0f.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\klupd_8789c6eda_arkmon_FD710C43\ImagePath = "\\??\\C:\\KVRT2020_Data\\Temp\\FD710C439F89CA6B7D8CAF3EE6F307D0\\klupd_8789c6eda_arkmon.sys" | C:\Users\Admin\AppData\Local\Temp\{1493dd12-d486-4ba5-82c8-80a1195a365c}\49e70d0f.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\KVRT.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\{1493dd12-d486-4ba5-82c8-80a1195a365c}\49e70d0f.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\994d5369-33b7-4a78-9fc7-d8cd79eac999 = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\{7ad03a33-0598-4978-a936-424b3ba91949}\\994d5369-33b7-4a78-9fc7-d8cd79eac999.cmd\"" | C:\Users\Admin\AppData\Local\Temp\{1493dd12-d486-4ba5-82c8-80a1195a365c}\49e70d0f.exe | N/A |
Checks for any installed AV software in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000\SOFTWARE\KasperskyLab | C:\Users\Admin\AppData\Local\Temp\{1493dd12-d486-4ba5-82c8-80a1195a365c}\49e70d0f.exe | N/A |
Checks installed software on the system
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\F: | C:\Users\Admin\AppData\Local\Temp\{1493dd12-d486-4ba5-82c8-80a1195a365c}\49e70d0f.exe | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\{1493dd12-d486-4ba5-82c8-80a1195a365c}\49e70d0f.exe | N/A |
Checks for VirtualBox DLLs, possible anti-VM trick
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\VBoxMiniRdrDN | C:\Users\Admin\Downloads\KVRT.exe | N/A |
| File opened (read-only) | \??\VBoxMiniRdrDN | C:\Users\Admin\AppData\Local\Temp\{1493dd12-d486-4ba5-82c8-80a1195a365c}\49e70d0f.exe | N/A |
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1696768468-2170909707-4198977321-1000\{34FC5F68-752E-4EB3-A221-EAA6BBEC1F16} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 262207.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\KVRT.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\{1493dd12-d486-4ba5-82c8-80a1195a365c}\49e70d0f.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\{1493dd12-d486-4ba5-82c8-80a1195a365c}\49e70d0f.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\{1493dd12-d486-4ba5-82c8-80a1195a365c}\49e70d0f.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\{1493dd12-d486-4ba5-82c8-80a1195a365c}\49e70d0f.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\{1493dd12-d486-4ba5-82c8-80a1195a365c}\49e70d0f.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\{1493dd12-d486-4ba5-82c8-80a1195a365c}\49e70d0f.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\KVRT.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\{1493dd12-d486-4ba5-82c8-80a1195a365c}\49e70d0f.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\{1493dd12-d486-4ba5-82c8-80a1195a365c}\49e70d0f.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy WMI provider
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.kaspersky.ru/downloads/free-virus-removal-tool
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe9e363cb8,0x7ffe9e363cc8,0x7ffe9e363cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,3597482355945467014,14304233838829123549,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,3597482355945467014,14304233838829123549,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,3597482355945467014,14304233838829123549,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3597482355945467014,14304233838829123549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2660 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3597482355945467014,14304233838829123549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3597482355945467014,14304233838829123549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3597482355945467014,14304233838829123549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3597482355945467014,14304233838829123549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1908,3597482355945467014,14304233838829123549,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4000 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1908,3597482355945467014,14304233838829123549,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5668 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,3597482355945467014,14304233838829123549,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6008 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,3597482355945467014,14304233838829123549,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6248 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3597482355945467014,14304233838829123549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3597482355945467014,14304233838829123549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3597482355945467014,14304233838829123549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1908,3597482355945467014,14304233838829123549,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6668 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3597482355945467014,14304233838829123549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6704 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3597482355945467014,14304233838829123549,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3597482355945467014,14304233838829123549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6156 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3597482355945467014,14304233838829123549,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7052 /prefetch:1
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3597482355945467014,14304233838829123549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1908,3597482355945467014,14304233838829123549,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7252 /prefetch:8
C:\Users\Admin\Downloads\KVRT.exe
"C:\Users\Admin\Downloads\KVRT.exe"
C:\Users\Admin\AppData\Local\Temp\{1493dd12-d486-4ba5-82c8-80a1195a365c}\49e70d0f.exe
C:/Users/Admin/AppData/Local/Temp/{1493dd12-d486-4ba5-82c8-80a1195a365c}/\49e70d0f.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,3597482355945467014,14304233838829123549,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6272 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.kaspersky.ru | udp |
| DE | 185.85.15.46:443 | content.kaspersky-labs.com | tcp |
| US | 216.239.32.21:443 | sgtm.kaspersky.ru | tcp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | tcp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | udp |
| US | 8.8.8.8:53 | 216.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.102.96.34.in-addr.arpa | udp |
| DE | 185.85.15.23:443 | media.kaspersky.com | tcp |
| DE | 185.85.15.46:443 | www.kaspersky.ru | tcp |
| DE | 185.85.15.46:443 | www.kaspersky.ru | tcp |
| DE | 185.85.15.46:443 | www.kaspersky.ru | tcp |
| DE | 185.85.15.46:443 | www.kaspersky.ru | tcp |
| IE | 108.128.197.68:443 | kaspersky.demdex.net | tcp |
| DE | 185.85.15.46:443 | www.kaspersky.ru | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | top-fwz1.mail.ru | udp |
| RU | 93.158.134.119:443 | mc.yandex.ru | tcp |
| RU | 95.163.52.67:443 | top-fwz1.mail.ru | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| IE | 54.216.11.44:443 | resources.xg4ken.com | tcp |
| DE | 18.66.102.5:443 | js.go2sdk.com | tcp |
| RU | 87.240.129.133:443 | vk.com | tcp |
| US | 104.26.4.117:443 | push4site.com | tcp |
| BE | 2.17.107.235:80 | apps.identrust.com | tcp |
| RU | 217.66.147.41:443 | sm.rtb.mts.ru | tcp |
| DE | 185.85.15.46:443 | www.kaspersky.ru | tcp |
| US | 2.17.251.25:443 | snap.licdn.com | tcp |
| US | 104.18.25.13:443 | cdn.gbqofs.com | tcp |
| US | 104.18.25.13:443 | cdn.gbqofs.com | tcp |
| RU | 31.184.219.58:443 | gdeslon.ru | tcp |
| IE | 66.235.152.156:443 | kaspersky.d3.sc.omtrdc.net | tcp |
| FR | 91.216.195.7:443 | kaspersky1.solution.weborama.fr | tcp |
| NL | 95.211.33.59:443 | p.cityadstrack.com | tcp |
| US | 216.239.38.21:443 | sgtm.kaspersky.ru | tcp |
| IE | 54.228.184.13:443 | cm.everesttech.net | tcp |
| RU | 95.163.52.89:443 | privacy-cs.mail.ru | tcp |
| US | 216.239.38.21:443 | sgtm.kaspersky.ru | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 216.58.204.70:443 | 12346775.fls.doubleclick.net | tcp |
| GB | 216.58.204.70:443 | 12346775.fls.doubleclick.net | tcp |
| US | 104.18.25.13:443 | cdn.gbqofs.com | tcp |
| US | 13.107.42.14:443 | px.ads.linkedin.com | tcp |
| US | 152.199.22.228:443 | cstatic.weborama.fr | tcp |
| GB | 216.58.204.70:443 | 12346775.fls.doubleclick.net | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 235.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.147.66.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.25.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.219.184.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.195.216.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.33.211.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.152.235.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.184.228.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.38.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.38.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.52.163.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.42.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.22.199.152.in-addr.arpa | udp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| IE | 52.16.232.118:443 | c1001.report.gbss.io | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 74.125.250.129:19302 | stun4.l.google.com | udp |
| US | 74.125.250.129:19302 | stun4.l.google.com | udp |
| US | 74.125.250.129:19302 | stun4.l.google.com | udp |
| US | 172.67.71.105:443 | push4site.com | tcp |
| IE | 52.49.44.181:443 | 5015.xg4ken.com | tcp |
| IE | 52.18.149.137:443 | 5015.xg4ken.com | tcp |
| RU | 51.250.33.234:443 | wcm-ru.frontend.weborama.fr | tcp |
| FR | 80.231.123.135:443 | devbuilds.s.kaspersky-labs.com | tcp |
| FR | 80.231.123.135:443 | devbuilds.s.kaspersky-labs.com | tcp |
| US | 8.8.8.8:53 | touch.kaspersky.com | udp |
| US | 8.8.8.8:53 | touch.kaspersky.com | udp |
| DE | 81.19.104.200:80 | touch.kaspersky.com | tcp |
| DE | 130.117.190.228:443 | ds.kaspersky.com | tcp |
| US | 8.8.8.8:53 | click.kaspersky.com | udp |
| US | 8.8.8.8:53 | click.kaspersky.com | udp |
| DE | 80.239.169.154:80 | click.kaspersky.com | tcp |
| FR | 80.231.123.135:80 | devbuilds.s.kaspersky-labs.com | tcp |
| US | 8.8.8.8:53 | dc1-file.ksn.kaspersky-labs.com | udp |
| US | 8.8.8.8:53 | dc1-file.ksn.kaspersky-labs.com | udp |
| DE | 130.117.190.132:443 | dc1-file.ksn.kaspersky-labs.com | tcp |
| N/A | 127.0.0.1:50347 | tcp | |
| N/A | 127.0.0.1:50350 | tcp | |
| N/A | 127.0.0.1:50354 | tcp | |
| DE | 80.239.169.154:443 | click.kaspersky.com | tcp |
| DE | 195.27.253.3:443 | devbuilds.s.kaspersky-labs.com | tcp |
| DE | 81.19.104.212:443 | dc1-st.ksn.kaspersky-labs.com | tcp |
| N/A | 127.0.0.1:50597 | tcp | |
| N/A | 127.0.0.1:50610 | tcp | |
| N/A | 127.0.0.1:50613 | tcp | |
| N/A | 127.0.0.1:50620 | tcp | |
| CH | 82.202.184.185:443 | dc1.ksn.kaspersky-labs.com | tcp |
| N/A | 127.0.0.1:50625 | tcp | |
| DE | 130.117.190.213:443 | dc1-file.ksn.kaspersky-labs.com | tcp |
| N/A | 127.0.0.1:50657 | tcp | |
| CH | 82.202.184.190:443 | dc1-pp.ksn.kaspersky-labs.com | tcp |
| N/A | 127.0.0.1:50674 | tcp | |
| SE | 23.34.233.128:80 | www.microsoft.com | tcp |
| RU | 95.163.52.67:443 | top-fwz1.mail.ru | tcp |
| US | 13.107.42.14:443 | px.ads.linkedin.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| DE | 185.85.15.46:443 | www.kaspersky.ru | tcp |
| IE | 54.74.152.102:443 | c1001.report.gbss.io | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8ff8bdd04a2da5ef5d4b6a687da23156 |
| SHA1 | 247873c114f3cc780c3adb0f844fc0bb2b440b6d |
| SHA256 | 09b7b20bfec9608a6d737ef3fa03f95dcbeaca0f25953503a321acac82a5e5ae |
| SHA512 | 5633ad84b5a003cd151c4c24b67c1e5de965fdb206b433ca759d9c62a4785383507cbd5aca92089f6e0a50a518c6014bf09a0972b4311464aa6a26f76648345e |
\??\pipe\LOCAL\crashpad_4128_YHCJOGSMQPUSOGKT
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 1e4ed4a50489e7fc6c3ce17686a7cd94 |
| SHA1 | eac4e98e46efc880605a23a632e68e2c778613e7 |
| SHA256 | fc9e8224722cb738d8b32420c05006de87161e1d28bc729b451759096f436c1a |
| SHA512 | 5c4e637ac4da37ba133cb1fba8fa2ff3e24fc4ca15433a94868f2b6e0259705634072e5563da5f7cf1fd783fa8fa0c584c00f319f486565315e87cdea8ed1c28 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 19cabdcdbe67dd0d82a609caf07c5f0d |
| SHA1 | 995d43ebe8c315e6c07f83ca931ebab705494e40 |
| SHA256 | 318f402cd5eda9110fa8f4c7250bb0dbddb576b486612d44dc576e642e6f2cf3 |
| SHA512 | 3c2d63b4b88e2276e74db4ed2fa97b17e6a22c8aa69df40c30b9087d0aac08d5361798f28d7d9f15f1cf7f1b78c5748d39e32a4e459596529507d8cf21ec5d93 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1004e46a491a46f4035bf306cd77dfc4 |
| SHA1 | 1112008d3aa85c1659df13615cb52807adc0c861 |
| SHA256 | 8f7fafdb61be324b0f3e33113474621674541c48adf29bb8c3e7a7afbb750a14 |
| SHA512 | 0d2adbae9acecdca95641ba7b5ba177e414272c770b9a45f6cc4019f0a6de5863af1e9acf38fbe9db5fdf59c1182844ecc2015aa680796a919d67e404953d7ee |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b6bc0b0eec3145223ef9a2bbcc1241fa |
| SHA1 | 82bdd5225d79d2c5f7a60cc62b3847f1aff7840a |
| SHA256 | 9d4cdf04e64b1fc15306d168ee1a14378ecd491548d7d563c78b504c2a422c7a |
| SHA512 | ebeb97f6de092bb1720a6fd3f3285a1a623c27eb3916dffae740ab2e5df04e13a54cb891c46af501b497f14bc6b37cd92c5afece3b7c9277e959d7f887677a73 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f4562d8dffb2afa76eb5f375fc7ad1ad |
| SHA1 | f912823234ce2413f9150a8c17cdd133fa89fa29 |
| SHA256 | ae7898a1faf5ad653b8e2998ddc86f400d9acbd95c14197dc1f12b3e6f1075e3 |
| SHA512 | 73cf69eda53b814124587006b5676653f70f12ce983f6c8e2d6f9804935940d344527fd5f33d0c045c809ecb3a1df55836ef25eb90cc1e2f718077abea5213c8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a9dc.TMP
| MD5 | 949309f75632c5296db1862ff7c283d5 |
| SHA1 | 3553e749ea105718dfae2e10f2d5cbb05d12f65d |
| SHA256 | 49184908db44737d1a6f3544a830ea23e9f468abd3e4cf086586b10e734c3f0a |
| SHA512 | d744b6e162512d2695c1df9184ee4caae65522084c8d92c27cfe74e012fb1ec402f2e13763c10a5c5d79519c0f85c09cd40486f30adcbd88f20008978d6a01be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | fd0528726a4a3da0723155c5228b4997 |
| SHA1 | d9ea0907f693265666f6a81b28633b0d9fe678be |
| SHA256 | 485c5a648b9dce46190f3bb5affb73cd55a15a6fd2a10c3a7024c6aab4bc62bc |
| SHA512 | 76133d3e4e8025c1eeb88b5cca942c659cb61cfc4ad980176cd42aa5f7de83b1694ced2c4199a5a36764611b0ddf660c79af2702bf5edb35be0114ae06f3c179 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 33515eaf2559b3d01aacd2a5e64c363c |
| SHA1 | ded68e66206678dd8e59cfea40aae0cb31cda13d |
| SHA256 | 81cefae007abda220a93cb765c2dd3dc1b8b2f6acb1a151e87bbe25cdb69fef4 |
| SHA512 | 8eb5230ff562bee50413fbdfbb7abb509144e9da66b4d967a776a975d70531e4310682a7a7ce2c1b58dd40a461e46c89a09efd61fbe4c964d79f6cea4eaa8735 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 9a0fa4b2c49e2d5a06c327754b21fcec |
| SHA1 | 7279eca262dd4154bc5c7314137b3bc0c07efbb1 |
| SHA256 | e79167d26c2465224ec8bc83f1dcfbb74be6c7a823acf469520a50641ea34e78 |
| SHA512 | 1be7cab4dad10312244afccb8cef39d692f512fa2b9188b9a7d87f074ec0045a4852050470dbe651e173261baea76356dc0620e15cdc8b3244543ce0968ea42e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | eb788f66cbf01e2f0acf3e6a03db017f |
| SHA1 | 267eff9e061dd44084354757d31c8558a7390c56 |
| SHA256 | f3f12289b67ab03c44ab054eec6169275f893406c9a0d300ce4e584e97fe784a |
| SHA512 | e773346c278386200ebc491b40f7f6a167df2f37c6cbc00b7a684ef0e4a59c7922e6206655ceb9f82667ff99a3f8767c78d6b2f9ae515252a788814eff27c31d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ea9f2dd406be34cafd1b539c69e4a1f4 |
| SHA1 | 7b96b4ab2783a8fd8924ccbfedd445fb1e2afd0b |
| SHA256 | 0563c9165bf944b289f62a20e37a0d6b026a94734cb318befbca2bbb7eb6d2b6 |
| SHA512 | 663c63d06990995c6d003df022c6699fee56f8538ba634e8ce3f04497c334fd7487af4a29dce0351bb5d150993154d5e50e3ecae9ba80fd23bb5a1412e8b7f8d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 2fed5d0d99d4c05825e3cb04d1048ef8 |
| SHA1 | 6e598665146f155aa5abce800aa6ce253cc13483 |
| SHA256 | 57e5ce686cb9cb97d95335aec260f020ab9e0bffaea376cea37278f910195d10 |
| SHA512 | c3d5d0f1ab8da1b59bcbcfbab91688f857b9a5342dcc51ed8d23ffd3b98c0f37746aba84faf550eac66040e7b1c512e82485a2287d14736770ba799c01f5c73b |
C:\Users\Admin\Downloads\KVRT.exe:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c81b777275bd6d1028e24cda057fb523 |
| SHA1 | 01abc609cf69d6b42467363c194e0d5aae33afb2 |
| SHA256 | db48723d5c565c8383958138a2ffaf13a04c5da34e2a31eadd2c90706b08bf16 |
| SHA512 | 7e12524602133f22e53786fe0dd5f29eaa10c5c2629f6e2810b6e1b74f6e15827116647bb821e256ed328f1e6e86910f76c1dd0ba0174a6b0202b1042514ddd7 |
C:\Users\Admin\AppData\Local\Temp\{1493dd12-d486-4ba5-82c8-80a1195a365c}\KVRT.exe
| MD5 | 37226eb4f1c7a0b79275c1401f83cc6d |
| SHA1 | 71ed962d1e0d212869d92c23d6e20a4e1e7ad430 |
| SHA256 | be00dba953a6f26990e020bdc4e3f13e5799a3ff60384768ee6c1af37c656a4d |
| SHA512 | afea618c795406a49d159e1359e76168dc6b6dee07234666d21ee21bb5011fe9af57a3425e76126f2595e3d180cf2121db5d02258d7aca77b3c4d8621a8aa15d |
C:\Users\Admin\AppData\Local\Temp\{1493dd12-d486-4ba5-82c8-80a1195a365c}\dumpwriter.dll
| MD5 | f56387639f201429fb31796b03251a92 |
| SHA1 | 23df943598a5e92615c42fc82e66387a73b960ff |
| SHA256 | e7eefcf569d98a5fb14a459d949756dc00faf32ed6bda1233d9d2c79ca11531c |
| SHA512 | 7bfce579b601408262c0edd342cb2cb1ef1353b6b73dce5aad540eb77f56d1184f71c56ea859bc4373aac4875b8861e2cc5d9c49518e6c40d0b2350a7ab26c0e |
C:\Users\Admin\AppData\Local\Temp\{1493dd12-d486-4ba5-82c8-80a1195a365c}\KvrtGui.dll
| MD5 | 38717f028f7df6e29996dabe26375956 |
| SHA1 | 328c0ed49e079999ad0cc7c1315375b77531c8c9 |
| SHA256 | 9db65ebeaf888b6cc99c06d0f063e48932feb27f25b5350d9d870e9ce40d1e10 |
| SHA512 | 4c6de66d71527c1c0e8d666e85dde671ca6b2705e5e4584487be265f25c6369f5512c0601d251192c56ad44bec538161bded7fcfcd3a578cddf76d7617af237d |
C:\Users\Admin\AppData\Local\Temp\{1493dd12-d486-4ba5-82c8-80a1195a365c}\dbghelp.dll
| MD5 | 4003e34416ebd25e4c115d49dc15e1a7 |
| SHA1 | faf95ec65cde5bd833ce610bb8523363310ec4ad |
| SHA256 | c06430b8cb025be506be50a756488e1bcc3827c4f45158d93e4e3eeb98ce1e4f |
| SHA512 | 88f5d417377cd62bde417640a79b6ac493e80f0c8b1f63a99378a2a67695ef8e4a541cedb91acfa296ed608e821fee466983806f0d082ed2e74b0cd93eb4fb84 |
C:\Users\Admin\AppData\Local\Temp\{1493dd12-d486-4ba5-82c8-80a1195a365c}\Qt5Core.dll
| MD5 | 02b21d6184ec835fba23088e7c7368e4 |
| SHA1 | 2386e5cd242ad6abfadecc2d8ba416125f0bde56 |
| SHA256 | 5967b2240167500cfbb602408833776fb9be95ee404ad2bbdbdde18c752aaefe |
| SHA512 | e8b15e68c61f1a0f78fa4f4821a636e07ab3a87699fc45ace096d080d7bda62534af7acf93b9a32d730b0403b52dc1eac8df9175ae02d5f6f829c7849e340eb9 |
C:\Users\Admin\AppData\Local\Temp\{1493dd12-d486-4ba5-82c8-80a1195a365c}\Qt5Widgets.dll
| MD5 | 8751f0205fc7a87b46afae8ceda42d90 |
| SHA1 | d7e41a64c09f580d9e63ff5ffc8ac37d1f7da4c1 |
| SHA256 | 7273600d11889adba9287e6d5a3b684a9d902d1b4db8cedec21562fa00c436cd |
| SHA512 | 18466c4c4b6dd07445862d8e6a84825b8b0edeaa95dc8fe58741527d5dd20cbfc7672825108acec69bae506b41fb01fc6413401759db3d8265503fea88ed9bba |
C:\Users\Admin\AppData\Local\Temp\{1493dd12-d486-4ba5-82c8-80a1195a365c}\vcruntime140.dll
| MD5 | a37ee36b536409056a86f50e67777dd7 |
| SHA1 | 1cafa159292aa736fc595fc04e16325b27cd6750 |
| SHA256 | 8934aaeb65b6e6d253dfe72dea5d65856bd871e989d5d3a2a35edfe867bb4825 |
| SHA512 | 3a7c260646315cf8c01f44b2ec60974017496bd0d80dd055c7e43b707cadba2d63aab5e0efd435670aa77886ed86368390d42c4017fc433c3c4b9d1c47d0f356 |
C:\Users\Admin\AppData\Local\Temp\{1493dd12-d486-4ba5-82c8-80a1195a365c}\msvcp140.dll
| MD5 | 5ff1fca37c466d6723ec67be93b51442 |
| SHA1 | 34cc4e158092083b13d67d6d2bc9e57b798a303b |
| SHA256 | 5136a49a682ac8d7f1ce71b211de8688fce42ed57210af087a8e2dbc8a934062 |
| SHA512 | 4802ef62630c521d83a1d333969593fb00c9b38f82b4d07f70fbd21f495fea9b3f67676064573d2c71c42bc6f701992989742213501b16087bb6110e337c7546 |
C:\Users\Admin\AppData\Local\Temp\{1493dd12-d486-4ba5-82c8-80a1195a365c}\Qt5Gui.dll
| MD5 | 8fd0c7b86b4988b234614944edb565a7 |
| SHA1 | 120015375d66f6e3f1c889cbada3efc4f8ff7f5b |
| SHA256 | 449a105683a27ebce39f2a7a0fb413cbe2eb2df8c2c8f51870a40e9eb9708a7a |
| SHA512 | 3e92401ee9ed0dd51fe95f963378caa73fe07bae0186406b9689519d6b75926b5027339ea52c8643c92c21b621ddc05056a1338f0114a6902c2897406cf371f7 |
C:\Users\Admin\AppData\Local\Temp\{1493dd12-d486-4ba5-82c8-80a1195a365c}\plugins\platforms\qwindows.dll
| MD5 | 869b64be13907d16f8108d4e46eb1ae4 |
| SHA1 | abf528676719f69a4d2f85147dc683d1c9bb606a |
| SHA256 | 93debc8c092905993932b16f165e0b959639920d0af6156a64b9c947784fbe73 |
| SHA512 | cbd294354d5f84103b7c2f31cca6ee7f390c7852266478fb790cdd2448b1a563ddc6fcf7e351b4b28c3f5e23a52a442064ed75409f076752d0d94f133c9d7e96 |
C:\Users\Admin\AppData\Local\Temp\{1493dd12-d486-4ba5-82c8-80a1195a365c}\plugins\imageformats\qgif.dll
| MD5 | 213734f42848f6cfb91b5d0f80a352dc |
| SHA1 | 72060bb18421eba12591e923929bc70b200b26fa |
| SHA256 | ed3a7867931a8c05d267a62522223ca78bd435d45af6dfde116e7eb72c2fde7c |
| SHA512 | 913afbd6e950f61d038f81ff7f0f08986469ee11cd7202cc0598d9caa7a4200e9e8e5e23f0c5062e01a6ef908e92a52f35dcf60f1af77a075200e8db466df807 |
C:\Users\Admin\AppData\Local\Temp\{1493dd12-d486-4ba5-82c8-80a1195a365c}\plugins\imageformats\qicns.dll
| MD5 | 4d1fcfe0e08da0bfd61ad27863f05a8f |
| SHA1 | 51a9c2d12181b66f3f9fd9137a699a715df8d2fd |
| SHA256 | b95d07323612b27e04a716a3894e46a723a457e8c0be37ee838573eaee1624ab |
| SHA512 | 2251f8c7bdfa0ad6cda6d619f6df1cef76e8f317119ec4b495d0d98351e77e5f7c678f49f9c8c6eefadfee175304d00757689ff35f8c77693b2ea3435dac2aa9 |
C:\Users\Admin\AppData\Local\Temp\{1493dd12-d486-4ba5-82c8-80a1195a365c}\plugins\imageformats\qico.dll
| MD5 | f463183ff33be64d8a61fc5d61b16064 |
| SHA1 | 5a2d6a62d293e8335d787c1e4681cca7e953b20a |
| SHA256 | e4773864ec821c90ff7b2b6a081c4abd7b9fb10829b7e067521b0b18d4e75422 |
| SHA512 | 6576842034440b4329a6cc99e419913316e2bb869e20053238add0adf23eb9e35e32ec758c93dddc8162c64049690db177791c11ed7fbdd2ef4780c6be0dbf2c |
C:\Users\Admin\AppData\Local\Temp\{1493dd12-d486-4ba5-82c8-80a1195a365c}\plugins\imageformats\qjpeg.dll
| MD5 | 03e1249b16b47fd240283f44636f6087 |
| SHA1 | e0a02adeee91ff330891ed93428956f1fb90ef44 |
| SHA256 | f1b0528f0b43b798b78580363f19bb75e68347755ef84bbf313cbb1c9fa649b2 |
| SHA512 | 287a13ebcddb151cd37ec60b47c6f674730d1886ee53d4a864e62d23aca084d9b3a4e0b8eefc07b8e1aee2e40a6b7327602aa547f1afc63dc4b254abe14749f1 |
C:\Users\Admin\AppData\Local\Temp\{1493dd12-d486-4ba5-82c8-80a1195a365c}\plugins\imageformats\qtga.dll
| MD5 | 82a65b1ce5a7041da64290b66a6a1c8c |
| SHA1 | 577e7174b02182ada17328cbac3ac1d3605fc023 |
| SHA256 | 6da0850ed1f6d93e1d99cecc31153e8993b7b20d68308c248c71e9af4c061336 |
| SHA512 | bbc0fd32e8bdcac4d7f5fac77d9a4386be671b9d6c18d14ac6807e521a0f5192af91e106e0a3258653afbba625c09f79542f1fd7a1eaf97d9b5b98cbd2bb1084 |
C:\Users\Admin\AppData\Local\Temp\{1493dd12-d486-4ba5-82c8-80a1195a365c}\plugins\imageformats\qwebp.dll
| MD5 | a23c6a3494e296a521a08dd2d676eb3c |
| SHA1 | 260ccb3b2f454bda853d003e3b71fb0789858873 |
| SHA256 | e58be278a435f44bf10e13d81fba5349d0f5ea224701c91f992276bcea173856 |
| SHA512 | a99eea4b72d20e34c37e0c7971f6e467b2421ff99f059c46f76d961093eea27d031edbd907ed2a99bc9ddaea9ec5b0980871b4a018284c3c324e59c00491b11f |
C:\Users\Admin\AppData\Local\Temp\{1493dd12-d486-4ba5-82c8-80a1195a365c}\plugins\imageformats\qwbmp.dll
| MD5 | 43bc7f0b0b91676368db78d61e83edd3 |
| SHA1 | 628228c8c477f2e6e8d6f2f9dd8cc72b894d5fe6 |
| SHA256 | fe95bdae47201a7788c2cb18042c7eafa0041fb6ce6b2ea7e7d5ffd656086583 |
| SHA512 | 11e847fe59e28bdbf7448846b88578f5b0a1d6b1d7c11a80271d833ad540991d83cc1b89c2b5bfaf9b5dfa68dae538233575fac3b6f1cd5f09398b400b421872 |
C:\Users\Admin\AppData\Local\Temp\{1493dd12-d486-4ba5-82c8-80a1195a365c}\plugins\imageformats\qtiff.dll
| MD5 | 058a1449a4656fe891bc589ea61434b1 |
| SHA1 | 8803afd1bb77e4804925610e6a94361a1e26c4d5 |
| SHA256 | fc271f33b879c7966564d04f698b7fd77d806e61107574d1240502e7c7666f26 |
| SHA512 | 91f43f8062095044ba41fea9fd4df490711f131437ee90a0354a629a7677c9c7fce84b1c1165e07a2b8c4e58beb1d66d953c1034923c986a2288553221761ca9 |
C:\Users\Admin\AppData\Local\Temp\{1493dd12-d486-4ba5-82c8-80a1195a365c}\klmd.sys
| MD5 | 990442d764ff1262c0b7be1e3088b6d3 |
| SHA1 | 0b161374074ef2acc101ed23204da00a0acaa86e |
| SHA256 | 6c7ccd465090354438b39da8430a5c47e7f24768a5b12ee02fecf8763e77c9e4 |
| SHA512 | af3c6dfe32266a9d546f13559dcba7c075d074bdfdaf0e6bf2a8cae787008afa579f0d5f90e0c657dd614bb244a6d95ff8366c14b388e1f4a3ab76cccb23add4 |
C:\Users\Admin\AppData\Local\Temp\{1493dd12-d486-4ba5-82c8-80a1195a365c}\Bases\arkmon64.drv
| MD5 | fd710c439f89ca6b7d8caf3ee6f307d0 |
| SHA1 | 5273c87564d9fcbf99b846195ea8bd3102d65a76 |
| SHA256 | ca317c531bdd3a23d401a242a904e8eb81401c79073eee470b6e1078f3645faa |
| SHA512 | 3df58ac276362fb7d7999bc8e902f22e9ee1501ee2e4f653e58595d411752e18bf7ee0cbc95766ecb8da34a5ebd3a11fd5bbf5450b1c01fd3ed8ee0e22183b09 |
C:\Users\Admin\AppData\Local\Temp\{1493dd12-d486-4ba5-82c8-80a1195a365c}\Bases\Cache\sys_critical_obj.dll.802c20a8239d0082e57135d00bb9b003_0
| MD5 | 802c20a8239d0082e57135d00bb9b003 |
| SHA1 | 9721cf68faf500fac464283cfa86e7b3306b509e |
| SHA256 | d66ffdecef0c81c7cbdb2408b65084d0ed78e04e69ae862fab7990fc2f834c75 |
| SHA512 | b1fcde7e942aceaad1bf84655c3633e47d22cc515db2a61ba4d80f8aff2240257095c08af766440cebaa2cadfde3762de313e8e33421b31d9c3eb9e94029db46 |
C:\Users\Admin\AppData\Local\Temp\{1493dd12-d486-4ba5-82c8-80a1195a365c}\Bases\Cache\avengine.dll.52c5f0ba7444d13378e2102a58232671_0
| MD5 | 52c5f0ba7444d13378e2102a58232671 |
| SHA1 | f484829da9c5e3a44cc5e0ffcc7d7550f6549dba |
| SHA256 | de3b4f0d7a3d26785943a777166ef7f9ffa866ecc6f4170b6970af4e296671e7 |
| SHA512 | daf7c7dcafb6e1cbfd3d79fd9401f90934a8d5ff8a09b619fcc14c6619cec2cc10e40d808605430386c7b6565140165c4ea0660e5f253a8feec4729c6a2b1bf6 |
C:\Users\Admin\AppData\Local\Temp\{1493dd12-d486-4ba5-82c8-80a1195a365c}\Bases\Cache\kavbase.kdl.7baf07601ea55caf34b35bec5751de63_0
| MD5 | 7baf07601ea55caf34b35bec5751de63 |
| SHA1 | aec49556ba3d8bb11e04687fa6722360d4753bb2 |
| SHA256 | b26e39c787e00a46c3813f017ed90ad641c13b5232e9e27e43f99c9bdcb75645 |
| SHA512 | cc1083d92887f56599bc3b3efba358fba4d35852f62079327347b6698af7e3ffa367b6693c8d8a2adf45517f2037658d265da64413953fa10830b20891aa9c94 |
memory/4936-553-0x000000000E450000-0x000000000E461000-memory.dmp
memory/4936-554-0x000000000E480000-0x000000000E492000-memory.dmp
memory/4936-560-0x000000000EB60000-0x000000000EB72000-memory.dmp
memory/4936-559-0x000000000EB30000-0x000000000EB41000-memory.dmp
memory/4936-558-0x000000000EB00000-0x000000000EB11000-memory.dmp
memory/4936-557-0x000000000EAD0000-0x000000000EAE1000-memory.dmp
memory/4936-556-0x000000000EAA0000-0x000000000EAB6000-memory.dmp
memory/4936-555-0x000000000E4B0000-0x000000000E4C6000-memory.dmp
memory/4936-564-0x000000000F1C0000-0x000000000F1E6000-memory.dmp
memory/4936-563-0x000000000F190000-0x000000000F1A4000-memory.dmp
memory/4936-562-0x000000000F210000-0x000000000F258000-memory.dmp
memory/4936-561-0x000000000F000000-0x000000000F15B000-memory.dmp
memory/4936-566-0x000000000F330000-0x000000000F349000-memory.dmp
memory/4936-565-0x000000000F260000-0x000000000F31C000-memory.dmp
memory/4936-572-0x0000000011D20000-0x0000000011D44000-memory.dmp
memory/4936-571-0x0000000011CF0000-0x0000000011D07000-memory.dmp
memory/4936-570-0x0000000011CD0000-0x0000000011CE1000-memory.dmp
memory/4936-569-0x0000000011CA0000-0x0000000011CC1000-memory.dmp
memory/4936-568-0x000000000F5B0000-0x000000000F5C1000-memory.dmp
memory/4936-567-0x0000000013BA0000-0x0000000013FED000-memory.dmp
memory/4936-573-0x0000000014330000-0x0000000014528000-memory.dmp
memory/4936-576-0x00000000141B0000-0x00000000141C3000-memory.dmp
memory/4936-575-0x0000000011E20000-0x0000000011E31000-memory.dmp
memory/4936-574-0x0000000013FF0000-0x0000000014198000-memory.dmp
memory/4936-579-0x00000000142E0000-0x0000000014326000-memory.dmp
memory/4936-578-0x00000000142B0000-0x00000000142C3000-memory.dmp
memory/4936-581-0x0000000014950000-0x0000000014965000-memory.dmp
memory/4936-582-0x0000000014980000-0x00000000149C0000-memory.dmp
memory/4936-580-0x00000000145A0000-0x000000001493D000-memory.dmp
memory/4936-577-0x00000000141F0000-0x0000000014293000-memory.dmp
memory/4936-584-0x00000000149F0000-0x0000000014A2B000-memory.dmp
memory/4936-583-0x0000000014B90000-0x0000000014C5E000-memory.dmp
memory/4936-587-0x0000000014C60000-0x0000000014CC2000-memory.dmp
memory/4936-592-0x0000000014D60000-0x0000000014DCF000-memory.dmp
memory/4936-591-0x0000000014B60000-0x0000000014B79000-memory.dmp
memory/4936-590-0x0000000014B10000-0x0000000014B41000-memory.dmp
memory/4936-589-0x0000000014AE0000-0x0000000014AFD000-memory.dmp
memory/4936-588-0x0000000014AB0000-0x0000000014AC1000-memory.dmp
memory/4936-586-0x0000000014F90000-0x00000000150EB000-memory.dmp
memory/4936-585-0x0000000014A40000-0x0000000014A60000-memory.dmp
memory/4936-599-0x0000000014EE0000-0x0000000014F02000-memory.dmp
memory/4936-606-0x00000000151A0000-0x00000000151AF000-memory.dmp
memory/4936-605-0x0000000015170000-0x0000000015185000-memory.dmp
memory/4936-604-0x0000000015150000-0x0000000015151000-memory.dmp
memory/4936-603-0x0000000015130000-0x0000000015133000-memory.dmp
memory/4936-602-0x00000000150F0000-0x000000001511A000-memory.dmp
memory/4936-601-0x0000000014F50000-0x0000000014F71000-memory.dmp
memory/4936-600-0x0000000014F20000-0x0000000014F33000-memory.dmp
memory/4936-598-0x0000000014EB0000-0x0000000014EDD000-memory.dmp
memory/4936-597-0x0000000014E20000-0x0000000014E34000-memory.dmp
memory/4936-596-0x0000000014D40000-0x0000000014D51000-memory.dmp
memory/4936-595-0x0000000015420000-0x0000000015579000-memory.dmp
memory/4936-594-0x0000000014E60000-0x0000000014EB0000-memory.dmp
memory/4936-593-0x0000000014CE0000-0x0000000014D03000-memory.dmp
memory/4936-610-0x0000000015250000-0x0000000015251000-memory.dmp
memory/4936-609-0x0000000015230000-0x0000000015231000-memory.dmp
memory/4936-608-0x0000000015210000-0x0000000015218000-memory.dmp
memory/4936-607-0x0000000015300000-0x00000000153DF000-memory.dmp
memory/4936-616-0x0000000015400000-0x0000000015402000-memory.dmp
memory/4936-615-0x00000000153E0000-0x00000000153E3000-memory.dmp
memory/4936-614-0x00000000152E0000-0x00000000152E1000-memory.dmp
memory/4936-613-0x00000000152C0000-0x00000000152C1000-memory.dmp
memory/4936-612-0x00000000152A0000-0x00000000152A1000-memory.dmp
memory/4936-611-0x0000000015780000-0x0000000015865000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\{1493dd12-d486-4ba5-82c8-80a1195a365c}\Bases\Cache\kavsys.kdl.761f656789cb55eedc099ba3cd372121_0
| MD5 | 761f656789cb55eedc099ba3cd372121 |
| SHA1 | 1498e8b3e8ae171002a0d92f66877adaeb6f19df |
| SHA256 | 0ad762cc4c8548fb7c8ca6e97a8d1c5078acb2ab3d4622d00fe28bc8cf893095 |
| SHA512 | 9b3004efa350d45eeae4c7e42209e1da6d7800f1a823ed734fc82a6f592adb75659cd712a72db69cda3e2d9c352b9e9e8eaf87d1d309a61bab1cc2b1a6f13d3e |
C:\Users\Admin\AppData\Local\Temp\{1493dd12-d486-4ba5-82c8-80a1195a365c}\Bases\Cache\qscan.kdl.ccf5fd3fdf62d187e66af0757868e5d2_0
| MD5 | ccf5fd3fdf62d187e66af0757868e5d2 |
| SHA1 | ee9dcb9e130505bfb654627c6064fd7792ddb95f |
| SHA256 | 1076d20f9d7823b1888fa0564bc1224a9ee66ce6ee4c632d1bfcc4feb458d998 |
| SHA512 | 2aba637da52e249628ea63d6083221ba36d0e211bf7e8bce2d1eca0155cb73bb0c058cfe5a6e0c658bae463debcacf07de08afc3ee91a01f7335c9e55c3cb73d |
C:\Users\Admin\AppData\Local\Temp\{1493dd12-d486-4ba5-82c8-80a1195a365c}\Bases\Cache\arkmon.kdl.ffa97045d8465e2172bb1d40a8621d1e_0
| MD5 | ffa97045d8465e2172bb1d40a8621d1e |
| SHA1 | 2805422d402810eb5c44d3c522e763eac8e944b2 |
| SHA256 | a23155cddf6a696f403d6299edcbbc77a029a35c7fa65fb0ccdcd4d5bd2c93a0 |
| SHA512 | dbe1d9afe191c2cbea9d5e0b434f908bb802cefd7937a2054565bb28b6defb43bfb6ad76310535832eae5e3187bd19f6d92c38f21a97bb35e1f29d9d8f35f162 |
C:\Windows\System32\drivers\klupd_8789c6eda_klbg.sys
| MD5 | ed6cd641a02baf78ecbe069e0b18b3b0 |
| SHA1 | cc4d47d1d0fcd3deb841f58923ac309f3be42081 |
| SHA256 | 66e7b89188e292d0abce941fcb2469e515e2a1bdbe07ad9868a34feb5f47005d |
| SHA512 | cb945fa49683b92841a7a915c73eb11b00fbceee8715a166d256cab0971dc4b4d8b2c7ad3c96e4efb73a7ea9c43ef6bfc9ff3acaffdc08df40b00048ea903abb |
C:\Users\Admin\AppData\Local\Temp\{1493dd12-d486-4ba5-82c8-80a1195a365c}\Bases\Cache\mark.kdl.68d9adb364007366de31df216e06bef3_0
| MD5 | 68d9adb364007366de31df216e06bef3 |
| SHA1 | 5a1b5face27868c07021b9b4af48be81f12b31c9 |
| SHA256 | 6692e9e3e029ec4f48b752cfb197d4e9b7f0d8faeb0f6ce51a962885cdd99fd0 |
| SHA512 | 0629960df306e2d2ffb6c1d8760456b306e15da9a0a3682e912ff4b816a517428d0871e812682072b1cf388695440acae40ba3f5804b92d825304a1fa18b613a |
C:\Windows\System32\drivers\klupd_8789c6eda_mark.sys
| MD5 | 124a94969ce6660453ccd66e40ecdbb0 |
| SHA1 | 46f7ad59b93bc1b78f76fc973ce728c7951352aa |
| SHA256 | 5938747dbf6aea335fdf9131fc912452cee781dff8be61750a9b2ef384b5f835 |
| SHA512 | 3b25bc9eead7f09350c81bca4eb1a11c5332b128918802385d15fb35d017bf2a5eef64966c3e6bb74d4450d794327a1a81c0521dda8b742fda17c0bcc50079e0 |
C:\Windows\System32\drivers\klupd_8789c6eda_klark.sys
| MD5 | 5ea5aa37289ae16948dc771223f94160 |
| SHA1 | 640392a0d01521cb0e4485d5641f74e64e1f38aa |
| SHA256 | 4b1fd5753737f72f2b8cb0fb299c6c0e3857df69dc19931351d9784f52f307b3 |
| SHA512 | 2721db2afd55f6abbe54b5865cb41f72216a52cddb6d07721cf0bd1b76fe58b47540467ce9b503ab56e4c614765c18f559b17d73479a4f5a0fae8f6093772455 |
C:\Users\Admin\AppData\Local\Temp\{1493dd12-d486-4ba5-82c8-80a1195a365c}\crls\c7e6bd7fe0e4965892ad706f0d2f42e88789b8041daf5b3eea9ca41785297798
| MD5 | 4b03934418970c06f092afe3d2155bf1 |
| SHA1 | 56a0e9666c3ee0071d70b9d2b364666fbb93068c |
| SHA256 | c3a63c68ae58f008e5eb52c8e515fe6f5f978e3a8e33ff3c4c4ec43b186486c6 |
| SHA512 | 7846f929ec6d68397c60155202365bbbae28c5faf053c67469b378bd059ac7fd8575ee4973d905e51471cabeadcf3251d229057fdba70eb5df478ab4eafb39f8 |
C:\Users\Admin\AppData\Local\Temp\{7ad03a33-0598-4978-a936-424b3ba91949}\994d5369-33b7-4a78-9fc7-d8cd79eac999.cmd
| MD5 | 6b3538766a7c15bccc6673262f957740 |
| SHA1 | 21b9ecd4e5595c8dd717c126d09aad5f6ce41705 |
| SHA256 | f6dc6dfaa707c30d471769e770cda52b8fc067363b1cf8393553eda6b0f88db6 |
| SHA512 | 07ebfba71e48aa1411120230168e2a5bfbb1bba0f5f69707644cb0d32f276d092ac6f70577c07105e35f542127c3f93b6235fdefd141123d397282c6b26e0567 |
C:\KVRT2020_Data\Legal notices\legal_notices.txt
| MD5 | 2689909dad3f105937cc03917ce6a8b2 |
| SHA1 | 0e3c2f27db9fc53f205bae4268091db2dd30623f |
| SHA256 | 15fff20108b100ce81e6b3de6a11535b9f0a18d80067a62555cf62e6954c1b6f |
| SHA512 | 0be32a0ac0ff64f0e7a9a0f362d3af7c701cc3f32ab78ccad12babf1da542723162a95a241688558c553f66ee56c57c6bfc1a96e27fdd8324c26fc23d94405f6 |
C:\KVRT2020_Data\Reports\report_2024.06.11_17.20.24.klr.enc1
| MD5 | 5ddd872b313ff923f4244968c08602ef |
| SHA1 | 3abf3ddd173226e7775265a0a23d0bd2c2d85042 |
| SHA256 | e03e336876e6e1e41a6e20c135d1a8eccb49967bd8d6f67776491bd1b11f4af5 |
| SHA512 | 919f04c6041e0b344fed1ca13acaea7c4e01ce31166c1a752f9749de801e487adb118685d408788dbcb7b8f77d6aff36ba5a4a8b94aecaa0d7605465b9f85324 |
C:\Users\Admin\AppData\Local\Temp\etmp2DBF8EC1-2A58-524B-BC61-2D01C91AD167
| MD5 | 7662a879f5ea52c1089465e46752a514 |
| SHA1 | 31697e48276d1b5fac0a13b478487d123efd3f1e |
| SHA256 | 1f7dfc2753cb87b3c02685b6e85e8ddc608e2bc8a0ba9f2dc7a9d9becb470e76 |
| SHA512 | 95207d66c4d28a3bdeeddd35b367f5f36e3e6324070f010a9b634897a1635ed63d1f1b5f6a2971533c1b7de3578b17864ad430d4d3f5986741b3fc071ce99d0a |
C:\Users\Admin\AppData\Local\Temp\etmpDE74578F-12E4-B141-9564-98C026593C50
| MD5 | 66cb576f0b97f33bb82f910f2c609820 |
| SHA1 | 934b7c659f257deda4a4b239d507fa33e49ec515 |
| SHA256 | 41d6305f3ddbde3e0cc9225f86c5f24d004a0c39f7553de5404779da6f45c891 |
| SHA512 | 15160d48cdf47cf509c3e7332076119b74fbbf5d9b28671f1d29c5c80a2685bda89078edfe603fde9101f515ab9f7178a96d2b3c71362114adf20b154f8d667d |
C:\Users\Admin\AppData\Local\Temp\etmp36C21B44-2AC1-F144-A8A4-5D2140210791
| MD5 | 85cbb2a3300c5969e28a59d571e18709 |
| SHA1 | 1c241ba19926bec8702a19dca831c5311d3d7e26 |
| SHA256 | cb6cedb24f57007074f89b72d27f0badbfa3517d3cf0eab94de9c757a8ef4d86 |
| SHA512 | 7303ef7afe2cb4eda8a3e3d175fc12462e67cf505c87c8cf40dccd03f9447df1b9169d03de7baf5180f91572c2477f5bb2617a750b7e79be823039e89241fd14 |
C:\Users\Admin\AppData\Local\Temp\etmp9A635814-18A1-2F48-AE17-2165C58B605B
| MD5 | 58711fdd032d847473d881cd0c1950f2 |
| SHA1 | 57694e3a9efccc2771c839f53d9dbd12aac82fa7 |
| SHA256 | e381975c4ef147187c577a20cc0df577d9f6a35c9f8fdbd53598a2ace04090d3 |
| SHA512 | a0345b86fca6e96f94387f5d5faed454f1ee5f9a8f88ae6fda8a35c5ad9e6cbbe3bbcda21df8aa78fddd8295b81a396dabea336a344fbfb7dbb2456cbe5337ae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9410c3f7d64c5613b53de5f5e21c38bb |
| SHA1 | 4f350c69c188d3ed572ed95d2e8b1a1ab2531889 |
| SHA256 | 61ce516bc57f165bf01825024bc4833fb96e280542e1b2ef422b4a437cdfd3de |
| SHA512 | f3a982c164d52fd5c056793fb9f783342b0b86587376fac18e1f0434b8881bc854e212eba232913f38682aaafb6e2afde459f81c9c3393165cffc279b9972768 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5e3b7c1a10842272553d6e8bcd5c8694 |
| SHA1 | 11ed51b38e0c09f1043d2850919424d51274644f |
| SHA256 | 824c32a3888be980ada303a69b96cd618fc85425e1157379835cc3aed07fb1a6 |
| SHA512 | 7c5da58f52ade18a8dd1da82b7fcba696e9b0c82007b241d6d1db9f27767f3b8b8d4edeaa7456e5bc0c5f3c32682d8af30638a2aa3c99866dce985b40588c518 |