Overview

overview

8

Static

static

1

drweb-1.0-katana.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    301s
  • max time network
    296s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-04-2023 15:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    drweb-1.0-katana.exe

  • Size

    46.8MB

  • MD5

    8acc7d1bd885d322e0906c48d66b5eac

  • SHA1

    8dec2d7e07fd6eee855fe3d18d24cb81514f323c

  • SHA256

    c04f2c02e34da7bed4800b45220f5831dec511da884f738c1e3321c18ef8c516

  • SHA512

    32a94a49569e582b12a2a99c8030f01eae213ea11be0b6613e3d79c6f9dc3889c80d27b1fbdeb4edd4849be24c4cbda402026d5556de94090543effa34a3048c

  • SSDEEP

    786432:MwtCRQ9ZTbV/sjEKj3STdBoFMDhSLF9MKIxEPT9cFRHRdDHtKC0owR:MmFlV/6EgAcFMhSJGKIxwJcF1RdDNKQg

Score
8/10
bootkitdiscoverypersistence

Malware Config

Signatures

  • Drops file in Drivers directory 9 IoCs
  • Sets service image path in registry 2 TTPs 2 IoCs
    persistence
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 11 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 6 IoCs
    persistence
  • Checks for any installed AV software in registry 1 TTPs 43 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Writes to the Master Boot Record (MBR) 1 TTPs 5 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Checks SCSI registry key(s) 3 TTPs 5 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 60 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: LoadsDriver 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 47 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 10 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 21 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\drweb-1.0-katana.exe
    "C:\Users\Admin\AppData\Local\Temp\drweb-1.0-katana.exe"
    1⤵
    • Sets service image path in registry
    • Suspicious behavior: LoadsDriver
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:544
    • C:\Users\Admin\AppData\Local\Temp\33D2F114-6619DD6A-3C1EFD66-C094200D\katana-setup.exe
      "C:\Users\Admin\AppData\Local\Temp\33D2F114-6619DD6A-3C1EFD66-C094200D\katana-setup.exe" /distribpath "C:\Users\Admin\AppData\Local\Temp\drweb-1.0-katana.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • Checks processor information in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:4832
      • C:\Users\Admin\AppData\Local\Temp\33D2F114-6619DD6A-3C1EFD66-C094200D\drwupsrv.exe
        "C:\Users\Admin\AppData\Local\Temp\33D2F114-6619DD6A-3C1EFD66-C094200D\drwupsrv.exe" -c add-product -p "DrWebAgent" -p "Help" -p "KatanaSetup" -p "Updater" --list "C:\ProgramData\Doctor Web\Updater\repo\90\products.xml" --merge --version=90 --rev=9 -a "C:\Program Files\DrWeb" -v debug
        3⤵
        • Executes dropped EXE
        • Writes to the Master Boot Record (MBR)
        • Drops file in Program Files directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:2556
      • C:\Users\Admin\AppData\Local\Temp\33D2F114-6619DD6A-3C1EFD66-C094200D\drwupsrv.exe
        "C:\Users\Admin\AppData\Local\Temp\33D2F114-6619DD6A-3C1EFD66-C094200D\drwupsrv.exe" -r "C:\ProgramData\Doctor Web\Updater\repo" -c install -p "DrWebAgent" -p "Help" -p "KatanaSetup" -p "Updater" --disable-postupdate --param="distrib_version=1.0.8.06270" --param="en_help_file_name=en-drweb.chm" --param="en_help_lnk_name=Dr.Web Help (English).lnk" --param="estimated_size=108298" --param="install_date=20230403" --param="install_mode" --param="install_source=C:\Users\Admin\AppData\Local\Temp\33D2F114-6619DD6A-3C1EFD66-C094200D\katana-setup.exe" --param="installdir=C:\Program Files\DrWeb" --param="lang=en" --param="path_to_chached_distrib=C:\ProgramData\Doctor Web\Setup\drweb-katana\katana-setup.exe" --param="runbysetup" --param="sendStats=1" --param="startmenu_shortcut" --interactive -v debug -l
        3⤵
        • Drops file in Drivers directory
        • Checks computer location settings
        • Executes dropped EXE
        • Adds Run key to start application
        • Checks for any installed AV software in registry
        • Writes to the Master Boot Record (MBR)
        • Drops file in Program Files directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:4032
        • C:\Program Files\DrWeb\dwservice.exe
          "C:\Program Files\DrWeb\dwservice.exe" --install -o "C:\ProgramData\Doctor Web\Logs\dwservice.log"
          4⤵
          • Executes dropped EXE
          PID:4336
      • C:\Users\Admin\AppData\Local\Temp\33D2F114-6619DD6A-3C1EFD66-C094200D\drwupsrv.exe
        "C:\Users\Admin\AppData\Local\Temp\33D2F114-6619DD6A-3C1EFD66-C094200D\drwupsrv.exe" -p "DrWebAgent" -p "Help" -p "KatanaSetup" -p "Updater" -r "C:\ProgramData\Doctor Web\Updater\repo" -c postupdate --param="distrib_version=1.0.8.06270" --param="en_help_file_name=en-drweb.chm" --param="en_help_lnk_name=Dr.Web Help (English).lnk" --param="estimated_size=108298" --param="install_date=20230403" --param="install_mode" --param="install_source=C:\Users\Admin\AppData\Local\Temp\33D2F114-6619DD6A-3C1EFD66-C094200D\katana-setup.exe" --param="installdir=C:\Program Files\DrWeb" --param="lang=en" --param="path_to_chached_distrib=C:\ProgramData\Doctor Web\Setup\drweb-katana\katana-setup.exe" --param="runbysetup" --param="sendStats=1" --param="startmenu_shortcut" --interactive -v debug -l
        3⤵
        • Drops file in Drivers directory
        • Executes dropped EXE
        • Adds Run key to start application
        • Checks for any installed AV software in registry
        • Writes to the Master Boot Record (MBR)
        • Drops file in Program Files directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:448
      • C:\Program Files\DrWeb\spideragent.exe
        "C:\Program Files\DrWeb\spideragent.exe" -register
        3⤵
        • Executes dropped EXE
        • Checks for any installed AV software in registry
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:4528
      • C:\Program Files\DrWeb\spideragent.exe
        "C:\Program Files\DrWeb\spideragent.exe"
        3⤵
        • Executes dropped EXE
        PID:2340
  • C:\Windows\system32\vssvc.exe
    C:\Windows\system32\vssvc.exe
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious use of AdjustPrivilegeToken
    PID:3188
  • C:\Windows\system32\srtasks.exe
    C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4384
  • C:\Program Files\DrWeb\dwservice.exe
    "C:\Program Files\DrWeb\dwservice.exe" --logfile="C:\ProgramData\Doctor Web\Logs\dwservice.log"
    1⤵
    • Sets service image path in registry
    • Executes dropped EXE
    • Loads dropped DLL
    • Checks for any installed AV software in registry
    • Drops file in Program Files directory
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: LoadsDriver
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2008
    • C:\Program Files\DrWeb\drwupsrv.exe
      -c update --progress-to-console --disable-postupdate --dws9 --verbosity=info --protocol=http --type=update-revision --interactive --coutname=4005B26FB2598928
      2⤵
      • Executes dropped EXE
      • Checks for any installed AV software in registry
      • Writes to the Master Boot Record (MBR)
      • Drops file in Program Files directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1624
    • C:\Program Files\DrWeb\drwupsrv.exe
      -c postupdate --progress-to-console --dws9 --verbosity=info --interactive --coutname=A29CAA8FE3BD06FD
      2⤵
      • Drops file in Drivers directory
      • Executes dropped EXE
      • Adds Run key to start application
      • Checks for any installed AV software in registry
      • Writes to the Master Boot Record (MBR)
      • Drops file in Program Files directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:3688
      • C:\Program Files\DrWeb\spideragent.exe
        "C:\Program Files\DrWeb\spideragent.exe"
        3⤵
        • Executes dropped EXE
        • Modifies Internet Explorer settings
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        PID:1808

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

2
T1060

Bootkit

1
T1067

Privilege Escalation

Defense Evasion

Modify Registry

3
T1112

Credential Access

Discovery

Query Registry

4
T1012

System Information Discovery

4
T1082

Security Software Discovery

1
T1063

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PROGRA~3\DOCTOR~1\Logs\dwupdater.log
    Filesize

    4KB

    MD5

    d87a839ef3a1009068e7232aa23faab2

    SHA1

    c0c308212159efa4ac8035d4a50125414b6b7baf

    SHA256

    4c218ce789400c312a72b1abd4ccaac2944c0322ceb25ac6aa717ce27db3a854

    SHA512

    3009c2ab9a8094c279ffa1255ec031daa993f081de7405a208f752faa02ad8b1684c80ad336c21d99c138974c935cdf91a84644856b2d42d6bd54237752a4b8f

    Download Submit
  • C:\PROGRA~3\DOCTOR~1\Updater\etc\drwupsrv.xml
    Filesize

    1KB

    MD5

    0e17fc49675047677039ce1841f44f81

    SHA1

    5771003715b3cdc28ef4a3ac6141d96e370cca2e

    SHA256

    1913cc1925780f1f35bdd5a0dea559695acea59210820b84f48c0e7a93bec6a8

    SHA512

    593deec5521c69d76ae895a6e54338591ad25df9527971aaebdd22916950ba8eacd25d66cec1a500ed691e7471a5bbef1184e2dce68809c6556f605d70ac800d

    Download Submit
  • C:\PROGRA~3\DOCTOR~1\Updater\etc\drwupsrv.xml.backup
    Filesize

    1KB

    MD5

    9aec06332bdd83ea5575debe10f3a399

    SHA1

    35c2c9378f2c35e775bedb3ae5c9b458a758de22

    SHA256

    9fcb154360cdf54791b41f7be0b5092fccdac034dfc69c7aabcc8a0f2ecc2aa4

    SHA512

    00fdeb3d1ec8635dcdfbe7b65eb5e4a8b1762cf95eaef55076142825229201ce7a0de6eac252504f46c8eafc7397536b33c91ca2eaea00a53340bd4284e17ccd

    Download Submit
  • C:\PROGRA~3\DOCTOR~1\Updater\repo\90\av-service\9\20230324160215.xml
    Filesize

    2KB

    MD5

    8a81ebea162b6e0937d7d8116f1e81e8

    SHA1

    b98c647b030fac5c981999a9cad98ca55262dac8

    SHA256

    0a278293566d84523d04c0a03d6c8214143465df2e2879774a97634b56a59887

    SHA512

    d9f7ac7cdce6a204b32a3612f9339efac0b109aa2f851c9a96e498605486c3dbc61011071c0fa7430fe1b064aaf9e21930e645439a3ab5a37a870649a5b2bc0c

    Download Submit
  • C:\PROGRA~3\DOCTOR~1\Updater\repo\90\cloud-client\9\20230324160215.xml
    Filesize

    1KB

    MD5

    fd4ab6449fc5c8ca4ab0d44c21027aa1

    SHA1

    d15c9f7df282f2b4f66d50c8ed2e20a6cb70f22e

    SHA256

    b81be98239c162356e7e1bcc8b8d06c54b26f8518a20f88b2436168298553f53

    SHA512

    2e89e71cc233283279fbeff4806627fcc4b10a90308a405d1104eb9de05d2dcc74f54bf32d322c7b595ad7699e0bc5b665420fd9460e5643b3d160b65271c4db

    Download Submit
  • C:\PROGRA~3\DOCTOR~1\Updater\repo\90\comps-revision.xml.newer
    Filesize

    244B

    MD5

    4da5b091cd35646447213ceb478e8b7a

    SHA1

    726cb21d838197d2909e238dd1a949d2533acda0

    SHA256

    e499011da0ae158ccaa7d8c645a6e4deaa5640333a0ca8df2723879094e541b2

    SHA512

    54950b4ad7e60eda107b22f9af4716fb4e80c0bf542543fe88ac5367ba41a6a3846af326c47ecbbd644cc05d727ab6436f5ef003ff8301586f836d1d01dbe561

    Download Submit
  • C:\PROGRA~3\DOCTOR~1\Updater\repo\90\dwl\9\20230324160215.xml
    Filesize

    5KB

    MD5

    42467a148d264fd4d5596a6bcef384f2

    SHA1

    78cb787be2cf7e62b5719e8e4d2dbf8e2061c245

    SHA256

    c187d8f35bb8d9ed6858753a164e3527b2bd6d8335fe42dc8d1ba574d8e28e76

    SHA512

    1f15b6f93f50f4801afe467af228e93bd769f612015da66f472fc623590c95cac88adea54e8b979fa07e0b0ba304ef7d3c1cc5acfe9dddac3ec92321c81517ae

    Download Submit
  • C:\PROGRA~3\DOCTOR~1\Updater\repo\90\dwprot\9\20230324160215.xml
    Filesize

    1KB

    MD5

    379e8dd5683a73a1d3ad8c615e65a482

    SHA1

    1e2e27ed0d81f8682041874fb0f1dcaba05110df

    SHA256

    7d7b23e57306db05ae7f73fa5188fe52ec1895b0650510474a366df3e4473fe9

    SHA512

    252d110cc7c6d7d288249d9aba8b54053ec47cfc4df79babf85c6882ee49d859c8ea6c82eb018e256cfa4eef3831c501b29af481e5def0856595ee77e6c47797

    Download Submit
  • C:\PROGRA~3\DOCTOR~1\Updater\repo\90\help\9\20230324160215.xml
    Filesize

    1KB

    MD5

    fa2f077ceabb181d6ad78b46ca95248e

    SHA1

    42d4ac88ac55fc505d5e5530ab9fbcb1ec5f494c

    SHA256

    fbe434512f9155d31c9fa05d9aa941a2024947246ad785f9d68952cffc5ff5b8

    SHA512

    6750a961b87b5468eaf055900eed1c4fba1a4ddec7c70262bfa5dbed6cf144fec67a3325d185a60d94cf0270822054af32a0d81355cb882d70567f41bbc8d0f9

    Download Submit
  • C:\PROGRA~3\DOCTOR~1\Updater\repo\90\katana-setup\9\20230324160215.xml
    Filesize

    739B

    MD5

    e2fdfeb729badf84ddcf69fe98006ddb

    SHA1

    daffa9bf841815c4845d55e534f503df88219a8f

    SHA256

    77af4634899f3f318d541284b3c0897ceb807e906013dce211d479836b195f8c

    SHA512

    c372e4907326909001d75eac4db9dfea47f8b30f673ed1fad2f180eb875e7c6c4b991ae507e61cde828e178efc3800b61e8f8932c415dc8346c53f2496093999

    Download Submit
  • C:\PROGRA~3\DOCTOR~1\Updater\repo\90\products.xml.newer
    Filesize

    1KB

    MD5

    4dc21f25b3050c1453a61396ad8978fd

    SHA1

    8d407a7974044da42ef696b6878f15399d2f7395

    SHA256

    3d31d486128750a0bb45cf6460ff1c38dee69cae8093379c522bc651a1523658

    SHA512

    6c809853b0ad11e7bd4d0b264dc2a3132934d80dd25b2b76102e27a4cd26fcf0f966661d65065d0dedb4ab113ef18e7a57f552a3aeaeccff998880eb3504ffcc

    Download Submit
  • C:\PROGRA~3\DOCTOR~1\Updater\repo\90\spider-agent\9\20230324160215.xml
    Filesize

    1KB

    MD5

    187e05284b7d2426ff91dd51195ddc28

    SHA1

    bb9e18440d14310faefe9dad12b4399859df8192

    SHA256

    9fabfdddac3817f46de1e83949db1a0c7cd16f27a06b49f9d940abf513a82584

    SHA512

    bdfa4f2581eb083b3d34c477e4d4c1fb3e397e6b6c86de665a270c0e26f4e339d74421a5701f9265b7d5bdd912cd4d156ca01f4c0536ffa0ca3b5464906981d2

    Download Submit
  • C:\PROGRA~3\DOCTOR~1\Updater\repo\90\sysinfo\9\20230324160215.xml
    Filesize

    1KB

    MD5

    392d55d08d9ed17cb0a57e719d24ecf0

    SHA1

    83d0522f0ffbf55c5cc9ba938985a8a238394b1e

    SHA256

    5b9ed33350317321eebf0e93f42c6923fa8c636d0ea6afcae11bba0732699a38

    SHA512

    03aa0b4e87ad2e1fbd256ee7aa654e6a37acffc81f7b21c2389fec043de0392c99faffd79a9c5c7ba523dba5303071affe6197aea2c6a9c6e7fc5d44e00c8ea0

    Download Submit
  • C:\PROGRA~3\DOCTOR~1\Updater\repo\90\updater\20230324160215.xml
    Filesize

    231B

    MD5

    c8231203b7666f23de5d1e38828a6b51

    SHA1

    084aa68c9b2f6736dcadc47ec20fd17707dbe623

    SHA256

    f34daaa80e6458e35fa9e9e242eba356a8c7fc272b0a23029be762a0496bfb09

    SHA512

    16a820145733fc604187a0163e9ade19401fedfc30239cdba962d315c140316ae550df5d335d0259ec2c0766e6eba1c9fd57e13b9c4b89ff0444916f8960ce92

    Download Submit
  • C:\PROGRA~3\DOCTOR~1\Updater\repo\90\updater\9\20230324160215.xml
    Filesize

    1KB

    MD5

    3f5f9ac489d540abae172206b5711238

    SHA1

    9d224818480c088ec09a6d982f89e6ce63533c9e

    SHA256

    d5e84c5c23124952f7580abba448483f2d63541e2fec6e755e4ca173f5d815fc

    SHA512

    115d7c6fe2870972179a893e8d743438bf742fc1ba88da7136dbed98056a81e1138035260fa5fba35195438ee6ddcdc248deb68443b9bb80561b1e36ce23ad13

    Download Submit
  • C:\PROGRA~3\DOCTOR~1\Updater\repo\certificate.xml.newer
    Filesize

    2KB

    MD5

    ace3e703850222a8207441237170fc06

    SHA1

    6b43c8f784a14741c85eb18a497335a09deca3c1

    SHA256

    72b75ceedbdad05dc399905f7f5f568017d837712ce11f19787343654b6f6a67

    SHA512

    4e19cca93fe00e94ea5a63436d80be12bd5c3287df89351c105726da5b8eb433f361d70720da2c2bce57dd72215afc298a97a0436441a45c19150f1d92a86996

    Download Submit
  • C:\PROGRA~3\DOCTOR~1\Updater\repo\versions.xml.newer
    Filesize

    2KB

    MD5

    f1594843e38325737d63c0e7c25abb5e

    SHA1

    5431a608ab08ec63bfc90c800b1edff975c92cfe

    SHA256

    194072f3c25da8b12039affd3a610cacdf506a3263ef69c9c9bb9d2fd69ee356

    SHA512

    da2c93eb5ce1773bb89f2119152ee07e698a239e472edd4b842d45cfc87026a81e3674bfb251a37e550589771b7cc8b855b0c268cb9db2ec7e81bd13d0d78253

    Download Submit
  • C:\Program Files\DrWeb\drwupsrv.exe
    Filesize

    7.6MB

    MD5

    4a482dc20f7e3f4bd091929014788bfe

    SHA1

    8e9014d89b3e9b433b7c38cf7b2aec77efe3d3dc

    SHA256

    f817e511bb03d33e15f96935774fb35c1b8d368abe81eca50944086275338105

    SHA512

    332fd24d9a20789f4e35a5167a0f9f446c480c69b47b6295c3c78eabe1e46c9cbda64a4024e95b2ac4a46ded1a11cf854d719a497a3f25e72df91d8e45b048fd

    Download Submit
  • C:\Program Files\DrWeb\dwservice.exe
    Filesize

    8.5MB

    MD5

    472fd8b43f4de42497a6e16a3f914a19

    SHA1

    2f587b11c117d0bdaa9731539b79196a492253e9

    SHA256

    6e60fdcabdfd74274a7e2da62315fba484ef8c587bafbb3c39cdeb741a39b79c

    SHA512

    16d78ea2c306f46ff76cf20a33c60496132c47c08ac838c41305fba95e33741e31e6a83e99a44b2a709ceeaf3675b0565d2c4e6d0d906e2660895eb6d45bd4ee

    Download Submit
  • C:\Program Files\DrWeb\dwservice.exe
    Filesize

    8.5MB

    MD5

    472fd8b43f4de42497a6e16a3f914a19

    SHA1

    2f587b11c117d0bdaa9731539b79196a492253e9

    SHA256

    6e60fdcabdfd74274a7e2da62315fba484ef8c587bafbb3c39cdeb741a39b79c

    SHA512

    16d78ea2c306f46ff76cf20a33c60496132c47c08ac838c41305fba95e33741e31e6a83e99a44b2a709ceeaf3675b0565d2c4e6d0d906e2660895eb6d45bd4ee

    Download Submit
  • C:\Program Files\DrWeb\dwservice.exe
    Filesize

    8.5MB

    MD5

    472fd8b43f4de42497a6e16a3f914a19

    SHA1

    2f587b11c117d0bdaa9731539b79196a492253e9

    SHA256

    6e60fdcabdfd74274a7e2da62315fba484ef8c587bafbb3c39cdeb741a39b79c

    SHA512

    16d78ea2c306f46ff76cf20a33c60496132c47c08ac838c41305fba95e33741e31e6a83e99a44b2a709ceeaf3675b0565d2c4e6d0d906e2660895eb6d45bd4ee

    Download Submit
  • C:\ProgramData\Doctor Web\Logs\setup-starter.log
    Filesize

    2KB

    MD5

    11802c24b75ce98899dde5f318d1bcc0

    SHA1

    e889f02100b9247db77e66e2f7d624ef7f87a8b7

    SHA256

    a0f4a5cedb2d708078a690a3f6c68c320b2009ce70224bd23565d572ab024735

    SHA512

    afe11220a08d8902b69fb4535ad4aeaf23eeda00d9e0dc9191ba879510d590b54ef2bf76b6d8a38cc80948576b60c52062329e33dc100ec0d20a0aa5da3fc4cb

    Download Submit
  • C:\ProgramData\Doctor Web\Logs\setup-starter.log
    Filesize

    4KB

    MD5

    1f905db6961a4b5860058cbdccdb4d36

    SHA1

    eb45757e8b531b3562443afc06d1cb47b4442428

    SHA256

    10c530eeb9e7e9a5db0160a16d376a09868d9abb2cb7576a8e3cd2ae81055ef8

    SHA512

    b3207e095723a18baee9f515a1cd1d4fb98d4e18ee6933bd6c16edf119ebb1bdc39d128003c9b211e6c53070140f664af93fbd076469213148f17221b32c0efd

    Download Submit
  • C:\ProgramData\Doctor Web\Logs\win-katana-setup.log
    Filesize

    5KB

    MD5

    df1bd925c96304e2955ce4b33a0d330f

    SHA1

    54c5f7955315d016b3b5e846e522d9f692bce90e

    SHA256

    5f873f45cb474c95a5dc31ed1536ac778bf49c456e824b56ff2f32284dc1ada9

    SHA512

    2adf3f131cedc1a3e7b666e8a1da5754d90689f3fbba6bf25b07a66d8b0b9c1b43a90918fac8b2429ac79c1071080019afa5cbab620577b7cfa2479bfc4b4caf

    Download Submit
  • C:\ProgramData\Doctor Web\Setup\drweb-katana\katana-setup.exe
    Filesize

    7.9MB

    MD5

    e5cac0467169d34fcee3c86595c570bc

    SHA1

    ba851755bee82c83d412f162250717d23732bf5d

    SHA256

    c2d6af0faa19f65e9df16d761a892a50c3736bb4563a2981e1e69e1da2739d17

    SHA512

    0b483a88c78d1da2b2f9ada572e7a7d8be287a02f7da2646f5d8dbfffea48cdea2dd661864bc87de29939f65543ef2bb52fa092b614bfd23802daf2d872f7266

    Download Submit
  • C:\ProgramData\Doctor Web\Updater\repo\90\av-service\9\common\drwbase.db.lzma
    Filesize

    4.8MB

    MD5

    04e49ede35e457e11d3b75fad058b9b0

    SHA1

    5ec2dfd7c9ed83f172acbd2ae1577583ee750b04

    SHA256

    8f3fc74ea6ce6781717b0eb0a2048dc2ec3e729b5ba3d77c3eda673c32510f67

    SHA512

    5f9c35eb2870a74b2664c6958f2e73abdae6110e0b09b3e32296fb42d86e61bf9009af4a65ddf5236b6081e5854f6cbc66991c1d629d5f41518a279c25143fb1

    Download Submit
  • C:\ProgramData\Doctor Web\Updater\repo\90\av-service\9\revision.xml
    Filesize

    2KB

    MD5

    4c7958537dacacf53935846adb90e2de

    SHA1

    ea3ced9f7d7be90cd37435d0b892e7a66c91bbb4

    SHA256

    316335e1dc5c503ec0671afa2ef916186121b874c149e5a2586eaab8e7ab7cab

    SHA512

    30bd0fc6e669610bbea4c90952955f7d8e78c906dc248ebb68728ee82a319e2f2d9ad2d9376f3b583da2ec6486eaff2d804b77b2f82732442618de4dc61036ce

    Download Submit
  • C:\ProgramData\Doctor Web\Updater\repo\90\av-service\9\script.lua.lzma
    Filesize

    1KB

    MD5

    251851e2cffafd713c350af83cd2dad2

    SHA1

    6d25bf1c365ddbcf3b0fe08785e4d26341adea52

    SHA256

    ec76aecaf2ea2948ab0da21ef5f197a6128609c6c5ae596963a1b65c7b4b2b8a

    SHA512

    cfd2e8d8742f1f4ee4824ee1b3f5e93860d18b054e5cf10161fda247d451f5536cb60bac1e2dc6bf70a0aba3c3c22f18fc48dfd453fe8776ca2492302ec375c2

    Download Submit
  • C:\ProgramData\Doctor Web\Updater\repo\90\av-service\9\x64\win\nt\common\dwarkapi.dll.lzma
    Filesize

    1.3MB

    MD5

    2f2998d350ac2d30639ec0831b976a98

    SHA1

    dc75444492ab6f35839122cd0124ea9f359f443c

    SHA256

    08cb6e60d1cd86f8b24dc95c6a744dcb5dc42029467bead2a4401d9fe80dc8c0

    SHA512

    d76457e8d79f27f6bfcae6c78dd44cde6da49cdd3651667f01a7925a650c9f01ba5338b229a91cdb8fb0f11dcccbd45d6ca3e744f6fd2985ba1920405d1c6c50

    Download Submit
  • C:\ProgramData\Doctor Web\Updater\repo\90\av-service\9\x64\win\nt\common\dwqrlib64.dll.lzma
    Filesize

    278KB

    MD5

    9f507e343805a31ae6674ee83fef3347

    SHA1

    185b4c5de86a0c5dfc9824f38b8e47e53a700ba2

    SHA256

    5cb4c0086a33c78c48682324f3d6b0d2cf45e041523cbf060ad5985f0d396f82

    SHA512

    8d91cdd4fc76dbfa5ad454ad5ca2703807f600893bb51c16f596d951b9838669a94a4fef4d77e2d53b7c88fa997f7d41a65c4f3bb49324627a5cabfe88350d51

    Download Submit
  • C:\ProgramData\Doctor Web\Updater\repo\90\av-service\9\x64\win\nt\common\dwservice.exe.lzma
    Filesize

    2.4MB

    MD5

    66bed6484dcf70cc2acaae1681242e16

    SHA1

    01d41eae0b7f241a9236ef8c02572e606f7f9df4

    SHA256

    ca79420d01dbe74540967fe6f31d5a49c280d3341256585089ee3fa0cfadbcfd

    SHA512

    e6fa6a952b9455043c2711b122bb17305283f084b9d57033691e948999d065f87c6633812aef0dee37a01ca2e8e319f2908538778df3f0de11d7430ee54d61d7

    Download Submit
  • C:\ProgramData\Doctor Web\Updater\repo\90\av-service\revisions.xml
    Filesize

    236B

    MD5

    eb955f8e7973e0c8b2c2859bc58145df

    SHA1

    acf3cda0d9cb9ba4e072d847df17f0bcdbd61f76

    SHA256

    b9228f0cf7a0dec93d9f5b7ff3c2dbb878ed36447b5e089c4109b8dc2535599c

    SHA512

    29f3a7a993ad9a2dad2e423a5a8ef24b3eecd1b02b76650fd98f665f451e2cf2c15f52ee45212da3f3e4eb52bb0876d25756c297d4af75d97d1710044058e5da

    Download Submit
  • C:\ProgramData\Doctor Web\Updater\repo\90\cloud-client\9\revision.xml
    Filesize

    1KB

    MD5

    9174569271957bcb6bbc57b2253715d7

    SHA1

    22b8a437886de85ddbc78820f32355b5c2963d31

    SHA256

    754788b592c2dcc4cd9aba4afdd9071ea81765101e92ed770bff62e0cc452b08

    SHA512

    93a9698ae71fca7efd56d5fba2695dbd0fefb2f9737cf214f6314e43550bd267e81b503c1b49ffffa30c9e9d060068994fd6c43d5d591797a632fea2a0150a91

    Download Submit
  • C:\ProgramData\Doctor Web\Updater\repo\90\cloud-client\9\script.lua.lzma
    Filesize

    462B

    MD5

    3844830e44f7997d0475f43b90d8c010

    SHA1

    8995fb30c3a70064ba0125120cfd3ac4c80aabf8

    SHA256

    203b5f3d3ef0efac1a46b96869e198f909bc8b9ad35d46c0e45c0514135c3b66

    SHA512

    576ac483a30b2d02cd20002e0382811a73ed59d743c9c84cc1f461a580594678f754aa13fb19f3e9d7975128e803eda6d30fcde599ebf9c0c8b481cb30a0f050

    Download Submit
  • C:\ProgramData\Doctor Web\Updater\repo\90\cloud-client\9\x64\win\nt\common\ccsdk.dll.lzma
    Filesize

    2.6MB

    MD5

    20d0ad5657a1c0a393b16af430ad2685

    SHA1

    95190b1b2993a82a6ca39d2c72d894eb0d0afd90

    SHA256

    4f4934cfd84cebc345d90bb25a6ca3aa83861c20b9be2ca780b6c1edf9b9a388

    SHA512

    f434b120572ec2b7902968a941708f1e79dff72e08a7bedc0f2ad8cc1d30e60065871f483e48c56b1ebe2a4f5223509e0563cee4fd4b4e901b46e45df2af9e80

    Download Submit
  • C:\ProgramData\Doctor Web\Updater\repo\90\cloud-client\revisions.xml
    Filesize

    236B

    MD5

    2e9b7ede7e063715f978750d1b0943fd

    SHA1

    e5221f216f3595f2d2f9485d137eebcc076ddc13

    SHA256

    e52718d956f14bdb18cdc9c26fa95e3b4e6786aa01291dcf0de7c5df61c87217

    SHA512

    1d0a2692dde54a282a965a7090d8291962578771d213184efa7aa412da87b4e3def50538e474fb38eafb696c0c73de4aecf2f65221f0caef63804b3410df143d

    Download Submit
  • C:\ProgramData\Doctor Web\Updater\repo\90\comps-revision.xml
    Filesize

    249B

    MD5

    297e7df4a2bf24e7f4cdc7c735e4b925

    SHA1

    4d787d644e6c261a6a33128fb95886a567e9713b

    SHA256

    71c4225140b5bf75f6cbd7b7f0c55ebbb7aa0e4b88a48dd518a28ac66bd4005b

    SHA512

    380c3c1e5d702549fb921f4871cd0e4c50d5e7928f4d9972ea257604cb74e695ebe9a9e7ece81e7500a44db2b3adadc122dbb9ed0a07dfb56d94c7b6059d6a4e

    Download Submit
  • C:\ProgramData\Doctor Web\Updater\repo\90\dwl\9\common\cs-drweb.dwl.lzma
    Filesize

    41KB

    MD5

    7ab5da4f1361653fd93a846e603aff0c

    SHA1

    8a47bd5b45dbec060b0ebf1e1115f38f93dd274a

    SHA256

    96523040f9aacad60581d6fdf49f00c568b8eec0472a946374ade7f51a2d6eae

    SHA512

    d6b57275245020b4401ac478724dae8a36785d8aec8537f145e85cdd9c67e466de5053a7f68d3528600d7b1f0414b9837fedd29f3ec9e715e54a2ff0db1ed937

    Download Submit
  • C:\ProgramData\Doctor Web\Updater\repo\90\dwl\9\common\de-drweb.dwl.lzma
    Filesize

    41KB

    MD5

    049e8ffb93161e38eb21f1f42f9c6689

    SHA1

    505179f88e0d5f5bd05a70ac5acb49a9b44d42d3

    SHA256

    aad3fdf032f9269b45f024431a180040e08823fe285a4a60d20f0bdcc071ab09

    SHA512

    279104e6c445e53487bf0b5552bbed42a9bb8facdd49fdf79fb0db9e20c4de2ef08150b7640a3e46bc7dd6f460448f26d77b0838808b49e6a15192ab5419bfa9

    Download Submit
  • C:\ProgramData\Doctor Web\Updater\repo\90\dwl\9\common\it-drweb.dwl.lzma
    Filesize

    38KB

    MD5

    e9b12908bfda71373c316eb3bcbb270c

    SHA1

    61fcb136b2e89be78f392a112274cf0a0f045939

    SHA256

    ad2eb5bc3329343b22fadf8a8d6325d715bbc37d7f0d9058b6f2155f2f7ed59d

    SHA512

    20dab4284398da4efc469b88c7ca0b08719cb79891b24ea6d1415d1f730b63c701e4b47d17f05b28320e46ee5dd76a6b66391b1a4bf4502b24f85551bd325a33

    Download Submit
  • C:\ProgramData\Doctor Web\Updater\repo\90\dwl\9\common\ja-drweb.dwl.lzma
    Filesize

    47KB

    MD5

    ca20808eaeeee62c728bbe4e65ea5a1b

    SHA1

    5bbdf87693b35a5d408394827ba6d5157424e8cb

    SHA256

    d4d988aeacd96083f6a37fe0ae41096ee9ed018bb64ff358246863311f44482d

    SHA512

    4bab4c1a0cf16f47065167efd47375454cb6e22ab043f4cc5b155158abc5060e6b4554f467312dc906891e91e5ee32c0965dd392ce4a20914785da5626dd369d

    Download Submit
  • C:\ProgramData\Doctor Web\Updater\repo\90\dwl\9\common\pt-drweb.dwl.lzma
    Filesize

    39KB

    MD5

    90616d30696476221f827b710a0178d0

    SHA1

    0c9cc78f4b48cba5264f04911f1ac4c201140e34

    SHA256

    c2eed04088a85b931f9f51eb8692036fd12609e9fa420366feef13e2b2c0cbd3

    SHA512

    548fd70e171ebc321ca2a48ee74033107e6511e50452782658f632696a64a0b97d294d0e0e99a314460bfdf5a0d017f4644616f5f1416c623b16755fc13fe714

    Download Submit
  • C:\ProgramData\Doctor Web\Updater\repo\90\dwl\9\revision.xml
    Filesize

    5KB

    MD5

    f9525237ba6d6768afe0f49508d725a0

    SHA1

    479018a939018de59a65e73f8e6ea9156fd9b0fc

    SHA256

    e4a98b1b58dd2476df3decd3872e11c72648f5aff479abbf216054529b69a5d1

    SHA512

    4149fe8c3b56dd32ab0304c8ac0c2f1ed76c439f803dec6cbfd7cf60e88e4549fdbcbda385c8b29aa5f51ba8acdccf75b01ae6323209de5c73f6ff0fec04bb85

    Download Submit
  • C:\ProgramData\Doctor Web\Updater\repo\90\dwl\9\script.lua.lzma
    Filesize

    524B

    MD5

    a2337f03bd68392d866278b3c31d4578

    SHA1

    2f312047e6b534fadd02fbed65234a20eb9f3096

    SHA256

    e2bd01b3bb541aade542bbe4fd85f454031eb76ebff0f9088cce49a601be02f5

    SHA512

    c5845f5e67926caecaad671f787eec439cdfc60d15c400c2895e59575ff7b99bbfd9df28472cc89b09edaf32ca0bd4ac05b71fa2a00fd2ef0e64834f06bbf518

    Download Submit
  • C:\ProgramData\Doctor Web\Updater\repo\90\dwl\revisions.xml
    Filesize

    236B

    MD5

    2e9b7ede7e063715f978750d1b0943fd

    SHA1

    e5221f216f3595f2d2f9485d137eebcc076ddc13

    SHA256

    e52718d956f14bdb18cdc9c26fa95e3b4e6786aa01291dcf0de7c5df61c87217

    SHA512

    1d0a2692dde54a282a965a7090d8291962578771d213184efa7aa412da87b4e3def50538e474fb38eafb696c0c73de4aecf2f65221f0caef63804b3410df143d

    Download Submit
  • C:\ProgramData\Doctor Web\Updater\repo\90\dwprot\9\common\dwsguard32.dll.lzma
    Filesize

    69KB

    MD5

    7306308d379202292d0f6cd12c3fd501

    SHA1

    16bc9271a1a6f1ec9437a0f72bd0b49835b9a721

    SHA256

    bbe8f592f577e4e3e36137bcd3cce6522dc7d9b800debf72d5779cb851a61fcf

    SHA512

    3a24572c7c402e5ce6706a1389398d297bba4c84654cb97f76c406f8def3f8ec3e0b7ae58cb1e6b5a8a72e9e6439fb13defc5c8e608dc92ace26024bbee10883

    Download Submit
  • C:\ProgramData\Doctor Web\Updater\repo\90\dwprot\9\revision.xml
    Filesize

    1KB

    MD5

    17f394f09e47410f6beff11570e0e68e

    SHA1

    1e223237b79faef92a76b4d90e06ed082ba38875

    SHA256

    a21a077311fe36f2490d6a407ada86fa8da918ec3d3cc548585d3641390c31b7

    SHA512

    1cd63e62e976eded5e65a656af4074352076f8f16ddfe3e5395929f4176fe3f376d1dc180d142ed4708bfc6d363ce2f14f53f2c31e5af0d134b847f4251b8410

    Download Submit
  • C:\ProgramData\Doctor Web\Updater\repo\90\dwprot\9\script.lua.lzma
    Filesize

    2KB

    MD5

    5bceb7e4567223617b59edacf9a51d95

    SHA1

    8753a6f6b1606eb5a181009b48b69eb9745be7d1

    SHA256

    55a8a2193306d222d4e230a92fdb5f642aba66c8bf37909d2861caa878ad9905

    SHA512

    6254789e245b6ef97d667981b2488376536c740b12760a1282e528ce5745f4714791e554549f24ddd902bdcc644c2ec9ab39ef8cd7c24541e850867ff51a207c

    Download Submit
  • C:\ProgramData\Doctor Web\Updater\repo\90\dwprot\9\x64\win\nt\common\dwprot.sys.lzma
    Filesize

    249KB

    MD5

    eb9b4dd4de1923c64e523ef7d4deaff0

    SHA1

    9d2f387690ac7ecd696071f904e1839ec353485f

    SHA256

    301c83754752ab38d213cd83922f798db8b580b1968fc7f4d5e4f303ce8e3290

    SHA512

    6f7c4f1532792399d6178f8ffc5be770f0b3a796392f0a3770586b5ec1cc9f44866957add93e7f01224edb755fe9a628b8543db9b76a6d809ca822bdbcb0f98f

    Download Submit
  • C:\ProgramData\Doctor Web\Updater\repo\90\dwprot\9\x64\win\nt\common\dwsguard64.dll.lzma
    Filesize

    83KB

    MD5

    aeee8038de6631da6b5d74c751ce5d4e

    SHA1

    e30e11a1ce2550a5ea03e308724e5e927474cf48

    SHA256

    0710ca69286a8e58070b49f3bdeb2593d3ea8d50b77e42110d44d2e8498f8cbd

    SHA512

    c1344e70720c58b1246e998bd1eda248f855c48b424911ed24d7b9347d4ba618fe19e9a0673b9c710bc029bb3d5bd6e3352883c9dda4ba60b0a44a030d68d85c

    Download Submit
  • C:\ProgramData\Doctor Web\Updater\repo\90\dwprot\revisions.xml
    Filesize

    236B

    MD5

    2e9b7ede7e063715f978750d1b0943fd

    SHA1

    e5221f216f3595f2d2f9485d137eebcc076ddc13

    SHA256

    e52718d956f14bdb18cdc9c26fa95e3b4e6786aa01291dcf0de7c5df61c87217

    SHA512

    1d0a2692dde54a282a965a7090d8291962578771d213184efa7aa412da87b4e3def50538e474fb38eafb696c0c73de4aecf2f65221f0caef63804b3410df143d

    Download Submit
  • C:\ProgramData\Doctor Web\Updater\repo\90\help\9\common\de-drweb.chm.lzma
    Filesize

    113KB

    MD5

    a9c728370fc0efbe9b036289ec46e638

    SHA1

    0d0ba07e4a3d1b5526b1adbcc0c0ae1e626a1876

    SHA256

    bafe80fe795454946a437f63235418fdf7add845a57146df885aa559ffccfd60

    SHA512

    02ea7eb83acfbf535eeffe3b23d45e733ba6d69eb3c043c0f998b20eaacd69c7fde976f8728f07be6fafea9e66189b21f7fb5ebe8dcad0606c255a41851e839d

    Download Submit
  • C:\ProgramData\Doctor Web\Updater\repo\90\help\9\common\en-drweb.chm.lzma
    Filesize

    106KB

    MD5

    5aeb18f494e844129a31aa58a2d16411

    SHA1

    8e6f07eb0bb304eee7cc66ed1300ad40a3bee6b4

    SHA256

    32e701c7f8ff4fe1f3f7b7a58998d94c845ebadb76e86ffa9ad3d7f010868a7d

    SHA512

    e0e883fb92e98fdd3eda7f47335af347cda8d17c51c324b72e3eecf3f53f851d120c413a641263297ac5876fe8bf131ff5de03aae85e9ee81f60db07478e9a76

    Download Submit
  • C:\ProgramData\Doctor Web\Updater\repo\90\help\9\common\fr-drweb.chm.lzma
    Filesize

    112KB

    MD5

    c5f885d811f30d09727c2922eacfd835

    SHA1

    57277ce545d97046cf34f2187b6264b70571f589

    SHA256

    ebe63a58351ebe7bc54a00d0aa006ea2a91623399af2ba77a30d386ad10af503

    SHA512

    482ce180ba27be240980e0e56b23ed4d91bd74dbffc14e1e116d2ca3e9c4726bd65fb383d088b98b75dc22d9e5f366302f2c99733d444aafb0aaba593dae25cc

    Download Submit
  • C:\ProgramData\Doctor Web\Updater\repo\90\help\9\common\ja-drweb.chm.lzma
    Filesize

    116KB

    MD5

    48f186ac9d1e943cfdb70edaff45ba85

    SHA1

    8212996939676398c0d5f86ce00022ef156c6698

    SHA256

    f3f70514490166c6aa2fa32823502048f7bef193d1d5a841395699c6c5d2d775

    SHA512

    eeddb95ad6f2434d180b294b158d35f0032a4507cd4fbd2c94e1586ab590aba15603241d6a90282f72123369db50e36a9c4766bdc5f841d78505228dfd28e709

    Download Submit
  • C:\ProgramData\Doctor Web\Updater\repo\90\help\9\common\ru-drweb.chm.lzma
    Filesize

    174KB

    MD5

    38381d7cc99a4934ce54943be1d9a090

    SHA1

    273b6c27de75d3d8a90c9743c3587f8efe7c95fc

    SHA256

    bc18a275e1089cdda1088b7f10a3856d4294c4bd4cd8e85b87f2302cbc75bf09

    SHA512

    a7bd5e09d2efd7d2712a1998da785cf1d8d9ff16054b3f0db91da6e741fd7b70b5b70a4405680691c01bbbedb912181fcb8c92a7ae59a63e56d19a1fb4f905f5

    Download Submit
  • C:\ProgramData\Doctor Web\Updater\repo\90\help\9\revision.xml
    Filesize

    1KB

    MD5

    db70ee1d85a8792c2eaa7a26f9c8f74b

    SHA1

    3c2c280f04cb92d5cad31b1f2991d70f8cf0958f

    SHA256

    fd9bb67dd7c49518211e6f97ce1058cb15635ea78a4eda9696415dc619b0d570

    SHA512

    5d54043e1e0f0662144857067e32bdc01f89f4a31c76b708efb61ff648271e01ee9edb1393a6c00250d6dfc74cebc83f4388b817b353577b69244fe803c49bda

    Download Submit
  • C:\ProgramData\Doctor Web\Updater\repo\90\help\9\script.lua.lzma
    Filesize

    987B

    MD5

    9892203958ffec466d49e599d4612daa

    SHA1

    4be64e0be737b3ae7451192cd3faca74cd254918

    SHA256

    81ada52a848442e2259f2ea630a927a456ba334d056a0e5a6aa40c5850f2e71c

    SHA512

    6ee75cef3ab66e0eabbde458d0f852833fff08c224ab51857efe2280c5c6573233900f797bef96d65fbabf169f7a9129c30243de5693e507f06cb85d3947ad80

    Download Submit
  • C:\ProgramData\Doctor Web\Updater\repo\90\help\revisions.xml
    Filesize

    236B

    MD5

    2e9b7ede7e063715f978750d1b0943fd

    SHA1

    e5221f216f3595f2d2f9485d137eebcc076ddc13

    SHA256

    e52718d956f14bdb18cdc9c26fa95e3b4e6786aa01291dcf0de7c5df61c87217

    SHA512

    1d0a2692dde54a282a965a7090d8291962578771d213184efa7aa412da87b4e3def50538e474fb38eafb696c0c73de4aecf2f65221f0caef63804b3410df143d

    Download Submit
  • C:\ProgramData\Doctor Web\Updater\repo\90\katana-setup\9\common\katana-setup.exe.lzma
    Filesize

    2.4MB

    MD5

    84ce3ff29082706bb985b0ed5a5d6c0d

    SHA1

    d3b89d48b2b4ac1f78286328cc707a66a73da048

    SHA256

    eeb559d9ee1bc38efdfb882d02dbfda0bd8c81ad3e5f8533458dd0cdd3025726

    SHA512

    53c34c0f073ac9fc386a7e33d3ec13d85315068a3105c9ed498cd5e0409193cb0f5360c61363051b5617f87494cc32a520c8bf6734bb64b77e476e432124d23b

    Download Submit
  • C:\ProgramData\Doctor Web\Updater\repo\90\katana-setup\9\revision.xml
    Filesize

    749B

    MD5

    3e3d2d191716d04d3acabcb52afce16e

    SHA1

    c865b5b22487c4ac3f6540764cfd2be317a78ac4

    SHA256

    9697c2039359875346bfe503169bc3081820da10f0e2e2e12a1be7e53995b451

    SHA512

    6f5f079dbbd5edb176bc41771b6ca6adf7123c1bfdacacb0f424583b5d84b981bdbba858af29f87af1f0403960c4e1ca584012e13406e454b3f1a123d449b033

    Download Submit
  • C:\ProgramData\Doctor Web\Updater\repo\90\katana-setup\9\script.lua.lzma
    Filesize

    1KB

    MD5

    cc82c852b9bb831ff47c1ac673a59bd3

    SHA1

    3f07e3776b8672459b9e21eeb36ea9218ea176e0

    SHA256

    65ff492ea8ce1ed95f4e39d997c004d079f1d3c1e355e9c4749eef691d303d87

    SHA512

    ab0ecba04f4bd8c5b88eb178d7a73c0733059087aacfb9223efa816084cb4ddeb836d1e3a4e7244cef684c1f9d2b58a844dcccae55aa5af1d2d0bac7749d2737

    Download Submit
  • C:\ProgramData\Doctor Web\Updater\repo\90\katana-setup\revisions.xml
    Filesize

    236B

    MD5

    2e9b7ede7e063715f978750d1b0943fd

    SHA1

    e5221f216f3595f2d2f9485d137eebcc076ddc13

    SHA256

    e52718d956f14bdb18cdc9c26fa95e3b4e6786aa01291dcf0de7c5df61c87217

    SHA512

    1d0a2692dde54a282a965a7090d8291962578771d213184efa7aa412da87b4e3def50538e474fb38eafb696c0c73de4aecf2f65221f0caef63804b3410df143d

    Download Submit
  • C:\ProgramData\Doctor Web\Updater\repo\90\katana-setup\revisions.xml
    Filesize

    236B

    MD5

    2e9b7ede7e063715f978750d1b0943fd

    SHA1

    e5221f216f3595f2d2f9485d137eebcc076ddc13

    SHA256

    e52718d956f14bdb18cdc9c26fa95e3b4e6786aa01291dcf0de7c5df61c87217

    SHA512

    1d0a2692dde54a282a965a7090d8291962578771d213184efa7aa412da87b4e3def50538e474fb38eafb696c0c73de4aecf2f65221f0caef63804b3410df143d

    Download Submit
  • C:\ProgramData\Doctor Web\Updater\repo\90\products.xml
    Filesize

    1KB

    MD5

    a44d5904c1d013c49e4bdae057a6f2ca

    SHA1

    74cfdbb9bc23778c510b6617fb85efd967b6c103

    SHA256

    142768c942112ba3e7d8fbf09c5012e6a1923ab300051b5851eeb188dc34dcf4

    SHA512

    5ee3ad5fab8853fe4f3b953dc8625c1211eb5f9e3a0a08d800d9387f24f96886ebc9b6d3f776e0279bb59a0a47054948208272b4b744433f1171e3c6a30b8f53

    Download Submit
  • C:\ProgramData\Doctor Web\Updater\repo\90\spider-agent\9\revision.xml
    Filesize

    1KB

    MD5

    7e09f13dc000df42b18a28610b31eace

    SHA1

    129951474df5f303571d778aae66ef82aca796b1

    SHA256

    4def0fd7533b6ceb7ed7389c01bbf6628d0b763fcbb590aa6d7cdcfabef8473a

    SHA512

    fa262dedd923e25517112fe9b0625947ae224ef712aed985d477e60406dbd56a2b6413d5c30b1aa6c775ba3e7f789b01d75f346197cf16ff0f453776743cf1b2

    Download Submit
  • C:\ProgramData\Doctor Web\Updater\repo\90\spider-agent\9\script.lua.lzma
    Filesize

    1KB

    MD5

    73a8d2036bf1f133310889ff7ef4c400

    SHA1

    a326342810f2c9195a0f0c20efb5c9d8f1eea717

    SHA256

    28325275358d650c048450595faa28c264b68931b57ac4f42d0367e81bcec468

    SHA512

    79703fcc983e93bc7d3081de6562815c10b2b4b8b3d43e06f15ac04e00b8f40164770a75cfef5d43bf262d7e254ab4a69085ae7376a469ce62e4a0c3653185a4

    Download Submit
  • C:\ProgramData\Doctor Web\Updater\repo\90\spider-agent\9\x64\win\nt\common\spideragent.exe.lzma
    Filesize

    3.8MB

    MD5

    051bc19824463b6301c43e010fa0e79b

    SHA1

    9a9f8116e09d52fdc9b09f72a9ca3f0b69f1b181

    SHA256

    8f42bf770c2c3dcb7b300adddea87d4cd2050b8951f77ef8fb7108879fddeb2b

    SHA512

    f090777b7b5e2f9359caab390874e90ad495787ac1d8ff21f42be1c866cbfd5e686c0fdf12375438edc1ba400115586c1d22bcdef6fe0ec073deb5a6244914b4

    Download Submit
  • C:\ProgramData\Doctor Web\Updater\repo\90\spider-agent\revisions.xml
    Filesize

    236B

    MD5

    2e9b7ede7e063715f978750d1b0943fd

    SHA1

    e5221f216f3595f2d2f9485d137eebcc076ddc13

    SHA256

    e52718d956f14bdb18cdc9c26fa95e3b4e6786aa01291dcf0de7c5df61c87217

    SHA512

    1d0a2692dde54a282a965a7090d8291962578771d213184efa7aa412da87b4e3def50538e474fb38eafb696c0c73de4aecf2f65221f0caef63804b3410df143d

    Download Submit
  • C:\ProgramData\Doctor Web\Updater\repo\90\sysinfo\9\common\dwsysinfo.exe.lzma
    Filesize

    12.4MB

    MD5

    478b78446479dc7a6ea70465e7b48a50

    SHA1

    09974a76f17f726c2d11d57ae6fb91999d0ce554

    SHA256

    7644c8644d579d60e7ae7f88e588642c503d2855ed8f8b8a3e9da32a403ef53b

    SHA512

    44e2bf2e51c34ac5eb52c0372e65884cd9d9097432d685a7e7d6146dcd405cc56dd83208f399b5db1fa48e8dab13986a346683debf2bb6aeea8f1c848fa8f81b

    Download Submit
  • C:\ProgramData\Doctor Web\Updater\repo\90\sysinfo\9\revision.xml
    Filesize

    1KB

    MD5

    369180c022bfb83cac82ec902c360498

    SHA1

    c7b58c8e2ae03e3eeaffece6d61b3861280e0601

    SHA256

    56eca5cf64e80f1384f2d18d7091199b223a77f2cf7c4fdcdc8c30586b78a947

    SHA512

    d96df43341a550505116916a9af424d4ed7c56c995126dc84742abdc25cac5e931a5464adca28f1adcefd50e5fd4fa21aa8b8200a4568c4737ca7af40d2c63ac

    Download Submit
  • C:\ProgramData\Doctor Web\Updater\repo\90\sysinfo\9\script.lua.lzma
    Filesize

    331B

    MD5

    e860629b8db2db14867b7761337ee4c8

    SHA1

    1d975b5875e49928ee2ff50a17e39d60ae5d9b30

    SHA256

    295a5f0ea20b99d3d0f744a9f177136fb23ea05e6d5e29cfdcde50c20b816afe

    SHA512

    80525369fdfff035aa81e7e6d964092567735e58a44f10061ca6dd29bf768b54eae23b38cfbd4c91bdb1538f61523b556e5be959556dd2092c844647266e70d2

    Download Submit
  • C:\ProgramData\Doctor Web\Updater\repo\90\sysinfo\9\x64\win\nt\common\dwsysinfo.dll.lzma
    Filesize

    261KB

    MD5

    f2609cbd505504dfb6de4e2d6c55d9de

    SHA1

    c93d479292457bbc5f35bf02fa347c2b2fd357ba

    SHA256

    ed02f519afa2998ebbf06b64799d180407320d1ff94abff0bd8bbe63405960b9

    SHA512

    114493922e5fb6127c322abbd428a865b3a8045846ce05659f521d43ac61ca1278e53327209f60bf8665f2f4889d5ffdc187fa77ae455bcbd0a21c9b9ca9161e

    Download Submit
  • C:\ProgramData\Doctor Web\Updater\repo\90\sysinfo\revisions.xml
    Filesize

    236B

    MD5

    2e9b7ede7e063715f978750d1b0943fd

    SHA1

    e5221f216f3595f2d2f9485d137eebcc076ddc13

    SHA256

    e52718d956f14bdb18cdc9c26fa95e3b4e6786aa01291dcf0de7c5df61c87217

    SHA512

    1d0a2692dde54a282a965a7090d8291962578771d213184efa7aa412da87b4e3def50538e474fb38eafb696c0c73de4aecf2f65221f0caef63804b3410df143d

    Download Submit
  • C:\ProgramData\Doctor Web\Updater\repo\90\updater\9\common\drwzones.xml.lzma
    Filesize

    359B

    MD5

    ef6c6fa2c710eac4563ec5b33d0f6e47

    SHA1

    4b8fe71b9e6b3de74a1ef5e287f60b726300e4d5

    SHA256

    f8eeb75bf35e589df864c887f36246e2e05229edaab2ac64e0d59645dbce0161

    SHA512

    4e9e452b0c5bd06df2a7cfdbb21e9497bf9ebf166a0b1e55925c847cc0c4bf3969b0f21f5bfea4a74fc76617c4127fb6fd73fe40f844b6f76fe7838dc21b06a6

    Download Submit
  • C:\ProgramData\Doctor Web\Updater\repo\90\updater\9\revision.xml
    Filesize

    1KB

    MD5

    2d8a6cdb81c8756f29308b7e8edcc9ca

    SHA1

    654342565c1f7c4b308a3b3e368a641fb7dd3f6d

    SHA256

    d5404c911ac49519a255592a8f6105e0740198a534ebe0e193d78deec5df93cf

    SHA512

    9b42a858823d9c3298edde8d83490f228ac53c92e5635d49bb7c447550ce2b5c5ced09741049e90fceb9b21a0e0c0ab47fabd2075716c24e4443fb8efa4579bf

    Download Submit
  • C:\ProgramData\Doctor Web\Updater\repo\90\updater\9\script.lua.lzma
    Filesize

    1KB

    MD5

    fa4f4a433dd5241b76e10bab3fc1ea00

    SHA1

    788152473abaa7241f25de7bf41d90ec0dda2ea8

    SHA256

    8c2ee7791ebe61aad9b7f2e0acd6ab0994706bda616fdfb64c9f60399576cbb9

    SHA512

    01a321832ce6fdea61ad95c1ab8ff9a678325dbf60b1bb61db6ef4ce887c6b28457e20fc0e6e03441d14b62cf101ce09a4ff26c139ac4dd39cbf74f04e8fc0ec

    Download Submit
  • C:\ProgramData\Doctor Web\Updater\repo\90\updater\9\x64\win\nt\common\drwupsrv.exe.lzma
    Filesize

    2.0MB

    MD5

    b9fb552d405e69612dc00712246fe16d

    SHA1

    38625b1379d89e807a015abbdd622f19df8dfe01

    SHA256

    a588302c2a397d473f93fefd69499291d12e5bd2a2aa781efecb6abca7eee73b

    SHA512

    2721b49d57b7b15e582a281196c22722be03eb7ae6a19a33ff9a829efd080dd2a3b1bd0b4184d4025c2fe51aef31bf6ce3865ae855c53f35e431b463f81ff0d4

    Download Submit
  • C:\ProgramData\Doctor Web\Updater\repo\90\updater\revisions.xml
    Filesize

    236B

    MD5

    2e9b7ede7e063715f978750d1b0943fd

    SHA1

    e5221f216f3595f2d2f9485d137eebcc076ddc13

    SHA256

    e52718d956f14bdb18cdc9c26fa95e3b4e6786aa01291dcf0de7c5df61c87217

    SHA512

    1d0a2692dde54a282a965a7090d8291962578771d213184efa7aa412da87b4e3def50538e474fb38eafb696c0c73de4aecf2f65221f0caef63804b3410df143d

    Download Submit
  • C:\ProgramData\Doctor Web\Updater\repo\script.lua.lzma
    Filesize

    9KB

    MD5

    c5cd9bf0fdeba147c85075cd981d61e1

    SHA1

    71222d789cf86dfbf728e76e42acf168a4e5cad1

    SHA256

    56c06faa87d9064eabb6ca89e5f8f1025c689d8adf025235d670b739d5c770cd

    SHA512

    2905108fd109a09bf34bb94d1fbdda02af6ef23a5c627f36247f8b2e119fe73dbaa0f4ea121015cd77d68096cca097f8d700b295740af1ff9dedf94b0ffc4621

    Download Submit
  • C:\ProgramData\Doctor Web\Updater\repo\versions.xml
    Filesize

    2KB

    MD5

    674965d7142de890e2c0cc241cb43734

    SHA1

    908ea8e7022ec596e40acdd7767e3c5f590ea273

    SHA256

    b2ac1c67067b71890d2b74e9c6583fbf02f43e6a7e990972bae14a8231bf6f8c

    SHA512

    585f8a7ff8b55f2011d3208eb40fb14ca4ac39254e7e6c34f95f01c77106f6e124abca44d02897ba94ac74d055d40210357da1ac515f7672a5ad0231c27b2634

    Download Submit
  • C:\ProgramData\Doctor Web\certcache\authroot.stl
    Filesize

    161KB

    MD5

    be2bec6e8c5653136d3e72fe53c98aa3

    SHA1

    a8182d6db17c14671c3d5766c72e58d87c0810de

    SHA256

    1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

    SHA512

    0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\33D2F114-6619DD6A-3C1EFD66-C094200D\drwupsrv.exe
    Filesize

    7.6MB

    MD5

    4a482dc20f7e3f4bd091929014788bfe

    SHA1

    8e9014d89b3e9b433b7c38cf7b2aec77efe3d3dc

    SHA256

    f817e511bb03d33e15f96935774fb35c1b8d368abe81eca50944086275338105

    SHA512

    332fd24d9a20789f4e35a5167a0f9f446c480c69b47b6295c3c78eabe1e46c9cbda64a4024e95b2ac4a46ded1a11cf854d719a497a3f25e72df91d8e45b048fd

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\33D2F114-6619DD6A-3C1EFD66-C094200D\drwupsrv.exe
    Filesize

    7.6MB

    MD5

    4a482dc20f7e3f4bd091929014788bfe

    SHA1

    8e9014d89b3e9b433b7c38cf7b2aec77efe3d3dc

    SHA256

    f817e511bb03d33e15f96935774fb35c1b8d368abe81eca50944086275338105

    SHA512

    332fd24d9a20789f4e35a5167a0f9f446c480c69b47b6295c3c78eabe1e46c9cbda64a4024e95b2ac4a46ded1a11cf854d719a497a3f25e72df91d8e45b048fd

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\33D2F114-6619DD6A-3C1EFD66-C094200D\drwupsrv.exe
    Filesize

    7.6MB

    MD5

    4a482dc20f7e3f4bd091929014788bfe

    SHA1

    8e9014d89b3e9b433b7c38cf7b2aec77efe3d3dc

    SHA256

    f817e511bb03d33e15f96935774fb35c1b8d368abe81eca50944086275338105

    SHA512

    332fd24d9a20789f4e35a5167a0f9f446c480c69b47b6295c3c78eabe1e46c9cbda64a4024e95b2ac4a46ded1a11cf854d719a497a3f25e72df91d8e45b048fd

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\33D2F114-6619DD6A-3C1EFD66-C094200D\katana-setup.exe
    Filesize

    7.9MB

    MD5

    e5cac0467169d34fcee3c86595c570bc

    SHA1

    ba851755bee82c83d412f162250717d23732bf5d

    SHA256

    c2d6af0faa19f65e9df16d761a892a50c3736bb4563a2981e1e69e1da2739d17

    SHA512

    0b483a88c78d1da2b2f9ada572e7a7d8be287a02f7da2646f5d8dbfffea48cdea2dd661864bc87de29939f65543ef2bb52fa092b614bfd23802daf2d872f7266

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\33D2F114-6619DD6A-3C1EFD66-C094200D\katana-setup.exe
    Filesize

    7.9MB

    MD5

    e5cac0467169d34fcee3c86595c570bc

    SHA1

    ba851755bee82c83d412f162250717d23732bf5d

    SHA256

    c2d6af0faa19f65e9df16d761a892a50c3736bb4563a2981e1e69e1da2739d17

    SHA512

    0b483a88c78d1da2b2f9ada572e7a7d8be287a02f7da2646f5d8dbfffea48cdea2dd661864bc87de29939f65543ef2bb52fa092b614bfd23802daf2d872f7266

    Download Submit
  • \Device\NamedPipe\55EA4A7BE6A9318703D3CA7F57EB80756CA7E5CC399E8F1A680A9D6A669C9339F16FC891E09323758EAFC70253B50D4DAB400B0AD43B3C3D7D76075568276CCE
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit
  • memory/1808-2047-0x0000024E6E8D0000-0x0000024E6E8D1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1808-2123-0x0000024E6E8D0000-0x0000024E6E8D1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1808-2144-0x00000256792A0000-0x0000025679757000-memory.dmp
    Filesize

    4.7MB

    Download
  • memory/1808-2148-0x00000256792A0000-0x0000025679757000-memory.dmp
    Filesize

    4.7MB

    Download
  • memory/4528-1553-0x00000285DC8C0000-0x00000285DC8C1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4528-1550-0x00000285DC8C0000-0x00000285DC8C1000-memory.dmp
    Filesize

    4KB

    Download