Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

YandexPackLoader.exe

windows7-x64

8

YandexPackLoader.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    173s
  • max time network
    224s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/10/2023, 19:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    YandexPackLoader.exe

  • Size

    225KB

  • MD5

    01ea31ab9a1e85bb8c1daf2cce794959

  • SHA1

    79819879e2528f7fa9f96e483ee62d9e52f0b3b8

  • SHA256

    e29a70f912b9fe5386251559765e52b671992220d374e36fe6fa21f7386d4b11

  • SHA512

    3871fa0ef24036fe893e5aa60f2171659404fb154566094875716e2f0f218915f0a862b62ce712d1af7d6ba8537c10ee12c9f79d2850408ae3f7c018c46376c6

  • SSDEEP

    3072:E8y0es/5skqFTMv4hQC2mC4UAONfvoxPQc5VAACDMVg38qA2KGEF+KnVW8itdlMI:zb/skqFTqJHUPQQVAA9TUtXFWz

Score
8/10
discoverypersistencespywarestealer

Malware Config

Signatures

  • Downloads MZ/PE file
  • Modifies Installed Components in the registry 2 TTPs 3 IoCs
    persistence
  • Checks computer location settings 2 TTPs 5 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 8 IoCs
  • Loads dropped DLL 10 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 29 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 64 IoCs
  • Drops file in Windows directory 17 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 56 IoCs
    adwarespyware
  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
    stealer
  • Modifies registry class 55 IoCs
  • Modifies system certificate store 2 TTPs 3 IoCs
    evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 54 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 30 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\YandexPackLoader.exe
    "C:\Users\Admin\AppData\Local\Temp\YandexPackLoader.exe"
    1⤵
    • Checks computer location settings
    • Modifies system certificate store
    • Suspicious use of WriteProcessMemory
    PID:3832
    • C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe
      "C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe" /passive /msicl "VID=492 YABROWSER=y YAHOMEPAGE=y YAQSEARCH=y "
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      PID:3792
    • C:\Users\Admin\AppData\Local\Temp\YandexPackLoader.exe
      C:\Users\Admin\AppData\Local\Temp\YandexPackLoader.exe --stat dwnldr/p=26985/cnt=0/dt=3/ct=0/rt=0 --dh 2292 --st 1697226302
      2⤵
        PID:1192
    • C:\Windows\system32\msiexec.exe
      C:\Windows\system32\msiexec.exe /V
      1⤵
      • Enumerates connected drives
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:4588
      • C:\Windows\syswow64\MsiExec.exe
        C:\Windows\syswow64\MsiExec.exe -Embedding 0E01A94A6CD94C858B4C5D81F36BE2D6
        2⤵
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:4616
        • C:\Users\Admin\AppData\Local\Temp\0E543C92-0C39-4D49-921F-8082B07FF1AB\lite_installer.exe
          "C:\Users\Admin\AppData\Local\Temp\0E543C92-0C39-4D49-921F-8082B07FF1AB\lite_installer.exe" --use-user-default-locale --silent --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/5/ --YABROWSER
          3⤵
          • Executes dropped EXE
          • Drops file in System32 directory
          • Suspicious behavior: EnumeratesProcesses
          PID:2572
        • C:\Users\Admin\AppData\Local\Temp\CA9E5DFD-AA14-41D6-A926-FDE1AA73C6A1\seederexe.exe
          "C:\Users\Admin\AppData\Local\Temp\CA9E5DFD-AA14-41D6-A926-FDE1AA73C6A1\seederexe.exe" "--yqs=y" "--yhp=y" "--ilight=" "--oem=" "--nopin=n" "--pin_custom=n" "--pin_desktop=n" "--pin_taskbar=y" "--locale=us" "--browser=y" "--browser_default=" "--loglevel=trace" "--ess=" "--clids=C:\Users\Admin\AppData\Local\Temp\clids-yasearch.xml" "--sender=C:\Users\Admin\AppData\Local\Temp\39668941-2BE7-492C-AE08-285CC0C13B04\sender.exe" "--is_elevated=yes" "--ui_level=3" "--good_token=x" "--no_opera=n"
          3⤵
          • Executes dropped EXE
          • Modifies Internet Explorer settings
          • Modifies Internet Explorer start page
          • Modifies registry class
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:3172
          • C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe
            C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe --silent --pin-taskbar=y --pin-desktop=n
            4⤵
            • Checks computer location settings
            • Executes dropped EXE
            • Modifies registry class
            • Suspicious use of WriteProcessMemory
            PID:5804
            • C:\Users\Admin\AppData\Local\Temp\pin\explorer.exe
              C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe --silent --pin-taskbar=y --pin-desktop=n /pin-path="C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.lnk" --is-pinning
              5⤵
              • Checks computer location settings
              • Executes dropped EXE
              • Modifies registry class
              • Suspicious use of FindShellTrayWindow
              PID:2356
          • C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe
            C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe --silent --pin-taskbar=y --pin-desktop=n /website-path="C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\Taskbar\Яндекс Маркет.website" /icon-path="C:\Users\Admin\AppData\Local\MICROS~1\INTERN~1\Services\MARKET~1.ICO" /site-id="2AE68B04.8A85F169"
            4⤵
            • Checks computer location settings
            • Executes dropped EXE
            • Modifies registry class
            • Suspicious use of WriteProcessMemory
            PID:1172
            • C:\Users\Admin\AppData\Local\Temp\pin\explorer.exe
              C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe --silent --pin-taskbar=y --pin-desktop=n /website-path="C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\Taskbar\Яндекс Маркет.website" /icon-path="C:\Users\Admin\AppData\Local\MICROS~1\INTERN~1\Services\MARKET~1.ICO" /site-id="2AE68B04.8A85F169" /pin-path="C:\Users\Admin\AppData\Local\Yandex\YaPin\2AE68B04.8A85F169\Яндекс Маркет.lnk" --is-pinning
              5⤵
              • Checks computer location settings
              • Executes dropped EXE
              • Modifies registry class
              • Suspicious use of FindShellTrayWindow
              PID:6844
          • C:\Users\Admin\AppData\Local\Temp\39668941-2BE7-492C-AE08-285CC0C13B04\sender.exe
            C:\Users\Admin\AppData\Local\Temp\39668941-2BE7-492C-AE08-285CC0C13B04\sender.exe --send "/status.xml?clid=2413851-492&uuid=4975dcf6-2c5c-4293-98d6-6cd10028ddec&vnt=Windows 10x64&file-no=8%0A10%0A11%0A12%0A13%0A15%0A17%0A18%0A20%0A21%0A22%0A25%0A36%0A38%0A40%0A42%0A43%0A45%0A57%0A59%0A89%0A102%0A103%0A111%0A123%0A124%0A125%0A129%0A"
            4⤵
            • Executes dropped EXE
            • Suspicious behavior: EnumeratesProcesses
            PID:5356
    • C:\Windows\system32\werfault.exe
      werfault.exe /h /shared Global\8d59b60c73c74021b1e5caa06b15e680 /t 3388 /p 3324
      1⤵
        PID:6580
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Modifies Installed Components in the registry
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        PID:6280
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:8828
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:3648
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Modifies Installed Components in the registry
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:6284
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:4624
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Modifies Installed Components in the registry
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        • Suspicious use of SendNotifyMessage
        PID:7352
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:4452
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:7364
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
          PID:5692
        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
          1⤵
            PID:8200
          • C:\Windows\explorer.exe
            explorer.exe
            1⤵
              PID:8628
            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
              1⤵
                PID:3304
              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                1⤵
                  PID:1084
                • C:\Windows\explorer.exe
                  explorer.exe
                  1⤵
                    PID:9188
                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                    1⤵
                      PID:3100
                    • C:\Windows\explorer.exe
                      explorer.exe
                      1⤵
                        PID:6008
                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                        1⤵
                          PID:3612
                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                          1⤵
                            PID:6972
                          • C:\Windows\explorer.exe
                            explorer.exe
                            1⤵
                              PID:5500

                            Network

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\357F04AD41BCF5FE18FCB69F60C6680F_EBD7B8AF3A6D56C51CDE1B85E8C855A8
                              Filesize

                              1KB

                              MD5

                              20933125b7902b56ef72819830463fcc

                              SHA1

                              d1d5238f62dbb1e5d6eafd5c3cf825d74951c71b

                              SHA256

                              dad00325a7735926c69ce1fd9a1b58234200c808ee2339ff057149d97f32e091

                              SHA512

                              b5b8f756ac08b62b34abc45f778438325c526b32401bfeee840b227cfd29289ec0e76022be321abfaa73758f86e43c7099afe36177cc217e7795e7919c0a711e

                              Download Submit

                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E
                              Filesize

                              1KB

                              MD5

                              7a7d6b894cfc2ad2dc677efb5bb5281b

                              SHA1

                              6f2390fae3bc312073538a8ae436d86951f89a52

                              SHA256

                              0a2f12f394e56a4624d41f89d0041ce1037f6af0a7dac3420ea9c6463efd5410

                              SHA512

                              a3ddd8526ca87d0015594eaede14d59c4d5c9f7ed0d3c50594100820403e176735ec623c3dde41517e426254a66fd4482e91321b3a038a899f87afcfbaca835c

                              Download Submit

                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\357F04AD41BCF5FE18FCB69F60C6680F_EBD7B8AF3A6D56C51CDE1B85E8C855A8
                              Filesize

                              540B

                              MD5

                              d207769852ecc5d3c5f79003991319b6

                              SHA1

                              5e28faaec809f216269846a84e378c2b0e0bfab9

                              SHA256

                              1727e0f825345604ebbabc403b44e0a7be1909f426f2bd3b1c78b7d975ef95a3

                              SHA512

                              64d699dafe26bf8c7c567a147b0b5dd697a6a19ee9a9910602bd475b32e7e28a31954c6141cb651d14ba208fea862ef13c18b2395f43f976d8f173fa10513c93

                              Download Submit

                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53
                              Filesize

                              412B

                              MD5

                              d8ba83c091fd288c61ab64d07ee27512

                              SHA1

                              318a73f30ccf02f60f083949c566aa7eea01d167

                              SHA256

                              3c57f73fe78e77986a76a65ef102c8fed0c3d5d55bc0193dc1d9c70f5387e338

                              SHA512

                              1a9ef539d5c073c27b88d71bc35385ea9695cb9ff8a58d802f418e121f7801b8287703b9c54d769a00bb81da55052b6e848084c2b96a0f5a2fb3af134802738a

                              Download Submit

                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E
                              Filesize

                              536B

                              MD5

                              b5b4acb3999b19b55f9b79608dd2f742

                              SHA1

                              8804f8183eeebcde4ddceafd47e9007d49cff066

                              SHA256

                              ad490ce721fb053bb84d62f769f94a640a38041013a3c67a112b34436754ea4b

                              SHA512

                              1b98eaa3cd8354d7bd4c4757b42760aa77a3b6a1cc977047b49dbe1a9cc84e30d1280e52f0016b6f69209e9fabe298f266951daf2aa55af3bf97dc4bd0b4260e

                              Download Submit

                            • C:\Users\Admin\AppData\Local\MICROS~1\INTERN~1\Services\MARKET~1.ICO
                              Filesize

                              9KB

                              MD5

                              037dcb9f2d8c769d7b9e362fedd36e84

                              SHA1

                              8019da23adf7b4baa2b4a0e615b9167f8d2aa984

                              SHA256

                              ac03c5b69ffe00e7937efa6917d2a4212ddb2f6e911aeba54461fe8c59de53f2

                              SHA512

                              c219b4c9c8077fe028fe863046f528ef389953878ec111f8cb9b00aaef74efc0ec428c930bdc5298bd5439afac81de5c9ec09c57a659f7e8ba263e509daed718

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Services\market.yandex.ru.ico
                              Filesize

                              9KB

                              MD5

                              037dcb9f2d8c769d7b9e362fedd36e84

                              SHA1

                              8019da23adf7b4baa2b4a0e615b9167f8d2aa984

                              SHA256

                              ac03c5b69ffe00e7937efa6917d2a4212ddb2f6e911aeba54461fe8c59de53f2

                              SHA512

                              c219b4c9c8077fe028fe863046f528ef389953878ec111f8cb9b00aaef74efc0ec428c930bdc5298bd5439afac81de5c9ec09c57a659f7e8ba263e509daed718

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Services\www.ya.ru.ico
                              Filesize

                              5KB

                              MD5

                              534409dface053e62660de921ddc600d

                              SHA1

                              bd3dcb399327b1d5a2d53ab24e0217d9f524ab62

                              SHA256

                              38a3749cdb839c84168f23a9ee46cfd73d482e923bf2c6b4339184b4c93f91fb

                              SHA512

                              f58d2192660472e7cfb3c139c145c37f52aba993e2035afebe729a4ba08cf000d18f58cf20d77239cfad3adc278843238307fd0fba96c387e3f4cbbe84cd6b95

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uzw33i5d.default-release\thumbnails\510d28d77d047b22e2294e1184af47ab
                              Filesize

                              6KB

                              MD5

                              e05d28ab78d61968a7132eafe61f54b4

                              SHA1

                              dcf260ab7cdea7b6fc934e54765c964c1a20bd36

                              SHA256

                              cbd302b0ea2218f495b9f0a814f34733f2c5f13a6634d74c6e85a5c0863b5621

                              SHA512

                              ebea612bf803692fa3c7b2573c58f2e43fba0f7039e01b57203978cf69b6f8ca538b563791a760a7e901bb5e392879bd57bdbdb69b6a3781a3886fc0c01eddc0

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uzw33i5d.default-release\thumbnails\8abced873e967af40960f7846b44c2a3
                              Filesize

                              15KB

                              MD5

                              af80a936c10e18de168538a0722d6319

                              SHA1

                              9b1c84a1cf7330a698c89b9d7f33b17b4ba35536

                              SHA256

                              2435c0376fca765b21d43e897f4baa52daa0958a7015d04103488c606c99d1d3

                              SHA512

                              9a1325c8ce05806e5c161a4cf47239f62baad8f79650fbd713e74928fce8171ced10ba7f24fac46c548e1dbf3f64106270cb25ca88c836c870107f5dc1f97879

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\ANTV7B43\microsoft.windows[1].xml
                              Filesize

                              96B

                              MD5

                              4114b63fafc98d9307dc8bfae1c379cd

                              SHA1

                              8959adf99facaf14c6be813470286c448b0e0b44

                              SHA256

                              f93f1cffd4688bc4cd9e3dfb2ee84a1f53f40d966cab8542c5863906faaf197f

                              SHA512

                              51eb95339b914b6674922ad2635a193ae1fb1d008c35f03cc8664c46e4f124389a884d7854268c90ac7883102f9a98483e0019a269070b7d6a96fcc70c937723

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\0E543C92-0C39-4D49-921F-8082B07FF1AB\lite_installer.exe
                              Filesize

                              418KB

                              MD5

                              372dd1f1a276a02aa9fbc0435bc9081d

                              SHA1

                              258091e03a5eb6c10b242444aa9f8a449212861d

                              SHA256

                              5fe9db11665ab3877380a68e19b20e0567a8e2ce888f36c15c188d117ecdc59c

                              SHA512

                              640cd883835558a7dcd8c1d8eaf5b87f71341f9ddb2bae83c76d991a3d80b62782e454bf3db74cf16b3dd5952ced213202d8049d5a8efe860930eebd35de9ba9

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\39668941-2BE7-492C-AE08-285CC0C13B04\sender.exe
                              Filesize

                              259KB

                              MD5

                              e3057443a704b797124507b9cefdece8

                              SHA1

                              3fdc3be05efc7038023fa93544d675a2d5b9cbae

                              SHA256

                              393f94297e3a2e4ffd771323bcaf8b59ebb57cb29a773a18917e7c0c9a9ecf50

                              SHA512

                              62e608324bfc7d05ccb6025d39c96ac9328accd465a11e7fb636fffe7f1fe89c6f9a956778fafc97b70165058fcf903de5ae09847cc286ddc58a7aed6b2c2291

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\39668941-2BE7-492C-AE08-285CC0C13B04\sender.exe
                              Filesize

                              259KB

                              MD5

                              e3057443a704b797124507b9cefdece8

                              SHA1

                              3fdc3be05efc7038023fa93544d675a2d5b9cbae

                              SHA256

                              393f94297e3a2e4ffd771323bcaf8b59ebb57cb29a773a18917e7c0c9a9ecf50

                              SHA512

                              62e608324bfc7d05ccb6025d39c96ac9328accd465a11e7fb636fffe7f1fe89c6f9a956778fafc97b70165058fcf903de5ae09847cc286ddc58a7aed6b2c2291

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\51c8caa4-3172-4c24-8e79-929421be25a4\sovetnik-at-metabar.json
                              Filesize

                              1KB

                              MD5

                              5a40649cf7f6923e1e00e67a8e5fc6c8

                              SHA1

                              fc849b64b31f2b3d955f0cb205db6921eacc1b53

                              SHA256

                              6d432ba7096090837f9533a33a686c846ad67aed8ecc43af7ce8af42649cd51a

                              SHA512

                              0fc42a2cc61528b14478f4b9ae098ea90e6b05ddbe10f3a6cdd6326d0d8e6185b49d2b8143b76a9f329bdc277cf02b54d98f374edd65df68a1ffc41e1c817786

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\51c8caa4-3172-4c24-8e79-929421be25a4\sovetnik-at-metabar.xpi
                              Filesize

                              688KB

                              MD5

                              ab6d42f949df8d7e6a48c07e9b0d86e0

                              SHA1

                              1830399574b1973e2272e5dcc368c4c10dbbe06b

                              SHA256

                              205ebf52c47b42fa0ad1a734a1d882d96b567e15a32b19bdb907562db8ea09e2

                              SHA512

                              6c4f9bb726384c87b6523e08339f7821ad4ec8717b26db902ca51df74eb89b46e4ded1504a131683b07b2bba3e6e911a549a8a83b2aad3971047c0fe315a1ad5

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe
                              Filesize

                              10.1MB

                              MD5

                              09c4c94e349a13f32c47e2142f2cde5f

                              SHA1

                              0c5cc67f3e9aac1b6f0aef1f47d6c2922973c4ce

                              SHA256

                              87820f328ed3370c45efef63b652a9faa125627037f0585c0f6aea0a97b1063f

                              SHA512

                              cf6a77ddd643c122510afab8ba08491100fb7086ce6c5fd5c74de7a6246fa26cae7b904558a7dc159f11cfeac86242cf18aeec9445113c45b912096c15ead5d7

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe
                              Filesize

                              10.1MB

                              MD5

                              09c4c94e349a13f32c47e2142f2cde5f

                              SHA1

                              0c5cc67f3e9aac1b6f0aef1f47d6c2922973c4ce

                              SHA256

                              87820f328ed3370c45efef63b652a9faa125627037f0585c0f6aea0a97b1063f

                              SHA512

                              cf6a77ddd643c122510afab8ba08491100fb7086ce6c5fd5c74de7a6246fa26cae7b904558a7dc159f11cfeac86242cf18aeec9445113c45b912096c15ead5d7

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe
                              Filesize

                              10.1MB

                              MD5

                              09c4c94e349a13f32c47e2142f2cde5f

                              SHA1

                              0c5cc67f3e9aac1b6f0aef1f47d6c2922973c4ce

                              SHA256

                              87820f328ed3370c45efef63b652a9faa125627037f0585c0f6aea0a97b1063f

                              SHA512

                              cf6a77ddd643c122510afab8ba08491100fb7086ce6c5fd5c74de7a6246fa26cae7b904558a7dc159f11cfeac86242cf18aeec9445113c45b912096c15ead5d7

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\CA9E5DFD-AA14-41D6-A926-FDE1AA73C6A1\seederexe.exe
                              Filesize

                              8.6MB

                              MD5

                              fb78961f07684303b0aec02666df3e0b

                              SHA1

                              208a69979a7af92736cda71c5762bf62fe9c32c4

                              SHA256

                              cd80b890380b4c8658c2ee752574a7872f14f07ef107e9f53394d6fd912157ce

                              SHA512

                              fb3f27fdcd14a450f5043ac49c6520a451b5acc76be15c4c5e22f69dad1e6b852e7dd07fcb9509bdb138ce17bc032801642eb9727c524ff078379d1c7fc139c1

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\YandexSearch00000.log
                              Filesize

                              2KB

                              MD5

                              ba7435092ac31eb166aafbaa833c7b4d

                              SHA1

                              4ae54310b7b69260fe71add36d09928405ca3448

                              SHA256

                              ba4fb9855d84206bda393c32f820192a25cc2caa63f100fd34ad67297039756c

                              SHA512

                              e57c508b6ed06ca73075fbebb30ca083ba958ff931eaf235a6143e25fee1e59e05245f025eda777c739db6f3b25381561179f57b6735b8eef63e9d16c4bd00f5

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\clids-yasearch.xml
                              Filesize

                              710B

                              MD5

                              8405c223d9a7662a05f5080af24c08a7

                              SHA1

                              e4b79bde999684b133f3844ca29844e1b6b16205

                              SHA256

                              cd116354be643995bde37ba33fd462a5eea94f8c02b39ae3b7d8979a0551561f

                              SHA512

                              71da09ebe5af7ca9a7b35989f99aa888e6413ead27c19d588c8123a35c5328fd0144112fcf3f914c53b122e71cfc48ddce16efa077974a15bc1d8d495ba40913

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\omnija-20235515.zip
                              Filesize

                              41.3MB

                              MD5

                              1d6cfd7db58008d1b44328c5a3a4220c

                              SHA1

                              8e8304bfd7a73b9ae8415b6cbd273e612868a2b2

                              SHA256

                              915e46dcc29d6fee123c4b8e88d846ac95ffd4a6f4eb956dc882d305ee1b8256

                              SHA512

                              4c17160aa83abeff897462f981226902dd6694817ad95f246511fc63c637bdffa0989a3db00c4309fa673a13b4993c509df538ddad482d1be8b4058749ee93f2

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\pin\explorer.exe
                              Filesize

                              397KB

                              MD5

                              1e64bdf002fa6dcae92e0b9ae4283867

                              SHA1

                              8db18047e35e77ca365a1da1648918fb710979c6

                              SHA256

                              dec6ed68c43845defcc2031c8e8da56fd6e2a476e2d5a2ea204c92b82d559bab

                              SHA512

                              b3207a4d10e07d97041bb471ba3f80e46dd70f2037ebc1a012b74943de4e78c5a5a2f5fb4c0a86615db34280b0d9f39a3f98f7b7734a7bf9fc29f41dd1bca1e2

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\pin\explorer.exe
                              Filesize

                              397KB

                              MD5

                              1e64bdf002fa6dcae92e0b9ae4283867

                              SHA1

                              8db18047e35e77ca365a1da1648918fb710979c6

                              SHA256

                              dec6ed68c43845defcc2031c8e8da56fd6e2a476e2d5a2ea204c92b82d559bab

                              SHA512

                              b3207a4d10e07d97041bb471ba3f80e46dd70f2037ebc1a012b74943de4e78c5a5a2f5fb4c0a86615db34280b0d9f39a3f98f7b7734a7bf9fc29f41dd1bca1e2

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\vendor00000.xml
                              Filesize

                              509B

                              MD5

                              acf25161939158170c79914fbebcb1fc

                              SHA1

                              cddba46d59f2e28f689af5d7f0f7a5e7c04a5396

                              SHA256

                              630b733cbeb403100d4c288f345962ff201cbe2742605b8d328c018556fc6df8

                              SHA512

                              c90fe4fd3670cc68ae707bff3e5d16c3e2c79f64adf4ef5c8746c93c71d326a5b9d19ff8daeee6c2bdc91fed3fd2e794977871a63b2b788e5ca516d25bf51a40

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\{5B964E0E-B9A3-4276-9ED9-4D5A5720747A}\YandexSearch.msi
                              Filesize

                              9.8MB

                              MD5

                              a6a25e4f8d7f8911185c5ec0f4689702

                              SHA1

                              258197ebb8a04f9a84b16b9ec83a2800e4894614

                              SHA256

                              7b7c21632a558796985275f7c5d06738c059572b51831e159a71765c36a371d0

                              SHA512

                              a271f4896d9dcedf192a841b05976ba08c6ad5e6ad890725fceb68977461d55b36f4d2af8e209c3ffa04660558e2e94d7ea7e7dc5911bbc9ac1490dde2426992

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\{F93796EC-1AC9-4248-B365-79D988F2413B}.exe
                              Filesize

                              4.9MB

                              MD5

                              8c5fe3369489e8d0e18ece44871f2a5f

                              SHA1

                              4f7efc2ef8ae71eeb66df7f842f11e60b22b4a0b

                              SHA256

                              3f8cfa3522799a189e613d4a283b3e5fb27c532dbb3f22dfb0338a314d0be7c9

                              SHA512

                              7927fa071e949a1a757b01094cf7333b0fda766ae94f1e35fd7acdc58d7034b58c7ebcccd2e2b26cf1e98d57da2d2d06128c83772564bd9872f1a7c8fc05b46f

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Yandex\YaPin\2AE68B04.8A85F169\2AE68B04.exe
                              Filesize

                              397KB

                              MD5

                              1e64bdf002fa6dcae92e0b9ae4283867

                              SHA1

                              8db18047e35e77ca365a1da1648918fb710979c6

                              SHA256

                              dec6ed68c43845defcc2031c8e8da56fd6e2a476e2d5a2ea204c92b82d559bab

                              SHA512

                              b3207a4d10e07d97041bb471ba3f80e46dd70f2037ebc1a012b74943de4e78c5a5a2f5fb4c0a86615db34280b0d9f39a3f98f7b7734a7bf9fc29f41dd1bca1e2

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Yandex\YaPin\2AE68B04.8A85F169\Яндекс Маркет.lnk
                              Filesize

                              2KB

                              MD5

                              e950bee9f655648fe775993039be87e8

                              SHA1

                              c6a680c1ca91f7173136e0241ff1cf6729a1cc92

                              SHA256

                              77c05429f5b8cc83f79e575920b0d92383d40ed9fda6bb75174528ae26e65241

                              SHA512

                              8bfc189880280e2a071d5c3c7889170038b190677696fd6b2639bd57f902da3a416ed1cd78430a8dae147361ab672947f21dfff6056037b5f7e0ca7fb9525d0b

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Yandex\YaPin\2AE68B04.8A85F169\Яндекс Маркет.lnk
                              Filesize

                              2KB

                              MD5

                              e950bee9f655648fe775993039be87e8

                              SHA1

                              c6a680c1ca91f7173136e0241ff1cf6729a1cc92

                              SHA256

                              77c05429f5b8cc83f79e575920b0d92383d40ed9fda6bb75174528ae26e65241

                              SHA512

                              8bfc189880280e2a071d5c3c7889170038b190677696fd6b2639bd57f902da3a416ed1cd78430a8dae147361ab672947f21dfff6056037b5f7e0ca7fb9525d0b

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe
                              Filesize

                              397KB

                              MD5

                              1e64bdf002fa6dcae92e0b9ae4283867

                              SHA1

                              8db18047e35e77ca365a1da1648918fb710979c6

                              SHA256

                              dec6ed68c43845defcc2031c8e8da56fd6e2a476e2d5a2ea204c92b82d559bab

                              SHA512

                              b3207a4d10e07d97041bb471ba3f80e46dd70f2037ebc1a012b74943de4e78c5a5a2f5fb4c0a86615db34280b0d9f39a3f98f7b7734a7bf9fc29f41dd1bca1e2

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe
                              Filesize

                              397KB

                              MD5

                              1e64bdf002fa6dcae92e0b9ae4283867

                              SHA1

                              8db18047e35e77ca365a1da1648918fb710979c6

                              SHA256

                              dec6ed68c43845defcc2031c8e8da56fd6e2a476e2d5a2ea204c92b82d559bab

                              SHA512

                              b3207a4d10e07d97041bb471ba3f80e46dd70f2037ebc1a012b74943de4e78c5a5a2f5fb4c0a86615db34280b0d9f39a3f98f7b7734a7bf9fc29f41dd1bca1e2

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe
                              Filesize

                              397KB

                              MD5

                              1e64bdf002fa6dcae92e0b9ae4283867

                              SHA1

                              8db18047e35e77ca365a1da1648918fb710979c6

                              SHA256

                              dec6ed68c43845defcc2031c8e8da56fd6e2a476e2d5a2ea204c92b82d559bab

                              SHA512

                              b3207a4d10e07d97041bb471ba3f80e46dd70f2037ebc1a012b74943de4e78c5a5a2f5fb4c0a86615db34280b0d9f39a3f98f7b7734a7bf9fc29f41dd1bca1e2

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.lnk
                              Filesize

                              2KB

                              MD5

                              97ee4a1d34086175a6a57ce307a4c5de

                              SHA1

                              cb36872f2be5994c7ecc4426d95ee38729060267

                              SHA256

                              ea9cd154b07f74933c230efb98a4a403d0f1a4e51a29d34eb37849a785b1cb1f

                              SHA512

                              55b53638670a79587540dd888d0a6b646988dada6738bcd79622943c4d719cb95524edd8075fef7e8945246caf5c953053e4cd3d95709e12064e0b4811054686

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.lnk
                              Filesize

                              2KB

                              MD5

                              97ee4a1d34086175a6a57ce307a4c5de

                              SHA1

                              cb36872f2be5994c7ecc4426d95ee38729060267

                              SHA256

                              ea9cd154b07f74933c230efb98a4a403d0f1a4e51a29d34eb37849a785b1cb1f

                              SHA512

                              55b53638670a79587540dd888d0a6b646988dada6738bcd79622943c4d719cb95524edd8075fef7e8945246caf5c953053e4cd3d95709e12064e0b4811054686

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Yandex\YaPin\YandexWorking.exe
                              Filesize

                              397KB

                              MD5

                              1e64bdf002fa6dcae92e0b9ae4283867

                              SHA1

                              8db18047e35e77ca365a1da1648918fb710979c6

                              SHA256

                              dec6ed68c43845defcc2031c8e8da56fd6e2a476e2d5a2ea204c92b82d559bab

                              SHA512

                              b3207a4d10e07d97041bb471ba3f80e46dd70f2037ebc1a012b74943de4e78c5a5a2f5fb4c0a86615db34280b0d9f39a3f98f7b7734a7bf9fc29f41dd1bca1e2

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Yandex\YaPin\YandexWorking.exe
                              Filesize

                              397KB

                              MD5

                              1e64bdf002fa6dcae92e0b9ae4283867

                              SHA1

                              8db18047e35e77ca365a1da1648918fb710979c6

                              SHA256

                              dec6ed68c43845defcc2031c8e8da56fd6e2a476e2d5a2ea204c92b82d559bab

                              SHA512

                              b3207a4d10e07d97041bb471ba3f80e46dd70f2037ebc1a012b74943de4e78c5a5a2f5fb4c0a86615db34280b0d9f39a3f98f7b7734a7bf9fc29f41dd1bca1e2

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Yandex\YaPin\Яндекс.website
                              Filesize

                              515B

                              MD5

                              f357a5323110db733dae1ca2fec1c8bc

                              SHA1

                              5e2f4c73f003afa31a1dc733a0140ab230a395ba

                              SHA256

                              a5beb91dfde9143256cd4bd60758f8a5d7ffce7b1e2cd4a39e11e0db644a4ebc

                              SHA512

                              b2f7330cf3dfad422fd4ceb400715445f7662dd1c6d6f56607cff10fb87a413ae4d642f8a27ad426f87fd1d5ae652ad17c6ff11b68d858f725100ed716077be4

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Yandex.lnk
                              Filesize

                              2KB

                              MD5

                              97ee4a1d34086175a6a57ce307a4c5de

                              SHA1

                              cb36872f2be5994c7ecc4426d95ee38729060267

                              SHA256

                              ea9cd154b07f74933c230efb98a4a403d0f1a4e51a29d34eb37849a785b1cb1f

                              SHA512

                              55b53638670a79587540dd888d0a6b646988dada6738bcd79622943c4d719cb95524edd8075fef7e8945246caf5c953053e4cd3d95709e12064e0b4811054686

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Яндекс Маркет.lnk
                              Filesize

                              2KB

                              MD5

                              e950bee9f655648fe775993039be87e8

                              SHA1

                              c6a680c1ca91f7173136e0241ff1cf6729a1cc92

                              SHA256

                              77c05429f5b8cc83f79e575920b0d92383d40ed9fda6bb75174528ae26e65241

                              SHA512

                              8bfc189880280e2a071d5c3c7889170038b190677696fd6b2639bd57f902da3a416ed1cd78430a8dae147361ab672947f21dfff6056037b5f7e0ca7fb9525d0b

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Яндекс Маркет.website
                              Filesize

                              542B

                              MD5

                              270b9a540581fe5987be5ba13bb07482

                              SHA1

                              12891ea00dea84b6a87fc8d5f630d4ec84148fee

                              SHA256

                              0a883aeccea3f2d71a89ca07e35bc9a7351d63d747d2be79779148f31fa767a2

                              SHA512

                              48aef7b5636a7d3d59171edc2d34019bba1e2600f80af3e24c0538ed23a63aa248b31b983b355813be3c096f5230e2259c1daaeef0a2756d21382b7963d58159

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Яндекс.website
                              Filesize

                              515B

                              MD5

                              f357a5323110db733dae1ca2fec1c8bc

                              SHA1

                              5e2f4c73f003afa31a1dc733a0140ab230a395ba

                              SHA256

                              a5beb91dfde9143256cd4bd60758f8a5d7ffce7b1e2cd4a39e11e0db644a4ebc

                              SHA512

                              b2f7330cf3dfad422fd4ceb400715445f7662dd1c6d6f56607cff10fb87a413ae4d642f8a27ad426f87fd1d5ae652ad17c6ff11b68d858f725100ed716077be4

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Яндекс.website
                              Filesize

                              515B

                              MD5

                              f357a5323110db733dae1ca2fec1c8bc

                              SHA1

                              5e2f4c73f003afa31a1dc733a0140ab230a395ba

                              SHA256

                              a5beb91dfde9143256cd4bd60758f8a5d7ffce7b1e2cd4a39e11e0db644a4ebc

                              SHA512

                              b2f7330cf3dfad422fd4ceb400715445f7662dd1c6d6f56607cff10fb87a413ae4d642f8a27ad426f87fd1d5ae652ad17c6ff11b68d858f725100ed716077be4

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rfwokgpo.Admin\places.sqlite-20230915065651.129298.backup
                              Filesize

                              68KB

                              MD5

                              314cb7ffb31e3cc676847e03108378ba

                              SHA1

                              3667d2ade77624e79d9efa08a2f1d33104ac6343

                              SHA256

                              b6d278384a3684409a2a86f03e4f52869818ce7dd8b5779876960353f7d35dc1

                              SHA512

                              dc795fa35ea214843a781ee2b2ef551b91b6841a799bef2c6fb1907d90f6c114071a951ebb7b2b30e81d52b594d447a26ab12ddb57c331e854577d11e5febef5

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uzw33i5d.default-release\yandex-extensions-data\clids-sovetnik.xml
                              Filesize

                              710B

                              MD5

                              8405c223d9a7662a05f5080af24c08a7

                              SHA1

                              e4b79bde999684b133f3844ca29844e1b6b16205

                              SHA256

                              cd116354be643995bde37ba33fd462a5eea94f8c02b39ae3b7d8979a0551561f

                              SHA512

                              71da09ebe5af7ca9a7b35989f99aa888e6413ead27c19d588c8123a35c5328fd0144112fcf3f914c53b122e71cfc48ddce16efa077974a15bc1d8d495ba40913

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Bookmarks-20230915065732.414901.backup
                              Filesize

                              1KB

                              MD5

                              3adec702d4472e3252ca8b58af62247c

                              SHA1

                              35d1d2f90b80dca80ad398f411c93fe8aef07435

                              SHA256

                              2b167248e8136c4d45c2c46e2bff6fb5e5137dd4dfdccde998599be2df2e9335

                              SHA512

                              7562e093d16ee6305c1bb143a3f5d60dafe8b5de74952709abc68a0c353b65416bf78b1fa1a6720331615898848c1464a7758c5dfe78f8098f77fbfa924784c0

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Preferences
                              Filesize

                              318B

                              MD5

                              631c5999e6f9d0b2e908ca35d1edfc2b

                              SHA1

                              7946aeea50c01316576b56fae31b7e9034e88683

                              SHA256

                              65dce481da8e122cc22ff5aaab439a8281cad6adcd56abe879a6c70c02ef09e8

                              SHA512

                              cce465f0a1214e78a7a30d554d0c8fd8cd82efebd5679d3abed3211cc1c3631c622266d12396106b52514926893d588da4ca41aa445617ab152652f1b34fb527

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Preferences-20230915065732.414901.backup
                              Filesize

                              313B

                              MD5

                              af006f1bcc57b11c3478be8babc036a8

                              SHA1

                              c3bb4fa8c905565ca6a1f218e39fe7494910891e

                              SHA256

                              ed6a32e11cc99728771989b01f5ae813de80c46a59d3dc68c23a4671a343cb8c

                              SHA512

                              3d20689b0f39b414349c505be607e6bfc1f33ac401cf62a32f36f7114e4a486552f3e74661e90db29402bb85866944e9f8f31baba9605aa0c6def621511a26af

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Yandex\clids-yabrowser.xml
                              Filesize

                              692B

                              MD5

                              eaf2d44b8a5ff7ce90fcdfdae9e7284b

                              SHA1

                              198d10ee12d9c9a141ca5ad536331d27295c781f

                              SHA256

                              371158ad97c96c27c18218f6817c97ecda5928aa841f1d809e1fe7c550d5acf6

                              SHA512

                              ce5f8780165dc3027c181c89358d3d9f305c14d4284da86eb309dde8d1b898c89bf023cff27beb28e4ff680288675207f8ca22b1594a66394a788cc7716b7d06

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Yandex\ui
                              Filesize

                              38B

                              MD5

                              6ebdbbe909e056229eec533d074f0dd1

                              SHA1

                              ec55c3e8378a42f723ad23c1ba4076af0afac1d5

                              SHA256

                              0df67bddddcc8006e29472dab825cff0fe77a7b6c299ce6cc020202caf15313b

                              SHA512

                              cebc09d41ef2c6dec85dc765ba19d8d17e6b3c06f65408aefc19479f43a166c39b7673eb976bdffbc1fb3ef876a4ba5e4b45ae9868eaebbb1b925351013a340c

                              Download Submit

                            • C:\Windows\Installer\MSI67CD.tmp
                              Filesize

                              181KB

                              MD5

                              b502c676e82cb196e20db36601a08ace

                              SHA1

                              391e219b99b9eccecfa8f866baa9bd09671c3a3e

                              SHA256

                              bca6f0bec828d4f1d9748e78de826c327a853bdceb3c432426f1d53994c0d88f

                              SHA512

                              7488451baccd548601a3c69105066842bf47e8e5dd2680b1a8caa50390a7fd6c8e666c603b7a9fef0ad5a0b41f8bd302f69c50f231e95c8ea6e8da98c3de7816

                              Download Submit

                            • C:\Windows\Installer\MSI67CD.tmp
                              Filesize

                              181KB

                              MD5

                              b502c676e82cb196e20db36601a08ace

                              SHA1

                              391e219b99b9eccecfa8f866baa9bd09671c3a3e

                              SHA256

                              bca6f0bec828d4f1d9748e78de826c327a853bdceb3c432426f1d53994c0d88f

                              SHA512

                              7488451baccd548601a3c69105066842bf47e8e5dd2680b1a8caa50390a7fd6c8e666c603b7a9fef0ad5a0b41f8bd302f69c50f231e95c8ea6e8da98c3de7816

                              Download Submit

                            • C:\Windows\Installer\MSI7D98.tmp
                              Filesize

                              188KB

                              MD5

                              748143dd96f1e6e67e14384d2edf4daf

                              SHA1

                              06928cf9e39b00b654adec334709559ad4e01110

                              SHA256

                              ea551d91b1ddb00a266831438b7b0ba4119d479a38bd5fdc254d47bb520a04b9

                              SHA512

                              7c9d15ea8ba34a7a6492a83139def07489c236cca1372a5d66eff50b77b38ba8927a305bd460c75676b36ba0ff0f85b841fc835d102ee13b000068fd14e8bc9b

                              Download Submit

                            • C:\Windows\Installer\MSI7D98.tmp
                              Filesize

                              188KB

                              MD5

                              748143dd96f1e6e67e14384d2edf4daf

                              SHA1

                              06928cf9e39b00b654adec334709559ad4e01110

                              SHA256

                              ea551d91b1ddb00a266831438b7b0ba4119d479a38bd5fdc254d47bb520a04b9

                              SHA512

                              7c9d15ea8ba34a7a6492a83139def07489c236cca1372a5d66eff50b77b38ba8927a305bd460c75676b36ba0ff0f85b841fc835d102ee13b000068fd14e8bc9b

                              Download Submit

                            • C:\Windows\Installer\MSI7E16.tmp
                              Filesize

                              188KB

                              MD5

                              748143dd96f1e6e67e14384d2edf4daf

                              SHA1

                              06928cf9e39b00b654adec334709559ad4e01110

                              SHA256

                              ea551d91b1ddb00a266831438b7b0ba4119d479a38bd5fdc254d47bb520a04b9

                              SHA512

                              7c9d15ea8ba34a7a6492a83139def07489c236cca1372a5d66eff50b77b38ba8927a305bd460c75676b36ba0ff0f85b841fc835d102ee13b000068fd14e8bc9b

                              Download Submit

                            • C:\Windows\Installer\MSI7E16.tmp
                              Filesize

                              188KB

                              MD5

                              748143dd96f1e6e67e14384d2edf4daf

                              SHA1

                              06928cf9e39b00b654adec334709559ad4e01110

                              SHA256

                              ea551d91b1ddb00a266831438b7b0ba4119d479a38bd5fdc254d47bb520a04b9

                              SHA512

                              7c9d15ea8ba34a7a6492a83139def07489c236cca1372a5d66eff50b77b38ba8927a305bd460c75676b36ba0ff0f85b841fc835d102ee13b000068fd14e8bc9b

                              Download Submit

                            • C:\Windows\Installer\MSI8AC9.tmp
                              Filesize

                              181KB

                              MD5

                              b502c676e82cb196e20db36601a08ace

                              SHA1

                              391e219b99b9eccecfa8f866baa9bd09671c3a3e

                              SHA256

                              bca6f0bec828d4f1d9748e78de826c327a853bdceb3c432426f1d53994c0d88f

                              SHA512

                              7488451baccd548601a3c69105066842bf47e8e5dd2680b1a8caa50390a7fd6c8e666c603b7a9fef0ad5a0b41f8bd302f69c50f231e95c8ea6e8da98c3de7816

                              Download Submit

                            • C:\Windows\Installer\MSI8AC9.tmp
                              Filesize

                              181KB

                              MD5

                              b502c676e82cb196e20db36601a08ace

                              SHA1

                              391e219b99b9eccecfa8f866baa9bd09671c3a3e

                              SHA256

                              bca6f0bec828d4f1d9748e78de826c327a853bdceb3c432426f1d53994c0d88f

                              SHA512

                              7488451baccd548601a3c69105066842bf47e8e5dd2680b1a8caa50390a7fd6c8e666c603b7a9fef0ad5a0b41f8bd302f69c50f231e95c8ea6e8da98c3de7816

                              Download Submit

                            • C:\Windows\Installer\MSI8B09.tmp
                              Filesize

                              181KB

                              MD5

                              b502c676e82cb196e20db36601a08ace

                              SHA1

                              391e219b99b9eccecfa8f866baa9bd09671c3a3e

                              SHA256

                              bca6f0bec828d4f1d9748e78de826c327a853bdceb3c432426f1d53994c0d88f

                              SHA512

                              7488451baccd548601a3c69105066842bf47e8e5dd2680b1a8caa50390a7fd6c8e666c603b7a9fef0ad5a0b41f8bd302f69c50f231e95c8ea6e8da98c3de7816

                              Download Submit

                            • C:\Windows\Installer\MSI8B09.tmp
                              Filesize

                              181KB

                              MD5

                              b502c676e82cb196e20db36601a08ace

                              SHA1

                              391e219b99b9eccecfa8f866baa9bd09671c3a3e

                              SHA256

                              bca6f0bec828d4f1d9748e78de826c327a853bdceb3c432426f1d53994c0d88f

                              SHA512

                              7488451baccd548601a3c69105066842bf47e8e5dd2680b1a8caa50390a7fd6c8e666c603b7a9fef0ad5a0b41f8bd302f69c50f231e95c8ea6e8da98c3de7816

                              Download Submit

                            • C:\Windows\Installer\MSI8B09.tmp
                              Filesize

                              181KB

                              MD5

                              b502c676e82cb196e20db36601a08ace

                              SHA1

                              391e219b99b9eccecfa8f866baa9bd09671c3a3e

                              SHA256

                              bca6f0bec828d4f1d9748e78de826c327a853bdceb3c432426f1d53994c0d88f

                              SHA512

                              7488451baccd548601a3c69105066842bf47e8e5dd2680b1a8caa50390a7fd6c8e666c603b7a9fef0ad5a0b41f8bd302f69c50f231e95c8ea6e8da98c3de7816

                              Download Submit

                            • C:\Windows\Installer\MSI8B68.tmp
                              Filesize

                              181KB

                              MD5

                              b502c676e82cb196e20db36601a08ace

                              SHA1

                              391e219b99b9eccecfa8f866baa9bd09671c3a3e

                              SHA256

                              bca6f0bec828d4f1d9748e78de826c327a853bdceb3c432426f1d53994c0d88f

                              SHA512

                              7488451baccd548601a3c69105066842bf47e8e5dd2680b1a8caa50390a7fd6c8e666c603b7a9fef0ad5a0b41f8bd302f69c50f231e95c8ea6e8da98c3de7816

                              Download Submit

                            • C:\Windows\Installer\MSI8B68.tmp
                              Filesize

                              181KB

                              MD5

                              b502c676e82cb196e20db36601a08ace

                              SHA1

                              391e219b99b9eccecfa8f866baa9bd09671c3a3e

                              SHA256

                              bca6f0bec828d4f1d9748e78de826c327a853bdceb3c432426f1d53994c0d88f

                              SHA512

                              7488451baccd548601a3c69105066842bf47e8e5dd2680b1a8caa50390a7fd6c8e666c603b7a9fef0ad5a0b41f8bd302f69c50f231e95c8ea6e8da98c3de7816

                              Download Submit

                            • C:\Windows\Installer\MSI8BC6.tmp
                              Filesize

                              181KB

                              MD5

                              b502c676e82cb196e20db36601a08ace

                              SHA1

                              391e219b99b9eccecfa8f866baa9bd09671c3a3e

                              SHA256

                              bca6f0bec828d4f1d9748e78de826c327a853bdceb3c432426f1d53994c0d88f

                              SHA512

                              7488451baccd548601a3c69105066842bf47e8e5dd2680b1a8caa50390a7fd6c8e666c603b7a9fef0ad5a0b41f8bd302f69c50f231e95c8ea6e8da98c3de7816

                              Download Submit

                            • C:\Windows\Installer\MSI8BC6.tmp
                              Filesize

                              181KB

                              MD5

                              b502c676e82cb196e20db36601a08ace

                              SHA1

                              391e219b99b9eccecfa8f866baa9bd09671c3a3e

                              SHA256

                              bca6f0bec828d4f1d9748e78de826c327a853bdceb3c432426f1d53994c0d88f

                              SHA512

                              7488451baccd548601a3c69105066842bf47e8e5dd2680b1a8caa50390a7fd6c8e666c603b7a9fef0ad5a0b41f8bd302f69c50f231e95c8ea6e8da98c3de7816

                              Download Submit

                            • C:\Windows\Installer\MSI8C64.tmp
                              Filesize

                              181KB

                              MD5

                              b502c676e82cb196e20db36601a08ace

                              SHA1

                              391e219b99b9eccecfa8f866baa9bd09671c3a3e

                              SHA256

                              bca6f0bec828d4f1d9748e78de826c327a853bdceb3c432426f1d53994c0d88f

                              SHA512

                              7488451baccd548601a3c69105066842bf47e8e5dd2680b1a8caa50390a7fd6c8e666c603b7a9fef0ad5a0b41f8bd302f69c50f231e95c8ea6e8da98c3de7816

                              Download Submit

                            • C:\Windows\Installer\MSI8C64.tmp
                              Filesize

                              181KB

                              MD5

                              b502c676e82cb196e20db36601a08ace

                              SHA1

                              391e219b99b9eccecfa8f866baa9bd09671c3a3e

                              SHA256

                              bca6f0bec828d4f1d9748e78de826c327a853bdceb3c432426f1d53994c0d88f

                              SHA512

                              7488451baccd548601a3c69105066842bf47e8e5dd2680b1a8caa50390a7fd6c8e666c603b7a9fef0ad5a0b41f8bd302f69c50f231e95c8ea6e8da98c3de7816

                              Download Submit

                            • C:\Windows\Installer\MSIA82A.tmp
                              Filesize

                              181KB

                              MD5

                              b502c676e82cb196e20db36601a08ace

                              SHA1

                              391e219b99b9eccecfa8f866baa9bd09671c3a3e

                              SHA256

                              bca6f0bec828d4f1d9748e78de826c327a853bdceb3c432426f1d53994c0d88f

                              SHA512

                              7488451baccd548601a3c69105066842bf47e8e5dd2680b1a8caa50390a7fd6c8e666c603b7a9fef0ad5a0b41f8bd302f69c50f231e95c8ea6e8da98c3de7816

                              Download Submit

                            • C:\Windows\Installer\MSIA82A.tmp
                              Filesize

                              181KB

                              MD5

                              b502c676e82cb196e20db36601a08ace

                              SHA1

                              391e219b99b9eccecfa8f866baa9bd09671c3a3e

                              SHA256

                              bca6f0bec828d4f1d9748e78de826c327a853bdceb3c432426f1d53994c0d88f

                              SHA512

                              7488451baccd548601a3c69105066842bf47e8e5dd2680b1a8caa50390a7fd6c8e666c603b7a9fef0ad5a0b41f8bd302f69c50f231e95c8ea6e8da98c3de7816

                              Download Submit

                            • C:\Windows\Installer\MSIACDE.tmp
                              Filesize

                              181KB

                              MD5

                              b502c676e82cb196e20db36601a08ace

                              SHA1

                              391e219b99b9eccecfa8f866baa9bd09671c3a3e

                              SHA256

                              bca6f0bec828d4f1d9748e78de826c327a853bdceb3c432426f1d53994c0d88f

                              SHA512

                              7488451baccd548601a3c69105066842bf47e8e5dd2680b1a8caa50390a7fd6c8e666c603b7a9fef0ad5a0b41f8bd302f69c50f231e95c8ea6e8da98c3de7816

                              Download Submit

                            • C:\Windows\Installer\MSIACDE.tmp
                              Filesize

                              181KB

                              MD5

                              b502c676e82cb196e20db36601a08ace

                              SHA1

                              391e219b99b9eccecfa8f866baa9bd09671c3a3e

                              SHA256

                              bca6f0bec828d4f1d9748e78de826c327a853bdceb3c432426f1d53994c0d88f

                              SHA512

                              7488451baccd548601a3c69105066842bf47e8e5dd2680b1a8caa50390a7fd6c8e666c603b7a9fef0ad5a0b41f8bd302f69c50f231e95c8ea6e8da98c3de7816

                              Download Submit

                            • memory/6008-16279-0x00000000044E0000-0x00000000044E1000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/6280-16067-0x0000000002F60000-0x0000000002F61000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/6284-16227-0x0000000004720000-0x0000000004721000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/6972-16289-0x000001EB76040000-0x000001EB76060000-memory.dmp

                              Filesize

                              128KB

                              Download

                            • memory/6972-16286-0x000001EB76080000-0x000001EB760A0000-memory.dmp

                              Filesize

                              128KB

                              Download

                            • memory/6972-16293-0x000001EB764E0000-0x000001EB76500000-memory.dmp

                              Filesize

                              128KB

                              Download

                            • memory/6972-16297-0x000001E374000000-0x000001E37592F000-memory.dmp

                              Filesize

                              25.2MB

                              Download

                            • memory/7352-16245-0x00000000049E0000-0x00000000049E1000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/7364-16260-0x000002AF6B3A0000-0x000002AF6B3C0000-memory.dmp

                              Filesize

                              128KB

                              Download

                            • memory/7364-16257-0x000002AF6B6D0000-0x000002AF6B6F0000-memory.dmp

                              Filesize

                              128KB

                              Download

                            • memory/7364-16255-0x000002AF6B400000-0x000002AF6B420000-memory.dmp

                              Filesize

                              128KB

                              Download