bdcd9f5eec736e493ead3ad3a6ea517e4ec3a6525819f6e3761af02828089d5f

Analysis

max time kernel
37s
max time network
180s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
21-02-2024 23:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

KLSetup.exe
Size

8.2MB
MD5

7a6436629a7b09b2213589bc671d3432
SHA1

c27069f89a57acea72a1346949406eb7f94cfa52
SHA256

bdcd9f5eec736e493ead3ad3a6ea517e4ec3a6525819f6e3761af02828089d5f
SHA512

71d60f2d4dcf1d92cf5be5eefdab7584ea4bdd9c4bea545bf47749a5b6ad7a4145e3306587447e2a243cfac24f3242a09a20309155a99a7440ec130154457f12
SSDEEP

98304:pEo5z/yF0ULxVuZ6xfqGeUVSO6HVyW2iI30Ge2JW9GU5M0xZE:pt5zqF0KqlXV/luWUU666

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2200714112-3788720386-2559682836-1000\Control Panel\International\Geo\Nation	KLSetup.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2200714112-3788720386-2559682836-1000\Control Panel\International\Geo\Nation	yadl.exe

Executes dropped EXE 3 IoCs

pid	Process
1512	yadl.exe
3924	YandexPackSetup.exe
3760	yadl.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\Installer\e58144e.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e58144e.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies system certificate store 2 TTPs 3 IoCs

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8	yadl.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b8200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82	yadl.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 1900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82	yadl.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3924	YandexPackSetup.exe
3924	YandexPackSetup.exe

Suspicious use of AdjustPrivilegeToken 34 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3924	YandexPackSetup.exe
Token: SeIncreaseQuotaPrivilege	3924	YandexPackSetup.exe
Token: SeSecurityPrivilege	1248	msiexec.exe
Token: SeCreateTokenPrivilege	3924	YandexPackSetup.exe
Token: SeAssignPrimaryTokenPrivilege	3924	YandexPackSetup.exe
Token: SeLockMemoryPrivilege	3924	YandexPackSetup.exe
Token: SeIncreaseQuotaPrivilege	3924	YandexPackSetup.exe
Token: SeMachineAccountPrivilege	3924	YandexPackSetup.exe
Token: SeTcbPrivilege	3924	YandexPackSetup.exe
Token: SeSecurityPrivilege	3924	YandexPackSetup.exe
Token: SeTakeOwnershipPrivilege	3924	YandexPackSetup.exe
Token: SeLoadDriverPrivilege	3924	YandexPackSetup.exe
Token: SeSystemProfilePrivilege	3924	YandexPackSetup.exe
Token: SeSystemtimePrivilege	3924	YandexPackSetup.exe
Token: SeProfSingleProcessPrivilege	3924	YandexPackSetup.exe
Token: SeIncBasePriorityPrivilege	3924	YandexPackSetup.exe
Token: SeCreatePagefilePrivilege	3924	YandexPackSetup.exe
Token: SeCreatePermanentPrivilege	3924	YandexPackSetup.exe
Token: SeBackupPrivilege	3924	YandexPackSetup.exe
Token: SeRestorePrivilege	3924	YandexPackSetup.exe
Token: SeShutdownPrivilege	3924	YandexPackSetup.exe
Token: SeDebugPrivilege	3924	YandexPackSetup.exe
Token: SeAuditPrivilege	3924	YandexPackSetup.exe
Token: SeSystemEnvironmentPrivilege	3924	YandexPackSetup.exe
Token: SeChangeNotifyPrivilege	3924	YandexPackSetup.exe
Token: SeRemoteShutdownPrivilege	3924	YandexPackSetup.exe
Token: SeUndockPrivilege	3924	YandexPackSetup.exe
Token: SeSyncAgentPrivilege	3924	YandexPackSetup.exe
Token: SeEnableDelegationPrivilege	3924	YandexPackSetup.exe
Token: SeManageVolumePrivilege	3924	YandexPackSetup.exe
Token: SeImpersonatePrivilege	3924	YandexPackSetup.exe
Token: SeCreateGlobalPrivilege	3924	YandexPackSetup.exe
Token: SeRestorePrivilege	1248	msiexec.exe
Token: SeTakeOwnershipPrivilege	1248	msiexec.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2468 wrote to memory of 1512	2468	KLSetup.exe	89
PID 2468 wrote to memory of 1512	2468	KLSetup.exe	89
PID 2468 wrote to memory of 1512	2468	KLSetup.exe	89
PID 1512 wrote to memory of 3924	1512	yadl.exe	91
PID 1512 wrote to memory of 3924	1512	yadl.exe	91
PID 1512 wrote to memory of 3924	1512	yadl.exe	91
PID 1512 wrote to memory of 3760	1512	yadl.exe	92
PID 1512 wrote to memory of 3760	1512	yadl.exe	92
PID 1512 wrote to memory of 3760	1512	yadl.exe	92

C:\Users\Admin\AppData\Local\Temp\KLSetup.exe
"C:\Users\Admin\AppData\Local\Temp\KLSetup.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:2468
- C:\Users\Admin\AppData\Local\Temp\yadl.exe
  "C:\Users\Admin\AppData\Local\Temp\yadl.exe" --partner 8788 --distr /quiet /msicl "YABROWSER=y YAQSEARCH=y YAHOMEPAGE=y VID=100"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Modifies system certificate store
  - Suspicious use of WriteProcessMemory
  PID:1512
- - C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe
    "C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe" /quiet /msicl "YABROWSER=y YAQSEARCH=y YAHOMEPAGE=y VID=100"
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:3924
- - C:\Users\Admin\AppData\Local\Temp\yadl.exe
    C:\Users\Admin\AppData\Local\Temp\yadl.exe --stat dwnldr/p=8788/cnt=0/dt=4/ct=1/rt=0 --dh 2324 --st 1708557371
    3⤵
    - Executes dropped EXE
    PID:3760
- C:\Users\Admin\AppData\Roaming\.minecraft\KLauncher.exe
  "C:\Users\Admin\AppData\Roaming\.minecraft\KLauncher.exe"
  2⤵
  PID:19316
- - C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe
    "C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe" -version
    3⤵
    PID:19340
- - C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe
    "C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe" -XX:+UseG1GC -Dfile.encoding=UTF-8 -jar "C:\Users\Admin\AppData\Roaming\.minecraft\KLauncher.exe"
    3⤵
    PID:6188

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:1248
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding ACD84BE0A1686A257E2D30E36276E56E
  2⤵
  PID:2260
- - C:\Users\Admin\AppData\Local\Temp\2ADC5878-9332-4F12-9EA4-56799B33BD68\seederexe.exe
    "C:\Users\Admin\AppData\Local\Temp\2ADC5878-9332-4F12-9EA4-56799B33BD68\seederexe.exe" "--yqs=y" "--yhp=y" "--ilight=" "--oem=" "--nopin=n" "--pin_custom=n" "--pin_desktop=n" "--pin_taskbar=y" "--locale=us" "--browser=y" "--browser_default=" "--loglevel=trace" "--ess=" "--clids=C:\Users\Admin\AppData\Local\Temp\clids-yasearch.xml" "--sender=C:\Users\Admin\AppData\Local\Temp\62D43E1F-098A-4898-8202-8CE2AF70CA8C\sender.exe" "--is_elevated=yes" "--ui_level=2" "--good_token=x" "--no_opera=n"
    3⤵
    PID:1708
  - - C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe
      C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe --silent --pin-taskbar=y --pin-desktop=n
      4⤵
      PID:16748
    - - C:\Users\Admin\AppData\Local\Temp\pin\explorer.exe
        
        C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe --silent --pin-taskbar=y --pin-desktop=n /pin-path="C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.lnk" --is-pinning
        5⤵
        
        PID:5868
  - - C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe
      C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe --silent --pin-taskbar=y --pin-desktop=n /website-path="C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\Taskbar\Яндекс Маркет.website" /icon-path="C:\Users\Admin\AppData\Local\MICROS~1\INTERN~1\Services\MARKET~1.ICO" /site-id="2AE68B04.8A85F169"
      4⤵
      PID:16904
    - - C:\Users\Admin\AppData\Local\Temp\pin\explorer.exe
        
        C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe --silent --pin-taskbar=y --pin-desktop=n /website-path="C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\Taskbar\Яндекс Маркет.website" /icon-path="C:\Users\Admin\AppData\Local\MICROS~1\INTERN~1\Services\MARKET~1.ICO" /site-id="2AE68B04.8A85F169" /pin-path="C:\Users\Admin\AppData\Local\Yandex\YaPin\2AE68B04.8A85F169\Яндекс Маркет.lnk" --is-pinning
        5⤵
        
        PID:16972
  - - C:\Users\Admin\AppData\Local\Temp\62D43E1F-098A-4898-8202-8CE2AF70CA8C\sender.exe
      C:\Users\Admin\AppData\Local\Temp\62D43E1F-098A-4898-8202-8CE2AF70CA8C\sender.exe --send "/status.xml?clid=2335322-100&uuid=87a7c491-e271-40af-9544-ab1f93e7cba4&vnt=Windows 10x64&file-no=8%0A10%0A11%0A12%0A13%0A15%0A17%0A18%0A20%0A21%0A22%0A25%0A36%0A38%0A40%0A42%0A43%0A45%0A57%0A61%0A89%0A102%0A103%0A111%0A123%0A124%0A125%0A129%0A"
      4⤵
      PID:17036
- - C:\Users\Admin\AppData\Local\Temp\522B080F-DE52-4936-8951-F2B84F9B33BC\lite_installer.exe
    "C:\Users\Admin\AppData\Local\Temp\522B080F-DE52-4936-8951-F2B84F9B33BC\lite_installer.exe" --use-user-default-locale --silent --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/5/ --YABROWSER
    3⤵
    PID:4312

C:\Windows\system32\osk.exe
"C:\Windows\system32\osk.exe"
1⤵
PID:6256

C:\Users\Admin\AppData\Local\Temp\{A87E5C9E-0D8A-44D8-8F9F-ADC4F7863381}.exe
"C:\Users\Admin\AppData\Local\Temp\{A87E5C9E-0D8A-44D8-8F9F-ADC4F7863381}.exe" --job-name=yBrowserDownloader-{E9F42757-49AF-41E4-A1BA-6DD51BA15318} --send-statistics --local-path=C:\Users\Admin\AppData\Local\Temp\{A87E5C9E-0D8A-44D8-8F9F-ADC4F7863381}.exe --YABROWSER --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/5/ --silent --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe?clid=2335351-100&ui={87a7c491-e271-40af-9544-ab1f93e7cba4} --use-user-default-locale
1⤵
PID:6544

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x498 0x4a0
1⤵
PID:7028

C:\Windows\system32\launchtm.exe
launchtm.exe /2
1⤵
PID:7148
- C:\Windows\System32\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe" /2
  2⤵
  PID:7420

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\143e917383384944810be7d0316830d9 /t 6260 /p 6256
1⤵
PID:7288

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e581451.rbs

Filesize
911B

MD5
f88326adecd058239016056d29822045

SHA1
fae54e38e8019ba5a99a84740a9420a44ac067c9

SHA256
1470651772d67d9e189bc15e69b15fc95a456bde468c04ef30529f3b24d65d87

SHA512
c5e59ab6bacf616ca286948b6ca15daed6547058802ca34219dde703ffeb5f71bd8947b8fc59f1964d42343f5f2141fdb9115c6d5c7bab7b2c4b358d29ea92b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\357F04AD41BCF5FE18FCB69F60C6680F_EBD7B8AF3A6D56C51CDE1B85E8C855A8

Filesize
1KB

MD5
fd30612b8b86ec8636f8e07e3c1728c9

SHA1
870d55ac7fa6694e058fe0c30ece5179054883cf

SHA256
936f6ebbe29662de57655ef768c597ae46ed3372fa2caadb5f2a87ff01e57a26

SHA512
73506aae33ccbc9e3ff2e9c4f2cd37826bd2b09d213bdb1fbdad633500458301d7c6153ed22225717919d698ee2c094c10dfbc8b45c3aa53e1200caa0751724c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E

Filesize
1KB

MD5
aa46ae1a3f2b1b02b0b5d3eb39d53815

SHA1
645b11388143037b2c162a7cbf3c3ec8e63ecdbf

SHA256
d78698540fef0a189f8a7ef1f0520d9a1869a1c0d768c7f2aaabb466d22eefd0

SHA512
a0781f22c1b55490258fc6e0c02ae5ac627d0a7f2c371e153fc43a2a9fa70b8b8878aaf54d6aa0112ff073b2fc0848c60b9f269b6cc2e7a44a421df77c097686

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\357F04AD41BCF5FE18FCB69F60C6680F_EBD7B8AF3A6D56C51CDE1B85E8C855A8

Filesize
540B

MD5
2206b16dadb88b9e8b9d27bcb767538e

SHA1
e4ce551da4cb1326f190e3e376a9a850923c35c6

SHA256
dd481bce4052c3123f6fd8f6602043ef5669429f0b4f79d60fa3e912d58735b6

SHA512
70c2deefa6020759ad013119253d4231bbb78a2a576a691ddf0904808af111d769fa389951fe9ebb4e334a35408e1acf8e3888b28e99574e498769a44cbf033c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E

Filesize
536B

MD5
f43a095e71aa8272793b5f88d11b9083

SHA1
9793041a96cfa33899d27d7c728c045ddd60fd2c

SHA256
46617377c79ee32fa76db3dd9c3457224265ec3f17f5e59c8c8f905238605817

SHA512
fa5488b89ae9f669ac1ea7f839b69b75cf693f457516163d371e7dcd4550865405b8d38ddf155e3a5c329f6432ccbcb9e8fde81d637f1c091ae53816d58abde3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Services\market.yandex.ru.ico

Filesize
9KB

MD5
037dcb9f2d8c769d7b9e362fedd36e84

SHA1
8019da23adf7b4baa2b4a0e615b9167f8d2aa984

SHA256
ac03c5b69ffe00e7937efa6917d2a4212ddb2f6e911aeba54461fe8c59de53f2

SHA512
c219b4c9c8077fe028fe863046f528ef389953878ec111f8cb9b00aaef74efc0ec428c930bdc5298bd5439afac81de5c9ec09c57a659f7e8ba263e509daed718

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Services\www.ya.ru.ico

Filesize
17KB

MD5
ea6ee9ae02402932201de0f23615e815

SHA1
17629127d63b37da0a2a2b2b196110d85372707d

SHA256
f7383af8817bac1d59207a2080afc6b0dcb61a091cb1190d25fe18363838f8fb

SHA512
918fe91a99e0e99e9cc6d17fdd5c2c9b3cb03ae8037681c1875faafc73c05d74fb29b612ea5de867ba96c158dc35fb28cf3f39487bf56f8bf4c6f3e6aaa2cf8f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\btade21m.default-release\thumbnails\f1caec5363c186a59ae7d2f7d4945ea6

Filesize
15KB

MD5
af80a936c10e18de168538a0722d6319

SHA1
9b1c84a1cf7330a698c89b9d7f33b17b4ba35536

SHA256
2435c0376fca765b21d43e897f4baa52daa0958a7015d04103488c606c99d1d3

SHA512
9a1325c8ce05806e5c161a4cf47239f62baad8f79650fbd713e74928fce8171ced10ba7f24fac46c548e1dbf3f64106270cb25ca88c836c870107f5dc1f97879

Download Submit
C:\Users\Admin\AppData\Local\Temp\2ADC5878-9332-4F12-9EA4-56799B33BD68\seederexe.exe

Filesize
1.2MB

MD5
fc90219961d109c8477d983bbc9ccecc

SHA1
29778294b6c0376b7904b0c6dbd34caa57a67a8c

SHA256
eb00214e97921c3ad9d0887dcc495673f1278c89c17b313c461797c1e7adcec4

SHA512
f534fc0a90e2fbd2d96d60212aa78bfbdf75353c8da41751b579e7845e20fb365400c85fd2420758d39af8b503a702d759cc9b333cdbd12881aff349525fa14a

Download Submit
C:\Users\Admin\AppData\Local\Temp\522B080F-DE52-4936-8951-F2B84F9B33BC\lite_installer.exe

Filesize
418KB

MD5
372dd1f1a276a02aa9fbc0435bc9081d

SHA1
258091e03a5eb6c10b242444aa9f8a449212861d

SHA256
5fe9db11665ab3877380a68e19b20e0567a8e2ce888f36c15c188d117ecdc59c

SHA512
640cd883835558a7dcd8c1d8eaf5b87f71341f9ddb2bae83c76d991a3d80b62782e454bf3db74cf16b3dd5952ced213202d8049d5a8efe860930eebd35de9ba9

Download Submit
C:\Users\Admin\AppData\Local\Temp\62D43E1F-098A-4898-8202-8CE2AF70CA8C\sender.exe

Filesize
259KB

MD5
e3057443a704b797124507b9cefdece8

SHA1
3fdc3be05efc7038023fa93544d675a2d5b9cbae

SHA256
393f94297e3a2e4ffd771323bcaf8b59ebb57cb29a773a18917e7c0c9a9ecf50

SHA512
62e608324bfc7d05ccb6025d39c96ac9328accd465a11e7fb636fffe7f1fe89c6f9a956778fafc97b70165058fcf903de5ae09847cc286ddc58a7aed6b2c2291

Download Submit
C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe

Filesize
576KB

MD5
5a8118ec3e3aba5d8985671a38b87d80

SHA1
b7fae88083eae532e2d6aa118b91a8d31daf85ba

SHA256
103c89f573a4ebc5508084e2ae78f3fc102b53c41dcfa7e36d92da1a27b9eb51

SHA512
987cdbb36f459d04799ce57a303c5a005efb89ee2277699f7fab672f7d85204dcf144d14f82015694f32e056f029542d52e080ae20596c508856cdac84cb5d67

Download Submit
C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe

Filesize
832KB

MD5
e8254fd36a9a8131f411217b9c9d3a1e

SHA1
de3b5ca4c1864bba0a1280cdbef6d9bc1ac457e4

SHA256
faf08cdb93fdfc9b5d0482ad666e1ca5507a0b19362d28c6efdecc0c7362107a

SHA512
69b8a57430884b1b7f4b9f5b39622fff26d18e92ba57cc7e48afdf3b2f9598d4a30a03c82e7a3929fe2c5425eacbf5a5bdd89296874ed42e3687d8c74ae7e12e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe

Filesize
42KB

MD5
18407b57f0870efd60ad9ccc7a35773e

SHA1
3c20b03b3043430f4e9669ac38e17500dbd40b48

SHA256
b44558888d17e315b7cf309e09b2698611f78f379ca9576ae424db5356ddb38f

SHA512
b05dd475c054470fea4c5f0b8e3bca63022d0816398491e6d3e0e18c9d38b60a2420a959e2ad12f2e73b5fdfd9b339a8fa62267df64854f9b5066b56d4c8914b

Download Submit
C:\Users\Admin\AppData\Local\Temp\9d65254a-8be6-460a-8ad9-83fcdd2629ee\sovetnik-at-metabar.json

Filesize
1KB

MD5
5a40649cf7f6923e1e00e67a8e5fc6c8

SHA1
fc849b64b31f2b3d955f0cb205db6921eacc1b53

SHA256
6d432ba7096090837f9533a33a686c846ad67aed8ecc43af7ce8af42649cd51a

SHA512
0fc42a2cc61528b14478f4b9ae098ea90e6b05ddbe10f3a6cdd6326d0d8e6185b49d2b8143b76a9f329bdc277cf02b54d98f374edd65df68a1ffc41e1c817786

Download Submit
C:\Users\Admin\AppData\Local\Temp\9d65254a-8be6-460a-8ad9-83fcdd2629ee\sovetnik-at-metabar.xpi

Filesize
576KB

MD5
1bdb560fc5d45d2a4593206899bf7937

SHA1
fc3e3e59746eaa342eee3095d087ed2a89161c19

SHA256
006fd623804b689767710d59da01bce0eed4e272f15bb6046e7a0ff447fbf1c5

SHA512
3af25dc8e74f2f8f04f714a3bbf3ba2bc1b75a84559bebbd111b1552b7e70b3d457158edc13260b3b7703d4e06fc65e5403b56c64f65c8d4d0b7e21e41c87f70

Download Submit
C:\Users\Admin\AppData\Local\Temp\YandexSearch00000.log

Filesize
3KB

MD5
bf665f6a44dc054e9799bff4b505a4a4

SHA1
f9197b91f5643e4ea69b5356c9228aeda14fcc10

SHA256
b3bddb5721c2fcca1cea950bc4bb2a28a258421175e205ecd9fbac6e91815c02

SHA512
a6dcf47f8874dc4a32281ced597948479bd3de403fe8dc50dcf1b07473acbc726df17154762b0e7ada8dd2edf2c0498eadce42c6e4bd995aa28cbbaca68c7c6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\clids-yasearch.xml

Filesize
709B

MD5
997c636fa6bdcc548e539d04366601e2

SHA1
fcd59cb3016265cf1f4cd6dedc1a2ede9faedc6c

SHA256
1b85226120f0053e4e1ee95d2521b4059a410628b8378c082af794580c4c71a3

SHA512
e238527c699996078f215d200e64816445a313ab03fe4e8ded14a80cf673ed8b4e221e67f07e0d8855a18eae1596cf44da5fa9bcf8161b371cef47ebc7791965

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
6KB

MD5
c1d63bf8c45a37e337eb444af67c3708

SHA1
b5642955160bd28262dc0dbbe20e162560c588b6

SHA256
3df284741358e12f5eba340f9413677ad8e97691563a1d678fe8e4ccea7f2e8a

SHA512
ef3f29f11c601ae5b411812c47aed52711558aee348f838887925c4452037317f09ae669b2c5957d41cef485d843f387f1e232e60d31dda67cde0e34d82f0a9d

Download Submit
C:\Users\Admin\AppData\Local\Temp\omnija-20241621.zip

Filesize
64KB

MD5
389718cdb7c3460f7ab65608e2a8b6bc

SHA1
97eb01d57a11d64e22d91d6d28cbe0239c54ef8e

SHA256
ce71e2fbd7a636846804c7d5e6116f2b2dd3ff524604e2305a17dc0aa48cdedd

SHA512
9243ce6db80bb6e6ed3575b375d32b23dc26e38394d613860de7773ee3e76640e2b0af6808e82e36a4ffec0e61a845f8c243a675b58ac08582001eb84c2c66cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\pin\explorer.exe

Filesize
256KB

MD5
da4c44a19d77507969bee91e65aa9d86

SHA1
e8b587c6d1f00689bf149161481c1d223a25e28e

SHA256
4154228a06e53e8ab5211daaab2571b33a16807683df8b67f1a32d33cca9c2e3

SHA512
8267b5deb35d713fb0fd8cab6a8b71d605ddc38fddb7db7235e47be07c0098bf5b1d602facf1b20c712d13d01f0c1f61ae8ce7a189065e62860ff842a1379dbd

Download Submit
C:\Users\Admin\AppData\Local\Temp\vendor00000.xml

Filesize
508B

MD5
383275de4495d0496d2339596c48b0a2

SHA1
46f5c96071d91a36818b857d535dd9f2ba9059ac

SHA256
833081fcf9401610ddfb400593d9302e6accf4fe7723e1a4f248fcf5e1a8da0f

SHA512
1448f3f02c1e15020f1985ecb4a2be9b3a2701400f0e6578e5559d1aaca24f9b9d583fdcc5f737f89f7295b16b25d30c3b189467c5947caac035c0321ff56455

Download Submit
C:\Users\Admin\AppData\Local\Temp\yadl.exe

Filesize
128KB

MD5
939ada506dbff5c424a6dedcdfbcd5e3

SHA1
0da7c047ff7e0d180cd909611d202af45b3324c7

SHA256
f404a5caea1a5123d399463219fb8fdc24bea651838919fcde9b12b2b3e9104d

SHA512
72ab07a5083e7cc83965b6a5903ed5621c1fe874e85be801ea14f792fe521987a8131da7a29d8d90e45cb8a93f7257a45c66e22deaf4d20519d98d75d7ab0629

Download Submit
C:\Users\Admin\AppData\Local\Temp\yadl.exe

Filesize
203KB

MD5
6922e66413b832878ac33061032d610f

SHA1
0ec966e045149267007cd840798e7b0e0a077786

SHA256
c014b10df32d537cb505efaa593bee22bcb2cd63b1bcd12a7ab44c958031846f

SHA512
2c1ccde7c9bd793f40c3a0c6fc94aa8b8de222ed6eca52ca7249fad79d994200bd48bb1874579984ea74eb2e52d0b7fa7636b6f93fe18a17e76842e84807280f

Download Submit
C:\Users\Admin\AppData\Local\Temp\yadl.exe

Filesize
64KB

MD5
e90b5fcf01cb63d8c3bf71f7cc2bb5a4

SHA1
7cfe052a7fcc89fa293436ce6e06f12f183af497

SHA256
669e44e9cc07dbde75822e810a0989bc4d430efe818d30ea962088e323bab97f

SHA512
dd01030549831988e899619c9a40ae8dc9376d12dc2764544123681660d016b9e16d18942f37d125e08cde868b3d40cf4bf9786ba79d3656b527b873e2bc56bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\{5B964E0E-B9A3-4276-9ED9-4D5A5720747A}\YandexSearch.msi

Filesize
576KB

MD5
bdd390cb0445f24413958f0236fab55f

SHA1
d65e7e34761c54224cdfbe00bd9805f0ea2c446a

SHA256
dbec399ff668c08f44cc25fd1a63f104339e8f76b0b212e4a65abf1375820aa8

SHA512
4d22cd350f7fb3df6215c0ab7dbaa23d6c2fc648914ae88ae421bc0a7580e0d92d86231ade6d146faaf822e48c3fa7677e70f06b36e9d0f2fcc5776b4bb88af7

Download Submit
C:\Users\Admin\AppData\Local\Temp\{A87E5C9E-0D8A-44D8-8F9F-ADC4F7863381}.exe

Filesize
3.9MB

MD5
e33d221d6b179a0482d39b7be09ebe42

SHA1
9610b6834112c83172160d8027efda3935b381f2

SHA256
a24f071b314278b59caae3ea3671004fc346b6d674523efe984e759c5d8610c9

SHA512
75ea824ed5be229cf671be7923e8a4e550c55b80315b7b01900b9e97af3ac63fec00b482d0dd926b6ae7162c1fff2156579a74f8b0a05efd3e0a60c021a396e5

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YaPin\2AE68B04.8A85F169\Яндекс Маркет.lnk

Filesize
2KB

MD5
5613633ba0656684b26da744a614ca39

SHA1
01cd0a0c50bdf24f502b596d34bb115db17915f2

SHA256
11b227db44c5cd5b3b0b7f40b20a37a6285324a04930834c5655659451ea57e4

SHA512
35130e9aca9087d19ee6f2f9797ac726e24a537a89d364bd6ebad841f189cce492d1612df8d9d475de867ffb92ce20d6d1653f72ad1b6c120833e9c0ef48dcd7

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe

Filesize
397KB

MD5
1e64bdf002fa6dcae92e0b9ae4283867

SHA1
8db18047e35e77ca365a1da1648918fb710979c6

SHA256
dec6ed68c43845defcc2031c8e8da56fd6e2a476e2d5a2ea204c92b82d559bab

SHA512
b3207a4d10e07d97041bb471ba3f80e46dd70f2037ebc1a012b74943de4e78c5a5a2f5fb4c0a86615db34280b0d9f39a3f98f7b7734a7bf9fc29f41dd1bca1e2

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe

Filesize
42KB

MD5
27dcdb8d7a2f75f727ccff04f6f9486c

SHA1
406c00a1af350ccef502bab13bc68622c74cb1c6

SHA256
588f3f9b7aec6880f86ef4465a103b67910ef363af5c44d693806ae2d87b7640

SHA512
6188714351aae5d199eb989d9ee607dcc21db8151e558932ef8e55ceabf9c61d9d51282b2b4f208ef8674ce4d65c456d3a2e0cf185863ece19312c19e842af31

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.lnk

Filesize
2KB

MD5
074a74bfe31234982adc01eb4bd99c5a

SHA1
cd2e784bd8750280a0de4dd7e516980e4926c756

SHA256
c9e613d40ceecea357755e5eaa6a7160790f139d8fa26024b842fa34c1a267f0

SHA512
188036a7fba8c4beeac00e3bd847860691ca87f4c893d7cc228781dfb038a6022158bcf1fef425f85eac1cb94dd6b1a03d7e358a1d071a7f1baedaf3686fe61a

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YaPin\Яндекс.website

Filesize
515B

MD5
07124dea31cdef1cdf25d59490ee19e6

SHA1
6c146f758ec219978dee5ffb9fac5c2481a9b3ab

SHA256
6691b07c06c4d8bc9ce9c4e16a02eb1df3b5b0df3f28073014435fc7a6c73cbb

SHA512
ee18e59e654774b19c96ccd82b08890fd7c9461c9050c2b5f882f4d79e454b03d430226e9e57e3354c8bd658f0e4fe0e91c76ab1edbf6339c03d20fcc7140410

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\KLauncher.exe

Filesize
7.7MB

MD5
904509365a9f42c646069a9dc964d337

SHA1
3e0ccb605e39d303b0b0f55a7025e6ef4cd75d0c

SHA256
4d92a0a9a95fa53c11e0f0303ee4378d364de95bec385932ee5b05c27e954953

SHA512
6faed33e86b202ecfd6804bc07f31e28e7240ec9fa6c2dd3d09b1d00b0610731d680c96055709ec06742fa19fe1f5ae0c8e82170765729a7fe9e0c70fb344ca4

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\KLauncher.exe

Filesize
1.1MB

MD5
a6a1681b89865ba0e75ee11ff45bc17f

SHA1
2bbf867b93686e3406da47680b380663c901d7d2

SHA256
c4a5648e4820abbae77a5a04b470d3e9ddfb8854eaf7f9df60f59da6ab34bb46

SHA512
b2efa02f6b4820d4dad9ab3742836787ca612cfc7e8472b069c1b5fc44011e22820941805b0bf2321db4bd1653b7eadec1d22add8e16e3e0beed45063a6bb095

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\java.dll

Filesize
159KB

MD5
534291e0c9e545e5a8366ce722edf218

SHA1
a86677d8dfdc830a1584a42e4fa1a2b0f2b54829

SHA256
f4cb9778927c11672832dc1d0f17aa8cc43ac4366a4633cb41f49795369cf943

SHA512
b0c099018ab0c1451bce5dff03ffb764af8b00e746ed99ba6d5fe851295e671888def9389b5d8abd0c3d1d194c2eed785bb0558f7c1ec493cac9a90890d42ff6

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe

Filesize
266KB

MD5
ae3d5cbfd177ce9478f6b332711aa4f5

SHA1
dd01deaef2cf0777df364a848400791b3aad5eaf

SHA256
54eac482e71440e7665a255f8fb9a7dd87b102a21df69e140041c70c86094122

SHA512
77e4781bc77892646c74ebca547070235c131b59c8356d7afef2e83b05bd20ccba4c653e755e78c9d3c40b5100ba90374ee93568c74c579883afb3f51614b5f0

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\msvcp140.dll

Filesize
613KB

MD5
c1b066f9e3e2f3a6785161a8c7e0346a

SHA1
8b3b943e79c40bc81fdac1e038a276d034bbe812

SHA256
99e3e25cda404283fbd96b25b7683a8d213e7954674adefa2279123a8d0701fd

SHA512
36f9e6c86afbd80375295238b67e4f472eb86fcb84a590d8dba928d4e7a502d4f903971827fdc331353e5b3d06616664450759432fdc8d304a56e7dacb84b728

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\server\jvm.dll

Filesize
1.2MB

MD5
ed1ece399aad6c458ce8f6b38515ab8a

SHA1
3bfa2756324b991566ce3ab4a0243092f5a78557

SHA256
4fba5cb3fb52712991cca4c7929bd54412af0a674593e1728d27e19e7a35e4b2

SHA512
cd07f193836c1d812a7f0c7e7ec288ee7dd6f193c6d4b0d8c69ef8d69c803f820394784aecefaa778af30dc97ccc55144e306b59235a7ad8b8f59fd843b4119c

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\server\jvm.dll

Filesize
832KB

MD5
09bfb52bdde6e33cd4a7a65104aecdce

SHA1
d195313e5a3b092f19b10de18234ae3c1548c7c6

SHA256
07736bad43c262f88d3f5167c20af98319b1943c7934409b89881786f86c8ae6

SHA512
58fe28a46123c9eac565eb645aa801b28c5815c8b972836e6064a5617e539cbae861afd80ffd4ab1f6d0cb2df8203c100d62460ea3438dd6aaea0f11e2f76f72

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\vcruntime140.dll

Filesize
83KB

MD5
1453290db80241683288f33e6dd5e80e

SHA1
29fb9af50458df43ef40bfc8f0f516d0c0a106fd

SHA256
2b7602cc1521101d116995e3e2ddfe0943349806378a0d40add81ba64e359b6c

SHA512
4ea48a11e29ea7ac3957dcab1a7912f83fd1c922c43d7b7d78523178fe236b4418729455b78ac672bb5632ecd5400746179802c6a9690adb025270b0ade84e91

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\verify.dll

Filesize
50KB

MD5
33d1d00ce402b2476b07d052e9e3f3f2

SHA1
ee0e2463f6a6f3bf81b2672b477bb7d3075e55ac

SHA256
ffecbddc143e26eaa4fd1443c398d0d701386eaa9b44914382cb37a436a37c8b

SHA512
12ff925b740013504b587929b96b06afbb6b4b8e521c52d2a744faef265e298dc6286c654c974569ded3a80f75c86650141a8d3c1a0bbf6e0d22d788b12523b2

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\zip.dll

Filesize
81KB

MD5
e983a8420fa2050f58a3a552a234fcdf

SHA1
11a4b3c0da976408b5676c71751fae06bf309538

SHA256
0cdfc0521e1a1f6a428a818a0b208be2dbfa9001b3a83887876f27367fede8d2

SHA512
a5c4bc6a9acf74608feefad4d8a20fb4fa247a0eeb1318b3df35a45a13ffd9c542b4819844169703dc23b5058dcdcefa825e611ddbe8192fe64c09469583538b

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\lib\amd64\jvm.cfg

Filesize
1KB

MD5
c60e77ff5f3887c743971e73e6f0e0b1

SHA1
9b0cfd38ec5b7bd5bd1c364dee2e1b452a063c02

SHA256
23f728cc2bf14e62d454190ea0139f159031b5bd9c3f141ca9237c4c5c96ec1d

SHA512
07aca3de1a03a3b64b691fd41e35e6596760baf24c4f24e86fca87d2acf3a4814b17cd9751adc2dcd0689848f3d582fb3ee01d413e3a61d1d98397d72fe545e9

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\lib\images\cursors\win32_CopyNoDrop32x32.gif

Filesize
153B

MD5
1e9d8f133a442da6b0c74d49bc84a341

SHA1
259edc45b4569427e8319895a444f4295d54348f

SHA256
1a1d3079d49583837662b84e11d8c0870698511d9110e710eb8e7eb20df7ae3b

SHA512
63d6f70c8cab9735f0f857f5bf99e319f6ae98238dc7829dd706b7d6855c70be206e32e3e55df884402483cf8bebad00d139283af5c0b85dc1c5bf8f253acd37

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\lib\security\policy\unlimited\US_export_policy.jar

Filesize
622B

MD5
5aa573a5e3d4c8bb18ee8b4abad69b7a

SHA1
f1cb2c17cd03d5a810c2f9f76387ced631516f98

SHA256
2c7f85a3f9ba39edd5badd3e300c99abbb0ac0592d4b04c5312038032acbea60

SHA512
459b94d1f7c2d8385df837b5b196b2b209dbf25949b033b407e72cd3ea984b0918f11e6d4bb70b979165b4508ad8e5e3ae55dbef740f04ee0b00e5247c838e9a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Яндекс Маркет.website

Filesize
542B

MD5
187b979379497698c4c506d8056c6765

SHA1
02c17810a70c058fec11f63e72802c31e80b04a1

SHA256
311b5d3028f0ab5b6bb65e4092af1b1b897a25fc6dcd048a986490a4bd1e8935

SHA512
93bcbfd90dc6eea50b418961905f84f570404bb3704ae7e0a133b5a6853710488d0b708c69da4a5343d58217445dbffaefe069dfa58689d97931b7ddae40f2d0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\89963zky.Admin\places.sqlite-20240221231618.527695.backup

Filesize
68KB

MD5
314cb7ffb31e3cc676847e03108378ba

SHA1
3667d2ade77624e79d9efa08a2f1d33104ac6343

SHA256
b6d278384a3684409a2a86f03e4f52869818ce7dd8b5779876960353f7d35dc1

SHA512
dc795fa35ea214843a781ee2b2ef551b91b6841a799bef2c6fb1907d90f6c114071a951ebb7b2b30e81d52b594d447a26ab12ddb57c331e854577d11e5febef5

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Bookmarks-20240221231620.418310.backup

Filesize
1KB

MD5
3adec702d4472e3252ca8b58af62247c

SHA1
35d1d2f90b80dca80ad398f411c93fe8aef07435

SHA256
2b167248e8136c4d45c2c46e2bff6fb5e5137dd4dfdccde998599be2df2e9335

SHA512
7562e093d16ee6305c1bb143a3f5d60dafe8b5de74952709abc68a0c353b65416bf78b1fa1a6720331615898848c1464a7758c5dfe78f8098f77fbfa924784c0

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\BookmarksExtras

Filesize
19KB

MD5
8f98341f02b94f099473d9f577410a46

SHA1
9b66df95208a3a5ba44b0af6ef3821f3ad6a89df

SHA256
d56c1e0950daddd0af69daeca7df52c87841f03ed44fc7fdb79a0d0c5d183a7f

SHA512
ea5a3a9685bc77d34b2b90e182938bfa71da9684352adda624b62acaadd3eacf0a197ce71486267d7f9b11aefb01730677510445219135c435b0386d10327945

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Preferences

Filesize
318B

MD5
e1439304c41a79b0b146aae4d5d38b56

SHA1
055cb2bf84ba45b0d4eece3854eef6ba050fe200

SHA256
4342a9329fa49179dcda433271adb091a1b0cee2eb284db4d4515c61eb8d17af

SHA512
5141868decf561e24eacf72b653183c258b26f3beefc47259946fcab7814cbc85f3e90b0afe27b167743e330058cd3e1849c151a6a442c5e304f15bd5599ce31

Download Submit
C:\Windows\Installer\MSI19AE.tmp

Filesize
14KB

MD5
61d7f772d9c4fe9f3645a6137c4f6ba0

SHA1
d4c468c7bd8487d5c6811f826aca479b1f77cd38

SHA256
62e171a7a8e31b5f5f1848d5f8c75b9bee0fe126895c73ef79f8c872b17e49c7

SHA512
9c2a72026a913a1ebdd8db46d296abc36dc106311967526dd5713de8c0098d8bfd73d0a707a71d7f4d5c11bbf4edda10a61d0a2965e679a7c0f9cb98ab73c46b

Download Submit
C:\Windows\Installer\MSI19EE.tmp

Filesize
188KB

MD5
748143dd96f1e6e67e14384d2edf4daf

SHA1
06928cf9e39b00b654adec334709559ad4e01110

SHA256
ea551d91b1ddb00a266831438b7b0ba4119d479a38bd5fdc254d47bb520a04b9

SHA512
7c9d15ea8ba34a7a6492a83139def07489c236cca1372a5d66eff50b77b38ba8927a305bd460c75676b36ba0ff0f85b841fc835d102ee13b000068fd14e8bc9b

Download Submit
C:\Windows\Installer\MSI1AFB.tmp

Filesize
181KB

MD5
b502c676e82cb196e20db36601a08ace

SHA1
391e219b99b9eccecfa8f866baa9bd09671c3a3e

SHA256
bca6f0bec828d4f1d9748e78de826c327a853bdceb3c432426f1d53994c0d88f

SHA512
7488451baccd548601a3c69105066842bf47e8e5dd2680b1a8caa50390a7fd6c8e666c603b7a9fef0ad5a0b41f8bd302f69c50f231e95c8ea6e8da98c3de7816

Download Submit
C:\Windows\Installer\MSI1C94.tmp

Filesize
128KB

MD5
a557e5ab721cde320705cfcb9a6358db

SHA1
eb24296433bcf5460a9d75f869414e795225dcbb

SHA256
1e027d8582726c61614513c70a589e3866187b95504c286ba9f750f37c199c65

SHA512
1e2bfe93dfc2788f5d3189d58317f4e2724d9f95f2764127188793eba0a29cdaa5c722612dbc752ce880261b646a22da69ad63b77e320a1b8f144b1fd90cf7a8

Download Submit
C:\Windows\Installer\MSI1D60.tmp

Filesize
126KB

MD5
760e8bc3ec9356597f2d6e1784b0b232

SHA1
944d6663a6ce2d79becef548b737e1fcff19caf2

SHA256
b9e237a4ff756410d3e305c02be41c3fb70a7a5dabfff75ff7ada927ba6d3b07

SHA512
714c49b850b9f6c9a91057c314b54e554a5101506a3dcfbcdd5a8936f5fa374b89c7677139f1c8c60637a62b8e1c810e3a510725bdbacbeea5b2a519332a721d

Download Submit
C:\Windows\Installer\MSI1D60.tmp

Filesize
64KB

MD5
bb2973878d33846a2e0379924aea997f

SHA1
641a413a6a84bf28d32291708451b31a0f9e25f6

SHA256
f4fa84a6b47470b858cd345644f4390f1b5b06ff4fc744830bd793d7d9b00f47

SHA512
acc7287ec4458cb56f4c52ef8fda53c360d24f63e83211b67f91decf6f2d74fc791bcd64ee2491a1b568a63ec1f3a26c1394ee8a726173cdb4809c75777581cd

Download Submit
memory/2468-37-0x0000000000020000-0x0000000000865000-memory.dmp

Filesize
8.3MB

Download
memory/2468-0-0x0000000001270000-0x0000000001271000-memory.dmp

Filesize
4KB

Download
memory/2468-9148-0x0000000000020000-0x0000000000865000-memory.dmp

Filesize
8.3MB

Download
memory/2468-1-0x0000000000020000-0x0000000000865000-memory.dmp

Filesize
8.3MB

Download
memory/6188-9332-0x00000173199B0000-0x000001731A9B0000-memory.dmp

Filesize
16.0MB

Download
memory/6188-9377-0x0000017319CC0000-0x0000017319CD0000-memory.dmp

Filesize
64KB

Download
memory/6188-9380-0x0000017319CB0000-0x0000017319CC0000-memory.dmp

Filesize
64KB

Download
memory/6188-9195-0x0000017318110000-0x0000017318111000-memory.dmp

Filesize
4KB

Download
memory/6188-9197-0x0000017318110000-0x0000017318111000-memory.dmp

Filesize
4KB

Download
memory/6188-9202-0x0000017318110000-0x0000017318111000-memory.dmp

Filesize
4KB

Download
memory/6188-9379-0x00000173199B0000-0x000001731A9B0000-memory.dmp

Filesize
16.0MB

Download
memory/6188-9378-0x0000017319C90000-0x0000017319CA0000-memory.dmp

Filesize
64KB

Download
memory/6188-9334-0x0000017318110000-0x0000017318111000-memory.dmp

Filesize
4KB

Download
memory/6188-9335-0x0000017318110000-0x0000017318111000-memory.dmp

Filesize
4KB

Download
memory/6188-9340-0x0000017318110000-0x0000017318111000-memory.dmp

Filesize
4KB

Download
memory/6188-9344-0x00000173199B0000-0x000001731A9B0000-memory.dmp

Filesize
16.0MB

Download
memory/6188-9362-0x00000173199B0000-0x000001731A9B0000-memory.dmp

Filesize
16.0MB

Download
memory/6188-9361-0x0000017318110000-0x0000017318111000-memory.dmp

Filesize
4KB

Download
memory/6188-9375-0x0000017319C40000-0x0000017319C50000-memory.dmp

Filesize
64KB

Download
memory/6188-9374-0x0000017319C30000-0x0000017319C40000-memory.dmp

Filesize
64KB

Download
memory/6188-9191-0x00000173199B0000-0x000001731A9B0000-memory.dmp

Filesize
16.0MB

Download
memory/6188-9376-0x0000017319CA0000-0x0000017319CB0000-memory.dmp

Filesize
64KB

Download
memory/19316-9177-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/19340-9166-0x00000174E3550000-0x00000174E4550000-memory.dmp

Filesize
16.0MB

Download
memory/19340-9175-0x00000174E1B80000-0x00000174E1B81000-memory.dmp

Filesize
4KB

Download