Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
79s -
max time network
79s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
06/08/2024, 20:38
General
-
Target
PuntoSwitcherSetup.exe
-
Size
4.7MB
-
MD5
4d117942431a29406cbd484bb348ed6e
-
SHA1
b2a481bb6e6887546651cfa392708d2d35f5660b
-
SHA256
a3928fd3924b4582dee1987170e3b5619e3473ed5241602bfe65040206d3a7c8
-
SHA512
38a2434f217b67e5fd82aa358ecc1a1c8fe37b5800816afe2a06ba35006dc1511f222917c12a26f8a9241ae5d707eeb7070c49955c61ade311713db901af3c74
-
SSDEEP
98304:dcbgZ7rbsV00usn1Jq/kkYQnxPDynur7vzw1RJhRqFmV:B1XsKVmIyur7v+V
Malware Config
Signatures
-
Downloads MZ/PE file
-
Checks computer location settings 2 TTPs 6 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 20 IoCs
-
Loads dropped DLL 16 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled 1 TTPs 3 IoCs
-
Enumerates connected drives 3 TTPs 46 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in Windows directory 26 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 25 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
System Time Discovery 1 TTPs 1 IoCs
Adversary may gather the system time and/or time zone settings from a local or remote system.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies Control Panel 3 IoCs
-
Modifies Internet Explorer settings 1 TTPs 56 IoCs
-
Modifies Internet Explorer start page 1 TTPs 1 IoCs
-
Modifies registry class 14 IoCs
-
Modifies system certificate store 2 TTPs 5 IoCs
-
Suspicious behavior: EnumeratesProcesses 26 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 38 IoCs
-
Suspicious use of SendNotifyMessage 34 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\PuntoSwitcherSetup.exe"C:\Users\Admin\AppData\Local\Temp\PuntoSwitcherSetup.exe"1⤵
- Enumerates connected drives
- System Location Discovery: System Language Discovery
- Modifies system certificate store
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Yandex\Punto Switcher\punto.exe"C:\Users\Admin\AppData\Local\Yandex\Punto Switcher\punto.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\RunDll32.exeRunDll32.exe shell32.dll,Control_RunDLL input.dll3⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
-
-
-
C:\Users\Admin\AppData\Local\Temp\downloader.exe"C:\Users\Admin\AppData\Local\Temp\downloader.exe" --partner 129902 --distr /quiet /msicl "YAHOMEPAGE=y YAQSEARCH=y YABROWSER=y"2⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe"C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe" /quiet /msicl "YAHOMEPAGE=y YAQSEARCH=y YABROWSER=y"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Users\Admin\AppData\Local\Temp\downloader.exeC:\Users\Admin\AppData\Local\Temp\downloader.exe --stat dwnldr/p=129902/cnt=0/dt=9/ct=0/rt=0 --dh 2184 --st 17229767303⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Enumerates connected drives
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 33D1D5450D8683F62AC95CC53BE1A2FE2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Yandex\Punto Switcher\punto.exe"C:\Users\Admin\AppData\Local\Yandex\Punto Switcher\punto.exe" -Install3⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Users\Admin\AppData\Local\Yandex\Punto Switcher\punto.exe"C:\Users\Admin\AppData\Local\Yandex\Punto Switcher\punto.exe" /import_old_settings2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies Control Panel
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding F83F7462D9C4D8FA8EB1524A3A50A67A C2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://yandex.ru/soft/punto/win/release/3⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffd071146f8,0x7ffd07114708,0x7ffd071147184⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,10917345518883006909,7326077369279130159,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:24⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,10917345518883006909,7326077369279130159,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:34⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,10917345518883006909,7326077369279130159,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2612 /prefetch:84⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,10917345518883006909,7326077369279130159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,10917345518883006909,7326077369279130159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,10917345518883006909,7326077369279130159,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5532 /prefetch:84⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,10917345518883006909,7326077369279130159,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5532 /prefetch:84⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,10917345518883006909,7326077369279130159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,10917345518883006909,7326077369279130159,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,10917345518883006909,7326077369279130159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,10917345518883006909,7326077369279130159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,10917345518883006909,7326077369279130159,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,10917345518883006909,7326077369279130159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,10917345518883006909,7326077369279130159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2052,10917345518883006909,7326077369279130159,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2492 /prefetch:84⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,10917345518883006909,7326077369279130159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2052,10917345518883006909,7326077369279130159,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3800 /prefetch:84⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,10917345518883006909,7326077369279130159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:14⤵
-
-
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding FCB45B33B5689DFDA4D5C8A3160FAD062⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\5F30173A-58E2-4F5E-8E13-B441B5C8ABD3\lite_installer.exe"C:\Users\Admin\AppData\Local\Temp\5F30173A-58E2-4F5E-8E13-B441B5C8ABD3\lite_installer.exe" --use-user-default-locale --silent --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/5/ --YABROWSER3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Users\Admin\AppData\Local\Temp\17A37B03-8020-4693-BF6B-76DB9340E01F\seederexe.exe"C:\Users\Admin\AppData\Local\Temp\17A37B03-8020-4693-BF6B-76DB9340E01F\seederexe.exe" "--yqs=y" "--yhp=y" "--ilight=" "--oem=" "--nopin=n" "--pin_custom=n" "--pin_desktop=n" "--pin_taskbar=y" "--locale=us" "--browser=y" "--browser_default=" "--loglevel=trace" "--ess=" "--clids=C:\Users\Admin\AppData\Local\Temp\clids-yasearch.xml" "--sender=C:\Users\Admin\AppData\Local\Temp\81936F36-2B34-4983-897C-0722FF1BF455\sender.exe" "--is_elevated=yes" "--ui_level=2" "--good_token=x" "--no_opera=n"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exeC:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe --silent --pin-taskbar=y --pin-desktop=n4⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies registry class
-
C:\Users\Admin\AppData\Local\Temp\pin\explorer.exeC:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe --silent --pin-taskbar=y --pin-desktop=n /pin-path="C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.lnk" --is-pinning5⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of FindShellTrayWindow
-
-
-
C:\Users\Admin\AppData\Local\Temp\81936F36-2B34-4983-897C-0722FF1BF455\sender.exeC:\Users\Admin\AppData\Local\Temp\81936F36-2B34-4983-897C-0722FF1BF455\sender.exe --send "/status.xml?clid=2854560&uuid=%7BCC0BCFB8-A556-427A-8D73-D34F9A54ABFA%7D&vnt=Windows 10x64&file-no=8%0A10%0A11%0A12%0A13%0A15%0A17%0A18%0A20%0A21%0A22%0A25%0A36%0A40%0A42%0A45%0A57%0A61%0A89%0A103%0A111%0A123%0A124%0A125%0A129%0A"4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
-
-
-
C:\Users\Admin\AppData\Local\Yandex\Punto Switcher\Updater\yupdate.exeC:\Users\Admin\AppData\Local\Yandex\Punto Switcher\Updater\yupdate.exe --stat-callback 0 --appid punto --job {6D0DBD40-2452-4DA8-9867-25AE850A1B64}1⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- System Location Discovery: System Language Discovery
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -s LxpSvc1⤵
-
C:\Users\Admin\AppData\Local\Temp\{5DAE2987-D866-4D60-8ED9-07E595EE726E}.exe"C:\Users\Admin\AppData\Local\Temp\{5DAE2987-D866-4D60-8ED9-07E595EE726E}.exe" --job-name=yBrowserDownloader-{DAF988EB-882C-46DA-9DB2-92C0A71F76F1} --send-statistics --local-path=C:\Users\Admin\AppData\Local\Temp\{5DAE2987-D866-4D60-8ED9-07E595EE726E}.exe --YABROWSER --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/5/ --silent --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe?clid=2854544&ui={CC0BCFB8-A556-427A-8D73-D34F9A54ABFA} --use-user-default-locale1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\ybED6D.tmp"C:\Users\Admin\AppData\Local\Temp\ybED6D.tmp" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\3654fc73-cd3d-4cab-b6e7-52512255ed69.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/5/ --install-start-time-no-uac=498654744 --installer-brand-id=yandex --installer-partner-id=pseudoportal-ru --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --job-name=yBrowserDownloader-{DAF988EB-882C-46DA-9DB2-92C0A71F76F1} --local-path="C:\Users\Admin\AppData\Local\Temp\{5DAE2987-D866-4D60-8ED9-07E595EE726E}.exe" --partner-package="C:\Users\Admin\AppData\Local\Temp\PartnerFile" --progress-window=0 --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe?clid=2854544&ui={CC0BCFB8-A556-427A-8D73-D34F9A54ABFA} --send-statistics --silent --source=lite --use-user-default-locale --variations-update-path="C:\Users\Admin\AppData\Local\Temp\44207129-314b-4407-8461-ca0429ee57d8.tmp" --verbose-logging --yabrowser --yandex-website-icon-file="C:\Users\Admin\AppData\Local\Temp\website.ico"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\YB_69665.tmp\setup.exe"C:\Users\Admin\AppData\Local\Temp\YB_69665.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_69665.tmp\BROWSER.PACKED.7Z" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\3654fc73-cd3d-4cab-b6e7-52512255ed69.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/5/ --install-start-time-no-uac=498654744 --installer-brand-id=yandex --installer-partner-id=pseudoportal-ru --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --job-name=yBrowserDownloader-{DAF988EB-882C-46DA-9DB2-92C0A71F76F1} --local-path="C:\Users\Admin\AppData\Local\Temp\{5DAE2987-D866-4D60-8ED9-07E595EE726E}.exe" --partner-package="C:\Users\Admin\AppData\Local\Temp\PartnerFile" --progress-window=0 --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe?clid=2854544&ui={CC0BCFB8-A556-427A-8D73-D34F9A54ABFA} --send-statistics --silent --source=lite --use-user-default-locale --variations-update-path="C:\Users\Admin\AppData\Local\Temp\44207129-314b-4407-8461-ca0429ee57d8.tmp" --verbose-logging --yabrowser --yandex-website-icon-file="C:\Users\Admin\AppData\Local\Temp\website.ico"3⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\YB_69665.tmp\setup.exe"C:\Users\Admin\AppData\Local\Temp\YB_69665.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_69665.tmp\BROWSER.PACKED.7Z" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\3654fc73-cd3d-4cab-b6e7-52512255ed69.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/5/ --install-start-time-no-uac=498654744 --installer-brand-id=yandex --installer-partner-id=pseudoportal-ru --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --job-name=yBrowserDownloader-{DAF988EB-882C-46DA-9DB2-92C0A71F76F1} --local-path="C:\Users\Admin\AppData\Local\Temp\{5DAE2987-D866-4D60-8ED9-07E595EE726E}.exe" --partner-package="C:\Users\Admin\AppData\Local\Temp\PartnerFile" --progress-window=0 --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe?clid=2854544&ui={CC0BCFB8-A556-427A-8D73-D34F9A54ABFA} --send-statistics --silent --source=lite --use-user-default-locale --variations-update-path="C:\Users\Admin\AppData\Local\Temp\44207129-314b-4407-8461-ca0429ee57d8.tmp" --verbose-logging --yabrowser --yandex-website-icon-file="C:\Users\Admin\AppData\Local\Temp\website.ico" --verbose-logging --run-as-admin --target-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application" --child-setup-process --restart-as-admin-time=5377856094⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- System Time Discovery
-
C:\Users\Admin\AppData\Local\Temp\YB_69665.tmp\setup.exeC:\Users\Admin\AppData\Local\Temp\YB_69665.tmp\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=488dca4c15f9a1d330ad312b391a804e --annotation=main_process_pid=9064 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.6.4.582 --initial-client-data=0x348,0x34c,0x350,0x324,0x354,0xd58cbc,0xd58cc8,0xd58cd45⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
-
-
-
C:\Users\Admin\AppData\Local\Yandex\YaPin\YandexWorking.exe"C:\Users\Admin\AppData\Local\Yandex\YaPin\YandexWorking.exe"1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.ya.ru/?win=658&clid=2854568&from=dist_pin2⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xd4,0x128,0x7ffd071146f8,0x7ffd07114708,0x7ffd071147183⤵
-
-
-
C:\Users\Admin\AppData\Local\Yandex\YaPin\YandexWorking.exe"C:\Users\Admin\AppData\Local\Yandex\YaPin\YandexWorking.exe"1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.ya.ru/?win=658&clid=2854568&from=dist_pin2⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd071146f8,0x7ffd07114708,0x7ffd071147183⤵
-
-
-
C:\Users\Admin\AppData\Local\Yandex\YaPin\YandexWorking.exe"C:\Users\Admin\AppData\Local\Yandex\YaPin\YandexWorking.exe"1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.ya.ru/?win=658&clid=2854568&from=dist_pin2⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd071146f8,0x7ffd07114708,0x7ffd071147183⤵
-
-
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" shell32.dll,Control_RunDLL intl.cpl,,11⤵
- Checks computer location settings
- Modifies Control Panel
Network
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
3Subvert Trust Controls
1Install Root Certificate
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
19KB
MD5200cbf043cc33d3071f5cf3c7ef4d9f1
SHA15fc1427f9209f4f91b0d5cd43df1b1cf791fd31c
SHA256bf19e92c8bd2111bcc9ae9bf58618a18a779644ec6d89bff06464f5fc077a9fb
SHA512b46e2ced74815c0439ce1b3cafd5c736c9fba2927bd3fc7cd7a380850eb3827ae5f17c5ae28d90a185081e6d6abc6d1caaa5c83e6084973550219bba40023d77
-
Filesize
911B
MD5442c438192d116e2093f114fd1c49103
SHA1405ee4d83b0eed286f90c13b2fcc2251c4d75d92
SHA2562f155019f7fb9c23145e809b095d7a744fe672a65f9549ae579bfc236ce93c7d
SHA512b5dbcbe85693c7c89b1875118933c33d3f9f5ae32cc5104b211292212db4ca5c2e2b5f592904fa1292a57a0768779020ee9bb2313ba99b311ffb340075ffb71a
-
Filesize
1KB
MD5553f0835f1e299418de206c171dd647c
SHA1236e694a809b333d40a40b2d75747f24691111d5
SHA2569db79817ed8166f0960af47720b26a655cdc6a39f388f95efd0113fbf039b057
SHA51215c581c064af0e3953f20789e6e42f9873ac9f06a6314258d7a3b766aef4419921af8dc1e5cee4c36dc881b9d3f81f2ce9a1587f05ebba86093879f1a6f8868e
-
Filesize
1KB
MD50b4dba7b10a703ffa0221da825f49b38
SHA11226bb2c5d0598e859600fcc16cefacf9d9c9cf5
SHA256217d28b178d079ee1e742a53ba4c15a6c6670df69b6cf13290f9fc0f9ca24b2e
SHA51292a2668a0ab6595d40c01c3078fadbe125b32649787c8cc411c30ba0c5accfc5291cce05c668e86136043a70aad68c8e81e2adfb479eacac25516b8df81215d0
-
Filesize
536B
MD55fb45a884f568db6a660f13c16cd33cf
SHA1f8f60259462b13d623c4c4d96e140a292ab91a18
SHA2565bfaeac3d6c40f26a158f898cc4149bb974db9e1decd65039973c889b0c09b58
SHA5123cbf806e46ba95fe3d875e6c557d6845df023206eab814a6d46abbce28ada23e66a2a54822ef4499930ffe3053d2bca813147b530e1f33f84f5b52198550b583
-
Filesize
536B
MD521bc0181ec939f79505b9a2b23284639
SHA175a7a55b4b41aefc77d396537671cf31ce8bffbd
SHA2565aa0bac3a61049f766c426f7108a95d15fb3faa27f93338a19882b0a843c21a6
SHA512dcd1c97f0f0d9ff50d50755d894d52282836ae6402784dead471f25a9535ee8df8790d2ad3a7f69cdba5a57ee06de2c018085164b8e6cedb6d2a697b4ee096e1
-
Filesize
526B
MD5ad1dd37c5d8acc7ef2e01a13e1224845
SHA1ade12f1beebef003b38150b6e316e648ed0740ec
SHA256ef04cb3e9a9337be968f71a1849af6a38a2bdc26043b1d4e2b12caa354ad9531
SHA51228b8a9dc805e5e8e4163bd79d1df5213df9f41d03341a854b1356c6d5de5ff6fd3acfb2b1671ded293d9bdaf9312df71c1e23628bd1de41d9a389aea8499d176
-
Filesize
570B
MD55d0aff14074e45491304c156ee2817cc
SHA1d85fab11ffd45bf3de43e3e9cf8ea4d4d8ba3339
SHA256ae920a6d4534e2abb478326ccd97b26cc1a841244deec36aa03a4035527cf9c5
SHA5125e60451bd483a8b4fe88bdd1787fb7be136c383cd1d96358a77ab6c049d64dcbe35cc148cb9aba9a3ba7a9dbeb7f3a5208ff08786485d537e3fd66e09f7ebdb4
-
Filesize
616B
MD5afeafb8cb04502725d2590e8fadc7470
SHA12158be4ae354176c657946898c54902f63c3439e
SHA256e5f2653e526b090ece1fc4607b1de493f5de532d6111679baaa5f5799a15608c
SHA512574fa358f62b7ccc85506bec283091226852220150a0827ee1b11efcddfe519707bbaffeeef75c7d7ab45ee9f7edbcd5770844a21bb085c53b2e805f4ffca443
-
Filesize
1000B
MD59b5ef7ca6ff4b5e9633d9b1c1890a00c
SHA1531fe10e80509125b6b8bd4344f94bbe3453c07d
SHA256488b0a1515a6884b81f3477cc12a16623d214a79de56655be828eec2262a9edf
SHA5127bddb91d4986360af2ea9a7b96dd06a3e59d4928b2093bbfff1908d80599e9fb1aa6563516480d6579a7d0d5bdb7f401941f75a2e4c0dddb0ee73eeec537a715
-
Filesize
444B
MD5540f9458f114bc916284d4aead8365c8
SHA15e835c5f5e6376038fa85f3ec838ec2777f8ca9f
SHA256fb2e909889fda9814e48e7227a9a6d08b8f5958c2e8977647ef2dbdf9633e31e
SHA512a2a0eb7eb38d88101ff843a36371a6e18e9e167c989671218524e4cc7dc5ed31e208ebdde6a521ee24f004ccfd18a94e098e2a2962ceb0b1dbb9a267a44249d6
-
Filesize
943B
MD55364f3aff267933bf3acdca980adcffa
SHA120e66c492f06cfffc3121e5980abd80a36b419ca
SHA256d5f3a75f6bd46dae11d852a137c7373102654f9e980a199ed4f40f76c463c8ca
SHA51229dd59c0f9f40b25520c48bad0ded81c3725f7ecd9ad56196d55d2757662b1126ac9cad3349844cbfbc328cb6ebbe57d5fde76d5f948a2192530a2cf35390680
-
Filesize
521B
MD5eab5a0805445a2361c9896f8ddf3f868
SHA10ae0529cc42a42670984bb21df8d02ec2624787e
SHA25690666aa0c71c5cb423ae0154d9d57bae98e3dd1f0ce98f784bbfaedadae0abc0
SHA512aab9415ec6bcdcb529c1824805470a52630a401a0fea97bb79fe294cd17d96da37ab93d852eecbd4521568b436fa3e849a3aa22ca8b33ec058713e3086ff0f0b
-
Filesize
10KB
MD5c497d2b887b10a3c50379b8b5ce201d1
SHA1c1dfbfc3aca655049a1c740b091e4015029ab0c4
SHA256e450917f8a774fb003c0e96122b3e91d89742628d974ebfb4ca40cdeaf4a8ce0
SHA512bdcbae46ec3a4ef6da26975460e4fdbfc0c9779bcf72f831fdcda93c253f0ce55baf293c1e6a615eaa2080f4123aaf998e5c2c9fcdda7d55f10f87f98d117505
-
Filesize
15KB
MD51cbe860e4fb25732c2b3516749b1f123
SHA1876ac3079c3aecdde350857533ffedc1aa218700
SHA256cb1465816fd7c71c95ec850cef69648b0dc9f22f14f734fb3d2458757b50293f
SHA5124bbebb311f645b2f5c3e3d68b0aab7fd2be528d9025e7b04d3b2cf5437ecfde76435329d857e6d9b5b32d52ebadce4bcc13e22198ab0c3cc8e81085ff13a4ea8
-
Filesize
152B
MD52783c40400a8912a79cfd383da731086
SHA1001a131fe399c30973089e18358818090ca81789
SHA256331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5
SHA512b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685
-
Filesize
152B
MD5ff63763eedb406987ced076e36ec9acf
SHA116365aa97cd1a115412f8ae436d5d4e9be5f7b5d
SHA2568f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c
SHA512ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f
-
Filesize
39KB
MD5074d7c0ab0352d979572b757de8b9f0c
SHA1ca7dd3b86c5e8a750401b8d6d773a9cc3af55b81
SHA25646a06c3ec01cd4c5d5d8bb131febc48e3b1eeac94a47fe0718dfce6af821f83a
SHA51200de9f645ca784322b005c73302aa573ab0665e8334533e7408326f0c84c12f3d056f39a2197d5c4bb8092f3b09dec4b79ec73de1b5d161951c5c48b9548216d
-
Filesize
57KB
MD55efd28a946c0bc67d568f68371f0a47c
SHA1b6d34b18c965dbbe768f615b54b3d8c6d0e34ce5
SHA2566b78bfa9bd477e8d66f4a5a7c0d7e10ed9ed35fb71ff37b1c3816f3ce9a89a99
SHA5128501ab1809969bd70d43760d4dd52ef3d3e480b96cd986dba14afac88cb60bd2ec22d5bab966e5e421616a9a1d152c768d8444656de2c64e156105cacbaf47f8
-
Filesize
48KB
MD54c97e746b33e4d1b01efd393c8a8e3ef
SHA1709d949bd520e6071cfb6f1b5984aed773684bd0
SHA256b3cd587a747007fc5a365ceec5daa964c559e4862ae70aa98f5d0e1849d5ddf0
SHA5125627b679b36c8c677a44b680611d6192808564df47d6d1f8e306c95361b71564ff2ebc5dbecaf55197db1c7274853171052cc2f8c0472759be26d7d03f193149
-
Filesize
40KB
MD5983547e564a3ba0efe51527722fbbb4f
SHA12138d7f2c1cbbca359da86372e37692299893f57
SHA2565895185cf878a38cd172286ed97976e6ab620b2c5fd7f7810f9c9d2f7169da6d
SHA512edef11dc8612b701db7c94d43fd032ee08a13adecfe93c5fda527cba8ffa5ccdea6b8fa107d35a5979bfdddb2832dd4fcc42cb99095186d620b6717cb7bbc6b8
-
Filesize
1KB
MD5564596e3a526405f954e0cc81fa4dcf3
SHA1efa2f8640198d7cdc1440589357d011717c348d0
SHA256b50524118a5af412fc00a5ffb0d5ef8a48420cd9fcf4926b71c28196768424c1
SHA5125a47050701fd3f6ad222b3fd2b56c8afb027790a11d2081667da329493e2b75e6f86bc9e1b371b8a54d404ddfffc4e491fd6b8b354eff8cf8d16da9b89a2287b
-
Filesize
1KB
MD5def0ca34b054077ad54eb6dfc16c90d3
SHA1138deb519b84c224c529c588bfce9cfeea5a5431
SHA256b9e2509002f034266b4207b1b11d13283eeb3e217f3a23dcd299c0777d9efd6c
SHA512f470e4c19ad566db0d4f5300cb5a9ab132004e927f728f7efff8474d510d5704c0dd83cb33378cfd912ad7b7407a9f3a36cd87d4080a619a82b04178d3680255
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
Filesize
111B
MD5807419ca9a4734feaf8d8563a003b048
SHA1a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c
-
Filesize
6KB
MD52b104f53239c23b66632251d7991d48f
SHA1c8b0f9e856b088fd0c2fa8964269c83f50a5cc2b
SHA2568ce1d1fdc06d5cc6842154042f75431cf0206e441dc6bc24d6712b9ac53000d6
SHA512c0c7a5e7fe9b19179ec3ffb89227442c70162e111b682a4efe0ed7a233415ee61fd0a3d744f89eea163552fd2fb8303f2454078da74bb2100e46c8b4cc2f781f
-
Filesize
6KB
MD5f117df29c19e946344e0a581d6b837fc
SHA1d7e8cbbe02398503c2359bf425e0b17d3d2dfbd5
SHA256a94bd673dd17b5e01c43b0b6956f3fe5d98501e4389bd33156e553b28660b741
SHA51274c1852eb44586552a786c3d145dae44121c3b53b7dd966d76a021e24a5a2e98fe92f1f229cd9a613406d632424201a478cf4aedf26ffab8b5558fa59c6151a4
-
Filesize
8KB
MD515c308d3ff014623d32ebcfd1ecf644b
SHA14003f8b3f3eecd0b6ca9d906b50590cce4b3a360
SHA25698d39a2bfd20c13757c9d39b78ed27ce5081a4c626f01c188a55280d0dcfb6b8
SHA5128befc7c3e5c038a00428891b6292192947db62132ddaff66070f08ed6ad806dc725ba511c51272f995683a6e8d4f8d06fedaed7be1bd4bbca92b44058839606d
-
Filesize
8KB
MD51a9bea9ffa052df8cf26ab5c139cc0d9
SHA1546971f135d8d4169aad0329aeaad8c92ec23c93
SHA2561cc1e1662d0a0db283c3fa61897bf4c52144d4c6f9d67a9e124a942fe1dfd944
SHA5124d5a2c026a8bba898264b5176319fa8fab89e08b5d10f14d6addd6ed9ec6ae7ebbef88b5e7608519d050d3e7d5863a2c0b916fe543c40d595e7503030d1b7f55
-
Filesize
1KB
MD5eb8f793090dc3315f856a21bf2df6d15
SHA1ede07a37a39fdf8d0e6be84331dfe7c28b816a59
SHA256da27339bc1c9568fb23f77fc504f452170bb202cd9c17a0dacc9697551e12547
SHA512eaff4f6a62edc2409c170cd959367485017799e2b7062110de7f21eba4e4c45a9451c431695f50b781cea0497be28e2e292e971c6714511eb617aa57bad2e92a
-
Filesize
1KB
MD527443e696db97b94cb5a8c95ab4bc442
SHA164ff539a9bc3fb446c547d7495334214e564d0f5
SHA256c6b7000af3d86463363848edec73790d5a64b65126b89b1aeb7fcf51f9f14081
SHA51235164e89ad8afdf46f76b82906da0267a995e94df7be619c063759eccb435701dddf8b56b18248dd6e5e8613d7d3667b9cb5530357f170311cf4f30af1938fc8
-
Filesize
539B
MD5524be9bb0b2717fd5d9df9c7e18af803
SHA13f8fe2ad8176ecc8e5abd1fde7404248612c5c9c
SHA2569dc301bc8ab1f7be87506c05cce4d4f1cd229570256a8ac98f3dcb28314b5dfe
SHA512512c1ac94b4b6060c64c9299f8029fb98c65ae37b71efae01a4152eeeab55ea94f87f7c81cb64b184d416a2d9f7a3cc1bb99781ffd0a7274bd53c4a35894bb8a
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5e5f801ebe0ecd526739d86785779d48c
SHA18a975fe4b851ba9a2de5ae54b089a79b886728ae
SHA2564b63b9d1471f9f3c1a28c3430246bdff4f7fc6aa839785b12d61ca2ff61eeb99
SHA512600b076999f144d03062cbed7b30c7c32642f652932c4ccbaab7afb00711a4d07af41d9d583cc1048b65826d85f7ca4513e45e6741c331170bc54cf40600f589
-
Filesize
11KB
MD5f1c7da90b88dee7f8f86ed65a07a373b
SHA13d39989410309bc20c2f5cf749c5e9c70a324a40
SHA256e243ff026a741ba76d53bb5c31482adfcb023a63794a690e12b156210e5849cf
SHA51279bf42a756549b6bd91ed9e2bf74539a8dfb613b5daf0cd32fbc7be4b28f7f27047a931e4d3ce33329389ef5a8aaeb5fb763bcdbc58f97ce24e1793105d9b10e
-
Filesize
11KB
MD5d38616d5504871de534b3c3bc67b28ad
SHA190bfc8d55d86214a5b2dc27bf77c06f915be9d18
SHA25674b365460def88cc02057adf6abdf906b05d9065aa7c530d36bdfcd6a9b29f52
SHA51217843aa5e4adcb37e72dcc093e625c3d4c7687f19c90dd4c0af90ae0ed8aa43c420c5f100c01161ae38a44578a67e3ac5565d3b1b45e063e0329d333d53878b4
-
Filesize
5KB
MD5a6f6261de61d910e0b828040414cee02
SHA1d9df5043d0405b3f5ddaacb74db36623dd3969dc
SHA2566bb91f1d74389b18bce6e71772e4c5573648c1a4823338193f700afdf8216be5
SHA51220cb7b646c160c942e379c6e7a1a8981a09f520361c0205052c1d66e2fdb76333ffaaf0ca1dfc779754f0e844b9946900fbd5690d01869e1607abc1fda6dffab
-
Filesize
15KB
MD5af80a936c10e18de168538a0722d6319
SHA19b1c84a1cf7330a698c89b9d7f33b17b4ba35536
SHA2562435c0376fca765b21d43e897f4baa52daa0958a7015d04103488c606c99d1d3
SHA5129a1325c8ce05806e5c161a4cf47239f62baad8f79650fbd713e74928fce8171ced10ba7f24fac46c548e1dbf3f64106270cb25ca88c836c870107f5dc1f97879
-
Filesize
8.6MB
MD5225ba20fa3edd13c9c72f600ff90e6cb
SHA15f1a9baa85c2afe29619e7cc848036d9174701e4
SHA25635585d12899435e13e186490fcf1d270adbe3c74a1e0578b3d9314858bf2d797
SHA51297e699cffe28d3c3611570d341ccbc1a0f0eec233c377c70e0e20d4ed3b956b6fe200a007f7e601a5724e733c97eaddc39d308b9af58d45f7598f10038d94ab3
-
Filesize
419KB
MD5aafdfaa7a989ddb216510fc9ae5b877f
SHA141cf94692968a7d511b6051b7fe2b15c784770cb
SHA256688d0b782437ccfae2944281ade651a2da063f222e80b3510789dbdce8b00fdc
SHA5126e2b76ff6df79c6de6887cf739848d05c894fbd70dc9371fff95e6ccd9938d695c46516cb18ec8edd01e78cad1a6029a3d633895f7ddba4db4bf9cd39271bd44
-
Filesize
10.1MB
MD550ab527e8f4a9ae151edd72d6ef3c098
SHA1448f9ba9e5f7b6f3d1140f21620a487ebbc099d6
SHA2564c6d96974f09b48f060849eb31360522934fd3fda6c28095034bfe3c9ac6af61
SHA5122aab4e8e6bd4170eef29309f89ad3cb44334a411926ddb1f03f5f5946eb50aa97e00a42d986034c5154ff41a4890ef4c213b332be9cce09ac8f0399c06648190
-
Filesize
62KB
MD51ba40f0f80ec64092cc719edc512c78c
SHA106d7c9672ecde998762d841899e03e0a761189aa
SHA256f1205115ec9ff7e5e51de6547bc0a2aa3ac92d96510ef12a84e0972b5f8479be
SHA5124ff5558ba2427116dcf28e59797474b30de8958231cfdef20db3d3ce48b364e8910e27e23fdd05b8ba9f00b04b13dd10a76a87662a2b1e31e7d55bb36fe154d1
-
Filesize
3KB
MD51fbbd96ec06ae5fa1bc2593f276fc753
SHA1ae14e3764ccaeb2a5fab733546dc6d8ee7f00538
SHA2565476083f7082353d1c5474c039e1c3bef9a45feb8f9c3d079ce9094945a84d62
SHA51271ec15c0e8aaa3d2c8776130548674a2b8a19f93b59cbae48128b3c971884eb4951522da82305ceec8a3c4ff37bd930f9807278acff1100213a87eecd0f031f9
-
Filesize
204KB
MD5b16f0dffb2a4c29ea38c8d8374326156
SHA1bfccc1052d544fc552fcbb34a4d3e634f098f413
SHA256940d85e8c0ba7180e6fd9171310b83705c2ec5b9dfdd87081d0761b19aff6967
SHA512ba4d19e91346808b4793c96c39f69509f58b7a46c969eea5b79130cdd52cc55ce112225726d3f19381ee59dffbea8dd6d7dda5e615f81c7c8c46537802cdb10e
-
Filesize
1KB
MD5ebb52ef4fc79c542018cee6b79a81b0d
SHA113a25353ab6bb1b1ced68743a80c5369c71e628e
SHA25626521ca51696586db06c18d8cfa6913a39affc740172d17a89a5677959a3f767
SHA512dfca08ec1b1e0f491b42485342d6c75dafe5ef13c3212e5b1d1293598aac2c2bf241ccfa26698b14d94b3d875a28bfac2fee7837d4b7908870316b92a249f178
-
Filesize
2KB
MD5910c60e306babdfe5c1005d04e950406
SHA189f17f2f2e635f6275e26c1ef36bb88d6b76950b
SHA2564faeb15657bb4b9109e8eba26ff7b3a4064446eaf9709215a5455bc022caa81e
SHA512ac355c8e4a1f911d1bbc666cc842e0595c52137c6ae55b83b16f156f0261921ae822a5be6158526f08d4ac00dfcdb7058646ffe267dfbf8162da368af1861c54
-
Filesize
8KB
MD59cbe5b8d8b52cae7eef9a2a8bafb3379
SHA11ad7db7b3bb75b4e8e567698294f51f171a2c889
SHA256a0af92a542257ae70694299ecea0e5a90bf213712a4e8f06f635494e6557e072
SHA5128e5c312d5812b244e72d1f95e9fec3c6fca0d049a7b3c09b44c436c63a96b05d5a10e432058e199918c3cd0321f3d496c38e89a863d9dfdb9592a7a1c0a6feeb
-
Filesize
168KB
MD59898cfd5dbe9b087f45f7aecab5e8674
SHA1d62a46b35c9827f6bc022dcb170aaf6234fca2bf
SHA256456cdb3a9f6d759fd060a0e75bd633f9faab16c161eec1d4716756974e88c574
SHA51203973e93048353441a189f5646c3322d5f049a5fed36594b18dc6f61697397c6aa86dd565db6a07d86f597a51ad5a7c29a8e0373575b0d8a5f086c236b373c72
-
Filesize
30.8MB
MD5fbec56f9eb09a162191ba0f1d81cb9db
SHA155412d56fffa041b6cd34eef638a04ea9e69c79e
SHA2567e21a4f1e8bfd3ac24d14f6444e6ef86f89d78425a5da6070688a3102dbeb703
SHA51283f56781d108dd0058d8e003be876cc104bcf8a471648757ce38754df83771f829d624aa5faad321c00290d484c2465dc59ac137f2053fe12dff0e5b3d543c94
-
Filesize
460B
MD53996f396500fbecad7185e0a562b6888
SHA10d744b25c69dcc8113979412fbbd0a74828b85d7
SHA2568d8efc224934cd89c9e808f3ea79f6b0fa05ba6ac317ca2d08553ca8b4f6a9af
SHA51293aac88e86304499683050d6ca260d0f1a014b2bf16aac683d70c4e8148268ee5e613fc378eaa9db17b819d4d3dce73b74157fc92e73c2bd05b07447d1b5fea5
-
Filesize
9.8MB
MD54e96db779ba9d5ddb090b03a8b176f23
SHA1de5257df2fce11f8e39914c824f2452f86d73c6c
SHA2566142a3002b7400d804ee2075c9709d09d0a9a2b2b7d564c07fd7ea460950b16d
SHA512b9d58daab75841250329cc945e38028d2d9e62a9fa5b84d0eda2b220856e94374b17dd52b1de1f42fb4cf8f2f9cbfbaf0103172f8488957ef692d24e1210e60f
-
Filesize
10.6MB
MD51843e1be6b5ed3f3acb340ac54fa1748
SHA166f7dc87f217d7f29f3fae1078dd061fa3dc85cb
SHA2563c399e5d7c2786c87d3e239dc880bf83a81c16ef9b941fc0303aa04cb0461fdd
SHA51230db8a772a272905061b32a39a445912d7040eb00a9e99e5ead83fd2a1fc710b4e11bfb7c1e09c2d94e890b9867f470922220628616699872ecd36d71e780e7b
-
Filesize
4.5MB
MD5d981dd686cc65f48170509d99af11d1c
SHA1c052ee2b0cbb0ebad69aca968db540a512655247
SHA256aad867284d074b469e71baceba8eb7119468cda861d93bbd19546260c681be5f
SHA512dbda9e70fa2a1fa9a484e291fb23cdf6a38205e35f021db6e5468c96753e023e9cf2afa0cf27645fd2c4bac856d516c721b66cd6962368e874b7b1dc4b97955a
-
Filesize
163B
MD5889729635d1b740ce54267ea6735d995
SHA173e21f0cf19dbe5213b5a0631aab6b489c8112c0
SHA2564c2231403032c7bf876ba1ccb653652639fae4566dd598ac8b867a5b38f6e376
SHA512904a48bfe121e0489e99272ba493ac68653361226837f5f34b26b5748d6c83cb32a682511151816fcbdf6d4a145b2b242b46416e309cd9c9e2b546cb51a34f26
-
Filesize
382KB
MD5598e5a01d2746fab767346ae41d13822
SHA18ee6c76bdbb67e6169c9cb1fb6d901bb5e831a87
SHA2562f2c468dd1ebddb4fadecc5169624b2907abe4ac6607eabb29a2bd7615c5e5e2
SHA5125cba63e6d75ce1bb163a09d789d298deac6aa5ca16a7b2c9d279a1f86b8dc0bcc9d7e3651bd18aaf73e57b7ac1c2056f445d6107f39a3b573c8452f61590a4d3
-
Filesize
494KB
MD50f15a5b9cb1c464a7f52a8d93017e9c8
SHA1c7fb68290561b58bb1f01c16f5eb8086d5e62acb
SHA2567a946d33e7b92db704c3a32832f8fdec6b47800316c2dfb9f98ce534e96cb313
SHA512dd2a7f5c085a212b907700ee57f8a6a2a08e09d2e1a286938e914372b625524b15f51f3eae84b4a2655e32dc756ad8843d56ce0a2d1666555c6e1fec7afa04f9
-
Filesize
3.8MB
MD5de6aaea74fea7b67abe65be03a3c7675
SHA16d3de30ee4738d84e8edfe33527a58e4b1714b88
SHA256d0e69265e1a2fc61285031d7113e2f8b6605ca61fa2171d85e5a47cbb7667a02
SHA512f70b1243a93d564b967beb2bae1bfe4dc6ad1086c69bf21bb304f225861bb654d8d0085e74a496e7dbf417e8012b139b1e8401a2785ec273839124be43d837d3
-
Filesize
2KB
MD535bcfcd190baa3366002b909164686ae
SHA1690489acce4215d1e452c01c6f84b8098fef5777
SHA2562e65a2df6bc1718d6ca96a45606c4a1b0b89df664bc1e0cc0c54e9b35feda322
SHA512c9c6a5d7e8ae0ab2574646492305f3546ef0c3f36ab0a7b7ae8bccb664c7de79fadd167c309bddd4e5bfeee06cf1cc7f259ff63f5048a36718d12d8bbd41fb15
-
Filesize
397KB
MD595828ee007d3586792d53ace50b2357e
SHA13501ccad7573fd467911f207155318db3a1a1554
SHA2568c4be5f1bc4e2f73d4396af48a31bf10362006472e9b28f40aa91f73a3815f12
SHA5129896eccb178fd772fc92e5793340bdbc1bd6169465d9a739df06c1154edbce16f6db5dd50df426ccbc40d8410d4ef170c3fb0bc700e7778149ff2168409638e7
-
Filesize
511B
MD58e8c521ce4fecf8b8ef3b87dc54efcb2
SHA1592617632b820ecc54823473478d4c7877d62a58
SHA256c65da3d045dc724dd7473db2a27edc99e05b8589dbe629c7bcc076b4a3adaf08
SHA512d535de84c79e047161fbd17d0f2d3b9fa38c39cfc5720f23f7ddff53f9fde03ed08236faee4918e4a1f499538734b6055c88f060900cbcca8822b2f5b70b04ea
-
Filesize
68KB
MD5314cb7ffb31e3cc676847e03108378ba
SHA13667d2ade77624e79d9efa08a2f1d33104ac6343
SHA256b6d278384a3684409a2a86f03e4f52869818ce7dd8b5779876960353f7d35dc1
SHA512dc795fa35ea214843a781ee2b2ef551b91b6841a799bef2c6fb1907d90f6c114071a951ebb7b2b30e81d52b594d447a26ab12ddb57c331e854577d11e5febef5
-
Filesize
1KB
MD53adec702d4472e3252ca8b58af62247c
SHA135d1d2f90b80dca80ad398f411c93fe8aef07435
SHA2562b167248e8136c4d45c2c46e2bff6fb5e5137dd4dfdccde998599be2df2e9335
SHA5127562e093d16ee6305c1bb143a3f5d60dafe8b5de74952709abc68a0c353b65416bf78b1fa1a6720331615898848c1464a7758c5dfe78f8098f77fbfa924784c0
-
Filesize
20KB
MD5fc894518aa5ba6f6f066bb9dbc2d4b32
SHA1d9f69ed133d316cdd9c9e555437d3d92fb8e5635
SHA256041c580f47316fbabbd0173ec20d4e8465137e3bfa3af8ef7a30e887d9e6497a
SHA5123cca3e867ab5f574942047f11a372d463397dbe25a0e4f73ff47547cb3e2bafbff8c91f7aeb1af2ab8f9ec4a12a272b2048d756582b5393c6f40a6d88fde9d45
-
Filesize
314B
MD522c6deb542cf2df1ecc19427cb73f589
SHA171a5b5e36d9b24a000abadf7c13abbf82667bd8c
SHA25671d6420ce807be258e08a452cfbe84ac018ca7e40a3e48af87d58b72fc630538
SHA512c36b7f0f4277e6c40ad849610ee33a4f86bc3dac99992b9635ad718353ddac2a0039117fed74dcdc9a9947a6c13733e8d5990f1132ece947b787cb31c9744128
-
Filesize
4KB
MD5bd1f86c2713092cbebaed4e534e2400f
SHA15e9eeee59a81b25a3d67b089a10a534e684a7880
SHA2568f120274dfd8ec5531d1d335ba9129d8c43227321a3ce471464fda1cb999b60b
SHA512e35a54d4c69a2800d60787533cc77e94514473b43f0ad37bf9ac5da0de1cf4d74e4fb8cc978df9f03762949c44833665b17e4cb992c1a5461399590664ba26a1
-
Filesize
505B
MD5c5a07b9992141a5fadf9725b7ffdad92
SHA109b0bcbf09ca429aea3fa740ffdf9843062fb070
SHA256427c748b93693ea2f0b528883c35fe31d5b9aaf2493aade02a59f738f5acde8a
SHA512e608b25bf4df06a9a51f7adcc93680aa624867f578ac5ff8148bd3b2d393358fa5e3e837d5b0df5c7a95f7700c6cd58b3d0ea3b301f34c0b281f31596ebb9aa6
-
Filesize
38B
MD5e0288504c6e8f54df2362f205917a908
SHA1d1f68befc35841affeba07ef836786842fd381d3
SHA25628791fb25f605b5c7be04d8b9bfd5d022f9f94351d6015d68a7fa435ee48cb33
SHA5128e5066bc4efbad9761ebb4f78e70f7006ddae9208b040e28c995fc342e00311a25fa841daee9e1a3f2ec80a71a896b92396d95dc651f9b7f43149b3710ee1721
-
Filesize
97KB
MD56f063931e1f0c939722e80d7b0ba03a9
SHA1f44cc84bc7d7ebd7bc43cabcd6f7b9b2cb217c84
SHA256b0c8fd21aed6faeb1168bb8b722e586a52f9e8468b4675b9dd33fcd779db720b
SHA5129a6086a49c9cc2dd4595281e492405a571eabfeacdd6627b92209db6ad26e724ccecc463fa317dbe912f809063ca7d59bab7528b3f387bbf604a666df0df75f5
-
Filesize
211KB
MD5a3ae5d86ecf38db9427359ea37a5f646
SHA1eb4cb5ff520717038adadcc5e1ef8f7c24b27a90
SHA256c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74
SHA51296ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0
-
Filesize
181KB
MD50c80a997d37d930e7317d6dac8bb7ae1
SHA1018f13dfa43e103801a69a20b1fab0d609ace8a5
SHA256a5dd2f97c6787c335b7807ff9b6966877e9dd811f9e26326837a7d2bd224de86
SHA512fe1caef6d727344c60df52380a6e4ab90ae1a8eb5f96d6054eced1b7734357ce080d944fa518cf1366e14c4c0bd9a41db679738a860800430034a75bb90e51a5
-
Filesize
189KB
MD5e6fd0e66cf3bfd3cc04a05647c3c7c54
SHA16a1b7f1a45fb578de6492af7e2fede15c866739f
SHA256669cc0aae068ced3154acaecb0c692c4c5e61bc2ca95b40395a3399e75fcb9b2
SHA512fc8613f31acaf6155852d3ad6130fc3b76674b463dcdcfcd08a3b367dfd9e5b991e3f0a26994bcaf42f9e863a46a81e2520e77b1d99f703bcb08800bdca4efcb