Overview

overview

7

Static

static

3

2024-09-29...re.exe

windows7-x64

7

2024-09-29...re.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    144s
  • max time network
    145s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    29/09/2024, 06:52

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-09-29_a37f69fe0c2a49be579bc21d20edb735_bkransomware.exe

  • Size

    9.6MB

  • MD5

    a37f69fe0c2a49be579bc21d20edb735

  • SHA1

    400137c6eedb9e1b133b87ea43d63673fcec1976

  • SHA256

    f458e0a3c5efa2d1afbeef39cad701eb7736dffffacb444cf015273fdf2e5b2b

  • SHA512

    112140e67530f161ce452bd42ca1fb31a99fc79081985be60cb50ce4772acb1c6eb7337b04504b958aaf0edfd47312064bc698a1b917caeee7f8d85d45448a09

  • SSDEEP

    196608:9ewigScXUiUBjxHQ7mXHsG+oSJYg2xhsbjjvxyOJr:EwigpUjBjVQ7R0LhsvjvAOJr

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 12 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Windows directory 14 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 22 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 43 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 10 IoCs
  • Suspicious use of SendNotifyMessage 8 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 22 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-09-29_a37f69fe0c2a49be579bc21d20edb735_bkransomware.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-09-29_a37f69fe0c2a49be579bc21d20edb735_bkransomware.exe"
    1⤵
    • Enumerates connected drives
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:2100
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2348
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 91FC17D9F3DCD034B1AAB9E974C050C9 C
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      PID:2840
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 1CDF851B27963193CEE1F17DC4A5EC85
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1848
      • C:\Users\Admin\AppData\Local\Yandex\SearchBand\Installer\searchbandapp.exe
        "C:\Users\Admin\AppData\Local\Yandex\SearchBand\Installer\searchbandapp.exe" /install
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2252
        • C:\Users\Admin\AppData\Local\Yandex\SearchBand\Application\1.9.0.786\searchbandapp64.exe
          "C:\Users\Admin\AppData\Local\Yandex\SearchBand\Application\1.9.0.786\searchbandapp64.exe" /auto
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Adds Run key to start application
          • Modifies Internet Explorer settings
          • Suspicious behavior: GetForegroundWindowSpam
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of SetWindowsHookEx
          PID:2112
  • C:\Windows\system32\vssvc.exe
    C:\Windows\system32\vssvc.exe
    1⤵
      PID:2744
    • C:\Windows\system32\DrvInst.exe
      DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "00000000000003EC" "00000000000002B8"
      1⤵
      • Drops file in Windows directory
      • Modifies data under HKEY_USERS
      PID:2284
    • C:\Windows\SysWOW64\DllHost.exe
      C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
      1⤵
      • System Location Discovery: System Language Discovery
      PID:1428
    • C:\Users\Admin\AppData\Local\Yandex\SearchBand\Application\1.9.0.786\searchbandapp64.exe
      "C:\Users\Admin\AppData\Local\Yandex\SearchBand\Application\1.9.0.786\searchbandapp64.exe" /auto
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:940
    • C:\Windows\SysWOW64\DllHost.exe
      C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
      1⤵
      • System Location Discovery: System Language Discovery
      PID:1848

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Config.Msi\f76e340.rbs
            Filesize

            9KB

            MD5

            1e813f72d9b5d23d62dbf2450ca9720a

            SHA1

            9ef65b127f69dd4d3f0cb6de01c79e5a7284231f

            SHA256

            f8ddc19cedf9ba944035de5754758115a72297f60fff28d656625b2532347f9c

            SHA512

            33838f4d06aeb244e66580e52595a882e1636f1e53462c73d283ab11042e3f5dade97758da69125e337dbd65da53c859d7268b9293b25415b01b433fb17104d0

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3B179347615B32FE859CEABBE50C3EE6_8E70042F884A67193ED52832BA9E5354
            Filesize

            1KB

            MD5

            29327f101b0fa1ccf79d14a0a53f54a4

            SHA1

            4dfab66e969d1db355589a91b07e3e6b87564d48

            SHA256

            6fd333b11bb6924c7255beeda326523ab2e3c977d1ba51bf3223b8a988869082

            SHA512

            c0df614e6872d2ba2653c7e25b1f96e27ba80c9e2a1be0a464b38bc793409c99d37e679ea6dbf6c9768218a5b114075ca256aba13c2ce79b11c25592f7701337

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E7EC0C85688F4738F3BE49B104BA67
            Filesize

            1KB

            MD5

            7fb5fa1534dcf77f2125b2403b30a0ee

            SHA1

            365d96812a69ac0a4611ea4b70a3f306576cc3ea

            SHA256

            33a39e9ec2133230533a686ec43760026e014a3828c703707acbc150fe40fd6f

            SHA512

            a9279fd60505a1bfeef6fb07834cad0fd5be02fd405573fc1a5f59b991e9f88f5e81c32fe910f69bdc6585e71f02559895149eaf49c25b8ff955459fd60c0d2e

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3B179347615B32FE859CEABBE50C3EE6_8E70042F884A67193ED52832BA9E5354
            Filesize

            538B

            MD5

            0e6c19da94f254349c2bf9f56bc27285

            SHA1

            2b62bb4ef26c3ad74c533128530a533376138ca7

            SHA256

            7cf40570654e4fa9a223ca04b4d3784ee2285ae4408e1f0d1c1e5cfdef8b42bc

            SHA512

            009bf4c1f255b303af25bb05fc9f13623b34e60f9ca5fb2f931ca7bf292db789887e21f2222de0eaa52cbe8a669d958caaf66d79f9d1da931a305b000e37fa86

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E7EC0C85688F4738F3BE49B104BA67
            Filesize

            186B

            MD5

            1094b5c8bf0370692d13755b83f730b8

            SHA1

            60cf8b375b93bc4bcefcefb0481221dc83bd1acf

            SHA256

            5f78f1bd9976531c9e63c3ae2442dae05fb64dd23454ef7041a341c2bbf9a060

            SHA512

            2a510611c4f4ffe69852d590e1ab919ddb8632e69b847d2569e448fcee9d2767bbfc1c9a546f353483a3390c96a94ad8d6491d63fd7e7a6919b5a44706fa49aa

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\CabE39B.tmp
            Filesize

            70KB

            MD5

            49aebf8cbd62d92ac215b2923fb1b9f5

            SHA1

            1723be06719828dda65ad804298d0431f6aff976

            SHA256

            b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

            SHA512

            bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\MSIC8CD.tmp
            Filesize

            134KB

            MD5

            cee151b0f20823a3f75768b8b2855d10

            SHA1

            c2d11737e4ec2fb05972025fb97587c32b6f6c8c

            SHA256

            e67a89ceda7d5d26defa9f7443adc6b90780ec583c5c38e837c9dad6d3b21749

            SHA512

            9fc98cbf6dca0a046da978dad6a278a4b8187de68a7462c7d3c59eb8a09215faef2eb4d0fb8d433eb1c019a7606b96ab07e59aa3c1b63aca8ce351b83d530515

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\TarF690.tmp
            Filesize

            181KB

            MD5

            4ea6026cf93ec6338144661bf1202cd1

            SHA1

            a1dec9044f750ad887935a01430bf49322fbdcb7

            SHA256

            8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

            SHA512

            6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\searchband00000.log
            Filesize

            38KB

            MD5

            c1b27017e2fb2f46bb263caee1173043

            SHA1

            42cf954711990821a097a2ff6bcf8d8116bb04b9

            SHA256

            07d8c913cb9ea7723b20eea691258b32fef0848db1558d6b65a46af806e45bbf

            SHA512

            1fb43d29d9b3e52fec32b9118efbd37cef74503093cad066d530335f5556ef5feff66f8a67a3d95a980e3c99f4e2c42c9d9f351869f19bd565a7769b847b2ab9

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\{7E13FD5F-608A-40B5-8FF3-2E3D0A783A2B}\searchband.msi
            Filesize

            9.1MB

            MD5

            577387ca25a8cf454779371964236a60

            SHA1

            bb409fe9b15b1e7a3c92cd418e612fae9f76421d

            SHA256

            3ad57ff4e1add098985389a46ccc73e05120e1f237486311b7fb72cf379d9d6a

            SHA512

            22570a02f4822c05b43e36771574c4c2bdf3f7b24317b852514427aed7310d5d8f0fd4fa60229bef01030061d2a04e40378713aa2a9da798f1cd8cb0bbd8013d

            Download Submit

          • C:\Users\Admin\AppData\Local\Yandex\SearchBand\Application\1.9.0.786\branding\about\config.xml
            Filesize

            1KB

            MD5

            0593e8c2224235db23b8f5b8967ebe13

            SHA1

            3911a862da7621b95d803ac87fe4014cdb682b7b

            SHA256

            01c477f64317e6a6b0c746c9c0052cf4bdcb9bad75485df7d49db790e9b38b4b

            SHA512

            a0d75a42d200808259831b41e3f47b62cb2a56cc466fdcf40abbc83107a3e65a87345546a304d60bb6d901cce77c327e151eca8834828ce3a0d19bed807e2b0a

            Download Submit

          • C:\Users\Admin\AppData\Local\Yandex\SearchBand\Application\1.9.0.786\branding\tablo\logo\translate.png
            Filesize

            7KB

            MD5

            a68b03f6c1957c980a1fd2dfe27e7c57

            SHA1

            05aa29504b6e75161de1cce84d9703ea6ab3f833

            SHA256

            0cca9b549fef72f09e8d8beb98136bdf8392396a4a1e44986437dd4d9cfdcb7d

            SHA512

            c1f3ecefa03bcf91b252eec1a1a0c720d7be063a6f54c88e2a17888bac484ac47b434751591fb8d2becb05108f595ab4b3c4dbbd024cc8e16f3423771e02a9d4

            Download Submit

          • C:\Users\Admin\AppData\Local\Yandex\SearchBand\Application\1.9.0.786\branding\voiceactivation\acoustic_model.nnet
            Filesize

            1.0MB

            MD5

            66f83296af033c5ed2a55fd476dc3ce7

            SHA1

            2098686d4665b5aaa91960039d306cc94b995443

            SHA256

            d9edf15e376d65e7b81a9f10fd033dc162ac72d397c96f2cb3afb9e1aca40a4a

            SHA512

            a18637a0b88d214523d88d04f30eced142fe1901581bcac24ae8285ee8b83ae5f7650c0283f0a74acae93ee1b9c84579da038fa6f24cd41b74e2aa693896a340

            Download Submit

          • C:\Users\Admin\AppData\Local\Yandex\SearchBand\Application\1.9.0.786\branding\voiceactivation\flags.txt
            Filesize

            408B

            MD5

            ef97554a208e88d88fd13f75273e6af2

            SHA1

            f9b662ae167717a8afe8ea9b5e0cac52a78375e0

            SHA256

            9142cb69d520efd04919654c58184b77593a95d88bc1547d5b37208de8fc5fc9

            SHA512

            960e08bf70958ae2c3919f9ac52221f467b955aa4ca842918f225df2e3ba7e7c10c88fceb99500dbd08a95439dbfebcc356978397115d7c3f4cd9ede0f5f8a97

            Download Submit

          • C:\Users\Admin\AppData\Local\Yandex\SearchBand\Application\1.9.0.786\branding\voiceactivation\lda.mat
            Filesize

            14KB

            MD5

            3bd521e99fb588fbf0fa6dc8aed9fc85

            SHA1

            7117d268d409fc5d851a6ab4a84b32cbd8bb70cf

            SHA256

            43f59f67a3ad3d92a95271315e30b1528e8a05866316414401f966a78c6899de

            SHA512

            d0f228053b242806fff9df68af216c2a3b15a71ed5e640faf44185711be4ea3d3c97c8f878626450d0c17d32379ed7f68f0d59910077acbae30e62419e612b8d

            Download Submit

          • C:\Users\Admin\AppData\Local\Yandex\SearchBand\Application\1.9.0.786\branding\voiceactivation\words.txt
            Filesize

            72B

            MD5

            1d96f9604c17ea6893c53a0dbd6a151a

            SHA1

            44a3ad013365a2bf8506d55219563002d7be7b7a

            SHA256

            661dc2c73d3c09c16c83fbc8ecba82fa6ece9b84d60575fe6292e52017e8c425

            SHA512

            c721e94c592d7761f733597a3e3150dab02cdde75923cc04d180a75d4def9730fc833ec7b7d46ea17c8f8388b25feeb63119d6affec26873164d1c16c9f00ad7

            Download Submit

          • C:\Users\Admin\AppData\Local\Yandex\SearchBand\Application\1.9.0.786\data\app.html
            Filesize

            402B

            MD5

            0667ab74824e32636f349570e060ddd8

            SHA1

            417314402deb0bd19fcb804ae07fbfbb19afeb89

            SHA256

            9161afce633289c3ade74111f7e982ff06c74de06e442f9c7e22f6440f39e3a1

            SHA512

            e406c8189cd40e85d35655a15aecbaa7cbf9e5f1914baeed556da5d162435ca61a7ee7dbd0f286710fcf0a62555624374281303d579bd764d0bf7cd58782a3ea

            Download Submit

          • C:\Users\Admin\AppData\Local\Yandex\SearchBand\Application\1.9.0.786\data\blocks\welcome\i\logo.png
            Filesize

            9KB

            MD5

            602340b2e15415aae6d46c38b00bbfe4

            SHA1

            1f10a47c53e6d789d323543b6c0dd365c6891f0a

            SHA256

            70b33d4340e6f4e0f232407feb921d3838590f30e3706a2046fd334c624303ac

            SHA512

            9ea5b5107d1dd45b59a6305a43620e4a5c8dabe65eabd40791ed3bf34245d076b51ed52751390933e961d919ad06e4b7f670325f1b008bbb2ca49fa8217e3a5e

            Download Submit

          • C:\Users\Admin\AppData\Local\Yandex\SearchBand\Application\1.9.0.786\data\build\build.css
            Filesize

            78KB

            MD5

            1c1ce53c82c74acefd47872f9b2e736f

            SHA1

            ed73e5405c9c46fc06bcf03be257cc90e09d8e2b

            SHA256

            b058cb7ac64f9bd3fc95d4e9a77a9a016d0ff6ab31c27977fcf4f8e808a7c59e

            SHA512

            b05d77ba065d58bcef079311c6b13e7bfa6b3953530f3bd5b837aa957be17938749ac4fc87307b424a5a19abb437466ba0b663188c712ba41f59daed99b3870d

            Download Submit

          • C:\Users\Admin\AppData\Local\Yandex\SearchBand\Application\1.9.0.786\data\build\build.js
            Filesize

            558KB

            MD5

            71d79cc7877f3c68521379673734210c

            SHA1

            26135ecb638eed22aea030bb6bb7f6ba7b0b1552

            SHA256

            1880acddbdf9dc55991319ece13016d92936e5b4612cad8e5968494897cd5874

            SHA512

            67498c17512e7765cedde3fae979311b44c6e0d7e41a17c08f0292b1dc9e6d6a791061857b5aee1519b3cd9e4c95898c0ae10e3875dce9d22976eed90b9e594c

            Download Submit

          • C:\Users\Admin\AppData\Local\Yandex\SearchBand\Installer\branding.zip
            Filesize

            1.2MB

            MD5

            b668067c475f2f4210b9bd818932b31c

            SHA1

            770bd842455f0ed9998927cd6b3cc6dfd27a3980

            SHA256

            34dfc8a6b3243eebb40435feddf922bf0ebb5744a9aac745a50cd5823dea6e9d

            SHA512

            a139f7125b1d121d9c5faac94b102cebf7af869c011ccde80d27e903b862547049afa91e33e0716cd520552d7fd7afd8a3608e063eb2466954a4e463baf90037

            Download Submit

          • C:\Users\Admin\AppData\Local\Yandex\SearchBand\Installer\data.zip
            Filesize

            542KB

            MD5

            f79cf24e2a6d9334e80970e133d069ea

            SHA1

            461638712217cbf6e4206e381e4d8001990c24c0

            SHA256

            19db9fad362224ea4d9c049708b78b01aec866d09889cd8c5495bacb90ebc7c4

            SHA512

            c111ed19074d437f20cc27e3cdddc5a01a669d695550425af055ffab85588e881d8366e891a4685fa32ebc1797e68ac8adc041f36b6e18ac577ea4a03e07c2ef

            Download Submit

          • C:\Users\Admin\AppData\Local\Yandex\SearchBand\Installer\phrasespotter64.dll
            Filesize

            799KB

            MD5

            22f07633d3029755570c1e13d4d3cf4a

            SHA1

            af81d82f0f491e3c007be95118db6dc2114abf5c

            SHA256

            0ef944f414a8d787d02e7db9d2da2034a70953c90fa2f1392c3e48946ec236a6

            SHA512

            3ed88c3f3d2a6f43369cb3f9188a659da20147ff6709c18444de097f89d4e9d1378e95e46493a3881869e53d6e9ec1305ef5470293d1771746e28e73ad706930

            Download Submit

          • C:\Users\Admin\AppData\Local\Yandex\SearchBand\Installer\searchband64.dll
            Filesize

            6.1MB

            MD5

            e71d21551e882f0aa21986f6420d6641

            SHA1

            6953cd76ffeceb2cef05328d061eff1c7b15104a

            SHA256

            e71d7f629cf095649c424163f35ffaf1cca8621e28c146ed08a4d2d2fbef84c6

            SHA512

            bd2d5d061c26af41434fb1f87d8549586a6b58a3c41239c1a31509ef1efaf0ec48cf040e77826aa6f9eddd57948ccc36c21916975253ef09dc56c40647026478

            Download Submit

          • C:\Users\Admin\AppData\Local\Yandex\SearchBand\Installer\searchbandapp64.exe
            Filesize

            2.5MB

            MD5

            44c8a074a5812898fdaaa91435c4396f

            SHA1

            0893e2fabda0b513f4478abe989dd77f00f0eb7c

            SHA256

            93175f0f5c9bad49806ecb4ef502eb09a656f7efdc90b9255aae3c8b9899d5d7

            SHA512

            22a54b372300c5e2f1239b6348459144e2d680aaad4c97be0c73a32558948593896eee553e83587c0ba8e3f2f59a7d38c7e053691b8a1b5b12e6eabfb0d3392a

            Download Submit

          • C:\Users\Admin\AppData\Local\Yandex\SearchBand\UserData\Logo\1286e3131750911a69023868a9f8888a.png
            Filesize

            13KB

            MD5

            1a3690b2a28bdca07c895eed9f9f7a1c

            SHA1

            533c50d89079e42ce715402dae54657285b8368e

            SHA256

            a9cdc4a0660db7e85a28e458a9c23f8973dad753a0c04b1e85965bf87e4feac5

            SHA512

            f77081b65be3298fc02c10da3c1117fd99dbdff91b3fea653d184f0981d13914e6f8dd3466401c3011ee5b9b107d812cef07b1614ecce770f82b03fa9640e578

            Download Submit

          • C:\Users\Admin\AppData\Local\Yandex\SearchBand\UserData\Logo\1c784a41fcf4199a97dbd6871a05a758.png
            Filesize

            4KB

            MD5

            6e51ac3fd5537dbfcb427893a66cea90

            SHA1

            54b51acbe83be579c6ecb116b1fd69a417cf11f5

            SHA256

            0f506b162c4506b20403328fa0c96e6b960d69577c7b185bc1f8041fb735d588

            SHA512

            dbe792e056c3b1c136a5c87734f4eec79138a9f72bb938a1898ddc4d7aebffd16795ddb804f508c7f1610921d771edc27e11ec88319454f3e162a548202c4692

            Download Submit

          • C:\Users\Admin\AppData\Local\Yandex\SearchBand\UserData\Logo\26dc11f6ba697985d1caa6cfdf947ebc.png
            Filesize

            6KB

            MD5

            7656cc1ceb4213f11a49254b1d772bdf

            SHA1

            901f00ec4e5ec9a88d98842847be5cc2b0bce561

            SHA256

            234c80e7f374c0d02249954dbc5b2d6ac5fb7b8fb06c1ad6bbc30246d814e9b2

            SHA512

            c078ec99aa97247f149e07e3767c683b489a2db419ab690b9e5d687f94d6e35dca65cd3c717d4d7e95ddcdb0a381f8d8d1622d3348f817bbafd31189ae33948a

            Download Submit

          • C:\Users\Admin\AppData\Local\Yandex\SearchBand\UserData\Logo\2f67b911a82894e640e3af1ebc9d5c1a.png
            Filesize

            5KB

            MD5

            7196872b5d229e19477c55d3ac17c840

            SHA1

            5858ec04c9f3b258d4d042a99b2332226737dab8

            SHA256

            2dae4f664008c99068c9b5c4563d73ad18b2a242e4582e98f63e59cc1254061b

            SHA512

            a99a4d371e563732c991fb4fbfe0ca1614dc8624fa28d35d46121a613848afb86c34bd69ff65832e41be26d71cf2f02e090cc574260aca126cd63315f1264eae

            Download Submit

          • C:\Users\Admin\AppData\Local\Yandex\SearchBand\UserData\Logo\69e55db4221d99f2568acb4902dafee1.png
            Filesize

            6KB

            MD5

            4b6f3f2377c9a5df0ec0d3578fc13607

            SHA1

            b20d6dcdc1728a95f14e787e16238b9e3c53f1c7

            SHA256

            3d8efb3dd2a8685893ae08c52c8e68feba56b912f6de4ca3db74210e856d7606

            SHA512

            5bef26db780ccacd17b91fa8321e545c9665703a535e13996631b7c8a1c4eddb13b8d09dc97fe70c73db9cedf01504daa22415371a7eff236842fb250398234e

            Download Submit

          • C:\Users\Admin\AppData\Local\Yandex\SearchBand\UserData\Logo\82f91a4525eba32ab1492e57eff82d67.png
            Filesize

            4KB

            MD5

            729a2cbc7e2707fcc05d4f7e49bfcb80

            SHA1

            d9ec9afcced2c8a07f3329d3d2af03ee5f5f1890

            SHA256

            60795780ef2b65831f14d30c8b5a3a6813a13cbfacc786f7e30cb4e15b6c9f1c

            SHA512

            a3914124f5d6fa71192bd9d770c5d3492bf8b052aba71f2707b8ac518a42e74745af30e22f398e8880e473ffdcc941e0f0e455d00f84fef108bdb1d53331f290

            Download Submit

          • C:\Users\Admin\AppData\Local\Yandex\SearchBand\UserData\Logo\8d9daf5d1c5b6b3308e0bcc54301606a.png
            Filesize

            8KB

            MD5

            04c236271ac14c9a5454aa0db9420dd9

            SHA1

            ddcbffb7634452900b1b3003c4bce581c6b9a14b

            SHA256

            9e0a7a635b7461cfadafa3567a249b1dae69281407b82ed682d5a24d33e6cc01

            SHA512

            ddbbcb6d4bddfcaa4df156dc4a8941bed2da9fc0f85b67e13b02c93e0bf93bb5a5bf143a7ba0bbcdcf210291e6c4f98301a95bc6a6cf7aeb1aa49b198d1dab41

            Download Submit

          • C:\Users\Admin\AppData\Local\Yandex\SearchBand\UserData\Logo\aa5d29751e47e7b41a30022e9de91ff8.png
            Filesize

            3KB

            MD5

            ec6948c4748ddc956c61f8fd69d65d74

            SHA1

            f81c049b84c229a8f028e8e243b3f462e387e446

            SHA256

            1d40f23b98917af527c1ea26ec491051574020763bc76d0d1155ea9fc4ae1b03

            SHA512

            0381f10df779becb3f417766d1709301a0bf7c47db1e448750ecae368e053a4570422834855b928a7aa63b6843dfec0eb11f9349d8d8bf89f89cb31e7706507b

            Download Submit

          • C:\Users\Admin\AppData\Local\Yandex\SearchBand\UserData\Logo\bb14abe509083297982cd8f142297e8d.png
            Filesize

            3KB

            MD5

            d0c3e3674b345e1590194821855c2bf9

            SHA1

            b6c8fcfa0fe0193c90c8eafb9553979f55284ce9

            SHA256

            67de57a1202ce96a2179629f4aae20656aeb1d4a25e5b0b1a040d027eca99db3

            SHA512

            ac42e5b373b5b18d33ea31a8e9b1ccee0b2600153796ec0e040dd37f76918be78d868f455bae0c7e6447197be493f94a4d3bb875b2a20a2dfb318b7fdf377960

            Download Submit

          • C:\Users\Admin\AppData\Local\Yandex\SearchBand\UserData\Logo\e791887fa59b1500f233efedb26a96f6.png
            Filesize

            5KB

            MD5

            7b90154d2d51888df2cab17d2987eb18

            SHA1

            b9075ae6aa9b754346cfb750962d144166a7d1df

            SHA256

            b11ef787dfe757e5da5b25c546310d19263e11820ea857cca0c9f768d83e51f8

            SHA512

            7cda9f8dd1df68eb5c3c1e365b9a5bf0df4f00d8051998ced7046b1a986cca39ddbe686744eae99433100be260a4d21f391dccc5b2bdf96de1b1de8e3a5cfc9b

            Download Submit

          • C:\Users\Admin\AppData\Local\Yandex\SearchBand\UserData\Logo\ec47ca26b061a8147b6e4ceaf7ee0693.png
            Filesize

            6KB

            MD5

            6e15e1715d5b98e4f9b8d6f89504e047

            SHA1

            c71606a0b2cfcefc8ab12680abbb0abfb6eade48

            SHA256

            a8feecabd2a89983e9d22522b8efb78ad9270fa2a6fa8e1428add65bfb38c208

            SHA512

            7d63de91d6f5e056490992b70615b3e30fa911089b4bb88ec454722898f715e8cac0d79d3d6826206aa80029a4185fd13ee2ec7abcd8590faa96fb55b7c70afa

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Yandex\clids-searchband.xml
            Filesize

            222B

            MD5

            4eb847f743db57e2b8f0697aa1be93c2

            SHA1

            9b4fdd58dcc86ff66e38e7db4a45be5c5d9ecee7

            SHA256

            d9ff7f0de25b3d9a4bd925d64c04a8a544ba6a717c5b5206dd32f4356188f180

            SHA512

            dd0985c859d1e31e5e7920a4f07fb9df8f457e84655677d386819aa76184ce0a9c1f2cfcbeb3673d9276f41969d459aeca573a62a59028beeaad5723280a490c

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Yandex\ui
            Filesize

            38B

            MD5

            57455e4f357a8c0521c7674e1c242f2f

            SHA1

            790418f64d5fcd9bd92e1ae5f3f59fa2c3e43801

            SHA256

            662fa64e1178948c26f6745ca0f169097af5c1d0e68606d037099e559400060f

            SHA512

            3f6b5638a7dd5510088ebecdc5082846da1c320ed6ee601f8564ff635e5f57539403738d71a90aa12a1b5eba6f196c32eb9cc93ed226eb9096282d815cb6dffa

            Download Submit

          • C:\Windows\Installer\MSIE4B7.tmp
            Filesize

            148KB

            MD5

            5f20afc2331c6605b24e17fe095c8122

            SHA1

            6fc0a6bf88fe81d87116470fbce977b043fc5a38

            SHA256

            ad661a746d93557eb7240617e82309daf601649632cf2f8770c21c30ca020a4a

            SHA512

            6a95a41b1d264faae58b172a91d141d648bbb05f6b0eb26aed4fbcf80332e7bae295a3a37338e378743a0956fd86972d20a0e159299a9b3a8c0dd57164e6362f

            Download Submit

          • \Users\Admin\AppData\Local\Yandex\SearchBand\Installer\searchbandapp.exe
            Filesize

            2.0MB

            MD5

            b34d3c81d471daf0b51d5d5d733b7e59

            SHA1

            f850aa4cd2d1778db3f30e6a8a7944c91fe32528

            SHA256

            a5aecca2d47dc41440e2d91fc2800c59976dcbacb45711ee60c6e961abbe128b

            SHA512

            e91d491764655194e94949fa4f85607f69b128194a32b62895fec0c5529fb063866d161cc44d9996499ecd4e1db7e0b5c1a9ab0272b8b416b38de0963e830a19

            Download Submit