Overview

overview

10

Static

static

1

RNSM00406.7z

windows10-2004-x64

10

Analysis

  • max time kernel
    189s
  • max time network
    192s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-10-2024 20:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    RNSM00406.7z

  • Size

    14.1MB

  • MD5

    8686c6a2e40dc71fab82100398e2632d

  • SHA1

    269c34be3d1b79598ee909ddc39f390a89ff9840

  • SHA256

    6fd865129e1ac457f1202195add630cf1d877a5cd7b327eb91135922b12e9ea8

  • SHA512

    d778a962ace50370e87c1f6babfd271435384ddcb09e0c673ea1e9ee52bdb16c699de7213ea47e19a5eacc2338ffef8974cca32d0db9e2e9e4162940e1a37be4

  • SSDEEP

    393216:ryFtfJrX3l1fGXaDe9ihSs/dc5ag/RZHEJ9:ryFtRpN+9ih3iW3

Score
10/10
bitratgandcrabsodinokibistormkitty$2a$10$zh.ylp3n2kd9/nomyjfg2.60olpxhcnipjkls/fffw2wmd130tmku6033backdoorcredential_accessdiscoveryevasionpersistenceransomwarespywarestealertrojan

Malware Config

Extracted

Family

bitrat

Version

1.32

C2

u868328.nvpn.to:5881

Attributes
  • communication_password

    827ccb0eea8a706c4c34a16891f84e7b

  • tor_process

    tor

Extracted

Family

sodinokibi

Botnet

$2a$10$zh.YlP3N2KD9/nOmyjFG2.60OLPxhCniPJkls/fffW2WMD130tmku

Campaign

6033

Decoy

pier40forall.org

judithjansen.com

vesinhnha.com.vn

sexandfessenjoon.wordpress.com

highimpactoutdoors.net

ecoledansemulhouse.fr

girlillamarketing.com

n1-headache.com

wsoil.com.sg

yassir.pro

beyondmarcomdotcom.wordpress.com

puertamatic.es

kuntokeskusrok.fi

spsshomeworkhelp.com

ccpbroadband.com

thedad.com

berlin-bamboo-bikes.org

truenyc.co

desert-trails.com

first-2-aid-u.com
Attributes
  • net

    true

  • pid

    $2a$10$zh.YlP3N2KD9/nOmyjFG2.60OLPxhCniPJkls/fffW2WMD130tmku

  • prc

    encsvc

    visio

    thebat

    ocssd

    mspub

    xfssvccon

    tbirdconfig

    sql

    msaccess

    mydesktopqos

    oracle

    dbeng50

    ocomm

    excel

    firefox

    synctime

    ocautoupds

    isqlplussvc

    powerpnt

    outlook

    steam

    winword

    thunderbird

    agntsvc

    sqbcoreservice

    dbsnmp

    onenote

    infopath

    mydesktopservice

    wordpad

  • ransom_oneliner

    All of your files are encrypted! Find {EXT}-readme.txt and follow instuctions

  • ransom_template

    ---=== Welcome. Again. ===--- [+] Whats Happen? [+] Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension {EXT}. By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER). [+] What guarantees? [+] Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests. To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee. If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money. [+] How to get access on website? [+] You have two ways: 1) [Recommended] Using a TOR browser! a) Download and install TOR browser from this site: https://torproject.org/ b) Open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/{UID} 2) If TOR blocked in your country, try to use VPN! But you can use our secondary website. For this: a) Open your any browser (Chrome, Firefox, Opera, IE, Edge) b) Open our secondary website: http://decryptor.cc/{UID} Warning: secondary website can be blocked, thats why first variant much better and more available. When you open our website, put the following data in the input form: Key: {KEY} ----------------------------------------------------------------------------------------- !!! DANGER !!! DONT try to change files by yourself, DONT use any third party software for restoring your data or antivirus solutions - its may entail damge of the private key and, as result, The Loss all data. !!! !!! !!! ONE MORE TIME: Its in your interests to get your files back. From our side, we (the best specialists) make everything for restoring, but please should not interfere. !!! !!! !!!

  • sub

    6033

  • svc

    mepocs

    sql

    svc$

    backup

    memtas

    veeam

    vss

    sophos

Extracted

Path

C:\Users\Admin\54d3m8g-readme.txt

Family

sodinokibi

Ransom Note
---=== Welcome. Again. ===--- [+] Whats Happen? [+] Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension 54d3m8g. By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER). [+] What guarantees? [+] Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests. To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee. If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money. [+] How to get access on website? [+] You have two ways: 1) [Recommended] Using a TOR browser! a) Download and install TOR browser from this site: https://torproject.org/ b) Open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/780A0BCBB9929EB5 2) If TOR blocked in your country, try to use VPN! But you can use our secondary website. For this: a) Open your any browser (Chrome, Firefox, Opera, IE, Edge) b) Open our secondary website: http://decryptor.cc/780A0BCBB9929EB5 Warning: secondary website can be blocked, thats why first variant much better and more available. When you open our website, put the following data in the input form: Key: Lrl05RUIWT4Y3FOXCTGYgn1SO4egfA/oVHy5YxaqvqbjisIvkVqrr4znvcmCTmmn DVYmq/nzUdn0sf1bQn2aGOxEQ+aUb2pl4qtWpo/C+RymjCOJFfnSrL/jfWKvKvPB dp//8vyeYgh79IF5zGMKWRauFx7obUpDhzXT3PthXlhGfx5IgN3YeMgKFHBI+Bj/ XUw1EQFWCQTBrlEpdBypLREAuS9xqOLg3POBXEAVXYNFEPsvS2O9+VW3DWpGiSyL BOLRhmV/EXUG7z/ZPZ7Q81QtoOd4Mnb74M3aA1GryZLLVpBWRaQ0WIkSf9BWY0cX Eq15qi9hksUD9fLRWJ3PgR3Gh6aS2kt1gBllLNr/fuaAZyGVAlNMMgbSwHBoHu6c Wt+hQTqnJ1V7H0aexo/T5eMhR6YOpBxSsK7Ifnn1rwIC5eest+fDeVCjk+gU+lqB gIIkE3mOhUHH9iGikXhiUF0/I85Sq9SYpraRHbU687b8jqczDkctEW+cyS0ho3aC fqG5xdvmIUGTHSfOklS/1byqTgyaW8r1dmM95aH+W7bkWOfkk18GvBFLTNBcipCH BqOvdFFQOLmOcNMhtR3oPbIhNYpIAOiis2NwAwDZOnmRyHCyHKjGW/49B1nhZzpB BVlkc3gnIKsriwgvXGpNmMQjQUa9Fzbaa6cYgGOKsY+OtEUaTtS7eVXb8Pt5qhdQ THmkv2mA3k4t4U06DIHmEiV4zh2qdNcnVXdlkaeXafDkv067QIapzMScq+hnOKUc swScyuNidHakMwYC7xnh7+9MCpythc1YAkrc8lvS8rlG6EjIvozDu0z/H1D5Btbh bubwspFoqjQWQ+gIctwSOUXBxs1rmUet3lsSnckdZTlhliQ753DIMNJgp/xganZa xdIgJ4zs3EblpxlcELu5SxazHq529zYhDnPUwR8kWPn7jUeMRUFVLc1QeoWKZq6r i+nL1Isx7eOqE7n5eFRCoq6wXEbVCgtZeHaEplcG3f2j/r+RBxWL6Llzvev351L4 uoC7NhQIYSz2zERQnx9t+A5yLB/Tnzak0ETnOmfNYjLNOBdl51S9xf3BxFjYn9O+ X4/QcsYziAgW4diRuoMNh2DrOPCyC3n8KRWgZ6OrES1rVJjojG8icE5s/JJ7miVA PjP/WFoMRRVpWy1e/6vJCCufz2nzxv42zeFysDgn1Im4dJtRJgz5TgGiyWJwc8kz bmD6R2xq68KZwOssU32cmEeQf0iyhFv4wjlJcfF7djc2X47hotAT+yt3xV3iah6U l48QHXx4UguPtbm57Ahb5Gugbw2mY93xDyXHkEWwM6m5DBs2CkiGiDCrpoQIrR0c OuP66y7K//iXd9weJqNLHPwGGk02Mqyf9MtpqfsuwzC0kT5rNzVhHQ== ----------------------------------------------------------------------------------------- !!! DANGER !!! DONT try to change files by yourself, DONT use any third party software for restoring your data or antivirus solutions - its may entail damge of the private key and, as result, The Loss all data. !!! !!! !!! ONE MORE TIME: Its in your interests to get your files back. From our side, we (the best specialists) make everything for restoring, but please should not interfere. !!! !!! !!!
URLs

http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/780A0BCBB9929EB5

http://decryptor.cc/780A0BCBB9929EB5

Signatures

  • BitRAT

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    trojanbitrat
  • Bitrat family
    bitrat
  • GandCrab payload 2 IoCs
  • Gandcrab

    Gandcrab is a Trojan horse that encrypts files on a computer.

    ransomwarebackdoorgandcrab
  • Gandcrab family
    gandcrab
  • Modifies WinLogon for persistence 2 TTPs 2 IoCs
    persistence
  • Sodin,Sodinokibi,REvil

    Ransomware with advanced anti-analysis and privilege escalation functionality.

    ransomwaresodinokibi
  • Sodinokibi family
    sodinokibi
  • StormKitty

    StormKitty is an open source info stealer written in C#.

    stealerstormkitty
  • StormKitty payload 3 IoCs
  • Stormkitty family
    stormkitty
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    evasion
  • Renames multiple (1346) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Downloads MZ/PE file
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings 2 TTPs 13 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Credentials from Password Stores: Windows Credential Manager 1 TTPs

    Suspicious access to Credentials History.

    credential_accessstealer
  • Drops startup file 6 IoCs
  • Executes dropped EXE 56 IoCs
  • Identifies Wine through registry keys 2 TTPs 1 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  • Loads dropped DLL 58 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 64 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Checks system information in the registry 2 TTPs 2 IoCs

    System information is often read in order to detect sandboxing environments.

  • Drops autorun.inf file 1 TTPs 2 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Drops file in System32 directory 4 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Suspicious use of NtSetInformationThreadHideFromDebugger 5 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Drops file in Program Files directory 42 IoCs
  • Drops file in Windows directory 20 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 54 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Time Discovery 1 TTPs 1 IoCs

    Adversary may gather the system time and/or time zone settings from a local or remote system.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 6 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Delays execution with timeout.exe 1 IoCs
    evasion
  • Enumerates system info in registry 2 TTPs 5 IoCs
  • Kills process with taskkill 1 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 56 IoCs
    adwarespyware
  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
    stealer
  • Modifies data under HKEY_USERS 6 IoCs
  • Modifies registry class 64 IoCs
  • Modifies system certificate store 2 TTPs 13 IoCs
    evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\RNSM00406.7z"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:2520
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:464
    • C:\Windows\system32\taskmgr.exe
      "C:\Windows\system32\taskmgr.exe" /1
      2⤵
      • Drops startup file
      • Checks SCSI registry key(s)
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:4372
  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4172
    • C:\Windows\system32\cmd.exe
      "C:\Windows\system32\cmd.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2144
      • C:\Users\Admin\Desktop\00406\HEUR-Trojan-Ransom.MSIL.Crypmod.gen-1dbf72d00508abe53078b82df6f24dce102030b44cf4ff08ab6cde406e2afc2d.exe
        HEUR-Trojan-Ransom.MSIL.Crypmod.gen-1dbf72d00508abe53078b82df6f24dce102030b44cf4ff08ab6cde406e2afc2d.exe
        3⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:1952
      • C:\Users\Admin\Desktop\00406\HEUR-Trojan-Ransom.MSIL.Encoder.gen-c9c23f532b034cc9055bd8db4d7e237706749584b36bb90db4d8a4d2e4cf3c73.exe
        HEUR-Trojan-Ransom.MSIL.Encoder.gen-c9c23f532b034cc9055bd8db4d7e237706749584b36bb90db4d8a4d2e4cf3c73.exe
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:4136
        • C:\Users\Admin\AppData\Local\Temp\Ecakb.exe
          "C:\Users\Admin\AppData\Local\Temp\Ecakb.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious use of SetThreadContext
          • System Location Discovery: System Language Discovery
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:880
          • C:\Users\Admin\AppData\Local\Temp\Ecakb.EXE
            "C:\Users\Admin\AppData\Local\Temp\Ecakb.EXE"
            5⤵
            • Executes dropped EXE
            • Suspicious use of NtSetInformationThreadHideFromDebugger
            • System Location Discovery: System Language Discovery
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of SetWindowsHookEx
            PID:2648
        • C:\Users\Admin\AppData\Local\Temp\Swacy.exe
          "C:\Users\Admin\AppData\Local\Temp\Swacy.exe"
          4⤵
          • Modifies WinLogon for persistence
          • Checks computer location settings
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious use of AdjustPrivilegeToken
          PID:3672
          • C:\Users\Admin\AppData\Roaming\Google\updater.exe
            "C:\Users\Admin\AppData\Roaming\Google\updater.exe"
            5⤵
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            PID:4744
      • C:\Users\Admin\Desktop\00406\HEUR-Trojan-Ransom.Win32.Blocker.gen-dfa55212542ed697d1dba24d643315d5b3b3cbd659b68a11f9174a68fdaf4cf6.exe
        HEUR-Trojan-Ransom.Win32.Blocker.gen-dfa55212542ed697d1dba24d643315d5b3b3cbd659b68a11f9174a68fdaf4cf6.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:4216
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 4216 -s 1016
          4⤵
          • Program crash
          PID:7060
      • C:\Users\Admin\Desktop\00406\HEUR-Trojan-Ransom.Win32.Encoder.gen-c1284872bbb96b68bd6fce25eaa81897ec46149a34c010845a9ff5148daa6531.exe
        HEUR-Trojan-Ransom.Win32.Encoder.gen-c1284872bbb96b68bd6fce25eaa81897ec46149a34c010845a9ff5148daa6531.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2204
        • C:\Users\Admin\AppData\Local\Temp\y_installer.exe
          C:\Users\Admin\AppData\Local\Temp\y_installer.exe --partner 351634 --distr /quiet /msicl "YABROWSER=y YAHOMEPAGE=y YAQSEARCH=y YABM=y VID=666"
          4⤵
          • Checks computer location settings
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Modifies system certificate store
          PID:2816
          • C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe
            "C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe" /quiet /msicl "YABROWSER=y YAHOMEPAGE=y YAQSEARCH=y YABM=y VID=666"
            5⤵
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            • Suspicious use of AdjustPrivilegeToken
            PID:1300
          • C:\Users\Admin\AppData\Local\Temp\y_installer.exe
            C:\Users\Admin\AppData\Local\Temp\y_installer.exe --stat dwnldr/p=351634/cnt=0/dt=3/ct=3/rt=0 --dh 2332 --st 1730147255
            5⤵
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            PID:1240
      • C:\Users\Admin\Desktop\00406\HEUR-Trojan-Ransom.Win32.GandCrypt.gen-26f3f637546d62f298c4872376218a4a7f957c187ec804672895e976c284e9ab.exe
        HEUR-Trojan-Ransom.Win32.GandCrypt.gen-26f3f637546d62f298c4872376218a4a7f957c187ec804672895e976c284e9ab.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:1056
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 396
          4⤵
          • Program crash
          PID:2224
      • C:\Users\Admin\Desktop\00406\HEUR-Trojan-Ransom.Win32.Gen.gen-dbb4da123ae0bffedc7724587732b15db44a78dfc2ddb99a68511ef1b9e44b60.exe
        HEUR-Trojan-Ransom.Win32.Gen.gen-dbb4da123ae0bffedc7724587732b15db44a78dfc2ddb99a68511ef1b9e44b60.exe
        3⤵
        • Executes dropped EXE
        • Enumerates connected drives
        • Sets desktop wallpaper using registry
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of AdjustPrivilegeToken
        PID:5088
      • C:\Users\Admin\Desktop\00406\HEUR-Trojan-Ransom.Win32.Generic-f8dc2bcc806e3f18fc119e7f6c3b68d38d1013578907a4de3e4ef8eaa77e6e3c.exe
        HEUR-Trojan-Ransom.Win32.Generic-f8dc2bcc806e3f18fc119e7f6c3b68d38d1013578907a4de3e4ef8eaa77e6e3c.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of SetWindowsHookEx
        PID:3540
      • C:\Users\Admin\Desktop\00406\HEUR-Trojan-Ransom.Win32.PolyRansom.gen-29be773b1e6790c38a70d5b5b9f49558db69d8ca0b9c9ddd61f69b21faf6f7d2.exe
        HEUR-Trojan-Ransom.Win32.PolyRansom.gen-29be773b1e6790c38a70d5b5b9f49558db69d8ca0b9c9ddd61f69b21faf6f7d2.exe
        3⤵
        • Modifies WinLogon for persistence
        • Drops startup file
        • Executes dropped EXE
        • Enumerates connected drives
        • Drops autorun.inf file
        • Drops file in System32 directory
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        PID:4928
      • C:\Users\Admin\Desktop\00406\Trojan-Ransom.Win32.Encoder.kuw-c2b3ee961f034ad7c9793ed666da7fb352acea9ece866a508e57f6af82d1625b.exe
        Trojan-Ransom.Win32.Encoder.kuw-c2b3ee961f034ad7c9793ed666da7fb352acea9ece866a508e57f6af82d1625b.exe
        3⤵
        • Drops startup file
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:3100
      • C:\Users\Admin\Desktop\00406\Trojan-Ransom.Win32.PornoAsset.cqae-41423f7ba1356d779db719ffc36107cc4f79f9d517d7e86181f4386054f11eb7.exe
        Trojan-Ransom.Win32.PornoAsset.cqae-41423f7ba1356d779db719ffc36107cc4f79f9d517d7e86181f4386054f11eb7.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:732
      • C:\Users\Admin\Desktop\00406\UDS-Trojan-Ransom.Win32.Generic-307877ffda4924fe3b54b3b1fa3e104d611d706d8c634614fa95fcd3d91de092.exe
        UDS-Trojan-Ransom.Win32.Generic-307877ffda4924fe3b54b3b1fa3e104d611d706d8c634614fa95fcd3d91de092.exe
        3⤵
        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
        • Checks BIOS information in registry
        • Checks computer location settings
        • Executes dropped EXE
        • Identifies Wine through registry keys
        • Suspicious use of NtSetInformationThreadHideFromDebugger
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:4268
        • C:\Users\Admin\AppData\Local\Temp\Oereyvmmml.exe
          "C:\Users\Admin\AppData\Local\Temp\Oereyvmmml.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious use of AdjustPrivilegeToken
          PID:1308
        • C:\Users\Admin\AppData\Local\Temp\Nnvrr.exe
          "C:\Users\Admin\AppData\Local\Temp\Nnvrr.exe"
          4⤵
          • Checks computer location settings
          • Executes dropped EXE
          • Suspicious use of AdjustPrivilegeToken
          PID:1004
          • C:\Windows\System32\cmd.exe
            "C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmp84E6.tmp.bat
            5⤵
              PID:10448
              • C:\Windows\system32\chcp.com
                chcp 65001
                6⤵
                  PID:10644
                • C:\Windows\system32\taskkill.exe
                  TaskKill /F /IM 1004
                  6⤵
                  • Kills process with taskkill
                  PID:10688
                • C:\Windows\system32\timeout.exe
                  Timeout /T 2 /Nobreak
                  6⤵
                  • Delays execution with timeout.exe
                  PID:10776
          • C:\Users\Admin\Desktop\00406\VHO-Trojan-Ransom.Win32.Convagent.gen-151239a6ca4aa492c4d810d8a92dd55a2b3a8822e57f9a2046d4580599452deb.exe
            VHO-Trojan-Ransom.Win32.Convagent.gen-151239a6ca4aa492c4d810d8a92dd55a2b3a8822e57f9a2046d4580599452deb.exe
            3⤵
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:3892
            • C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
              dw20.exe -x -s 956
              4⤵
              • System Location Discovery: System Language Discovery
              • Checks processor information in registry
              • Enumerates system info in registry
              • Suspicious use of AdjustPrivilegeToken
              PID:3332
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 368 -p 1056 -ip 1056
        1⤵
          PID:4840
        • C:\Windows\system32\wbem\unsecapp.exe
          C:\Windows\system32\wbem\unsecapp.exe -Embedding
          1⤵
            PID:4124
          • C:\Windows\system32\vssvc.exe
            C:\Windows\system32\vssvc.exe
            1⤵
            • Suspicious use of AdjustPrivilegeToken
            PID:2488
          • C:\Windows\system32\msiexec.exe
            C:\Windows\system32\msiexec.exe /V
            1⤵
            • Enumerates connected drives
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            PID:6368
            • C:\Windows\syswow64\MsiExec.exe
              C:\Windows\syswow64\MsiExec.exe -Embedding 48B095D288FBB2BBC38FC2F0AD7973D2
              2⤵
              • Loads dropped DLL
              • System Location Discovery: System Language Discovery
              PID:6884
              • C:\Users\Admin\AppData\Local\Temp\7A294643-BD3A-4A14-B3A4-CE014DAC0007\lite_installer.exe
                "C:\Users\Admin\AppData\Local\Temp\7A294643-BD3A-4A14-B3A4-CE014DAC0007\lite_installer.exe" --use-user-default-locale --silent --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/5/ --YABROWSER
                3⤵
                • Executes dropped EXE
                • System Location Discovery: System Language Discovery
                PID:5520
              • C:\Users\Admin\AppData\Local\Temp\1621B2FC-33F2-40F3-B5BE-40FD4E7580EF\seederexe.exe
                "C:\Users\Admin\AppData\Local\Temp\1621B2FC-33F2-40F3-B5BE-40FD4E7580EF\seederexe.exe" "--yqs=y" "--yhp=y" "--ilight=" "--oem=" "--nopin=n" "--pin_custom=n" "--pin_desktop=n" "--pin_taskbar=y" "--locale=us" "--browser=y" "--browser_default=" "--loglevel=trace" "--ess=" "--clids=C:\Users\Admin\AppData\Local\Temp\clids-yasearch.xml" "--sender=C:\Users\Admin\AppData\Local\Temp\6D464E8A-1D1D-4F4E-8602-5067970ABB0C\sender.exe" "--is_elevated=yes" "--ui_level=2" "--good_token=x" "--no_opera=n"
                3⤵
                • Executes dropped EXE
                • System Location Discovery: System Language Discovery
                • Modifies Internet Explorer settings
                • Modifies Internet Explorer start page
                • Modifies registry class
                PID:5392
                • C:\Users\Admin\AppData\Local\Temp\6D464E8A-1D1D-4F4E-8602-5067970ABB0C\sender.exe
                  C:\Users\Admin\AppData\Local\Temp\6D464E8A-1D1D-4F4E-8602-5067970ABB0C\sender.exe --send "/status.xml?clid=2278730-666&uuid=2f62ba90-487d-4950-a717-e01eeb9f373e&vnt=Windows 10x64&file-no=8%0A10%0A11%0A12%0A13%0A15%0A17%0A18%0A20%0A21%0A22%0A25%0A36%0A40%0A42%0A45%0A57%0A61%0A89%0A102%0A103%0A111%0A123%0A124%0A125%0A129%0A"
                  4⤵
                  • Executes dropped EXE
                  • System Location Discovery: System Language Discovery
                  PID:15164
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -pss -s 188 -p 4216 -ip 4216
            1⤵
              PID:7036
            • C:\Windows\SysWOW64\werfault.exe
              werfault.exe /h /shared Global\77d183bdaa714a30a06fad8a5de57c2b /t 928 /p 3540
              1⤵
                PID:15132
              • C:\Windows\system32\NOTEPAD.EXE
                "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Public\Desktop\54d3m8g-readme.txt
                1⤵
                  PID:12332
                • C:\Users\Admin\AppData\Local\Temp\{1AB351A2-9CA0-470E-9056-7634ABBF9885}.exe
                  "C:\Users\Admin\AppData\Local\Temp\{1AB351A2-9CA0-470E-9056-7634ABBF9885}.exe" --job-name=yBrowserDownloader-{3DFD2794-E8C3-443A-9FB0-C3D44BDBA423} --send-statistics --local-path=C:\Users\Admin\AppData\Local\Temp\{1AB351A2-9CA0-470E-9056-7634ABBF9885}.exe --YABROWSER --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/5/ --silent --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe?clid=2278714-666&ui={2f62ba90-487d-4950-a717-e01eeb9f373e} --use-user-default-locale
                  1⤵
                  • Executes dropped EXE
                  • System Location Discovery: System Language Discovery
                  PID:12500
                  • C:\Users\Admin\AppData\Local\Temp\ybB54C.tmp
                    "C:\Users\Admin\AppData\Local\Temp\ybB54C.tmp" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\20c48e4a-caac-49f3-ad3e-b2e17383ad01.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/5/ --install-start-time-no-uac=615206250 --installer-brand-id=yandex --installer-partner-id=pseudoportal-ru --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --job-name=yBrowserDownloader-{3DFD2794-E8C3-443A-9FB0-C3D44BDBA423} --local-path="C:\Users\Admin\AppData\Local\Temp\{1AB351A2-9CA0-470E-9056-7634ABBF9885}.exe" --partner-package="C:\Users\Admin\AppData\Local\Temp\PartnerFile" --progress-window=0 --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe?clid=2278714-666&ui={2f62ba90-487d-4950-a717-e01eeb9f373e} --send-statistics --silent --source=lite --use-user-default-locale --variations-update-path="C:\Users\Admin\AppData\Local\Temp\3f8e5502-7614-46b1-bc5a-1ebcbe9ba8cd.tmp" --verbose-logging --yabrowser --yandex-website-icon-file="C:\Users\Admin\AppData\Local\Temp\website.ico"
                    2⤵
                    • Executes dropped EXE
                    • System Location Discovery: System Language Discovery
                    PID:14116
                    • C:\Users\Admin\AppData\Local\Temp\YB_8AF65.tmp\setup.exe
                      "C:\Users\Admin\AppData\Local\Temp\YB_8AF65.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_8AF65.tmp\BROWSER.PACKED.7Z" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\20c48e4a-caac-49f3-ad3e-b2e17383ad01.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/5/ --install-start-time-no-uac=615206250 --installer-brand-id=yandex --installer-partner-id=pseudoportal-ru --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --job-name=yBrowserDownloader-{3DFD2794-E8C3-443A-9FB0-C3D44BDBA423} --local-path="C:\Users\Admin\AppData\Local\Temp\{1AB351A2-9CA0-470E-9056-7634ABBF9885}.exe" --partner-package="C:\Users\Admin\AppData\Local\Temp\PartnerFile" --progress-window=0 --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe?clid=2278714-666&ui={2f62ba90-487d-4950-a717-e01eeb9f373e} --send-statistics --silent --source=lite --use-user-default-locale --variations-update-path="C:\Users\Admin\AppData\Local\Temp\3f8e5502-7614-46b1-bc5a-1ebcbe9ba8cd.tmp" --verbose-logging --yabrowser --yandex-website-icon-file="C:\Users\Admin\AppData\Local\Temp\website.ico"
                      3⤵
                      • Checks computer location settings
                      • Executes dropped EXE
                      • Drops file in Program Files directory
                      • System Location Discovery: System Language Discovery
                      PID:14268
                      • C:\Users\Admin\AppData\Local\Temp\YB_8AF65.tmp\setup.exe
                        "C:\Users\Admin\AppData\Local\Temp\YB_8AF65.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_8AF65.tmp\BROWSER.PACKED.7Z" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\20c48e4a-caac-49f3-ad3e-b2e17383ad01.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/5/ --install-start-time-no-uac=615206250 --installer-brand-id=yandex --installer-partner-id=pseudoportal-ru --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --job-name=yBrowserDownloader-{3DFD2794-E8C3-443A-9FB0-C3D44BDBA423} --local-path="C:\Users\Admin\AppData\Local\Temp\{1AB351A2-9CA0-470E-9056-7634ABBF9885}.exe" --partner-package="C:\Users\Admin\AppData\Local\Temp\PartnerFile" --progress-window=0 --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe?clid=2278714-666&ui={2f62ba90-487d-4950-a717-e01eeb9f373e} --send-statistics --silent --source=lite --use-user-default-locale --variations-update-path="C:\Users\Admin\AppData\Local\Temp\3f8e5502-7614-46b1-bc5a-1ebcbe9ba8cd.tmp" --verbose-logging --yabrowser --yandex-website-icon-file="C:\Users\Admin\AppData\Local\Temp\website.ico" --verbose-logging --run-as-admin --target-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application" --child-setup-process --restart-as-admin-time=639839225
                        4⤵
                        • Executes dropped EXE
                        • Drops file in Program Files directory
                        • System Location Discovery: System Language Discovery
                        • System Time Discovery
                        • Modifies registry class
                        • Modifies system certificate store
                        PID:14328
                        • C:\Users\Admin\AppData\Local\Temp\YB_8AF65.tmp\setup.exe
                          C:\Users\Admin\AppData\Local\Temp\YB_8AF65.tmp\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=488dca4c15f9a1d330ad312b391a804e --annotation=main_process_pid=14328 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.10.1.599 --initial-client-data=0x340,0x344,0x348,0x31c,0x34c,0xbf8be0,0xbf8bec,0xbf8bf8
                          5⤵
                          • Executes dropped EXE
                          • System Location Discovery: System Language Discovery
                          PID:7564
                        • C:\Windows\TEMP\sdwra_14328_507852554\service_update.exe
                          "C:\Windows\TEMP\sdwra_14328_507852554\service_update.exe" --setup
                          5⤵
                          • Checks computer location settings
                          • Executes dropped EXE
                          • Drops file in Program Files directory
                          • System Location Discovery: System Language Discovery
                          PID:2116
                          • C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.599\service_update.exe
                            "C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.599\service_update.exe" --install
                            6⤵
                            • Executes dropped EXE
                            • System Location Discovery: System Language Discovery
                            PID:6700
                        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
                          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Temp\clids.xml"
                          5⤵
                          • Executes dropped EXE
                          • System Location Discovery: System Language Discovery
                          PID:6116
                        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
                          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\source14328_1032910400\Browser-bin\clids_yandex_second.xml"
                          5⤵
                          • Executes dropped EXE
                          • System Location Discovery: System Language Discovery
                          PID:5608
                • C:\Windows\System32\rundll32.exe
                  C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                  1⤵
                    PID:5988
                  • C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.599\service_update.exe
                    "C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.599\service_update.exe" --run-as-service
                    1⤵
                    • Executes dropped EXE
                    • Drops file in System32 directory
                    • System Location Discovery: System Language Discovery
                    • Modifies data under HKEY_USERS
                    PID:2224
                    • C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.599\service_update.exe
                      "C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.599\service_update.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=488dca4c15f9a1d330ad312b391a804e --annotation=main_process_pid=2224 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.10.1.599 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0x94e784,0x94e790,0x94e79c
                      2⤵
                      • Executes dropped EXE
                      • System Location Discovery: System Language Discovery
                      PID:1812
                    • C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.599\service_update.exe
                      "C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.599\service_update.exe" --update-scheduler
                      2⤵
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • System Location Discovery: System Language Discovery
                      PID:6504
                      • C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.599\service_update.exe
                        "C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.599\service_update.exe" --update-background-scheduler
                        3⤵
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • System Location Discovery: System Language Discovery
                        PID:6436
                  • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                    "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --progress-window=0 --install-start-time-no-uac=615206250
                    1⤵
                    • Checks computer location settings
                    • Executes dropped EXE
                    • Loads dropped DLL
                    • Adds Run key to start application
                    • Checks system information in the registry
                    • System Location Discovery: System Language Discovery
                    • Enumerates system info in registry
                    • Modifies data under HKEY_USERS
                    • Modifies registry class
                    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                    • Suspicious use of SetWindowsHookEx
                    PID:7716
                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                      C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id= --annotation=main_process_pid=7716 --annotation=metrics_client_id=40be785d951247428969c136c867a83a --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.10.1.599 --initial-client-data=0x180,0x184,0x188,0x15c,0x18c,0x70f09a24,0x70f09a30,0x70f09a3c
                      2⤵
                      • Executes dropped EXE
                      • Loads dropped DLL
                      • System Location Discovery: System Language Discovery
                      PID:7736
                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=2f62ba90-487d-4950-a717-e01eeb9f373e --brand-id=yandex --partner-id=pseudoportal-ru --gpu-preferences=UAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --gpu-process-kind=sandboxed --field-trial-handle=2384,i,2089300949690059679,16523485162494985410,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2376 /prefetch:2
                      2⤵
                      • Executes dropped EXE
                      • Loads dropped DLL
                      • System Location Discovery: System Language Discovery
                      PID:8320
                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=2f62ba90-487d-4950-a717-e01eeb9f373e --brand-id=yandex --partner-id=pseudoportal-ru --gpu-preferences=UAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=disabled --gpu-process-kind=trampoline --field-trial-handle=2204,i,2089300949690059679,16523485162494985410,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2556 /prefetch:6
                      2⤵
                      • Executes dropped EXE
                      • Loads dropped DLL
                      • System Location Discovery: System Language Discovery
                      PID:8332
                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=2f62ba90-487d-4950-a717-e01eeb9f373e --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Network Service" --field-trial-handle=2540,i,2089300949690059679,16523485162494985410,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2688 --brver=24.10.1.599 /prefetch:3
                      2⤵
                      • Executes dropped EXE
                      • Loads dropped DLL
                      • System Location Discovery: System Language Discovery
                      PID:8352
                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=ru --service-sandbox-type=service --user-id=2f62ba90-487d-4950-a717-e01eeb9f373e --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Storage Service" --field-trial-handle=2988,i,2089300949690059679,16523485162494985410,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2236 --brver=24.10.1.599 /prefetch:8
                      2⤵
                      • Executes dropped EXE
                      • Loads dropped DLL
                      • System Location Discovery: System Language Discovery
                      PID:8460
                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=ru --service-sandbox-type=audio --user-id=2f62ba90-487d-4950-a717-e01eeb9f373e --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Audio Service" --field-trial-handle=2200,i,2089300949690059679,16523485162494985410,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3544 --brver=24.10.1.599 /prefetch:8
                      2⤵
                      • Executes dropped EXE
                      • Loads dropped DLL
                      • System Location Discovery: System Language Discovery
                      PID:8512
                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=2f62ba90-487d-4950-a717-e01eeb9f373e --brand-id=yandex --partner-id=pseudoportal-ru --extension-process --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --allow-prefetch --video-capture-use-gpu-memory-buffer --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3596,i,2089300949690059679,16523485162494985410,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3612 /prefetch:2
                      2⤵
                      • Checks computer location settings
                      • Executes dropped EXE
                      • Loads dropped DLL
                      • System Location Discovery: System Language Discovery
                      PID:8524
                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=ru --service-sandbox-type=none --user-id=2f62ba90-487d-4950-a717-e01eeb9f373e --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Video Capture" --field-trial-handle=3724,i,2089300949690059679,16523485162494985410,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3904 --brver=24.10.1.599 /prefetch:8
                      2⤵
                      • Executes dropped EXE
                      • Loads dropped DLL
                      • System Location Discovery: System Language Discovery
                      • Modifies registry class
                      PID:8556
                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=2f62ba90-487d-4950-a717-e01eeb9f373e --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --field-trial-handle=4228,i,2089300949690059679,16523485162494985410,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4248 --brver=24.10.1.599 /prefetch:8
                      2⤵
                      • Executes dropped EXE
                      • Loads dropped DLL
                      • System Location Discovery: System Language Discovery
                      PID:8676
                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=ru --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --user-id=2f62ba90-487d-4950-a717-e01eeb9f373e --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Импорт профилей" --field-trial-handle=4596,i,2089300949690059679,16523485162494985410,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5316 --brver=24.10.1.599 /prefetch:8
                      2⤵
                      • Executes dropped EXE
                      • Loads dropped DLL
                      • System Location Discovery: System Language Discovery
                      PID:9976
                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=2f62ba90-487d-4950-a717-e01eeb9f373e --brand-id=yandex --partner-id=pseudoportal-ru --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --allow-prefetch --video-capture-use-gpu-memory-buffer --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3576,i,2089300949690059679,16523485162494985410,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5388 /prefetch:1
                      2⤵
                      • Checks computer location settings
                      • Executes dropped EXE
                      • Loads dropped DLL
                      • System Location Discovery: System Language Discovery
                      PID:9816
                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=uwp_cookie_provider.mojom.UwpCookieProvider --lang=ru --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --user-id=2f62ba90-487d-4950-a717-e01eeb9f373e --brand-id=yandex --partner-id=pseudoportal-ru --process-name=uwp_cookie_provider.mojom.UwpCookieProvider --field-trial-handle=4788,i,2089300949690059679,16523485162494985410,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4528 --brver=24.10.1.599 /prefetch:8
                      2⤵
                      • Executes dropped EXE
                      • Loads dropped DLL
                      • System Location Discovery: System Language Discovery
                      PID:12188
                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=2f62ba90-487d-4950-a717-e01eeb9f373e --brand-id=yandex --partner-id=pseudoportal-ru --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --video-capture-use-gpu-memory-buffer --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5720,i,2089300949690059679,16523485162494985410,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5728 /prefetch:1
                      2⤵
                      • Checks computer location settings
                      • Executes dropped EXE
                      • Loads dropped DLL
                      • System Location Discovery: System Language Discovery
                      PID:12272
                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=2f62ba90-487d-4950-a717-e01eeb9f373e --brand-id=yandex --partner-id=pseudoportal-ru --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --video-capture-use-gpu-memory-buffer --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5992,i,2089300949690059679,16523485162494985410,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5912 /prefetch:1
                      2⤵
                      • Checks computer location settings
                      • Executes dropped EXE
                      • Loads dropped DLL
                      • System Location Discovery: System Language Discovery
                      PID:12588
                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --user-id=2f62ba90-487d-4950-a717-e01eeb9f373e --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --field-trial-handle=5284,i,2089300949690059679,16523485162494985410,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5984 --brver=24.10.1.599 /prefetch:8
                      2⤵
                      • Executes dropped EXE
                      • Loads dropped DLL
                      • System Location Discovery: System Language Discovery
                      PID:12624
                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --user-id=2f62ba90-487d-4950-a717-e01eeb9f373e --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --field-trial-handle=5916,i,2089300949690059679,16523485162494985410,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5920 --brver=24.10.1.599 /prefetch:8
                      2⤵
                      • Executes dropped EXE
                      • Loads dropped DLL
                      • System Location Discovery: System Language Discovery
                      PID:6820
                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=2f62ba90-487d-4950-a717-e01eeb9f373e --brand-id=yandex --partner-id=pseudoportal-ru --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --ya-custo-process --enable-instaserp --video-capture-use-gpu-memory-buffer --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=6912,i,2089300949690059679,16523485162494985410,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=6932 /prefetch:1
                      2⤵
                      • Checks computer location settings
                      • Executes dropped EXE
                      • Loads dropped DLL
                      • System Location Discovery: System Language Discovery
                      PID:13616
                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=2f62ba90-487d-4950-a717-e01eeb9f373e --brand-id=yandex --partner-id=pseudoportal-ru --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --ya-custo-process --enable-instaserp --video-capture-use-gpu-memory-buffer --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=4268,i,2089300949690059679,16523485162494985410,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=7088 /prefetch:1
                      2⤵
                      • Executes dropped EXE
                      PID:13888
                  • C:\Windows\system32\NOTEPAD.EXE
                    "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\54d3m8g-readme.txt
                    1⤵
                      PID:8032

                    Network

                    MITRE ATT&CK Enterprise v15

                    Reconnaissance

                    Resource Development

                    Initial Access

                    Replication Through Removable Media

                    1
                    T1091

                    Execution

                    Persistence

                    Boot or Logon Autostart Execution

                    2
                    T1547

                    Registry Run Keys / Startup Folder

                    1
                    T1547.001

                    Winlogon Helper DLL

                    1
                    T1547.004

                    Privilege Escalation

                    Boot or Logon Autostart Execution

                    2
                    T1547

                    Registry Run Keys / Startup Folder

                    1
                    T1547.001

                    Winlogon Helper DLL

                    1
                    T1547.004

                    Defense Evasion

                    Modify Registry

                    6
                    T1112

                    Subvert Trust Controls

                    1
                    T1553

                    Install Root Certificate

                    1
                    T1553.004

                    Virtualization/Sandbox Evasion

                    2
                    T1497

                    Credential Access

                    Credentials from Password Stores

                    2
                    T1555

                    Credentials from Web Browsers

                    1
                    T1555.003

                    Windows Credential Manager

                    1
                    T1555.004

                    Unsecured Credentials

                    1
                    T1552

                    Credentials In Files

                    1
                    T1552.001

                    Discovery

                    Browser Information Discovery

                    1
                    T1217

                    Peripheral Device Discovery

                    2
                    T1120

                    Query Registry

                    10
                    T1012

                    System Information Discovery

                    8
                    T1082

                    System Location Discovery

                    1
                    T1614

                    System Language Discovery

                    1
                    T1614.001

                    System Time Discovery

                    1
                    T1124

                    Virtualization/Sandbox Evasion

                    2
                    T1497

                    Lateral Movement

                    Replication Through Removable Media

                    1
                    T1091

                    Collection

                    Data from Local System

                    1
                    T1005

                    Command and Control

                    Web Service

                    1
                    T1102

                    Exfiltration

                    Impact

                    Defacement

                    1
                    T1491

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\$Recycle.Bin\S-1-5-21-2045521122-590294423-3465680274-1000\desktop.ini.exe
                      Filesize

                      863KB

                      MD5

                      a758a6502227ff7f75e35c78b7c8afae

                      SHA1

                      64fa5bb0c3fe29de249932a66ff98bc24a9f32cc

                      SHA256

                      fcfa2bcbf242a4211e32042912cd5844e63b0b13d9cfcfb45884e20c999fca5d

                      SHA512

                      263df00388f45fdcc01fc24aef4a71b41bfb15bb9224867539b9dd74e34b5bb293ba8b3b20045c70ec3887d08e6807f2164f97721a4bebda5003549041ba6a22

                      Download Submit

                    • C:\Config.Msi\e595fcd.rbs
                      Filesize

                      911B

                      MD5

                      187a9aa8a30a567a857c204bbd1b77cf

                      SHA1

                      a33c33af555c7f1561fd59db2adef68024741b23

                      SHA256

                      2735715b80c8dbe0301123a3fb47d725bd0031769f90a5ebfed69ab17f0ed81c

                      SHA512

                      2029624011872c2f42f84fe33f33eff721445d5e7ff56e706c3b4c1e4e5ebd56e40b88fd809fc92c8ad1dd3a46776180ffa849f05d761778b507ec4204ae0adf

                      Download Submit

                    • C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.599\service_update.exe
                      Filesize

                      2.4MB

                      MD5

                      7830efa920e70910bace9a439e082283

                      SHA1

                      1df12578cf171c172b4b59ac3a5e3e9bf951a094

                      SHA256

                      7405bee1e65a963806f6a012fbc12521586d43d9308c9fbd6bb29b1f13044122

                      SHA512

                      a911e28e4844c683a57bca288d8d713b37454d4b7b865fb68aadebab8f6d61729b821eeae700305f7f07acd32e4f90f9843244071385a297a8ea06e8f54cf86d

                      Download Submit

                    • C:\ProgramData\Package Cache\{7DAD0258-515C-3DD4-8964-BD714199E0F7}v12.0.40660\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.0s1-oof-dvl
                      Filesize

                      140KB

                      MD5

                      f9014dbda7832b455ed45145916235e1

                      SHA1

                      3fb97327c7a12b0362f65f64d2c2f31747ae2221

                      SHA256

                      b11b1d2226fba83084059f50fcc26c4904eef80d3318cfe643d4265e6887abaf

                      SHA512

                      2e739a4198efc1ccea8beb5c333c5e2b9cd778fdb09d6e22bb7bbc3e383896fa3e9a7bf288966a6e8f5de0fe56e7a807b3d71e54739d9e4af28ca5d2bcc7b5e7

                      Download Submit

                    • C:\ProgramData\Package Cache\{9F51D16B-42E8-4A4A-8228-75045541A2AE}v56.64.8781\dotnet-host-7.0.16-win-x64.msi.0s1-oof-dvl
                      Filesize

                      744KB

                      MD5

                      97051af49ccf2deca647db0691a8f4c9

                      SHA1

                      0b0db145dd9fb47c7459aff82dcff0fc733c5c0d

                      SHA256

                      8a6f27669ba7373cb113815e867ae18df023d3dbc1b0a061a6afc65023df6543

                      SHA512

                      35ca4c7cfebbdebdab5bf0df624ce15c07f1b6b91aca40210470c00519b3c9520adba698607a1fa397035c68ac5b64017cbaac8f33d2ac8fbd7ccdea1535ff29

                      Download Submit

                    • C:\ProgramData\Yandex\YandexBrowser\service_update.log
                      Filesize

                      4KB

                      MD5

                      b81ab13ae524fe881b18d22a81cb5a75

                      SHA1

                      ed67838fba711f159031f7a21658992e1f4dd1b2

                      SHA256

                      01f12cbdb5fe9ff6e98fe54ad7c94edc157be4adfc7f28d38f53c3d5cf222a25

                      SHA512

                      069e4d23705a991e39c355d970e70ffffde3480274a314fa571c660d6f8f0d0fe57e9ce24eef26835c4eea3668259266548c19f9039535179970e34fe2b3a389

                      Download Submit

                    • C:\Users\Admin\54d3m8g-readme.txt
                      Filesize

                      6KB

                      MD5

                      9550246b013a3013c95b41ba1854332d

                      SHA1

                      d74a04f9a54f9d11fb96ffe890d72428d8a4fb92

                      SHA256

                      5a893d3dd323f6aac1212f5bc4d96ba53f4cc38006298ab5b9e5ba686b61ace5

                      SHA512

                      72e3d7f6a50b65aef9e8ac07b9c70c464cc05d8ea2e846d6feab8e2475bf1a6392d73b2f326cb9b20ba7c25719aed581e6686babefda62c61cdf0643da4a28f0

                      Download Submit

                    • C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
                      Filesize

                      64KB

                      MD5

                      d2fb266b97caff2086bf0fa74eddb6b2

                      SHA1

                      2f0061ce9c51b5b4fbab76b37fc6a540be7f805d

                      SHA256

                      b09f68b61d9ff5a7c7c8b10eee9447d4813ee0e866346e629e788cd4adecb66a

                      SHA512

                      c3ba95a538c1d266beb83334af755c34ce642a4178ab0f2e5f7822fd6821d3b68862a8b58f167a9294e6d913b08c1054a69b5d7aec2efdb3cf9796ed84de21a8

                      Download Submit

                    • C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
                      Filesize

                      4B

                      MD5

                      f49655f856acb8884cc0ace29216f511

                      SHA1

                      cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

                      SHA256

                      7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

                      SHA512

                      599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

                      Download Submit

                    • C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
                      Filesize

                      944B

                      MD5

                      6bd369f7c74a28194c991ed1404da30f

                      SHA1

                      0f8e3f8ab822c9374409fe399b6bfe5d68cbd643

                      SHA256

                      878947d0ec814fe7c343cdebc05eebf00eb14f3023bdb3809a559e17f399fe5d

                      SHA512

                      8fc5f073dc9fa1e1ae47c60a5f06e0a48709fd6a4302dffaa721858409e7bde64bc6856d3fb28891090516d1a7afc542579de287778b5755eafe75cc67d45d93

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\HEUR-Trojan-Ransom.MSIL.Crypmod.gen-1dbf72d00508abe53078b82df6f24dce102030b44cf4ff08ab6cde406e2afc2d.exe.log
                      Filesize

                      847B

                      MD5

                      66a0a4aa01208ed3d53a5e131a8d030a

                      SHA1

                      ef5312ba2b46b51a4d04b574ca1789ac4ff4a6b1

                      SHA256

                      f0ab05c32d6af3c2b559dbce4dec025ce3e730655a2430ade520e89a557cace8

                      SHA512

                      626f0dcf0c6bcdc0fef25dc7da058003cf929fd9a39a9f447b79fb139a417532a46f8bca1ff2dbde09abfcd70f5fb4f8d059b1fe91977c377df2f5f751c84c5c

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\HEUR-Trojan-Ransom.MSIL.Encoder.gen-c9c23f532b034cc9055bd8db4d7e237706749584b36bb90db4d8a4d2e4cf3c73.exe.log
                      Filesize

                      1KB

                      MD5

                      baf55b95da4a601229647f25dad12878

                      SHA1

                      abc16954ebfd213733c4493fc1910164d825cac8

                      SHA256

                      ee954c5d8156fd8890e582c716e5758ed9b33721258f10e758bdc31ccbcb1924

                      SHA512

                      24f502fedb1a305d0d7b08857ffc1db9b2359ff34e06d5748ecc84e35c985f29a20d9f0a533bea32d234ab37097ec0481620c63b14ac89b280e75e14d19fd545

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\UDS-Trojan-Ransom.Win32.Generic-307877ffda4924fe3b54b3b1fa3e104d611d706d8c634614fa95fcd3d91de092.exe.log
                      Filesize

                      1KB

                      MD5

                      7ebe314bf617dc3e48b995a6c352740c

                      SHA1

                      538f643b7b30f9231a3035c448607f767527a870

                      SHA256

                      48178f884b8a4dd96e330b210b0530667d9473a7629fc6b4ad12b614bf438ee8

                      SHA512

                      0ba9d8f4244c15285e254d27b4bff7c49344ff845c48bc0bf0d8563072fab4d6f7a6abe6b6742e8375a08e9a3b3e5d5dc4937ab428dbe2dd8e62892fda04507e

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Services\www.ya.ru.ico
                      Filesize

                      5KB

                      MD5

                      a6f6261de61d910e0b828040414cee02

                      SHA1

                      d9df5043d0405b3f5ddaacb74db36623dd3969dc

                      SHA256

                      6bb91f1d74389b18bce6e71772e4c5573648c1a4823338193f700afdf8216be5

                      SHA512

                      20cb7b646c160c942e379c6e7a1a8981a09f520361c0205052c1d66e2fdb76333ffaaf0ca1dfc779754f0e844b9946900fbd5690d01869e1607abc1fda6dffab

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\2YUS9Q6F\seamonkey.setup[1].htm
                      Filesize

                      529B

                      MD5

                      e8f146ce12dde40f7850a73581580e27

                      SHA1

                      41ab91dcfc18f2f9b6b4fc4e529c836370ca4893

                      SHA256

                      c2126b199af5703fed8d3e52b55811a50465e4d259c2104b5eda240e1b179630

                      SHA512

                      1efb4e2807bdddb78172153058eb60db1780b92fe70017717df131e43958cf7fd1bca5e409c74a304f570672bb5d0853c1a0e28c129f8b1c2f19b81df4397c07

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6IJLDY7V\launches[1].htm
                      Filesize

                      178B

                      MD5

                      cd2e0e43980a00fb6a2742d3afd803b8

                      SHA1

                      81ffbd1712afe8cdf138b570c0fc9934742c33c1

                      SHA256

                      bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d

                      SHA512

                      0344c6b2757d4d787ed4a31ec7043c9dc9bf57017e451f60cecb9ad8f5febf64acf2a6c996346ae4b23297623ebf747954410aee27ee3c2f3c6ccd15a15d0f2d

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.0s1-oof-dvl
                      Filesize

                      8KB

                      MD5

                      bded7477588e91b2d51ad54eeca2080c

                      SHA1

                      60169febc047d3827cf653f28c5b95f27ebbac87

                      SHA256

                      cee2bab02c77a8ab9fde4d7f2445e428399ac5941e910ab4c8f4bf37daf33358

                      SHA512

                      30c99ed35a69260c463546917e29675942e345e8a50791c10abb85cf33fcfb75c8cfe03bb88495146ed86183e147fa162add0676c77a9759a1b6cf651af5b199

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662832033209.txt.0s1-oof-dvl
                      Filesize

                      77KB

                      MD5

                      d109dc2d9dd634f72bf4d3e6833aef4b

                      SHA1

                      626ae6503913382509767080570877359b8926ba

                      SHA256

                      9c1bb61bee9349338fd61bc512127d19453ee79409c0df9fd1f55287ee28719e

                      SHA512

                      60e289bcdc829e3afac75f24c7b7efef3f07bd2c2c904bcfa850c3f46cbd19d7387a3a3d3950c5c6d0d42020121d77ceb92bfa8ce47f545febf71f37e7fcfdbf

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727665100703612.txt.0s1-oof-dvl
                      Filesize

                      47KB

                      MD5

                      c6f7fefbac57692de8e9a4f514818646

                      SHA1

                      6d612094fab2a9dc5405f7153494549ac3ff3e34

                      SHA256

                      73d79d75e27861ad8603820aa3a63bdfdca3e16bb2fe2e608724489d67fc9f91

                      SHA512

                      6a1c06ef8daf5c37423917992d96cddd67731e6f03de0dede762921efacf62b96e8df77ceb92c5a46cc99f7022c01897700421b7405fb8a822de58de2f09178b

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727671148703052.txt.0s1-oof-dvl
                      Filesize

                      65KB

                      MD5

                      53c6ff830978c2d7f9265acf79d08ed4

                      SHA1

                      a35ee33cd9d4c623cc18ce37c27d79e87a075284

                      SHA256

                      67eea2f836cb20c0773a4f52fa05a577f881a75d9fc897b47bed8b5d1c5597ed

                      SHA512

                      a1e3d0dbea883f984af393cdc953003f474588fb125e22e8aaa5e88d6da26032738134e6b4be54c6eb991e3c4b10d3c0e8fe1639307126c8b9837c63b3a975d6

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727695133490697.txt.0s1-oof-dvl
                      Filesize

                      74KB

                      MD5

                      f8d0ea5c0fb02feacd2845b75fb1b23a

                      SHA1

                      bf4523c4d0dc7f9c3601f9115ac734ef32402900

                      SHA256

                      cefb9ae3dd2982717435dcd6dc03942654761cb8656b8865cb5e8892cef3e12b

                      SHA512

                      52a9aac0b998dc040747e073c3dcc16f80253573a8c6d5219cd9db0baba76d6cd852a1775b016dc9ce97a9434884b302052104ac6d42f6d300b77a9f73803293

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe
                      Filesize

                      10.1MB

                      MD5

                      e6d10b61b551b826819f52ac1dd1ea14

                      SHA1

                      be2cdcba51f080764858ca7d8567710f2a692473

                      SHA256

                      50d208224541ab66617323d8d791c06970a828eeb15b214965a5d88f6a093d41

                      SHA512

                      0d5d98424bab24ccced9b73d5ed58851d320e0540963a3ccc14da6d6231b2413136fa11458dc2155bb5844af9e28f3a053f8b7f709a806a4070c5ff737fb0ac8

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\Ecakb.exe
                      Filesize

                      3.7MB

                      MD5

                      8bc1017258f6e36dc78f78a83ee45b97

                      SHA1

                      cb737f7a382d158247f7b1a67263c018ee45558b

                      SHA256

                      8d1f921668cb0ae4420120644bb19efb959f0bb69e7ad27139b257cf78dddd09

                      SHA512

                      5b057a14f0017e3974706b5a572a78e7928e97374f8037460064db62e5dd893f04b17128d87c4ae77837d089c8e54cc14dac50c67733de74d011cf4968f7fcf6

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\Nnvrr.exe
                      Filesize

                      651KB

                      MD5

                      d7530bba408ebaafa94a89905b5bcae7

                      SHA1

                      32dd954e2177e78d8fa1329e8ca5bd33735a8bfa

                      SHA256

                      3cc6564d3c001acdd249420d3ad9dff841365bc64e134af54cc2b6cdde24864e

                      SHA512

                      5197053c417b4ac62a7b4bdd31526821a48c55323310cc84b9f790b45e2b92c28b5036b891c2f6315abcda18f1c38db01a2fa3c5b4bc11d3081461d9f6cd41ec

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\Oereyvmmml.exe
                      Filesize

                      7.7MB

                      MD5

                      ff13231f5089cfe4d858fa50052e498c

                      SHA1

                      76c284deadb6b0e52f9c404605e231e3e5370366

                      SHA256

                      836bb79a81ad8eef69a4e586ccbd9c9e558a8a14ac76ec97407e537f7f430a9d

                      SHA512

                      a77313da0886c9388d6d63f0ecd7998a1328be7a9ffcc860dd19d3ec233c28dc51d50a3591cbdadd998e17c09e3af9d59ff2e4ddb52399a2e922170e48fc11c9

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\Swacy.exe
                      Filesize

                      315KB

                      MD5

                      782ddc54a0048750b1f697e80f817bcd

                      SHA1

                      c2dfa3a40e88da4a5d824a1f3b8bc6bc657c3c6e

                      SHA256

                      82a477b510c0c1062a82ff4e67df7f0356f39f4ce6713a8ee7741da79337e913

                      SHA512

                      04574a981ceff41815974b7b62ec2105d253885b53651b0f4babda1287b158371ed6de28c527b43e84f304d075ed2a87753beaf04514abedbb13c3838e8802eb

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_w1spkfay.lyb.ps1
                      Filesize

                      60B

                      MD5

                      d17fe0a3f47be24a6453e9ef58c94641

                      SHA1

                      6ab83620379fc69f80c0242105ddffd7d98d5d9d

                      SHA256

                      96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                      SHA512

                      5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\lite_installer.log
                      Filesize

                      8KB

                      MD5

                      716691947a4a7bf4a68abb21976833ff

                      SHA1

                      2c2682741d6c9125efee126f145e79a5bd2300b6

                      SHA256

                      bee29f166f0864b8a69370c509b11ae9610942ba8e12c4d33f509246e67951d2

                      SHA512

                      49fd5fc843a56965a3f2e6a6802e1043b63b67ea5d3a7f667079a991074dfd546933721b6e8d5bd54ea53770604e0fb06d0b2692df43048619b178e82fcba0a0

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\lite_installer.log
                      Filesize

                      14KB

                      MD5

                      146f6144854872719283ef1a76c2728d

                      SHA1

                      32f187622534d97de066b1e07ace0dab9344cc8c

                      SHA256

                      15b9a12c1215b4ad8adfa2da067416c534cb2c0e2a6c721645bd0a82ce8511c4

                      SHA512

                      f4a6d20be0720da80d007fcad01c2c9984146978819ba76d01f140f896fcc1c2c958eba896f674f6b935c4469a8fc118faffa5fdab7885aee822c941ebb5a6ca

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\master_preferences
                      Filesize

                      188KB

                      MD5

                      92c0c975da1eb84a1173c12b4059e5b8

                      SHA1

                      5fbe1f40e9261ec50e5c07fbf136351190df0c7b

                      SHA256

                      c4934d94836953e94e326fad797990b941e1656f03e8f1253630c9a636815ffc

                      SHA512

                      201452503a5a4806612981c1b6d780b9349e0b2a6ae79ca4079719a8360043a095d10bc324056130402a816521814bd690b6267c547bb3d4b8048e027d2c7fcb

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\nshE28C.tmp\INetC.dll
                      Filesize

                      24KB

                      MD5

                      640bff73a5f8e37b202d911e4749b2e9

                      SHA1

                      9588dd7561ab7de3bca392b084bec91f3521c879

                      SHA256

                      c1e568e25ec111184deb1b87cfda4bfec529b1abeab39b66539d998012f33502

                      SHA512

                      39c6c358e2b480c8cbebcc1da683924c8092fb2947f2da4a8df1b0dc1fdda61003d91d12232a436ec88ff4e0995b7f6ee8c6efbdca935eaa984001f7a72fea0a

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\nshE28C.tmp\System.dll
                      Filesize

                      16KB

                      MD5

                      c8ffec7d9f2410dcbe25fe6744c06aad

                      SHA1

                      1d868cd6f06b4946d3f14b043733624ff413486f

                      SHA256

                      50138c04dc8b09908d68abc43e6eb3ab81e25cbf4693d893189e51848424449f

                      SHA512

                      4944c84894a26fee2dd926bf33fdf4523462a32c430cf1f76a0ce2567a47f985c79a2b97ceed92a04edab7b5678bfc50b4af89e0f2dded3b53b269f89e6b734b

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\nshE28C.tmp\nsDialogs.dll
                      Filesize

                      11KB

                      MD5

                      da979fedc022c3d99289f2802ef9fe3b

                      SHA1

                      2080ceb9ae2c06ab32332b3e236b0a01616e4bba

                      SHA256

                      d6d8f216f081f6c34ec3904ef635d1ed5ca9f5e3ec2e786295d84bc6997ddcaa

                      SHA512

                      bd586d8a3b07052e84a4d8201945cf5906ee948a34806713543acd02191b559eb5c7910d0aff3ceab5d3b61bdf8741c749aea49743025dbaed5f4c0849c80be6

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\omnija-20242728.zip
                      Filesize

                      42.1MB

                      MD5

                      bf952b53408934f1d48596008f252b8d

                      SHA1

                      758d76532fdb48c4aaf09a24922333c4e1de0d01

                      SHA256

                      2183a97932f51d5b247646985b4e667d8be45f18731c418479bbd7743c825686

                      SHA512

                      a510a96e17090ada1a107e0f6d4819787652ab3d38cd17237f255c736817c7cfcb3fd5cf25f56d5693f4923375b2ab9548e9215070e252aae25c3528b2186d99

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\vendor00000.xml
                      Filesize

                      510B

                      MD5

                      27bdb0864e3f7a9f6c61810adeaa9f53

                      SHA1

                      3c911d197a054a51a1ad444e3bcc4b634063597a

                      SHA256

                      5981cca348493c670d47550ec9b201662046f5bb7c298af860c28814ff2f112f

                      SHA512

                      0a4d78904c5efc0a2529b8d6f3e8e7001dd59807de8e9bd195e2f8a561b2e15de827dd65a74f7010f534f24df5fa2adb3e56074848878119955890feacde24ea

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\wctDB6.tmp.0s1-oof-dvl
                      Filesize

                      63KB

                      MD5

                      b4dad93a45b802ed689c1992cd95736a

                      SHA1

                      87cba3b742c30c2831195bacbc019677ce80c9bc

                      SHA256

                      9a69df20ee5027cda1899bd23549691dd9d679c5272bc1e68a582a34eb760af4

                      SHA512

                      275278a30b91aa97b4e7a7be801fdec0b6d8aeec0018861455a86beb532782429800507d7982626e5e6219b7064801ab33363786d3674282596a429f07a7a783

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\y_installer.exe
                      Filesize

                      203KB

                      MD5

                      b9314504e592d42cb36534415a62b3af

                      SHA1

                      059d2776f68bcc4d074619a3614a163d37df8b62

                      SHA256

                      c60c3a7d20b575fdeeb723e12a11c2602e73329dc413fc6d88f72e6f87e38b49

                      SHA512

                      e50adb690e2f6767001031e83f40cc067c9351d466051e45a40a9e7ff49049e35609f1e70dd7bb4a4721a112479f79090decca6896deac2680e7d107e3355dae

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\{1AB351A2-9CA0-470E-9056-7634ABBF9885}.exe
                      Filesize

                      14.6MB

                      MD5

                      eb832c13649e41da3aa921a0753b4194

                      SHA1

                      22d196021b0e67b98b4beb4495e1d0b7052c0581

                      SHA256

                      5b7e127a42b52b282640fb227da4005ee280b669bef57a9197b01a2eb6c1da46

                      SHA512

                      5a4367b5cd6a4f6f1343cf47244f40b99518989feb345d2d263caeeb7f9f5dbe3e3538456718adc4cdaa2ca2d0ddd880292fc4794905f135ddc579a9a67b16fe

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.599\brand_config
                      Filesize

                      8KB

                      MD5

                      fa4d6538619012d050db72d242ab1183

                      SHA1

                      ea307bbbd8724187e06835a76fa454ab6d817bf2

                      SHA256

                      dd2d72f860c432ab921c0a17ce45dde4d22cc539087d33f10368d1e1170983c9

                      SHA512

                      f76ec528ae53044b81c67d8d7ee715866ec6f643287348f7d1470534d8e12ef08f03037dfdd0aecee49b9658d76a4c89e16ac0f611bd586084f33c4629c383f0

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.599\partner_config
                      Filesize

                      341B

                      MD5

                      977bc7b2384ef1b3e78df8fbc3eeb16b

                      SHA1

                      7ee6110ca253005d738929b7ba0cc54ed2ed0a2e

                      SHA256

                      82e288090168abe15419015317fd38f56c1136e7481f66656d84e0a2d861d4d6

                      SHA512

                      4d154832ef3ac05abb1499a5bc8235d72f64cdaa3e6870206a6363c1d85d821604ae8a96850c2c8bd540d479b8dd5f3ce032472ed96bbf7eddb168ea3d2d1cf6

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                      Filesize

                      3.7MB

                      MD5

                      54742ee78b6b64a358d82c695006f19c

                      SHA1

                      7eeaf03844b494794046a9710b7f95a2a17e27ae

                      SHA256

                      69db0bd125d1dac27bd276c0415ffa170e4f57b902c1aac64026a91335927fc1

                      SHA512

                      791154b6226b8e30f90981496b1d29ecfbefabe4d7fbbd940549ec621d04a1e84afacf793debd059def89cd765011815c77128c3747dc9a2559cb2b965a697e2

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.599\Extensions\ghjgbemlcjioaaejhnnmgfpiplgalgcl.json
                      Filesize

                      119B

                      MD5

                      2ec6275318f8bfcab1e2e36a03fd9ffa

                      SHA1

                      063008acf0df2415f5bd28392d05b265427aac5c

                      SHA256

                      20832de8163d5af0a0c8bda863bcd6083df4f92175d856ce527de1dae1f7c433

                      SHA512

                      5eee4555be05d07bce49c9d89a1a64bb526b83e3ca6f06e2f9ef2094ad04c892110d43c25183da336989a00d05dad6ff5898ff59e2f0a69dcaaf0aa28f89a508

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.599\resources\about_logo_en.png
                      Filesize

                      1KB

                      MD5

                      1376f5abbe56c563deead63daf51e4e9

                      SHA1

                      0c838e0bd129d83e56e072243c796470a6a1088d

                      SHA256

                      c56ae312020aef1916a8a01d5a1fc67ed3b41e5da539c0f26632c904a5e49c62

                      SHA512

                      a0bab3bae1307ea8c7ccbd558b86c9f40e748cdd6fd8067bb33eeef863191534af367a0058111553a2c3a24e666a99009176a8636c0a5db3bf1aa6226130498f

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.599\resources\about_logo_en_2x.png
                      Filesize

                      3KB

                      MD5

                      900fdf32c590f77d11ad28bf322e3e60

                      SHA1

                      310932b2b11f94e0249772d14d74871a1924b19f

                      SHA256

                      fe20d86fd62a4d1ab51531b78231749bd5990c9221eab1e7958be6d6aef292d9

                      SHA512

                      64ebc4c6a52440b4f9f05de8ffb343c2024c4690fe5c9f336e78cd1dd01ae8225e8bc446f386feb442e76136b20d6b04ee293467b21f5b294ce25e500922f453

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.599\resources\about_logo_ru.png
                      Filesize

                      1KB

                      MD5

                      ff321ebfe13e569bc61aee173257b3d7

                      SHA1

                      93c5951e26d4c0060f618cf57f19d6af67901151

                      SHA256

                      1039ea2d254d536410588d30f302e6ab727d633cf08cb409caa5d22718af5e64

                      SHA512

                      e98fbfb4ed40c5ac804b9f4d9f0c163508c319ec91f5d1e9deb6a5d3eada9338980f1b5fe11c49e6e88935ecd50119d321ce55ca5bdd0723a6e8c414e1e68e16

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.599\resources\about_logo_ru_2x.png
                      Filesize

                      3KB

                      MD5

                      a6911c85bb22e4e33a66532b0ed1a26c

                      SHA1

                      cbd2b98c55315ac6e44fb0352580174ed418db0a

                      SHA256

                      5bb0977553ded973c818d43a178e5d9874b24539dacbd7904cd1871e0ba82b23

                      SHA512

                      279fb0c1f2871ce41b250e9a4662046bc13c6678a79866eaf317cc93c997a683114122092214ce24f8e7f8a40520fe4ca03f54930148f4f794df0df3ecf74e9d

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.599\resources\configs\all_zip
                      Filesize

                      657KB

                      MD5

                      ef72329efd5bf24da1de1a8e00e3cc1d

                      SHA1

                      773864e57bc4f9f4c5eaef701be7d2228b07f014

                      SHA256

                      9a6f61b3be3cd0ab566e286b296fdc76cacd723ab36c57ce7c681cf608981a98

                      SHA512

                      1b844831624f1bb467cc2918f0645b95c5c87fb75fb741ad0d6045170dfd2e96689f7468f3839a8ef99124728ecbcdeda1b0dbfd8e32aad8bec32873c46b1ef9

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.599\resources\easylist\easylist.txt
                      Filesize

                      620KB

                      MD5

                      8e4bcad511334a0d363fc9f0ece75993

                      SHA1

                      62d4b56e340464e1dc4344ae6cb596d258b8b5de

                      SHA256

                      2f317fee439877eaadb1264bd3d1e153c963ef98596a4ccf227592aea12ae76f

                      SHA512

                      65077bd249c51be198234ff927040ef849cd79adcd611ed2afae511bc2a257a21f13171bf01cb06fce788c1cff88c8ad39cf768c5900d77cd15453a35e7f0721

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.599\resources\easylist\manifest.json
                      Filesize

                      68B

                      MD5

                      15bcd6d3b8895b8e1934ef224c947df8

                      SHA1

                      e4a7499779a256475d8748f6a00fb4580ac5d80d

                      SHA256

                      77334f6256abddcc254f31854d1b00aa6743e20aadbb9e69187144847099a66b

                      SHA512

                      c2d3778a99af8d8598e653593d5e2d1d0b3b2ace11addd2d3eeb2bf3b57d51bf938ddaf2d2743322e0ce02e291b81f61c319daf34c1cd604ffce1f6407a30b34

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.599\resources\extension\elokbjeafkcggjfjkakpchmcmhkhaofn\brand_settings.json
                      Filesize

                      379B

                      MD5

                      f70c4b106fa9bb31bc107314c40c8507

                      SHA1

                      2a39695d79294ce96ec33b36c03e843878397814

                      SHA256

                      4940847c9b4787e466266f1bb921097abb4269d6d10c0d2f7327fde9f1b032b7

                      SHA512

                      494dce5543e6dacc77d546015f4ea75fd2588625e13450dba7ba0bd4c2f548b28c746a0d42c7f9b20d37f92af6710927d4bccb2fee4faa17d3ec2c07ff547e70

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.599\resources\extension\fcgfaidpicddcilhjhafmmcgfodijhjd\brand_settings.json
                      Filesize

                      316B

                      MD5

                      a3779768809574f70dc2cba07517da14

                      SHA1

                      ffd2343ed344718fa397bac5065f6133008159b8

                      SHA256

                      de0fbb08708d4be7b9af181ec26f45fccd424e437bc0cfb5cf38f2604f01f7b2

                      SHA512

                      62570be7ea7adee14b765d2af46fcd4dc8eec9d6274d9e00c5f361ff9b0cdb150305edad65a52b557c17dd9682e371004a471fa8958b0bd9cfbe42bb04ca5240

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.599\resources\extension\gopnelejddjjkamjfblkcijjikkinnec\brand_settings.json
                      Filesize

                      246B

                      MD5

                      30fdb583023f550b0f42fd4e547fea07

                      SHA1

                      fcd6a87cfb7f719a401398a975957039e3fbb877

                      SHA256

                      114fd03aa5ef1320f6cc586e920031cf5595a0d055218ce30571ff33417806d3

                      SHA512

                      bae328e1be15c368f75396d031364bef170cfcf95dbdf4d78be98cff2b37a174d3f7ebb85b6e9eb915bb6269898cbcecd8a8415dc005c4444175fe0447126395

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.599\resources\import-bg.png
                      Filesize

                      9KB

                      MD5

                      85756c1b6811c5c527b16c9868d3b777

                      SHA1

                      b473844783d4b5a694b71f44ffb6f66a43f49a45

                      SHA256

                      7573af31ed2bfcfff97ed2132237db65f05aff36637cd4bdeccdf8ca02cd9038

                      SHA512

                      1709222e696c392ca7bcd360f9a2b301896898eb83ddfb6a9db0d0c226a03f50671633b8bed4d060d8f70df7282ffc2cd7ab1d1449acf2e07a7b6c251aa3a19e

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.599\resources\morphology\dictionary-ru-RU.mrf
                      Filesize

                      1.1MB

                      MD5

                      0be7417225caaa3c7c3fe03c6e9c2447

                      SHA1

                      ff3a8156e955c96cce6f87c89a282034787ef812

                      SHA256

                      1585b1599418d790da830ef11e8eeceee0cbb038876fe3959cc41858bd501dbc

                      SHA512

                      dfc0de77b717029a8c365146522580ab9d94e4b2327cef24db8f6535479790505c337852d0e924fbfa26e756b3aec911f27f5f17eba824496365c9a526464072

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.599\resources\morphology\dictionary-ru-RU.mrf.sig
                      Filesize

                      256B

                      MD5

                      d704b5744ddc826c0429dc7f39bc6208

                      SHA1

                      92a7ace56fb726bf7ea06232debe10e0f022bd57

                      SHA256

                      151739137bbbdf5f9608a82ec648bdf5d7454a81b86631b53dfc5ad602b207d6

                      SHA512

                      1c01217e3480872a6d0f595ceb1b2242ffe3e1ff8b3fdd76eea13a7541606b94d3ccd69492a88220e0e40c17da5d785e4dba1d7501e6be749b9c46f72572ef6f

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.599\resources\morphology\stop-words-ru-RU.list
                      Filesize

                      52B

                      MD5

                      24281b7d32717473e29ffab5d5f25247

                      SHA1

                      aa1ae9c235504706891fd34bd172763d4ab122f6

                      SHA256

                      cbeec72666668a12ab6579ae0f45ccbdbe3d29ee9a862916f8c9793e2cf55552

                      SHA512

                      2f81c87358795640c5724cfabcabe3a4c19e5188cedeab1bd993c8ccfc91c9c63a63e77ac51b257496016027d8bccb779bd766174fa7ea2d744bd2e2c109cb8b

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.599\resources\safebrowsing\download.png
                      Filesize

                      437B

                      MD5

                      528381b1f5230703b612b68402c1b587

                      SHA1

                      c29228966880e1a06df466d437ec90d1cac5bf2e

                      SHA256

                      3129d9eaba1c5f31302c2563ebfa85747eda7a6d3f95602de6b01b34e4369f04

                      SHA512

                      9eb45b0d4e3480a2d51a27ac5a6f20b9ef4e12bf8ac608043a5f01a372db5ea41a628458f7a0b02aaba94cd6bb8355a583d17666f87c3f29e82a0b899e9700bd

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.599\resources\sxs.ico
                      Filesize

                      43KB

                      MD5

                      592b848cb2b777f2acd889d5e1aae9a1

                      SHA1

                      2753e9021579d24b4228f0697ae4cc326aeb1812

                      SHA256

                      ad566a3e6f8524c705844e95a402cdeb4d6eed36c241c183147409a44e97ebcd

                      SHA512

                      c9552f4db4b6c02707d72b6f67c2a11f1cf110b2c4ac5a1b7ac78291a14bf6eb35a9b4a05bc51ac80135504cd9dcad2d7a883249ee2e20a256cb9e9ceeb0032f

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.599\resources\tablo
                      Filesize

                      617KB

                      MD5

                      58697e15ca12a7906e62fc750e4d6484

                      SHA1

                      c5213072c79a2d3ffe5e24793c725268232f83ab

                      SHA256

                      1313aa26cc9f7bd0f2759cfaff9052159975551618cba0a90f29f15c5387cad4

                      SHA512

                      196b20d37509ea535889ec13c486f7ee131d6559fb91b95de7fdd739d380c130298d059148c49bf5808d8528d56234c589c9d420d63264f487f283f67a70c9a6

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.599\resources\wallpapers\1-1x.png
                      Filesize

                      18KB

                      MD5

                      80121a47bf1bb2f76c9011e28c4f8952

                      SHA1

                      a5a814bafe586bc32b7d5d4634cd2e581351f15c

                      SHA256

                      a62f9fdf3de1172988e01a989bf7a2344550f2f05a3ac0e6dc0ccd39ed1a697e

                      SHA512

                      a04df34e61fd30764cf344b339ba2636b9280a358863f298690f6a8533c5e5dfa9773a14f8d16a5bb709ea17cf75e1da6302335aa9120009892e529bfad30df9

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.599\resources\wallpapers\abstract\light.jpg
                      Filesize

                      536KB

                      MD5

                      3bf3da7f6d26223edf5567ee9343cd57

                      SHA1

                      50b8deaf89c88e23ef59edbb972c233df53498a2

                      SHA256

                      2e6f376222299f8142ff330e457867bad3300b21d96daec53579bf011629b896

                      SHA512

                      fef8e951c6cf5cec82dbeafd306de3ad46fd0d90e3f41dcea2a6046c95ab1ae39bf8a6e4a696580246c11330d712d4e6e8757ba24bbf180eec1e98a4aec1583b

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.599\resources\wallpapers\abstract\light_preview.jpg
                      Filesize

                      5KB

                      MD5

                      9f6a43a5a7a5c4c7c7f9768249cbcb63

                      SHA1

                      36043c3244d9f76f27d2ff2d4c91c20b35e4452a

                      SHA256

                      add61971c87104187ae89e50cec62a196d6f8908315e85e76e16983539fba04b

                      SHA512

                      56d7bd72c8a380099309c36912513bcafbe1970830b000a1b89256aae20137c88e1e281f2455bb381ab120d682d6853d1ef05d8c57dd68a81a24b7a2a8d61387

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.599\resources\wallpapers\custogray\custogray_full.png
                      Filesize

                      313B

                      MD5

                      55841c472563c3030e78fcf241df7138

                      SHA1

                      69f9a73b0a6aaafa41cecff40b775a50e36adc90

                      SHA256

                      a7cd964345c3d15840b88fd9bc88f0d0c34a18edbf1ce39359af4582d1d7da45

                      SHA512

                      f7433d17937342d9d44aa86bcc30db9ae90450b84aa745d2c7390ff430449e195b693a8ae6df35d05fee2d97149a58a7d881737d57902d9885c6c55393d25d6f

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.599\resources\wallpapers\custogray\preview.png
                      Filesize

                      136B

                      MD5

                      0474a1a6ea2aac549523f5b309f62bff

                      SHA1

                      cc4acf26a804706abe5500dc8565d8dfda237c91

                      SHA256

                      55a236ad63d00d665b86ff7f91f2076226d5ed62b9d9e8f835f7cb998556545f

                      SHA512

                      d8e3de4fea62b29fd719376d33a65367a3a2a2a22ed175cc1eeff3e38dfbaac448c97a6fbea55bc6159351d11a6aad97e09cb12548cf297e01bd23bf6074de08

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.599\resources\wallpapers\custogray\wallpaper.json
                      Filesize

                      233B

                      MD5

                      662f166f95f39486f7400fdc16625caa

                      SHA1

                      6b6081a0d3aa322163034c1d99f1db0566bfc838

                      SHA256

                      4cd690fb8ed5cd733a9c84d80d20d173496617e8dde6fca19e8a430517349ed5

                      SHA512

                      360a175c5e72ff8d2a01ee4e0f365237bbd725b695139ea54afc905e9e57686c5db8864b5abf31373a9cb475adcbdb3db292daf0a53c6eb643a5d61b868ad39b

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.599\resources\wallpapers\fir_tree\fir_tree_preview.png
                      Filesize

                      8KB

                      MD5

                      d6305ea5eb41ef548aa560e7c2c5c854

                      SHA1

                      4d7d24befe83f892fb28a00cf2c4121aeb2d9c5d

                      SHA256

                      4c2b561cf301d9e98383d084a200deb7555ec47a92772a94453d3d8d1de04080

                      SHA512

                      9330009997d62c1804f1e4cf575345016cda8d6a1dd6cb7d2501df65ea2021df6b8a5bc26809ddfc84e6ff9450f1e404c135561b1b00b9e4915c69e84f89cfec

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.599\resources\wallpapers\fir_tree\wallpaper.json
                      Filesize

                      384B

                      MD5

                      8a2f19a330d46083231ef031eb5a3749

                      SHA1

                      81114f2e7bf2e9b13e177f5159129c3303571938

                      SHA256

                      2cc83bc391587b7fe5ddd387506c3f51840b806f547d203ccd90487753b782f1

                      SHA512

                      635828e7b6044eeede08e3d2bb2e68bc0dbbe9e14691a9fb6e2bc9a2ac96526d8b39c8e22918ff2d944fb07b2531077f8febd43028be8213aa2fad858b6ee116

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.599\resources\wallpapers\flowers\flowers_preview.png
                      Filesize

                      9KB

                      MD5

                      ba6e7c6e6cf1d89231ec7ace18e32661

                      SHA1

                      b8cba24211f2e3f280e841398ef4dcc48230af66

                      SHA256

                      70a7a65aa6e8279a1a45d93750088965b65ea8e900c5b155089ca119425df003

                      SHA512

                      1a532c232dd151474fbc25e1b435a5e0d9d3f61372036d97bcaab3c352e7037f1c424b54a8904ef52cf34c13a77b7ab295fb4fd006c3ab86289577f469a6cd4c

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.599\resources\wallpapers\flowers\wallpaper.json
                      Filesize

                      387B

                      MD5

                      a0ef93341ffbe93762fd707ef00c841c

                      SHA1

                      7b7452fd8f80ddd8fa40fc4dcb7b4c69e4de71a0

                      SHA256

                      70c8d348f7f3385ac638956a23ef467da2769cb48e28df105d10a0561a8acb9e

                      SHA512

                      a40b5f7bd4c2f5e97434d965ef79eed1f496274278f7caf72374989ac795c9b87ead49896a7c9cbcac2346d91a50a9e273669296da78ee1d96d119b87a7ae66a

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.599\resources\wallpapers\huangshan\huangshan.jpg
                      Filesize

                      211KB

                      MD5

                      c51eed480a92977f001a459aa554595a

                      SHA1

                      0862f95662cff73b8b57738dfaca7c61de579125

                      SHA256

                      713c9e03aac760a11e51b833d7e1c9013759990b9b458363a856fd29ea108eec

                      SHA512

                      6f896c5f7f05524d05f90dc45914478a2f7509ea79114f240396791f658e2f7070e783fab6ac284327361dc2a48c5918b9f1c969b90795ceacce2c5c5bfa56ca

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.599\resources\wallpapers\huangshan\huangshan.webm
                      Filesize

                      9.6MB

                      MD5

                      b78f2fd03c421aa82b630e86e4619321

                      SHA1

                      0d07bfbaa80b9555e6eaa9f301395c5db99dde25

                      SHA256

                      05e7170852a344e2f3288fc3b74c84012c3d51fb7ad7d25a15e71b2b574bfd56

                      SHA512

                      404fb2b76e5b549cbcba0a8cf744b750068cbd8d0f9f6959c4f883b35bcaa92d46b0df454719ca1cef22f5924d1243ba2a677b2f86a239d20bfad5365dc08650

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.599\resources\wallpapers\huangshan\huangshan_preview.jpg
                      Filesize

                      26KB

                      MD5

                      1edab3f1f952372eb1e3b8b1ea5fd0cf

                      SHA1

                      aeb7edc3503585512c9843481362dca079ac7e4a

                      SHA256

                      649c55ccc096cc37dfe534f992b1c7bda68da589258611924d3f6172d0680212

                      SHA512

                      ecd9609fbf821239ddcbdc18ef69dade6e32efd10c383d79e0db39389fa890a5c2c6db430a01b49a44d5fa185f8197dbbde2e1e946f12a1f97a8c118634c0c34

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.599\resources\wallpapers\meadow\preview.png
                      Filesize

                      5KB

                      MD5

                      d10bda5b0d078308c50190f4f7a7f457

                      SHA1

                      3f51aae42778b8280cd9d5aa12275b9386003665

                      SHA256

                      0499c4cc77a64cc89055b3c65d7af8387f5d42399ff2c0a2622eccbd6d481238

                      SHA512

                      668e1a70a50a0decf633167ac23cba6916d0e05d0894daae1f7e3d487519f0a126abd4298430b38f52746a5c3b83ccd520b3d9b0ae1a79f893e36821a0458566

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.599\resources\wallpapers\meadow\wallpaper.json
                      Filesize

                      439B

                      MD5

                      f3673bcc0e12e88f500ed9a94b61c88c

                      SHA1

                      e96e2b2b5c9de451d76742f04cc8a74b5d9a11c0

                      SHA256

                      c6581e9f59646e0a51a3194798ec994c7c5c99f28897108838aaf4a4e2bda04a

                      SHA512

                      83fb3fe4a3562449a53c13d1c38d5fe9ef1fa55c3006f59b65eace9a6ad4963e768088bc500dbe5266b5979c6ace77874ef11a15a7bd9fabae00ff137e70ecb5

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.599\resources\wallpapers\misty_forest\preview.png
                      Filesize

                      5KB

                      MD5

                      77aa87c90d28fbbd0a5cd358bd673204

                      SHA1

                      5813d5759e4010cc21464fcba232d1ba0285da12

                      SHA256

                      ea340a389af6d7ad760dff2016cf4e79488bda1a45d0a415b3cd02a4430c9711

                      SHA512

                      759519b8822a6a4b88fc9ba47fa9d5d898b2f5a0f359acfbefc04809e6d7f5df86fb130f191eb6f63322792a18c0e7170aedf3ce7060fd9ad7e1bec2e686c3b2

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.599\resources\wallpapers\misty_forest\wallpaper.json
                      Filesize

                      423B

                      MD5

                      2b65eb8cc132df37c4e673ff119fb520

                      SHA1

                      a59f9abf3db2880593962a3064e61660944fa2de

                      SHA256

                      ebe9cadad41bd573f4b5d20e3e251410300b1695dfdf8b1f1f1276d0f0f8fa6d

                      SHA512

                      c85fe6895453d0c38a1b393307b52d828bad8fa60d1d65bb83ffa3c5e17b71aa13cab60955489198503839ce5a4a6c1bb353752ab107f5e5b97908116c987e52

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.599\resources\wallpapers\mountains_preview.jpg
                      Filesize

                      35KB

                      MD5

                      a3272b575aa5f7c1af8eea19074665d1

                      SHA1

                      d4e3def9a37e9408c3a348867169fe573050f943

                      SHA256

                      55074794869b59cd5c693dfa6f6615aea068c2cd50cdae6dd69bd0410661ded8

                      SHA512

                      c69bf39362658dd6cbd827cf6db0f188a9c4410b3c6b7b532595fd5907974e2141d857942ffb2497282e31eaa33c71240c2c2bd8721046df55e3358e8b76c061

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.599\resources\wallpapers\neuro_dark\neuro_dark_preview.jpg
                      Filesize

                      24KB

                      MD5

                      29c69a5650cab81375e6a64e3197a1ea

                      SHA1

                      5a9d17bd18180ef9145e2f7d4b9a2188262417d1

                      SHA256

                      462614d8d683691842bdfb437f50bfdea3c8e05ad0d5dac05b1012462d8b4f66

                      SHA512

                      6d287be30edcb553657e68aef0abc7932dc636306afed3d24354f054382852f0064c96bebb7ae12315e84aab1f0fd176672f07b0a6b8901f60141b1042b8d0be

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.599\resources\wallpapers\neuro_dark\neuro_dark_static.jpg
                      Filesize

                      2.4MB

                      MD5

                      e6f09f71de38ed2262fd859445c97c21

                      SHA1

                      486d44dae3e9623273c6aca5777891c2b977406f

                      SHA256

                      a274d201df6c2e612b7fa5622327fd1c7ad6363f69a4e5ca376081b8e1346b86

                      SHA512

                      f6060b78c02e4028ac6903b820054db784b4e63c255bfbdc2c0db0d5a6abc17ff0cb50c82e589746491e8a0ea34fd076628bbcf0e75fa98b4647335417f6c1b7

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.599\resources\wallpapers\neuro_light\neuro_light_preview.jpg
                      Filesize

                      13KB

                      MD5

                      d72d6a270b910e1e983aa29609a18a21

                      SHA1

                      f1f8c4a01d0125fea1030e0cf3366e99a3868184

                      SHA256

                      031f129cb5bab4909e156202f195a95fa571949faa33e64fe5ff7a6f3ee3c6b3

                      SHA512

                      96151c80aac20dbad5021386e23132b5c91159355b49b0235a82ca7d3f75312cfea9a2158479ebc99878728598b7316b413b517b681486105538bbeb7490b9c2

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.599\resources\wallpapers\neuro_light\neuro_light_static.jpg
                      Filesize

                      726KB

                      MD5

                      9c71dbde6af8a753ba1d0d238b2b9185

                      SHA1

                      4d3491fa6b0e26b1924b3c49090f03bdb225d915

                      SHA256

                      111f666d5d5c3ffbcb774403df5267d2fd816bdf197212af3ac7981c54721d2e

                      SHA512

                      9529a573013038614cd016a885af09a5a06f4d201205258a87a5008676746c4082d1c4a52341d73f7c32c47135763de6d8f86760a3d904336f4661e65934077e

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.599\resources\wallpapers\peak\preview.png
                      Filesize

                      5KB

                      MD5

                      1d62921f4efbcaecd5de492534863828

                      SHA1

                      06e10e044e0d46cd6dccbcd4bae6fb9a77f8be45

                      SHA256

                      f72ea12f6c972edfe3d5a203e1e42cbbaf4985633de419342c2af31363f33dab

                      SHA512

                      eec8171bd3bea92e24066e36801f334ac93905b7e8e50935f360e09fa8c9b9f848c4c62b687299e8297c0693d6dbaf9c6035b471e6345d626510b73e3606ee4d

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.599\resources\wallpapers\peak\wallpaper.json
                      Filesize

                      440B

                      MD5

                      f0ac84f70f003c4e4aff7cccb902e7c6

                      SHA1

                      2d3267ff12a1a823664203ed766d0a833f25ad93

                      SHA256

                      e491962b42c3f97649afec56ad4ea78fd49845ceb15f36edddd08d9e43698658

                      SHA512

                      75e048c1d1db6618ead9b1285846922c16a46ee138a511e21235342a5a6452c467b906578bdd4a56e7b9e0a26535df6fb6319ae1cae238055887b48963fa6ed6

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.599\resources\wallpapers\raindrops\raindrops_preview.png
                      Filesize

                      7KB

                      MD5

                      28b10d683479dcbf08f30b63e2269510

                      SHA1

                      61f35e43425b7411d3fbb93938407365efbd1790

                      SHA256

                      1e70fc9965939f6011488f81cd325223f17b07ee158a93c32c124602b506aa6b

                      SHA512

                      05e5b5e9c5ef61f33a883b0286c2239cb2a464581d6e8a86d7b179b1887b4cb2cd7304e0821cdd3208501421c44c63c248a5166c790792717a90f8ac528fbf2f

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.599\resources\wallpapers\raindrops\wallpaper.json
                      Filesize

                      385B

                      MD5

                      5f18d6878646091047fec1e62c4708b7

                      SHA1

                      3f906f68b22a291a3b9f7528517d664a65c85cda

                      SHA256

                      bcfea0bebf30ee9744821a61fcce6df0222c1a266e0995b9a8cfbb9156eeeefd

                      SHA512

                      893b2077a4abaa2fe89676c89f5e428ccd2420177268159395b5568824dd3fe08bea8a8b2f828c6c9297b19e0f8e3a1b7899315c0b07f4b61fc86ce94301518b

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.599\resources\wallpapers\sea.webm
                      Filesize

                      12.5MB

                      MD5

                      00756df0dfaa14e2f246493bd87cb251

                      SHA1

                      39ce8b45f484a5e3aa997b8c8f3ad174e482b1b9

                      SHA256

                      fa8d0ae53ebdbec47b533239709b7e1514ecb71278907621ca2d288241eb0b13

                      SHA512

                      967670863f3c77af26fa1d44cd7b4fe78148d2ba6ea930b7b29b9f35d606554d664c0577068e0c26fa125d54627d7e7543360bce4acee0af17783b07450b5f52

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.599\resources\wallpapers\sea\sea_preview.png
                      Filesize

                      3KB

                      MD5

                      3c0d06da1b5db81ea2f1871e33730204

                      SHA1

                      33a17623183376735d04337857fae74bcb772167

                      SHA256

                      02d8e450f03129936a08b67f3a50ea5d2e79f32c4e8f24d34b464f2cb5e0b086

                      SHA512

                      ff0e60c94fc3c0c61d356a26667c5170256e1143b29adf23d4e7d27012da72ed8865ef59dc2046314c7335b8d3d331e5fd78f38b9b92f6af48729dae80f85b15

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.599\resources\wallpapers\sea\wallpaper.json
                      Filesize

                      379B

                      MD5

                      92e86315b9949404698d81b2c21c0c96

                      SHA1

                      4e3fb8ecf2a5c15141bb324ada92c5c004fb5c93

                      SHA256

                      c2bb1e5d842c7e5b1b318f6eb7fe1ce24a8209661ddd5a83ab051217ca7c3f65

                      SHA512

                      2834b1ef7bb70b2d24c4fedef87cd32c6e8f401d8ee5f3852808f6a557724ce036c31a71298cd0ed601cde4be59ec4042542351c63c4e0ac3d31419f79240956

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.599\resources\wallpapers\sea_preview.jpg
                      Filesize

                      59KB

                      MD5

                      53ba159f3391558f90f88816c34eacc3

                      SHA1

                      0669f66168a43f35c2c6a686ce1415508318574d

                      SHA256

                      f60c331f1336b891a44aeff7cc3429c5c6014007028ad81cca53441c5c6b293e

                      SHA512

                      94c82f78df95061bcfa5a3c7b6b7bf0b9fb90e33ea3e034f4620836309fb915186da929b0c38aa3d835e60ea632fafd683623f44c41e72a879baf19de9561179

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.599\resources\wallpapers\sea_static.jpg
                      Filesize

                      300KB

                      MD5

                      5e1d673daa7286af82eb4946047fe465

                      SHA1

                      02370e69f2a43562f367aa543e23c2750df3f001

                      SHA256

                      1605169330d8052d726500a2605da63b30613ac743a7fbfb04e503a4056c4e8a

                      SHA512

                      03f4abc1eb45a66ff3dcbb5618307867a85f7c5d941444c2c1e83163752d4863c5fc06a92831b88c66435e689cdfccdc226472be3fdef6d9cb921871156a0828

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.599\resources\wallpapers\stars\preview.png
                      Filesize

                      6KB

                      MD5

                      ed9839039b42c2bf8ac33c09f941d698

                      SHA1

                      822e8df6bfee8df670b9094f47603cf878b4b3ed

                      SHA256

                      4fa185f67eaf3a65b991cea723d11f78de15a6a9a5235848a6456b98a9d7f689

                      SHA512

                      85119055ddfc6bc4cca05de034b941b1743cbb787607c053e8c10309572d2ef223786fc454d962fbb5e3cde5320117f9efe99041116db48916bc3d2fcd4ffa25

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.599\resources\wallpapers\stars\wallpaper.json
                      Filesize

                      537B

                      MD5

                      9660de31cea1128f4e85a0131b7a2729

                      SHA1

                      a09727acb85585a1573db16fa8e056e97264362f

                      SHA256

                      d1bef520c71c7222956d25335e3ba2ea367d19e6c821fb96c8112e5871576294

                      SHA512

                      4cb80766c8e3c77dfb5ca7af515939e745280aa695eca36e1f0a83fb795b2b3ef406472f990a82c727cea42d1b4ef44a0d34a7f4f23e362f2992dbff2527798b

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.599\resources\wallpapers\web\wallpaper.json
                      Filesize

                      379B

                      MD5

                      e4bd3916c45272db9b4a67a61c10b7c0

                      SHA1

                      8bafa0f39ace9da47c59b705de0edb5bca56730c

                      SHA256

                      7fdddc908bd2f95411dcc4781b615d5da3b5ab68e8e5a0e2b3d2d25d713f0e01

                      SHA512

                      4045e262a0808225c37711b361837070d0aeb5d65a32b5d514cc6f3c86962ba68f7d108bf4d81aa3bf645789d0753029a72c1ce34688a6d7af15f3e854c73f07

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.599\resources\wallpapers\web\web_preview.png
                      Filesize

                      8KB

                      MD5

                      3f7b54e2363f49defe33016bbd863cc7

                      SHA1

                      5d62fbfa06a49647a758511dfcca68d74606232c

                      SHA256

                      0bbf72a3c021393192134893777ecb305717ccef81b232961ca97ae4991d9ba8

                      SHA512

                      b3b458860701f3bc163b4d437066a58b5d441d8a427a8b03772c9c519c01983e3d3fdb8da20f6a53ad95c88dcdd0298f72822f39bc3672cb6f1d77fcc3f025a9

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Code Cache\js\index-dir\the-real-index
                      Filesize

                      360B

                      MD5

                      ad62ac111588fde0b9b46d27ffa04606

                      SHA1

                      fe5844a7a9e25413640546039d4fd5bab59a8d15

                      SHA256

                      04c57866972a94954612ade0141ae25b7188174ee02e29f93bf253684f97c68c

                      SHA512

                      ef60287701ddd4fda8be5a352c192f359df5a1c89598f473a9d749e3fa7b5496107bddb0243753cddcab604b2dfba865a89ba3e5f74e35940961ba59885e3949

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe5a88f8.TMP
                      Filesize

                      48B

                      MD5

                      46b7557e4fecd45b3d5438cb6976cc38

                      SHA1

                      57f60ec60dae399c51727973c5bedab2ea005fb4

                      SHA256

                      a161a6b7e5dbb251c49b308f9982909b07267875b14685f5a8170fe20c29d4e6

                      SHA512

                      ed790ca7c26d276b11a0e44413e84b2cf0d87735244740e040a063ddd52f46154104d337991b56f12d206869484df18758eb18087fbc01c8f836187c16265557

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\SCT Auditing Pending Reports
                      Filesize

                      2B

                      MD5

                      d751713988987e9331980363e24189ce

                      SHA1

                      97d170e1550eee4afc0af065b78cda302a97674c

                      SHA256

                      4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                      SHA512

                      b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Platform Notifications\MANIFEST-000001
                      Filesize

                      41B

                      MD5

                      5af87dfd673ba2115e2fcf5cfdb727ab

                      SHA1

                      d5b5bbf396dc291274584ef71f444f420b6056f1

                      SHA256

                      f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                      SHA512

                      de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences
                      Filesize

                      11KB

                      MD5

                      7af9ee8d0042ff34907585614f7cc202

                      SHA1

                      9f2fd739da60e5aa06bc6db4372c9e24288a4421

                      SHA256

                      158132971da39ad90d754f7c5e7e9a88637397f3c325fba1ffb428aa17ae6350

                      SHA512

                      1c5b3f3ea2578e67834aa69940d51f82218d013aa53a4f1109ed5f02a97cb004eed21e077148c4d7a1a7db36779c4ab332cb01b461e321a86b3d9d666e53cefb

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences
                      Filesize

                      7KB

                      MD5

                      f27d86a679e78070e44f7663a4807030

                      SHA1

                      f5c8df93636c99c3efa3882cb6aa3454bd23921d

                      SHA256

                      cc020036bab5acecc93d6320d7650b07f1be54babe5bdf1902750a52c323239a

                      SHA512

                      c13aee517d46d564a502602aceed2cb14f2729954747cafac4b3ac85ea35b4a50523de1390fd6c4abcbbad5064a7ccf7538c5b5dc6504df182457a9b7e0b6549

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences
                      Filesize

                      16KB

                      MD5

                      005dda726e60079ccef3880c69ecdf6f

                      SHA1

                      4f8fe9a9cc50d3fb57063eb75c8a406dc7c73fae

                      SHA256

                      7dd7901a039d7cee900dc1f30befd0aba648f954694cf20a4a6387defb97b5ea

                      SHA512

                      38c8ce8e0f4edb69d509a2edd4fe683e3a06735aedc77016170a185231b917ae9ad67f74959951d7a0c9517addc15d464721163d6e0b62c01f9fa05d9295acc4

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences~RFe5a7466.TMP
                      Filesize

                      3KB

                      MD5

                      c0acc8b47235b1032d40cc1937e904a7

                      SHA1

                      158076ac8b6f3ed1e07fb8964e637d1850d5ea5a

                      SHA256

                      c9511109c4e974e9dbb892f5c1a075c8b1a3622edf69340d16eb4a14cde96a8c

                      SHA512

                      15a43a85d61eae196e01cd966fca5a5acbca01b49d34472ced798ca4599d444e4c8273d9db6b8b77f008b5f32201f8088243bc48ed9d5eee4e3e084ec8f94f8d

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Secure Preferences
                      Filesize

                      11KB

                      MD5

                      d97023bc86c87d80d3caaf707cec3b7b

                      SHA1

                      1ad5c50f75fd31b57beee88903046a748a02555c

                      SHA256

                      6c860f2d5250df12fe0c0ac4482134a9f18d17066f7dd6da7c031b8824689c36

                      SHA512

                      6875f0482932be26c946a92573b354a0d2df1f7eb3892844ebded635e0e749913a86e604f2ba159facbce1707a46b7fb49d9a444956b9c905f8524f913cd628c

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Secure Preferences~RFe5a785e.TMP
                      Filesize

                      2KB

                      MD5

                      3b30c14224666579196b6ac3b474b76b

                      SHA1

                      772f9c5f23759c0cf8aa2553df94d4c49eb2075f

                      SHA256

                      853ad21d675e0be720cff7acf26cb060177a0d9c248bff65b111d276785dad8e

                      SHA512

                      1fcfd580f66e38c49aea9f08e670e833062c872450f25c6347e9d2a504d94b57654458138616dd7b8e7a4b45e79e34308b0afc7f7b532a5ac72f7493ec3fc9b1

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Service Worker\CacheStorage\a401a5c3e5a6e316d830c597aeb6f7a2ff00e988\34c4a917-8ad4-4edd-a2e9-70f5e13925ee\index-dir\the-real-index
                      Filesize

                      72B

                      MD5

                      d9362d56377fac7e1f09481e929f247c

                      SHA1

                      ee31d70d66ff55c70cc2c4ed1875c9cba863cfa6

                      SHA256

                      f13756672b3316a0fbdb0c521e68367aa28082ac88d56f13ac0543fbaa5b3ccb

                      SHA512

                      272b0717f326fc1f3aa8404f2c6d9465b0256668d9770b517b9ecc79bccb7741ed4d89d859680d3da7cf0fcd164ca30a4385d0561f0fd4dc5ab893b389772e69

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Service Worker\CacheStorage\a401a5c3e5a6e316d830c597aeb6f7a2ff00e988\34c4a917-8ad4-4edd-a2e9-70f5e13925ee\index-dir\the-real-index~RFe5a88f8.TMP
                      Filesize

                      48B

                      MD5

                      8703675f234db655b1f80eecf0004a6c

                      SHA1

                      e140cc0b651fecc6cea8dce07cdd1d613ab77355

                      SHA256

                      f8e4ecbb5eb645caf9f24c37ef3417229f70e1b8c85f6117171ded13cf98e324

                      SHA512

                      8e3a0d2b6e44a4f4bd6dff1a1cc7c95a3febca2e0cebeb0852978d888391d32b169c51d9c2b29f7410e40ac72eb87be1bd7c2bcba656f84c361a30dc3706d57f

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Service Worker\CacheStorage\a401a5c3e5a6e316d830c597aeb6f7a2ff00e988\dd1e27f9-f53b-4f77-aac6-dafdd8eb3e32\index-dir\the-real-index
                      Filesize

                      264B

                      MD5

                      a85d5208d460617b725107ca3ae7eae1

                      SHA1

                      160e977ab6afa4bdc6a795cf59325f7f981e1496

                      SHA256

                      b4d1573fd3b57b5008f4e094f5ca79edbb85fd6c2217fd4a18d47579c884da76

                      SHA512

                      0f7df6d7f07d154901702a6d0dcdea673c92f50e0ab4f591c15174ac9d54b17c7f994dc771e8e3ef7e05ec3ca5a406f025c1e8fc1cb14bb7c124700763e2d606

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Service Worker\CacheStorage\a401a5c3e5a6e316d830c597aeb6f7a2ff00e988\dd1e27f9-f53b-4f77-aac6-dafdd8eb3e32\index-dir\the-real-index~RFe5a88f8.TMP
                      Filesize

                      48B

                      MD5

                      c309570cdd0f51c2d31f9a68ad84612f

                      SHA1

                      d0aad0644e187ccc7e555282ef7bd79c9bdb160c

                      SHA256

                      c9d65575f6a8a39f9226276fc5a096071afd4c588f7d74f34f72149e0ca1e177

                      SHA512

                      cb7cd5d76dc2b7bd6221d8872a1e3957e5a9da1cbcc7064f170490ca3d3a20f35be02b39df4d863fa133cb623dc02260a08b679f437f6dc75f2b310f02e3cb28

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Service Worker\CacheStorage\a401a5c3e5a6e316d830c597aeb6f7a2ff00e988\f6c20b1e-f1fc-4b4b-b35d-eab56573ecfd\index-dir\the-real-index
                      Filesize

                      72B

                      MD5

                      a3f250fcaf9ef58c7b00f084430f3913

                      SHA1

                      51cbb8dd52f5e6f1fbe7c1629301bb4cb2398198

                      SHA256

                      9b6d72aacc8ef0f3318d98a628d7713e14e1d154ef43566d12df6f0240bd7f96

                      SHA512

                      3bf7311b691f910441d9bb252cc90ec48a7b7cad53d91a74b42aea969933c020e5359aaa840a2ffdab3abf30b2c8e5ddff96e05a185d0495211973963495dd99

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Service Worker\CacheStorage\a401a5c3e5a6e316d830c597aeb6f7a2ff00e988\f6c20b1e-f1fc-4b4b-b35d-eab56573ecfd\index-dir\the-real-index~RFe5a8936.TMP
                      Filesize

                      48B

                      MD5

                      c55f4a86913abd5700e2ac9f54d5102e

                      SHA1

                      833e264840ae30e6bb8d7300309be96a68b8828e

                      SHA256

                      9eab8a81bda34986834771c4ef2b1f0dc398df3b1ecf6a0852a80aca90803b63

                      SHA512

                      485af6fe17f7c3bce4c899a04259f12ee271f5aea03d594a504d309e398c253455449fe9c0b46e529907ac7702a8f4fab39f66b03c6ad75a157d6e40a4922848

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Service Worker\CacheStorage\a401a5c3e5a6e316d830c597aeb6f7a2ff00e988\index.txt
                      Filesize

                      262B

                      MD5

                      14611a04960b5a83f8ca35c55bc7df07

                      SHA1

                      672e3141b391e6dfa575813904dc26b74353c13f

                      SHA256

                      c9e66dd16f7c64415f2ec21b07b857f57f67d45b6a508c9107ef69a7208fe3a7

                      SHA512

                      9a09172fda2ecca0cb82c834adbcee6ab0ca9eee1200baab33e46a46d2c7719e872d15b4684e3d0689fee1aea376164e306c4c729e4adf1d46cb999a6fcc4e57

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Service Worker\CacheStorage\a401a5c3e5a6e316d830c597aeb6f7a2ff00e988\index.txt
                      Filesize

                      326B

                      MD5

                      0213d2b24324244b35e722000553eef1

                      SHA1

                      328a69d773c84564b5d26aee9adfa22c66fed23c

                      SHA256

                      4104ceb36f74584206cb4483df9f0e32d849da1a96c841730189648d3ec2128d

                      SHA512

                      ab9ee6eea3797d04188faf3cfd3e6a9b33ba06b2a524fa437eae33f58234169d8c0a7965e3f3932e3ac566373304bf454549ea56a782a6854c3689dedc4b16da

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Service Worker\CacheStorage\a401a5c3e5a6e316d830c597aeb6f7a2ff00e988\index.txt
                      Filesize

                      323B

                      MD5

                      57bf2d2ad8b3c1a11054d103ccd5bba1

                      SHA1

                      243911c0b773097073f4ec7897cc27e7b9213c0a

                      SHA256

                      c6db6918ead81601e34e559985ca4bd154dd391750eb9143bb7cf344a25b099a

                      SHA512

                      f59327101301d49d2c6c452542f969b989368c58400ee303a8e3b288d86e8863034656551016ab79e9c11f479049a5cb0770a48f99799ccd0c98599aed7000c3

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Service Worker\CacheStorage\a401a5c3e5a6e316d830c597aeb6f7a2ff00e988\index.txt~RFe5a83c8.TMP
                      Filesize

                      208B

                      MD5

                      096f2bd6c342f2e694faca834d01c455

                      SHA1

                      8113e633e1db8f13eec5fec87fba4ef345e33c18

                      SHA256

                      0567b892d1fc89175469e27bff71b7712b0829a6d701230fae56ba346e74ee9d

                      SHA512

                      6072b4fea40fe752819a441bf3034cdd08c05d4dd6342513e01a4d71c04145ab51ebd402c15c0a158af04549bf15886b2592d2f0f7473cd591a31bb09b5bde1e

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
                      Filesize

                      96B

                      MD5

                      ff1548e1d0ad5b2ade62e48d264c0416

                      SHA1

                      e94ca4a40ccc95622414dffd09df7e6ddbd70231

                      SHA256

                      7f980332c818263e8eedd23ff7ad6fa8e6e7e2492365b9fce77384caf8bc9cb7

                      SHA512

                      f39b12f767bc124fa7b883426de6f1870077da1816bb0fc062a1045b6fd501e9f1a150b2bd251ddbca2814a16dd978e6441cb7e698344a7b0d2249e2c45ff567

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5a88f8.TMP
                      Filesize

                      48B

                      MD5

                      a38972cb46e2141b0ed51c4b2cef1f82

                      SHA1

                      be6a422e4fcbb08e028b8471fce621d63fc1997a

                      SHA256

                      18adc881dcb80076598c4086a94489dff4a82ad35a40810ed5e72ef98a2a7fb7

                      SHA512

                      16a36ea724a167c3fa9e12893ca6f7f105a935d789cdcc0b5e485c4e1f386a2fb3a9dace1b9db0604df9cef987fe746c29fd64d6d2904f6c59b4b731058f957b

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Sync Data\LevelDB\CURRENT
                      Filesize

                      16B

                      MD5

                      46295cac801e5d4857d09837238a6394

                      SHA1

                      44e0fa1b517dbf802b18faf0785eeea6ac51594b

                      SHA256

                      0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                      SHA512

                      8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\15c2256b-e01c-4fbd-a0f0-b6548588d23b\023ddc2ecc457cd7_0
                      Filesize

                      22KB

                      MD5

                      71e52b72fea2e14878c394567611caf0

                      SHA1

                      712636a55dd6cb3b5159817e1d3350b1658d4a8c

                      SHA256

                      7932c07df8c371ae716856f4fe02dfd02315ded923647a4a5328fcac382ceaef

                      SHA512

                      dfb67c070dcfa05f238b1f714d64aa58ed8e35558947142d64405bf6b5a1c2e22fe3ce0ee11b3e26bf93df5d02c34dcb78896ef7075ff8e4f2df1f5632a3191b

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\15c2256b-e01c-4fbd-a0f0-b6548588d23b\529dc55339591a07_0
                      Filesize

                      752KB

                      MD5

                      bea7d496bf8d50dab46d412e6f41e316

                      SHA1

                      e12a755ecc81b5ff69bd5bc0b400c43505b944c7

                      SHA256

                      c679c42a096b50fca1b566fda4524a60c5228d3a6aa3b2c8f883498bd38f51ee

                      SHA512

                      9cd5ab4d007a01a614abf46a830c655e03327ff593b76cbc1f1eb702788e4c8fc1d8ad2454c86d6b5ad58b66b4bcd829d0e85dce7f1c7bf30d2f52842bc091f0

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\15c2256b-e01c-4fbd-a0f0-b6548588d23b\bacba500485a7fa6_0
                      Filesize

                      1KB

                      MD5

                      ff2628533531e2802b5fd4e6d6d14002

                      SHA1

                      3c99ced33a7bcf12fac5bc8f3c33e2cacf832864

                      SHA256

                      7407c99be4550480a462d4ca9790704c8b15f9227138b687763e39ceca8085d6

                      SHA512

                      587e94f313e3017032d99d583580372467dc3135166c1e7ed447c6c79d595503652f3ec598dbfb36d8f6fdb02209ac7cc7edaf4f7d5168c9215f16fdbc1e6618

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\15c2256b-e01c-4fbd-a0f0-b6548588d23b\fef132170d47887d_0
                      Filesize

                      5KB

                      MD5

                      1ba217247fd48938a25abbd6517e97bf

                      SHA1

                      5e5ca3d4c18a78962be4f84bbe2aba923e615c42

                      SHA256

                      373d73fddcb4491c600dcf104510cda9a273f72493b6b74e7af8b05749a3b04f

                      SHA512

                      002d2773b0b5bd5ba4df1217f8f36d77a6eca2c7cf7ec694725076ab0740ee6aaaf0fb440a454056a52e942efec092b1d7e21428be14778a9bb135119acec4d3

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\15c2256b-e01c-4fbd-a0f0-b6548588d23b\index-dir\the-real-index
                      Filesize

                      4KB

                      MD5

                      76b828f820846a7a159f24fe82093c1e

                      SHA1

                      7f3a12c14b05a9744199ce1e9eaacd02aec5923b

                      SHA256

                      2be38036aa70a85b45fd97f2e70cd216b8a8a62e4b7b1c0a2d18e9dd779f53e1

                      SHA512

                      92535a8bbf8ac8a12357cf08a5fcd9f06cf71edc0a44fee56b788429f57e2f1ef637d99f0a8152903c1865afd413a5388ca70e47186680de5f06f2bb14e59dd0

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\15c2256b-e01c-4fbd-a0f0-b6548588d23b\index-dir\the-real-index
                      Filesize

                      4KB

                      MD5

                      4b0aa18f21ea6ed69767ba3b2e35212e

                      SHA1

                      4e33ea223255b6e16b7c5079751b0875a500c539

                      SHA256

                      086a1e821a7bee6aa4f404adc5779010e5595ab0ab1ac2c41cc2e8eccb472e24

                      SHA512

                      7cb8e57371c6d82a616e575909769153a4b7a786e2910d24e6e5841766458a95d4c4f24c7ecaffa4b2f061530e414fbf2870154c292087fce3c9f0751aec49fb

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\15c2256b-e01c-4fbd-a0f0-b6548588d23b\index-dir\the-real-index~RFe5a88d8.TMP
                      Filesize

                      4KB

                      MD5

                      668132fbbe58dc78511cf0b3545eced6

                      SHA1

                      38ff0b8feba4f970c909fa9d0e1aa13ab5c74f37

                      SHA256

                      f5151057e525aad83f75c56ed17c7091840ceaafbbffdb9502aba375b9c3c7fd

                      SHA512

                      5fc3cf732e246e4982afaf69948591be5bfa29a611ea97bf4f04e7ab48b2c9d96188fac2a577c66adc5c78ab79c71ee8ef3e33fb66f288061e9125d7b2f20729

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\web_ntp_cache\index
                      Filesize

                      24B

                      MD5

                      54cb446f628b2ea4a5bce5769910512e

                      SHA1

                      c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

                      SHA256

                      fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

                      SHA512

                      8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\bcadigmkecmhhknameopgaidphameinh\Icons\128.png
                      Filesize

                      11KB

                      MD5

                      363bbbffe31e45e3945aa0ff3b8cdd1d

                      SHA1

                      f223255a82218ddd45bdf54a0cf1e8b438a67edc

                      SHA256

                      39b835c3dcf4261025de83d49ab151f5af0bc1ed8845932065aa1a333f026684

                      SHA512

                      7bbfb3810a2bed3d2a8a899afa95412cca95fa6916b1684ae3182bd0ad28faa7076fdf328281d106a53c10385667729b4089b0050610e87eadef2f3ff54e80be

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\bcadigmkecmhhknameopgaidphameinh\Icons\16.png
                      Filesize

                      699B

                      MD5

                      238b0e7dc06028db4b6aba8078740ffb

                      SHA1

                      5fd2309587993b371beabb7a9d039e0dba3006ba

                      SHA256

                      d159e510392f6da58c4d15cc098171d45c7b02a1362cbf7be7a2d47a1a10e7fc

                      SHA512

                      1dda4de21be647067c04dfc47174df39d0c6c1eeee3e9005211f908351b69d6a27ed268b5ec7480285fb203a95136a3a205f7bafb7eb5223a3dcbab0dadc0e5d

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\bcadigmkecmhhknameopgaidphameinh\Icons\256.png
                      Filesize

                      24KB

                      MD5

                      a363094ba5e40a4760a9bf566e5defd3

                      SHA1

                      1e74e20f48ec878bd0b76448c722168879c5b387

                      SHA256

                      05ae2d6161a3acd83798ec56dbc45087e6aeb0a1376401f55aa46539b1d95559

                      SHA512

                      ce30f312cc08366aa588e75b229c178a83cf6d464a1051bd1118b81e5166085a2b1bcfbff97804f3e8662366b59f43a659e4b0e315dabad125f16ec9ad9ac379

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\bcadigmkecmhhknameopgaidphameinh\Icons\32.png
                      Filesize

                      1KB

                      MD5

                      d2e7ab79b45eda7c4421f296abf37c52

                      SHA1

                      8490f4e098d50ec161e64db912f8430826daf2bc

                      SHA256

                      ded3490683fcf3c5b87803bb1835759df2b65831a6257a326709a708a1dd45ac

                      SHA512

                      094c2150f872e727980f84b6c011f13210d43cbfd9437825b3b014211c69d7bd3f6367e9913370b624ddad270cfe91c190ebf2c5f5fd4e082b5d6c85199cb6b1

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\bcadigmkecmhhknameopgaidphameinh\Icons\48.png
                      Filesize

                      2KB

                      MD5

                      7cf35c8c1a7bd815f6beea2ef9a5a258

                      SHA1

                      758f98bfed64e09e0cc52192827836f9e1252fd1

                      SHA256

                      67c320fa485a8094fc91cd3fcd59a7c75d2474e3046a7eb274b01863257fbe01

                      SHA512

                      0bbebde654c9f44cf56b74fc1a9525b62c88724ec80658efede3cbb370c3a6d4f3e78df459bbd0559a51838f4a172bdfcd370bd5477038309024b77cd69f2a15

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\bcadigmkecmhhknameopgaidphameinh\Icons\64.png
                      Filesize

                      4KB

                      MD5

                      6f5486bcca8c4ce582982a196d89ece5

                      SHA1

                      4648ae13d71b2ff681cabc5d0b5b4bb242cb78a2

                      SHA256

                      c870819a5c73e2ea5f94312bdf10fc56668d3311ef2eab6509b659efb456bb8d

                      SHA512

                      9a36d519a9cadf5b464a98082511906cc5f24c4218f6bc2ae323f6b38bf5fd413614807ef0d442801bfbc3b2ce2a0527b0f7be24fd51f49cbde6b5dfe2cafd7c

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\bcadigmkecmhhknameopgaidphameinh\Icons\96.png
                      Filesize

                      7KB

                      MD5

                      115decbc3eb53574b2582f15a0996e83

                      SHA1

                      598a1d495135f767be6d03cf50418615b22146b6

                      SHA256

                      07fbfbda84eb5467b120fb3f9b4e028077303098bac8c2934635b14bbda847e0

                      SHA512

                      af237ddb585ad38fd0fc3d0f0b75c60d0117e965a548bda055b2625f86ee7d91fedc840e1afa2fe80814f152732371255133faa21c3d774ca9691446541cf46c

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\cf4fe699-6876-41d3-98be-6686c9a241d1.tmp
                      Filesize

                      160KB

                      MD5

                      54497ce2271deb0e673ec048b44da343

                      SHA1

                      5f886314234b7aa6a4da5efc937a9d63ed007727

                      SHA256

                      3dcf052bb8050fa32f28873bb665f63f457799cb9a92549fb2dbea94014f929b

                      SHA512

                      d0d77d763b1b12c1b9d7a9a3f2aee4640ed5fb10d828b7c3c2cb051504c2b7b6438309124b934b346a4152c0aca009883d6bda42dc997188b8ca2736ac3419c9

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\turboapp_db.json
                      Filesize

                      40KB

                      MD5

                      163a6ee7dfce247a999b75a491f6e9c9

                      SHA1

                      872f644a71064c494c2f8b95513ac733ae00bd66

                      SHA256

                      3ee1ecf3df0c01f93fedb7398b0b9b67fd943b1bd943ab61753ee98a3dc1f4b5

                      SHA512

                      ed1424fc7649b9afda810242d51d07d8ccb34fc7c3978b840965ae2b5878fc1369ae6ea0725c96ffd127304267afdb8c0e8fbdf60c020d28a63f890b9b4e525c

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\turboapp_db.json
                      Filesize

                      40KB

                      MD5

                      f05afd26feacc5bea00efaa9daa75bea

                      SHA1

                      4cf648a94bc9536b417406374293cf8860ce8be5

                      SHA256

                      3e0d84164e75bd0305d5790a8edee4f2d532e4899e4cefbf85d243bac34740f5

                      SHA512

                      7e20b0d988992153241c114254eeea5e357718d5746b786d932d784eda5018c7e92ce98fff9f6b907e0f16fd738db5d144bff0939de76e655100af75093c88ce

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\turboapp_db.json~RFe5a7aaf.TMP
                      Filesize

                      24KB

                      MD5

                      ce9543fece4b279c83ad4bb67d81dd3b

                      SHA1

                      8c7229a8e44b93890aaadde4d9accbfff27d1f90

                      SHA256

                      3e90480d27954d9aff38dd4e39951e53ad916d5a2a3de48596f3f15d295e3f5a

                      SHA512

                      c6f68bf298062979cdbfa98f997b4f9f4f08bc2c0a1291e7c7bab90d303c0da80a1b1ea535a8379ce7d162a36b49bc9453ab3827a7a12ac41857e51332543713

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\GrShaderCache\data_0
                      Filesize

                      8KB

                      MD5

                      cf89d16bb9107c631daabf0c0ee58efb

                      SHA1

                      3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

                      SHA256

                      d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

                      SHA512

                      8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\GrShaderCache\data_1
                      Filesize

                      264KB

                      MD5

                      d0d388f3865d0523e451d6ba0be34cc4

                      SHA1

                      8571c6a52aacc2747c048e3419e5657b74612995

                      SHA256

                      902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

                      SHA512

                      376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\GrShaderCache\data_2
                      Filesize

                      8KB

                      MD5

                      0962291d6d367570bee5454721c17e11

                      SHA1

                      59d10a893ef321a706a9255176761366115bedcb

                      SHA256

                      ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

                      SHA512

                      f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\GraphiteDawnCache\data_3
                      Filesize

                      8KB

                      MD5

                      41876349cb12d6db992f1309f22df3f0

                      SHA1

                      5cf26b3420fc0302cd0a71e8d029739b8765be27

                      SHA256

                      e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

                      SHA512

                      e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\d8106dbb-3c1b-4618-b161-9d1c1154477c.tmp
                      Filesize

                      211KB

                      MD5

                      c98a1432641f22fe7895220723139ff0

                      SHA1

                      47e9306eb742d745fea180ed69a8944fbadee3e2

                      SHA256

                      e4acaf065544b9ae0985879401b683eca535b36982b349b3770452f450dddd58

                      SHA512

                      05b85150f66b639b6664832a6232de4a22d8201efb4940d65f925b0d29e2ea3e8084cc96fb488366a9d10f389eeb8ced2484edd829e0a6741ab332db4c6907d9

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
                      Filesize

                      1KB

                      MD5

                      3a25f611e728117a52dda6c7a57c1acd

                      SHA1

                      c246cc1a151846b6b47a11b441f9437a5541370f

                      SHA256

                      f6ea66c0d16d3cf3833f869e6b383c363b1b0c9fe3b051a5e0e38a39b461ae41

                      SHA512

                      4398eee8f3868bd9bc30f1c3dbfb407447cc6cd172e2bd2bf6c381ea64d82b359f9d6c464a465c13db8ea96da0192ea40d219ec5cf07bbe890a9dacf7d4c1868

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
                      Filesize

                      1KB

                      MD5

                      239806406a992e7fa9d4ffb01b049753

                      SHA1

                      98244afb6204befb30c2940a8e5d268449f532ed

                      SHA256

                      9e4f69012efc73f0e05c1d61c5791aac58e6ce6ec7c03c7d2c92b044651af304

                      SHA512

                      35f1f568ede0768ec59b7f6b6c70180917a20abbe5ed6761bd838ade67e6d89fb4a5953562c79b1f4d053e4f929ca8c9f29603ccee1d26d0581ad61676641857

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
                      Filesize

                      1KB

                      MD5

                      be6783fa2296dab993df58877dc124f8

                      SHA1

                      d575956e99c3759fbc681fb1e2778f365150730c

                      SHA256

                      00faefebeada56ab34f4626681b5a98b2de7807f61e853dd7718cfc6b2571fc0

                      SHA512

                      b6b70c3fc348e8f4cb826bf6c4087efa472b88a9ce3ff3e0f7719feb147ef92b5b38c8373bcb23458064cd96d311f6ac14d1f4672e20523a1c2294a28ccd1d4c

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
                      Filesize

                      1KB

                      MD5

                      5d3bfe6622eaa7f6550b1d18bbd397b8

                      SHA1

                      ff83dd7baf240a870bd97f3cc9809c37807b234b

                      SHA256

                      be483f5f82bab1682ebbace5af33103350c75f50c0017473b37719ccd6c8b1cd

                      SHA512

                      ffa6b780812a83ef918eb1db9de1e2b6114a06db64b3b56777d9cd799d723d436d5bfa4fdbfc548544d331c7869fe563b504def914c65970053d4f2c72d759b0

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\places.sqlite-20241028202746.239622.backup
                      Filesize

                      68KB

                      MD5

                      314cb7ffb31e3cc676847e03108378ba

                      SHA1

                      3667d2ade77624e79d9efa08a2f1d33104ac6343

                      SHA256

                      b6d278384a3684409a2a86f03e4f52869818ce7dd8b5779876960353f7d35dc1

                      SHA512

                      dc795fa35ea214843a781ee2b2ef551b91b6841a799bef2c6fb1907d90f6c114071a951ebb7b2b30e81d52b594d447a26ab12ddb57c331e854577d11e5febef5

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Bookmarks
                      Filesize

                      2KB

                      MD5

                      d6cffb4ca03bf9d7e0527f75b5e53f47

                      SHA1

                      7de7e21b2e4b721c59645371233f7d67ea399672

                      SHA256

                      081a40fd2738b6c33ae304967bfc2dfcd09487d8ab989e132690b1a8348b598c

                      SHA512

                      83802a598f385339cd869d1305329e37cac59da6a45e3f443c6e2449ff618dff6922437c1c310f02c4a0b3b19570a57899eb5ec6bffeccbac40b69e7ee7e34a0

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Bookmarks-20241028202746.851623.backup
                      Filesize

                      1KB

                      MD5

                      3adec702d4472e3252ca8b58af62247c

                      SHA1

                      35d1d2f90b80dca80ad398f411c93fe8aef07435

                      SHA256

                      2b167248e8136c4d45c2c46e2bff6fb5e5137dd4dfdccde998599be2df2e9335

                      SHA512

                      7562e093d16ee6305c1bb143a3f5d60dafe8b5de74952709abc68a0c353b65416bf78b1fa1a6720331615898848c1464a7758c5dfe78f8098f77fbfa924784c0

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\BookmarksExtras
                      Filesize

                      18KB

                      MD5

                      a0f129590e8f0fd681a4cbfed668b201

                      SHA1

                      ccd3c6c00ac05ddc7f6741d9947a591ed10b686b

                      SHA256

                      0ce1904ef3e07c7b3858a22dd78474d419cdb7b7e23ec5e8ade09093c4a15603

                      SHA512

                      530aee7cb6256f1617a0ae61c8721a398f37c343e5c44b092aa347429c3a7e9b3e10fa8079a306376522d9e4ff77d5a94e8798955774caafc813c1bb84eac0d6

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Preferences
                      Filesize

                      318B

                      MD5

                      fe2228417f609a6ddc8990d96bcadd14

                      SHA1

                      6bafa7f9a9d1da0ec838fcf8c9625fc045904561

                      SHA256

                      94fe91aa91c4ea645f819cb330c3118853d6a40f9b55175f4de8583199c51813

                      SHA512

                      19cbdbd6290d4688ca474d3f117dfd9336c2d0d8477c6409207698e10e4e2251e989668735c7a5fe51a5ffb9968602612068113fc9b80232dd09d7f011e17937

                      Download Submit

                    • C:\Users\Admin\Desktop\00406\HEUR-Trojan-Ransom.MSIL.Crypmod.gen-1dbf72d00508abe53078b82df6f24dce102030b44cf4ff08ab6cde406e2afc2d.exe
                      Filesize

                      64KB

                      MD5

                      e9ee07a4da0a655c2d9f786f352c26d3

                      SHA1

                      dc48183845b5590227ae9a7619be311a36e16c04

                      SHA256

                      1dbf72d00508abe53078b82df6f24dce102030b44cf4ff08ab6cde406e2afc2d

                      SHA512

                      f20c4c134c99e0acb4a796756f1926c8aabd1eb20344fec520a80b5d9d8f4979ea3df7b202bb8d94b981afdd52e2b3a2107a168303e583b2c51d1d1d5cea1053

                      Download Submit

                    • C:\Users\Admin\Desktop\00406\HEUR-Trojan-Ransom.MSIL.Encoder.gen-c9c23f532b034cc9055bd8db4d7e237706749584b36bb90db4d8a4d2e4cf3c73.exe
                      Filesize

                      3.8MB

                      MD5

                      aba5d485589182780e93bd9707471f97

                      SHA1

                      dbff9e60b82bb37e6a4ef883f2d5d36eec868430

                      SHA256

                      c9c23f532b034cc9055bd8db4d7e237706749584b36bb90db4d8a4d2e4cf3c73

                      SHA512

                      8535f72fdf3c67c1e90f68a2dfe0f8949c9a20ba58ee1e9c34ed9efa4f2d1e48995f11f545f43c253b505783554eedf9c310cc1e92e4fa1e580070e63b9de856

                      Download Submit

                    • C:\Users\Admin\Desktop\00406\HEUR-Trojan-Ransom.Win32.Blocker.gen-dfa55212542ed697d1dba24d643315d5b3b3cbd659b68a11f9174a68fdaf4cf6.exe
                      Filesize

                      1.4MB

                      MD5

                      0894c3b3770698d6cc5d968e4795b7a7

                      SHA1

                      be0ec60b46687da7c2ecc9f43bf61f26a550eb35

                      SHA256

                      dfa55212542ed697d1dba24d643315d5b3b3cbd659b68a11f9174a68fdaf4cf6

                      SHA512

                      dbf2c35e2d1879fd6de83eb4cead7b767e6cc1a05b5ac5b3aef0b66c4f562be099d1bdff1d29e676b17f42fe934fe3a3b675e1487c74891655d13a1f762614d0

                      Download Submit

                    • C:\Users\Admin\Desktop\00406\HEUR-Trojan-Ransom.Win32.Encoder.gen-c1284872bbb96b68bd6fce25eaa81897ec46149a34c010845a9ff5148daa6531.exe
                      Filesize

                      202KB

                      MD5

                      f5022003d563e89d1e789e9dba355eb6

                      SHA1

                      223d4f21253c8bfc226d28ac1712b2a2b0c61269

                      SHA256

                      c1284872bbb96b68bd6fce25eaa81897ec46149a34c010845a9ff5148daa6531

                      SHA512

                      74a13e1bf69030cd8c4b70a528e81e04c0798b82d8c42902117d8264343ca7f19e492e0eca798d477fb7ba95ca7c9fb0bf395acc220fdc84e7bb85c787bb461c

                      Download Submit

                    • C:\Users\Admin\Desktop\00406\HEUR-Trojan-Ransom.Win32.GandCrypt.gen-26f3f637546d62f298c4872376218a4a7f957c187ec804672895e976c284e9ab.exe
                      Filesize

                      321KB

                      MD5

                      045ecc4b1b2d6c2963c06b41d4125e98

                      SHA1

                      ac29b4e0e960ddf76ee6e963aa3fe41b5c09a614

                      SHA256

                      26f3f637546d62f298c4872376218a4a7f957c187ec804672895e976c284e9ab

                      SHA512

                      c15c45e273f49be6acb957e026de5dc2909b33fd650196b78ee86cd7b4864cf785c68078cb32bfaa92948c5c56eded4e5b55384b340602f1391686c8225a2dc3

                      Download Submit

                    • C:\Users\Admin\Desktop\00406\HEUR-Trojan-Ransom.Win32.Gen.gen-dbb4da123ae0bffedc7724587732b15db44a78dfc2ddb99a68511ef1b9e44b60.exe
                      Filesize

                      219KB

                      MD5

                      15ecb650b120b03f2351326eafe58be0

                      SHA1

                      d8a99cf89826e63830e34c2eb5f7c2f61dc19eab

                      SHA256

                      dbb4da123ae0bffedc7724587732b15db44a78dfc2ddb99a68511ef1b9e44b60

                      SHA512

                      578b9d88e0f54b502477aab7dddc7ae42931b2a90e84b4f290d6c8480cef4a678bfe703582f426a4975eee979ea42bacb76ff81854528651ab3bf289b10f7af9

                      Download Submit

                    • C:\Users\Admin\Desktop\00406\HEUR-Trojan-Ransom.Win32.Generic-f8dc2bcc806e3f18fc119e7f6c3b68d38d1013578907a4de3e4ef8eaa77e6e3c.exe
                      Filesize

                      844KB

                      MD5

                      be039dff1740871848be69eaa1892db8

                      SHA1

                      6629514ee47fde9d05b020d39cc38b1dbb650067

                      SHA256

                      f8dc2bcc806e3f18fc119e7f6c3b68d38d1013578907a4de3e4ef8eaa77e6e3c

                      SHA512

                      32fb4e03c6f9fa8437770f8b1dbbe1d7b0dc1eebdb12935678c07d3979361189d255a65e78027a4fd8201d824ec16cd8942f3f9efbc3dfc75bd8d5c11771a11f

                      Download Submit

                    • C:\Users\Admin\Desktop\00406\HEUR-Trojan-Ransom.Win32.PolyRansom.gen-29be773b1e6790c38a70d5b5b9f49558db69d8ca0b9c9ddd61f69b21faf6f7d2.exe
                      Filesize

                      862KB

                      MD5

                      003f7d15f80195d8855091bdcb13da37

                      SHA1

                      9770d3c9f646f532d0972bc8228d21876b5592bb

                      SHA256

                      29be773b1e6790c38a70d5b5b9f49558db69d8ca0b9c9ddd61f69b21faf6f7d2

                      SHA512

                      4adf30881cf17b498fb912c1df37d25d5278838e923ceed95b01024fdd40decc316df177df705213b182ec12c8ca345af496e4be620329b7f2e9973bb997f0db

                      Download Submit

                    • C:\Users\Admin\Desktop\00406\Trojan-Ransom.Win32.Encoder.kuw-c2b3ee961f034ad7c9793ed666da7fb352acea9ece866a508e57f6af82d1625b.exe
                      Filesize

                      92KB

                      MD5

                      75b35eb1e18467e6e6041cdf077f256e

                      SHA1

                      db81e911ee9cdec7d9e6c01c8a28712e9ffa92ac

                      SHA256

                      c2b3ee961f034ad7c9793ed666da7fb352acea9ece866a508e57f6af82d1625b

                      SHA512

                      7f5151a79cbf707f2ee3e2e767bd5e3e0f13f3f7dd3d852456927f2b8e691db7b5412801a393264b302e144e89adf0d4179fadb44c420562fd0fb64d480dbc0b

                      Download Submit

                    • C:\Users\Admin\Desktop\00406\Trojan-Ransom.Win32.PornoAsset.cqae-41423f7ba1356d779db719ffc36107cc4f79f9d517d7e86181f4386054f11eb7.exe
                      Filesize

                      424KB

                      MD5

                      433865bdc526b4942c5186f7cba9d647

                      SHA1

                      973e1ca2b18d81ef0d7a5273871edd1b6c3aa800

                      SHA256

                      41423f7ba1356d779db719ffc36107cc4f79f9d517d7e86181f4386054f11eb7

                      SHA512

                      8930652fadb884decd27795333d9e80d045b081151504de0ad2466b54cdc2e62ffde003380626e7a21824c17c10fd6c547e1dd003ee940e46605389751700bf0

                      Download Submit

                    • C:\Users\Admin\Desktop\00406\UDS-Trojan-Ransom.Win32.Generic-307877ffda4924fe3b54b3b1fa3e104d611d706d8c634614fa95fcd3d91de092.exe
                      Filesize

                      8.9MB

                      MD5

                      287f57c13d40428a2b4a53272e7fd759

                      SHA1

                      c6396ca3db6bb4598b9916ab96cbbc3f1a5abe2e

                      SHA256

                      307877ffda4924fe3b54b3b1fa3e104d611d706d8c634614fa95fcd3d91de092

                      SHA512

                      a8a14580d2a845e3c51804003fb73165d2275c50d055b2310b52b9d49d738e1436ef501b69becd053f9a28468819562c7f178717278890ac233ea4f847431f16

                      Download Submit

                    • C:\Users\Default\Desktop\54d3m8g-readme.txt.0s1-oof-dvl
                      Filesize

                      6KB

                      MD5

                      b569197bbcf525fbb314426a5f81665c

                      SHA1

                      025ff03ca5b3c52588c8df30722177a7b8ea4bd1

                      SHA256

                      f722907686d79dcc9a9d47bf60382bf8816b1e792d02fe5635df5d1bf18ecaeb

                      SHA512

                      a9b8f89bbb37264aaeaeb83d6f4ae1742c67d186c061af740df2de8d97f35df327871a9aaa4ab02b746630a62f50bef891d18a88c7235a79c3b5c4c79783ff2d

                      Download Submit

                    • C:\Windows\Installer\MSI6C70.tmp
                      Filesize

                      181KB

                      MD5

                      0c80a997d37d930e7317d6dac8bb7ae1

                      SHA1

                      018f13dfa43e103801a69a20b1fab0d609ace8a5

                      SHA256

                      a5dd2f97c6787c335b7807ff9b6966877e9dd811f9e26326837a7d2bd224de86

                      SHA512

                      fe1caef6d727344c60df52380a6e4ab90ae1a8eb5f96d6054eced1b7734357ce080d944fa518cf1366e14c4c0bd9a41db679738a860800430034a75bb90e51a5

                      Download Submit

                    • C:\\AUTORUN.INF.exe
                      Filesize

                      863KB

                      MD5

                      43d25536c832dbe6b8290a75489e0db7

                      SHA1

                      4a141e6d0ad63d2dc5ccb8ec87b4184bc694bba7

                      SHA256

                      e707ece3f8ddc89510441c8be3d8710a1a788ddd51a6cc52df9d270ab51fd944

                      SHA512

                      1f545da9d21fda8def4648704bdadb3b1ff8193bc7191304cae372ee4a4005aa3bae5bf3cf4541b8cf5faca4dc0f91512adaecfeff974f96e79a1cf89f543ef1

                      Download Submit

                    • C:\\AutoRun.exe.exe
                      Filesize

                      1.7MB

                      MD5

                      b726fe486a448f8a0075ba6dd2a202c1

                      SHA1

                      cb7716debbe3a95785c1e936040669e41480562c

                      SHA256

                      9182b63d1244928f92b1f4e5ca0aed9b7f397e3e5163b6f44c8b84097a3deb2a

                      SHA512

                      937dcb44bb61fc1ca16ec48b495a647437c1a8b745a26e2fa670ba603b665532e301eee3d5ad5ff357b9ef6bd044243c35ac4bfebd5e1a491d152761c14e2256

                      Download Submit

                    • F:\AUTORUN.INF
                      Filesize

                      145B

                      MD5

                      ca13857b2fd3895a39f09d9dde3cca97

                      SHA1

                      8b78c5b2ec97c372ebdcef92d14b0998f8dd6dd0

                      SHA256

                      cfe448b4506a95b33b529efa88f1ac704d8bdf98a941c065650ead27609318ae

                      SHA512

                      55e5b5325968d1e5314527fb2d26012f5aae4a1c38e305417be273400cb1c6d0c22b85bddb501d7a5720a3f53bb5caf6ada8a7894232344c4f6c6ef85d226b47

                      Download Submit

                    • \??\c:\users\admin\desktop\00406\vho-trojan-ransom.win32.convagent.gen-151239a6ca4aa492c4d810d8a92dd55a2b3a8822e57f9a2046d4580599452deb.exe
                      Filesize

                      96KB

                      MD5

                      6cbb9d3d9a126341b9a49371f70f3261

                      SHA1

                      7b4fd9d9a7ab533dcfd210626d666a14030ce78f

                      SHA256

                      151239a6ca4aa492c4d810d8a92dd55a2b3a8822e57f9a2046d4580599452deb

                      SHA512

                      be0d31e26cafb85a8076c14d8ba23865e5722b79e93b5ea2af6bd53f6c1f3e4d2224a7225358d84280e4934044a33ebc0a3de8834692a26cf2eccb15918aa6c6

                      Download Submit

                    • memory/464-31-0x000002ACAC1D0000-0x000002ACAC1D1000-memory.dmp

                      Filesize

                      4KB

                      Download

                    • memory/464-24-0x000002ACAC1D0000-0x000002ACAC1D1000-memory.dmp

                      Filesize

                      4KB

                      Download

                    • memory/464-30-0x000002ACAC1D0000-0x000002ACAC1D1000-memory.dmp

                      Filesize

                      4KB

                      Download

                    • memory/464-32-0x000002ACAC1D0000-0x000002ACAC1D1000-memory.dmp

                      Filesize

                      4KB

                      Download

                    • memory/464-33-0x000002ACAC1D0000-0x000002ACAC1D1000-memory.dmp

                      Filesize

                      4KB

                      Download

                    • memory/464-35-0x000002ACAC1D0000-0x000002ACAC1D1000-memory.dmp

                      Filesize

                      4KB

                      Download

                    • memory/464-36-0x000002ACAC1D0000-0x000002ACAC1D1000-memory.dmp

                      Filesize

                      4KB

                      Download

                    • memory/464-34-0x000002ACAC1D0000-0x000002ACAC1D1000-memory.dmp

                      Filesize

                      4KB

                      Download

                    • memory/464-25-0x000002ACAC1D0000-0x000002ACAC1D1000-memory.dmp

                      Filesize

                      4KB

                      Download

                    • memory/464-26-0x000002ACAC1D0000-0x000002ACAC1D1000-memory.dmp

                      Filesize

                      4KB

                      Download

                    • memory/732-155-0x0000000030000000-0x000000003007F000-memory.dmp

                      Filesize

                      508KB

                      Download

                    • memory/732-152-0x0000000030000000-0x000000003007F000-memory.dmp

                      Filesize

                      508KB

                      Download

                    • memory/1004-518-0x000000001CCD0000-0x000000001CD44000-memory.dmp

                      Filesize

                      464KB

                      Download

                    • memory/1004-538-0x0000000001780000-0x0000000001786000-memory.dmp

                      Filesize

                      24KB

                      Download

                    • memory/1004-494-0x0000000000E10000-0x0000000000EB4000-memory.dmp

                      Filesize

                      656KB

                      Download

                    • memory/1056-96-0x00000000020A0000-0x00000000020B7000-memory.dmp

                      Filesize

                      92KB

                      Download

                    • memory/1056-94-0x0000000000400000-0x000000000045F000-memory.dmp

                      Filesize

                      380KB

                      Download

                    • memory/1308-483-0x0000000000B80000-0x0000000001334000-memory.dmp

                      Filesize

                      7.7MB

                      Download

                    • memory/1952-73-0x0000000000320000-0x0000000000336000-memory.dmp

                      Filesize

                      88KB

                      Download

                    • memory/2204-298-0x0000000000400000-0x0000000000469000-memory.dmp

                      Filesize

                      420KB

                      Download

                    • memory/2204-300-0x0000000064540000-0x000000006454A000-memory.dmp

                      Filesize

                      40KB

                      Download

                    • memory/2204-301-0x0000000063140000-0x000000006314B000-memory.dmp

                      Filesize

                      44KB

                      Download

                    • memory/2204-1046-0x0000000000400000-0x0000000000469000-memory.dmp

                      Filesize

                      420KB

                      Download

                    • memory/2648-225-0x0000000000400000-0x0000000000736000-memory.dmp

                      Filesize

                      3.2MB

                      Download

                    • memory/2648-1395-0x0000000000400000-0x0000000000736000-memory.dmp

                      Filesize

                      3.2MB

                      Download

                    • memory/2648-7366-0x000000006EBF0000-0x000000006EC29000-memory.dmp

                      Filesize

                      228KB

                      Download

                    • memory/2648-226-0x000000006EBF0000-0x000000006EC29000-memory.dmp

                      Filesize

                      228KB

                      Download

                    • memory/2648-467-0x0000000000400000-0x0000000000736000-memory.dmp

                      Filesize

                      3.2MB

                      Download

                    • memory/2648-143-0x0000000000400000-0x0000000000736000-memory.dmp

                      Filesize

                      3.2MB

                      Download

                    • memory/2648-6863-0x0000000075A40000-0x0000000075A79000-memory.dmp

                      Filesize

                      228KB

                      Download

                    • memory/2648-210-0x000000006DEC0000-0x000000006DEF9000-memory.dmp

                      Filesize

                      228KB

                      Download

                    • memory/2648-224-0x0000000000400000-0x0000000000736000-memory.dmp

                      Filesize

                      3.2MB

                      Download

                    • memory/2648-2243-0x0000000000400000-0x0000000000736000-memory.dmp

                      Filesize

                      3.2MB

                      Download

                    • memory/2648-2240-0x000000006FFE0000-0x0000000070019000-memory.dmp

                      Filesize

                      228KB

                      Download

                    • memory/2648-2239-0x0000000000400000-0x0000000000736000-memory.dmp

                      Filesize

                      3.2MB

                      Download

                    • memory/2648-2238-0x0000000000400000-0x0000000000736000-memory.dmp

                      Filesize

                      3.2MB

                      Download

                    • memory/2648-9220-0x000000006FFE0000-0x0000000070019000-memory.dmp

                      Filesize

                      228KB

                      Download

                    • memory/2648-160-0x0000000000400000-0x0000000000736000-memory.dmp

                      Filesize

                      3.2MB

                      Download

                    • memory/2648-9213-0x0000000075AF0000-0x0000000075B29000-memory.dmp

                      Filesize

                      228KB

                      Download

                    • memory/2648-145-0x0000000000400000-0x0000000000736000-memory.dmp

                      Filesize

                      3.2MB

                      Download

                    • memory/2648-219-0x0000000000400000-0x0000000000736000-memory.dmp

                      Filesize

                      3.2MB

                      Download

                    • memory/3100-471-0x0000000000400000-0x0000000000420000-memory.dmp

                      Filesize

                      128KB

                      Download

                    • memory/3100-2244-0x0000000000400000-0x0000000000420000-memory.dmp

                      Filesize

                      128KB

                      Download

                    • memory/3100-1396-0x0000000000400000-0x0000000000420000-memory.dmp

                      Filesize

                      128KB

                      Download

                    • memory/3100-6379-0x0000000000400000-0x0000000000420000-memory.dmp

                      Filesize

                      128KB

                      Download

                    • memory/3540-131-0x0000000005970000-0x0000000005F14000-memory.dmp

                      Filesize

                      5.6MB

                      Download

                    • memory/3540-133-0x00000000053C0000-0x0000000005452000-memory.dmp

                      Filesize

                      584KB

                      Download

                    • memory/3540-122-0x0000000005320000-0x00000000053BC000-memory.dmp

                      Filesize

                      624KB

                      Download

                    • memory/3540-119-0x00000000008A0000-0x000000000097A000-memory.dmp

                      Filesize

                      872KB

                      Download

                    • memory/3540-141-0x00000000052E0000-0x00000000052EA000-memory.dmp

                      Filesize

                      40KB

                      Download

                    • memory/3540-240-0x0000000016660000-0x0000000016E06000-memory.dmp

                      Filesize

                      7.6MB

                      Download

                    • memory/3540-142-0x00000000055B0000-0x0000000005606000-memory.dmp

                      Filesize

                      344KB

                      Download

                    • memory/3672-132-0x0000000000EB0000-0x0000000000F06000-memory.dmp

                      Filesize

                      344KB

                      Download

                    • memory/4136-77-0x0000000000BE0000-0x0000000000FB0000-memory.dmp

                      Filesize

                      3.8MB

                      Download

                    • memory/4172-63-0x0000020124250000-0x0000020124294000-memory.dmp

                      Filesize

                      272KB

                      Download

                    • memory/4172-64-0x0000020124320000-0x0000020124396000-memory.dmp

                      Filesize

                      472KB

                      Download

                    • memory/4172-66-0x00000201242E0000-0x00000201242FE000-memory.dmp

                      Filesize

                      120KB

                      Download

                    • memory/4172-62-0x0000020123300000-0x0000020123322000-memory.dmp

                      Filesize

                      136KB

                      Download

                    • memory/4216-705-0x00000000028A0000-0x00000000028CB000-memory.dmp

                      Filesize

                      172KB

                      Download

                    • memory/4216-704-0x00000000028A0000-0x00000000028CB000-memory.dmp

                      Filesize

                      172KB

                      Download

                    • memory/4216-1082-0x0000000000400000-0x000000000055D000-memory.dmp

                      Filesize

                      1.4MB

                      Download

                    • memory/4216-297-0x0000000000400000-0x000000000055D000-memory.dmp

                      Filesize

                      1.4MB

                      Download

                    • memory/4268-557-0x00000000002F0000-0x0000000000D7E000-memory.dmp

                      Filesize

                      10.6MB

                      Download

                    • memory/4268-159-0x00000000002F0000-0x0000000000D7E000-memory.dmp

                      Filesize

                      10.6MB

                      Download

                    • memory/4268-215-0x00000000002F0000-0x0000000000D7E000-memory.dmp

                      Filesize

                      10.6MB

                      Download

                    • memory/4268-214-0x00000000002F0000-0x0000000000D7E000-memory.dmp

                      Filesize

                      10.6MB

                      Download

                    • memory/4928-308-0x0000000000400000-0x0000000000479000-memory.dmp

                      Filesize

                      484KB

                      Download

                    • memory/4928-129-0x0000000000400000-0x0000000000479000-memory.dmp

                      Filesize

                      484KB

                      Download

                    • memory/5088-302-0x0000000000400000-0x00000000008C4000-memory.dmp

                      Filesize

                      4.8MB

                      Download

                    • memory/5088-6228-0x0000000000400000-0x00000000008C4000-memory.dmp

                      Filesize

                      4.8MB

                      Download

                    • memory/5088-2235-0x0000000000400000-0x00000000008C4000-memory.dmp

                      Filesize

                      4.8MB

                      Download