Analysis Overview
SHA256
4f128c759e90606c9c7b5546259a7888b2aaaf5ea59d1aa40d5284056366504c
Threat Level: Likely malicious
The file KLSetup.exe was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Modifies file permissions
Checks computer location settings
Reads user/profile data of web browsers
Executes dropped EXE
Loads dropped DLL
Adds Run key to start application
Blocklisted process makes network request
Enumerates connected drives
Checks installed software on the system
Drops file in System32 directory
Checks system information in the registry
Drops file in Program Files directory
Drops file in Windows directory
Enumerates physical storage devices
Modifies Internet Explorer settings
Modifies system certificate store
Suspicious use of SetWindowsHookEx
Modifies data under HKEY_USERS
Modifies registry class
Enumerates system info in registry
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Modifies Internet Explorer start page
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-01 07:29
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-01 07:29
Reported
2024-06-01 07:32
Platform
win10v2004-20240508-en
Max time kernel
150s
Max time network
157s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\KLSetup.exe
"C:\Users\Admin\AppData\Local\Temp\KLSetup.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.klaun.ch | udp |
| US | 104.26.11.58:80 | api.klaun.ch | tcp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.11.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.178.89.13.in-addr.arpa | udp |
| US | 104.26.11.58:80 | api.klaun.ch | tcp |
| US | 8.8.8.8:53 | udp | |
| N/A | 5.45.205.245:80 | tcp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 5.45.192.185:80 | tcp |
Files
memory/4212-0-0x0000000003950000-0x0000000003951000-memory.dmp
memory/4212-1-0x0000000000A10000-0x0000000001255000-memory.dmp
memory/4212-3-0x0000000003950000-0x0000000003951000-memory.dmp
memory/4212-15-0x0000000000A10000-0x0000000001255000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-01 07:29
Reported
2024-06-01 07:32
Platform
win7-20240419-en
Max time kernel
149s
Max time network
154s
Command Line
Signatures
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Run\YandexBrowserAutoLaunch_45886AE68CD319C7351FF54A1DBD4B87 = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --shutdown-if-not-closed-by-system-restart" | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Checks installed software on the system
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
Checks system information in the registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Yandex\ui | C:\Program Files (x86)\Yandex\YandexBrowser\24.4.4.1169\service_update.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Yandex\YandexBrowser\24.4.4.1169\debug.log | C:\Program Files (x86)\Yandex\YandexBrowser\24.4.4.1169\service_update.exe | N/A |
| File created | C:\Program Files (x86)\Yandex\YandexBrowser\24.4.4.1169\service_update.exe | C:\Windows\TEMP\sdwra_3156_2016994165\service_update.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Yandex\YandexBrowser\24.4.4.1169\service_update.exe | C:\Windows\TEMP\sdwra_3156_2016994165\service_update.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Installer\f76bb95.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIBF1B.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\f76bb95.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Tasks\Update for Yandex Browser.job | C:\Program Files (x86)\Yandex\YandexBrowser\24.4.4.1169\service_update.exe | N/A |
| File created | C:\Windows\Tasks\Repairing Yandex Browser update service.job | C:\Program Files (x86)\Yandex\YandexBrowser\24.4.4.1169\service_update.exe | N/A |
| File created | C:\Windows\Installer\f76bb92.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIBDFF.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIBF4B.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIC007.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIC20D.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIC307.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Tasks\Обновление Браузера Яндекс.job | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIBE4E.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIBEEB.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\f76bb92.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIBD91.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIC085.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIC141.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Tasks\System update for Yandex Browser.job | C:\Program Files (x86)\Yandex\YandexBrowser\24.4.4.1169\service_update.exe | N/A |
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\ce5d6660-1fe8-11ef-9f13-d600f8f2bb08 | C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\MINIE | C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main | C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\ce5d6660-1fe8-11ef-9f13-d600f8f2bb08\DisplayName = "Яндекс" | C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} | C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} | C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\DisplayName = "Яндекс" | C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\URL = "https://yandex.ru/search/?win=648&clid=6035498-354&text={searchTerms}" | C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\Local\\MICROS~1\\INTERN~1\\Services\\YANDEX~1.ICO" | C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\ce5d6660-1fe8-11ef-9f13-d600f8f2bb08\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" | C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\ce5d6660-1fe8-11ef-9f13-d600f8f2bb08\SuggestionsURL_JSON = "https://suggest.yandex.ru/suggest-ff.cgi?uil=ru&part={searchTerms}" | C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\ce5d6660-1fe8-11ef-9f13-d600f8f2bb08\SuggestionsURL | C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\buffer | C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\buffer\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" | C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconURLFallback = "https://www.ya.ru/favicon.ico" | C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\ce5d6660-1fe8-11ef-9f13-d600f8f2bb08\DisplayName = "Bing" | C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\ce5d6660-1fe8-11ef-9f13-d600f8f2bb08\URL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR" | C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\buffer\TopResultURLFallback = "http://www.bing.com/search?q={searchTerms}&src=IE-TopResult&FORM=IE11TR" | C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\ShowSearchSuggestionsInAddressGlobal = "1" | C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\ce5d6660-1fe8-11ef-9f13-d600f8f2bb08\NTLogoURL = "http://downloader.yandex.net/banner/ntpagelogo/{language}/{scalelevel}.png" | C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\buffer\DisplayName = "Bing" | C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTURL = "https://yandex.ru/search/?win=648&clid=6035502-354&text={searchTerms}" | C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\ce5d6660-1fe8-11ef-9f13-d600f8f2bb08\SuggestionsURLFallback = "http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}§ionHeight={ie:sectionHeight}&FORM=IE11SS&market={language}" | C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\MINIE\LinksBandEnabled = "1" | C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\buffer\FaviconURLFallback = "http://www.bing.com/favicon.ico" | C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURL | C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTLogoURL = "http://downloader.yandex.net/banner/ntpagelogo/{language}/{scalelevel}.png" | C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\ce5d6660-1fe8-11ef-9f13-d600f8f2bb08 | C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\ce5d6660-1fe8-11ef-9f13-d600f8f2bb08\URL = "https://yandex.ru/search/?win=648&clid=6035498-354&text={searchTerms}" | C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\ce5d6660-1fe8-11ef-9f13-d600f8f2bb08\FaviconPath = "C:\\Users\\Admin\\AppData\\Local\\MICROS~1\\INTERN~1\\Services\\YANDEX~1.ICO" | C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\buffer\SuggestionsURLFallback = "http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}§ionHeight={ie:sectionHeight}&FORM=IE11SS&market={language}" | C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTTopResultURL | C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\ce5d6660-1fe8-11ef-9f13-d600f8f2bb08\TopResultURLFallback = "http://www.bing.com/search?q={searchTerms}&src=IE-TopResult&FORM=IE11TR" | C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\buffer | C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\ce5d6660-1fe8-11ef-9f13-d600f8f2bb08\FaviconURLFallback = "https://www.ya.ru/favicon.ico" | C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\ce5d6660-1fe8-11ef-9f13-d600f8f2bb08\NTURL = "https://yandex.ru/search/?win=648&clid=6035502-354&text={searchTerms}" | C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\ce5d6660-1fe8-11ef-9f13-d600f8f2bb08\NTTopResultURL | C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\buffer\URL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR" | C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURL_JSON = "https://suggest.yandex.ru/suggest-ff.cgi?uil=ru&part={searchTerms}" | C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\ce5d6660-1fe8-11ef-9f13-d600f8f2bb08\YaCreationDate = "2024-30-01" | C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\YaCreationDate = "2024-30-01" | C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\ce5d6660-1fe8-11ef-9f13-d600f8f2bb08\FaviconURLFallback = "http://www.bing.com/favicon.ico" | C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DefaultScope = "{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" | C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe | N/A |
Modifies Internet Explorer start page
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Start Page = "https://www.ya.ru/?win=648&clid=6035495-354" | C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\AppDataLow\Yandex | C:\Program Files (x86)\Yandex\YandexBrowser\24.4.4.1169\service_update.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software | C:\Program Files (x86)\Yandex\YandexBrowser\24.4.4.1169\service_update.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow | C:\Program Files (x86)\Yandex\YandexBrowser\24.4.4.1169\service_update.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\Yandex | C:\Program Files (x86)\Yandex\YandexBrowser\24.4.4.1169\service_update.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\Yandex\UICreated_SYSTEM = "1" | C:\Program Files (x86)\Yandex\YandexBrowser\24.4.4.1169\service_update.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\.pdf | C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\YandexTIFF.VCSW6JTLDSYTZUAASZV5YIJDQA\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-119" | C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\YandexTIFF.VCSW6JTLDSYTZUAASZV5YIJDQA\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1" | C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\YandexTXT.VCSW6JTLDSYTZUAASZV5YIJDQA\ = "Yandex Browser TXT Document" | C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\.shtml\OpenWithProgids\YandexHTML.VCSW6JTLDSYTZUAASZV5YIJDQA | C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\YandexCSS.VCSW6JTLDSYTZUAASZV5YIJDQA\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-124" | C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\YandexINFE.VCSW6JTLDSYTZUAASZV5YIJDQA | C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\SystemFileAssociations\.webp\shell\image_search\ = "Поиск по картинке" | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\YandexWEBM.VCSW6JTLDSYTZUAASZV5YIJDQA\shell\open | C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\YandexXML.VCSW6JTLDSYTZUAASZV5YIJDQA\ = "Yandex Browser XML Document" | C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\.js | C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\.js\OpenWithProgids | C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\YandexHTML.VCSW6JTLDSYTZUAASZV5YIJDQA | C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\YandexCRX.VCSW6JTLDSYTZUAASZV5YIJDQA\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\YandexINFE.VCSW6JTLDSYTZUAASZV5YIJDQA\shell\open\command | C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\YandexSVG.VCSW6JTLDSYTZUAASZV5YIJDQA\ = "Yandex Browser SVG Document" | C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\.tiff\OpenWithProgids\YandexTIFF.VCSW6JTLDSYTZUAASZV5YIJDQA | C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\.shtml | C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\SystemFileAssociations\.jpeg\shell\image_search\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --image-search=\"%1\"" | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\.infected\OpenWithProgids\YandexINFE.VCSW6JTLDSYTZUAASZV5YIJDQA | C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\yabrowser\shell\open\command | C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\YandexBrowser.crx\shell\open | C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\YandexTIFF.VCSW6JTLDSYTZUAASZV5YIJDQA\shell\open | C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\YandexWEBM.VCSW6JTLDSYTZUAASZV5YIJDQA\shell\open\command | C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\YandexWEBP.VCSW6JTLDSYTZUAASZV5YIJDQA\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1" | C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\YandexGIF.VCSW6JTLDSYTZUAASZV5YIJDQA\ = "Yandex Browser GIF Document" | C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\YandexWEBM.VCSW6JTLDSYTZUAASZV5YIJDQA\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-132" | C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\.txt\OpenWithProgids | C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\SystemFileAssociations\.tiff | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\SystemFileAssociations\.tif\shell\image_search\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --image-search=\"%1\"" | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\SystemFileAssociations\.bmp\shell\image_search | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\YandexHTML.VCSW6JTLDSYTZUAASZV5YIJDQA\shell | C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\YandexTXT.VCSW6JTLDSYTZUAASZV5YIJDQA\shell | C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\YandexXML.VCSW6JTLDSYTZUAASZV5YIJDQA\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\.webp\OpenWithProgids | C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\YandexJPEG.VCSW6JTLDSYTZUAASZV5YIJDQA\ = "Yandex Browser JPEG Document" | C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\YandexSVG.VCSW6JTLDSYTZUAASZV5YIJDQA | C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\SystemFileAssociations\.gif\shell | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\SystemFileAssociations\.webp\shell\image_search | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\SystemFileAssociations\.webp\shell\image_search\command | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\YandexHTML.VCSW6JTLDSYTZUAASZV5YIJDQA\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1" | C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\YandexTIFF.VCSW6JTLDSYTZUAASZV5YIJDQA\shell | C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\yabrowser\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\yabrowser\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,0" | C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\YandexJS.VCSW6JTLDSYTZUAASZV5YIJDQA\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1" | C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\.html\OpenWithProgids | C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\YandexEPUB.VCSW6JTLDSYTZUAASZV5YIJDQA\ = "Yandex Browser EPUB Document" | C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\YandexFB2.VCSW6JTLDSYTZUAASZV5YIJDQA\ = "Yandex Browser FB2 Document" | C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\YandexSVG.VCSW6JTLDSYTZUAASZV5YIJDQA\shell | C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\.fb2\OpenWithProgids | C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\.epub\OpenWithProgids | C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\yabrowser\URL Protocol | C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\YandexEPUB.VCSW6JTLDSYTZUAASZV5YIJDQA\shell\open\command | C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\YandexFB2.VCSW6JTLDSYTZUAASZV5YIJDQA | C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\YandexPNG.VCSW6JTLDSYTZUAASZV5YIJDQA\ = "Yandex Browser PNG Document" | C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\YandexWEBM.VCSW6JTLDSYTZUAASZV5YIJDQA\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\SystemFileAssociations\.jpg\shell\image_search\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --image-search=\"%1\"" | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\YandexCSS.VCSW6JTLDSYTZUAASZV5YIJDQA\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\YandexPDF.VCSW6JTLDSYTZUAASZV5YIJDQA\shell\open\command | C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\.jpg\OpenWithProgids\YandexJPEG.VCSW6JTLDSYTZUAASZV5YIJDQA | C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\.png\OpenWithProgids | C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\.mhtml | C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\SystemFileAssociations\.jpg\shell\image_search\Icon = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,0" | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\YandexJPEG.VCSW6JTLDSYTZUAASZV5YIJDQA\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-109" | C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f00000053000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e | C:\Users\Admin\AppData\Local\Temp\yadl.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d00f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e | C:\Users\Admin\AppData\Local\Temp\yadl.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\SystemCertificates\CA\Certificates\D89E3BD43D5D909B47A18977AA9D5CE36CEE184C | C:\Users\Admin\AppData\Local\Temp\yadl.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\SystemCertificates\CA\Certificates\D89E3BD43D5D909B47A18977AA9D5CE36CEE184C\Blob = 030000000100000014000000d89e3bd43d5d909b47a18977aa9d5ce36cee184c1400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb040000000100000010000000285ec909c4ab0d2d57f5086b225799aa0f000000010000003000000013baa039635f1c5292a8c2f36aae7e1d25c025202e9092f5b0f53f5f752dfa9c71b3d1b8d9a6358fcee6ec75622fabf9190000000100000010000000ea6089055218053dd01e37e1d806eedf1800000001000000100000002aa1c05e2ae606f198c2c5e937c97aa22000000001000000850500003082058130820469a00302010202103972443af922b751d7d36c10dd313595300d06092a864886f70d01010c0500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3139303331323030303030305a170d3238313233313233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a381f23081ef301f0603551d23041830168014a0110a233e96f107ece2af29ef82a57fd030a4b4301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff30110603551d20040a300830060604551d200030430603551d1f043c303a3038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c303406082b0601050507010104283026302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d300d06092a864886f70d01010c05000382010100188751dc74213d9c8ae027b733d02eccecf0e6cb5e11de226f9b758e9e72fee4d6feaa1f9c962def034a7eaef48d6f723c433bc03febb8df5caaa9c6aef2fcd8eea37b43f686367c14e0cdf4f73ffedeb8b48af09196fefd43647efdccd201a17d7df81919c9422b13bf588bbaa4a266047688914e0c8914cea24dc932b3bae8141abc71f15bf0410b98000a220310e50cb1f9cd923719ed3bf1e43ab6f945132675afbbaaef3f7b773bd2c402913d1900d3175c39db3f7b180d45cd9385962f5ddf59164f3f51bdd545183fed4a8ee80661742316b50d50732744477f105d892a6b853114c4e8a96a4c80bc6a78cfb87f8e7672990c9dfed7910816a1a35f95 | C:\Users\Admin\AppData\Local\Temp\yadl.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 | C:\Users\Admin\AppData\Local\Temp\yadl.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e | C:\Users\Admin\AppData\Local\Temp\yadl.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\KLSetup.exe
"C:\Users\Admin\AppData\Local\Temp\KLSetup.exe"
C:\Users\Admin\AppData\Local\Temp\yadl.exe
"C:\Users\Admin\AppData\Local\Temp\yadl.exe" --partner 418804 --distr /quiet /msicl "YABROWSER=y YAQSEARCH=y YAHOMEPAGE=y VID=354"
C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe
"C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe" /quiet /msicl "YABROWSER=y YAQSEARCH=y YAHOMEPAGE=y VID=354"
C:\Users\Admin\AppData\Local\Temp\yadl.exe
C:\Users\Admin\AppData\Local\Temp\yadl.exe --stat dwnldr/p=418804/rid=97133c9a-cd57-4de0-88a7-22d6f2f9ae78/sbr=0-0/hrc=200-200/bd=267-10639168/gtpr=1-1-1-255-1/cdr=0-b7-b7-ff-b7/for=3-0/fole=255-0/fwle=255-0/vr=ff-800b0109/vle=ff-800b0109/hovr=ff-0/hovle=ff-0/shle=ff-0/vmajor=6/vminor=1/vbuild=7601/distr_type=landing/cnt=0/dt=2/ct=1/rt=0 --dh 1536 --st 1717227014
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding D03CA157DEF886B2D9275E2933DC294E
C:\Users\Admin\AppData\Local\Temp\2C55AD0B-2264-4B0C-83AD-FAE0F59DE6EC\lite_installer.exe
"C:\Users\Admin\AppData\Local\Temp\2C55AD0B-2264-4B0C-83AD-FAE0F59DE6EC\lite_installer.exe" --use-user-default-locale --silent --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/5/ --YABROWSER
C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe
"C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe" "--yqs=y" "--yhp=y" "--ilight=" "--oem=" "--nopin=n" "--pin_custom=n" "--pin_desktop=n" "--pin_taskbar=y" "--locale=us" "--browser=y" "--browser_default=" "--loglevel=trace" "--ess=" "--clids=C:\Users\Admin\AppData\Local\Temp\clids-yasearch.xml" "--sender=C:\Users\Admin\AppData\Local\Temp\868C1459-DF56-427D-B48F-17BD49B46861\sender.exe" "--is_elevated=yes" "--ui_level=2" "--good_token=x" "--no_opera=n"
C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe
C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe --silent --pin-taskbar=y --pin-desktop=n
C:\Users\Admin\AppData\Local\Temp\{200BB1D6-E250-455F-B27E-DA3AFD9E3266}.exe
"C:\Users\Admin\AppData\Local\Temp\{200BB1D6-E250-455F-B27E-DA3AFD9E3266}.exe" --job-name=yBrowserDownloader-{4F1D423F-3374-4FBC-82EA-76CDB78C15F9} --send-statistics --local-path=C:\Users\Admin\AppData\Local\Temp\{200BB1D6-E250-455F-B27E-DA3AFD9E3266}.exe --YABROWSER --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/5/ --silent --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe?clid=6035461-354&ui=dde88056-BBB2-4E5F-BCFD-27503CC16699 --use-user-default-locale
C:\Users\Admin\AppData\Local\Temp\868C1459-DF56-427D-B48F-17BD49B46861\sender.exe
C:\Users\Admin\AppData\Local\Temp\868C1459-DF56-427D-B48F-17BD49B46861\sender.exe --send "/status.xml?clid=6035492-354&uuid=dde88056-BBB2-4E5F-BCFD-27503CC16699&vnt=Windows 7x64&file-no=6%0A10%0A11%0A12%0A13%0A15%0A17%0A18%0A21%0A22%0A24%0A25%0A40%0A42%0A43%0A45%0A57%0A61%0A89%0A103%0A111%0A123%0A124%0A125%0A129%0A"
C:\Users\Admin\AppData\Local\Temp\ybD845.tmp
"C:\Users\Admin\AppData\Local\Temp\ybD845.tmp" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\d80641ac-7a88-4501-9aae-c4a3efba111b.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/5/ --install-start-time-no-uac=246843200 --installer-brand-id=yandex --installer-partner-id=pseudoportal-ru --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --job-name=yBrowserDownloader-{4F1D423F-3374-4FBC-82EA-76CDB78C15F9} --local-path="C:\Users\Admin\AppData\Local\Temp\{200BB1D6-E250-455F-B27E-DA3AFD9E3266}.exe" --partner-package="C:\Users\Admin\AppData\Local\Temp\PartnerFile" --progress-window=0 --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe?clid=6035461-354&ui=dde88056-BBB2-4E5F-BCFD-27503CC16699 --send-statistics --silent --source=lite --use-user-default-locale --variations-update-path="C:\Users\Admin\AppData\Local\Temp\e2f022a5-b744-41cc-a259-5ae8ac52469f.tmp" --verbose-logging --yabrowser --yandex-website-icon-file="C:\Users\Admin\AppData\Local\Temp\website.ico"
C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\BROWSER.PACKED.7Z" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\d80641ac-7a88-4501-9aae-c4a3efba111b.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/5/ --install-start-time-no-uac=246843200 --installer-brand-id=yandex --installer-partner-id=pseudoportal-ru --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --job-name=yBrowserDownloader-{4F1D423F-3374-4FBC-82EA-76CDB78C15F9} --local-path="C:\Users\Admin\AppData\Local\Temp\{200BB1D6-E250-455F-B27E-DA3AFD9E3266}.exe" --partner-package="C:\Users\Admin\AppData\Local\Temp\PartnerFile" --progress-window=0 --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe?clid=6035461-354&ui=dde88056-BBB2-4E5F-BCFD-27503CC16699 --send-statistics --silent --source=lite --use-user-default-locale --variations-update-path="C:\Users\Admin\AppData\Local\Temp\e2f022a5-b744-41cc-a259-5ae8ac52469f.tmp" --verbose-logging --yabrowser --yandex-website-icon-file="C:\Users\Admin\AppData\Local\Temp\website.ico"
C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\BROWSER.PACKED.7Z" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\d80641ac-7a88-4501-9aae-c4a3efba111b.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/5/ --install-start-time-no-uac=246843200 --installer-brand-id=yandex --installer-partner-id=pseudoportal-ru --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --job-name=yBrowserDownloader-{4F1D423F-3374-4FBC-82EA-76CDB78C15F9} --local-path="C:\Users\Admin\AppData\Local\Temp\{200BB1D6-E250-455F-B27E-DA3AFD9E3266}.exe" --partner-package="C:\Users\Admin\AppData\Local\Temp\PartnerFile" --progress-window=0 --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe?clid=6035461-354&ui=dde88056-BBB2-4E5F-BCFD-27503CC16699 --send-statistics --silent --source=lite --use-user-default-locale --variations-update-path="C:\Users\Admin\AppData\Local\Temp\e2f022a5-b744-41cc-a259-5ae8ac52469f.tmp" --verbose-logging --yabrowser --yandex-website-icon-file="C:\Users\Admin\AppData\Local\Temp\website.ico" --verbose-logging --run-as-admin --target-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application" --child-setup-process --restart-as-admin-time=277559600
C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe
C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=2dd7b5e4628752fb0b47757ed5724904 --annotation=main_process_pid=3156 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.4.4.1169 --initial-client-data=0x1b0,0x1b4,0x1b8,0x184,0x1bc,0x4fac7c,0x4fac88,0x4fac94
C:\Windows\TEMP\sdwra_3156_2016994165\service_update.exe
"C:\Windows\TEMP\sdwra_3156_2016994165\service_update.exe" --setup
C:\Program Files (x86)\Yandex\YandexBrowser\24.4.4.1169\service_update.exe
"C:\Program Files (x86)\Yandex\YandexBrowser\24.4.4.1169\service_update.exe" --install
C:\Program Files (x86)\Yandex\YandexBrowser\24.4.4.1169\service_update.exe
"C:\Program Files (x86)\Yandex\YandexBrowser\24.4.4.1169\service_update.exe" --run-as-service
C:\Program Files (x86)\Yandex\YandexBrowser\24.4.4.1169\service_update.exe
"C:\Program Files (x86)\Yandex\YandexBrowser\24.4.4.1169\service_update.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=2dd7b5e4628752fb0b47757ed5724904 --annotation=main_process_pid=6124 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.4.4.1169 --initial-client-data=0x13c,0x140,0x144,0x110,0x148,0xac2568,0xac2574,0xac2580
C:\Program Files (x86)\Yandex\YandexBrowser\24.4.4.1169\service_update.exe
"C:\Program Files (x86)\Yandex\YandexBrowser\24.4.4.1169\service_update.exe" --update-scheduler
C:\Program Files (x86)\Yandex\YandexBrowser\24.4.4.1169\service_update.exe
"C:\Program Files (x86)\Yandex\YandexBrowser\24.4.4.1169\service_update.exe" --update-background-scheduler
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Temp\clids.xml"
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\source3156_1020698385\Browser-bin\clids_yandex_second.xml"
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --progress-window=0 --install-start-time-no-uac=246843200
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id= --annotation=main_process_pid=7016 --annotation=metrics_client_id=fa191be548e1401389cbf88c69c51acd --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.4.4.1169 --initial-client-data=0xf4,0xf8,0xfc,0xc8,0x100,0x72f4886c,0x72f48878,0x72f48884
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=dde88056-BBB2-4E5F-BCFD-27503CC16699 --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --gpu-process-kind=sandboxed --mojo-platform-channel-handle=1832 --field-trial-handle=1836,i,8963088142570072020,7398346639094138508,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version /prefetch:2
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=dde88056-BBB2-4E5F-BCFD-27503CC16699 --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=disabled --gpu-process-kind=trampoline --mojo-platform-channel-handle=2292 --field-trial-handle=1836,i,8963088142570072020,7398346639094138508,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version /prefetch:2
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=dde88056-BBB2-4E5F-BCFD-27503CC16699 --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Network Service" --mojo-platform-channel-handle=2536 --field-trial-handle=1836,i,8963088142570072020,7398346639094138508,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.4.4.1169 /prefetch:3
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=ru --service-sandbox-type=service --user-id=dde88056-BBB2-4E5F-BCFD-27503CC16699 --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Storage Service" --mojo-platform-channel-handle=2564 --field-trial-handle=1836,i,8963088142570072020,7398346639094138508,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.4.4.1169 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=ru --service-sandbox-type=audio --user-id=dde88056-BBB2-4E5F-BCFD-27503CC16699 --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Audio Service" --mojo-platform-channel-handle=2664 --field-trial-handle=1836,i,8963088142570072020,7398346639094138508,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.4.4.1169 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=dde88056-BBB2-4E5F-BCFD-27503CC16699 --brand-id=yandex --partner-id=pseudoportal-ru --extension-process --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --no-appcompat-clear --enable-ignition --allow-prefetch --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2812 --field-trial-handle=1836,i,8963088142570072020,7398346639094138508,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version /prefetch:2
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=dde88056-BBB2-4E5F-BCFD-27503CC16699 --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --mojo-platform-channel-handle=3208 --field-trial-handle=1836,i,8963088142570072020,7398346639094138508,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.4.4.1169 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=dde88056-BBB2-4E5F-BCFD-27503CC16699 --brand-id=yandex --partner-id=pseudoportal-ru --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --no-appcompat-clear --enable-ignition --allow-prefetch --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3256 --field-trial-handle=1836,i,8963088142570072020,7398346639094138508,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version /prefetch:1
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=ru --service-sandbox-type=none --user-id=dde88056-BBB2-4E5F-BCFD-27503CC16699 --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Импорт профилей" --mojo-platform-channel-handle=3784 --field-trial-handle=1836,i,8963088142570072020,7398346639094138508,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.4.4.1169 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=dde88056-BBB2-4E5F-BCFD-27503CC16699 --brand-id=yandex --partner-id=pseudoportal-ru --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --no-appcompat-clear --enable-ignition --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3800 --field-trial-handle=1836,i,8963088142570072020,7398346639094138508,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version /prefetch:1
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=dde88056-BBB2-4E5F-BCFD-27503CC16699 --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --mojo-platform-channel-handle=3944 --field-trial-handle=1836,i,8963088142570072020,7398346639094138508,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.4.4.1169 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=dde88056-BBB2-4E5F-BCFD-27503CC16699 --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --gpu-process-kind=sandboxed --mojo-platform-channel-handle=3560 --field-trial-handle=1836,i,8963088142570072020,7398346639094138508,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version /prefetch:2
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=dde88056-BBB2-4E5F-BCFD-27503CC16699 --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --mojo-platform-channel-handle=1960 --field-trial-handle=1836,i,8963088142570072020,7398346639094138508,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.4.4.1169 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=dde88056-BBB2-4E5F-BCFD-27503CC16699 --brand-id=yandex --partner-id=pseudoportal-ru --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --ya-custo-process --enable-instaserp --no-appcompat-clear --enable-ignition --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4140 --field-trial-handle=1836,i,8963088142570072020,7398346639094138508,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version /prefetch:1
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=dde88056-BBB2-4E5F-BCFD-27503CC16699 --brand-id=yandex --partner-id=pseudoportal-ru --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --ya-custo-process --enable-instaserp --no-appcompat-clear --enable-ignition --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4528 --field-trial-handle=1836,i,8963088142570072020,7398346639094138508,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version /prefetch:1
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=dde88056-BBB2-4E5F-BCFD-27503CC16699 --brand-id=yandex --partner-id=pseudoportal-ru --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --no-appcompat-clear --enable-ignition --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5136 --field-trial-handle=1836,i,8963088142570072020,7398346639094138508,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version /prefetch:1
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=deep_links_provider.mojom.DeepLinksProvider --lang=ru --service-sandbox-type=none --user-id=dde88056-BBB2-4E5F-BCFD-27503CC16699 --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="DeepLinks service" --mojo-platform-channel-handle=5360 --field-trial-handle=1836,i,8963088142570072020,7398346639094138508,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.4.4.1169 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=service --user-id=dde88056-BBB2-4E5F-BCFD-27503CC16699 --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Распаковщик файлов" --mojo-platform-channel-handle=5416 --field-trial-handle=1836,i,8963088142570072020,7398346639094138508,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.4.4.1169 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=dde88056-BBB2-4E5F-BCFD-27503CC16699 --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --mojo-platform-channel-handle=5480 --field-trial-handle=1836,i,8963088142570072020,7398346639094138508,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.4.4.1169 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=dde88056-BBB2-4E5F-BCFD-27503CC16699 --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --mojo-platform-channel-handle=5456 --field-trial-handle=1836,i,8963088142570072020,7398346639094138508,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.4.4.1169 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=dde88056-BBB2-4E5F-BCFD-27503CC16699 --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --mojo-platform-channel-handle=5572 --field-trial-handle=1836,i,8963088142570072020,7398346639094138508,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.4.4.1169 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=dde88056-BBB2-4E5F-BCFD-27503CC16699 --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --mojo-platform-channel-handle=5596 --field-trial-handle=1836,i,8963088142570072020,7398346639094138508,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.4.4.1169 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=dde88056-BBB2-4E5F-BCFD-27503CC16699 --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --mojo-platform-channel-handle=5476 --field-trial-handle=1836,i,8963088142570072020,7398346639094138508,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.4.4.1169 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=dde88056-BBB2-4E5F-BCFD-27503CC16699 --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --mojo-platform-channel-handle=5404 --field-trial-handle=1836,i,8963088142570072020,7398346639094138508,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.4.4.1169 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=dde88056-BBB2-4E5F-BCFD-27503CC16699 --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --mojo-platform-channel-handle=5860 --field-trial-handle=1836,i,8963088142570072020,7398346639094138508,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.4.4.1169 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=dde88056-BBB2-4E5F-BCFD-27503CC16699 --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --mojo-platform-channel-handle=5984 --field-trial-handle=1836,i,8963088142570072020,7398346639094138508,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.4.4.1169 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=dde88056-BBB2-4E5F-BCFD-27503CC16699 --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --mojo-platform-channel-handle=6108 --field-trial-handle=1836,i,8963088142570072020,7398346639094138508,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.4.4.1169 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=dde88056-BBB2-4E5F-BCFD-27503CC16699 --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --mojo-platform-channel-handle=6232 --field-trial-handle=1836,i,8963088142570072020,7398346639094138508,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.4.4.1169 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=dde88056-BBB2-4E5F-BCFD-27503CC16699 --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --mojo-platform-channel-handle=6364 --field-trial-handle=1836,i,8963088142570072020,7398346639094138508,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.4.4.1169 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=dde88056-BBB2-4E5F-BCFD-27503CC16699 --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --mojo-platform-channel-handle=6484 --field-trial-handle=1836,i,8963088142570072020,7398346639094138508,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.4.4.1169 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=service --user-id=dde88056-BBB2-4E5F-BCFD-27503CC16699 --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Распаковщик файлов" --mojo-platform-channel-handle=5352 --field-trial-handle=1836,i,8963088142570072020,7398346639094138508,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.4.4.1169 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --broupdater --broupdater-origin=auto --bits_job_guid={446EF5C2-EBAA-41AD-88E2-9AAE729651AC}
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" --url=https://crash-reports.browser.yandex.net/submit --annotation=install_date=1717227067 --annotation=last_update_date=1717227067 --annotation=launches_after_update=1 --annotation=machine_id=2dd7b5e4628752fb0b47757ed5724904 --annotation=main_process_pid=3588 --annotation=metrics_client_id=fa191be548e1401389cbf88c69c51acd --annotation=micromode=broupdater --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.4.4.1169 --initial-client-data=0xf8,0xfc,0x100,0xcc,0x104,0x72f4886c,0x72f48878,0x72f48884
C:\Users\Admin\AppData\Roaming\.minecraft\KLauncher.exe
"C:\Users\Admin\AppData\Roaming\.minecraft\KLauncher.exe"
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe
"C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe" -version
C:\Windows\system32\icacls.exe
C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe
"C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe" -XX:+UseG1GC -Dfile.encoding=UTF-8 -jar "C:\Users\Admin\AppData\Roaming\.minecraft\KLauncher.exe"
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=dde88056-BBB2-4E5F-BCFD-27503CC16699 --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --gpu-process-kind=sandboxed --mojo-platform-channel-handle=1772 --field-trial-handle=1776,i,14135693501805347770,12932503944821524031,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version /prefetch:2
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=dde88056-BBB2-4E5F-BCFD-27503CC16699 --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Network Service" --mojo-platform-channel-handle=1964 --field-trial-handle=1776,i,14135693501805347770,12932503944821524031,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.4.4.1169 /prefetch:3
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --broupdater-stat-bits --broupdater-stat-name=install --bits_job_guid={F40123CC-9486-40A3-A06F-3BAB96ECF5A2}
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" --url=https://crash-reports.browser.yandex.net/submit --annotation=install_date=1717227067 --annotation=last_update_date=1717227067 --annotation=launches_after_update=2 --annotation=machine_id=2dd7b5e4628752fb0b47757ed5724904 --annotation=main_process_pid=5164 --annotation=metrics_client_id=fa191be548e1401389cbf88c69c51acd --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.4.4.1169 --initial-client-data=0xf8,0xfc,0x100,0xcc,0x104,0x72f4886c,0x72f48878,0x72f48884
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=dde88056-BBB2-4E5F-BCFD-27503CC16699 --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --gpu-process-kind=sandboxed --mojo-platform-channel-handle=1720 --field-trial-handle=1724,i,7162581521781122373,16255202531709998224,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version /prefetch:2
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=dde88056-BBB2-4E5F-BCFD-27503CC16699 --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Network Service" --mojo-platform-channel-handle=1976 --field-trial-handle=1724,i,7162581521781122373,16255202531709998224,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.4.4.1169 /prefetch:3
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\java.exe
java.exe -version
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=deep_links_provider.mojom.DeepLinksProvider --lang=ru --service-sandbox-type=none --user-id=dde88056-BBB2-4E5F-BCFD-27503CC16699 --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="DeepLinks service" --mojo-platform-channel-handle=2876 --field-trial-handle=1836,i,8963088142570072020,7398346639094138508,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.4.4.1169 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=ru --service-sandbox-type=none --user-id=dde88056-BBB2-4E5F-BCFD-27503CC16699 --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Утилиты Windows" --mojo-platform-channel-handle=5332 --field-trial-handle=1836,i,8963088142570072020,7398346639094138508,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.4.4.1169 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=ru --service-sandbox-type=none --user-id=dde88056-BBB2-4E5F-BCFD-27503CC16699 --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Утилиты Windows" --mojo-platform-channel-handle=5388 --field-trial-handle=1836,i,8963088142570072020,7398346639094138508,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.4.4.1169 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --broupdater-stat-bits --broupdater-stat-name=dayuse --bits_job_guid={44494FBA-68A7-4391-A46B-508045C6F09B}
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" --url=https://crash-reports.browser.yandex.net/submit --annotation=install_date=1717227067 --annotation=last_update_date=1717227067 --annotation=launches_after_update=2 --annotation=machine_id=2dd7b5e4628752fb0b47757ed5724904 --annotation=main_process_pid=924 --annotation=metrics_client_id=fa191be548e1401389cbf88c69c51acd --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.4.4.1169 --initial-client-data=0xf8,0xfc,0x100,0xcc,0x104,0x72f4886c,0x72f48878,0x72f48884
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=dde88056-BBB2-4E5F-BCFD-27503CC16699 --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --gpu-process-kind=sandboxed --mojo-platform-channel-handle=1648 --field-trial-handle=1652,i,9731873329995197518,4643656943035995624,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version /prefetch:2
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=dde88056-BBB2-4E5F-BCFD-27503CC16699 --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Network Service" --mojo-platform-channel-handle=1888 --field-trial-handle=1652,i,9731873329995197518,4643656943035995624,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.4.4.1169 /prefetch:3
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.klaun.ch | udp |
| US | 104.26.10.58:80 | api.klaun.ch | tcp |
| US | 8.8.8.8:53 | download.yandex.ru | udp |
| RU | 5.45.205.241:80 | download.yandex.ru | tcp |
| US | 8.8.8.8:53 | cachev2-kiv03.cdn.yandex.net | udp |
| RU | 5.45.192.185:80 | cachev2-kiv03.cdn.yandex.net | tcp |
| RU | 5.45.205.241:80 | download.yandex.ru | tcp |
| US | 8.8.8.8:53 | cachev2-ams01.cdn.yandex.net | udp |
| NL | 5.45.247.51:80 | cachev2-ams01.cdn.yandex.net | tcp |
| US | 8.8.8.8:53 | downloader.yandex.net | udp |
| RU | 5.45.205.243:80 | downloader.yandex.net | tcp |
| US | 8.8.8.8:53 | clck.yandex.ru | udp |
| RU | 87.250.250.14:80 | clck.yandex.ru | tcp |
| RU | 5.45.205.243:80 | downloader.yandex.net | tcp |
| RU | 5.45.192.185:80 | cachev2-kiv03.cdn.yandex.net | tcp |
| US | 8.8.8.8:53 | repos.klaun.ch | udp |
| US | 104.26.11.58:80 | repos.klaun.ch | tcp |
| RU | 87.250.250.14:80 | clck.yandex.ru | tcp |
| RU | 87.250.250.14:80 | clck.yandex.ru | tcp |
| US | 8.8.8.8:53 | api.browser.yandex.net | udp |
| US | 8.8.8.8:53 | download.cdn.yandex.net | udp |
| US | 8.8.8.8:53 | api.browser.yandex.ru | udp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| RU | 5.45.205.244:443 | download.cdn.yandex.net | tcp |
| RU | 77.88.21.14:80 | clck.yandex.ru | tcp |
| US | 8.8.8.8:53 | soft.export.yandex.ru | udp |
| RU | 87.250.254.20:80 | soft.export.yandex.ru | tcp |
| US | 8.8.8.8:53 | cachev2-ams02.cdn.yandex.net | udp |
| NL | 5.45.247.52:443 | cachev2-ams02.cdn.yandex.net | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| RU | 5.45.205.244:443 | download.cdn.yandex.net | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| US | 8.8.8.8:53 | storage.ape.yandex.net | udp |
| RU | 87.250.251.66:443 | storage.ape.yandex.net | tcp |
| US | 8.8.8.8:53 | api.browser.yandex.ru | udp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| US | 8.8.8.8:53 | update.googleapis.com | udp |
| US | 8.8.8.8:53 | update.googleapis.com | udp |
| GB | 142.250.187.195:443 | update.googleapis.com | tcp |
| US | 8.8.8.8:53 | sovetnik.market.yandex.ru | udp |
| US | 8.8.8.8:53 | sovetnik.market.yandex.ru | udp |
| US | 8.8.8.8:53 | browser.yandex.ru | udp |
| US | 8.8.8.8:53 | browser.yandex.ru | udp |
| RU | 87.250.250.41:443 | sovetnik.market.yandex.ru | tcp |
| RU | 93.158.134.121:443 | browser.yandex.ru | tcp |
| US | 8.8.8.8:53 | dl.klaun.ch | udp |
| US | 104.26.11.58:80 | dl.klaun.ch | tcp |
| US | 8.8.8.8:53 | sba.yandex.net | udp |
| US | 8.8.8.8:53 | sba.yandex.net | udp |
| RU | 213.180.204.232:443 | sba.yandex.net | tcp |
| US | 8.8.8.8:53 | api.browser.yandex.net | udp |
| US | 8.8.8.8:53 | api.browser.yandex.net | udp |
| RU | 213.180.193.234:443 | api.browser.yandex.net | tcp |
| US | 8.8.8.8:53 | storage.ape.yandex.net | udp |
| US | 8.8.8.8:53 | storage.ape.yandex.net | udp |
| RU | 87.250.251.66:443 | storage.ape.yandex.net | tcp |
| US | 8.8.8.8:53 | api.browser.yandex.ru | udp |
| US | 8.8.8.8:53 | api.browser.yandex.ru | udp |
| RU | 213.180.204.232:443 | sba.yandex.net | tcp |
| US | 8.8.8.8:53 | browser-resources.s3.yandex.net | udp |
| US | 8.8.8.8:53 | browser-resources.s3.yandex.net | udp |
| RU | 93.158.134.158:443 | browser-resources.s3.yandex.net | tcp |
| US | 8.8.8.8:53 | cdnrepfu6rku5qba3zpu.svc.cdn.yandex.net | udp |
| US | 8.8.8.8:53 | cdnrepfu6rku5qba3zpu.svc.cdn.yandex.net | udp |
| RU | 37.9.64.225:443 | cdnrepfu6rku5qba3zpu.svc.cdn.yandex.net | tcp |
| US | 8.8.8.8:53 | browser-resources.s3.yandex.net | udp |
| US | 8.8.8.8:53 | browser-resources.s3.yandex.net | udp |
| US | 8.8.8.8:53 | yastatic.net | udp |
| US | 8.8.8.8:53 | yastatic.net | udp |
| RU | 93.158.134.121:443 | browser.yandex.ru | tcp |
| RU | 93.158.134.158:443 | browser-resources.s3.yandex.net | tcp |
| RU | 93.158.134.158:443 | browser-resources.s3.yandex.net | tcp |
| RU | 93.158.134.158:443 | browser-resources.s3.yandex.net | tcp |
| RU | 178.154.131.215:443 | yastatic.net | tcp |
| RU | 178.154.131.215:443 | yastatic.net | tcp |
| RU | 178.154.131.215:443 | yastatic.net | tcp |
| RU | 178.154.131.215:443 | yastatic.net | tcp |
| RU | 178.154.131.215:443 | yastatic.net | tcp |
| RU | 178.154.131.215:443 | yastatic.net | tcp |
| RU | 178.154.131.215:443 | yastatic.net | tcp |
| RU | 178.154.131.215:443 | yastatic.net | tcp |
| RU | 178.154.131.215:443 | yastatic.net | tcp |
| RU | 178.154.131.215:443 | yastatic.net | tcp |
| RU | 178.154.131.215:443 | yastatic.net | tcp |
| RU | 178.154.131.215:443 | yastatic.net | tcp |
| US | 8.8.8.8:53 | uid.yandex.ru | udp |
| US | 8.8.8.8:53 | uid.yandex.ru | udp |
| US | 8.8.8.8:53 | api.browser.yandex.ru | udp |
| US | 8.8.8.8:53 | api.browser.yandex.ru | udp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| RU | 87.250.254.216:443 | uid.yandex.ru | tcp |
| US | 8.8.8.8:53 | sso.passport.yandex.ru | udp |
| US | 8.8.8.8:53 | sso.passport.yandex.ru | udp |
| RU | 93.158.134.144:443 | sso.passport.yandex.ru | tcp |
| RU | 93.158.134.144:443 | sso.passport.yandex.ru | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| US | 8.8.8.8:53 | webntp.yandex.ru | udp |
| US | 8.8.8.8:53 | webntp.yandex.ru | udp |
| US | 8.8.8.8:53 | yandex.ru | udp |
| US | 8.8.8.8:53 | yandex.ru | udp |
| RU | 77.88.44.55:443 | yandex.ru | tcp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| RU | 93.158.134.144:443 | sso.passport.yandex.ru | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| RU | 77.88.44.55:443 | yandex.ru | tcp |
| RU | 77.88.21.119:443 | mc.yandex.ru | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| US | 8.8.8.8:53 | sso.ya.ru | udp |
| US | 8.8.8.8:53 | sso.ya.ru | udp |
| RU | 93.158.134.144:443 | sso.ya.ru | tcp |
| US | 8.8.8.8:53 | sso.dzen.ru | udp |
| US | 8.8.8.8:53 | sso.dzen.ru | udp |
| RU | 62.217.160.14:443 | sso.dzen.ru | tcp |
| US | 8.8.8.8:53 | yastatic.net | udp |
| US | 8.8.8.8:53 | yastatic.net | udp |
| RU | 93.158.134.144:443 | sso.ya.ru | tcp |
| US | 8.8.8.8:53 | webntp.yandex.ru | udp |
| US | 8.8.8.8:53 | webntp.yandex.ru | udp |
| US | 8.8.8.8:53 | mc.yandex.com | udp |
| US | 8.8.8.8:53 | mc.yandex.com | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | yastatic.net | udp |
| US | 8.8.8.8:53 | yastatic.net | udp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:53 | webntp.yandex.ru | udp |
| US | 8.8.8.8:443 | dns.google | udp |
| RU | 213.180.204.196:443 | webntp.yandex.ru | tcp |
| RU | 213.180.204.158:443 | tcp | |
| RU | 213.180.204.158:443 | tcp | |
| RU | 213.180.204.158:443 | tcp | |
| RU | 213.180.204.158:443 | tcp | |
| RU | 213.180.204.158:443 | tcp | |
| RU | 213.180.204.158:443 | tcp | |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| RU | 77.88.55.242:443 | tcp | |
| RU | 213.180.204.158:443 | tcp | |
| RU | 77.88.21.37:443 | tcp | |
| RU | 5.255.255.77:443 | yandex.ru | tcp |
| RU | 87.250.254.20:443 | soft.export.yandex.ru | tcp |
| RU | 5.255.255.77:443 | yandex.ru | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| US | 8.8.8.8:53 | api.klaun.ch | udp |
| US | 104.26.10.58:80 | api.klaun.ch | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| US | 104.26.10.58:80 | api.klaun.ch | tcp |
| US | 104.26.10.58:80 | api.klaun.ch | tcp |
| US | 104.26.10.58:80 | api.klaun.ch | tcp |
| US | 8.8.8.8:53 | repos.klaun.ch | udp |
| US | 104.26.11.58:443 | repos.klaun.ch | tcp |
| US | 104.26.11.58:443 | repos.klaun.ch | tcp |
| US | 104.26.11.58:443 | repos.klaun.ch | tcp |
| US | 104.26.11.58:443 | repos.klaun.ch | tcp |
| US | 104.26.11.58:443 | repos.klaun.ch | tcp |
| US | 104.26.11.58:443 | repos.klaun.ch | tcp |
| US | 104.26.11.58:443 | repos.klaun.ch | tcp |
| US | 104.26.11.58:443 | repos.klaun.ch | tcp |
| US | 104.26.11.58:443 | repos.klaun.ch | tcp |
| US | 104.26.11.58:443 | repos.klaun.ch | tcp |
| US | 104.26.11.58:443 | repos.klaun.ch | tcp |
| US | 104.26.11.58:443 | repos.klaun.ch | tcp |
| US | 104.26.11.58:443 | repos.klaun.ch | tcp |
| US | 104.26.11.58:443 | repos.klaun.ch | tcp |
| US | 104.26.11.58:443 | repos.klaun.ch | tcp |
| US | 104.26.11.58:443 | repos.klaun.ch | tcp |
| US | 104.26.11.58:443 | repos.klaun.ch | tcp |
| US | 104.26.11.58:443 | repos.klaun.ch | tcp |
| US | 104.26.11.58:443 | repos.klaun.ch | tcp |
| US | 104.26.11.58:443 | repos.klaun.ch | tcp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| US | 104.26.10.58:80 | repos.klaun.ch | tcp |
| US | 104.26.11.58:80 | repos.klaun.ch | tcp |
| RU | 5.255.255.77:443 | yandex.ru | tcp |
| US | 104.26.10.58:80 | repos.klaun.ch | tcp |
| US | 8.8.8.8:53 | cf.klaun.ch | udp |
| US | 172.67.69.202:443 | cf.klaun.ch | tcp |
| US | 172.67.69.202:443 | cf.klaun.ch | tcp |
| US | 172.67.69.202:443 | cf.klaun.ch | tcp |
| US | 172.67.69.202:443 | cf.klaun.ch | tcp |
| US | 172.67.69.202:443 | cf.klaun.ch | tcp |
| US | 172.67.69.202:443 | cf.klaun.ch | tcp |
| US | 172.67.69.202:443 | cf.klaun.ch | tcp |
| US | 172.67.69.202:443 | cf.klaun.ch | tcp |
| US | 172.67.69.202:443 | cf.klaun.ch | tcp |
| US | 172.67.69.202:443 | cf.klaun.ch | tcp |
| US | 172.67.69.202:443 | cf.klaun.ch | tcp |
| US | 172.67.69.202:443 | cf.klaun.ch | tcp |
| US | 172.67.69.202:443 | cf.klaun.ch | tcp |
| US | 172.67.69.202:443 | cf.klaun.ch | tcp |
| US | 172.67.69.202:443 | cf.klaun.ch | tcp |
| US | 172.67.69.202:443 | cf.klaun.ch | tcp |
| US | 172.67.69.202:443 | cf.klaun.ch | tcp |
| US | 172.67.69.202:443 | cf.klaun.ch | tcp |
| US | 172.67.69.202:443 | cf.klaun.ch | tcp |
| US | 172.67.69.202:443 | cf.klaun.ch | tcp |
| US | 172.67.69.202:443 | cf.klaun.ch | tcp |
| US | 172.67.69.202:443 | cf.klaun.ch | tcp |
| US | 172.67.69.202:443 | cf.klaun.ch | tcp |
| US | 172.67.69.202:443 | cf.klaun.ch | tcp |
| US | 172.67.69.202:443 | cf.klaun.ch | tcp |
| US | 172.67.69.202:443 | cf.klaun.ch | tcp |
| US | 172.67.69.202:443 | cf.klaun.ch | tcp |
| US | 172.67.69.202:443 | cf.klaun.ch | tcp |
| US | 172.67.69.202:443 | cf.klaun.ch | tcp |
| US | 172.67.69.202:443 | cf.klaun.ch | tcp |
| US | 172.67.69.202:443 | cf.klaun.ch | tcp |
| US | 172.67.69.202:443 | cf.klaun.ch | tcp |
| US | 172.67.69.202:443 | cf.klaun.ch | tcp |
| US | 172.67.69.202:443 | cf.klaun.ch | tcp |
| US | 172.67.69.202:443 | cf.klaun.ch | tcp |
| US | 172.67.69.202:443 | cf.klaun.ch | tcp |
| US | 172.67.69.202:443 | cf.klaun.ch | tcp |
| US | 172.67.69.202:443 | cf.klaun.ch | tcp |
| US | 172.67.69.202:443 | cf.klaun.ch | tcp |
| US | 172.67.69.202:443 | cf.klaun.ch | tcp |
| US | 172.67.69.202:443 | cf.klaun.ch | tcp |
| US | 172.67.69.202:443 | cf.klaun.ch | tcp |
| US | 172.67.69.202:443 | cf.klaun.ch | tcp |
| US | 172.67.69.202:443 | cf.klaun.ch | tcp |
| US | 104.26.10.58:80 | cf.klaun.ch | tcp |
| US | 8.8.8.8:53 | fabric.klaun.ch | udp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| RU | 93.158.134.121:443 | browser.yandex.ru | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.10.58:80 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 8.8.8.8:53 | quilt.klaun.ch | udp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.10.58:80 | quilt.klaun.ch | tcp |
| US | 104.26.10.58:80 | quilt.klaun.ch | tcp |
| US | 8.8.8.8:53 | api.mojang.com | udp |
| US | 13.107.246.64:443 | api.mojang.com | tcp |
| US | 13.107.246.64:443 | api.mojang.com | tcp |
| US | 13.107.246.64:443 | api.mojang.com | tcp |
| US | 13.107.246.64:443 | api.mojang.com | tcp |
| US | 8.8.8.8:53 | sessionserver.mojang.com | udp |
| US | 13.107.246.64:443 | sessionserver.mojang.com | tcp |
Files
memory/1648-0-0x0000000000100000-0x0000000000101000-memory.dmp
memory/1648-1-0x0000000000BB0000-0x00000000013F5000-memory.dmp
memory/1648-2-0x0000000000BB0000-0x00000000013F5000-memory.dmp
memory/1648-3-0x0000000000100000-0x0000000000101000-memory.dmp
memory/1648-4-0x0000000000BB0000-0x00000000013F5000-memory.dmp
\Users\Admin\AppData\Local\Temp\yadl.exe
| MD5 | aadf4352d33ff9095ca64c25389eb82b |
| SHA1 | 0b1f088ce1c6b341d85cd0bea4c26036da89b26d |
| SHA256 | 3ada90b21b96154a200878c39da717c397743b07b74e9ae84b591eaf87a29b69 |
| SHA512 | 16ec302bbca191df3e9cf49db109757cd621253b9b1a18a0d9e91566d34c4daf28d3ab99bf925fb56821321a8d3bf49e353bcad04480fce131931a4135fb1d1d |
C:\Users\Admin\AppData\Local\Temp\CabB07D.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\TarB08F.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarB1CD.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe
| MD5 | 3fb846d3691f3d98a34e669e1b9b5bf6 |
| SHA1 | 4c90c2912aae3b8da4c44a4faa0b8df20525285f |
| SHA256 | ead7a779cabae642d09be07283cc99e53c84ecf90349444e0d0ac4bf9901fe47 |
| SHA512 | e904ecfa7b1c9ba066272bf91b8341bf3877310613370defabee7db58ea825c52582353e97f9398d706d3f3890b3701a1c05fe202e8a87499fb9600f87176b3e |
memory/1648-217-0x0000000000BB0000-0x00000000013F5000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\YandexSearch00000.log
| MD5 | 8ff2bdf0bfaa8a260465b359cc79240e |
| SHA1 | 039e1173318bb0ce37d361d7262bd8526a7dcaf7 |
| SHA256 | fb548bd246e6a5c97ce1d9ba99ab561809198cc21cdfcecf23b5e945cc3a0689 |
| SHA512 | dc9669a0c147667e3a25eb2fdf0f630808307f97443156c638894861496e5e47112596c12c02f48f07884489ccbc6a989a72124493e4f48278a9d5d74574f3b9 |
C:\Users\Admin\AppData\Local\Temp\{5B964E0E-B9A3-4276-9ED9-4D5A5720747A}\YandexSearch.msi
| MD5 | 561f202d40eb1a21aa947b2b833f6928 |
| SHA1 | b48e2f49a416847aa9420ed4b360841e8c28f67b |
| SHA256 | b2fda5fb2d8e65fc0448d308647d8afd1e4ecd7bff0103ec3700e0798a7db0a3 |
| SHA512 | 66d172f336ef0b4790e2141711f205682a0ba6ced8d03f26e33b54f6ea1e29be10d387e843df26d1110559888b09a3cdf9198ea40f17ca9d2ac1872c1da82063 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 63f768703be5e3c988ffa3ff7add9fe4 |
| SHA1 | df00f0918c88e4bb482583fa169e16127b5693e7 |
| SHA256 | 8710e70ae5b4a77a2f1072bf1217935d23a5087ff9ca4b6c54276ef3c765b96e |
| SHA512 | 8a7a98674fe12deb0e89229135d095b87ecc01acf586459cdcebf68aa4e403f9d112a7bccc7ea7ce30c22d4f9c1d56f2d88c5b81e19180d3afe8ed486b0a2b23 |
C:\Windows\Installer\MSIBD91.tmp
| MD5 | 0c80a997d37d930e7317d6dac8bb7ae1 |
| SHA1 | 018f13dfa43e103801a69a20b1fab0d609ace8a5 |
| SHA256 | a5dd2f97c6787c335b7807ff9b6966877e9dd811f9e26326837a7d2bd224de86 |
| SHA512 | fe1caef6d727344c60df52380a6e4ab90ae1a8eb5f96d6054eced1b7734357ce080d944fa518cf1366e14c4c0bd9a41db679738a860800430034a75bb90e51a5 |
C:\Windows\Installer\MSIBDFF.tmp
| MD5 | e6fd0e66cf3bfd3cc04a05647c3c7c54 |
| SHA1 | 6a1b7f1a45fb578de6492af7e2fede15c866739f |
| SHA256 | 669cc0aae068ced3154acaecb0c692c4c5e61bc2ca95b40395a3399e75fcb9b2 |
| SHA512 | fc8613f31acaf6155852d3ad6130fc3b76674b463dcdcfcd08a3b367dfd9e5b991e3f0a26994bcaf42f9e863a46a81e2520e77b1d99f703bcb08800bdca4efcb |
C:\Users\Admin\AppData\Local\Temp\vendor00000.xml
| MD5 | a96e6071a17b74bbd309bf696496b8f7 |
| SHA1 | 63c1ecf860504d390b6f3a32982ddd8946b042c5 |
| SHA256 | 1a855972dc308e47d30d567e1b37fdad349bf555b971bc14ead76e17a8accccc |
| SHA512 | 2c906e2f11d62d1336be482cc5ff784bf372cc7afb3263754e7810a1ae27e253aa9e22463456b62a25049d33ba1e69f129ed7e0a0273fe928dcaa216b7876449 |
\Users\Admin\AppData\Local\Temp\2C55AD0B-2264-4B0C-83AD-FAE0F59DE6EC\lite_installer.exe
| MD5 | aafdfaa7a989ddb216510fc9ae5b877f |
| SHA1 | 41cf94692968a7d511b6051b7fe2b15c784770cb |
| SHA256 | 688d0b782437ccfae2944281ade651a2da063f222e80b3510789dbdce8b00fdc |
| SHA512 | 6e2b76ff6df79c6de6887cf739848d05c894fbd70dc9371fff95e6ccd9938d695c46516cb18ec8edd01e78cad1a6029a3d633895f7ddba4db4bf9cd39271bd44 |
C:\Users\Admin\AppData\Roaming\Yandex\clids-yabrowser.xml
| MD5 | 27a0d63958d264b1d1b307cbcae32d1e |
| SHA1 | 134e6abcb95aa2aeddce10db6325d47d5c2944eb |
| SHA256 | e0148740e2dc882bc85880bdb6c626e4fb6555daf471bf34b4a4689c0634abc7 |
| SHA512 | 33fb4c7c53efc8b6d77baac7fbb7a9848949029de8662ee9e663febc92fd426babc7c2200bf2890e70aa932df5bb883d409fe3ed50a41e3436dfcabe7a1bd229 |
\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe
| MD5 | 225ba20fa3edd13c9c72f600ff90e6cb |
| SHA1 | 5f1a9baa85c2afe29619e7cc848036d9174701e4 |
| SHA256 | 35585d12899435e13e186490fcf1d270adbe3c74a1e0578b3d9314858bf2d797 |
| SHA512 | 97e699cffe28d3c3611570d341ccbc1a0f0eec233c377c70e0e20d4ed3b956b6fe200a007f7e601a5724e733c97eaddc39d308b9af58d45f7598f10038d94ab3 |
C:\Users\Admin\AppData\Local\Temp\clids-yasearch.xml
| MD5 | 42f904227d6a52fb123a1cbae34f3373 |
| SHA1 | c0f5cfee6915bf65601aed5c662e1696f2b45fa0 |
| SHA256 | c25e6de10909a6c4a45a4e1e93d0eff1b3604cc515cc6ef2ae6b083ffe41a200 |
| SHA512 | b4c8dc57811b0c3d03f00a088bc16ed6eb02ed07db2a99681fd550b8a79e108b82053a3e4d9e12789b429a501bb06e8a684314322605eadcee7b9c633c13a669 |
C:\Users\Admin\AppData\Roaming\Yandex\ui
| MD5 | ad8bef38aa24922d5045a317939b7005 |
| SHA1 | f57fb75e7ed37554e3ebd65d74713aff4aab5d95 |
| SHA256 | 935b0041b16d8b0e724db74e6f28170ebbb457d7d1a3ce75952dda19cf93fc69 |
| SHA512 | 3d9faae6e00aa3424057d83b35abc25d3ed128725797c71dc5a1da7349bb1defc1fcc3d69ede0c00f3c3b6b5a65e8e4c36c3fb2aa1dba6271c5288d79e3d0e72 |
C:\Config.Msi\f76bb96.rbs
| MD5 | 0f74b03901cee0c79b2152beed30b5ca |
| SHA1 | 83c7b54c96491e8b4ae9affd5e4b7030f6fd69fd |
| SHA256 | 46a7056308dfaf22cc58827796f87af8b22c15f1811e85e2997e14c9a94b7854 |
| SHA512 | 5ffea3d0e0195704c42e3f74f3b86a6be5f3a6d33256bbe7225bdd36f90632008a31fc0b3d31f0778c4a49a14035d404cc002d8f2b897579dbdf550dac2ae511 |
C:\Users\Admin\AppData\Local\Temp\OMNIJA~1.ZIP
| MD5 | da3287f6ed53dd2ecece8c29bc1a20c4 |
| SHA1 | b13113cde779676d1959e483586fcd9d2d3d66e0 |
| SHA256 | fa6337cef2829e185bb76c5911d745d9175a490ebf0e9a90439b386ec6da4c3a |
| SHA512 | 2c802a45e8fed8659e7c83b5bec3e535a5bcece7188863c22fb2e8eeb13ef11273095aebf0d4bce762d314b2e56aec75e2f51ae4bf1117458cb6848e0567044e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2031336fed3d7ec3e98d77111daddb34 |
| SHA1 | eb7de62e885b56a40aba0d282fc7c545abfb5eea |
| SHA256 | 78d586bea1de5db1218d128e24b53debcba81b1256a33ee4f1935ba732f200a6 |
| SHA512 | 940d8aab0eacc10a840e8ddd6a400c9d90ca3d86f25a785967e170c993c06be97a064b5c22e47860313c96a95b3f136145c7909d6a9d23ec47393e3d5d25a3ab |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ty9peokp.Admin\places.sqlite-20240601073021.377200.backup
| MD5 | 314cb7ffb31e3cc676847e03108378ba |
| SHA1 | 3667d2ade77624e79d9efa08a2f1d33104ac6343 |
| SHA256 | b6d278384a3684409a2a86f03e4f52869818ce7dd8b5779876960353f7d35dc1 |
| SHA512 | dc795fa35ea214843a781ee2b2ef551b91b6841a799bef2c6fb1907d90f6c114071a951ebb7b2b30e81d52b594d447a26ab12ddb57c331e854577d11e5febef5 |
C:\Users\Admin\AppData\Local\Temp\{200BB1D6-E250-455F-B27E-DA3AFD9E3266}.exe
| MD5 | d454cfd8343eed174988c952e9828f4d |
| SHA1 | dea2383c9dc9071ac88052a5cda7ee4ea7c9377c |
| SHA256 | 87719630422cf17f1c538afe530bd87b253be6086a620035f53144e024e464fd |
| SHA512 | cc1dddfb37b4e0f6a2bf62b60c32494ee73c781c99cdcbaac03278f8d1f1bd9d474c134b393b499c588669311b390515a375a2d4da29970632cf8280b00833b2 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ty9peokp.default-release\thumbnails\335664b1d0edc2f6d44e873adf49d764
| MD5 | af80a936c10e18de168538a0722d6319 |
| SHA1 | 9b1c84a1cf7330a698c89b9d7f33b17b4ba35536 |
| SHA256 | 2435c0376fca765b21d43e897f4baa52daa0958a7015d04103488c606c99d1d3 |
| SHA512 | 9a1325c8ce05806e5c161a4cf47239f62baad8f79650fbd713e74928fce8171ced10ba7f24fac46c548e1dbf3f64106270cb25ca88c836c870107f5dc1f97879 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ty9peokp.default-release\thumbnails\9916d5e26889d457708470cd3822b449
| MD5 | e05d28ab78d61968a7132eafe61f54b4 |
| SHA1 | dcf260ab7cdea7b6fc934e54765c964c1a20bd36 |
| SHA256 | cbd302b0ea2218f495b9f0a814f34733f2c5f13a6634d74c6e85a5c0863b5621 |
| SHA512 | ebea612bf803692fa3c7b2573c58f2e43fba0f7039e01b57203978cf69b6f8ca538b563791a760a7e901bb5e392879bd57bdbdb69b6a3781a3886fc0c01eddc0 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Services\www.ya.ru.ico
| MD5 | a6f6261de61d910e0b828040414cee02 |
| SHA1 | d9df5043d0405b3f5ddaacb74db36623dd3969dc |
| SHA256 | 6bb91f1d74389b18bce6e71772e4c5573648c1a4823338193f700afdf8216be5 |
| SHA512 | 20cb7b646c160c942e379c6e7a1a8981a09f520361c0205052c1d66e2fdb76333ffaaf0ca1dfc779754f0e844b9946900fbd5690d01869e1607abc1fda6dffab |
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Bookmarks-20240601073022.703200.backup
| MD5 | 3adec702d4472e3252ca8b58af62247c |
| SHA1 | 35d1d2f90b80dca80ad398f411c93fe8aef07435 |
| SHA256 | 2b167248e8136c4d45c2c46e2bff6fb5e5137dd4dfdccde998599be2df2e9335 |
| SHA512 | 7562e093d16ee6305c1bb143a3f5d60dafe8b5de74952709abc68a0c353b65416bf78b1fa1a6720331615898848c1464a7758c5dfe78f8098f77fbfa924784c0 |
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Preferences-20240601073022.718800.backup
| MD5 | 68d84691641bff177cfb8289eaf6e4f2 |
| SHA1 | 13afa156b1861fad3e915b85cf87eeba3c7512f0 |
| SHA256 | 42fe2319b2573adfa77e64fc7563582c0e7a7b5c96bbb2955fbbd8dcf8466b78 |
| SHA512 | 04aad15e598591e86ca7c24753cbd72eae79262b2efae657b8475724d24d05e7d12f11639e3871946a02a8ca9f323e683b748f3837d792654c614d9cb20e992f |
C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe
| MD5 | 95828ee007d3586792d53ace50b2357e |
| SHA1 | 3501ccad7573fd467911f207155318db3a1a1554 |
| SHA256 | 8c4be5f1bc4e2f73d4396af48a31bf10362006472e9b28f40aa91f73a3815f12 |
| SHA512 | 9896eccb178fd772fc92e5793340bdbc1bd6169465d9a739df06c1154edbce16f6db5dd50df426ccbc40d8410d4ef170c3fb0bc700e7778149ff2168409638e7 |
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Яндекс.website
| MD5 | 9698a7c41f0f410a641bfa4c04661e36 |
| SHA1 | 263ca1de4dd9734cbcc03ddeaff7490d003d3e07 |
| SHA256 | cc945953660e5449358a93938a19b71c28da9f480204b0bf6ce3917b8cce0901 |
| SHA512 | b04637822e24519fefd517d84da2fadc340de67d4fdd72ac7139d272bad13ffd08d06e220f33a326d78ba725becc8a29be42ae2a843272816b901bc46b15d64c |
\??\PIPE\wkssvc
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.lnk
| MD5 | 7de127f4a188ff8c24b63cfd1c91ed8c |
| SHA1 | 1a70ad23a885d2fcaaad69c01f669a43c206cefa |
| SHA256 | 0a65b9e103fc45f440d4dcdef7da431a8cc06c26ada6bc542ce3c5c9a1e1e4d6 |
| SHA512 | 5a3efddc4b04442b6d72e9074bba62ba7e9c509b2ed24c94fc51a62d77ced963c3b095daf09817d334028a95d0b737e9fba609ffbf4f07c7451c0cb07114e1a7 |
memory/3008-8732-0x0000000000760000-0x0000000000762000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\lite_installer.log
| MD5 | cf798defdf1f38a32bb54211ef08fbd5 |
| SHA1 | 6a38512d28f63f62ca8cd575be1117ac8a23804d |
| SHA256 | 925ed48ce165e0586d2601d21c7299b780337cf5307fb2d2743e9cea597fa542 |
| SHA512 | dc5f611562f974e0d02a623604a6d662fae33dcca99c579b7f6efa13be1c9e2dac7a3d046c67663a1b7c49b61336be2da5faf792b6bd3c8f6b358c8186d3f8ac |
memory/1648-8740-0x0000000000BB0000-0x00000000013F5000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\868C1459-DF56-427D-B48F-17BD49B46861\sender.exe
| MD5 | f1a8f60c018647902e70cf3869e1563f |
| SHA1 | 3caf9c51dfd75206d944d4c536f5f5ff8e225ae9 |
| SHA256 | 36022c6ecb3426791e6edee9074a3861fe5b660d98f2b2b7c13b80fe11a75577 |
| SHA512 | c02dfd6276ad136283230cdf07d30ec2090562e6c60d6c0d4ac3110013780fcafd76e13931be53b924a35cf473d0f5ace2f6b5c3f1f70ce66b40338e53d38d1e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f9cf6fb2d95494f2109d61031482379b |
| SHA1 | 2ec357afa2eceb5cda1b5968d6b5378b4db19d9d |
| SHA256 | 63ba0833575abd45d2438a4c4fd9fa051841d4cc6d91cc24ce8d46ad691f23a9 |
| SHA512 | 14b7e29c3a01a9ed8a008f81032dd4d82c8dde8f7b7b1a5ee8ab3370b4a3d37672e4d9d7047b832c90976a47172c8fdef56b7f2f3ebb3fa002beb0d8fb4135e8 |
memory/1648-8970-0x0000000000BB0000-0x00000000013F5000-memory.dmp
memory/1648-8976-0x0000000000BB0000-0x00000000013F5000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 389f7b137b9fd9589fa4bbd357eaa0a7 |
| SHA1 | e0605b5579960733842447a4f5c65dd7ab0b6be1 |
| SHA256 | b7da826f277ec40918098998aedd78c43c216af3035f6ca2a51f96815b4791ca |
| SHA512 | c5d659b619f212e3c1cdb601c8862f167786b41c59a8febb29247678c144b117fe6d9be75b9f3c234b42dc77dd297a1ded73ce26ccf31546731e8dbe3853275a |
\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe
| MD5 | 708185c92cce57ef50ff720d28068c38 |
| SHA1 | bf708e1299bce3d49056b9021459d4103370af56 |
| SHA256 | 31a7d6e149196a2d8fcb74f0c1c60f59d7acf48133aa23dd46b1e465e3064ca8 |
| SHA512 | abc8829e4a5c8771a4a1a3eb00dd894b3ae12dd305e745b48dde3be43b436d0913dcb7847f5e6463a6583b37181367bc3f9fae471004b1671184847326ce564b |
C:\Users\Admin\AppData\Local\Temp\master_preferences
| MD5 | 907071f307fa70fb85a2c67007e84826 |
| SHA1 | 6956e67cdfd8bec294ecedf5ad49f5d60da4cff6 |
| SHA256 | b023ae425a54825b2ea2975f771b6a8671104ff242a75b757646c5c99eedcfe2 |
| SHA512 | 41e97d728b9b1ed3f54fee3bc45c0e234860f365b8ef60156ad5b021478790d59f015b613dc465ead0e4f317c497f7cc82d86cb6e4e1d0245ffbe8305211819f |
memory/1648-9345-0x0000000000BB0000-0x00000000013F5000-memory.dmp
memory/1648-9359-0x0000000000BB0000-0x00000000013F5000-memory.dmp
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.4.4.1169\resources\configs\all_zip
| MD5 | c7b76127a33b7661d3287cb93375e184 |
| SHA1 | 3314dd1685dc3adacbcd5023e9d94de016774015 |
| SHA256 | d89d224f0f7197574d1cabbb0b0eea91844081cd78d92ddafffc7d3ba3d9d0e5 |
| SHA512 | 496788a04dc1af6800929206efad41282cca61a4afd359250ef81f5887e2bba3a832497119904801a4c37d59260ade6dc93907167f4c92406b08f7fb1bbf3c76 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ef0c3f68d80b61608ef0b9864e36a8ed |
| SHA1 | f79620c5c45291451b8ef55a238ae4dfc8232414 |
| SHA256 | acca08cc6b295cc350a0010f62b330d1880b2d0b3db7e50a4bc9669123b1c994 |
| SHA512 | 0f0e31fa4ddbdccc365427332a37863bffdcfb49e94a697a0fd1f22510beb59d005a71f0256ff8ca20535e482c38a6ff3cfe9b1aa8903c3071bdb1dc95f4af84 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | b6f88c4d16930ddce1a62e5a47bed464 |
| SHA1 | b4ad1bf8159f4d59387c83dd2125ed789e66426f |
| SHA256 | 8c0f243331076233338638b6e44e17f901d04193440cd06437be2413fccf86b2 |
| SHA512 | 4a260c0fe732b3829e7064eb508bec26700c8105135c53da5370f5453d22e4a8d3121487e2164932978c2099666b9954fc891cf74585951c2175321546eb1fbf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e5bbcb437f8e7b4a47cccab192eceadb |
| SHA1 | f4aa73345d5bd907b7bd555d0eb9a5ded480a6d0 |
| SHA256 | 8f4ef984314a9ccda4a919dfe21037bc6ac15e9b5a2c6b7917aa70b0fe9b4911 |
| SHA512 | d4fc7a47aea76e4f9f5dfdc81cfb77109dd09318fbafe8d3a7c230ec4a1993af7415d940ae38c1e624c0434677c751f45b57e0242c9bcac03444e5b9a2996e7c |
C:\Windows\Temp\sdwra_3156_2016994165\service_update.exe
| MD5 | e3fffb071ce80b5568c3abe06444c72d |
| SHA1 | bf3bb0965d78b64c9ed462f67e180707f7cb9ddd |
| SHA256 | a12f34c3b345447b3809b7b8be0a6db9123b5ee408fb4bc7038c6cde904de67a |
| SHA512 | e5dcfc583f3c1f401f26db9f5cbcea18f2f6081ec0ada84c884f222156753f74b84ea1c05551b7b91997cd044152c5fa0b7aa1fd2c405b95aa762041cc33b0ea |
C:\ProgramData\Yandex\YandexBrowser\service_update.log
| MD5 | 0c888e024f69d9fe8920923740276bb0 |
| SHA1 | ab1e977e9c21cd2ad451289d0b97200c755e00a6 |
| SHA256 | 13eae0f5e7b63235889470399baba5357ff141e15c2d5a03ee99d5430fcd7941 |
| SHA512 | 4bbaaf833db72920a5883692a628dfbe8f11f00bea69e6a8a53306172a5f8fcc534905448493c185d51d2114061b8d18a113e91f32662afc305a0983d2a0831d |
C:\ProgramData\Yandex\YandexBrowser\service_update.log
| MD5 | 11eba003fa506cbd5185aca6bcd10591 |
| SHA1 | 3997a9f1c661920e3d42891d4d17cd4bf84ad3c5 |
| SHA256 | 36480b9d193879dd37050f32296aaae84171c07d4163ccdcf5d4f5eaa560d5ae |
| SHA512 | d49a5f5c79026ee388faa2584c26e304c59eff7a57e4143e47f8fd383052bdf63bdb358544ecb54db70179e9a5ecb392dd8649b19ba5d295c0401c04fe16fd19 |
C:\ProgramData\Yandex\YandexBrowser\service_update.log
| MD5 | cbf140e210a434fa879b0556fab98326 |
| SHA1 | 5980b6d1085fdd40b8d123fe00e31cfa8a109edf |
| SHA256 | 3ae67717c7a53bb9e1a5c0fe27ec58a3d70d632883b5c022bab35e85b7b3e3ff |
| SHA512 | bb513f7ec873206871eb67c243ea1fc3ac1047e2d82656e9622a99ad53dac551f33fef800d51e016a7e1a2df0ad2ce8b5ad83422d312cf87993484da92becfb0 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.4.4.1169\brand_config
| MD5 | 57ab8d4ccb2bc7db807a63d5c21caa9a |
| SHA1 | c8db4d2d5a79fde4387425e3c8332c4df8207f4a |
| SHA256 | f20a434e533cb069064f96862e25da9168707cf79d4dcdd69f1968e39c064bf8 |
| SHA512 | df8ec17092d55938cbbb4a426561a3711c0c7d483e70a1d095a1026b7e5b29ed580bbc601e1859170965f947c26e220b44b948759f827e0990215d6b59106d43 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.4.4.1169\partner_config
| MD5 | 977bc7b2384ef1b3e78df8fbc3eeb16b |
| SHA1 | 7ee6110ca253005d738929b7ba0cc54ed2ed0a2e |
| SHA256 | 82e288090168abe15419015317fd38f56c1136e7481f66656d84e0a2d861d4d6 |
| SHA512 | 4d154832ef3ac05abb1499a5bc8235d72f64cdaa3e6870206a6363c1d85d821604ae8a96850c2c8bd540d479b8dd5f3ce032472ed96bbf7eddb168ea3d2d1cf6 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.4.4.1169\resources\wallpapers\sea_preview.jpg
| MD5 | 53ba159f3391558f90f88816c34eacc3 |
| SHA1 | 0669f66168a43f35c2c6a686ce1415508318574d |
| SHA256 | f60c331f1336b891a44aeff7cc3429c5c6014007028ad81cca53441c5c6b293e |
| SHA512 | 94c82f78df95061bcfa5a3c7b6b7bf0b9fb90e33ea3e034f4620836309fb915186da929b0c38aa3d835e60ea632fafd683623f44c41e72a879baf19de9561179 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.4.4.1169\resources\wallpapers\sea_static.jpg
| MD5 | 5e1d673daa7286af82eb4946047fe465 |
| SHA1 | 02370e69f2a43562f367aa543e23c2750df3f001 |
| SHA256 | 1605169330d8052d726500a2605da63b30613ac743a7fbfb04e503a4056c4e8a |
| SHA512 | 03f4abc1eb45a66ff3dcbb5618307867a85f7c5d941444c2c1e83163752d4863c5fc06a92831b88c66435e689cdfccdc226472be3fdef6d9cb921871156a0828 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
| MD5 | ac7580619407e45dc4bdcb7fd655a7d8 |
| SHA1 | 5b7db72b8425a5f8f586134da73b64cb03572e9e |
| SHA256 | b7f46b54cd9d0c25187354966f47f0f350c5e769737184aa50f6fc106dab8b43 |
| SHA512 | 56f35a297b9c28c511eadfb5af638c22deb2e0985eee28f9ec50a659d88747e7955c1d2cc802162f326e8c2a2cce4a747b98c2862e1733e2f81f1b23abc9e83b |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex.lnk
| MD5 | ecc4b6e12c3b737675dec2537000c86b |
| SHA1 | df4687141445d69825f158c446b5ef8a4c2d0c58 |
| SHA256 | 51805773e559e27b6f55252845381a981b9202dc7e8db398da0ae8746f2ab760 |
| SHA512 | 5638b3ecea51b39b50c1b1ec54574c266ecb4f9103549d6c5c84df958c24c54adbe299c2d41ddc0ac7537ec4b6738c76892e57a05ffb75dce4dc124fa2306063 |
memory/3156-10025-0x0000000000B00000-0x0000000000B02000-memory.dmp
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\install_state.json
| MD5 | d8387652552e22f063fd1d9fe6aecf53 |
| SHA1 | e52f0e15687ca66a9bdbfa6df67a383abebc948d |
| SHA256 | 199085dd907b6a96de578f562b9da319829b35b52c030574d59b1ad2fa9aa7b1 |
| SHA512 | fd995ba832c4b629d912dbc2960361f620455bd2e1e92847f7084bf6a4dd86022dc4dc871d6f1d3121491e0d4261be4acb36237820b965ed6c6cd0711db42641 |
memory/7704-10134-0x0000000001040000-0x0000000001041000-memory.dmp
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\306f2d88-fb63-43ff-a26f-efad221a9086.tmp
| MD5 | 35d7ae58eb34aab68aa3d493f4f7bfbd |
| SHA1 | 3abeef1db23f8717cdb6effa14115ef795271bee |
| SHA256 | ee3a327886588c5be135c8ec028034e0327c3299b7436f504cff55a0f15d3238 |
| SHA512 | 3a9aa4cfb1b2aa53834d80dc5aa1e2ab860f6ef6997db26747c4962a7f42ef9ceac8ac82e0a99361c98bd107749ac67effe1763999a17442e7ba65a46d788207 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Sync Data\LevelDB\CURRENT~RFf7788fe.TMP
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Wallpapers\store\preview-13361700668858600
| MD5 | 9f6a43a5a7a5c4c7c7f9768249cbcb63 |
| SHA1 | 36043c3244d9f76f27d2ff2d4c91c20b35e4452a |
| SHA256 | add61971c87104187ae89e50cec62a196d6f8908315e85e76e16983539fba04b |
| SHA512 | 56d7bd72c8a380099309c36912513bcafbe1970830b000a1b89256aae20137c88e1e281f2455bb381ab120d682d6853d1ef05d8c57dd68a81a24b7a2a8d61387 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Wallpapers\store\picture-13361700668858600
| MD5 | 3bf3da7f6d26223edf5567ee9343cd57 |
| SHA1 | 50b8deaf89c88e23ef59edbb972c233df53498a2 |
| SHA256 | 2e6f376222299f8142ff330e457867bad3300b21d96daec53579bf011629b896 |
| SHA512 | fef8e951c6cf5cec82dbeafd306de3ad46fd0d90e3f41dcea2a6046c95ab1ae39bf8a6e4a696580246c11330d712d4e6e8757ba24bbf180eec1e98a4aec1583b |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Platform Notifications\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Site Characteristics Database\000002.dbtmp
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\4e827df3-f0ff-4c1d-9dbc-63851cf5f53f.tmp
| MD5 | e83f8ddcd8a44db1f17574eb0f501331 |
| SHA1 | 0b30ec881ad62158f896ea47f5c70db3806aefd6 |
| SHA256 | 3bae34ca8c4ca34ad7177a57d3934891651bea573f72a7da8cdf004f897ffee3 |
| SHA512 | 8a246ea1417825e1de0ee26af667c849175659441dac4c9f115d58ebb68abaac9245b231d787edfa72384ebdf0f170e871fca352b441faa41bc2984bc1a56223 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences
| MD5 | 0b5bdde53f0ff651ef669fdbe0261dd8 |
| SHA1 | bb37b82e4b84843c0f6132366f67e88740ede9b8 |
| SHA256 | c422120fe23826837c94023202335737a1e6818675860c95d7b79603a9128c4c |
| SHA512 | ceb9838e5468fd460e0ab0c7e7486a3c7d27b3b79d34cff4d45742e7f004ee44d451316cebdffc33f23856448ad3391f19fd85810771059609c388d6c85d7032 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\e5443479-9873-4d91-810b-7bbedab22693\index
| MD5 | 54cb446f628b2ea4a5bce5769910512e |
| SHA1 | c27ca848427fe87f5cf4d0e0e3cd57151b0d820d |
| SHA256 | fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d |
| SHA512 | 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\0aa7e4c1-861a-433c-9492-27ce8d357d3e.tmp
| MD5 | e18817e6a9e1a5742a1b2af583bc6a02 |
| SHA1 | 6182de1a11dd42b69b4b8b4ffc7130630c18eb0d |
| SHA256 | 77bfa49ddebadcba546a1785624f2f34a25dc4a28d581243f2b493e1670b388f |
| SHA512 | 92dbeed77e5f54ba92fb09a6296a6fcd8faf5ff5d54a6d508dfd380fe09d2a9ddd78b801a5ea925385199da8b52225f859e72c6046b9fb4d389221df1267f3e9 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\ShaderCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\DawnCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\ShaderCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\ShaderCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\bcadigmkecmhhknameopgaidphameinh\Icons\32.png
| MD5 | d2e7ab79b45eda7c4421f296abf37c52 |
| SHA1 | 8490f4e098d50ec161e64db912f8430826daf2bc |
| SHA256 | ded3490683fcf3c5b87803bb1835759df2b65831a6257a326709a708a1dd45ac |
| SHA512 | 094c2150f872e727980f84b6c011f13210d43cbfd9437825b3b014211c69d7bd3f6367e9913370b624ddad270cfe91c190ebf2c5f5fd4e082b5d6c85199cb6b1 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\bcadigmkecmhhknameopgaidphameinh\Icons\16.png
| MD5 | 238b0e7dc06028db4b6aba8078740ffb |
| SHA1 | 5fd2309587993b371beabb7a9d039e0dba3006ba |
| SHA256 | d159e510392f6da58c4d15cc098171d45c7b02a1362cbf7be7a2d47a1a10e7fc |
| SHA512 | 1dda4de21be647067c04dfc47174df39d0c6c1eeee3e9005211f908351b69d6a27ed268b5ec7480285fb203a95136a3a205f7bafb7eb5223a3dcbab0dadc0e5d |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\bcadigmkecmhhknameopgaidphameinh\Icons\64.png
| MD5 | 6f5486bcca8c4ce582982a196d89ece5 |
| SHA1 | 4648ae13d71b2ff681cabc5d0b5b4bb242cb78a2 |
| SHA256 | c870819a5c73e2ea5f94312bdf10fc56668d3311ef2eab6509b659efb456bb8d |
| SHA512 | 9a36d519a9cadf5b464a98082511906cc5f24c4218f6bc2ae323f6b38bf5fd413614807ef0d442801bfbc3b2ce2a0527b0f7be24fd51f49cbde6b5dfe2cafd7c |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\bcadigmkecmhhknameopgaidphameinh\Icons\48.png
| MD5 | 7cf35c8c1a7bd815f6beea2ef9a5a258 |
| SHA1 | 758f98bfed64e09e0cc52192827836f9e1252fd1 |
| SHA256 | 67c320fa485a8094fc91cd3fcd59a7c75d2474e3046a7eb274b01863257fbe01 |
| SHA512 | 0bbebde654c9f44cf56b74fc1a9525b62c88724ec80658efede3cbb370c3a6d4f3e78df459bbd0559a51838f4a172bdfcd370bd5477038309024b77cd69f2a15 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\bcadigmkecmhhknameopgaidphameinh\Icons\128.png
| MD5 | 363bbbffe31e45e3945aa0ff3b8cdd1d |
| SHA1 | f223255a82218ddd45bdf54a0cf1e8b438a67edc |
| SHA256 | 39b835c3dcf4261025de83d49ab151f5af0bc1ed8845932065aa1a333f026684 |
| SHA512 | 7bbfb3810a2bed3d2a8a899afa95412cca95fa6916b1684ae3182bd0ad28faa7076fdf328281d106a53c10385667729b4089b0050610e87eadef2f3ff54e80be |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\bcadigmkecmhhknameopgaidphameinh\Icons\96.png
| MD5 | 115decbc3eb53574b2582f15a0996e83 |
| SHA1 | 598a1d495135f767be6d03cf50418615b22146b6 |
| SHA256 | 07fbfbda84eb5467b120fb3f9b4e028077303098bac8c2934635b14bbda847e0 |
| SHA512 | af237ddb585ad38fd0fc3d0f0b75c60d0117e965a548bda055b2625f86ee7d91fedc840e1afa2fe80814f152732371255133faa21c3d774ca9691446541cf46c |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\bcadigmkecmhhknameopgaidphameinh\Icons\256.png
| MD5 | a363094ba5e40a4760a9bf566e5defd3 |
| SHA1 | 1e74e20f48ec878bd0b76448c722168879c5b387 |
| SHA256 | 05ae2d6161a3acd83798ec56dbc45087e6aeb0a1376401f55aa46539b1d95559 |
| SHA512 | ce30f312cc08366aa588e75b229c178a83cf6d464a1051bd1118b81e5166085a2b1bcfbff97804f3e8662366b59f43a659e4b0e315dabad125f16ec9ad9ac379 |
memory/1648-11043-0x0000000000BB0000-0x00000000013F5000-memory.dmp
memory/4568-11048-0x00000000065C0000-0x00000000065C1000-memory.dmp
memory/4568-11047-0x0000000005FB0000-0x00000000065B9000-memory.dmp
memory/4568-11046-0x0000000005FB0000-0x00000000065B9000-memory.dmp
memory/4568-11045-0x0000000005FB0000-0x00000000065B9000-memory.dmp
memory/4568-11044-0x0000000005FA0000-0x0000000005FA1000-memory.dmp
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\748383a3-6e74-4b77-945b-39b4db7279c2.tmp
| MD5 | 5b39760c59835a3716f943fd5aa1b96e |
| SHA1 | cf4a917e5043b3acc381255cc20b4bb6f22832f6 |
| SHA256 | aefe904bb9773023af339c2fffb3215bae81a440297947a98d0dc7a1d09aa072 |
| SHA512 | ed79822283c7ba0fdbd565fa5cd45c2dea1cbaf87eaa64d19c1d0d109da86596b900e82c6c570800f88de3d2808cb99b3562a7b40eac93818c7065f15c737776 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences
| MD5 | 871ae18ee8b53c80bc70639f6a45eb55 |
| SHA1 | d72579f498ae95a1d9efe0a309ed0b6c48757f38 |
| SHA256 | 677f7033c5fc2e5a07db19b5e573ec01baca9dbe962e26839509d5120aa9d31a |
| SHA512 | 2d4931ece92d90c513670467c4a1ee7176db81a3f22e78d5d00dab717dca2986fbc266078d9555606562296cda5b48a23ad1e8487caeec7be3d3da6e6a92ffca |
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\plugin2\msvcp140.dll
| MD5 | bf78c15068d6671693dfcdfa5770d705 |
| SHA1 | 4418c03c3161706a4349dfe3f97278e7a5d8962a |
| SHA256 | a88b8c1c8f27bf90fe960e0e8bd56984ad48167071af92d96ec1051f89f827fb |
| SHA512 | 5b6b0ab4e82cc979eaa619d387c6995198fd19aa0c455bef44bd37a765685575d57448b3b4accd70d3bd20a6cd408b1f518eda0f6dae5aa106f225bee8291372 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\YandexDictionaries\ru.bdic
| MD5 | ac3768f0462853d08df284e67c7c4ebd |
| SHA1 | 732581ac6f2e02246696817adc53d2e2e5d0dcb5 |
| SHA256 | af2bcc135f974aad505a8f55296117dbf4cbc095931e22f424698b181d273656 |
| SHA512 | 27d558deffeeefe1198aebdf65a3fef0b0f3d6b6c4177d03ff32b0363f0a2fb1b7ff6454f45dd3254427cec9174b03181c50bc51dba212e6ab0114a6e72bcf96 |
memory/1648-12004-0x0000000000BB0000-0x00000000013F5000-memory.dmp
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\vcruntime140_1.dll
| MD5 | fcda37abd3d9e9d8170cd1cd15bf9d3f |
| SHA1 | b23ff3e9aa2287b9c1249a008c0ae06dc8b6fdf2 |
| SHA256 | 0579d460ea1f7e8a815fa55a8821a5ff489c8097f051765e9beaf25d8d0f27d6 |
| SHA512 | de8be61499aaa1504dde8c19666844550c2ea7ef774ecbe26900834b252887da31d4cf4fb51338b16b6a4416de733e519ebf8c375eb03eb425232a6349da2257 |
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\vcruntime140.dll
| MD5 | 7415c1cc63a0c46983e2a32581daefee |
| SHA1 | 5f8534d79c84ac45ad09b5a702c8c5c288eae240 |
| SHA256 | 475ab98b7722e965bd38c8fa6ed23502309582ccf294ff1061cb290c7988f0d1 |
| SHA512 | 3d4b24061f72c0e957c7b04a0c4098c94c8f1afb4a7e159850b9939c7210d73398be6f27b5ab85073b4e8c999816e7804fef0f6115c39cd061f4aaeb4dcda8cf |
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\lib\deploy\messages_zh_TW.properties
| MD5 | 880baacb176553deab39edbe4b74380d |
| SHA1 | 37a57aad121c14c25e149206179728fa62203bf0 |
| SHA256 | ff4a3a92bc92cb08d2c32c435810440fd264edd63e56efa39430e0240c835620 |
| SHA512 | 3039315bb283198af9090bd3d31cfae68ee73bc2b118bbae0b32812d4e3fd0f11ce962068d4a17b065dab9a66ef651b9cb8404c0a2defce74bb6b2d1d93646d5 |
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\lib\images\cursors\win32_CopyNoDrop32x32.gif
| MD5 | 1e9d8f133a442da6b0c74d49bc84a341 |
| SHA1 | 259edc45b4569427e8319895a444f4295d54348f |
| SHA256 | 1a1d3079d49583837662b84e11d8c0870698511d9110e710eb8e7eb20df7ae3b |
| SHA512 | 63d6f70c8cab9735f0f857f5bf99e319f6ae98238dc7829dd706b7d6855c70be206e32e3e55df884402483cf8bebad00d139283af5c0b85dc1c5bf8f253acd37 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences
| MD5 | 772c9e2702535434a83cb66187556f9b |
| SHA1 | 02bdadbf83a78fa42daf3d0f8c31133fc0280c80 |
| SHA256 | 78b144162f9b9b6bfc4b727461d8e88032f45aa80bc556162d779a0d8e3aada8 |
| SHA512 | 9b50f2467371c5234c471ffcfb0e46aa1fe35fdce068987ccd63975ee5a3f34bba3e592abdc8e12ba1421e442d6120fb2363f42bfb6199bf73449e04ac8a1446 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\component_crx_cache\oimompecagnajdejgnnjijobebaeigek_1.2903aec9f77378fa19280af8ff89294fb9ce2caf8e0092c69e19973c0a9cc6fe
| MD5 | 5d9ad58399fbef9be94190d149c2f863 |
| SHA1 | 45f3674f0425d58d9ffc5d9001ff6754f357543c |
| SHA256 | 2903aec9f77378fa19280af8ff89294fb9ce2caf8e0092c69e19973c0a9cc6fe |
| SHA512 | 9a9532cce2de086d5934235d21d27b8a0863ae902a81151a728364aebe044faef5e5805d64efe68d67a5a5aaf408f74954d08f10c6a011dc9ea82c629339d3b0 |
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\lib\security\policy\unlimited\US_export_policy.jar
| MD5 | 12f971b6e65cbc7184701235469f0339 |
| SHA1 | 06cb165157c5e0078b872c48707a1328b1dcba19 |
| SHA256 | 84e035372ca8979bb4a387428a74942ffc7248a0e61988b7033b5b266cd187c8 |
| SHA512 | 58646fc81de2e4750a3259d79a207a8cff2dc6692f178a63d92a453fc408c8d1088007ef4e93157d1017be706565716a0236039dbac848c40745a0ad89c4d0de |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad\settings.dat
| MD5 | c6a49887aee462f1dc3fd9bd213c6817 |
| SHA1 | b110bf9b2ff0f3f0455e742d0861ceeaf65b1f5d |
| SHA256 | 2b42d3855d95b12ca8037cc4eb44205c07e49b80ed9a5d77dad14a86442bb9d6 |
| SHA512 | 30267290472a092ec45bb9553bfb716ffdc959ab2817feeee6ebb06bf0aea73932259ffd2b953330e876ee7d1b2bded404d11aa7658131b83cf05e9ebb3c47c5 |
C:\Users\Admin\AppData\Roaming\.minecraft\KLauncher.exe
| MD5 | 82345958a39e7b1ad0b14ff2adeecaf9 |
| SHA1 | 56e29f91f3ca1d5a3712e339ea5ac70f2904fbf7 |
| SHA256 | 5fdc5fd46f4fbd5f1377c9cde1370b34bef76aec16f7ac3bcb89a1ee59329f99 |
| SHA512 | 1182da48e1be07c2b21036336446e4af55dfc4f4fd1602701cf2a2c56ead437d9be5d994948f7b863215cffe1b627ff4331e4635db12f9eaf9d6ea7b6bf98ea2 |
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe
| MD5 | 122e34bfa3146ef9ae5a51fdc744353f |
| SHA1 | f0cc2294fe150a4cceca8a3da8615edcc4eb20e4 |
| SHA256 | dd2169db3358ccdf4a4a185e4a22955c989eaa3b9d3e0e6025599b8fa173c968 |
| SHA512 | 306341e00598f02a70d3edc6ef666cb64982f1e31e5c0a1304977a1700c95395c1c7f0857ae8056853370eced0bd2aeafc72da804a65f98c1422929b7c431700 |
memory/6696-12774-0x0000000000140000-0x0000000000141000-memory.dmp
memory/3528-12777-0x0000000000400000-0x000000000042F000-memory.dmp
memory/388-12796-0x0000000001F60000-0x0000000001F6A000-memory.dmp
memory/388-12795-0x0000000001F60000-0x0000000001F6A000-memory.dmp
memory/388-12794-0x0000000001F60000-0x0000000001F6A000-memory.dmp
memory/388-12793-0x0000000001F60000-0x0000000001F6A000-memory.dmp
memory/388-12799-0x00000000001D0000-0x00000000001D1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\yandex_browser_updater.log
| MD5 | e77a8fd298f3d84d31cefa162ee7ca71 |
| SHA1 | f748ba7856ea4433444ebcccb5d7ccb0d8884e8b |
| SHA256 | 2982384159594c500de4a96a0bd663eefe1e133dba603caaca503de2fc8c45cb |
| SHA512 | b94ac450c4fcbd71b0578b5e641f47ac4e33533d60e7a8b6b125eb43f249113e10707eab9749b80e2eedf8cc4537fc8ed65af9c94958b040fe06f0d4b899eb6d |
memory/388-12887-0x00000000001D0000-0x00000000001D1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\+JXF2105097462156220991.tmp
| MD5 | 99c471b10eb25b8f0f1fe76a04926b0f |
| SHA1 | 807f89e70ccf186bde048c8a51a5c2d668190797 |
| SHA256 | 9042ee73964614ed6b3eb4aa30df23c4ac5d3372deffb201ab9287540a34079c |
| SHA512 | cbc263c2fbf1325c56adb312be8026ec25766a172bfd8d742a2e86292692c18fb185f595eb8b6fa2898e66ff95404ae52d9e52c393271e9f1fbbfd6c5bb9707d |
C:\Users\Admin\AppData\Local\Temp\+JXF6669411277044653899.tmp
| MD5 | 794162f5ab873e624c2e8adaef34aa73 |
| SHA1 | 5e631244b866752f9232e170ed81ab94d252ac42 |
| SHA256 | b272fda2af48d26da480cd02d76059416539612615d38b9145b3f156d677ef7c |
| SHA512 | d14a8abf8a3a4279652132ec145c5fad024001241e6c81d1e07c74ad3d438d61ea6f2e2a3d01812621763afbda99486ebe47f858a8dbd440c82448b1619a2426 |
C:\Users\Admin\AppData\Local\Temp\+JXF3470484539401003289.tmp
| MD5 | 945426f5363c482553695c661ebc75a0 |
| SHA1 | feb3a62b783c6cba5175e957c6a4d1564e6de534 |
| SHA256 | b04761b165a8b32e5ac989a3cee07f27658634e7796f708b3e17ff5ccbe23622 |
| SHA512 | 12658f86b8c3744329c2a4c4552ce25c5756e29aa984e0c7fd3fdee13abaa51b221d8ff78a9c406b084d3c08fffc3cdcb2b58f9cfb6af707ab9e3bc8fcee9e98 |
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\java.exe
| MD5 | 1562e15220d8771fcb11b9a5b234a970 |
| SHA1 | 50ec8e4e7125bda147a1b2ccc2b2827db2dc3479 |
| SHA256 | 366199821c1efede3f7112d21da045fd6bf38b56fb3da1ae9d6493c4ddc1861f |
| SHA512 | a07873f0a5381d202a6439a3245dd51f405cdcec4a9d40ff6ffdd4670a3b218008f7288a89e2a7455782c677d4c661bda96e62f813ce7d8c1f20a6c4c7c2b31f |
C:\Users\Admin\AppData\Roaming\.minecraft\klauncher.json
| MD5 | 15b085d97ad7198e3a5e97b0f6183f8f |
| SHA1 | 5443429678a95243818418f55c815193ad9a7cf1 |
| SHA256 | 73a1fe9da108c27feca4f128cbb80b0b54f205b8c333030a4e6417cde24c55b5 |
| SHA512 | 74f37271c525e76abaf8bcde8e71572d410a6d402d2cfb857e5b474870c7c8204f555f87d398596435a3ac29baccbcace147f8aecbb78d4f4073431c7acbd4fc |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences
| MD5 | 962bbb7284b586622d1c05997cbad13c |
| SHA1 | 7997e57c982708a70988654a5cf644efa2938d67 |
| SHA256 | 92b732d0c9090d2c44660b3d7942f15a3f89bd416c4dbaa57e65916b138fc6cb |
| SHA512 | 4008737343ab5713d3afa2d5b3efe7ba76b60c715d104eb609a468637da98aa33a29fe74925a16b5215f45c7ad0f5c3c8869971569ba858362752fc99d88ce12 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity
| MD5 | 38b92139d1e2a6506c351102abcdf126 |
| SHA1 | c0b0884f1b000cd08e5348fc2c4adc5b357aac8a |
| SHA256 | 18bbb0cc0b2d970cd1257e77cd0312d2b220f3196a5784135056d2e694ce325f |
| SHA512 | 012fef2b7a0600227008c403d9df4d8ff97305ea3d755ee5543152dfd69274d1d238f464413b0b94ada95eb4af8431da685f07565c87461815c315d3c1a52450 |
memory/388-13818-0x0000000001F60000-0x0000000001F6A000-memory.dmp
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity
| MD5 | 294f161d285da8f09680e924e0fd3e7e |
| SHA1 | a4a921814b1478b8f8be08abef9d0cd4fa773af9 |
| SHA256 | 7aa6b4a941d929a5d9c74c16638bd778d429e8749a90aa7b834353be215bd54f |
| SHA512 | 0361d6f99844645b55e1205f3130bb67b70bbe6fb7b6d7e850cb130bbf57a0520b70099dc1fd3e8bed515ab37094eb52adbb083aeed72e064f0dbd6b39d78ada |
C:\Users\Admin\AppData\Local\Temp\+JXF9100783875621910911.tmp
| MD5 | a3de2170e4e9df77161ea5d3f31b2668 |
| SHA1 | 6484f1af6b485d5096b71b344e67f4164c33dd1f |
| SHA256 | 7b5a4320fba0d4c8f79327645b4b9cc875a2ec617a557e849b813918eb733499 |
| SHA512 | 94a693ab2ce3c59f7a1d35b4bcc0fd08322dad24ce84203060ceceaf3dac44c4c28413c28dcdab35d289f30f8e28223a43c11cb7d5e9a56d851eb697ff9b9b6b |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity
| MD5 | 4f543bef87aad41fc5709872b2b6a614 |
| SHA1 | e85cb8ddd816f633e945fde5ce3da1fdcc94298b |
| SHA256 | d3a65ed6633096fb0e1beb23aa2d9fe56db734023a6fc8cfae9e9d4baab327ae |
| SHA512 | 4520911ecad67b1c5f78eb733b8d6aceefd39fe31b68bec4b87a60176fe9034ef1127952e5a4dd9eae3b18187070be01ff6846daf0d32bedea045e361d8fb763 |