Malware Analysis Report

2024-11-30 06:51

Sample ID 240601-jbaf4sdh8x
Target KLSetup.exe
SHA256 4f128c759e90606c9c7b5546259a7888b2aaaf5ea59d1aa40d5284056366504c
Tags
discovery persistence spyware stealer
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

4f128c759e90606c9c7b5546259a7888b2aaaf5ea59d1aa40d5284056366504c

Threat Level: Likely malicious

The file KLSetup.exe was found to be: Likely malicious.

Malicious Activity Summary

discovery persistence spyware stealer

Downloads MZ/PE file

Modifies file permissions

Checks computer location settings

Reads user/profile data of web browsers

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Blocklisted process makes network request

Enumerates connected drives

Checks installed software on the system

Drops file in System32 directory

Checks system information in the registry

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

Modifies Internet Explorer settings

Modifies system certificate store

Suspicious use of SetWindowsHookEx

Modifies data under HKEY_USERS

Modifies registry class

Enumerates system info in registry

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Modifies Internet Explorer start page

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-01 07:29

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-01 07:29

Reported

2024-06-01 07:32

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

157s

Command Line

"C:\Users\Admin\AppData\Local\Temp\KLSetup.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\KLSetup.exe

"C:\Users\Admin\AppData\Local\Temp\KLSetup.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.klaun.ch udp
US 104.26.11.58:80 api.klaun.ch tcp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 58.11.26.104.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 27.178.89.13.in-addr.arpa udp
US 104.26.11.58:80 api.klaun.ch tcp
US 8.8.8.8:53 udp
N/A 5.45.205.245:80 tcp
US 8.8.8.8:53 udp
N/A 5.45.192.185:80 tcp

Files

memory/4212-0-0x0000000003950000-0x0000000003951000-memory.dmp

memory/4212-1-0x0000000000A10000-0x0000000001255000-memory.dmp

memory/4212-3-0x0000000003950000-0x0000000003951000-memory.dmp

memory/4212-15-0x0000000000A10000-0x0000000001255000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-01 07:29

Reported

2024-06-01 07:32

Platform

win7-20240419-en

Max time kernel

149s

Max time network

154s

Command Line

"C:\Users\Admin\AppData\Local\Temp\KLSetup.exe"

Signatures

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\yadl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\yadl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2C55AD0B-2264-4B0C-83AD-FAE0F59DE6EC\lite_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{200BB1D6-E250-455F-B27E-DA3AFD9E3266}.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\868C1459-DF56-427D-B48F-17BD49B46861\sender.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ybD845.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe N/A
N/A N/A C:\Windows\TEMP\sdwra_3156_2016994165\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\24.4.4.1169\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\24.4.4.1169\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\24.4.4.1169\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\24.4.4.1169\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\24.4.4.1169\service_update.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\KLauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\KLSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\yadl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\yadl.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2C55AD0B-2264-4B0C-83AD-FAE0F59DE6EC\lite_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2C55AD0B-2264-4B0C-83AD-FAE0F59DE6EC\lite_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{200BB1D6-E250-455F-B27E-DA3AFD9E3266}.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{200BB1D6-E250-455F-B27E-DA3AFD9E3266}.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{200BB1D6-E250-455F-B27E-DA3AFD9E3266}.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{200BB1D6-E250-455F-B27E-DA3AFD9E3266}.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ybD845.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe N/A
N/A N/A C:\Windows\TEMP\sdwra_3156_2016994165\service_update.exe N/A
N/A N/A C:\Windows\TEMP\sdwra_3156_2016994165\service_update.exe N/A
N/A N/A C:\Windows\TEMP\sdwra_3156_2016994165\service_update.exe N/A
N/A N/A C:\Windows\TEMP\sdwra_3156_2016994165\service_update.exe N/A
N/A N/A C:\Windows\TEMP\sdwra_3156_2016994165\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\24.4.4.1169\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\24.4.4.1169\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\24.4.4.1169\service_update.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\system32\icacls.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Run\YandexBrowserAutoLaunch_45886AE68CD319C7351FF54A1DBD4B87 = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --shutdown-if-not-closed-by-system-restart" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Yandex\ui C:\Program Files (x86)\Yandex\YandexBrowser\24.4.4.1169\service_update.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Yandex\YandexBrowser\24.4.4.1169\debug.log C:\Program Files (x86)\Yandex\YandexBrowser\24.4.4.1169\service_update.exe N/A
File created C:\Program Files (x86)\Yandex\YandexBrowser\24.4.4.1169\service_update.exe C:\Windows\TEMP\sdwra_3156_2016994165\service_update.exe N/A
File opened for modification C:\Program Files (x86)\Yandex\YandexBrowser\24.4.4.1169\service_update.exe C:\Windows\TEMP\sdwra_3156_2016994165\service_update.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Installer\f76bb95.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIBF1B.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f76bb95.ipi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Tasks\Update for Yandex Browser.job C:\Program Files (x86)\Yandex\YandexBrowser\24.4.4.1169\service_update.exe N/A
File created C:\Windows\Tasks\Repairing Yandex Browser update service.job C:\Program Files (x86)\Yandex\YandexBrowser\24.4.4.1169\service_update.exe N/A
File created C:\Windows\Installer\f76bb92.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIBDFF.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIBF4B.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIC007.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIC20D.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIC307.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Tasks\Обновление Браузера Яндекс.job C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
File opened for modification C:\Windows\Installer\MSIBE4E.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIBEEB.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f76bb92.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIBD91.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIC085.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIC141.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Tasks\System update for Yandex Browser.job C:\Program Files (x86)\Yandex\YandexBrowser\24.4.4.1169\service_update.exe N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key deleted \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\ce5d6660-1fe8-11ef-9f13-d600f8f2bb08 C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\MINIE C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\ce5d6660-1fe8-11ef-9f13-d600f8f2bb08\DisplayName = "Яндекс" C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\DisplayName = "Яндекс" C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\URL = "https://yandex.ru/search/?win=648&clid=6035498-354&text={searchTerms}" C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\Local\\MICROS~1\\INTERN~1\\Services\\YANDEX~1.ICO" C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\ce5d6660-1fe8-11ef-9f13-d600f8f2bb08\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\ce5d6660-1fe8-11ef-9f13-d600f8f2bb08\SuggestionsURL_JSON = "https://suggest.yandex.ru/suggest-ff.cgi?uil=ru&part={searchTerms}" C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\ce5d6660-1fe8-11ef-9f13-d600f8f2bb08\SuggestionsURL C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\buffer C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\buffer\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconURLFallback = "https://www.ya.ru/favicon.ico" C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\ce5d6660-1fe8-11ef-9f13-d600f8f2bb08\DisplayName = "Bing" C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\ce5d6660-1fe8-11ef-9f13-d600f8f2bb08\URL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR" C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\buffer\TopResultURLFallback = "http://www.bing.com/search?q={searchTerms}&src=IE-TopResult&FORM=IE11TR" C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\ShowSearchSuggestionsInAddressGlobal = "1" C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\ce5d6660-1fe8-11ef-9f13-d600f8f2bb08\NTLogoURL = "http://downloader.yandex.net/banner/ntpagelogo/{language}/{scalelevel}.png" C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\buffer\DisplayName = "Bing" C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTURL = "https://yandex.ru/search/?win=648&clid=6035502-354&text={searchTerms}" C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\ce5d6660-1fe8-11ef-9f13-d600f8f2bb08\SuggestionsURLFallback = "http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IE11SS&market={language}" C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\MINIE\LinksBandEnabled = "1" C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\buffer\FaviconURLFallback = "http://www.bing.com/favicon.ico" C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURL C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTLogoURL = "http://downloader.yandex.net/banner/ntpagelogo/{language}/{scalelevel}.png" C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\ce5d6660-1fe8-11ef-9f13-d600f8f2bb08 C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\ce5d6660-1fe8-11ef-9f13-d600f8f2bb08\URL = "https://yandex.ru/search/?win=648&clid=6035498-354&text={searchTerms}" C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\ce5d6660-1fe8-11ef-9f13-d600f8f2bb08\FaviconPath = "C:\\Users\\Admin\\AppData\\Local\\MICROS~1\\INTERN~1\\Services\\YANDEX~1.ICO" C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\buffer\SuggestionsURLFallback = "http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IE11SS&market={language}" C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTTopResultURL C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\ce5d6660-1fe8-11ef-9f13-d600f8f2bb08\TopResultURLFallback = "http://www.bing.com/search?q={searchTerms}&src=IE-TopResult&FORM=IE11TR" C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\buffer C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\ce5d6660-1fe8-11ef-9f13-d600f8f2bb08\FaviconURLFallback = "https://www.ya.ru/favicon.ico" C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\ce5d6660-1fe8-11ef-9f13-d600f8f2bb08\NTURL = "https://yandex.ru/search/?win=648&clid=6035502-354&text={searchTerms}" C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\ce5d6660-1fe8-11ef-9f13-d600f8f2bb08\NTTopResultURL C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\buffer\URL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR" C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURL_JSON = "https://suggest.yandex.ru/suggest-ff.cgi?uil=ru&part={searchTerms}" C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\ce5d6660-1fe8-11ef-9f13-d600f8f2bb08\YaCreationDate = "2024-30-01" C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\YaCreationDate = "2024-30-01" C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\ce5d6660-1fe8-11ef-9f13-d600f8f2bb08\FaviconURLFallback = "http://www.bing.com/favicon.ico" C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DefaultScope = "{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe N/A

Modifies Internet Explorer start page

stealer
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Start Page = "https://www.ya.ru/?win=648&clid=6035495-354" C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\AppDataLow\Yandex C:\Program Files (x86)\Yandex\YandexBrowser\24.4.4.1169\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software C:\Program Files (x86)\Yandex\YandexBrowser\24.4.4.1169\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow C:\Program Files (x86)\Yandex\YandexBrowser\24.4.4.1169\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\Yandex C:\Program Files (x86)\Yandex\YandexBrowser\24.4.4.1169\service_update.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\Yandex\UICreated_SYSTEM = "1" C:\Program Files (x86)\Yandex\YandexBrowser\24.4.4.1169\service_update.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\.pdf C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\YandexTIFF.VCSW6JTLDSYTZUAASZV5YIJDQA\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-119" C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\YandexTIFF.VCSW6JTLDSYTZUAASZV5YIJDQA\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1" C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\YandexTXT.VCSW6JTLDSYTZUAASZV5YIJDQA\ = "Yandex Browser TXT Document" C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\.shtml\OpenWithProgids\YandexHTML.VCSW6JTLDSYTZUAASZV5YIJDQA C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\YandexCSS.VCSW6JTLDSYTZUAASZV5YIJDQA\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-124" C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\YandexINFE.VCSW6JTLDSYTZUAASZV5YIJDQA C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\SystemFileAssociations\.webp\shell\image_search\ = "Поиск по картинке" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\YandexWEBM.VCSW6JTLDSYTZUAASZV5YIJDQA\shell\open C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\YandexXML.VCSW6JTLDSYTZUAASZV5YIJDQA\ = "Yandex Browser XML Document" C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\.js C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\.js\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\YandexHTML.VCSW6JTLDSYTZUAASZV5YIJDQA C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\YandexCRX.VCSW6JTLDSYTZUAASZV5YIJDQA\DefaultIcon C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\YandexINFE.VCSW6JTLDSYTZUAASZV5YIJDQA\shell\open\command C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\YandexSVG.VCSW6JTLDSYTZUAASZV5YIJDQA\ = "Yandex Browser SVG Document" C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\.tiff\OpenWithProgids\YandexTIFF.VCSW6JTLDSYTZUAASZV5YIJDQA C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\.shtml C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\SystemFileAssociations\.jpeg\shell\image_search\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --image-search=\"%1\"" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\.infected\OpenWithProgids\YandexINFE.VCSW6JTLDSYTZUAASZV5YIJDQA C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\yabrowser\shell\open\command C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\YandexBrowser.crx\shell\open C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\YandexTIFF.VCSW6JTLDSYTZUAASZV5YIJDQA\shell\open C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\YandexWEBM.VCSW6JTLDSYTZUAASZV5YIJDQA\shell\open\command C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\YandexWEBP.VCSW6JTLDSYTZUAASZV5YIJDQA\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1" C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\YandexGIF.VCSW6JTLDSYTZUAASZV5YIJDQA\ = "Yandex Browser GIF Document" C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\YandexWEBM.VCSW6JTLDSYTZUAASZV5YIJDQA\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-132" C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\.txt\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\SystemFileAssociations\.tiff C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\SystemFileAssociations\.tif\shell\image_search\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --image-search=\"%1\"" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\SystemFileAssociations\.bmp\shell\image_search C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\YandexHTML.VCSW6JTLDSYTZUAASZV5YIJDQA\shell C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\YandexTXT.VCSW6JTLDSYTZUAASZV5YIJDQA\shell C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\YandexXML.VCSW6JTLDSYTZUAASZV5YIJDQA\DefaultIcon C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\.webp\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\YandexJPEG.VCSW6JTLDSYTZUAASZV5YIJDQA\ = "Yandex Browser JPEG Document" C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\YandexSVG.VCSW6JTLDSYTZUAASZV5YIJDQA C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\SystemFileAssociations\.gif\shell C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\SystemFileAssociations\.webp\shell\image_search C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\SystemFileAssociations\.webp\shell\image_search\command C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\YandexHTML.VCSW6JTLDSYTZUAASZV5YIJDQA\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1" C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\YandexTIFF.VCSW6JTLDSYTZUAASZV5YIJDQA\shell C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\yabrowser\DefaultIcon C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\yabrowser\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,0" C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\YandexJS.VCSW6JTLDSYTZUAASZV5YIJDQA\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1" C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\.html\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\YandexEPUB.VCSW6JTLDSYTZUAASZV5YIJDQA\ = "Yandex Browser EPUB Document" C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\YandexFB2.VCSW6JTLDSYTZUAASZV5YIJDQA\ = "Yandex Browser FB2 Document" C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\YandexSVG.VCSW6JTLDSYTZUAASZV5YIJDQA\shell C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\.fb2\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\.epub\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\yabrowser\URL Protocol C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\YandexEPUB.VCSW6JTLDSYTZUAASZV5YIJDQA\shell\open\command C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\YandexFB2.VCSW6JTLDSYTZUAASZV5YIJDQA C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\YandexPNG.VCSW6JTLDSYTZUAASZV5YIJDQA\ = "Yandex Browser PNG Document" C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\YandexWEBM.VCSW6JTLDSYTZUAASZV5YIJDQA\DefaultIcon C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\SystemFileAssociations\.jpg\shell\image_search\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --image-search=\"%1\"" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\YandexCSS.VCSW6JTLDSYTZUAASZV5YIJDQA\DefaultIcon C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\YandexPDF.VCSW6JTLDSYTZUAASZV5YIJDQA\shell\open\command C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\.jpg\OpenWithProgids\YandexJPEG.VCSW6JTLDSYTZUAASZV5YIJDQA C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\.png\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\.mhtml C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\SystemFileAssociations\.jpg\shell\image_search\Icon = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,0" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\YandexJPEG.VCSW6JTLDSYTZUAASZV5YIJDQA\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-109" C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f00000053000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Users\Admin\AppData\Local\Temp\yadl.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d00f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Users\Admin\AppData\Local\Temp\yadl.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\SystemCertificates\CA\Certificates\D89E3BD43D5D909B47A18977AA9D5CE36CEE184C C:\Users\Admin\AppData\Local\Temp\yadl.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\SystemCertificates\CA\Certificates\D89E3BD43D5D909B47A18977AA9D5CE36CEE184C\Blob = 030000000100000014000000d89e3bd43d5d909b47a18977aa9d5ce36cee184c1400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb040000000100000010000000285ec909c4ab0d2d57f5086b225799aa0f000000010000003000000013baa039635f1c5292a8c2f36aae7e1d25c025202e9092f5b0f53f5f752dfa9c71b3d1b8d9a6358fcee6ec75622fabf9190000000100000010000000ea6089055218053dd01e37e1d806eedf1800000001000000100000002aa1c05e2ae606f198c2c5e937c97aa22000000001000000850500003082058130820469a00302010202103972443af922b751d7d36c10dd313595300d06092a864886f70d01010c0500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3139303331323030303030305a170d3238313233313233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a381f23081ef301f0603551d23041830168014a0110a233e96f107ece2af29ef82a57fd030a4b4301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff30110603551d20040a300830060604551d200030430603551d1f043c303a3038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c303406082b0601050507010104283026302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d300d06092a864886f70d01010c05000382010100188751dc74213d9c8ae027b733d02eccecf0e6cb5e11de226f9b758e9e72fee4d6feaa1f9c962def034a7eaef48d6f723c433bc03febb8df5caaa9c6aef2fcd8eea37b43f686367c14e0cdf4f73ffedeb8b48af09196fefd43647efdccd201a17d7df81919c9422b13bf588bbaa4a266047688914e0c8914cea24dc932b3bae8141abc71f15bf0410b98000a220310e50cb1f9cd923719ed3bf1e43ab6f945132675afbbaaef3f7b773bd2c402913d1900d3175c39db3f7b180d45cd9385962f5ddf59164f3f51bdd545183fed4a8ee80661742316b50d50732744477f105d892a6b853114c4e8a96a4c80bc6a78cfb87f8e7672990c9dfed7910816a1a35f95 C:\Users\Admin\AppData\Local\Temp\yadl.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 C:\Users\Admin\AppData\Local\Temp\yadl.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Users\Admin\AppData\Local\Temp\yadl.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2C55AD0B-2264-4B0C-83AD-FAE0F59DE6EC\lite_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2C55AD0B-2264-4B0C-83AD-FAE0F59DE6EC\lite_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2C55AD0B-2264-4B0C-83AD-FAE0F59DE6EC\lite_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2C55AD0B-2264-4B0C-83AD-FAE0F59DE6EC\lite_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\868C1459-DF56-427D-B48F-17BD49B46861\sender.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\868C1459-DF56-427D-B48F-17BD49B46861\sender.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1648 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\KLSetup.exe C:\Users\Admin\AppData\Local\Temp\yadl.exe
PID 1648 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\KLSetup.exe C:\Users\Admin\AppData\Local\Temp\yadl.exe
PID 1648 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\KLSetup.exe C:\Users\Admin\AppData\Local\Temp\yadl.exe
PID 1648 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\KLSetup.exe C:\Users\Admin\AppData\Local\Temp\yadl.exe
PID 1648 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\KLSetup.exe C:\Users\Admin\AppData\Local\Temp\yadl.exe
PID 1648 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\KLSetup.exe C:\Users\Admin\AppData\Local\Temp\yadl.exe
PID 1648 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\KLSetup.exe C:\Users\Admin\AppData\Local\Temp\yadl.exe
PID 2696 wrote to memory of 804 N/A C:\Users\Admin\AppData\Local\Temp\yadl.exe C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe
PID 2696 wrote to memory of 804 N/A C:\Users\Admin\AppData\Local\Temp\yadl.exe C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe
PID 2696 wrote to memory of 804 N/A C:\Users\Admin\AppData\Local\Temp\yadl.exe C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe
PID 2696 wrote to memory of 804 N/A C:\Users\Admin\AppData\Local\Temp\yadl.exe C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe
PID 2696 wrote to memory of 804 N/A C:\Users\Admin\AppData\Local\Temp\yadl.exe C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe
PID 2696 wrote to memory of 804 N/A C:\Users\Admin\AppData\Local\Temp\yadl.exe C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe
PID 2696 wrote to memory of 804 N/A C:\Users\Admin\AppData\Local\Temp\yadl.exe C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe
PID 2696 wrote to memory of 2300 N/A C:\Users\Admin\AppData\Local\Temp\yadl.exe C:\Users\Admin\AppData\Local\Temp\yadl.exe
PID 2696 wrote to memory of 2300 N/A C:\Users\Admin\AppData\Local\Temp\yadl.exe C:\Users\Admin\AppData\Local\Temp\yadl.exe
PID 2696 wrote to memory of 2300 N/A C:\Users\Admin\AppData\Local\Temp\yadl.exe C:\Users\Admin\AppData\Local\Temp\yadl.exe
PID 2696 wrote to memory of 2300 N/A C:\Users\Admin\AppData\Local\Temp\yadl.exe C:\Users\Admin\AppData\Local\Temp\yadl.exe
PID 2696 wrote to memory of 2300 N/A C:\Users\Admin\AppData\Local\Temp\yadl.exe C:\Users\Admin\AppData\Local\Temp\yadl.exe
PID 2696 wrote to memory of 2300 N/A C:\Users\Admin\AppData\Local\Temp\yadl.exe C:\Users\Admin\AppData\Local\Temp\yadl.exe
PID 2696 wrote to memory of 2300 N/A C:\Users\Admin\AppData\Local\Temp\yadl.exe C:\Users\Admin\AppData\Local\Temp\yadl.exe
PID 324 wrote to memory of 1608 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 324 wrote to memory of 1608 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 324 wrote to memory of 1608 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 324 wrote to memory of 1608 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 324 wrote to memory of 1608 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 324 wrote to memory of 1608 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 324 wrote to memory of 1608 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1608 wrote to memory of 3008 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\2C55AD0B-2264-4B0C-83AD-FAE0F59DE6EC\lite_installer.exe
PID 1608 wrote to memory of 3008 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\2C55AD0B-2264-4B0C-83AD-FAE0F59DE6EC\lite_installer.exe
PID 1608 wrote to memory of 3008 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\2C55AD0B-2264-4B0C-83AD-FAE0F59DE6EC\lite_installer.exe
PID 1608 wrote to memory of 3008 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\2C55AD0B-2264-4B0C-83AD-FAE0F59DE6EC\lite_installer.exe
PID 1608 wrote to memory of 3008 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\2C55AD0B-2264-4B0C-83AD-FAE0F59DE6EC\lite_installer.exe
PID 1608 wrote to memory of 3008 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\2C55AD0B-2264-4B0C-83AD-FAE0F59DE6EC\lite_installer.exe
PID 1608 wrote to memory of 3008 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\2C55AD0B-2264-4B0C-83AD-FAE0F59DE6EC\lite_installer.exe
PID 1608 wrote to memory of 2408 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe
PID 1608 wrote to memory of 2408 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe
PID 1608 wrote to memory of 2408 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe
PID 1608 wrote to memory of 2408 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe
PID 2408 wrote to memory of 8916 N/A C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe
PID 2408 wrote to memory of 8916 N/A C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe
PID 2408 wrote to memory of 8916 N/A C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe
PID 2408 wrote to memory of 8916 N/A C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe
PID 2408 wrote to memory of 9932 N/A C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe C:\Users\Admin\AppData\Local\Temp\868C1459-DF56-427D-B48F-17BD49B46861\sender.exe
PID 2408 wrote to memory of 9932 N/A C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe C:\Users\Admin\AppData\Local\Temp\868C1459-DF56-427D-B48F-17BD49B46861\sender.exe
PID 2408 wrote to memory of 9932 N/A C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe C:\Users\Admin\AppData\Local\Temp\868C1459-DF56-427D-B48F-17BD49B46861\sender.exe
PID 2408 wrote to memory of 9932 N/A C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe C:\Users\Admin\AppData\Local\Temp\868C1459-DF56-427D-B48F-17BD49B46861\sender.exe
PID 9260 wrote to memory of 3608 N/A C:\Users\Admin\AppData\Local\Temp\{200BB1D6-E250-455F-B27E-DA3AFD9E3266}.exe C:\Users\Admin\AppData\Local\Temp\ybD845.tmp
PID 9260 wrote to memory of 3608 N/A C:\Users\Admin\AppData\Local\Temp\{200BB1D6-E250-455F-B27E-DA3AFD9E3266}.exe C:\Users\Admin\AppData\Local\Temp\ybD845.tmp
PID 9260 wrote to memory of 3608 N/A C:\Users\Admin\AppData\Local\Temp\{200BB1D6-E250-455F-B27E-DA3AFD9E3266}.exe C:\Users\Admin\AppData\Local\Temp\ybD845.tmp
PID 9260 wrote to memory of 3608 N/A C:\Users\Admin\AppData\Local\Temp\{200BB1D6-E250-455F-B27E-DA3AFD9E3266}.exe C:\Users\Admin\AppData\Local\Temp\ybD845.tmp
PID 9260 wrote to memory of 3608 N/A C:\Users\Admin\AppData\Local\Temp\{200BB1D6-E250-455F-B27E-DA3AFD9E3266}.exe C:\Users\Admin\AppData\Local\Temp\ybD845.tmp
PID 9260 wrote to memory of 3608 N/A C:\Users\Admin\AppData\Local\Temp\{200BB1D6-E250-455F-B27E-DA3AFD9E3266}.exe C:\Users\Admin\AppData\Local\Temp\ybD845.tmp
PID 9260 wrote to memory of 3608 N/A C:\Users\Admin\AppData\Local\Temp\{200BB1D6-E250-455F-B27E-DA3AFD9E3266}.exe C:\Users\Admin\AppData\Local\Temp\ybD845.tmp
PID 3608 wrote to memory of 3504 N/A C:\Users\Admin\AppData\Local\Temp\ybD845.tmp C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe
PID 3608 wrote to memory of 3504 N/A C:\Users\Admin\AppData\Local\Temp\ybD845.tmp C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe
PID 3608 wrote to memory of 3504 N/A C:\Users\Admin\AppData\Local\Temp\ybD845.tmp C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe
PID 3608 wrote to memory of 3504 N/A C:\Users\Admin\AppData\Local\Temp\ybD845.tmp C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe
PID 3608 wrote to memory of 3504 N/A C:\Users\Admin\AppData\Local\Temp\ybD845.tmp C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe
PID 3608 wrote to memory of 3504 N/A C:\Users\Admin\AppData\Local\Temp\ybD845.tmp C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe
PID 3608 wrote to memory of 3504 N/A C:\Users\Admin\AppData\Local\Temp\ybD845.tmp C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe
PID 3504 wrote to memory of 3156 N/A C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe
PID 3504 wrote to memory of 3156 N/A C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe
PID 3504 wrote to memory of 3156 N/A C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe

Processes

C:\Users\Admin\AppData\Local\Temp\KLSetup.exe

"C:\Users\Admin\AppData\Local\Temp\KLSetup.exe"

C:\Users\Admin\AppData\Local\Temp\yadl.exe

"C:\Users\Admin\AppData\Local\Temp\yadl.exe" --partner 418804 --distr /quiet /msicl "YABROWSER=y YAQSEARCH=y YAHOMEPAGE=y VID=354"

C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe

"C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe" /quiet /msicl "YABROWSER=y YAQSEARCH=y YAHOMEPAGE=y VID=354"

C:\Users\Admin\AppData\Local\Temp\yadl.exe

C:\Users\Admin\AppData\Local\Temp\yadl.exe --stat dwnldr/p=418804/rid=97133c9a-cd57-4de0-88a7-22d6f2f9ae78/sbr=0-0/hrc=200-200/bd=267-10639168/gtpr=1-1-1-255-1/cdr=0-b7-b7-ff-b7/for=3-0/fole=255-0/fwle=255-0/vr=ff-800b0109/vle=ff-800b0109/hovr=ff-0/hovle=ff-0/shle=ff-0/vmajor=6/vminor=1/vbuild=7601/distr_type=landing/cnt=0/dt=2/ct=1/rt=0 --dh 1536 --st 1717227014

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding D03CA157DEF886B2D9275E2933DC294E

C:\Users\Admin\AppData\Local\Temp\2C55AD0B-2264-4B0C-83AD-FAE0F59DE6EC\lite_installer.exe

"C:\Users\Admin\AppData\Local\Temp\2C55AD0B-2264-4B0C-83AD-FAE0F59DE6EC\lite_installer.exe" --use-user-default-locale --silent --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/5/ --YABROWSER

C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe

"C:\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe" "--yqs=y" "--yhp=y" "--ilight=" "--oem=" "--nopin=n" "--pin_custom=n" "--pin_desktop=n" "--pin_taskbar=y" "--locale=us" "--browser=y" "--browser_default=" "--loglevel=trace" "--ess=" "--clids=C:\Users\Admin\AppData\Local\Temp\clids-yasearch.xml" "--sender=C:\Users\Admin\AppData\Local\Temp\868C1459-DF56-427D-B48F-17BD49B46861\sender.exe" "--is_elevated=yes" "--ui_level=2" "--good_token=x" "--no_opera=n"

C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe

C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe --silent --pin-taskbar=y --pin-desktop=n

C:\Users\Admin\AppData\Local\Temp\{200BB1D6-E250-455F-B27E-DA3AFD9E3266}.exe

"C:\Users\Admin\AppData\Local\Temp\{200BB1D6-E250-455F-B27E-DA3AFD9E3266}.exe" --job-name=yBrowserDownloader-{4F1D423F-3374-4FBC-82EA-76CDB78C15F9} --send-statistics --local-path=C:\Users\Admin\AppData\Local\Temp\{200BB1D6-E250-455F-B27E-DA3AFD9E3266}.exe --YABROWSER --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/5/ --silent --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe?clid=6035461-354&ui=dde88056-BBB2-4E5F-BCFD-27503CC16699 --use-user-default-locale

C:\Users\Admin\AppData\Local\Temp\868C1459-DF56-427D-B48F-17BD49B46861\sender.exe

C:\Users\Admin\AppData\Local\Temp\868C1459-DF56-427D-B48F-17BD49B46861\sender.exe --send "/status.xml?clid=6035492-354&uuid=dde88056-BBB2-4E5F-BCFD-27503CC16699&vnt=Windows 7x64&file-no=6%0A10%0A11%0A12%0A13%0A15%0A17%0A18%0A21%0A22%0A24%0A25%0A40%0A42%0A43%0A45%0A57%0A61%0A89%0A103%0A111%0A123%0A124%0A125%0A129%0A"

C:\Users\Admin\AppData\Local\Temp\ybD845.tmp

"C:\Users\Admin\AppData\Local\Temp\ybD845.tmp" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\d80641ac-7a88-4501-9aae-c4a3efba111b.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/5/ --install-start-time-no-uac=246843200 --installer-brand-id=yandex --installer-partner-id=pseudoportal-ru --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --job-name=yBrowserDownloader-{4F1D423F-3374-4FBC-82EA-76CDB78C15F9} --local-path="C:\Users\Admin\AppData\Local\Temp\{200BB1D6-E250-455F-B27E-DA3AFD9E3266}.exe" --partner-package="C:\Users\Admin\AppData\Local\Temp\PartnerFile" --progress-window=0 --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe?clid=6035461-354&ui=dde88056-BBB2-4E5F-BCFD-27503CC16699 --send-statistics --silent --source=lite --use-user-default-locale --variations-update-path="C:\Users\Admin\AppData\Local\Temp\e2f022a5-b744-41cc-a259-5ae8ac52469f.tmp" --verbose-logging --yabrowser --yandex-website-icon-file="C:\Users\Admin\AppData\Local\Temp\website.ico"

C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe

"C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\BROWSER.PACKED.7Z" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\d80641ac-7a88-4501-9aae-c4a3efba111b.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/5/ --install-start-time-no-uac=246843200 --installer-brand-id=yandex --installer-partner-id=pseudoportal-ru --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --job-name=yBrowserDownloader-{4F1D423F-3374-4FBC-82EA-76CDB78C15F9} --local-path="C:\Users\Admin\AppData\Local\Temp\{200BB1D6-E250-455F-B27E-DA3AFD9E3266}.exe" --partner-package="C:\Users\Admin\AppData\Local\Temp\PartnerFile" --progress-window=0 --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe?clid=6035461-354&ui=dde88056-BBB2-4E5F-BCFD-27503CC16699 --send-statistics --silent --source=lite --use-user-default-locale --variations-update-path="C:\Users\Admin\AppData\Local\Temp\e2f022a5-b744-41cc-a259-5ae8ac52469f.tmp" --verbose-logging --yabrowser --yandex-website-icon-file="C:\Users\Admin\AppData\Local\Temp\website.ico"

C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe

"C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\BROWSER.PACKED.7Z" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\d80641ac-7a88-4501-9aae-c4a3efba111b.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/5/ --install-start-time-no-uac=246843200 --installer-brand-id=yandex --installer-partner-id=pseudoportal-ru --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --job-name=yBrowserDownloader-{4F1D423F-3374-4FBC-82EA-76CDB78C15F9} --local-path="C:\Users\Admin\AppData\Local\Temp\{200BB1D6-E250-455F-B27E-DA3AFD9E3266}.exe" --partner-package="C:\Users\Admin\AppData\Local\Temp\PartnerFile" --progress-window=0 --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe?clid=6035461-354&ui=dde88056-BBB2-4E5F-BCFD-27503CC16699 --send-statistics --silent --source=lite --use-user-default-locale --variations-update-path="C:\Users\Admin\AppData\Local\Temp\e2f022a5-b744-41cc-a259-5ae8ac52469f.tmp" --verbose-logging --yabrowser --yandex-website-icon-file="C:\Users\Admin\AppData\Local\Temp\website.ico" --verbose-logging --run-as-admin --target-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application" --child-setup-process --restart-as-admin-time=277559600

C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe

C:\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=2dd7b5e4628752fb0b47757ed5724904 --annotation=main_process_pid=3156 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.4.4.1169 --initial-client-data=0x1b0,0x1b4,0x1b8,0x184,0x1bc,0x4fac7c,0x4fac88,0x4fac94

C:\Windows\TEMP\sdwra_3156_2016994165\service_update.exe

"C:\Windows\TEMP\sdwra_3156_2016994165\service_update.exe" --setup

C:\Program Files (x86)\Yandex\YandexBrowser\24.4.4.1169\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\24.4.4.1169\service_update.exe" --install

C:\Program Files (x86)\Yandex\YandexBrowser\24.4.4.1169\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\24.4.4.1169\service_update.exe" --run-as-service

C:\Program Files (x86)\Yandex\YandexBrowser\24.4.4.1169\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\24.4.4.1169\service_update.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=2dd7b5e4628752fb0b47757ed5724904 --annotation=main_process_pid=6124 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.4.4.1169 --initial-client-data=0x13c,0x140,0x144,0x110,0x148,0xac2568,0xac2574,0xac2580

C:\Program Files (x86)\Yandex\YandexBrowser\24.4.4.1169\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\24.4.4.1169\service_update.exe" --update-scheduler

C:\Program Files (x86)\Yandex\YandexBrowser\24.4.4.1169\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\24.4.4.1169\service_update.exe" --update-background-scheduler

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Temp\clids.xml"

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\source3156_1020698385\Browser-bin\clids_yandex_second.xml"

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --progress-window=0 --install-start-time-no-uac=246843200

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id= --annotation=main_process_pid=7016 --annotation=metrics_client_id=fa191be548e1401389cbf88c69c51acd --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.4.4.1169 --initial-client-data=0xf4,0xf8,0xfc,0xc8,0x100,0x72f4886c,0x72f48878,0x72f48884

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=dde88056-BBB2-4E5F-BCFD-27503CC16699 --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --gpu-process-kind=sandboxed --mojo-platform-channel-handle=1832 --field-trial-handle=1836,i,8963088142570072020,7398346639094138508,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version /prefetch:2

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=dde88056-BBB2-4E5F-BCFD-27503CC16699 --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=disabled --gpu-process-kind=trampoline --mojo-platform-channel-handle=2292 --field-trial-handle=1836,i,8963088142570072020,7398346639094138508,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version /prefetch:2

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=dde88056-BBB2-4E5F-BCFD-27503CC16699 --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Network Service" --mojo-platform-channel-handle=2536 --field-trial-handle=1836,i,8963088142570072020,7398346639094138508,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.4.4.1169 /prefetch:3

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=ru --service-sandbox-type=service --user-id=dde88056-BBB2-4E5F-BCFD-27503CC16699 --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Storage Service" --mojo-platform-channel-handle=2564 --field-trial-handle=1836,i,8963088142570072020,7398346639094138508,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.4.4.1169 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=ru --service-sandbox-type=audio --user-id=dde88056-BBB2-4E5F-BCFD-27503CC16699 --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Audio Service" --mojo-platform-channel-handle=2664 --field-trial-handle=1836,i,8963088142570072020,7398346639094138508,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.4.4.1169 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=dde88056-BBB2-4E5F-BCFD-27503CC16699 --brand-id=yandex --partner-id=pseudoportal-ru --extension-process --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --no-appcompat-clear --enable-ignition --allow-prefetch --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2812 --field-trial-handle=1836,i,8963088142570072020,7398346639094138508,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version /prefetch:2

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=dde88056-BBB2-4E5F-BCFD-27503CC16699 --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --mojo-platform-channel-handle=3208 --field-trial-handle=1836,i,8963088142570072020,7398346639094138508,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.4.4.1169 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=dde88056-BBB2-4E5F-BCFD-27503CC16699 --brand-id=yandex --partner-id=pseudoportal-ru --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --no-appcompat-clear --enable-ignition --allow-prefetch --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3256 --field-trial-handle=1836,i,8963088142570072020,7398346639094138508,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version /prefetch:1

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=ru --service-sandbox-type=none --user-id=dde88056-BBB2-4E5F-BCFD-27503CC16699 --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Импорт профилей" --mojo-platform-channel-handle=3784 --field-trial-handle=1836,i,8963088142570072020,7398346639094138508,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.4.4.1169 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=dde88056-BBB2-4E5F-BCFD-27503CC16699 --brand-id=yandex --partner-id=pseudoportal-ru --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --no-appcompat-clear --enable-ignition --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3800 --field-trial-handle=1836,i,8963088142570072020,7398346639094138508,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version /prefetch:1

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=dde88056-BBB2-4E5F-BCFD-27503CC16699 --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --mojo-platform-channel-handle=3944 --field-trial-handle=1836,i,8963088142570072020,7398346639094138508,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.4.4.1169 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=dde88056-BBB2-4E5F-BCFD-27503CC16699 --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --gpu-process-kind=sandboxed --mojo-platform-channel-handle=3560 --field-trial-handle=1836,i,8963088142570072020,7398346639094138508,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version /prefetch:2

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=dde88056-BBB2-4E5F-BCFD-27503CC16699 --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --mojo-platform-channel-handle=1960 --field-trial-handle=1836,i,8963088142570072020,7398346639094138508,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.4.4.1169 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=dde88056-BBB2-4E5F-BCFD-27503CC16699 --brand-id=yandex --partner-id=pseudoportal-ru --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --ya-custo-process --enable-instaserp --no-appcompat-clear --enable-ignition --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4140 --field-trial-handle=1836,i,8963088142570072020,7398346639094138508,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version /prefetch:1

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=dde88056-BBB2-4E5F-BCFD-27503CC16699 --brand-id=yandex --partner-id=pseudoportal-ru --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --ya-custo-process --enable-instaserp --no-appcompat-clear --enable-ignition --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4528 --field-trial-handle=1836,i,8963088142570072020,7398346639094138508,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version /prefetch:1

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=dde88056-BBB2-4E5F-BCFD-27503CC16699 --brand-id=yandex --partner-id=pseudoportal-ru --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --no-appcompat-clear --enable-ignition --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5136 --field-trial-handle=1836,i,8963088142570072020,7398346639094138508,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version /prefetch:1

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=deep_links_provider.mojom.DeepLinksProvider --lang=ru --service-sandbox-type=none --user-id=dde88056-BBB2-4E5F-BCFD-27503CC16699 --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="DeepLinks service" --mojo-platform-channel-handle=5360 --field-trial-handle=1836,i,8963088142570072020,7398346639094138508,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.4.4.1169 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=service --user-id=dde88056-BBB2-4E5F-BCFD-27503CC16699 --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Распаковщик файлов" --mojo-platform-channel-handle=5416 --field-trial-handle=1836,i,8963088142570072020,7398346639094138508,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.4.4.1169 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=dde88056-BBB2-4E5F-BCFD-27503CC16699 --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --mojo-platform-channel-handle=5480 --field-trial-handle=1836,i,8963088142570072020,7398346639094138508,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.4.4.1169 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=dde88056-BBB2-4E5F-BCFD-27503CC16699 --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --mojo-platform-channel-handle=5456 --field-trial-handle=1836,i,8963088142570072020,7398346639094138508,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.4.4.1169 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=dde88056-BBB2-4E5F-BCFD-27503CC16699 --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --mojo-platform-channel-handle=5572 --field-trial-handle=1836,i,8963088142570072020,7398346639094138508,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.4.4.1169 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=dde88056-BBB2-4E5F-BCFD-27503CC16699 --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --mojo-platform-channel-handle=5596 --field-trial-handle=1836,i,8963088142570072020,7398346639094138508,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.4.4.1169 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=dde88056-BBB2-4E5F-BCFD-27503CC16699 --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --mojo-platform-channel-handle=5476 --field-trial-handle=1836,i,8963088142570072020,7398346639094138508,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.4.4.1169 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=dde88056-BBB2-4E5F-BCFD-27503CC16699 --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --mojo-platform-channel-handle=5404 --field-trial-handle=1836,i,8963088142570072020,7398346639094138508,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.4.4.1169 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=dde88056-BBB2-4E5F-BCFD-27503CC16699 --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --mojo-platform-channel-handle=5860 --field-trial-handle=1836,i,8963088142570072020,7398346639094138508,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.4.4.1169 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=dde88056-BBB2-4E5F-BCFD-27503CC16699 --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --mojo-platform-channel-handle=5984 --field-trial-handle=1836,i,8963088142570072020,7398346639094138508,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.4.4.1169 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=dde88056-BBB2-4E5F-BCFD-27503CC16699 --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --mojo-platform-channel-handle=6108 --field-trial-handle=1836,i,8963088142570072020,7398346639094138508,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.4.4.1169 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=dde88056-BBB2-4E5F-BCFD-27503CC16699 --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --mojo-platform-channel-handle=6232 --field-trial-handle=1836,i,8963088142570072020,7398346639094138508,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.4.4.1169 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=dde88056-BBB2-4E5F-BCFD-27503CC16699 --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --mojo-platform-channel-handle=6364 --field-trial-handle=1836,i,8963088142570072020,7398346639094138508,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.4.4.1169 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=dde88056-BBB2-4E5F-BCFD-27503CC16699 --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --mojo-platform-channel-handle=6484 --field-trial-handle=1836,i,8963088142570072020,7398346639094138508,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.4.4.1169 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=service --user-id=dde88056-BBB2-4E5F-BCFD-27503CC16699 --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Распаковщик файлов" --mojo-platform-channel-handle=5352 --field-trial-handle=1836,i,8963088142570072020,7398346639094138508,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.4.4.1169 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --broupdater --broupdater-origin=auto --bits_job_guid={446EF5C2-EBAA-41AD-88E2-9AAE729651AC}

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" --url=https://crash-reports.browser.yandex.net/submit --annotation=install_date=1717227067 --annotation=last_update_date=1717227067 --annotation=launches_after_update=1 --annotation=machine_id=2dd7b5e4628752fb0b47757ed5724904 --annotation=main_process_pid=3588 --annotation=metrics_client_id=fa191be548e1401389cbf88c69c51acd --annotation=micromode=broupdater --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.4.4.1169 --initial-client-data=0xf8,0xfc,0x100,0xcc,0x104,0x72f4886c,0x72f48878,0x72f48884

C:\Users\Admin\AppData\Roaming\.minecraft\KLauncher.exe

"C:\Users\Admin\AppData\Roaming\.minecraft\KLauncher.exe"

C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe

"C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe" -version

C:\Windows\system32\icacls.exe

C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M

C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe

"C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe" -XX:+UseG1GC -Dfile.encoding=UTF-8 -jar "C:\Users\Admin\AppData\Roaming\.minecraft\KLauncher.exe"

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=dde88056-BBB2-4E5F-BCFD-27503CC16699 --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --gpu-process-kind=sandboxed --mojo-platform-channel-handle=1772 --field-trial-handle=1776,i,14135693501805347770,12932503944821524031,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version /prefetch:2

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=dde88056-BBB2-4E5F-BCFD-27503CC16699 --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Network Service" --mojo-platform-channel-handle=1964 --field-trial-handle=1776,i,14135693501805347770,12932503944821524031,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.4.4.1169 /prefetch:3

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --broupdater-stat-bits --broupdater-stat-name=install --bits_job_guid={F40123CC-9486-40A3-A06F-3BAB96ECF5A2}

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" --url=https://crash-reports.browser.yandex.net/submit --annotation=install_date=1717227067 --annotation=last_update_date=1717227067 --annotation=launches_after_update=2 --annotation=machine_id=2dd7b5e4628752fb0b47757ed5724904 --annotation=main_process_pid=5164 --annotation=metrics_client_id=fa191be548e1401389cbf88c69c51acd --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.4.4.1169 --initial-client-data=0xf8,0xfc,0x100,0xcc,0x104,0x72f4886c,0x72f48878,0x72f48884

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=dde88056-BBB2-4E5F-BCFD-27503CC16699 --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --gpu-process-kind=sandboxed --mojo-platform-channel-handle=1720 --field-trial-handle=1724,i,7162581521781122373,16255202531709998224,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version /prefetch:2

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=dde88056-BBB2-4E5F-BCFD-27503CC16699 --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Network Service" --mojo-platform-channel-handle=1976 --field-trial-handle=1724,i,7162581521781122373,16255202531709998224,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.4.4.1169 /prefetch:3

C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\java.exe

java.exe -version

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=deep_links_provider.mojom.DeepLinksProvider --lang=ru --service-sandbox-type=none --user-id=dde88056-BBB2-4E5F-BCFD-27503CC16699 --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="DeepLinks service" --mojo-platform-channel-handle=2876 --field-trial-handle=1836,i,8963088142570072020,7398346639094138508,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.4.4.1169 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=ru --service-sandbox-type=none --user-id=dde88056-BBB2-4E5F-BCFD-27503CC16699 --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Утилиты Windows" --mojo-platform-channel-handle=5332 --field-trial-handle=1836,i,8963088142570072020,7398346639094138508,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.4.4.1169 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=ru --service-sandbox-type=none --user-id=dde88056-BBB2-4E5F-BCFD-27503CC16699 --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Утилиты Windows" --mojo-platform-channel-handle=5388 --field-trial-handle=1836,i,8963088142570072020,7398346639094138508,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.4.4.1169 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --broupdater-stat-bits --broupdater-stat-name=dayuse --bits_job_guid={44494FBA-68A7-4391-A46B-508045C6F09B}

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" --url=https://crash-reports.browser.yandex.net/submit --annotation=install_date=1717227067 --annotation=last_update_date=1717227067 --annotation=launches_after_update=2 --annotation=machine_id=2dd7b5e4628752fb0b47757ed5724904 --annotation=main_process_pid=924 --annotation=metrics_client_id=fa191be548e1401389cbf88c69c51acd --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.4.4.1169 --initial-client-data=0xf8,0xfc,0x100,0xcc,0x104,0x72f4886c,0x72f48878,0x72f48884

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=dde88056-BBB2-4E5F-BCFD-27503CC16699 --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --gpu-process-kind=sandboxed --mojo-platform-channel-handle=1648 --field-trial-handle=1652,i,9731873329995197518,4643656943035995624,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version /prefetch:2

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=dde88056-BBB2-4E5F-BCFD-27503CC16699 --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Network Service" --mojo-platform-channel-handle=1888 --field-trial-handle=1652,i,9731873329995197518,4643656943035995624,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.4.4.1169 /prefetch:3

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.klaun.ch udp
US 104.26.10.58:80 api.klaun.ch tcp
US 8.8.8.8:53 download.yandex.ru udp
RU 5.45.205.241:80 download.yandex.ru tcp
US 8.8.8.8:53 cachev2-kiv03.cdn.yandex.net udp
RU 5.45.192.185:80 cachev2-kiv03.cdn.yandex.net tcp
RU 5.45.205.241:80 download.yandex.ru tcp
US 8.8.8.8:53 cachev2-ams01.cdn.yandex.net udp
NL 5.45.247.51:80 cachev2-ams01.cdn.yandex.net tcp
US 8.8.8.8:53 downloader.yandex.net udp
RU 5.45.205.243:80 downloader.yandex.net tcp
US 8.8.8.8:53 clck.yandex.ru udp
RU 87.250.250.14:80 clck.yandex.ru tcp
RU 5.45.205.243:80 downloader.yandex.net tcp
RU 5.45.192.185:80 cachev2-kiv03.cdn.yandex.net tcp
US 8.8.8.8:53 repos.klaun.ch udp
US 104.26.11.58:80 repos.klaun.ch tcp
RU 87.250.250.14:80 clck.yandex.ru tcp
RU 87.250.250.14:80 clck.yandex.ru tcp
US 8.8.8.8:53 api.browser.yandex.net udp
US 8.8.8.8:53 download.cdn.yandex.net udp
US 8.8.8.8:53 api.browser.yandex.ru udp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 5.45.205.244:443 download.cdn.yandex.net tcp
RU 77.88.21.14:80 clck.yandex.ru tcp
US 8.8.8.8:53 soft.export.yandex.ru udp
RU 87.250.254.20:80 soft.export.yandex.ru tcp
US 8.8.8.8:53 cachev2-ams02.cdn.yandex.net udp
NL 5.45.247.52:443 cachev2-ams02.cdn.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 5.45.205.244:443 download.cdn.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
US 8.8.8.8:53 www.microsoft.com udp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
US 8.8.8.8:53 storage.ape.yandex.net udp
RU 87.250.251.66:443 storage.ape.yandex.net tcp
US 8.8.8.8:53 api.browser.yandex.ru udp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
US 8.8.8.8:53 update.googleapis.com udp
US 8.8.8.8:53 update.googleapis.com udp
GB 142.250.187.195:443 update.googleapis.com tcp
US 8.8.8.8:53 sovetnik.market.yandex.ru udp
US 8.8.8.8:53 sovetnik.market.yandex.ru udp
US 8.8.8.8:53 browser.yandex.ru udp
US 8.8.8.8:53 browser.yandex.ru udp
RU 87.250.250.41:443 sovetnik.market.yandex.ru tcp
RU 93.158.134.121:443 browser.yandex.ru tcp
US 8.8.8.8:53 dl.klaun.ch udp
US 104.26.11.58:80 dl.klaun.ch tcp
US 8.8.8.8:53 sba.yandex.net udp
US 8.8.8.8:53 sba.yandex.net udp
RU 213.180.204.232:443 sba.yandex.net tcp
US 8.8.8.8:53 api.browser.yandex.net udp
US 8.8.8.8:53 api.browser.yandex.net udp
RU 213.180.193.234:443 api.browser.yandex.net tcp
US 8.8.8.8:53 storage.ape.yandex.net udp
US 8.8.8.8:53 storage.ape.yandex.net udp
RU 87.250.251.66:443 storage.ape.yandex.net tcp
US 8.8.8.8:53 api.browser.yandex.ru udp
US 8.8.8.8:53 api.browser.yandex.ru udp
RU 213.180.204.232:443 sba.yandex.net tcp
US 8.8.8.8:53 browser-resources.s3.yandex.net udp
US 8.8.8.8:53 browser-resources.s3.yandex.net udp
RU 93.158.134.158:443 browser-resources.s3.yandex.net tcp
US 8.8.8.8:53 cdnrepfu6rku5qba3zpu.svc.cdn.yandex.net udp
US 8.8.8.8:53 cdnrepfu6rku5qba3zpu.svc.cdn.yandex.net udp
RU 37.9.64.225:443 cdnrepfu6rku5qba3zpu.svc.cdn.yandex.net tcp
US 8.8.8.8:53 browser-resources.s3.yandex.net udp
US 8.8.8.8:53 browser-resources.s3.yandex.net udp
US 8.8.8.8:53 yastatic.net udp
US 8.8.8.8:53 yastatic.net udp
RU 93.158.134.121:443 browser.yandex.ru tcp
RU 93.158.134.158:443 browser-resources.s3.yandex.net tcp
RU 93.158.134.158:443 browser-resources.s3.yandex.net tcp
RU 93.158.134.158:443 browser-resources.s3.yandex.net tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
US 8.8.8.8:53 uid.yandex.ru udp
US 8.8.8.8:53 uid.yandex.ru udp
US 8.8.8.8:53 api.browser.yandex.ru udp
US 8.8.8.8:53 api.browser.yandex.ru udp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 87.250.254.216:443 uid.yandex.ru tcp
US 8.8.8.8:53 sso.passport.yandex.ru udp
US 8.8.8.8:53 sso.passport.yandex.ru udp
RU 93.158.134.144:443 sso.passport.yandex.ru tcp
RU 93.158.134.144:443 sso.passport.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
US 8.8.8.8:53 webntp.yandex.ru udp
US 8.8.8.8:53 webntp.yandex.ru udp
US 8.8.8.8:53 yandex.ru udp
US 8.8.8.8:53 yandex.ru udp
RU 77.88.44.55:443 yandex.ru tcp
US 8.8.8.8:53 mc.yandex.ru udp
US 8.8.8.8:53 mc.yandex.ru udp
RU 93.158.134.144:443 sso.passport.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 77.88.44.55:443 yandex.ru tcp
RU 77.88.21.119:443 mc.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
US 8.8.8.8:53 sso.ya.ru udp
US 8.8.8.8:53 sso.ya.ru udp
RU 93.158.134.144:443 sso.ya.ru tcp
US 8.8.8.8:53 sso.dzen.ru udp
US 8.8.8.8:53 sso.dzen.ru udp
RU 62.217.160.14:443 sso.dzen.ru tcp
US 8.8.8.8:53 yastatic.net udp
US 8.8.8.8:53 yastatic.net udp
RU 93.158.134.144:443 sso.ya.ru tcp
US 8.8.8.8:53 webntp.yandex.ru udp
US 8.8.8.8:53 webntp.yandex.ru udp
US 8.8.8.8:53 mc.yandex.com udp
US 8.8.8.8:53 mc.yandex.com udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 yastatic.net udp
US 8.8.8.8:53 yastatic.net udp
RU 178.154.131.217:443 yastatic.net tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 webntp.yandex.ru udp
US 8.8.8.8:443 dns.google udp
RU 213.180.204.196:443 webntp.yandex.ru tcp
RU 213.180.204.158:443 tcp
RU 213.180.204.158:443 tcp
RU 213.180.204.158:443 tcp
RU 213.180.204.158:443 tcp
RU 213.180.204.158:443 tcp
RU 213.180.204.158:443 tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
US 8.8.4.4:443 dns.google udp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 77.88.55.242:443 tcp
RU 213.180.204.158:443 tcp
RU 77.88.21.37:443 tcp
RU 5.255.255.77:443 yandex.ru tcp
RU 87.250.254.20:443 soft.export.yandex.ru tcp
RU 5.255.255.77:443 yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 178.154.131.217:443 yastatic.net tcp
US 8.8.8.8:53 api.klaun.ch udp
US 104.26.10.58:80 api.klaun.ch tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
US 104.26.10.58:80 api.klaun.ch tcp
US 104.26.10.58:80 api.klaun.ch tcp
US 104.26.10.58:80 api.klaun.ch tcp
US 8.8.8.8:53 repos.klaun.ch udp
US 104.26.11.58:443 repos.klaun.ch tcp
US 104.26.11.58:443 repos.klaun.ch tcp
US 104.26.11.58:443 repos.klaun.ch tcp
US 104.26.11.58:443 repos.klaun.ch tcp
US 104.26.11.58:443 repos.klaun.ch tcp
US 104.26.11.58:443 repos.klaun.ch tcp
US 104.26.11.58:443 repos.klaun.ch tcp
US 104.26.11.58:443 repos.klaun.ch tcp
US 104.26.11.58:443 repos.klaun.ch tcp
US 104.26.11.58:443 repos.klaun.ch tcp
US 104.26.11.58:443 repos.klaun.ch tcp
US 104.26.11.58:443 repos.klaun.ch tcp
US 104.26.11.58:443 repos.klaun.ch tcp
US 104.26.11.58:443 repos.klaun.ch tcp
US 104.26.11.58:443 repos.klaun.ch tcp
US 104.26.11.58:443 repos.klaun.ch tcp
US 104.26.11.58:443 repos.klaun.ch tcp
US 104.26.11.58:443 repos.klaun.ch tcp
US 104.26.11.58:443 repos.klaun.ch tcp
US 104.26.11.58:443 repos.klaun.ch tcp
RU 178.154.131.217:443 yastatic.net tcp
US 104.26.10.58:80 repos.klaun.ch tcp
US 104.26.11.58:80 repos.klaun.ch tcp
RU 5.255.255.77:443 yandex.ru tcp
US 104.26.10.58:80 repos.klaun.ch tcp
US 8.8.8.8:53 cf.klaun.ch udp
US 172.67.69.202:443 cf.klaun.ch tcp
US 172.67.69.202:443 cf.klaun.ch tcp
US 172.67.69.202:443 cf.klaun.ch tcp
US 172.67.69.202:443 cf.klaun.ch tcp
US 172.67.69.202:443 cf.klaun.ch tcp
US 172.67.69.202:443 cf.klaun.ch tcp
US 172.67.69.202:443 cf.klaun.ch tcp
US 172.67.69.202:443 cf.klaun.ch tcp
US 172.67.69.202:443 cf.klaun.ch tcp
US 172.67.69.202:443 cf.klaun.ch tcp
US 172.67.69.202:443 cf.klaun.ch tcp
US 172.67.69.202:443 cf.klaun.ch tcp
US 172.67.69.202:443 cf.klaun.ch tcp
US 172.67.69.202:443 cf.klaun.ch tcp
US 172.67.69.202:443 cf.klaun.ch tcp
US 172.67.69.202:443 cf.klaun.ch tcp
US 172.67.69.202:443 cf.klaun.ch tcp
US 172.67.69.202:443 cf.klaun.ch tcp
US 172.67.69.202:443 cf.klaun.ch tcp
US 172.67.69.202:443 cf.klaun.ch tcp
US 172.67.69.202:443 cf.klaun.ch tcp
US 172.67.69.202:443 cf.klaun.ch tcp
US 172.67.69.202:443 cf.klaun.ch tcp
US 172.67.69.202:443 cf.klaun.ch tcp
US 172.67.69.202:443 cf.klaun.ch tcp
US 172.67.69.202:443 cf.klaun.ch tcp
US 172.67.69.202:443 cf.klaun.ch tcp
US 172.67.69.202:443 cf.klaun.ch tcp
US 172.67.69.202:443 cf.klaun.ch tcp
US 172.67.69.202:443 cf.klaun.ch tcp
US 172.67.69.202:443 cf.klaun.ch tcp
US 172.67.69.202:443 cf.klaun.ch tcp
US 172.67.69.202:443 cf.klaun.ch tcp
US 172.67.69.202:443 cf.klaun.ch tcp
US 172.67.69.202:443 cf.klaun.ch tcp
US 172.67.69.202:443 cf.klaun.ch tcp
US 172.67.69.202:443 cf.klaun.ch tcp
US 172.67.69.202:443 cf.klaun.ch tcp
US 172.67.69.202:443 cf.klaun.ch tcp
US 172.67.69.202:443 cf.klaun.ch tcp
US 172.67.69.202:443 cf.klaun.ch tcp
US 172.67.69.202:443 cf.klaun.ch tcp
US 172.67.69.202:443 cf.klaun.ch tcp
US 172.67.69.202:443 cf.klaun.ch tcp
US 104.26.10.58:80 cf.klaun.ch tcp
US 8.8.8.8:53 fabric.klaun.ch udp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
RU 93.158.134.121:443 browser.yandex.ru tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
RU 178.154.131.217:443 yastatic.net tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
RU 178.154.131.217:443 yastatic.net tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.10.58:80 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 8.8.8.8:53 quilt.klaun.ch udp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
RU 178.154.131.217:443 yastatic.net tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.10.58:80 quilt.klaun.ch tcp
US 104.26.10.58:80 quilt.klaun.ch tcp
US 8.8.8.8:53 api.mojang.com udp
US 13.107.246.64:443 api.mojang.com tcp
US 13.107.246.64:443 api.mojang.com tcp
US 13.107.246.64:443 api.mojang.com tcp
US 13.107.246.64:443 api.mojang.com tcp
US 8.8.8.8:53 sessionserver.mojang.com udp
US 13.107.246.64:443 sessionserver.mojang.com tcp

Files

memory/1648-0-0x0000000000100000-0x0000000000101000-memory.dmp

memory/1648-1-0x0000000000BB0000-0x00000000013F5000-memory.dmp

memory/1648-2-0x0000000000BB0000-0x00000000013F5000-memory.dmp

memory/1648-3-0x0000000000100000-0x0000000000101000-memory.dmp

memory/1648-4-0x0000000000BB0000-0x00000000013F5000-memory.dmp

\Users\Admin\AppData\Local\Temp\yadl.exe

MD5 aadf4352d33ff9095ca64c25389eb82b
SHA1 0b1f088ce1c6b341d85cd0bea4c26036da89b26d
SHA256 3ada90b21b96154a200878c39da717c397743b07b74e9ae84b591eaf87a29b69
SHA512 16ec302bbca191df3e9cf49db109757cd621253b9b1a18a0d9e91566d34c4daf28d3ab99bf925fb56821321a8d3bf49e353bcad04480fce131931a4135fb1d1d

C:\Users\Admin\AppData\Local\Temp\CabB07D.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\TarB08F.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarB1CD.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe

MD5 3fb846d3691f3d98a34e669e1b9b5bf6
SHA1 4c90c2912aae3b8da4c44a4faa0b8df20525285f
SHA256 ead7a779cabae642d09be07283cc99e53c84ecf90349444e0d0ac4bf9901fe47
SHA512 e904ecfa7b1c9ba066272bf91b8341bf3877310613370defabee7db58ea825c52582353e97f9398d706d3f3890b3701a1c05fe202e8a87499fb9600f87176b3e

memory/1648-217-0x0000000000BB0000-0x00000000013F5000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\YandexSearch00000.log

MD5 8ff2bdf0bfaa8a260465b359cc79240e
SHA1 039e1173318bb0ce37d361d7262bd8526a7dcaf7
SHA256 fb548bd246e6a5c97ce1d9ba99ab561809198cc21cdfcecf23b5e945cc3a0689
SHA512 dc9669a0c147667e3a25eb2fdf0f630808307f97443156c638894861496e5e47112596c12c02f48f07884489ccbc6a989a72124493e4f48278a9d5d74574f3b9

C:\Users\Admin\AppData\Local\Temp\{5B964E0E-B9A3-4276-9ED9-4D5A5720747A}\YandexSearch.msi

MD5 561f202d40eb1a21aa947b2b833f6928
SHA1 b48e2f49a416847aa9420ed4b360841e8c28f67b
SHA256 b2fda5fb2d8e65fc0448d308647d8afd1e4ecd7bff0103ec3700e0798a7db0a3
SHA512 66d172f336ef0b4790e2141711f205682a0ba6ced8d03f26e33b54f6ea1e29be10d387e843df26d1110559888b09a3cdf9198ea40f17ca9d2ac1872c1da82063

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 63f768703be5e3c988ffa3ff7add9fe4
SHA1 df00f0918c88e4bb482583fa169e16127b5693e7
SHA256 8710e70ae5b4a77a2f1072bf1217935d23a5087ff9ca4b6c54276ef3c765b96e
SHA512 8a7a98674fe12deb0e89229135d095b87ecc01acf586459cdcebf68aa4e403f9d112a7bccc7ea7ce30c22d4f9c1d56f2d88c5b81e19180d3afe8ed486b0a2b23

C:\Windows\Installer\MSIBD91.tmp

MD5 0c80a997d37d930e7317d6dac8bb7ae1
SHA1 018f13dfa43e103801a69a20b1fab0d609ace8a5
SHA256 a5dd2f97c6787c335b7807ff9b6966877e9dd811f9e26326837a7d2bd224de86
SHA512 fe1caef6d727344c60df52380a6e4ab90ae1a8eb5f96d6054eced1b7734357ce080d944fa518cf1366e14c4c0bd9a41db679738a860800430034a75bb90e51a5

C:\Windows\Installer\MSIBDFF.tmp

MD5 e6fd0e66cf3bfd3cc04a05647c3c7c54
SHA1 6a1b7f1a45fb578de6492af7e2fede15c866739f
SHA256 669cc0aae068ced3154acaecb0c692c4c5e61bc2ca95b40395a3399e75fcb9b2
SHA512 fc8613f31acaf6155852d3ad6130fc3b76674b463dcdcfcd08a3b367dfd9e5b991e3f0a26994bcaf42f9e863a46a81e2520e77b1d99f703bcb08800bdca4efcb

C:\Users\Admin\AppData\Local\Temp\vendor00000.xml

MD5 a96e6071a17b74bbd309bf696496b8f7
SHA1 63c1ecf860504d390b6f3a32982ddd8946b042c5
SHA256 1a855972dc308e47d30d567e1b37fdad349bf555b971bc14ead76e17a8accccc
SHA512 2c906e2f11d62d1336be482cc5ff784bf372cc7afb3263754e7810a1ae27e253aa9e22463456b62a25049d33ba1e69f129ed7e0a0273fe928dcaa216b7876449

\Users\Admin\AppData\Local\Temp\2C55AD0B-2264-4B0C-83AD-FAE0F59DE6EC\lite_installer.exe

MD5 aafdfaa7a989ddb216510fc9ae5b877f
SHA1 41cf94692968a7d511b6051b7fe2b15c784770cb
SHA256 688d0b782437ccfae2944281ade651a2da063f222e80b3510789dbdce8b00fdc
SHA512 6e2b76ff6df79c6de6887cf739848d05c894fbd70dc9371fff95e6ccd9938d695c46516cb18ec8edd01e78cad1a6029a3d633895f7ddba4db4bf9cd39271bd44

C:\Users\Admin\AppData\Roaming\Yandex\clids-yabrowser.xml

MD5 27a0d63958d264b1d1b307cbcae32d1e
SHA1 134e6abcb95aa2aeddce10db6325d47d5c2944eb
SHA256 e0148740e2dc882bc85880bdb6c626e4fb6555daf471bf34b4a4689c0634abc7
SHA512 33fb4c7c53efc8b6d77baac7fbb7a9848949029de8662ee9e663febc92fd426babc7c2200bf2890e70aa932df5bb883d409fe3ed50a41e3436dfcabe7a1bd229

\Users\Admin\AppData\Local\Temp\00F7C566-6C22-4E2E-A1C7-23F07C6025C6\seederexe.exe

MD5 225ba20fa3edd13c9c72f600ff90e6cb
SHA1 5f1a9baa85c2afe29619e7cc848036d9174701e4
SHA256 35585d12899435e13e186490fcf1d270adbe3c74a1e0578b3d9314858bf2d797
SHA512 97e699cffe28d3c3611570d341ccbc1a0f0eec233c377c70e0e20d4ed3b956b6fe200a007f7e601a5724e733c97eaddc39d308b9af58d45f7598f10038d94ab3

C:\Users\Admin\AppData\Local\Temp\clids-yasearch.xml

MD5 42f904227d6a52fb123a1cbae34f3373
SHA1 c0f5cfee6915bf65601aed5c662e1696f2b45fa0
SHA256 c25e6de10909a6c4a45a4e1e93d0eff1b3604cc515cc6ef2ae6b083ffe41a200
SHA512 b4c8dc57811b0c3d03f00a088bc16ed6eb02ed07db2a99681fd550b8a79e108b82053a3e4d9e12789b429a501bb06e8a684314322605eadcee7b9c633c13a669

C:\Users\Admin\AppData\Roaming\Yandex\ui

MD5 ad8bef38aa24922d5045a317939b7005
SHA1 f57fb75e7ed37554e3ebd65d74713aff4aab5d95
SHA256 935b0041b16d8b0e724db74e6f28170ebbb457d7d1a3ce75952dda19cf93fc69
SHA512 3d9faae6e00aa3424057d83b35abc25d3ed128725797c71dc5a1da7349bb1defc1fcc3d69ede0c00f3c3b6b5a65e8e4c36c3fb2aa1dba6271c5288d79e3d0e72

C:\Config.Msi\f76bb96.rbs

MD5 0f74b03901cee0c79b2152beed30b5ca
SHA1 83c7b54c96491e8b4ae9affd5e4b7030f6fd69fd
SHA256 46a7056308dfaf22cc58827796f87af8b22c15f1811e85e2997e14c9a94b7854
SHA512 5ffea3d0e0195704c42e3f74f3b86a6be5f3a6d33256bbe7225bdd36f90632008a31fc0b3d31f0778c4a49a14035d404cc002d8f2b897579dbdf550dac2ae511

C:\Users\Admin\AppData\Local\Temp\OMNIJA~1.ZIP

MD5 da3287f6ed53dd2ecece8c29bc1a20c4
SHA1 b13113cde779676d1959e483586fcd9d2d3d66e0
SHA256 fa6337cef2829e185bb76c5911d745d9175a490ebf0e9a90439b386ec6da4c3a
SHA512 2c802a45e8fed8659e7c83b5bec3e535a5bcece7188863c22fb2e8eeb13ef11273095aebf0d4bce762d314b2e56aec75e2f51ae4bf1117458cb6848e0567044e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2031336fed3d7ec3e98d77111daddb34
SHA1 eb7de62e885b56a40aba0d282fc7c545abfb5eea
SHA256 78d586bea1de5db1218d128e24b53debcba81b1256a33ee4f1935ba732f200a6
SHA512 940d8aab0eacc10a840e8ddd6a400c9d90ca3d86f25a785967e170c993c06be97a064b5c22e47860313c96a95b3f136145c7909d6a9d23ec47393e3d5d25a3ab

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ty9peokp.Admin\places.sqlite-20240601073021.377200.backup

MD5 314cb7ffb31e3cc676847e03108378ba
SHA1 3667d2ade77624e79d9efa08a2f1d33104ac6343
SHA256 b6d278384a3684409a2a86f03e4f52869818ce7dd8b5779876960353f7d35dc1
SHA512 dc795fa35ea214843a781ee2b2ef551b91b6841a799bef2c6fb1907d90f6c114071a951ebb7b2b30e81d52b594d447a26ab12ddb57c331e854577d11e5febef5

C:\Users\Admin\AppData\Local\Temp\{200BB1D6-E250-455F-B27E-DA3AFD9E3266}.exe

MD5 d454cfd8343eed174988c952e9828f4d
SHA1 dea2383c9dc9071ac88052a5cda7ee4ea7c9377c
SHA256 87719630422cf17f1c538afe530bd87b253be6086a620035f53144e024e464fd
SHA512 cc1dddfb37b4e0f6a2bf62b60c32494ee73c781c99cdcbaac03278f8d1f1bd9d474c134b393b499c588669311b390515a375a2d4da29970632cf8280b00833b2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ty9peokp.default-release\thumbnails\335664b1d0edc2f6d44e873adf49d764

MD5 af80a936c10e18de168538a0722d6319
SHA1 9b1c84a1cf7330a698c89b9d7f33b17b4ba35536
SHA256 2435c0376fca765b21d43e897f4baa52daa0958a7015d04103488c606c99d1d3
SHA512 9a1325c8ce05806e5c161a4cf47239f62baad8f79650fbd713e74928fce8171ced10ba7f24fac46c548e1dbf3f64106270cb25ca88c836c870107f5dc1f97879

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ty9peokp.default-release\thumbnails\9916d5e26889d457708470cd3822b449

MD5 e05d28ab78d61968a7132eafe61f54b4
SHA1 dcf260ab7cdea7b6fc934e54765c964c1a20bd36
SHA256 cbd302b0ea2218f495b9f0a814f34733f2c5f13a6634d74c6e85a5c0863b5621
SHA512 ebea612bf803692fa3c7b2573c58f2e43fba0f7039e01b57203978cf69b6f8ca538b563791a760a7e901bb5e392879bd57bdbdb69b6a3781a3886fc0c01eddc0

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Services\www.ya.ru.ico

MD5 a6f6261de61d910e0b828040414cee02
SHA1 d9df5043d0405b3f5ddaacb74db36623dd3969dc
SHA256 6bb91f1d74389b18bce6e71772e4c5573648c1a4823338193f700afdf8216be5
SHA512 20cb7b646c160c942e379c6e7a1a8981a09f520361c0205052c1d66e2fdb76333ffaaf0ca1dfc779754f0e844b9946900fbd5690d01869e1607abc1fda6dffab

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Bookmarks-20240601073022.703200.backup

MD5 3adec702d4472e3252ca8b58af62247c
SHA1 35d1d2f90b80dca80ad398f411c93fe8aef07435
SHA256 2b167248e8136c4d45c2c46e2bff6fb5e5137dd4dfdccde998599be2df2e9335
SHA512 7562e093d16ee6305c1bb143a3f5d60dafe8b5de74952709abc68a0c353b65416bf78b1fa1a6720331615898848c1464a7758c5dfe78f8098f77fbfa924784c0

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Preferences-20240601073022.718800.backup

MD5 68d84691641bff177cfb8289eaf6e4f2
SHA1 13afa156b1861fad3e915b85cf87eeba3c7512f0
SHA256 42fe2319b2573adfa77e64fc7563582c0e7a7b5c96bbb2955fbbd8dcf8466b78
SHA512 04aad15e598591e86ca7c24753cbd72eae79262b2efae657b8475724d24d05e7d12f11639e3871946a02a8ca9f323e683b748f3837d792654c614d9cb20e992f

C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe

MD5 95828ee007d3586792d53ace50b2357e
SHA1 3501ccad7573fd467911f207155318db3a1a1554
SHA256 8c4be5f1bc4e2f73d4396af48a31bf10362006472e9b28f40aa91f73a3815f12
SHA512 9896eccb178fd772fc92e5793340bdbc1bd6169465d9a739df06c1154edbce16f6db5dd50df426ccbc40d8410d4ef170c3fb0bc700e7778149ff2168409638e7

C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Яндекс.website

MD5 9698a7c41f0f410a641bfa4c04661e36
SHA1 263ca1de4dd9734cbcc03ddeaff7490d003d3e07
SHA256 cc945953660e5449358a93938a19b71c28da9f480204b0bf6ce3917b8cce0901
SHA512 b04637822e24519fefd517d84da2fadc340de67d4fdd72ac7139d272bad13ffd08d06e220f33a326d78ba725becc8a29be42ae2a843272816b901bc46b15d64c

\??\PIPE\wkssvc

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.lnk

MD5 7de127f4a188ff8c24b63cfd1c91ed8c
SHA1 1a70ad23a885d2fcaaad69c01f669a43c206cefa
SHA256 0a65b9e103fc45f440d4dcdef7da431a8cc06c26ada6bc542ce3c5c9a1e1e4d6
SHA512 5a3efddc4b04442b6d72e9074bba62ba7e9c509b2ed24c94fc51a62d77ced963c3b095daf09817d334028a95d0b737e9fba609ffbf4f07c7451c0cb07114e1a7

memory/3008-8732-0x0000000000760000-0x0000000000762000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 cf798defdf1f38a32bb54211ef08fbd5
SHA1 6a38512d28f63f62ca8cd575be1117ac8a23804d
SHA256 925ed48ce165e0586d2601d21c7299b780337cf5307fb2d2743e9cea597fa542
SHA512 dc5f611562f974e0d02a623604a6d662fae33dcca99c579b7f6efa13be1c9e2dac7a3d046c67663a1b7c49b61336be2da5faf792b6bd3c8f6b358c8186d3f8ac

memory/1648-8740-0x0000000000BB0000-0x00000000013F5000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\868C1459-DF56-427D-B48F-17BD49B46861\sender.exe

MD5 f1a8f60c018647902e70cf3869e1563f
SHA1 3caf9c51dfd75206d944d4c536f5f5ff8e225ae9
SHA256 36022c6ecb3426791e6edee9074a3861fe5b660d98f2b2b7c13b80fe11a75577
SHA512 c02dfd6276ad136283230cdf07d30ec2090562e6c60d6c0d4ac3110013780fcafd76e13931be53b924a35cf473d0f5ace2f6b5c3f1f70ce66b40338e53d38d1e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f9cf6fb2d95494f2109d61031482379b
SHA1 2ec357afa2eceb5cda1b5968d6b5378b4db19d9d
SHA256 63ba0833575abd45d2438a4c4fd9fa051841d4cc6d91cc24ce8d46ad691f23a9
SHA512 14b7e29c3a01a9ed8a008f81032dd4d82c8dde8f7b7b1a5ee8ab3370b4a3d37672e4d9d7047b832c90976a47172c8fdef56b7f2f3ebb3fa002beb0d8fb4135e8

memory/1648-8970-0x0000000000BB0000-0x00000000013F5000-memory.dmp

memory/1648-8976-0x0000000000BB0000-0x00000000013F5000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 389f7b137b9fd9589fa4bbd357eaa0a7
SHA1 e0605b5579960733842447a4f5c65dd7ab0b6be1
SHA256 b7da826f277ec40918098998aedd78c43c216af3035f6ca2a51f96815b4791ca
SHA512 c5d659b619f212e3c1cdb601c8862f167786b41c59a8febb29247678c144b117fe6d9be75b9f3c234b42dc77dd297a1ded73ce26ccf31546731e8dbe3853275a

\Users\Admin\AppData\Local\Temp\YB_C7BA7.tmp\setup.exe

MD5 708185c92cce57ef50ff720d28068c38
SHA1 bf708e1299bce3d49056b9021459d4103370af56
SHA256 31a7d6e149196a2d8fcb74f0c1c60f59d7acf48133aa23dd46b1e465e3064ca8
SHA512 abc8829e4a5c8771a4a1a3eb00dd894b3ae12dd305e745b48dde3be43b436d0913dcb7847f5e6463a6583b37181367bc3f9fae471004b1671184847326ce564b

C:\Users\Admin\AppData\Local\Temp\master_preferences

MD5 907071f307fa70fb85a2c67007e84826
SHA1 6956e67cdfd8bec294ecedf5ad49f5d60da4cff6
SHA256 b023ae425a54825b2ea2975f771b6a8671104ff242a75b757646c5c99eedcfe2
SHA512 41e97d728b9b1ed3f54fee3bc45c0e234860f365b8ef60156ad5b021478790d59f015b613dc465ead0e4f317c497f7cc82d86cb6e4e1d0245ffbe8305211819f

memory/1648-9345-0x0000000000BB0000-0x00000000013F5000-memory.dmp

memory/1648-9359-0x0000000000BB0000-0x00000000013F5000-memory.dmp

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.4.4.1169\resources\configs\all_zip

MD5 c7b76127a33b7661d3287cb93375e184
SHA1 3314dd1685dc3adacbcd5023e9d94de016774015
SHA256 d89d224f0f7197574d1cabbb0b0eea91844081cd78d92ddafffc7d3ba3d9d0e5
SHA512 496788a04dc1af6800929206efad41282cca61a4afd359250ef81f5887e2bba3a832497119904801a4c37d59260ade6dc93907167f4c92406b08f7fb1bbf3c76

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ef0c3f68d80b61608ef0b9864e36a8ed
SHA1 f79620c5c45291451b8ef55a238ae4dfc8232414
SHA256 acca08cc6b295cc350a0010f62b330d1880b2d0b3db7e50a4bc9669123b1c994
SHA512 0f0e31fa4ddbdccc365427332a37863bffdcfb49e94a697a0fd1f22510beb59d005a71f0256ff8ca20535e482c38a6ff3cfe9b1aa8903c3071bdb1dc95f4af84

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 b6f88c4d16930ddce1a62e5a47bed464
SHA1 b4ad1bf8159f4d59387c83dd2125ed789e66426f
SHA256 8c0f243331076233338638b6e44e17f901d04193440cd06437be2413fccf86b2
SHA512 4a260c0fe732b3829e7064eb508bec26700c8105135c53da5370f5453d22e4a8d3121487e2164932978c2099666b9954fc891cf74585951c2175321546eb1fbf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e5bbcb437f8e7b4a47cccab192eceadb
SHA1 f4aa73345d5bd907b7bd555d0eb9a5ded480a6d0
SHA256 8f4ef984314a9ccda4a919dfe21037bc6ac15e9b5a2c6b7917aa70b0fe9b4911
SHA512 d4fc7a47aea76e4f9f5dfdc81cfb77109dd09318fbafe8d3a7c230ec4a1993af7415d940ae38c1e624c0434677c751f45b57e0242c9bcac03444e5b9a2996e7c

C:\Windows\Temp\sdwra_3156_2016994165\service_update.exe

MD5 e3fffb071ce80b5568c3abe06444c72d
SHA1 bf3bb0965d78b64c9ed462f67e180707f7cb9ddd
SHA256 a12f34c3b345447b3809b7b8be0a6db9123b5ee408fb4bc7038c6cde904de67a
SHA512 e5dcfc583f3c1f401f26db9f5cbcea18f2f6081ec0ada84c884f222156753f74b84ea1c05551b7b91997cd044152c5fa0b7aa1fd2c405b95aa762041cc33b0ea

C:\ProgramData\Yandex\YandexBrowser\service_update.log

MD5 0c888e024f69d9fe8920923740276bb0
SHA1 ab1e977e9c21cd2ad451289d0b97200c755e00a6
SHA256 13eae0f5e7b63235889470399baba5357ff141e15c2d5a03ee99d5430fcd7941
SHA512 4bbaaf833db72920a5883692a628dfbe8f11f00bea69e6a8a53306172a5f8fcc534905448493c185d51d2114061b8d18a113e91f32662afc305a0983d2a0831d

C:\ProgramData\Yandex\YandexBrowser\service_update.log

MD5 11eba003fa506cbd5185aca6bcd10591
SHA1 3997a9f1c661920e3d42891d4d17cd4bf84ad3c5
SHA256 36480b9d193879dd37050f32296aaae84171c07d4163ccdcf5d4f5eaa560d5ae
SHA512 d49a5f5c79026ee388faa2584c26e304c59eff7a57e4143e47f8fd383052bdf63bdb358544ecb54db70179e9a5ecb392dd8649b19ba5d295c0401c04fe16fd19

C:\ProgramData\Yandex\YandexBrowser\service_update.log

MD5 cbf140e210a434fa879b0556fab98326
SHA1 5980b6d1085fdd40b8d123fe00e31cfa8a109edf
SHA256 3ae67717c7a53bb9e1a5c0fe27ec58a3d70d632883b5c022bab35e85b7b3e3ff
SHA512 bb513f7ec873206871eb67c243ea1fc3ac1047e2d82656e9622a99ad53dac551f33fef800d51e016a7e1a2df0ad2ce8b5ad83422d312cf87993484da92becfb0

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.4.4.1169\brand_config

MD5 57ab8d4ccb2bc7db807a63d5c21caa9a
SHA1 c8db4d2d5a79fde4387425e3c8332c4df8207f4a
SHA256 f20a434e533cb069064f96862e25da9168707cf79d4dcdd69f1968e39c064bf8
SHA512 df8ec17092d55938cbbb4a426561a3711c0c7d483e70a1d095a1026b7e5b29ed580bbc601e1859170965f947c26e220b44b948759f827e0990215d6b59106d43

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.4.4.1169\partner_config

MD5 977bc7b2384ef1b3e78df8fbc3eeb16b
SHA1 7ee6110ca253005d738929b7ba0cc54ed2ed0a2e
SHA256 82e288090168abe15419015317fd38f56c1136e7481f66656d84e0a2d861d4d6
SHA512 4d154832ef3ac05abb1499a5bc8235d72f64cdaa3e6870206a6363c1d85d821604ae8a96850c2c8bd540d479b8dd5f3ce032472ed96bbf7eddb168ea3d2d1cf6

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.4.4.1169\resources\wallpapers\sea_preview.jpg

MD5 53ba159f3391558f90f88816c34eacc3
SHA1 0669f66168a43f35c2c6a686ce1415508318574d
SHA256 f60c331f1336b891a44aeff7cc3429c5c6014007028ad81cca53441c5c6b293e
SHA512 94c82f78df95061bcfa5a3c7b6b7bf0b9fb90e33ea3e034f4620836309fb915186da929b0c38aa3d835e60ea632fafd683623f44c41e72a879baf19de9561179

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.4.4.1169\resources\wallpapers\sea_static.jpg

MD5 5e1d673daa7286af82eb4946047fe465
SHA1 02370e69f2a43562f367aa543e23c2750df3f001
SHA256 1605169330d8052d726500a2605da63b30613ac743a7fbfb04e503a4056c4e8a
SHA512 03f4abc1eb45a66ff3dcbb5618307867a85f7c5d941444c2c1e83163752d4863c5fc06a92831b88c66435e689cdfccdc226472be3fdef6d9cb921871156a0828

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

MD5 ac7580619407e45dc4bdcb7fd655a7d8
SHA1 5b7db72b8425a5f8f586134da73b64cb03572e9e
SHA256 b7f46b54cd9d0c25187354966f47f0f350c5e769737184aa50f6fc106dab8b43
SHA512 56f35a297b9c28c511eadfb5af638c22deb2e0985eee28f9ec50a659d88747e7955c1d2cc802162f326e8c2a2cce4a747b98c2862e1733e2f81f1b23abc9e83b

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex.lnk

MD5 ecc4b6e12c3b737675dec2537000c86b
SHA1 df4687141445d69825f158c446b5ef8a4c2d0c58
SHA256 51805773e559e27b6f55252845381a981b9202dc7e8db398da0ae8746f2ab760
SHA512 5638b3ecea51b39b50c1b1ec54574c266ecb4f9103549d6c5c84df958c24c54adbe299c2d41ddc0ac7537ec4b6738c76892e57a05ffb75dce4dc124fa2306063

memory/3156-10025-0x0000000000B00000-0x0000000000B02000-memory.dmp

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\install_state.json

MD5 d8387652552e22f063fd1d9fe6aecf53
SHA1 e52f0e15687ca66a9bdbfa6df67a383abebc948d
SHA256 199085dd907b6a96de578f562b9da319829b35b52c030574d59b1ad2fa9aa7b1
SHA512 fd995ba832c4b629d912dbc2960361f620455bd2e1e92847f7084bf6a4dd86022dc4dc871d6f1d3121491e0d4261be4acb36237820b965ed6c6cd0711db42641

memory/7704-10134-0x0000000001040000-0x0000000001041000-memory.dmp

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\306f2d88-fb63-43ff-a26f-efad221a9086.tmp

MD5 35d7ae58eb34aab68aa3d493f4f7bfbd
SHA1 3abeef1db23f8717cdb6effa14115ef795271bee
SHA256 ee3a327886588c5be135c8ec028034e0327c3299b7436f504cff55a0f15d3238
SHA512 3a9aa4cfb1b2aa53834d80dc5aa1e2ab860f6ef6997db26747c4962a7f42ef9ceac8ac82e0a99361c98bd107749ac67effe1763999a17442e7ba65a46d788207

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Sync Data\LevelDB\CURRENT~RFf7788fe.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Wallpapers\store\preview-13361700668858600

MD5 9f6a43a5a7a5c4c7c7f9768249cbcb63
SHA1 36043c3244d9f76f27d2ff2d4c91c20b35e4452a
SHA256 add61971c87104187ae89e50cec62a196d6f8908315e85e76e16983539fba04b
SHA512 56d7bd72c8a380099309c36912513bcafbe1970830b000a1b89256aae20137c88e1e281f2455bb381ab120d682d6853d1ef05d8c57dd68a81a24b7a2a8d61387

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Wallpapers\store\picture-13361700668858600

MD5 3bf3da7f6d26223edf5567ee9343cd57
SHA1 50b8deaf89c88e23ef59edbb972c233df53498a2
SHA256 2e6f376222299f8142ff330e457867bad3300b21d96daec53579bf011629b896
SHA512 fef8e951c6cf5cec82dbeafd306de3ad46fd0d90e3f41dcea2a6046c95ab1ae39bf8a6e4a696580246c11330d712d4e6e8757ba24bbf180eec1e98a4aec1583b

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Platform Notifications\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Site Characteristics Database\000002.dbtmp

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\4e827df3-f0ff-4c1d-9dbc-63851cf5f53f.tmp

MD5 e83f8ddcd8a44db1f17574eb0f501331
SHA1 0b30ec881ad62158f896ea47f5c70db3806aefd6
SHA256 3bae34ca8c4ca34ad7177a57d3934891651bea573f72a7da8cdf004f897ffee3
SHA512 8a246ea1417825e1de0ee26af667c849175659441dac4c9f115d58ebb68abaac9245b231d787edfa72384ebdf0f170e871fca352b441faa41bc2984bc1a56223

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

MD5 0b5bdde53f0ff651ef669fdbe0261dd8
SHA1 bb37b82e4b84843c0f6132366f67e88740ede9b8
SHA256 c422120fe23826837c94023202335737a1e6818675860c95d7b79603a9128c4c
SHA512 ceb9838e5468fd460e0ab0c7e7486a3c7d27b3b79d34cff4d45742e7f004ee44d451316cebdffc33f23856448ad3391f19fd85810771059609c388d6c85d7032

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\e5443479-9873-4d91-810b-7bbedab22693\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\0aa7e4c1-861a-433c-9492-27ce8d357d3e.tmp

MD5 e18817e6a9e1a5742a1b2af583bc6a02
SHA1 6182de1a11dd42b69b4b8b4ffc7130630c18eb0d
SHA256 77bfa49ddebadcba546a1785624f2f34a25dc4a28d581243f2b493e1670b388f
SHA512 92dbeed77e5f54ba92fb09a6296a6fcd8faf5ff5d54a6d508dfd380fe09d2a9ddd78b801a5ea925385199da8b52225f859e72c6046b9fb4d389221df1267f3e9

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\ShaderCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\DawnCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\ShaderCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\ShaderCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\bcadigmkecmhhknameopgaidphameinh\Icons\32.png

MD5 d2e7ab79b45eda7c4421f296abf37c52
SHA1 8490f4e098d50ec161e64db912f8430826daf2bc
SHA256 ded3490683fcf3c5b87803bb1835759df2b65831a6257a326709a708a1dd45ac
SHA512 094c2150f872e727980f84b6c011f13210d43cbfd9437825b3b014211c69d7bd3f6367e9913370b624ddad270cfe91c190ebf2c5f5fd4e082b5d6c85199cb6b1

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\bcadigmkecmhhknameopgaidphameinh\Icons\16.png

MD5 238b0e7dc06028db4b6aba8078740ffb
SHA1 5fd2309587993b371beabb7a9d039e0dba3006ba
SHA256 d159e510392f6da58c4d15cc098171d45c7b02a1362cbf7be7a2d47a1a10e7fc
SHA512 1dda4de21be647067c04dfc47174df39d0c6c1eeee3e9005211f908351b69d6a27ed268b5ec7480285fb203a95136a3a205f7bafb7eb5223a3dcbab0dadc0e5d

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\bcadigmkecmhhknameopgaidphameinh\Icons\64.png

MD5 6f5486bcca8c4ce582982a196d89ece5
SHA1 4648ae13d71b2ff681cabc5d0b5b4bb242cb78a2
SHA256 c870819a5c73e2ea5f94312bdf10fc56668d3311ef2eab6509b659efb456bb8d
SHA512 9a36d519a9cadf5b464a98082511906cc5f24c4218f6bc2ae323f6b38bf5fd413614807ef0d442801bfbc3b2ce2a0527b0f7be24fd51f49cbde6b5dfe2cafd7c

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\bcadigmkecmhhknameopgaidphameinh\Icons\48.png

MD5 7cf35c8c1a7bd815f6beea2ef9a5a258
SHA1 758f98bfed64e09e0cc52192827836f9e1252fd1
SHA256 67c320fa485a8094fc91cd3fcd59a7c75d2474e3046a7eb274b01863257fbe01
SHA512 0bbebde654c9f44cf56b74fc1a9525b62c88724ec80658efede3cbb370c3a6d4f3e78df459bbd0559a51838f4a172bdfcd370bd5477038309024b77cd69f2a15

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\bcadigmkecmhhknameopgaidphameinh\Icons\128.png

MD5 363bbbffe31e45e3945aa0ff3b8cdd1d
SHA1 f223255a82218ddd45bdf54a0cf1e8b438a67edc
SHA256 39b835c3dcf4261025de83d49ab151f5af0bc1ed8845932065aa1a333f026684
SHA512 7bbfb3810a2bed3d2a8a899afa95412cca95fa6916b1684ae3182bd0ad28faa7076fdf328281d106a53c10385667729b4089b0050610e87eadef2f3ff54e80be

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\bcadigmkecmhhknameopgaidphameinh\Icons\96.png

MD5 115decbc3eb53574b2582f15a0996e83
SHA1 598a1d495135f767be6d03cf50418615b22146b6
SHA256 07fbfbda84eb5467b120fb3f9b4e028077303098bac8c2934635b14bbda847e0
SHA512 af237ddb585ad38fd0fc3d0f0b75c60d0117e965a548bda055b2625f86ee7d91fedc840e1afa2fe80814f152732371255133faa21c3d774ca9691446541cf46c

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\bcadigmkecmhhknameopgaidphameinh\Icons\256.png

MD5 a363094ba5e40a4760a9bf566e5defd3
SHA1 1e74e20f48ec878bd0b76448c722168879c5b387
SHA256 05ae2d6161a3acd83798ec56dbc45087e6aeb0a1376401f55aa46539b1d95559
SHA512 ce30f312cc08366aa588e75b229c178a83cf6d464a1051bd1118b81e5166085a2b1bcfbff97804f3e8662366b59f43a659e4b0e315dabad125f16ec9ad9ac379

memory/1648-11043-0x0000000000BB0000-0x00000000013F5000-memory.dmp

memory/4568-11048-0x00000000065C0000-0x00000000065C1000-memory.dmp

memory/4568-11047-0x0000000005FB0000-0x00000000065B9000-memory.dmp

memory/4568-11046-0x0000000005FB0000-0x00000000065B9000-memory.dmp

memory/4568-11045-0x0000000005FB0000-0x00000000065B9000-memory.dmp

memory/4568-11044-0x0000000005FA0000-0x0000000005FA1000-memory.dmp

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\748383a3-6e74-4b77-945b-39b4db7279c2.tmp

MD5 5b39760c59835a3716f943fd5aa1b96e
SHA1 cf4a917e5043b3acc381255cc20b4bb6f22832f6
SHA256 aefe904bb9773023af339c2fffb3215bae81a440297947a98d0dc7a1d09aa072
SHA512 ed79822283c7ba0fdbd565fa5cd45c2dea1cbaf87eaa64d19c1d0d109da86596b900e82c6c570800f88de3d2808cb99b3562a7b40eac93818c7065f15c737776

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

MD5 871ae18ee8b53c80bc70639f6a45eb55
SHA1 d72579f498ae95a1d9efe0a309ed0b6c48757f38
SHA256 677f7033c5fc2e5a07db19b5e573ec01baca9dbe962e26839509d5120aa9d31a
SHA512 2d4931ece92d90c513670467c4a1ee7176db81a3f22e78d5d00dab717dca2986fbc266078d9555606562296cda5b48a23ad1e8487caeec7be3d3da6e6a92ffca

C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\plugin2\msvcp140.dll

MD5 bf78c15068d6671693dfcdfa5770d705
SHA1 4418c03c3161706a4349dfe3f97278e7a5d8962a
SHA256 a88b8c1c8f27bf90fe960e0e8bd56984ad48167071af92d96ec1051f89f827fb
SHA512 5b6b0ab4e82cc979eaa619d387c6995198fd19aa0c455bef44bd37a765685575d57448b3b4accd70d3bd20a6cd408b1f518eda0f6dae5aa106f225bee8291372

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\YandexDictionaries\ru.bdic

MD5 ac3768f0462853d08df284e67c7c4ebd
SHA1 732581ac6f2e02246696817adc53d2e2e5d0dcb5
SHA256 af2bcc135f974aad505a8f55296117dbf4cbc095931e22f424698b181d273656
SHA512 27d558deffeeefe1198aebdf65a3fef0b0f3d6b6c4177d03ff32b0363f0a2fb1b7ff6454f45dd3254427cec9174b03181c50bc51dba212e6ab0114a6e72bcf96

memory/1648-12004-0x0000000000BB0000-0x00000000013F5000-memory.dmp

C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\vcruntime140_1.dll

MD5 fcda37abd3d9e9d8170cd1cd15bf9d3f
SHA1 b23ff3e9aa2287b9c1249a008c0ae06dc8b6fdf2
SHA256 0579d460ea1f7e8a815fa55a8821a5ff489c8097f051765e9beaf25d8d0f27d6
SHA512 de8be61499aaa1504dde8c19666844550c2ea7ef774ecbe26900834b252887da31d4cf4fb51338b16b6a4416de733e519ebf8c375eb03eb425232a6349da2257

C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\vcruntime140.dll

MD5 7415c1cc63a0c46983e2a32581daefee
SHA1 5f8534d79c84ac45ad09b5a702c8c5c288eae240
SHA256 475ab98b7722e965bd38c8fa6ed23502309582ccf294ff1061cb290c7988f0d1
SHA512 3d4b24061f72c0e957c7b04a0c4098c94c8f1afb4a7e159850b9939c7210d73398be6f27b5ab85073b4e8c999816e7804fef0f6115c39cd061f4aaeb4dcda8cf

C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\lib\deploy\messages_zh_TW.properties

MD5 880baacb176553deab39edbe4b74380d
SHA1 37a57aad121c14c25e149206179728fa62203bf0
SHA256 ff4a3a92bc92cb08d2c32c435810440fd264edd63e56efa39430e0240c835620
SHA512 3039315bb283198af9090bd3d31cfae68ee73bc2b118bbae0b32812d4e3fd0f11ce962068d4a17b065dab9a66ef651b9cb8404c0a2defce74bb6b2d1d93646d5

C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\lib\images\cursors\win32_CopyNoDrop32x32.gif

MD5 1e9d8f133a442da6b0c74d49bc84a341
SHA1 259edc45b4569427e8319895a444f4295d54348f
SHA256 1a1d3079d49583837662b84e11d8c0870698511d9110e710eb8e7eb20df7ae3b
SHA512 63d6f70c8cab9735f0f857f5bf99e319f6ae98238dc7829dd706b7d6855c70be206e32e3e55df884402483cf8bebad00d139283af5c0b85dc1c5bf8f253acd37

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

MD5 772c9e2702535434a83cb66187556f9b
SHA1 02bdadbf83a78fa42daf3d0f8c31133fc0280c80
SHA256 78b144162f9b9b6bfc4b727461d8e88032f45aa80bc556162d779a0d8e3aada8
SHA512 9b50f2467371c5234c471ffcfb0e46aa1fe35fdce068987ccd63975ee5a3f34bba3e592abdc8e12ba1421e442d6120fb2363f42bfb6199bf73449e04ac8a1446

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\component_crx_cache\oimompecagnajdejgnnjijobebaeigek_1.2903aec9f77378fa19280af8ff89294fb9ce2caf8e0092c69e19973c0a9cc6fe

MD5 5d9ad58399fbef9be94190d149c2f863
SHA1 45f3674f0425d58d9ffc5d9001ff6754f357543c
SHA256 2903aec9f77378fa19280af8ff89294fb9ce2caf8e0092c69e19973c0a9cc6fe
SHA512 9a9532cce2de086d5934235d21d27b8a0863ae902a81151a728364aebe044faef5e5805d64efe68d67a5a5aaf408f74954d08f10c6a011dc9ea82c629339d3b0

C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\lib\security\policy\unlimited\US_export_policy.jar

MD5 12f971b6e65cbc7184701235469f0339
SHA1 06cb165157c5e0078b872c48707a1328b1dcba19
SHA256 84e035372ca8979bb4a387428a74942ffc7248a0e61988b7033b5b266cd187c8
SHA512 58646fc81de2e4750a3259d79a207a8cff2dc6692f178a63d92a453fc408c8d1088007ef4e93157d1017be706565716a0236039dbac848c40745a0ad89c4d0de

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad\settings.dat

MD5 c6a49887aee462f1dc3fd9bd213c6817
SHA1 b110bf9b2ff0f3f0455e742d0861ceeaf65b1f5d
SHA256 2b42d3855d95b12ca8037cc4eb44205c07e49b80ed9a5d77dad14a86442bb9d6
SHA512 30267290472a092ec45bb9553bfb716ffdc959ab2817feeee6ebb06bf0aea73932259ffd2b953330e876ee7d1b2bded404d11aa7658131b83cf05e9ebb3c47c5

C:\Users\Admin\AppData\Roaming\.minecraft\KLauncher.exe

MD5 82345958a39e7b1ad0b14ff2adeecaf9
SHA1 56e29f91f3ca1d5a3712e339ea5ac70f2904fbf7
SHA256 5fdc5fd46f4fbd5f1377c9cde1370b34bef76aec16f7ac3bcb89a1ee59329f99
SHA512 1182da48e1be07c2b21036336446e4af55dfc4f4fd1602701cf2a2c56ead437d9be5d994948f7b863215cffe1b627ff4331e4635db12f9eaf9d6ea7b6bf98ea2

C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe

MD5 122e34bfa3146ef9ae5a51fdc744353f
SHA1 f0cc2294fe150a4cceca8a3da8615edcc4eb20e4
SHA256 dd2169db3358ccdf4a4a185e4a22955c989eaa3b9d3e0e6025599b8fa173c968
SHA512 306341e00598f02a70d3edc6ef666cb64982f1e31e5c0a1304977a1700c95395c1c7f0857ae8056853370eced0bd2aeafc72da804a65f98c1422929b7c431700

memory/6696-12774-0x0000000000140000-0x0000000000141000-memory.dmp

memory/3528-12777-0x0000000000400000-0x000000000042F000-memory.dmp

memory/388-12796-0x0000000001F60000-0x0000000001F6A000-memory.dmp

memory/388-12795-0x0000000001F60000-0x0000000001F6A000-memory.dmp

memory/388-12794-0x0000000001F60000-0x0000000001F6A000-memory.dmp

memory/388-12793-0x0000000001F60000-0x0000000001F6A000-memory.dmp

memory/388-12799-0x00000000001D0000-0x00000000001D1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\yandex_browser_updater.log

MD5 e77a8fd298f3d84d31cefa162ee7ca71
SHA1 f748ba7856ea4433444ebcccb5d7ccb0d8884e8b
SHA256 2982384159594c500de4a96a0bd663eefe1e133dba603caaca503de2fc8c45cb
SHA512 b94ac450c4fcbd71b0578b5e641f47ac4e33533d60e7a8b6b125eb43f249113e10707eab9749b80e2eedf8cc4537fc8ed65af9c94958b040fe06f0d4b899eb6d

memory/388-12887-0x00000000001D0000-0x00000000001D1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\+JXF2105097462156220991.tmp

MD5 99c471b10eb25b8f0f1fe76a04926b0f
SHA1 807f89e70ccf186bde048c8a51a5c2d668190797
SHA256 9042ee73964614ed6b3eb4aa30df23c4ac5d3372deffb201ab9287540a34079c
SHA512 cbc263c2fbf1325c56adb312be8026ec25766a172bfd8d742a2e86292692c18fb185f595eb8b6fa2898e66ff95404ae52d9e52c393271e9f1fbbfd6c5bb9707d

C:\Users\Admin\AppData\Local\Temp\+JXF6669411277044653899.tmp

MD5 794162f5ab873e624c2e8adaef34aa73
SHA1 5e631244b866752f9232e170ed81ab94d252ac42
SHA256 b272fda2af48d26da480cd02d76059416539612615d38b9145b3f156d677ef7c
SHA512 d14a8abf8a3a4279652132ec145c5fad024001241e6c81d1e07c74ad3d438d61ea6f2e2a3d01812621763afbda99486ebe47f858a8dbd440c82448b1619a2426

C:\Users\Admin\AppData\Local\Temp\+JXF3470484539401003289.tmp

MD5 945426f5363c482553695c661ebc75a0
SHA1 feb3a62b783c6cba5175e957c6a4d1564e6de534
SHA256 b04761b165a8b32e5ac989a3cee07f27658634e7796f708b3e17ff5ccbe23622
SHA512 12658f86b8c3744329c2a4c4552ce25c5756e29aa984e0c7fd3fdee13abaa51b221d8ff78a9c406b084d3c08fffc3cdcb2b58f9cfb6af707ab9e3bc8fcee9e98

C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\java.exe

MD5 1562e15220d8771fcb11b9a5b234a970
SHA1 50ec8e4e7125bda147a1b2ccc2b2827db2dc3479
SHA256 366199821c1efede3f7112d21da045fd6bf38b56fb3da1ae9d6493c4ddc1861f
SHA512 a07873f0a5381d202a6439a3245dd51f405cdcec4a9d40ff6ffdd4670a3b218008f7288a89e2a7455782c677d4c661bda96e62f813ce7d8c1f20a6c4c7c2b31f

C:\Users\Admin\AppData\Roaming\.minecraft\klauncher.json

MD5 15b085d97ad7198e3a5e97b0f6183f8f
SHA1 5443429678a95243818418f55c815193ad9a7cf1
SHA256 73a1fe9da108c27feca4f128cbb80b0b54f205b8c333030a4e6417cde24c55b5
SHA512 74f37271c525e76abaf8bcde8e71572d410a6d402d2cfb857e5b474870c7c8204f555f87d398596435a3ac29baccbcace147f8aecbb78d4f4073431c7acbd4fc

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

MD5 962bbb7284b586622d1c05997cbad13c
SHA1 7997e57c982708a70988654a5cf644efa2938d67
SHA256 92b732d0c9090d2c44660b3d7942f15a3f89bd416c4dbaa57e65916b138fc6cb
SHA512 4008737343ab5713d3afa2d5b3efe7ba76b60c715d104eb609a468637da98aa33a29fe74925a16b5215f45c7ad0f5c3c8869971569ba858362752fc99d88ce12

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity

MD5 38b92139d1e2a6506c351102abcdf126
SHA1 c0b0884f1b000cd08e5348fc2c4adc5b357aac8a
SHA256 18bbb0cc0b2d970cd1257e77cd0312d2b220f3196a5784135056d2e694ce325f
SHA512 012fef2b7a0600227008c403d9df4d8ff97305ea3d755ee5543152dfd69274d1d238f464413b0b94ada95eb4af8431da685f07565c87461815c315d3c1a52450

memory/388-13818-0x0000000001F60000-0x0000000001F6A000-memory.dmp

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity

MD5 294f161d285da8f09680e924e0fd3e7e
SHA1 a4a921814b1478b8f8be08abef9d0cd4fa773af9
SHA256 7aa6b4a941d929a5d9c74c16638bd778d429e8749a90aa7b834353be215bd54f
SHA512 0361d6f99844645b55e1205f3130bb67b70bbe6fb7b6d7e850cb130bbf57a0520b70099dc1fd3e8bed515ab37094eb52adbb083aeed72e064f0dbd6b39d78ada

C:\Users\Admin\AppData\Local\Temp\+JXF9100783875621910911.tmp

MD5 a3de2170e4e9df77161ea5d3f31b2668
SHA1 6484f1af6b485d5096b71b344e67f4164c33dd1f
SHA256 7b5a4320fba0d4c8f79327645b4b9cc875a2ec617a557e849b813918eb733499
SHA512 94a693ab2ce3c59f7a1d35b4bcc0fd08322dad24ce84203060ceceaf3dac44c4c28413c28dcdab35d289f30f8e28223a43c11cb7d5e9a56d851eb697ff9b9b6b

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity

MD5 4f543bef87aad41fc5709872b2b6a614
SHA1 e85cb8ddd816f633e945fde5ce3da1fdcc94298b
SHA256 d3a65ed6633096fb0e1beb23aa2d9fe56db734023a6fc8cfae9e9d4baab327ae
SHA512 4520911ecad67b1c5f78eb733b8d6aceefd39fe31b68bec4b87a60176fe9034ef1127952e5a4dd9eae3b18187070be01ff6846daf0d32bedea045e361d8fb763