Malware Analysis Report

2024-09-11 13:42

Sample ID 240614-vtaqdatbpp
Target Aimware cracked.exe
SHA256 63c7a5db3e679333031a9560c43a9f4cec16e17a6f77d54e176819777b39bdad
Tags
evasion persistence discovery spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

63c7a5db3e679333031a9560c43a9f4cec16e17a6f77d54e176819777b39bdad

Threat Level: Known bad

The file Aimware cracked.exe was found to be: Known bad.

Malicious Activity Summary

evasion persistence discovery spyware stealer

Modifies visiblity of hidden/system files in Explorer

Downloads MZ/PE file

Loads dropped DLL

Checks computer location settings

Executes dropped EXE

Reads user/profile data of web browsers

Enumerates connected drives

Checks installed software on the system

Adds Run key to start application

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Enumerates physical storage devices

Unsigned PE

Modifies registry class

Runs ping.exe

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies data under HKEY_USERS

Suspicious behavior: GetForegroundWindowSpam

Modifies Internet Explorer settings

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Modifies system certificate store

Suspicious use of AdjustPrivilegeToken

Modifies Internet Explorer start page

MITRE ATT&CK Matrix V13

Initial Access
TA0001
Execution
TA0002
Persistence
TA0003
Boot or Logon Autostart Execution
T1547
Registry Run Keys / Startup Folder
T1547.001
Privilege Escalation
TA0004
Boot or Logon Autostart Execution
T1547
Registry Run Keys / Startup Folder
T1547.001
Defense Evasion
TA0005
Hide Artifacts
T1564
Hidden Files and Directories
T1564.001
Modify Registry
T1112
Subvert Trust Controls
T1553
Install Root Certificate
T1553.004
Credential Access
TA0006
Unsecured Credentials
T1552
Credentials In Files
T1552.001
Discovery
TA0007
System Information Discovery
T1082
Remote System Discovery
T1018
Query Registry
T1012
Peripheral Device Discovery
T1120
Lateral Movement
TA0008
Collection
TA0009
Data from Local System
T1005
Exfiltration
TA0010
Command and Control
TA0011
Impact
TA0040
Resource Development
TA0042
Reconnaissance
TA0043

Analysis: static1

Detonation Overview

Reported

2024-06-14 17:16

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 17:16

Reported

2024-06-14 17:17

Platform

win10v2004-20240508-en

Max time kernel

30s

Max time network

31s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe"

Signatures

Modifies visiblity of hidden/system files in Explorer

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0" \??\c:\windows\resources\svchost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0" \??\c:\windows\resources\themes\explorer.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A \??\c:\users\admin\appdata\local\temp\aimware cracked.exe  N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Aimware cracked\cheatloader.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A \??\c:\windows\resources\themes\explorer.exe N/A
N/A N/A \??\c:\windows\resources\spoolsv.exe N/A
N/A N/A \??\c:\windows\resources\svchost.exe N/A
N/A N/A \??\c:\windows\resources\spoolsv.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A \??\c:\users\admin\appdata\local\temp\aimware cracked.exe  N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\aimware cracked.exe  N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\aimware cracked.exe  N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Aimware cracked\cheatloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Aimware cracked\cheatloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Aimware cracked\cheatloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Aimware cracked\cheatloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Aimware cracked\cheatloader.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Explorer = "c:\\windows\\resources\\themes\\explorer.exe RO" \??\c:\windows\resources\svchost.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Svchost = "c:\\windows\\resources\\svchost.exe RO" \??\c:\windows\resources\svchost.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Explorer = "c:\\windows\\resources\\themes\\explorer.exe RO" \??\c:\windows\resources\themes\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Svchost = "c:\\windows\\resources\\svchost.exe RO" \??\c:\windows\resources\themes\explorer.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\explorer.exe \??\c:\windows\resources\themes\explorer.exe N/A
File opened for modification C:\Windows\SysWOW64\explorer.exe \??\c:\windows\resources\svchost.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification \??\c:\windows\resources\svchost.exe \??\c:\windows\resources\spoolsv.exe N/A
File opened for modification C:\Windows\Resources\Themes\icsys.icn.exe C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe N/A
File opened for modification \??\c:\windows\resources\themes\explorer.exe C:\Windows\Resources\Themes\icsys.icn.exe N/A
File opened for modification \??\c:\windows\resources\spoolsv.exe \??\c:\windows\resources\themes\explorer.exe N/A

Enumerates physical storage devices

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\aimware cracked.exe  N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\aimware cracked.exe  N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\aimware cracked.exe  N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\aimware cracked.exe  N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A \??\c:\windows\resources\svchost.exe N/A
N/A N/A \??\c:\windows\resources\themes\explorer.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A \??\c:\users\admin\appdata\local\temp\aimware cracked.exe  N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Aimware cracked\cheatloader.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Aimware cracked\cheatloader.exe N/A
N/A N/A \??\c:\windows\resources\themes\explorer.exe N/A
N/A N/A \??\c:\windows\resources\themes\explorer.exe N/A
N/A N/A \??\c:\windows\resources\spoolsv.exe N/A
N/A N/A \??\c:\windows\resources\spoolsv.exe N/A
N/A N/A \??\c:\windows\resources\svchost.exe N/A
N/A N/A \??\c:\windows\resources\svchost.exe N/A
N/A N/A \??\c:\windows\resources\spoolsv.exe N/A
N/A N/A \??\c:\windows\resources\spoolsv.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Aimware cracked\cheatloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Aimware cracked\cheatloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Aimware cracked\cheatloader.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 776 wrote to memory of 3324 N/A C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe \??\c:\users\admin\appdata\local\temp\aimware cracked.exe 
PID 776 wrote to memory of 3324 N/A C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe \??\c:\users\admin\appdata\local\temp\aimware cracked.exe 
PID 776 wrote to memory of 3324 N/A C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe \??\c:\users\admin\appdata\local\temp\aimware cracked.exe 
PID 3324 wrote to memory of 5100 N/A \??\c:\users\admin\appdata\local\temp\aimware cracked.exe  C:\Users\Admin\AppData\Roaming\Aimware cracked\cheatloader.exe
PID 3324 wrote to memory of 5100 N/A \??\c:\users\admin\appdata\local\temp\aimware cracked.exe  C:\Users\Admin\AppData\Roaming\Aimware cracked\cheatloader.exe
PID 3324 wrote to memory of 2556 N/A \??\c:\users\admin\appdata\local\temp\aimware cracked.exe  C:\Windows\SysWOW64\cmd.exe
PID 3324 wrote to memory of 2556 N/A \??\c:\users\admin\appdata\local\temp\aimware cracked.exe  C:\Windows\SysWOW64\cmd.exe
PID 3324 wrote to memory of 2556 N/A \??\c:\users\admin\appdata\local\temp\aimware cracked.exe  C:\Windows\SysWOW64\cmd.exe
PID 776 wrote to memory of 2392 N/A C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe C:\Windows\Resources\Themes\icsys.icn.exe
PID 776 wrote to memory of 2392 N/A C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe C:\Windows\Resources\Themes\icsys.icn.exe
PID 776 wrote to memory of 2392 N/A C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe C:\Windows\Resources\Themes\icsys.icn.exe
PID 2392 wrote to memory of 4256 N/A C:\Windows\Resources\Themes\icsys.icn.exe \??\c:\windows\resources\themes\explorer.exe
PID 2392 wrote to memory of 4256 N/A C:\Windows\Resources\Themes\icsys.icn.exe \??\c:\windows\resources\themes\explorer.exe
PID 2392 wrote to memory of 4256 N/A C:\Windows\Resources\Themes\icsys.icn.exe \??\c:\windows\resources\themes\explorer.exe
PID 2556 wrote to memory of 3496 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 2556 wrote to memory of 3496 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 2556 wrote to memory of 3496 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 4256 wrote to memory of 408 N/A \??\c:\windows\resources\themes\explorer.exe \??\c:\windows\resources\spoolsv.exe
PID 4256 wrote to memory of 408 N/A \??\c:\windows\resources\themes\explorer.exe \??\c:\windows\resources\spoolsv.exe
PID 4256 wrote to memory of 408 N/A \??\c:\windows\resources\themes\explorer.exe \??\c:\windows\resources\spoolsv.exe
PID 408 wrote to memory of 1604 N/A \??\c:\windows\resources\spoolsv.exe \??\c:\windows\resources\svchost.exe
PID 408 wrote to memory of 1604 N/A \??\c:\windows\resources\spoolsv.exe \??\c:\windows\resources\svchost.exe
PID 408 wrote to memory of 1604 N/A \??\c:\windows\resources\spoolsv.exe \??\c:\windows\resources\svchost.exe
PID 1604 wrote to memory of 2980 N/A \??\c:\windows\resources\svchost.exe \??\c:\windows\resources\spoolsv.exe
PID 1604 wrote to memory of 2980 N/A \??\c:\windows\resources\svchost.exe \??\c:\windows\resources\spoolsv.exe
PID 1604 wrote to memory of 2980 N/A \??\c:\windows\resources\svchost.exe \??\c:\windows\resources\spoolsv.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe

"C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe"

\??\c:\users\admin\appdata\local\temp\aimware cracked.exe 

"c:\users\admin\appdata\local\temp\aimware cracked.exe "

C:\Users\Admin\AppData\Roaming\Aimware cracked\cheatloader.exe

"C:\Users\Admin\AppData\Roaming\Aimware cracked\cheatloader.exe"

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c deldll.bat

C:\Windows\Resources\Themes\icsys.icn.exe

C:\Windows\Resources\Themes\icsys.icn.exe

\??\c:\windows\resources\themes\explorer.exe

c:\windows\resources\themes\explorer.exe

C:\Windows\SysWOW64\PING.EXE

ping -n 2 -w 1000 127.0.0.1

\??\c:\windows\resources\spoolsv.exe

c:\windows\resources\spoolsv.exe SE

\??\c:\windows\resources\svchost.exe

c:\windows\resources\svchost.exe

\??\c:\windows\resources\spoolsv.exe

c:\windows\resources\spoolsv.exe PR

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 udp

Files

memory/776-0-0x0000000000400000-0x000000000041F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\aimware cracked.exe 

MD5 16620cf72e58b967961b6d2f5f1cdf83
SHA1 d584bbfce61a6d9a8d03a4e9976d9a52e5eb5b24
SHA256 9f657ef4f8470c854769a9c43b1738171aa6d81050f50eea0e803905a73e8ac4
SHA512 96f416d13f717a8c133312be9c6a96ed23c2d17916474cebb20424c7343dfe982fabbf5f066ad5add1c9624ea4adfeac12b97a8d72bab5aa1c4e7527a5016f6d

C:\Users\Admin\AppData\Local\Temp\genteert.dll

MD5 6ce814fd1ad7ae07a9e462c26b3a0f69
SHA1 15f440c2a8498a4efe2d9ba0c6268fab4fb8e0a7
SHA256 54c0da1735bb1cb02b60c321de938488345f8d1d26bf389c8cb2acad5d01b831
SHA512 e5cff6bcb063635e5193209b94a9b2f5465f1c82394f23f50bd30bf0a2b117b209f5fca5aa10a7912a94ad88711dcd490aa528a7202f09490acd96cd640a3556

C:\Users\Admin\AppData\Local\Temp\genteeD8\guig.dll

MD5 d3f8c0334c19198a109e44d074dac5fd
SHA1 167716989a62b25e9fcf8e20d78e390a52e12077
SHA256 005c251c21d6a5ba1c3281e7b9f3b4f684d007e0c3486b34a545bb370d8420aa
SHA512 9c890e0af5b20ce9db4284e726ec0b05b2a9f18b909fb8e595edf3348a8f0d07d5238d85446a09e72e4faa2e2875beb52742d312e5163f48df4072b982801b51

C:\Users\Admin\AppData\Roaming\Aimware cracked\cheatloader.exe

MD5 3e15e73f6ecc61ef7eaacdee4686e607
SHA1 b76fbdc760285f0d652220e1a0b33fe3b188bd54
SHA256 3b6da10d0eca0ea8f1a28a4df08059555269828db3da3b0b4990681829d27ffa
SHA512 9b2ddbf1c6b64084fc91de7dfa45ebb78ffcb1ee8f4b3ba3e6066fce34c1e36102187460049950741519044d6236e19b054e288f0c1a5177a5ade5c2b70c92e8

C:\Users\Admin\AppData\Roaming\Aimware cracked\flutter_windows.dll

MD5 2eb35e2372de5fc7fde925c96de61d48
SHA1 a9eedd7cf44a6eab4e08df9ab0b33fd95ceb48fd
SHA256 80efad451cd0b674b9974ef286d29ef72f219999dd8f993585f9168d97895e6f
SHA512 18a03d297770707709fcada8dd0741bd39057d54b49125119ba8b7d21aa67284dece89947dc14721fe3084e69f03e816a2ed9ad79e82ffe279d7fd0a318ff029

C:\Users\Admin\AppData\Roaming\Aimware cracked\MSVCP140.dll

MD5 bf78c15068d6671693dfcdfa5770d705
SHA1 4418c03c3161706a4349dfe3f97278e7a5d8962a
SHA256 a88b8c1c8f27bf90fe960e0e8bd56984ad48167071af92d96ec1051f89f827fb
SHA512 5b6b0ab4e82cc979eaa619d387c6995198fd19aa0c455bef44bd37a765685575d57448b3b4accd70d3bd20a6cd408b1f518eda0f6dae5aa106f225bee8291372

C:\Users\Admin\AppData\Roaming\Aimware cracked\VCRUNTIME140_1.dll

MD5 7667b0883de4667ec87c3b75bed84d84
SHA1 e6f6df83e813ed8252614a46a5892c4856df1f58
SHA256 04e7ccbdcad7cbaf0ed28692fb08eab832c38aad9071749037ee7a58f45e9d7d
SHA512 968cbaafe416a9e398c5bfd8c5825fa813462ae207d17072c035f916742517edc42349a72ab6795199d34ccece259d5f2f63587cfaeb0026c0667632b05c5c74

C:\Users\Admin\AppData\Roaming\Aimware cracked\vcruntime140.dll

MD5 11d9ac94e8cb17bd23dea89f8e757f18
SHA1 d4fb80a512486821ad320c4fd67abcae63005158
SHA256 e1d6f78a72836ea120bd27a33ae89cbdc3f3ca7d9d0231aaa3aac91996d2fa4e
SHA512 aa6afd6bea27f554e3646152d8c4f96f7bcaaa4933f8b7c04346e410f93f23cfa6d29362fd5d51ccbb8b6223e094cd89e351f072ad0517553703f5bf9de28778

C:\Windows\Resources\Themes\icsys.icn.exe

MD5 b460c68755dd1245a07a218917d171cc
SHA1 da97ad4d84cac54c4c34f897d52d31ca69afa5a8
SHA256 f91f4cbcf2fa86f4c6a2b504cd586697bee567672d744444d055d371b4d424c1
SHA512 cb4c958815eda73f9041f2ad15d18e160104531af7bfc98bced61466ca240ede625545801bddc7f3120ba03d7e3218fd159b1d6ad7f0d3d4ad3171e2a5a1f731

memory/5100-89-0x0000018F1FDB0000-0x0000018F20229000-memory.dmp

memory/5100-92-0x0000018F1FC40000-0x0000018F1FC41000-memory.dmp

C:\Users\Admin\AppData\Roaming\Aimware cracked\data\icudtl.dat

MD5 cf772cf9f6ca67f592fe47da2a15adb1
SHA1 9cc4d99249bdba8a030daf00d98252c8aef7a0ff
SHA256 ac44ccc3f61bf630bb20fb8043d86cfe4c8995d06b460084400db45d70497b30
SHA512 0bec0d3a34a4ac1cc2ed81dba3bc52981c5dd391a68fe21132dfadb70e42ffbe8f3ba798185733d64a900fd2bb2403f9a8558e6666f2c1e2c0e818d8e3f154fc

memory/4256-94-0x0000000000400000-0x000000000041F000-memory.dmp

memory/5100-91-0x0000018F1FDB0000-0x0000018F20229000-memory.dmp

memory/5100-90-0x0000018F1FDB0000-0x0000018F20229000-memory.dmp

memory/5100-88-0x0000018F1FC30000-0x0000018F1FC31000-memory.dmp

\??\c:\windows\resources\spoolsv.exe

MD5 c7c22c43fd034c4a67232310f0e80839
SHA1 7ed1229417741e2c50eca81e57d465b28a283ffa
SHA256 ed667e682d3e986703b5dd091d7f37c9bffb8e520d59360db2fceaa9bf4df63d
SHA512 aa163a200ca8578d78bfdf3f9e8cb42a0b24b9392ff7702a972d15bc0204ec325f0ab68b768ee0cd89527e9490a79a99216c79ad95f09b013c5f7b73879a81a3

memory/408-109-0x0000000000400000-0x000000000041F000-memory.dmp

\??\c:\windows\resources\svchost.exe

MD5 b13662b5d36a3bffc8f9ac23b11ff972
SHA1 bb0fab917ad542b5229d82c01d1b8a2d65c2657e
SHA256 13e2d8853f3e1d66e5ee014d47b859abb60e259de09be52febee46631d8f5538
SHA512 2d0d3659083af382338ed8e28a82ad1cf0764530550b31cf50457c1ea50b3621278250fff7899490e6ff53c55a41540d32f348e3934358731c8ad08522b7d751

memory/2980-123-0x0000000000400000-0x000000000041F000-memory.dmp

memory/776-126-0x0000000000400000-0x000000000041F000-memory.dmp

memory/2392-125-0x0000000000400000-0x000000000041F000-memory.dmp

memory/408-124-0x0000000000400000-0x000000000041F000-memory.dmp

memory/1604-118-0x0000000000400000-0x000000000041F000-memory.dmp

C:\Users\Admin\AppData\Roaming\Aimware cracked\data\app.so

MD5 abbf126e8cb35b6e1c68d6abe919391b
SHA1 d70bee483bd7ef8d800a6f3a8b909a8219f6801b
SHA256 498dd477a0ae5d531bb2fe67bcf351c3843aa05e19bbde975fb333b4d9ab200b
SHA512 5dc418243d758fa615666f273af4aef1a46cba88a06b153f935c0b0b301a7867adedc0034aafef5a48a09a6424a66e61e5765a5b619a008ec4d04bcfe5f82d01

\??\c:\windows\resources\themes\explorer.exe

MD5 3c5c3d3663b82b4ef3932057dbd5d20d
SHA1 36d38b4ad9bc1516d24e2bebd46d9c5541bce07b
SHA256 17d6caca3ab1a054c84a0ac106ea4de863176574318ad19abe9929b48df2531f
SHA512 db982d1683c780874b8c98f4069c1645cf531a16c93643cf3b1a28c1f6690c108e8b4d06ecfb51a55bd05c88b706a9baf7dd4cf97e375580735e10335edae75a

C:\Users\Admin\AppData\Roaming\Aimware cracked\data\flutter_assets\FontManifest.json

MD5 b2f01a90f24be87c4f4ae98e79090bf5
SHA1 ae7107f7e0d5fae6288e8a82cb1c0f67efbc0b3d
SHA256 eb4549732cd13d6c3874351c182ea15850fbf71f219fe1efe9a1cac19b6c9087
SHA512 422af00f1d8835598586687bec6162c52f6eb0234222f855301bceba8dd71a2bc0e720fa4148c360e77a44be97efc587dd3e2bef5c3cdece1a925f7cf93046ba

C:\Users\Admin\AppData\Local\Temp\deldll.bat

MD5 ea190ef9b139757a890cd48bdd44b0ee
SHA1 95c684e41bf7919408816aafab881621fface202
SHA256 9131de0fcaaf968896af9d58b6f37b4aa443455bb97c97bc142f295cee577bc4
SHA512 22802ffc1965c8e27f799ee88e3fa46debb316c27507a570b0812bc5de0d59a9c2a2105b8cc204851b3c29984ef1dfb7842131819952b185b7e4325a032fb6ad

C:\Users\Admin\AppData\Roaming\Aimware cracked\data\flutter_assets\assets\fonts\Montserrat-Bold.ttf

MD5 88932dadc42e1bba93b21a76de60ef7a
SHA1 3320ff5514b32565b0396de4f2064ce17ec9eea4
SHA256 c4c8cb572a5a2c43d78b3701f4b2349684e6ca4d1557e469af6065b1e099c26c
SHA512 298e1e171dbbe386e1abe153446b883c40910819099f64f54dc9faa95d739be56839537342bbe8dd8408545cb1f8c98878a3524d91af1f11a112d1bfc202657a

C:\Users\Admin\AppData\Roaming\Aimware cracked\data\flutter_assets\assets\fonts\gothampro_black.ttf

MD5 efb0c02a5dbe65a7115b477e74c7a661
SHA1 e30324f4074bcc522a393cecaa62aa4b0e9205cc
SHA256 270d30776b7e5ccf0560b08e0db009f4b1d9753d43689d1e20bb1065e2a3c157
SHA512 0095fb9b0cd508c996cfdc11374a040ef064a22f188d7fbeb21f23c5f7f06aa2bce75e9ae22ec1c0e0f1b8e23003f67c8e8b5962c224c1295fb311e63a9b91f4

C:\Users\Admin\AppData\Roaming\Aimware cracked\data\flutter_assets\assets\YandexBrowserLogo.svg

MD5 8143f6880199b8e992edc37906737642
SHA1 5ea7b2e039ae202878f063da4ec06a58e78789c4
SHA256 10c527dfb3c9521c4bbdff8d52c8ded04bcad20dbb4409c970a0cb2bd8a1f00d
SHA512 1fe8695d8bef10cd4cbf07045dca3c6ec5ce93619a766ea5c18272301551b05ea55c5df52fa3d53be58cd7038c8bd38e188a6bc76f1b9449e298da4a95691655

C:\Users\Admin\AppData\Roaming\Aimware cracked\data\flutter_assets\fonts\MaterialIcons-Regular.otf

MD5 e7069dfd19b331be16bed984668fe080
SHA1 fc25284ee3d0aaa75ec5fc8e4fd96926157ed8c4
SHA256 d9865b671a09d683d13a863089d8825e0f61a37696ce5d7d448bc8023aa62453
SHA512 27d9662a22c3e9fe66c261c45bf309e81be7a738ae5dc5b07ad90d207d9901785f3f11dc227c75ca683186b4553b0aa5a621f541c039475b0f032b7688aaa484

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 17:16

Reported

2024-06-14 17:18

Platform

win10-20240404-en

Max time kernel

90s

Max time network

89s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe"

Signatures

Modifies visiblity of hidden/system files in Explorer

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0" \??\c:\windows\resources\themes\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0" \??\c:\windows\resources\svchost.exe N/A

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\pin\explorer.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A \??\c:\users\admin\appdata\local\temp\aimware cracked.exe  N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Aimware cracked\cheatloader.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A \??\c:\windows\resources\themes\explorer.exe N/A
N/A N/A \??\c:\windows\resources\spoolsv.exe N/A
N/A N/A \??\c:\windows\resources\svchost.exe N/A
N/A N/A \??\c:\windows\resources\spoolsv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\YandexPackLoader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\YandexPackLoader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\312A70B4-5E30-4487-8D7D-B04E8A7628B5\lite_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9BE35152-837C-4CFC-88CA-532E01F25199\seederexe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pin\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8C24293D-96E1-4033-B8AE-DF6B88DB317B\sender.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{2FB6DE87-8EE8-43B2-8AD4-0A3C4EB08C72}.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ybE87B.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_59815.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_59815.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_59815.tmp\setup.exe N/A
N/A N/A C:\Windows\TEMP\sdwra_13004_338714609\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\24.4.5.499\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\24.4.5.499\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\24.4.5.499\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\24.4.5.499\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\24.4.5.499\service_update.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A \??\c:\users\admin\appdata\local\temp\aimware cracked.exe  N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\aimware cracked.exe  N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\aimware cracked.exe  N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Aimware cracked\cheatloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Aimware cracked\cheatloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Aimware cracked\cheatloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Aimware cracked\cheatloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Aimware cracked\cheatloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Aimware cracked\cheatloader.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Explorer = "c:\\windows\\resources\\themes\\explorer.exe RO" \??\c:\windows\resources\themes\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Svchost = "c:\\windows\\resources\\svchost.exe RO" \??\c:\windows\resources\themes\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Explorer = "c:\\windows\\resources\\themes\\explorer.exe RO" \??\c:\windows\resources\svchost.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Svchost = "c:\\windows\\resources\\svchost.exe RO" \??\c:\windows\resources\svchost.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Windows\CurrentVersion\Run\YandexBrowserAutoLaunch_45886AE68CD319C7351FF54A1DBD4B87 = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --shutdown-if-not-closed-by-system-restart" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\explorer.exe \??\c:\windows\resources\themes\explorer.exe N/A
File opened for modification C:\Windows\SysWOW64\explorer.exe \??\c:\windows\resources\svchost.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Yandex\ui C:\Program Files (x86)\Yandex\YandexBrowser\24.4.5.499\service_update.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Yandex\YandexBrowser\24.4.5.499\service_update.exe C:\Windows\TEMP\sdwra_13004_338714609\service_update.exe N/A
File opened for modification C:\Program Files (x86)\Yandex\YandexBrowser\24.4.5.499\service_update.exe C:\Windows\TEMP\sdwra_13004_338714609\service_update.exe N/A
File opened for modification C:\Program Files (x86)\Yandex\YandexBrowser\24.4.5.499\debug.log C:\Program Files (x86)\Yandex\YandexBrowser\24.4.5.499\service_update.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Installer\MSIC6DC.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIC857.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIC8B6.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Users\Admin\AppData\Local\Temp\9BE35152-837C-4CFC-88CA-532E01F25199\seederexe.exe N/A
File created C:\Windows\Tasks\Repairing Yandex Browser update service.job C:\Program Files (x86)\Yandex\YandexBrowser\24.4.5.499\service_update.exe N/A
File created C:\Windows\Tasks\Обновление Браузера Яндекс.job C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
File opened for modification \??\c:\windows\resources\spoolsv.exe \??\c:\windows\resources\themes\explorer.exe N/A
File created C:\Windows\Tasks\Update for Yandex Browser.job C:\Program Files (x86)\Yandex\YandexBrowser\24.4.5.499\service_update.exe N/A
File opened for modification C:\Windows\Resources\Themes\icsys.icn.exe C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe N/A
File created C:\Windows\Installer\e57c469.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIC6AC.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIC789.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification \??\c:\windows\resources\themes\explorer.exe C:\Windows\Resources\Themes\icsys.icn.exe N/A
File opened for modification C:\Windows\Installer\e57c469.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSICA3F.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Resources\tjud.exe \??\c:\windows\resources\themes\explorer.exe N/A
File opened for modification \??\c:\windows\resources\svchost.exe \??\c:\windows\resources\spoolsv.exe N/A
File opened for modification C:\Windows\Installer\MSIC7D9.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIC934.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIC7A9.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Tasks\System update for Yandex Browser.job C:\Program Files (x86)\Yandex\YandexBrowser\24.4.5.499\service_update.exe N/A
File opened for modification C:\Windows\Installer\MSIC62E.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIC9D1.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{5B964E0E-B9A3-4276-9ED9-4D5A5720747A} C:\Windows\system32\msiexec.exe N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\Local\\MICROS~1\\INTERN~1\\Services\\YANDEX~1.ICO" C:\Users\Admin\AppData\Local\Temp\9BE35152-837C-4CFC-88CA-532E01F25199\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\SearchScopes\ebfd9cc4-2a71-11ef-ac83-ea18edfea9e3\NTLogoPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\" C:\Users\Admin\AppData\Local\Temp\9BE35152-837C-4CFC-88CA-532E01F25199\seederexe.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\SearchScopes\ShowSearchSuggestionsInAddressGlobal = "1" C:\Users\Admin\AppData\Local\Temp\9BE35152-837C-4CFC-88CA-532E01F25199\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\SearchScopes\ebfd9cc4-2a71-11ef-ac83-ea18edfea9e3\SuggestionsURL C:\Users\Admin\AppData\Local\Temp\9BE35152-837C-4CFC-88CA-532E01F25199\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\SearchScopes\ebfd9cc4-2a71-11ef-ac83-ea18edfea9e3\FaviconPath = "C:\\Users\\Admin\\AppData\\Local\\MICROS~1\\INTERN~1\\Services\\YANDEX~1.ICO" C:\Users\Admin\AppData\Local\Temp\9BE35152-837C-4CFC-88CA-532E01F25199\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\SearchScopes\buffer\FaviconURLFallback = "http://www.bing.com/favicon.ico" C:\Users\Admin\AppData\Local\Temp\9BE35152-837C-4CFC-88CA-532E01F25199\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\SearchScopes\buffer\NTLogoURL = "http://go.microsoft.com/fwlink/?LinkID=403856&language={language}&scale={scalelevel}&contrast={contrast}" C:\Users\Admin\AppData\Local\Temp\9BE35152-837C-4CFC-88CA-532E01F25199\seederexe.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} C:\Users\Admin\AppData\Local\Temp\9BE35152-837C-4CFC-88CA-532E01F25199\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconURLFallback = "https://www.ya.ru/favicon.ico" C:\Users\Admin\AppData\Local\Temp\9BE35152-837C-4CFC-88CA-532E01F25199\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\YaCreationDate = "2024-17-14" C:\Users\Admin\AppData\Local\Temp\9BE35152-837C-4CFC-88CA-532E01F25199\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\SearchScopes\buffer\NTTopResultURL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IENTTR" C:\Users\Admin\AppData\Local\Temp\9BE35152-837C-4CFC-88CA-532E01F25199\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTLogoURL = "http://downloader.yandex.net/banner/ntpagelogo/{language}/{scalelevel}.png" C:\Users\Admin\AppData\Local\Temp\9BE35152-837C-4CFC-88CA-532E01F25199\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\SearchScopes\ebfd9cc4-2a71-11ef-ac83-ea18edfea9e3\DisplayName = "Bing" C:\Users\Admin\AppData\Local\Temp\9BE35152-837C-4CFC-88CA-532E01F25199\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\SearchScopes\ebfd9cc4-2a71-11ef-ac83-ea18edfea9e3\URL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" C:\Users\Admin\AppData\Local\Temp\9BE35152-837C-4CFC-88CA-532E01F25199\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\SearchScopes\ebfd9cc4-2a71-11ef-ac83-ea18edfea9e3\DisplayName = "Яндекс" C:\Users\Admin\AppData\Local\Temp\9BE35152-837C-4CFC-88CA-532E01F25199\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\SearchScopes\ebfd9cc4-2a71-11ef-ac83-ea18edfea9e3\FaviconURLFallback = "http://www.bing.com/favicon.ico" C:\Users\Admin\AppData\Local\Temp\9BE35152-837C-4CFC-88CA-532E01F25199\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\SearchScopes\ebfd9cc4-2a71-11ef-ac83-ea18edfea9e3\NTLogoURL = "http://go.microsoft.com/fwlink/?LinkID=403856&language={language}&scale={scalelevel}&contrast={contrast}" C:\Users\Admin\AppData\Local\Temp\9BE35152-837C-4CFC-88CA-532E01F25199\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\SearchScopes\ebfd9cc4-2a71-11ef-ac83-ea18edfea9e3\NTURL = "https://yandex.ru/search/?win=650&clid=2337929-699&text={searchTerms}" C:\Users\Admin\AppData\Local\Temp\9BE35152-837C-4CFC-88CA-532E01F25199\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\SearchScopes\ebfd9cc4-2a71-11ef-ac83-ea18edfea9e3\NTLogoURL = "http://downloader.yandex.net/banner/ntpagelogo/{language}/{scalelevel}.png" C:\Users\Admin\AppData\Local\Temp\9BE35152-837C-4CFC-88CA-532E01F25199\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\SearchScopes\buffer\SuggestionsURL = "http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IESS02&market={language}" C:\Users\Admin\AppData\Local\Temp\9BE35152-837C-4CFC-88CA-532E01F25199\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\SearchScopes\buffer\NTLogoPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\" C:\Users\Admin\AppData\Local\Temp\9BE35152-837C-4CFC-88CA-532E01F25199\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\SearchScopes\ebfd9cc4-2a71-11ef-ac83-ea18edfea9e3\SuggestionsURL_JSON = "https://suggest.yandex.ru/suggest-ff.cgi?uil=ru&part={searchTerms}" C:\Users\Admin\AppData\Local\Temp\9BE35152-837C-4CFC-88CA-532E01F25199\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\SearchScopes\ebfd9cc4-2a71-11ef-ac83-ea18edfea9e3\SuggestionsURL = "http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IESS02&market={language}" C:\Users\Admin\AppData\Local\Temp\9BE35152-837C-4CFC-88CA-532E01F25199\seederexe.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\SearchScopes\ebfd9cc4-2a71-11ef-ac83-ea18edfea9e3 C:\Users\Admin\AppData\Local\Temp\9BE35152-837C-4CFC-88CA-532E01F25199\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\SearchScopes\ebfd9cc4-2a71-11ef-ac83-ea18edfea9e3\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" C:\Users\Admin\AppData\Local\Temp\9BE35152-837C-4CFC-88CA-532E01F25199\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\SearchScopes\buffer\DisplayName = "Bing" C:\Users\Admin\AppData\Local\Temp\9BE35152-837C-4CFC-88CA-532E01F25199\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\SearchScopes\buffer\NTSuggestionsURL = "http://api.bing.com/qsml.aspx?query={searchTerms}&market={language}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IENTSS" C:\Users\Admin\AppData\Local\Temp\9BE35152-837C-4CFC-88CA-532E01F25199\seederexe.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} C:\Users\Admin\AppData\Local\Temp\9BE35152-837C-4CFC-88CA-532E01F25199\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\DisplayName = "Яндекс" C:\Users\Admin\AppData\Local\Temp\9BE35152-837C-4CFC-88CA-532E01F25199\seederexe.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Users\Admin\AppData\Local\Temp\9BE35152-837C-4CFC-88CA-532E01F25199\seederexe.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\Main C:\Users\Admin\AppData\Local\Temp\9BE35152-837C-4CFC-88CA-532E01F25199\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\SearchScopes\ebfd9cc4-2a71-11ef-ac83-ea18edfea9e3\NTURL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IENTSR" C:\Users\Admin\AppData\Local\Temp\9BE35152-837C-4CFC-88CA-532E01F25199\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\SearchScopes\ebfd9cc4-2a71-11ef-ac83-ea18edfea9e3\YaCreationDate = "2024-17-14" C:\Users\Admin\AppData\Local\Temp\9BE35152-837C-4CFC-88CA-532E01F25199\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\SearchScopes\buffer\URL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" C:\Users\Admin\AppData\Local\Temp\9BE35152-837C-4CFC-88CA-532E01F25199\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURL_JSON = "https://suggest.yandex.ru/suggest-ff.cgi?uil=ru&part={searchTerms}" C:\Users\Admin\AppData\Local\Temp\9BE35152-837C-4CFC-88CA-532E01F25199\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\SearchScopes\ebfd9cc4-2a71-11ef-ac83-ea18edfea9e3\NTTopResultURL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IENTTR" C:\Users\Admin\AppData\Local\Temp\9BE35152-837C-4CFC-88CA-532E01F25199\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\SearchScopes\ebfd9cc4-2a71-11ef-ac83-ea18edfea9e3\URL = "https://yandex.ru/search/?win=650&clid=2337891-699&text={searchTerms}" C:\Users\Admin\AppData\Local\Temp\9BE35152-837C-4CFC-88CA-532E01F25199\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\SearchScopes\buffer\FaviconURL = "http://www.bing.com/favicon.ico" C:\Users\Admin\AppData\Local\Temp\9BE35152-837C-4CFC-88CA-532E01F25199\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\SearchScopes\ebfd9cc4-2a71-11ef-ac83-ea18edfea9e3\FaviconURLFallback = "https://www.ya.ru/favicon.ico" C:\Users\Admin\AppData\Local\Temp\9BE35152-837C-4CFC-88CA-532E01F25199\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\SearchScopes\buffer\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" C:\Users\Admin\AppData\Local\Temp\9BE35152-837C-4CFC-88CA-532E01F25199\seederexe.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\MINIE\LinksBandEnabled = "1" C:\Users\Admin\AppData\Local\Temp\9BE35152-837C-4CFC-88CA-532E01F25199\seederexe.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\SearchScopes\buffer C:\Users\Admin\AppData\Local\Temp\9BE35152-837C-4CFC-88CA-532E01F25199\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\URL = "https://yandex.ru/search/?win=650&clid=2337891-699&text={searchTerms}" C:\Users\Admin\AppData\Local\Temp\9BE35152-837C-4CFC-88CA-532E01F25199\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\SearchScopes\ebfd9cc4-2a71-11ef-ac83-ea18edfea9e3\SuggestionsURLFallback = "http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IESS02&market={language}" C:\Users\Admin\AppData\Local\Temp\9BE35152-837C-4CFC-88CA-532E01F25199\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTURL = "https://yandex.ru/search/?win=650&clid=2337929-699&text={searchTerms}" C:\Users\Admin\AppData\Local\Temp\9BE35152-837C-4CFC-88CA-532E01F25199\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTTopResultURL C:\Users\Admin\AppData\Local\Temp\9BE35152-837C-4CFC-88CA-532E01F25199\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\SearchScopes\DefaultScope = "{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" C:\Users\Admin\AppData\Local\Temp\9BE35152-837C-4CFC-88CA-532E01F25199\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\SearchScopes\ebfd9cc4-2a71-11ef-ac83-ea18edfea9e3\NTTopResultURL C:\Users\Admin\AppData\Local\Temp\9BE35152-837C-4CFC-88CA-532E01F25199\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURL C:\Users\Admin\AppData\Local\Temp\9BE35152-837C-4CFC-88CA-532E01F25199\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\SearchScopes\ebfd9cc4-2a71-11ef-ac83-ea18edfea9e3\FaviconURL = "http://www.bing.com/favicon.ico" C:\Users\Admin\AppData\Local\Temp\9BE35152-837C-4CFC-88CA-532E01F25199\seederexe.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\SearchScopes\buffer C:\Users\Admin\AppData\Local\Temp\9BE35152-837C-4CFC-88CA-532E01F25199\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\SearchScopes\buffer\NTURL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IENTSR" C:\Users\Admin\AppData\Local\Temp\9BE35152-837C-4CFC-88CA-532E01F25199\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\SearchScopes\ebfd9cc4-2a71-11ef-ac83-ea18edfea9e3\NTSuggestionsURL = "http://api.bing.com/qsml.aspx?query={searchTerms}&market={language}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IENTSS" C:\Users\Admin\AppData\Local\Temp\9BE35152-837C-4CFC-88CA-532E01F25199\seederexe.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\SearchScopes\ebfd9cc4-2a71-11ef-ac83-ea18edfea9e3 C:\Users\Admin\AppData\Local\Temp\9BE35152-837C-4CFC-88CA-532E01F25199\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\SearchScopes\buffer\SuggestionsURLFallback = "http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IESS02&market={language}" C:\Users\Admin\AppData\Local\Temp\9BE35152-837C-4CFC-88CA-532E01F25199\seederexe.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\MINIE C:\Users\Admin\AppData\Local\Temp\9BE35152-837C-4CFC-88CA-532E01F25199\seederexe.exe N/A

Modifies Internet Explorer start page

stealer
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\Main\Start Page = "https://www.ya.ru/?win=650&clid=2337897-699" C:\Users\Admin\AppData\Local\Temp\9BE35152-837C-4CFC-88CA-532E01F25199\seederexe.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\AppDataLow\Yandex C:\Program Files (x86)\Yandex\YandexBrowser\24.4.5.499\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software C:\Program Files (x86)\Yandex\YandexBrowser\24.4.5.499\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\AppDataLow C:\Program Files (x86)\Yandex\YandexBrowser\24.4.5.499\service_update.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\AppDataLow\Yandex\UICreated_SYSTEM = "1" C:\Program Files (x86)\Yandex\YandexBrowser\24.4.5.499\service_update.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\YandexGIF.5P6FD3IGMHO2L6GWXWLGCTMZBE\shell C:\Users\Admin\AppData\Local\Temp\YB_59815.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\YandexJS.5P6FD3IGMHO2L6GWXWLGCTMZBE\DefaultIcon C:\Users\Admin\AppData\Local\Temp\YB_59815.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\YandexSVG.5P6FD3IGMHO2L6GWXWLGCTMZBE\shell\open\command C:\Users\Admin\AppData\Local\Temp\YB_59815.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\YandexTXT.5P6FD3IGMHO2L6GWXWLGCTMZBE\ = "Yandex Browser TXT Document" C:\Users\Admin\AppData\Local\Temp\YB_59815.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\.webm\OpenWithProgids\YandexWEBM.5P6FD3IGMHO2L6GWXWLGCTMZBE C:\Users\Admin\AppData\Local\Temp\YB_59815.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\YandexHTML.5P6FD3IGMHO2L6GWXWLGCTMZBE\shell\open C:\Users\Admin\AppData\Local\Temp\YB_59815.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\.jpeg C:\Users\Admin\AppData\Local\Temp\YB_59815.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\YandexBrowser.crx\shell\open\command C:\Users\Admin\AppData\Local\Temp\YB_59815.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\YandexSWF.5P6FD3IGMHO2L6GWXWLGCTMZBE\shell\open C:\Users\Admin\AppData\Local\Temp\YB_59815.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\YandexHTML.5P6FD3IGMHO2L6GWXWLGCTMZBE\Application\ApplicationIcon = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,0" C:\Users\Admin\AppData\Local\Temp\YB_59815.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\YandexHTML.5P6FD3IGMHO2L6GWXWLGCTMZBE\Application\ApplicationDescription = "Яндекс\u00a0Браузер – это быстрая и\u00a0удобная программа для\u00a0работы в\u00a0интернете и\u00a0просмотра веб-страниц." C:\Users\Admin\AppData\Local\Temp\YB_59815.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\YandexPNG.5P6FD3IGMHO2L6GWXWLGCTMZBE\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1" C:\Users\Admin\AppData\Local\Temp\YB_59815.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\YandexWEBP.5P6FD3IGMHO2L6GWXWLGCTMZBE C:\Users\Admin\AppData\Local\Temp\YB_59815.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\YandexWEBP.5P6FD3IGMHO2L6GWXWLGCTMZBE\shell\open\command C:\Users\Admin\AppData\Local\Temp\YB_59815.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\YandexXML.5P6FD3IGMHO2L6GWXWLGCTMZBE\ = "Yandex Browser XML Document" C:\Users\Admin\AppData\Local\Temp\YB_59815.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\.css C:\Users\Admin\AppData\Local\Temp\YB_59815.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\YandexJPEG.5P6FD3IGMHO2L6GWXWLGCTMZBE\shell\open\command C:\Users\Admin\AppData\Local\Temp\YB_59815.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\YandexINFE.5P6FD3IGMHO2L6GWXWLGCTMZBE\shell\open\command C:\Users\Admin\AppData\Local\Temp\YB_59815.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\YandexJS.5P6FD3IGMHO2L6GWXWLGCTMZBE\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1" C:\Users\Admin\AppData\Local\Temp\YB_59815.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\YandexHTML.5P6FD3IGMHO2L6GWXWLGCTMZBE\Application C:\Users\Admin\AppData\Local\Temp\YB_59815.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\.jpg\OpenWithProgids\YandexJPEG.5P6FD3IGMHO2L6GWXWLGCTMZBE C:\Users\Admin\AppData\Local\Temp\YB_59815.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\YandexGIF.5P6FD3IGMHO2L6GWXWLGCTMZBE\DefaultIcon C:\Users\Admin\AppData\Local\Temp\YB_59815.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\YandexCSS.5P6FD3IGMHO2L6GWXWLGCTMZBE\ = "Yandex Browser CSS Document" C:\Users\Admin\AppData\Local\Temp\YB_59815.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\YandexSVG.5P6FD3IGMHO2L6GWXWLGCTMZBE\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-123" C:\Users\Admin\AppData\Local\Temp\YB_59815.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\.tif\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\YB_59815.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\YandexBrowser.crx C:\Users\Admin\AppData\Local\Temp\YB_59815.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\YandexWEBP.5P6FD3IGMHO2L6GWXWLGCTMZBE\ = "Yandex Browser WEBP Document" C:\Users\Admin\AppData\Local\Temp\YB_59815.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\.jpg C:\Users\Admin\AppData\Local\Temp\YB_59815.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\YandexTXT.5P6FD3IGMHO2L6GWXWLGCTMZBE\DefaultIcon C:\Users\Admin\AppData\Local\Temp\YB_59815.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\YandexTIFF.5P6FD3IGMHO2L6GWXWLGCTMZBE\DefaultIcon C:\Users\Admin\AppData\Local\Temp\YB_59815.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\YandexCRX.5P6FD3IGMHO2L6GWXWLGCTMZBE\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1" C:\Users\Admin\AppData\Local\Temp\YB_59815.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\YandexCRX.5P6FD3IGMHO2L6GWXWLGCTMZBE\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-104" C:\Users\Admin\AppData\Local\Temp\YB_59815.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\YandexEPUB.5P6FD3IGMHO2L6GWXWLGCTMZBE\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1" C:\Users\Admin\AppData\Local\Temp\YB_59815.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\YandexINFE.5P6FD3IGMHO2L6GWXWLGCTMZBE\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1" C:\Users\Admin\AppData\Local\Temp\YB_59815.tmp\setup.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\LinksBar\Enabled = "1" C:\Users\Admin\AppData\Local\Temp\9BE35152-837C-4CFC-88CA-532E01F25199\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\YandexHTML.5P6FD3IGMHO2L6GWXWLGCTMZBE\AppUserModelId = "Yandex.5P6FD3IGMHO2L6GWXWLGCTMZBE" C:\Users\Admin\AppData\Local\Temp\YB_59815.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\YandexEPUB.5P6FD3IGMHO2L6GWXWLGCTMZBE\shell\open C:\Users\Admin\AppData\Local\Temp\YB_59815.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\YandexCRX.5P6FD3IGMHO2L6GWXWLGCTMZBE\shell\open\command C:\Users\Admin\AppData\Local\Temp\YB_59815.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\YandexWEBM.5P6FD3IGMHO2L6GWXWLGCTMZBE\shell\open\command C:\Users\Admin\AppData\Local\Temp\YB_59815.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\YandexPDF.5P6FD3IGMHO2L6GWXWLGCTMZBE\shell\open\command C:\Users\Admin\AppData\Local\Temp\YB_59815.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\.webp\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\YB_59815.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\YandexCRX.5P6FD3IGMHO2L6GWXWLGCTMZBE\DefaultIcon C:\Users\Admin\AppData\Local\Temp\YB_59815.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\YandexFB2.5P6FD3IGMHO2L6GWXWLGCTMZBE C:\Users\Admin\AppData\Local\Temp\YB_59815.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\.xht C:\Users\Admin\AppData\Local\Temp\YB_59815.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\FavBarCache C:\Users\Admin\AppData\Local\Temp\9BE35152-837C-4CFC-88CA-532E01F25199\seederexe.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\YandexEPUB.5P6FD3IGMHO2L6GWXWLGCTMZBE\shell C:\Users\Admin\AppData\Local\Temp\YB_59815.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\YandexINFE.5P6FD3IGMHO2L6GWXWLGCTMZBE\shell C:\Users\Admin\AppData\Local\Temp\YB_59815.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\.infected C:\Users\Admin\AppData\Local\Temp\YB_59815.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\.swf\OpenWithProgids\YandexSWF.5P6FD3IGMHO2L6GWXWLGCTMZBE C:\Users\Admin\AppData\Local\Temp\YB_59815.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\yabrowser\shell C:\Users\Admin\AppData\Local\Temp\YB_59815.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\YandexBrowser.crx\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\",0" C:\Users\Admin\AppData\Local\Temp\YB_59815.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\YandexTXT.5P6FD3IGMHO2L6GWXWLGCTMZBE\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-120" C:\Users\Admin\AppData\Local\Temp\YB_59815.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\.shtml\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\YB_59815.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\yabrowser C:\Users\Admin\AppData\Local\Temp\YB_59815.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\YandexHTML.5P6FD3IGMHO2L6GWXWLGCTMZBE\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1" C:\Users\Admin\AppData\Local\Temp\YB_59815.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\YandexTIFF.5P6FD3IGMHO2L6GWXWLGCTMZBE\shell\open\command C:\Users\Admin\AppData\Local\Temp\YB_59815.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\YandexWEBM.5P6FD3IGMHO2L6GWXWLGCTMZBE\DefaultIcon C:\Users\Admin\AppData\Local\Temp\YB_59815.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\.xml\OpenWithProgids\YandexXML.5P6FD3IGMHO2L6GWXWLGCTMZBE C:\Users\Admin\AppData\Local\Temp\YB_59815.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\YandexBrowser.crx\ = "Yandex Browser Extra" C:\Users\Admin\AppData\Local\Temp\YB_59815.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\YandexXML.5P6FD3IGMHO2L6GWXWLGCTMZBE\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-134" C:\Users\Admin\AppData\Local\Temp\YB_59815.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\YandexPDF.5P6FD3IGMHO2L6GWXWLGCTMZBE\shell C:\Users\Admin\AppData\Local\Temp\YB_59815.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\YandexJPEG.5P6FD3IGMHO2L6GWXWLGCTMZBE\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-109" C:\Users\Admin\AppData\Local\Temp\YB_59815.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\YandexPNG.5P6FD3IGMHO2L6GWXWLGCTMZBE\shell C:\Users\Admin\AppData\Local\Temp\YB_59815.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\YandexSVG.5P6FD3IGMHO2L6GWXWLGCTMZBE\shell C:\Users\Admin\AppData\Local\Temp\YB_59815.tmp\setup.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 5c000000010000000400000000100000190000000100000010000000ea6089055218053dd01e37e1d806eedf0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254830400000001000000100000001bfe69d191b71933a372a80fe155e5b52000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd C:\Users\Admin\AppData\Local\YandexPackLoader.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E C:\Users\Admin\AppData\Local\YandexPackLoader.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd C:\Users\Admin\AppData\Local\YandexPackLoader.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 C:\Users\Admin\AppData\Local\YandexPackLoader.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b8200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 C:\Users\Admin\AppData\Local\YandexPackLoader.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 1900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 C:\Users\Admin\AppData\Local\YandexPackLoader.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0400000001000000100000001bfe69d191b71933a372a80fe155e5b50f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e190000000100000010000000ea6089055218053dd01e37e1d806eedf2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd C:\Users\Admin\AppData\Local\YandexPackLoader.exe N/A

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\aimware cracked.exe  N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\aimware cracked.exe  N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\aimware cracked.exe  N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\aimware cracked.exe  N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A \??\c:\windows\resources\svchost.exe N/A
N/A N/A \??\c:\windows\resources\themes\explorer.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A \??\c:\users\admin\appdata\local\temp\aimware cracked.exe  N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\pin\explorer.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Aimware cracked\cheatloader.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Aimware cracked\cheatloader.exe N/A
N/A N/A \??\c:\windows\resources\themes\explorer.exe N/A
N/A N/A \??\c:\windows\resources\themes\explorer.exe N/A
N/A N/A \??\c:\windows\resources\spoolsv.exe N/A
N/A N/A \??\c:\windows\resources\spoolsv.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Aimware cracked\cheatloader.exe N/A
N/A N/A \??\c:\windows\resources\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Aimware cracked\cheatloader.exe N/A
N/A N/A \??\c:\windows\resources\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Aimware cracked\cheatloader.exe N/A
N/A N/A \??\c:\windows\resources\spoolsv.exe N/A
N/A N/A \??\c:\windows\resources\spoolsv.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Aimware cracked\cheatloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4496 wrote to memory of 5100 N/A C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe \??\c:\users\admin\appdata\local\temp\aimware cracked.exe 
PID 4496 wrote to memory of 5100 N/A C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe \??\c:\users\admin\appdata\local\temp\aimware cracked.exe 
PID 4496 wrote to memory of 5100 N/A C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe \??\c:\users\admin\appdata\local\temp\aimware cracked.exe 
PID 5100 wrote to memory of 2868 N/A \??\c:\users\admin\appdata\local\temp\aimware cracked.exe  C:\Users\Admin\AppData\Roaming\Aimware cracked\cheatloader.exe
PID 5100 wrote to memory of 2868 N/A \??\c:\users\admin\appdata\local\temp\aimware cracked.exe  C:\Users\Admin\AppData\Roaming\Aimware cracked\cheatloader.exe
PID 5100 wrote to memory of 4432 N/A \??\c:\users\admin\appdata\local\temp\aimware cracked.exe  C:\Windows\SysWOW64\cmd.exe
PID 5100 wrote to memory of 4432 N/A \??\c:\users\admin\appdata\local\temp\aimware cracked.exe  C:\Windows\SysWOW64\cmd.exe
PID 5100 wrote to memory of 4432 N/A \??\c:\users\admin\appdata\local\temp\aimware cracked.exe  C:\Windows\SysWOW64\cmd.exe
PID 4496 wrote to memory of 1684 N/A C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe C:\Windows\Resources\Themes\icsys.icn.exe
PID 4496 wrote to memory of 1684 N/A C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe C:\Windows\Resources\Themes\icsys.icn.exe
PID 4496 wrote to memory of 1684 N/A C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe C:\Windows\Resources\Themes\icsys.icn.exe
PID 4432 wrote to memory of 4072 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 4432 wrote to memory of 4072 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 4432 wrote to memory of 4072 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 1684 wrote to memory of 1144 N/A C:\Windows\Resources\Themes\icsys.icn.exe \??\c:\windows\resources\themes\explorer.exe
PID 1684 wrote to memory of 1144 N/A C:\Windows\Resources\Themes\icsys.icn.exe \??\c:\windows\resources\themes\explorer.exe
PID 1684 wrote to memory of 1144 N/A C:\Windows\Resources\Themes\icsys.icn.exe \??\c:\windows\resources\themes\explorer.exe
PID 1144 wrote to memory of 784 N/A \??\c:\windows\resources\themes\explorer.exe \??\c:\windows\resources\spoolsv.exe
PID 1144 wrote to memory of 784 N/A \??\c:\windows\resources\themes\explorer.exe \??\c:\windows\resources\spoolsv.exe
PID 1144 wrote to memory of 784 N/A \??\c:\windows\resources\themes\explorer.exe \??\c:\windows\resources\spoolsv.exe
PID 784 wrote to memory of 3260 N/A \??\c:\windows\resources\spoolsv.exe \??\c:\windows\resources\svchost.exe
PID 784 wrote to memory of 3260 N/A \??\c:\windows\resources\spoolsv.exe \??\c:\windows\resources\svchost.exe
PID 784 wrote to memory of 3260 N/A \??\c:\windows\resources\spoolsv.exe \??\c:\windows\resources\svchost.exe
PID 3260 wrote to memory of 4384 N/A \??\c:\windows\resources\svchost.exe \??\c:\windows\resources\spoolsv.exe
PID 3260 wrote to memory of 4384 N/A \??\c:\windows\resources\svchost.exe \??\c:\windows\resources\spoolsv.exe
PID 3260 wrote to memory of 4384 N/A \??\c:\windows\resources\svchost.exe \??\c:\windows\resources\spoolsv.exe
PID 2868 wrote to memory of 1672 N/A C:\Users\Admin\AppData\Roaming\Aimware cracked\cheatloader.exe C:\Users\Admin\AppData\Local\YandexPackLoader.exe
PID 2868 wrote to memory of 1672 N/A C:\Users\Admin\AppData\Roaming\Aimware cracked\cheatloader.exe C:\Users\Admin\AppData\Local\YandexPackLoader.exe
PID 2868 wrote to memory of 1672 N/A C:\Users\Admin\AppData\Roaming\Aimware cracked\cheatloader.exe C:\Users\Admin\AppData\Local\YandexPackLoader.exe
PID 1672 wrote to memory of 1756 N/A C:\Users\Admin\AppData\Local\YandexPackLoader.exe C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe
PID 1672 wrote to memory of 1756 N/A C:\Users\Admin\AppData\Local\YandexPackLoader.exe C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe
PID 1672 wrote to memory of 1756 N/A C:\Users\Admin\AppData\Local\YandexPackLoader.exe C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe
PID 1672 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\YandexPackLoader.exe C:\Users\Admin\AppData\Local\YandexPackLoader.exe
PID 1672 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\YandexPackLoader.exe C:\Users\Admin\AppData\Local\YandexPackLoader.exe
PID 1672 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\YandexPackLoader.exe C:\Users\Admin\AppData\Local\YandexPackLoader.exe
PID 5008 wrote to memory of 2648 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 5008 wrote to memory of 2648 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 5008 wrote to memory of 2648 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2648 wrote to memory of 220 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\312A70B4-5E30-4487-8D7D-B04E8A7628B5\lite_installer.exe
PID 2648 wrote to memory of 220 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\312A70B4-5E30-4487-8D7D-B04E8A7628B5\lite_installer.exe
PID 2648 wrote to memory of 220 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\312A70B4-5E30-4487-8D7D-B04E8A7628B5\lite_installer.exe
PID 2648 wrote to memory of 1796 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\9BE35152-837C-4CFC-88CA-532E01F25199\seederexe.exe
PID 2648 wrote to memory of 1796 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\9BE35152-837C-4CFC-88CA-532E01F25199\seederexe.exe
PID 2648 wrote to memory of 1796 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\9BE35152-837C-4CFC-88CA-532E01F25199\seederexe.exe
PID 1796 wrote to memory of 6128 N/A C:\Users\Admin\AppData\Local\Temp\9BE35152-837C-4CFC-88CA-532E01F25199\seederexe.exe C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe
PID 1796 wrote to memory of 6128 N/A C:\Users\Admin\AppData\Local\Temp\9BE35152-837C-4CFC-88CA-532E01F25199\seederexe.exe C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe
PID 1796 wrote to memory of 6128 N/A C:\Users\Admin\AppData\Local\Temp\9BE35152-837C-4CFC-88CA-532E01F25199\seederexe.exe C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe
PID 6128 wrote to memory of 6232 N/A C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe C:\Users\Admin\AppData\Local\Temp\pin\explorer.exe
PID 6128 wrote to memory of 6232 N/A C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe C:\Users\Admin\AppData\Local\Temp\pin\explorer.exe
PID 6128 wrote to memory of 6232 N/A C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe C:\Users\Admin\AppData\Local\Temp\pin\explorer.exe
PID 1796 wrote to memory of 6312 N/A C:\Users\Admin\AppData\Local\Temp\9BE35152-837C-4CFC-88CA-532E01F25199\seederexe.exe C:\Users\Admin\AppData\Local\Temp\8C24293D-96E1-4033-B8AE-DF6B88DB317B\sender.exe
PID 1796 wrote to memory of 6312 N/A C:\Users\Admin\AppData\Local\Temp\9BE35152-837C-4CFC-88CA-532E01F25199\seederexe.exe C:\Users\Admin\AppData\Local\Temp\8C24293D-96E1-4033-B8AE-DF6B88DB317B\sender.exe
PID 1796 wrote to memory of 6312 N/A C:\Users\Admin\AppData\Local\Temp\9BE35152-837C-4CFC-88CA-532E01F25199\seederexe.exe C:\Users\Admin\AppData\Local\Temp\8C24293D-96E1-4033-B8AE-DF6B88DB317B\sender.exe
PID 6480 wrote to memory of 12864 N/A C:\Users\Admin\AppData\Local\Temp\{2FB6DE87-8EE8-43B2-8AD4-0A3C4EB08C72}.exe C:\Users\Admin\AppData\Local\Temp\ybE87B.tmp
PID 6480 wrote to memory of 12864 N/A C:\Users\Admin\AppData\Local\Temp\{2FB6DE87-8EE8-43B2-8AD4-0A3C4EB08C72}.exe C:\Users\Admin\AppData\Local\Temp\ybE87B.tmp
PID 6480 wrote to memory of 12864 N/A C:\Users\Admin\AppData\Local\Temp\{2FB6DE87-8EE8-43B2-8AD4-0A3C4EB08C72}.exe C:\Users\Admin\AppData\Local\Temp\ybE87B.tmp
PID 12864 wrote to memory of 12944 N/A C:\Users\Admin\AppData\Local\Temp\ybE87B.tmp C:\Users\Admin\AppData\Local\Temp\YB_59815.tmp\setup.exe
PID 12864 wrote to memory of 12944 N/A C:\Users\Admin\AppData\Local\Temp\ybE87B.tmp C:\Users\Admin\AppData\Local\Temp\YB_59815.tmp\setup.exe
PID 12864 wrote to memory of 12944 N/A C:\Users\Admin\AppData\Local\Temp\ybE87B.tmp C:\Users\Admin\AppData\Local\Temp\YB_59815.tmp\setup.exe
PID 12944 wrote to memory of 13004 N/A C:\Users\Admin\AppData\Local\Temp\YB_59815.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\YB_59815.tmp\setup.exe
PID 12944 wrote to memory of 13004 N/A C:\Users\Admin\AppData\Local\Temp\YB_59815.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\YB_59815.tmp\setup.exe
PID 12944 wrote to memory of 13004 N/A C:\Users\Admin\AppData\Local\Temp\YB_59815.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\YB_59815.tmp\setup.exe
PID 13004 wrote to memory of 13048 N/A C:\Users\Admin\AppData\Local\Temp\YB_59815.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\YB_59815.tmp\setup.exe
PID 13004 wrote to memory of 13048 N/A C:\Users\Admin\AppData\Local\Temp\YB_59815.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\YB_59815.tmp\setup.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe

"C:\Users\Admin\AppData\Local\Temp\Aimware cracked.exe"

\??\c:\users\admin\appdata\local\temp\aimware cracked.exe 

"c:\users\admin\appdata\local\temp\aimware cracked.exe "

C:\Users\Admin\AppData\Roaming\Aimware cracked\cheatloader.exe

"C:\Users\Admin\AppData\Roaming\Aimware cracked\cheatloader.exe"

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c deldll.bat

C:\Windows\Resources\Themes\icsys.icn.exe

C:\Windows\Resources\Themes\icsys.icn.exe

C:\Windows\SysWOW64\PING.EXE

ping -n 2 -w 1000 127.0.0.1

\??\c:\windows\resources\themes\explorer.exe

c:\windows\resources\themes\explorer.exe

\??\c:\windows\resources\spoolsv.exe

c:\windows\resources\spoolsv.exe SE

\??\c:\windows\resources\svchost.exe

c:\windows\resources\svchost.exe

\??\c:\windows\resources\spoolsv.exe

c:\windows\resources\spoolsv.exe PR

C:\Users\Admin\AppData\Local\YandexPackLoader.exe

C:\Users\Admin\AppData\Local\YandexPackLoader.exe

C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe

"C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe" /passive /msicl "VID=699 YABROWSER=y YAHOMEPAGE=y YAQSEARCH=y "

C:\Users\Admin\AppData\Local\YandexPackLoader.exe

C:\Users\Admin\AppData\Local\YandexPackLoader.exe --stat dwnldr/p=8981/rid=5b6b952b-c154-4bde-8545-da0dd341c28a/sbr=0-0/hrc=200-200/bd=267-10639168/gtpr=1-1-1-255-1/cdr=0-b7-b7-ff-b7/for=3-0/fole=255-0/fwle=255-0/vr=ff-0/vle=ff-0/hovr=ff-ff/hovle=ff-ff/shle=ff-0/vmajor=10/vminor=0/vbuild=15063/distr_type=landing/cnt=0/dt=3/ct=1/rt=0 --dh 2180 --st 1718385419

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 50D02717B597D4D293BB7AC4C5EDD1FA

C:\Users\Admin\AppData\Local\Temp\312A70B4-5E30-4487-8D7D-B04E8A7628B5\lite_installer.exe

"C:\Users\Admin\AppData\Local\Temp\312A70B4-5E30-4487-8D7D-B04E8A7628B5\lite_installer.exe" --use-user-default-locale --silent --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/5/ --YABROWSER

C:\Users\Admin\AppData\Local\Temp\9BE35152-837C-4CFC-88CA-532E01F25199\seederexe.exe

"C:\Users\Admin\AppData\Local\Temp\9BE35152-837C-4CFC-88CA-532E01F25199\seederexe.exe" "--yqs=y" "--yhp=y" "--ilight=" "--oem=" "--nopin=n" "--pin_custom=n" "--pin_desktop=n" "--pin_taskbar=y" "--locale=us" "--browser=y" "--browser_default=" "--loglevel=trace" "--ess=" "--clids=C:\Users\Admin\AppData\Local\Temp\clids-yasearch.xml" "--sender=C:\Users\Admin\AppData\Local\Temp\8C24293D-96E1-4033-B8AE-DF6B88DB317B\sender.exe" "--is_elevated=yes" "--ui_level=2" "--good_token=x" "--no_opera=n"

C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe

C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe --silent --pin-taskbar=y --pin-desktop=n

C:\Users\Admin\AppData\Local\Temp\pin\explorer.exe

C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe --silent --pin-taskbar=y --pin-desktop=n /pin-path="C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.lnk" --is-pinning

C:\Users\Admin\AppData\Local\Temp\8C24293D-96E1-4033-B8AE-DF6B88DB317B\sender.exe

C:\Users\Admin\AppData\Local\Temp\8C24293D-96E1-4033-B8AE-DF6B88DB317B\sender.exe --send "/status.xml?clid=2337898-699&uuid=b2483dad-d424-46a0-8bde-bcc477461321&vnt=Windows 10x64&file-no=10%0A11%0A12%0A13%0A14%0A15%0A17%0A18%0A20%0A21%0A22%0A23%0A25%0A28%0A36%0A40%0A42%0A43%0A45%0A54%0A57%0A61%0A89%0A102%0A103%0A111%0A123%0A124%0A125%0A129%0A"

C:\Users\Admin\AppData\Local\Temp\{2FB6DE87-8EE8-43B2-8AD4-0A3C4EB08C72}.exe

"C:\Users\Admin\AppData\Local\Temp\{2FB6DE87-8EE8-43B2-8AD4-0A3C4EB08C72}.exe" --job-name=yBrowserDownloader-{71E96AE7-9786-40AF-8704-C43D837B1685} --send-statistics --local-path=C:\Users\Admin\AppData\Local\Temp\{2FB6DE87-8EE8-43B2-8AD4-0A3C4EB08C72}.exe --YABROWSER --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/5/ --silent --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe?clid=none&ui={b2483dad-d424-46a0-8bde-bcc477461321} --use-user-default-locale

C:\Users\Admin\AppData\Local\Temp\ybE87B.tmp

"C:\Users\Admin\AppData\Local\Temp\ybE87B.tmp" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\bfb555b1-ba0c-4e2e-9c74-4398012aa254.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/5/ --install-start-time-no-uac=497081283 --installer-brand-id=yandex --installer-partner-id=pseudoportal-ru --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --job-name=yBrowserDownloader-{71E96AE7-9786-40AF-8704-C43D837B1685} --local-path="C:\Users\Admin\AppData\Local\Temp\{2FB6DE87-8EE8-43B2-8AD4-0A3C4EB08C72}.exe" --partner-package="C:\Users\Admin\AppData\Local\Temp\PartnerFile" --progress-window=0 --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe?clid=none&ui={b2483dad-d424-46a0-8bde-bcc477461321} --send-statistics --silent --source=lite --use-user-default-locale --variations-update-path="C:\Users\Admin\AppData\Local\Temp\4296a17a-bd4f-47b5-945a-d744309f78a9.tmp" --verbose-logging --yabrowser --yandex-website-icon-file="C:\Users\Admin\AppData\Local\Temp\website.ico"

C:\Users\Admin\AppData\Local\Temp\YB_59815.tmp\setup.exe

"C:\Users\Admin\AppData\Local\Temp\YB_59815.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_59815.tmp\BROWSER.PACKED.7Z" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\bfb555b1-ba0c-4e2e-9c74-4398012aa254.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/5/ --install-start-time-no-uac=497081283 --installer-brand-id=yandex --installer-partner-id=pseudoportal-ru --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --job-name=yBrowserDownloader-{71E96AE7-9786-40AF-8704-C43D837B1685} --local-path="C:\Users\Admin\AppData\Local\Temp\{2FB6DE87-8EE8-43B2-8AD4-0A3C4EB08C72}.exe" --partner-package="C:\Users\Admin\AppData\Local\Temp\PartnerFile" --progress-window=0 --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe?clid=none&ui={b2483dad-d424-46a0-8bde-bcc477461321} --send-statistics --silent --source=lite --use-user-default-locale --variations-update-path="C:\Users\Admin\AppData\Local\Temp\4296a17a-bd4f-47b5-945a-d744309f78a9.tmp" --verbose-logging --yabrowser --yandex-website-icon-file="C:\Users\Admin\AppData\Local\Temp\website.ico"

C:\Users\Admin\AppData\Local\Temp\YB_59815.tmp\setup.exe

"C:\Users\Admin\AppData\Local\Temp\YB_59815.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_59815.tmp\BROWSER.PACKED.7Z" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\bfb555b1-ba0c-4e2e-9c74-4398012aa254.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/5/ --install-start-time-no-uac=497081283 --installer-brand-id=yandex --installer-partner-id=pseudoportal-ru --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --job-name=yBrowserDownloader-{71E96AE7-9786-40AF-8704-C43D837B1685} --local-path="C:\Users\Admin\AppData\Local\Temp\{2FB6DE87-8EE8-43B2-8AD4-0A3C4EB08C72}.exe" --partner-package="C:\Users\Admin\AppData\Local\Temp\PartnerFile" --progress-window=0 --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe?clid=none&ui={b2483dad-d424-46a0-8bde-bcc477461321} --send-statistics --silent --source=lite --use-user-default-locale --variations-update-path="C:\Users\Admin\AppData\Local\Temp\4296a17a-bd4f-47b5-945a-d744309f78a9.tmp" --verbose-logging --yabrowser --yandex-website-icon-file="C:\Users\Admin\AppData\Local\Temp\website.ico" --verbose-logging --run-as-admin --target-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application" --child-setup-process --restart-as-admin-time=529438276

C:\Users\Admin\AppData\Local\Temp\YB_59815.tmp\setup.exe

C:\Users\Admin\AppData\Local\Temp\YB_59815.tmp\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=f5ea51da667ecd6b5f2b9d06e4a3fc52 --annotation=main_process_pid=13004 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.4.5.499 --initial-client-data=0x304,0x308,0x30c,0x2e0,0x310,0x11ecc7c,0x11ecc88,0x11ecc94

C:\Windows\TEMP\sdwra_13004_338714609\service_update.exe

"C:\Windows\TEMP\sdwra_13004_338714609\service_update.exe" --setup

C:\Program Files (x86)\Yandex\YandexBrowser\24.4.5.499\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\24.4.5.499\service_update.exe" --install

C:\Program Files (x86)\Yandex\YandexBrowser\24.4.5.499\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\24.4.5.499\service_update.exe" --run-as-service

C:\Program Files (x86)\Yandex\YandexBrowser\24.4.5.499\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\24.4.5.499\service_update.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=f5ea51da667ecd6b5f2b9d06e4a3fc52 --annotation=main_process_pid=7552 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.4.5.499 --initial-client-data=0x228,0x22c,0x230,0x204,0x234,0x14c2568,0x14c2574,0x14c2580

C:\Program Files (x86)\Yandex\YandexBrowser\24.4.5.499\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\24.4.5.499\service_update.exe" --update-scheduler

C:\Program Files (x86)\Yandex\YandexBrowser\24.4.5.499\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\24.4.5.499\service_update.exe" --update-background-scheduler

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Temp\clids.xml"

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\source13004_1396596745\Browser-bin\clids_yandex_second.xml"

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --progress-window=0 --install-start-time-no-uac=497081283

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id= --annotation=main_process_pid=8732 --annotation=metrics_client_id=71d57fd44ef44f28ab3e01ec43b57d82 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.4.5.499 --initial-client-data=0x158,0x15c,0x160,0x134,0x164,0x71f4986c,0x71f49878,0x71f49884

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=b2483dad-d424-46a0-8bde-bcc477461321 --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --gpu-process-kind=sandboxed --mojo-platform-channel-handle=2284 --field-trial-handle=2288,i,9388236833228929282,14110967158209059207,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version /prefetch:2

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=b2483dad-d424-46a0-8bde-bcc477461321 --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=disabled --gpu-process-kind=trampoline --mojo-platform-channel-handle=2428 --field-trial-handle=2288,i,9388236833228929282,14110967158209059207,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version /prefetch:6

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=b2483dad-d424-46a0-8bde-bcc477461321 --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Network Service" --mojo-platform-channel-handle=2548 --field-trial-handle=2288,i,9388236833228929282,14110967158209059207,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.4.5.499 /prefetch:3

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=ru --service-sandbox-type=service --user-id=b2483dad-d424-46a0-8bde-bcc477461321 --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Storage Service" --mojo-platform-channel-handle=2912 --field-trial-handle=2288,i,9388236833228929282,14110967158209059207,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.4.5.499 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=ru --service-sandbox-type=audio --user-id=b2483dad-d424-46a0-8bde-bcc477461321 --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Audio Service" --mojo-platform-channel-handle=3268 --field-trial-handle=2288,i,9388236833228929282,14110967158209059207,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.4.5.499 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=ru --service-sandbox-type=none --user-id=b2483dad-d424-46a0-8bde-bcc477461321 --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Video Capture" --mojo-platform-channel-handle=3444 --field-trial-handle=2288,i,9388236833228929282,14110967158209059207,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.4.5.499 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=b2483dad-d424-46a0-8bde-bcc477461321 --brand-id=yandex --partner-id=pseudoportal-ru --extension-process --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --no-appcompat-clear --allow-prefetch --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4136 --field-trial-handle=2288,i,9388236833228929282,14110967158209059207,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version /prefetch:2

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=b2483dad-d424-46a0-8bde-bcc477461321 --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --mojo-platform-channel-handle=4160 --field-trial-handle=2288,i,9388236833228929282,14110967158209059207,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.4.5.499 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=b2483dad-d424-46a0-8bde-bcc477461321 --brand-id=yandex --partner-id=pseudoportal-ru --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --no-appcompat-clear --allow-prefetch --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4696 --field-trial-handle=2288,i,9388236833228929282,14110967158209059207,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version /prefetch:1

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=ru --service-sandbox-type=none --user-id=b2483dad-d424-46a0-8bde-bcc477461321 --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Импорт профилей" --mojo-platform-channel-handle=5080 --field-trial-handle=2288,i,9388236833228929282,14110967158209059207,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.4.5.499 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 downloadbrowser.xyz udp
US 8.8.8.8:53 downloadbrowser.xyz udp
US 104.21.48.19:443 downloadbrowser.xyz tcp
US 172.67.176.4:443 downloadbrowser.xyz tcp
US 8.8.8.8:53 download.cdn.yandex.net udp
US 8.8.8.8:53 download.cdn.yandex.net udp
RU 5.45.205.242:443 download.cdn.yandex.net tcp
US 8.8.8.8:53 cachev2-kiv03.cdn.yandex.net udp
US 8.8.8.8:53 cachev2-kiv03.cdn.yandex.net udp
RU 5.45.192.185:443 cachev2-kiv03.cdn.yandex.net tcp
US 8.8.8.8:53 19.48.21.104.in-addr.arpa udp
US 8.8.8.8:53 242.205.45.5.in-addr.arpa udp
US 8.8.8.8:53 185.192.45.5.in-addr.arpa udp
US 8.8.8.8:53 download.yandex.ru udp
RU 5.45.205.242:80 download.yandex.ru tcp
US 8.8.8.8:53 cachev2-ams01.cdn.yandex.net udp
NL 5.45.247.51:80 cachev2-ams01.cdn.yandex.net tcp
US 8.8.8.8:53 downloader.yandex.net udp
US 8.8.8.8:53 51.247.45.5.in-addr.arpa udp
RU 5.45.205.241:80 downloader.yandex.net tcp
US 8.8.8.8:53 cachev2-ams03.cdn.yandex.net udp
NL 5.45.247.53:80 cachev2-ams03.cdn.yandex.net tcp
US 8.8.8.8:53 53.247.45.5.in-addr.arpa udp
US 8.8.8.8:53 241.205.45.5.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 mvploader.pro udp
US 8.8.8.8:53 mvploader.pro udp
RU 194.67.96.183:443 mvploader.pro tcp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 183.96.67.194.in-addr.arpa udp
RU 194.67.96.183:443 mvploader.pro tcp
US 8.8.8.8:53 clck.yandex.ru udp
RU 87.250.250.14:80 clck.yandex.ru tcp
RU 87.250.250.14:80 clck.yandex.ru tcp
RU 5.45.205.241:80 downloader.yandex.net tcp
US 8.8.8.8:53 14.250.250.87.in-addr.arpa udp
US 8.8.8.8:53 cachev2-kiv03.cdn.yandex.net udp
RU 5.45.192.185:80 cachev2-kiv03.cdn.yandex.net tcp
RU 77.88.21.14:80 clck.yandex.ru tcp
US 8.8.8.8:53 soft.export.yandex.ru udp
RU 87.250.254.20:80 soft.export.yandex.ru tcp
US 8.8.8.8:53 14.21.88.77.in-addr.arpa udp
US 8.8.8.8:53 20.254.250.87.in-addr.arpa udp
US 8.8.8.8:53 clck.yandex.ru udp
RU 87.250.250.14:80 clck.yandex.ru tcp
US 8.8.8.8:53 download.cdn.yandex.net udp
US 8.8.8.8:53 api.browser.yandex.ru udp
US 8.8.8.8:53 api.browser.yandex.net udp
RU 5.45.205.244:443 download.cdn.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp
US 8.8.8.8:53 244.205.45.5.in-addr.arpa udp
US 8.8.8.8:53 234.193.180.213.in-addr.arpa udp
RU 213.180.193.234:443 api.browser.yandex.net tcp
NL 5.45.247.51:443 cachev2-ams01.cdn.yandex.net tcp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
RU 213.180.193.234:443 api.browser.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp
US 8.8.8.8:53 233.38.18.104.in-addr.arpa udp
RU 213.180.193.234:443 api.browser.yandex.net tcp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
RU 213.180.193.234:443 api.browser.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp
US 8.8.8.8:53 storage.ape.yandex.net udp
RU 87.250.251.66:443 storage.ape.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp
US 8.8.8.8:53 66.251.250.87.in-addr.arpa udp
US 8.8.8.8:53 update.googleapis.com udp
US 8.8.8.8:53 update.googleapis.com udp
GB 216.58.204.67:443 update.googleapis.com tcp
US 8.8.8.8:53 sba.yandex.net udp
US 8.8.8.8:53 sba.yandex.net udp
RU 77.88.21.232:443 sba.yandex.net tcp
US 8.8.8.8:53 sovetnik.market.yandex.ru udp
US 8.8.8.8:53 sovetnik.market.yandex.ru udp
US 8.8.8.8:53 browser-resources.s3.yandex.net udp
US 8.8.8.8:53 browser-resources.s3.yandex.net udp
US 8.8.8.8:53 browser.yandex.ru udp
US 8.8.8.8:53 browser.yandex.ru udp
RU 87.250.250.41:443 sovetnik.market.yandex.ru tcp
RU 93.158.134.158:443 browser-resources.s3.yandex.net tcp
RU 93.158.134.158:443 browser-resources.s3.yandex.net tcp
RU 93.158.134.158:443 browser-resources.s3.yandex.net tcp
RU 93.158.134.121:443 browser.yandex.ru tcp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 41.250.250.87.in-addr.arpa udp
US 8.8.8.8:53 158.134.158.93.in-addr.arpa udp
US 8.8.8.8:53 121.134.158.93.in-addr.arpa udp
US 8.8.8.8:53 232.21.88.77.in-addr.arpa udp
US 8.8.8.8:53 123.35.104.34.in-addr.arpa udp
US 8.8.8.8:53 api.browser.yandex.ru udp
US 8.8.8.8:53 api.browser.yandex.ru udp
US 8.8.8.8:53 api.browser.yandex.ru udp
US 8.8.8.8:53 api.browser.yandex.ru udp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp

Files

memory/4496-0-0x0000000000400000-0x000000000041F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\aimware cracked.exe 

MD5 16620cf72e58b967961b6d2f5f1cdf83
SHA1 d584bbfce61a6d9a8d03a4e9976d9a52e5eb5b24
SHA256 9f657ef4f8470c854769a9c43b1738171aa6d81050f50eea0e803905a73e8ac4
SHA512 96f416d13f717a8c133312be9c6a96ed23c2d17916474cebb20424c7343dfe982fabbf5f066ad5add1c9624ea4adfeac12b97a8d72bab5aa1c4e7527a5016f6d

\Users\Admin\AppData\Local\Temp\genteert.dll

MD5 6ce814fd1ad7ae07a9e462c26b3a0f69
SHA1 15f440c2a8498a4efe2d9ba0c6268fab4fb8e0a7
SHA256 54c0da1735bb1cb02b60c321de938488345f8d1d26bf389c8cb2acad5d01b831
SHA512 e5cff6bcb063635e5193209b94a9b2f5465f1c82394f23f50bd30bf0a2b117b209f5fca5aa10a7912a94ad88711dcd490aa528a7202f09490acd96cd640a3556

\Users\Admin\AppData\Local\Temp\gentee9F\guig.dll

MD5 d3f8c0334c19198a109e44d074dac5fd
SHA1 167716989a62b25e9fcf8e20d78e390a52e12077
SHA256 005c251c21d6a5ba1c3281e7b9f3b4f684d007e0c3486b34a545bb370d8420aa
SHA512 9c890e0af5b20ce9db4284e726ec0b05b2a9f18b909fb8e595edf3348a8f0d07d5238d85446a09e72e4faa2e2875beb52742d312e5163f48df4072b982801b51

C:\Users\Admin\AppData\Roaming\Aimware cracked\cheatloader.exe

MD5 3e15e73f6ecc61ef7eaacdee4686e607
SHA1 b76fbdc760285f0d652220e1a0b33fe3b188bd54
SHA256 3b6da10d0eca0ea8f1a28a4df08059555269828db3da3b0b4990681829d27ffa
SHA512 9b2ddbf1c6b64084fc91de7dfa45ebb78ffcb1ee8f4b3ba3e6066fce34c1e36102187460049950741519044d6236e19b054e288f0c1a5177a5ade5c2b70c92e8

C:\Users\Admin\AppData\Roaming\Aimware cracked\flutter_windows.dll

MD5 2eb35e2372de5fc7fde925c96de61d48
SHA1 a9eedd7cf44a6eab4e08df9ab0b33fd95ceb48fd
SHA256 80efad451cd0b674b9974ef286d29ef72f219999dd8f993585f9168d97895e6f
SHA512 18a03d297770707709fcada8dd0741bd39057d54b49125119ba8b7d21aa67284dece89947dc14721fe3084e69f03e816a2ed9ad79e82ffe279d7fd0a318ff029

C:\Users\Admin\AppData\Roaming\Aimware cracked\MSVCP140.dll

MD5 bf78c15068d6671693dfcdfa5770d705
SHA1 4418c03c3161706a4349dfe3f97278e7a5d8962a
SHA256 a88b8c1c8f27bf90fe960e0e8bd56984ad48167071af92d96ec1051f89f827fb
SHA512 5b6b0ab4e82cc979eaa619d387c6995198fd19aa0c455bef44bd37a765685575d57448b3b4accd70d3bd20a6cd408b1f518eda0f6dae5aa106f225bee8291372

\Users\Admin\AppData\Roaming\Aimware cracked\vcruntime140.dll

MD5 11d9ac94e8cb17bd23dea89f8e757f18
SHA1 d4fb80a512486821ad320c4fd67abcae63005158
SHA256 e1d6f78a72836ea120bd27a33ae89cbdc3f3ca7d9d0231aaa3aac91996d2fa4e
SHA512 aa6afd6bea27f554e3646152d8c4f96f7bcaaa4933f8b7c04346e410f93f23cfa6d29362fd5d51ccbb8b6223e094cd89e351f072ad0517553703f5bf9de28778

\Users\Admin\AppData\Roaming\Aimware cracked\vcruntime140_1.dll

MD5 7667b0883de4667ec87c3b75bed84d84
SHA1 e6f6df83e813ed8252614a46a5892c4856df1f58
SHA256 04e7ccbdcad7cbaf0ed28692fb08eab832c38aad9071749037ee7a58f45e9d7d
SHA512 968cbaafe416a9e398c5bfd8c5825fa813462ae207d17072c035f916742517edc42349a72ab6795199d34ccece259d5f2f63587cfaeb0026c0667632b05c5c74

C:\Windows\Resources\Themes\icsys.icn.exe

MD5 b460c68755dd1245a07a218917d171cc
SHA1 da97ad4d84cac54c4c34f897d52d31ca69afa5a8
SHA256 f91f4cbcf2fa86f4c6a2b504cd586697bee567672d744444d055d371b4d424c1
SHA512 cb4c958815eda73f9041f2ad15d18e160104531af7bfc98bced61466ca240ede625545801bddc7f3120ba03d7e3218fd159b1d6ad7f0d3d4ad3171e2a5a1f731

C:\Users\Admin\AppData\Local\Temp\deldll.bat

MD5 ea190ef9b139757a890cd48bdd44b0ee
SHA1 95c684e41bf7919408816aafab881621fface202
SHA256 9131de0fcaaf968896af9d58b6f37b4aa443455bb97c97bc142f295cee577bc4
SHA512 22802ffc1965c8e27f799ee88e3fa46debb316c27507a570b0812bc5de0d59a9c2a2105b8cc204851b3c29984ef1dfb7842131819952b185b7e4325a032fb6ad

memory/1684-80-0x0000000000400000-0x000000000041F000-memory.dmp

memory/2868-86-0x000001EF04190000-0x000001EF04609000-memory.dmp

memory/2868-89-0x000001EF7FF30000-0x000001EF7FF31000-memory.dmp

C:\Windows\Resources\Themes\explorer.exe

MD5 ed773ef097a0cf9c66323dd5d76025a9
SHA1 4099b1955b04d382ceef86b31a3b3f1298a81639
SHA256 0c544ac44d6b5cc832257ea01c684731875dfbde4c39eb0cda869e6f074dbff7
SHA512 3a4f55f1b2d1fb5554e022e34d05311453d0fb4f2461af75588081fff7b4963849467d57dee8cff7dc31a793c4716d346181485f9d5520168e11bb59473cd09a

memory/2868-88-0x000001EF04190000-0x000001EF04609000-memory.dmp

C:\Users\Admin\AppData\Roaming\Aimware cracked\data\icudtl.dat

MD5 cf772cf9f6ca67f592fe47da2a15adb1
SHA1 9cc4d99249bdba8a030daf00d98252c8aef7a0ff
SHA256 ac44ccc3f61bf630bb20fb8043d86cfe4c8995d06b460084400db45d70497b30
SHA512 0bec0d3a34a4ac1cc2ed81dba3bc52981c5dd391a68fe21132dfadb70e42ffbe8f3ba798185733d64a900fd2bb2403f9a8558e6666f2c1e2c0e818d8e3f154fc

memory/2868-87-0x000001EF04190000-0x000001EF04609000-memory.dmp

memory/2868-85-0x000001EF7FF20000-0x000001EF7FF21000-memory.dmp

C:\Users\Admin\AppData\Roaming\Aimware cracked\data\app.so

MD5 abbf126e8cb35b6e1c68d6abe919391b
SHA1 d70bee483bd7ef8d800a6f3a8b909a8219f6801b
SHA256 498dd477a0ae5d531bb2fe67bcf351c3843aa05e19bbde975fb333b4d9ab200b
SHA512 5dc418243d758fa615666f273af4aef1a46cba88a06b153f935c0b0b301a7867adedc0034aafef5a48a09a6424a66e61e5765a5b619a008ec4d04bcfe5f82d01

C:\Users\Admin\AppData\Roaming\Aimware cracked\data\flutter_assets\assets\fonts\Montserrat-Bold.ttf

MD5 88932dadc42e1bba93b21a76de60ef7a
SHA1 3320ff5514b32565b0396de4f2064ce17ec9eea4
SHA256 c4c8cb572a5a2c43d78b3701f4b2349684e6ca4d1557e469af6065b1e099c26c
SHA512 298e1e171dbbe386e1abe153446b883c40910819099f64f54dc9faa95d739be56839537342bbe8dd8408545cb1f8c98878a3524d91af1f11a112d1bfc202657a

C:\Users\Admin\AppData\Roaming\Aimware cracked\data\flutter_assets\fonts\MaterialIcons-Regular.otf

MD5 e7069dfd19b331be16bed984668fe080
SHA1 fc25284ee3d0aaa75ec5fc8e4fd96926157ed8c4
SHA256 d9865b671a09d683d13a863089d8825e0f61a37696ce5d7d448bc8023aa62453
SHA512 27d9662a22c3e9fe66c261c45bf309e81be7a738ae5dc5b07ad90d207d9901785f3f11dc227c75ca683186b4553b0aa5a621f541c039475b0f032b7688aaa484

C:\Users\Admin\AppData\Roaming\Aimware cracked\data\flutter_assets\assets\fonts\gothampro_black.ttf

MD5 efb0c02a5dbe65a7115b477e74c7a661
SHA1 e30324f4074bcc522a393cecaa62aa4b0e9205cc
SHA256 270d30776b7e5ccf0560b08e0db009f4b1d9753d43689d1e20bb1065e2a3c157
SHA512 0095fb9b0cd508c996cfdc11374a040ef064a22f188d7fbeb21f23c5f7f06aa2bce75e9ae22ec1c0e0f1b8e23003f67c8e8b5962c224c1295fb311e63a9b91f4

C:\Users\Admin\AppData\Roaming\Aimware cracked\data\flutter_assets\assets\YandexBrowserLogo.svg

MD5 8143f6880199b8e992edc37906737642
SHA1 5ea7b2e039ae202878f063da4ec06a58e78789c4
SHA256 10c527dfb3c9521c4bbdff8d52c8ded04bcad20dbb4409c970a0cb2bd8a1f00d
SHA512 1fe8695d8bef10cd4cbf07045dca3c6ec5ce93619a766ea5c18272301551b05ea55c5df52fa3d53be58cd7038c8bd38e188a6bc76f1b9449e298da4a95691655

C:\Users\Admin\AppData\Roaming\Aimware cracked\data\flutter_assets\FontManifest.json

MD5 b2f01a90f24be87c4f4ae98e79090bf5
SHA1 ae7107f7e0d5fae6288e8a82cb1c0f67efbc0b3d
SHA256 eb4549732cd13d6c3874351c182ea15850fbf71f219fe1efe9a1cac19b6c9087
SHA512 422af00f1d8835598586687bec6162c52f6eb0234222f855301bceba8dd71a2bc0e720fa4148c360e77a44be97efc587dd3e2bef5c3cdece1a925f7cf93046ba

\??\c:\windows\resources\spoolsv.exe

MD5 ec848820208076caf68c5f8adcbc32b3
SHA1 7c13ad7efc16172ce68fc16cd40e483f51a18252
SHA256 0f2cdb3a7a5f134102968598fea417631dfd28a44b574bd5874d4c3fac0cffe2
SHA512 b9ca52fe5d3793ba8b6adab57016342a2ede1ddaa2a77b23e5c5e7e7f8994ebcec1735858f660c91bd9fa455a59fe4ef5de98f937e1519b4d76334aea7db369a

C:\Windows\Resources\svchost.exe

MD5 33f79c8dc6c1180e17ca23a00d76f4f7
SHA1 2ff26270714321163c81b0a5280091d82d366b56
SHA256 31b73a66193736ed97de7244ee1b235a6c88b79ed66a95b6164c17ddb723b6e9
SHA512 7ff61556177545cb11b13b87fefaba03021673d6298e8e42ac6f64f8791d855d55735fea80d61a842d51a8987cc460c3222c3d76f0d750f672291a6397337674

memory/4384-127-0x0000000000400000-0x000000000041F000-memory.dmp

memory/784-128-0x0000000000400000-0x000000000041F000-memory.dmp

memory/1684-130-0x0000000000400000-0x000000000041F000-memory.dmp

memory/4496-129-0x0000000000400000-0x000000000041F000-memory.dmp

C:\Users\Admin\AppData\Local\YandexPackLoader.exe

MD5 93627dc0563de52ffead32d29dab3bd0
SHA1 bded947f5374609606b06f70ce53ed4874a6a477
SHA256 f1782058359784a2c34ea1c1f313caa3060a72c4c18e9bb7d760e40e6d095001
SHA512 4495bc5cad2b406364f44187138274271d3baa6eaead90f29e5957a5cddcd0d3e87c7d309608cb291635f2c173569dfbf75b35faceb1420f14ea860ce9a379bb

C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe

MD5 80d2dd34eb0c5904b09339a0d9c7e26e
SHA1 57f990e23660e2f00ef4c10c68fde78210451376
SHA256 afb3d35762171e821e8f29282b25dacb9c2dc099f2c61ca5ac010e08db475470
SHA512 ebf83cd70d37e0519a5f942a06e052ff75b8d7ccffb88285f6ec4911b196fd1a5fc3b6b0ec74924adba34e91308378847ac5baf84bdcf9e64fcebf45809ce98e

C:\Users\Admin\AppData\Local\Temp\YandexSearch00000.log

MD5 6f7e38caf80a0659f83aa760eeba82dd
SHA1 dd0c4d23ca1bbe45ff683dbf9274f1d1e3b7a42c
SHA256 249fb226635ba47a3eb23853e8d88ffca984ddefd8e38db765ef8c863809fe35
SHA512 e9eac3eef75a76b06c80495b21b84b238614565d61e2a38b845399d5549f3750e0aad362854287372aaf374862aa32760b7fb504ef18f2c5aed32faa07c8e8f7

C:\Users\Admin\AppData\Local\Temp\{5B964E0E-B9A3-4276-9ED9-4D5A5720747A}\YandexSearch.msi

MD5 b78a1d41318c6f96defed8e74ca4a516
SHA1 cb39558ce386c3e0d7df0fbfaf4aa692630f11f1
SHA256 22db2d018bc8ad91cbcdb9353af64c6063d2cefd2a8503b4464b7c64def60785
SHA512 2d95a0038712c7fea79bdb5b7d5bf307ce894fcf1771194f77191d45ebd175c4adadcaddfa5208c9c0611706fd05f7c6a8d789538bb744cdb8d30933148f1fde

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\357F04AD41BCF5FE18FCB69F60C6680F_394487CAFBCFB8C5917AD7A10924C8A7

MD5 ca5a31c185cee74ff901ca1c6513c5c4
SHA1 350c3724956301d752926cd1e5594164e9a91974
SHA256 dbb3ee327b38090f4e42f6ebbe78e7121981444e8e28c1f245c6acd86f6ea039
SHA512 674d86a2431ab3984a45002b144cb1ef27d7ff11655cc672d5be86e3acebaee4f7d1781d7c360a78cf59593cfeff8d3aeb29fae5655587a51aaffa01bf3eb445

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\357F04AD41BCF5FE18FCB69F60C6680F_394487CAFBCFB8C5917AD7A10924C8A7

MD5 bd49242e26f426ff202acae47125527d
SHA1 24ef9d22133ecc4e524d2e60a6a248d7edcb39a6
SHA256 56875c305e01a8c1aa92e79a270ea8c33564bfcc753db2466c2f8413d697c5a9
SHA512 7aae0037beff628c94229e0174e7917593ba474f9ac592422cb7e21b1611c94bff53d9d4113a2f9a588b7d43d4d77813ae0848854842db159c54a970118b0266

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E

MD5 2337e23047ab42252cd6eb9c87506379
SHA1 525d3ce01ebd7fb5702a26cd70b9311c7810b6a4
SHA256 9cb6ed24416f35cb9aa17914f0a105234ed4e82f008efddf82a24174d240d2d3
SHA512 f0e4f2bf51e43320d6a159c5e0127d975ef5e22a824dbd4f27a01d26c8628b7ce9489e1244f5853f14536c10c6d837e52d65d064be8da468ba2d8e3cf49a185e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E

MD5 cc6d4c13a8954e82b0ce1ea58ec605b0
SHA1 98532858c4d38a808fd3a20b24ab8e5f5cebb891
SHA256 e538a1dd3e84fa0a7141bf76da15f7ebd28070e2caabbf6465aba7fba5d26fca
SHA512 072c815fee719694547b249438e23899af718c32d3ca369d71acf45fe9dfd900e2426886b0e1d7c753aa0d49026c58931fdbc46ad98f59c6c3a0610167b3dc1f

C:\Windows\Installer\MSIC62E.tmp

MD5 0c80a997d37d930e7317d6dac8bb7ae1
SHA1 018f13dfa43e103801a69a20b1fab0d609ace8a5
SHA256 a5dd2f97c6787c335b7807ff9b6966877e9dd811f9e26326837a7d2bd224de86
SHA512 fe1caef6d727344c60df52380a6e4ab90ae1a8eb5f96d6054eced1b7734357ce080d944fa518cf1366e14c4c0bd9a41db679738a860800430034a75bb90e51a5

C:\Windows\Installer\MSIC6AC.tmp

MD5 e6fd0e66cf3bfd3cc04a05647c3c7c54
SHA1 6a1b7f1a45fb578de6492af7e2fede15c866739f
SHA256 669cc0aae068ced3154acaecb0c692c4c5e61bc2ca95b40395a3399e75fcb9b2
SHA512 fc8613f31acaf6155852d3ad6130fc3b76674b463dcdcfcd08a3b367dfd9e5b991e3f0a26994bcaf42f9e863a46a81e2520e77b1d99f703bcb08800bdca4efcb

C:\Users\Admin\AppData\Local\Temp\312A70B4-5E30-4487-8D7D-B04E8A7628B5\lite_installer.exe

MD5 aafdfaa7a989ddb216510fc9ae5b877f
SHA1 41cf94692968a7d511b6051b7fe2b15c784770cb
SHA256 688d0b782437ccfae2944281ade651a2da063f222e80b3510789dbdce8b00fdc
SHA512 6e2b76ff6df79c6de6887cf739848d05c894fbd70dc9371fff95e6ccd9938d695c46516cb18ec8edd01e78cad1a6029a3d633895f7ddba4db4bf9cd39271bd44

C:\Users\Admin\AppData\Local\Temp\9BE35152-837C-4CFC-88CA-532E01F25199\seederexe.exe

MD5 225ba20fa3edd13c9c72f600ff90e6cb
SHA1 5f1a9baa85c2afe29619e7cc848036d9174701e4
SHA256 35585d12899435e13e186490fcf1d270adbe3c74a1e0578b3d9314858bf2d797
SHA512 97e699cffe28d3c3611570d341ccbc1a0f0eec233c377c70e0e20d4ed3b956b6fe200a007f7e601a5724e733c97eaddc39d308b9af58d45f7598f10038d94ab3

C:\Config.Msi\e57c46c.rbs

MD5 b8a25e6d89c8e07ba2d92d09543c9a35
SHA1 7a0641ee24c584ce6d4b711384859faece7e0694
SHA256 df77dec0d6174701da52a3f425b9b8b1a7fe954a1489494bf12bface8a6416fd
SHA512 5eaac3e5eed74c064540e0b323f68abc03e2d68f854ec7c5296eda5be88d14d1a3cf674e93100b38e8da88ba2d184cedf184c183a0f33022bcb3f45a972ab66b

C:\Users\Admin\AppData\Local\Temp\omnija-20241714.zip

MD5 1d6cfd7db58008d1b44328c5a3a4220c
SHA1 8e8304bfd7a73b9ae8415b6cbd273e612868a2b2
SHA256 915e46dcc29d6fee123c4b8e88d846ac95ffd4a6f4eb956dc882d305ee1b8256
SHA512 4c17160aa83abeff897462f981226902dd6694817ad95f246511fc63c637bdffa0989a3db00c4309fa673a13b4993c509df538ddad482d1be8b4058749ee93f2

memory/1796-8273-0x0000000003B00000-0x0000000003B10000-memory.dmp

memory/1796-8267-0x00000000035C0000-0x00000000035D0000-memory.dmp

memory/1796-8293-0x0000000004B90000-0x0000000004B91000-memory.dmp

memory/1796-8292-0x0000000004BA0000-0x0000000004BA2000-memory.dmp

memory/1796-8295-0x0000000004BA0000-0x0000000004BA2000-memory.dmp

memory/1796-8298-0x0000000004B90000-0x0000000004B92000-memory.dmp

memory/1796-8301-0x0000000004B60000-0x0000000004B61000-memory.dmp

memory/1796-8313-0x0000000004C40000-0x0000000004C42000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t7y4ogox.Admin\places.sqlite-20240614171704.265215.backup

MD5 314cb7ffb31e3cc676847e03108378ba
SHA1 3667d2ade77624e79d9efa08a2f1d33104ac6343
SHA256 b6d278384a3684409a2a86f03e4f52869818ce7dd8b5779876960353f7d35dc1
SHA512 dc795fa35ea214843a781ee2b2ef551b91b6841a799bef2c6fb1907d90f6c114071a951ebb7b2b30e81d52b594d447a26ab12ddb57c331e854577d11e5febef5

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\thumbnails\51219c819602fd1704cf9839276a7050

MD5 af80a936c10e18de168538a0722d6319
SHA1 9b1c84a1cf7330a698c89b9d7f33b17b4ba35536
SHA256 2435c0376fca765b21d43e897f4baa52daa0958a7015d04103488c606c99d1d3
SHA512 9a1325c8ce05806e5c161a4cf47239f62baad8f79650fbd713e74928fce8171ced10ba7f24fac46c548e1dbf3f64106270cb25ca88c836c870107f5dc1f97879

memory/1796-8375-0x0000000004C80000-0x0000000004C82000-memory.dmp

memory/1796-8378-0x0000000004C70000-0x0000000004C71000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Services\www.ya.ru.ico

MD5 a6f6261de61d910e0b828040414cee02
SHA1 d9df5043d0405b3f5ddaacb74db36623dd3969dc
SHA256 6bb91f1d74389b18bce6e71772e4c5573648c1a4823338193f700afdf8216be5
SHA512 20cb7b646c160c942e379c6e7a1a8981a09f520361c0205052c1d66e2fdb76333ffaaf0ca1dfc779754f0e844b9946900fbd5690d01869e1607abc1fda6dffab

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Bookmarks-20240614171705.087216.backup

MD5 3adec702d4472e3252ca8b58af62247c
SHA1 35d1d2f90b80dca80ad398f411c93fe8aef07435
SHA256 2b167248e8136c4d45c2c46e2bff6fb5e5137dd4dfdccde998599be2df2e9335
SHA512 7562e093d16ee6305c1bb143a3f5d60dafe8b5de74952709abc68a0c353b65416bf78b1fa1a6720331615898848c1464a7758c5dfe78f8098f77fbfa924784c0

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Preferences

MD5 78113fe49a0d5318c22653110c3a7132
SHA1 3f53d75b311b261fb2c4212f3620a8ce724f2ec2
SHA256 75c5e31e5e1d9783c6d19c3e257acc85f8cef10990c4b1fdaa57f7767eafbdef
SHA512 7d5a1cff7f9360776a6eb758bb77771a58d4258798e2f88d0e179f3ddc0f1363c8050d49bbbafef3449f9a0e3034e4adcc570042b500620287edc7c28b0be8a8

memory/1796-8414-0x0000000004C80000-0x0000000004C82000-memory.dmp

memory/1796-8417-0x0000000004C80000-0x0000000004C82000-memory.dmp

memory/1796-8418-0x0000000004C70000-0x0000000004C71000-memory.dmp

memory/1796-8420-0x0000000004C70000-0x0000000004C72000-memory.dmp

memory/1796-8423-0x0000000004B60000-0x0000000004B61000-memory.dmp

C:\Users\Admin\AppData\Local\Yandex\YaPin\YandexWorking.exe

MD5 95828ee007d3586792d53ace50b2357e
SHA1 3501ccad7573fd467911f207155318db3a1a1554
SHA256 8c4be5f1bc4e2f73d4396af48a31bf10362006472e9b28f40aa91f73a3815f12
SHA512 9896eccb178fd772fc92e5793340bdbc1bd6169465d9a739df06c1154edbce16f6db5dd50df426ccbc40d8410d4ef170c3fb0bc700e7778149ff2168409638e7

C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.lnk

MD5 2d4bdde83d38b36dd66f6cb249310ec4
SHA1 0ca95481cfef77ac7d84c70def2edc50fa2c2801
SHA256 f93c2eb980b870cdfb21d8d0097635e178e752e29c54e91ae2aa22bfc4b13e5c
SHA512 49fc263264ab855a0346c9d67ca9358807c041659bf9324fb615eb25b31f562a351936112970c8bda068475cd43b8ee7d7888958cff966d5c54d444e835db909

C:\Users\Admin\AppData\Local\Yandex\YaPin\Яндекс.website

MD5 f3b2bb2c25a6be7d1cff7f70739db6cf
SHA1 8836190f4ad8b04a5ca4a20ad54f4941b3804704
SHA256 812f76d1d2d5cab919519487b323286b2f6967db857cc5c6556017a535ce7ca3
SHA512 0868b482d04468a19cbda3486f700fd96d0c1c995885a3aa23aad2c1a86f1e4bf98c57729b9659b149a16ff872b45037242f89a66dcfdb701b7cc7c85fd9c5bd

C:\Users\Admin\AppData\Local\Temp\{2FB6DE87-8EE8-43B2-8AD4-0A3C4EB08C72}.exe

MD5 868a68bb418740e8f7cdb88c8dae5a40
SHA1 e2efcee76cafd18377e0326551a144d73d947928
SHA256 92ae76a808a63688f5e9e4bc09e427842b371927fc95af04f0d3e7aed99b66f1
SHA512 31d628927753ddab982a5487a6f0d8f3eb175cfadb1f05b5a9504c399fe9073da14f010b1171ee88ccc73114d2de6c80227f1fd44455f429cd511bed4471b4ed

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 2e53a605cd6a30e03399b3b37462b9b0
SHA1 991084f4f6ead3a7337bb4a88fc38075bea1269c
SHA256 c25166bbd7a9f0718ad0d74452273736689789cc33e33120bcfafb11f3e230df
SHA512 6cfb08b788a61bcbbcb59a9d8e3e2501b81109aa5daa7418fe0206dcb40190f703ac9b16df1f0fea4eb96437e345eeca6e4e1598fd4ce132d9c53afbb30c77c5

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 1881fcf44d83eee1c21bc3236257ae56
SHA1 58e8b393ef324ba6b58e60d26c4b8010520b552d
SHA256 a90e0765e0e7e657d666ee93fa9554a28147266bd2a4efa05125d682d2847626
SHA512 4b841c17e74d0a622f4a636e907178f6babff7d35d099992de44ea97a87c2ea8064aa39a357adc993056263a1542e38df545658e92ab1ea5b1a64b4f616bfd05

C:\Users\Admin\AppData\Local\Temp\master_preferences

MD5 06bfb02264a621693d906bc9ca7d99c9
SHA1 652d0032cf7d3af77bcda4c1090d35eb87feea31
SHA256 04f3f9617921e022c6dae06fb5e2741bc44ac972b7d8d366d8ea4beafcf600da
SHA512 e4466522872a108f9ee6e7336774764245fb63baa45f25492928f337de64d080302210d327694d1b2f1697675144e002fa06bb9ac6fe7eec481f68d086a3c974

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.4.5.499\resources\configs\all_zip

MD5 05c52fda2d7fe0b45e52e208d6540e73
SHA1 9322b712ba23f966b77be80c64da07b2e5b6cf64
SHA256 68b2b5d7d96c659a7cde8e42f49f10bbaa20c18da090ab39887a7d70a35b98b8
SHA512 711a9535aefee0ebbc14b61708c3b4873054394392279959f04a52b950e0115126c96e16c6f914347c89228e73c4fd552e6598e5409da1f6ccb5a99e3dcd98e0

C:\Program Files (x86)\Yandex\YandexBrowser\24.4.5.499\service_update.exe

MD5 f6e2f21c04cb4e233f082c1ff481470a
SHA1 35d414a738c2e528bd9a4202e243adbdc45ad87e
SHA256 5bb0036312eeb7fd5ce87f80e8275a44394818354eeebaeeabf5cde6e6bc0beb
SHA512 1e8b46d9c6b45cc025df53c52f1d6fc642a755bcef96be006144dbf92b31ec2d86e57a8cd440465042e052f508957c00cd16359594a72f3971078405cd7a6e41

C:\ProgramData\Yandex\YandexBrowser\service_update.log

MD5 e4608e53f3c2c5336707532df7910e77
SHA1 c8e56c346e137f449b6c18dab618a2a824793043
SHA256 6f883b22431fc2bcf65a374c3d00e3b23d5b7d5fb7c54a30893bfe94ae3ed165
SHA512 383614ab79e3e75467fd8b9006e4b8d7a3d69478de8ca380f0ec9eac869659bb3fee682cba0da66e80d0bd47529c9d08752107752690aa6bcf059636c74514d2

C:\ProgramData\Yandex\YandexBrowser\service_update.log

MD5 e4020153621124ae4680f1085593e6f8
SHA1 89a2540200ce39c9d25ad5f9ff3c2c77dffd387c
SHA256 98411751901b389679cab72d517be29000dcd984e9437c1a66bda9d23f1fb1eb
SHA512 561cd12fc07a505b23693a2ad31e8a9e0c4e19e1ceff29c3334dabb76243db1ba96764732cead4bd1d93c88014f8288933df5eeb7a9e616ad595732a5c768e50

C:\ProgramData\Yandex\YandexBrowser\service_update.log

MD5 f2f2d9aecf7cbd46607320d9e9d3778a
SHA1 c9966f9976590a5b665665b9de63b66eb90ed221
SHA256 4de3ce58d1356ce8063fb903bd470b4472d6cffb085ee9e16d668b214257fa26
SHA512 e0dc00246977370b63be06bcf244478819d10b0e2f6e8521d31e2a9a8a5e69669979378f9e1256930cbb35f0810afa3b1d78c7822509d6ec3520ca89bd1857c8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.4.5.499\partner_config

MD5 977bc7b2384ef1b3e78df8fbc3eeb16b
SHA1 7ee6110ca253005d738929b7ba0cc54ed2ed0a2e
SHA256 82e288090168abe15419015317fd38f56c1136e7481f66656d84e0a2d861d4d6
SHA512 4d154832ef3ac05abb1499a5bc8235d72f64cdaa3e6870206a6363c1d85d821604ae8a96850c2c8bd540d479b8dd5f3ce032472ed96bbf7eddb168ea3d2d1cf6

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.4.5.499\brand_config

MD5 b2af7e7635ee3bbaebf6b5a2b50a6bc9
SHA1 babdd67d9677f3e0382689106f014d65899b5141
SHA256 064f87f6d3fc58b44483d5ff02506f49bbf23f367159045d5aad01246412b867
SHA512 36e3fddf9b1ec1985be442804bdff9a6f467d938030d399b8e95aa04efe005b28c8f2649668eddac8e10ad51aaa9b37336b155e4c4560eb7c3c941f6bd48eaa2

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.4.5.499\resources\about_logo_ru.png

MD5 ff321ebfe13e569bc61aee173257b3d7
SHA1 93c5951e26d4c0060f618cf57f19d6af67901151
SHA256 1039ea2d254d536410588d30f302e6ab727d633cf08cb409caa5d22718af5e64
SHA512 e98fbfb4ed40c5ac804b9f4d9f0c163508c319ec91f5d1e9deb6a5d3eada9338980f1b5fe11c49e6e88935ecd50119d321ce55ca5bdd0723a6e8c414e1e68e16

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.4.5.499\resources\about_logo_en_2x.png

MD5 900fdf32c590f77d11ad28bf322e3e60
SHA1 310932b2b11f94e0249772d14d74871a1924b19f
SHA256 fe20d86fd62a4d1ab51531b78231749bd5990c9221eab1e7958be6d6aef292d9
SHA512 64ebc4c6a52440b4f9f05de8ffb343c2024c4690fe5c9f336e78cd1dd01ae8225e8bc446f386feb442e76136b20d6b04ee293467b21f5b294ce25e500922f453

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.4.5.499\resources\about_logo_en.png

MD5 1376f5abbe56c563deead63daf51e4e9
SHA1 0c838e0bd129d83e56e072243c796470a6a1088d
SHA256 c56ae312020aef1916a8a01d5a1fc67ed3b41e5da539c0f26632c904a5e49c62
SHA512 a0bab3bae1307ea8c7ccbd558b86c9f40e748cdd6fd8067bb33eeef863191534af367a0058111553a2c3a24e666a99009176a8636c0a5db3bf1aa6226130498f

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.4.5.499\resources\about_logo_ru_2x.png

MD5 a6911c85bb22e4e33a66532b0ed1a26c
SHA1 cbd2b98c55315ac6e44fb0352580174ed418db0a
SHA256 5bb0977553ded973c818d43a178e5d9874b24539dacbd7904cd1871e0ba82b23
SHA512 279fb0c1f2871ce41b250e9a4662046bc13c6678a79866eaf317cc93c997a683114122092214ce24f8e7f8a40520fe4ca03f54930148f4f794df0df3ecf74e9d

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.4.5.499\resources\import-bg.png

MD5 85756c1b6811c5c527b16c9868d3b777
SHA1 b473844783d4b5a694b71f44ffb6f66a43f49a45
SHA256 7573af31ed2bfcfff97ed2132237db65f05aff36637cd4bdeccdf8ca02cd9038
SHA512 1709222e696c392ca7bcd360f9a2b301896898eb83ddfb6a9db0d0c226a03f50671633b8bed4d060d8f70df7282ffc2cd7ab1d1449acf2e07a7b6c251aa3a19e

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.4.5.499\resources\sxs.ico

MD5 592b848cb2b777f2acd889d5e1aae9a1
SHA1 2753e9021579d24b4228f0697ae4cc326aeb1812
SHA256 ad566a3e6f8524c705844e95a402cdeb4d6eed36c241c183147409a44e97ebcd
SHA512 c9552f4db4b6c02707d72b6f67c2a11f1cf110b2c4ac5a1b7ac78291a14bf6eb35a9b4a05bc51ac80135504cd9dcad2d7a883249ee2e20a256cb9e9ceeb0032f

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.4.5.499\resources\tablo

MD5 58697e15ca12a7906e62fc750e4d6484
SHA1 c5213072c79a2d3ffe5e24793c725268232f83ab
SHA256 1313aa26cc9f7bd0f2759cfaff9052159975551618cba0a90f29f15c5387cad4
SHA512 196b20d37509ea535889ec13c486f7ee131d6559fb91b95de7fdd739d380c130298d059148c49bf5808d8528d56234c589c9d420d63264f487f283f67a70c9a6

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.4.5.499\resources\wallpapers\1-1x.png

MD5 80121a47bf1bb2f76c9011e28c4f8952
SHA1 a5a814bafe586bc32b7d5d4634cd2e581351f15c
SHA256 a62f9fdf3de1172988e01a989bf7a2344550f2f05a3ac0e6dc0ccd39ed1a697e
SHA512 a04df34e61fd30764cf344b339ba2636b9280a358863f298690f6a8533c5e5dfa9773a14f8d16a5bb709ea17cf75e1da6302335aa9120009892e529bfad30df9

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.4.5.499\resources\wallpapers\mountains_preview.jpg

MD5 a3272b575aa5f7c1af8eea19074665d1
SHA1 d4e3def9a37e9408c3a348867169fe573050f943
SHA256 55074794869b59cd5c693dfa6f6615aea068c2cd50cdae6dd69bd0410661ded8
SHA512 c69bf39362658dd6cbd827cf6db0f188a9c4410b3c6b7b532595fd5907974e2141d857942ffb2497282e31eaa33c71240c2c2bd8721046df55e3358e8b76c061

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.4.5.499\resources\wallpapers\sea.webm

MD5 00756df0dfaa14e2f246493bd87cb251
SHA1 39ce8b45f484a5e3aa997b8c8f3ad174e482b1b9
SHA256 fa8d0ae53ebdbec47b533239709b7e1514ecb71278907621ca2d288241eb0b13
SHA512 967670863f3c77af26fa1d44cd7b4fe78148d2ba6ea930b7b29b9f35d606554d664c0577068e0c26fa125d54627d7e7543360bce4acee0af17783b07450b5f52

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.4.5.499\resources\wallpapers\sea_preview.jpg

MD5 53ba159f3391558f90f88816c34eacc3
SHA1 0669f66168a43f35c2c6a686ce1415508318574d
SHA256 f60c331f1336b891a44aeff7cc3429c5c6014007028ad81cca53441c5c6b293e
SHA512 94c82f78df95061bcfa5a3c7b6b7bf0b9fb90e33ea3e034f4620836309fb915186da929b0c38aa3d835e60ea632fafd683623f44c41e72a879baf19de9561179

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.4.5.499\resources\wallpapers\web\wallpaper.json

MD5 e4bd3916c45272db9b4a67a61c10b7c0
SHA1 8bafa0f39ace9da47c59b705de0edb5bca56730c
SHA256 7fdddc908bd2f95411dcc4781b615d5da3b5ab68e8e5a0e2b3d2d25d713f0e01
SHA512 4045e262a0808225c37711b361837070d0aeb5d65a32b5d514cc6f3c86962ba68f7d108bf4d81aa3bf645789d0753029a72c1ce34688a6d7af15f3e854c73f07

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.4.5.499\resources\wallpapers\sea_static.jpg

MD5 5e1d673daa7286af82eb4946047fe465
SHA1 02370e69f2a43562f367aa543e23c2750df3f001
SHA256 1605169330d8052d726500a2605da63b30613ac743a7fbfb04e503a4056c4e8a
SHA512 03f4abc1eb45a66ff3dcbb5618307867a85f7c5d941444c2c1e83163752d4863c5fc06a92831b88c66435e689cdfccdc226472be3fdef6d9cb921871156a0828

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.4.5.499\resources\wallpapers\web\web_preview.png

MD5 3f7b54e2363f49defe33016bbd863cc7
SHA1 5d62fbfa06a49647a758511dfcca68d74606232c
SHA256 0bbf72a3c021393192134893777ecb305717ccef81b232961ca97ae4991d9ba8
SHA512 b3b458860701f3bc163b4d437066a58b5d441d8a427a8b03772c9c519c01983e3d3fdb8da20f6a53ad95c88dcdd0298f72822f39bc3672cb6f1d77fcc3f025a9

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.4.5.499\resources\wallpapers\stars\preview.png

MD5 ed9839039b42c2bf8ac33c09f941d698
SHA1 822e8df6bfee8df670b9094f47603cf878b4b3ed
SHA256 4fa185f67eaf3a65b991cea723d11f78de15a6a9a5235848a6456b98a9d7f689
SHA512 85119055ddfc6bc4cca05de034b941b1743cbb787607c053e8c10309572d2ef223786fc454d962fbb5e3cde5320117f9efe99041116db48916bc3d2fcd4ffa25

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.4.5.499\resources\wallpapers\sea\sea_preview.png

MD5 3c0d06da1b5db81ea2f1871e33730204
SHA1 33a17623183376735d04337857fae74bcb772167
SHA256 02d8e450f03129936a08b67f3a50ea5d2e79f32c4e8f24d34b464f2cb5e0b086
SHA512 ff0e60c94fc3c0c61d356a26667c5170256e1143b29adf23d4e7d27012da72ed8865ef59dc2046314c7335b8d3d331e5fd78f38b9b92f6af48729dae80f85b15

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.4.5.499\resources\wallpapers\stars\wallpaper.json

MD5 9660de31cea1128f4e85a0131b7a2729
SHA1 a09727acb85585a1573db16fa8e056e97264362f
SHA256 d1bef520c71c7222956d25335e3ba2ea367d19e6c821fb96c8112e5871576294
SHA512 4cb80766c8e3c77dfb5ca7af515939e745280aa695eca36e1f0a83fb795b2b3ef406472f990a82c727cea42d1b4ef44a0d34a7f4f23e362f2992dbff2527798b

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.4.5.499\resources\wallpapers\sea\wallpaper.json

MD5 92e86315b9949404698d81b2c21c0c96
SHA1 4e3fb8ecf2a5c15141bb324ada92c5c004fb5c93
SHA256 c2bb1e5d842c7e5b1b318f6eb7fe1ce24a8209661ddd5a83ab051217ca7c3f65
SHA512 2834b1ef7bb70b2d24c4fedef87cd32c6e8f401d8ee5f3852808f6a557724ce036c31a71298cd0ed601cde4be59ec4042542351c63c4e0ac3d31419f79240956

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.4.5.499\resources\wallpapers\misty_forest\preview.png

MD5 77aa87c90d28fbbd0a5cd358bd673204
SHA1 5813d5759e4010cc21464fcba232d1ba0285da12
SHA256 ea340a389af6d7ad760dff2016cf4e79488bda1a45d0a415b3cd02a4430c9711
SHA512 759519b8822a6a4b88fc9ba47fa9d5d898b2f5a0f359acfbefc04809e6d7f5df86fb130f191eb6f63322792a18c0e7170aedf3ce7060fd9ad7e1bec2e686c3b2

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.4.5.499\resources\wallpapers\peak\wallpaper.json

MD5 f0ac84f70f003c4e4aff7cccb902e7c6
SHA1 2d3267ff12a1a823664203ed766d0a833f25ad93
SHA256 e491962b42c3f97649afec56ad4ea78fd49845ceb15f36edddd08d9e43698658
SHA512 75e048c1d1db6618ead9b1285846922c16a46ee138a511e21235342a5a6452c467b906578bdd4a56e7b9e0a26535df6fb6319ae1cae238055887b48963fa6ed6

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.4.5.499\resources\wallpapers\peak\preview.png

MD5 1d62921f4efbcaecd5de492534863828
SHA1 06e10e044e0d46cd6dccbcd4bae6fb9a77f8be45
SHA256 f72ea12f6c972edfe3d5a203e1e42cbbaf4985633de419342c2af31363f33dab
SHA512 eec8171bd3bea92e24066e36801f334ac93905b7e8e50935f360e09fa8c9b9f848c4c62b687299e8297c0693d6dbaf9c6035b471e6345d626510b73e3606ee4d

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.4.5.499\resources\wallpapers\raindrops\wallpaper.json

MD5 5f18d6878646091047fec1e62c4708b7
SHA1 3f906f68b22a291a3b9f7528517d664a65c85cda
SHA256 bcfea0bebf30ee9744821a61fcce6df0222c1a266e0995b9a8cfbb9156eeeefd
SHA512 893b2077a4abaa2fe89676c89f5e428ccd2420177268159395b5568824dd3fe08bea8a8b2f828c6c9297b19e0f8e3a1b7899315c0b07f4b61fc86ce94301518b

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.4.5.499\resources\wallpapers\raindrops\raindrops_preview.png

MD5 28b10d683479dcbf08f30b63e2269510
SHA1 61f35e43425b7411d3fbb93938407365efbd1790
SHA256 1e70fc9965939f6011488f81cd325223f17b07ee158a93c32c124602b506aa6b
SHA512 05e5b5e9c5ef61f33a883b0286c2239cb2a464581d6e8a86d7b179b1887b4cb2cd7304e0821cdd3208501421c44c63c248a5166c790792717a90f8ac528fbf2f

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.4.5.499\resources\wallpapers\huangshan\huangshan.jpg

MD5 c51eed480a92977f001a459aa554595a
SHA1 0862f95662cff73b8b57738dfaca7c61de579125
SHA256 713c9e03aac760a11e51b833d7e1c9013759990b9b458363a856fd29ea108eec
SHA512 6f896c5f7f05524d05f90dc45914478a2f7509ea79114f240396791f658e2f7070e783fab6ac284327361dc2a48c5918b9f1c969b90795ceacce2c5c5bfa56ca

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.4.5.499\resources\wallpapers\meadow\wallpaper.json

MD5 f3673bcc0e12e88f500ed9a94b61c88c
SHA1 e96e2b2b5c9de451d76742f04cc8a74b5d9a11c0
SHA256 c6581e9f59646e0a51a3194798ec994c7c5c99f28897108838aaf4a4e2bda04a
SHA512 83fb3fe4a3562449a53c13d1c38d5fe9ef1fa55c3006f59b65eace9a6ad4963e768088bc500dbe5266b5979c6ace77874ef11a15a7bd9fabae00ff137e70ecb5

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.4.5.499\resources\wallpapers\meadow\preview.png

MD5 d10bda5b0d078308c50190f4f7a7f457
SHA1 3f51aae42778b8280cd9d5aa12275b9386003665
SHA256 0499c4cc77a64cc89055b3c65d7af8387f5d42399ff2c0a2622eccbd6d481238
SHA512 668e1a70a50a0decf633167ac23cba6916d0e05d0894daae1f7e3d487519f0a126abd4298430b38f52746a5c3b83ccd520b3d9b0ae1a79f893e36821a0458566

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.4.5.499\resources\wallpapers\misty_forest\wallpaper.json

MD5 2b65eb8cc132df37c4e673ff119fb520
SHA1 a59f9abf3db2880593962a3064e61660944fa2de
SHA256 ebe9cadad41bd573f4b5d20e3e251410300b1695dfdf8b1f1f1276d0f0f8fa6d
SHA512 c85fe6895453d0c38a1b393307b52d828bad8fa60d1d65bb83ffa3c5e17b71aa13cab60955489198503839ce5a4a6c1bb353752ab107f5e5b97908116c987e52

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.4.5.499\resources\wallpapers\huangshan\huangshan.webm

MD5 b78f2fd03c421aa82b630e86e4619321
SHA1 0d07bfbaa80b9555e6eaa9f301395c5db99dde25
SHA256 05e7170852a344e2f3288fc3b74c84012c3d51fb7ad7d25a15e71b2b574bfd56
SHA512 404fb2b76e5b549cbcba0a8cf744b750068cbd8d0f9f6959c4f883b35bcaa92d46b0df454719ca1cef22f5924d1243ba2a677b2f86a239d20bfad5365dc08650

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.4.5.499\resources\morphology\dictionary-ru-RU.mrf.sig

MD5 d704b5744ddc826c0429dc7f39bc6208
SHA1 92a7ace56fb726bf7ea06232debe10e0f022bd57
SHA256 151739137bbbdf5f9608a82ec648bdf5d7454a81b86631b53dfc5ad602b207d6
SHA512 1c01217e3480872a6d0f595ceb1b2242ffe3e1ff8b3fdd76eea13a7541606b94d3ccd69492a88220e0e40c17da5d785e4dba1d7501e6be749b9c46f72572ef6f

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.4.5.499\resources\morphology\dictionary-ru-RU.mrf

MD5 0be7417225caaa3c7c3fe03c6e9c2447
SHA1 ff3a8156e955c96cce6f87c89a282034787ef812
SHA256 1585b1599418d790da830ef11e8eeceee0cbb038876fe3959cc41858bd501dbc
SHA512 dfc0de77b717029a8c365146522580ab9d94e4b2327cef24db8f6535479790505c337852d0e924fbfa26e756b3aec911f27f5f17eba824496365c9a526464072

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.4.5.499\resources\safebrowsing\download.png

MD5 528381b1f5230703b612b68402c1b587
SHA1 c29228966880e1a06df466d437ec90d1cac5bf2e
SHA256 3129d9eaba1c5f31302c2563ebfa85747eda7a6d3f95602de6b01b34e4369f04
SHA512 9eb45b0d4e3480a2d51a27ac5a6f20b9ef4e12bf8ac608043a5f01a372db5ea41a628458f7a0b02aaba94cd6bb8355a583d17666f87c3f29e82a0b899e9700bd

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.4.5.499\resources\wallpapers\abstract\light_preview.jpg

MD5 9f6a43a5a7a5c4c7c7f9768249cbcb63
SHA1 36043c3244d9f76f27d2ff2d4c91c20b35e4452a
SHA256 add61971c87104187ae89e50cec62a196d6f8908315e85e76e16983539fba04b
SHA512 56d7bd72c8a380099309c36912513bcafbe1970830b000a1b89256aae20137c88e1e281f2455bb381ab120d682d6853d1ef05d8c57dd68a81a24b7a2a8d61387

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.4.5.499\resources\wallpapers\abstract\light.jpg

MD5 3bf3da7f6d26223edf5567ee9343cd57
SHA1 50b8deaf89c88e23ef59edbb972c233df53498a2
SHA256 2e6f376222299f8142ff330e457867bad3300b21d96daec53579bf011629b896
SHA512 fef8e951c6cf5cec82dbeafd306de3ad46fd0d90e3f41dcea2a6046c95ab1ae39bf8a6e4a696580246c11330d712d4e6e8757ba24bbf180eec1e98a4aec1583b

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.4.5.499\resources\wallpapers\custogray\wallpaper.json

MD5 662f166f95f39486f7400fdc16625caa
SHA1 6b6081a0d3aa322163034c1d99f1db0566bfc838
SHA256 4cd690fb8ed5cd733a9c84d80d20d173496617e8dde6fca19e8a430517349ed5
SHA512 360a175c5e72ff8d2a01ee4e0f365237bbd725b695139ea54afc905e9e57686c5db8864b5abf31373a9cb475adcbdb3db292daf0a53c6eb643a5d61b868ad39b

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.4.5.499\resources\wallpapers\custogray\preview.png

MD5 0474a1a6ea2aac549523f5b309f62bff
SHA1 cc4acf26a804706abe5500dc8565d8dfda237c91
SHA256 55a236ad63d00d665b86ff7f91f2076226d5ed62b9d9e8f835f7cb998556545f
SHA512 d8e3de4fea62b29fd719376d33a65367a3a2a2a22ed175cc1eeff3e38dfbaac448c97a6fbea55bc6159351d11a6aad97e09cb12548cf297e01bd23bf6074de08

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.4.5.499\resources\wallpapers\custogray\custogray_full.png

MD5 55841c472563c3030e78fcf241df7138
SHA1 69f9a73b0a6aaafa41cecff40b775a50e36adc90
SHA256 a7cd964345c3d15840b88fd9bc88f0d0c34a18edbf1ce39359af4582d1d7da45
SHA512 f7433d17937342d9d44aa86bcc30db9ae90450b84aa745d2c7390ff430449e195b693a8ae6df35d05fee2d97149a58a7d881737d57902d9885c6c55393d25d6f

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.4.5.499\resources\wallpapers\fir_tree\wallpaper.json

MD5 8a2f19a330d46083231ef031eb5a3749
SHA1 81114f2e7bf2e9b13e177f5159129c3303571938
SHA256 2cc83bc391587b7fe5ddd387506c3f51840b806f547d203ccd90487753b782f1
SHA512 635828e7b6044eeede08e3d2bb2e68bc0dbbe9e14691a9fb6e2bc9a2ac96526d8b39c8e22918ff2d944fb07b2531077f8febd43028be8213aa2fad858b6ee116

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.4.5.499\resources\wallpapers\fir_tree\fir_tree_preview.png

MD5 d6305ea5eb41ef548aa560e7c2c5c854
SHA1 4d7d24befe83f892fb28a00cf2c4121aeb2d9c5d
SHA256 4c2b561cf301d9e98383d084a200deb7555ec47a92772a94453d3d8d1de04080
SHA512 9330009997d62c1804f1e4cf575345016cda8d6a1dd6cb7d2501df65ea2021df6b8a5bc26809ddfc84e6ff9450f1e404c135561b1b00b9e4915c69e84f89cfec

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.4.5.499\resources\wallpapers\flowers\wallpaper.json

MD5 a0ef93341ffbe93762fd707ef00c841c
SHA1 7b7452fd8f80ddd8fa40fc4dcb7b4c69e4de71a0
SHA256 70c8d348f7f3385ac638956a23ef467da2769cb48e28df105d10a0561a8acb9e
SHA512 a40b5f7bd4c2f5e97434d965ef79eed1f496274278f7caf72374989ac795c9b87ead49896a7c9cbcac2346d91a50a9e273669296da78ee1d96d119b87a7ae66a

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.4.5.499\resources\wallpapers\flowers\flowers_preview.png

MD5 ba6e7c6e6cf1d89231ec7ace18e32661
SHA1 b8cba24211f2e3f280e841398ef4dcc48230af66
SHA256 70a7a65aa6e8279a1a45d93750088965b65ea8e900c5b155089ca119425df003
SHA512 1a532c232dd151474fbc25e1b435a5e0d9d3f61372036d97bcaab3c352e7037f1c424b54a8904ef52cf34c13a77b7ab295fb4fd006c3ab86289577f469a6cd4c

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.4.5.499\resources\wallpapers\huangshan\huangshan_preview.jpg

MD5 1edab3f1f952372eb1e3b8b1ea5fd0cf
SHA1 aeb7edc3503585512c9843481362dca079ac7e4a
SHA256 649c55ccc096cc37dfe534f992b1c7bda68da589258611924d3f6172d0680212
SHA512 ecd9609fbf821239ddcbdc18ef69dade6e32efd10c383d79e0db39389fa890a5c2c6db430a01b49a44d5fa185f8197dbbde2e1e946f12a1f97a8c118634c0c34

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.4.5.499\resources\morphology\stop-words-ru-RU.list

MD5 24281b7d32717473e29ffab5d5f25247
SHA1 aa1ae9c235504706891fd34bd172763d4ab122f6
SHA256 cbeec72666668a12ab6579ae0f45ccbdbe3d29ee9a862916f8c9793e2cf55552
SHA512 2f81c87358795640c5724cfabcabe3a4c19e5188cedeab1bd993c8ccfc91c9c63a63e77ac51b257496016027d8bccb779bd766174fa7ea2d744bd2e2c109cb8b

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.4.5.499\resources\extension\fcgfaidpicddcilhjhafmmcgfodijhjd\brand_settings.json

MD5 a3779768809574f70dc2cba07517da14
SHA1 ffd2343ed344718fa397bac5065f6133008159b8
SHA256 de0fbb08708d4be7b9af181ec26f45fccd424e437bc0cfb5cf38f2604f01f7b2
SHA512 62570be7ea7adee14b765d2af46fcd4dc8eec9d6274d9e00c5f361ff9b0cdb150305edad65a52b557c17dd9682e371004a471fa8958b0bd9cfbe42bb04ca5240

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.4.5.499\resources\extension\elokbjeafkcggjfjkakpchmcmhkhaofn\brand_settings.json

MD5 f70c4b106fa9bb31bc107314c40c8507
SHA1 2a39695d79294ce96ec33b36c03e843878397814
SHA256 4940847c9b4787e466266f1bb921097abb4269d6d10c0d2f7327fde9f1b032b7
SHA512 494dce5543e6dacc77d546015f4ea75fd2588625e13450dba7ba0bd4c2f548b28c746a0d42c7f9b20d37f92af6710927d4bccb2fee4faa17d3ec2c07ff547e70

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.4.5.499\resources\extension\gopnelejddjjkamjfblkcijjikkinnec\brand_settings.json

MD5 30fdb583023f550b0f42fd4e547fea07
SHA1 fcd6a87cfb7f719a401398a975957039e3fbb877
SHA256 114fd03aa5ef1320f6cc586e920031cf5595a0d055218ce30571ff33417806d3
SHA512 bae328e1be15c368f75396d031364bef170cfcf95dbdf4d78be98cff2b37a174d3f7ebb85b6e9eb915bb6269898cbcecd8a8415dc005c4444175fe0447126395

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.4.5.499\resources\easylist\manifest.json

MD5 15bcd6d3b8895b8e1934ef224c947df8
SHA1 e4a7499779a256475d8748f6a00fb4580ac5d80d
SHA256 77334f6256abddcc254f31854d1b00aa6743e20aadbb9e69187144847099a66b
SHA512 c2d3778a99af8d8598e653593d5e2d1d0b3b2ace11addd2d3eeb2bf3b57d51bf938ddaf2d2743322e0ce02e291b81f61c319daf34c1cd604ffce1f6407a30b34

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.4.5.499\resources\easylist\easylist.txt

MD5 8e4bcad511334a0d363fc9f0ece75993
SHA1 62d4b56e340464e1dc4344ae6cb596d258b8b5de
SHA256 2f317fee439877eaadb1264bd3d1e153c963ef98596a4ccf227592aea12ae76f
SHA512 65077bd249c51be198234ff927040ef849cd79adcd611ed2afae511bc2a257a21f13171bf01cb06fce788c1cff88c8ad39cf768c5900d77cd15453a35e7f0721

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.4.5.499\Extensions\ghjgbemlcjioaaejhnnmgfpiplgalgcl.json

MD5 2ec6275318f8bfcab1e2e36a03fd9ffa
SHA1 063008acf0df2415f5bd28392d05b265427aac5c
SHA256 20832de8163d5af0a0c8bda863bcd6083df4f92175d856ce527de1dae1f7c433
SHA512 5eee4555be05d07bce49c9d89a1a64bb526b83e3ca6f06e2f9ef2094ad04c892110d43c25183da336989a00d05dad6ff5898ff59e2f0a69dcaaf0aa28f89a508

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

MD5 abaac67c9f093515e0082768df4ac36d
SHA1 48d09756d20b98cdeb2eba8ee6f311c13e7eb9e9
SHA256 a250600b05be41bec407873b3bfa43cb1c6e8f44be7ce48a86aedd41c7ee920d
SHA512 e3deed87327f838cf194da86bf88d1975f94b16df17f1dc90366d3576c5c5b51a7c3450fcfbe714ae50265b05eeb4f528d353b9557039eafeff93134fd0cf0ee

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\install_state.json

MD5 a8edb942af008a422b41a408375376c1
SHA1 e320d47d19f6a4e014f4f0ef26d75e819b3fbd12
SHA256 8cfb70cb05069a980950d13ca9797493926f6413fa7a44d0caad4b0804910ca0
SHA512 1e0f64a6fa27eaba0762cb791616569c637171200fd2449370902d47ce55a16d5a6335ccb40819a530628b2a3b1ff9daed69d87ff7c27ed76fc5de380b8088b0

memory/1144-9226-0x0000000000400000-0x000000000041F000-memory.dmp

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

MD5 389f0a0da35cbb71c2804be3e68f6b98
SHA1 b4e168dbce9fafe7d982356a586c6bd0ce915344
SHA256 f2fce35b77c2d5ea623354937b7529ecd29781862eb5fed2e2be482e1361aa41
SHA512 a4a2c1cd3af13c5866edbf15bf8d56034c3b9037e66140df2836d083e98412df3c9296689767245b6e2e72d8792524d299bab6341adf290d5a429fdbf2dd42e8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences~RFe589853.TMP

MD5 0f6042ccaeb0970c31fc149650ca7777
SHA1 4bfde494d8dd6725c18d2641c9946af3f5b5ab2d
SHA256 b26955ba348eba81e6655675fe46cf766da74149198e6e1b58e06c06d73899f7
SHA512 e1514cb9cf290f6877587d6fa61b48fece9491819b6a2a76b5105ccdc075b0251ad510097001da6bf6cd10b6197d8d37dfabee98bae5461aca9049d75e0d9c3e

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\133efd54-89c5-4ab2-99f2-0ccdffb6737c.tmp

MD5 c5a006460a7018bdb4dbab3015140f92
SHA1 ab4b187e224eb905885c9965ca337bbeb87e6292
SHA256 77bc64301e9787b09e3dcff021eb72eaca83bb776bda675370d60e288c24b5fd
SHA512 07a9e84a0dedfefbeb19be60c7447c1c49ce5e91ee551625bc44a60c497380ee207d12a2e5faf99e001a978f65408f501f3be2854e04b17b727f35df64b334a8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Secure Preferences

MD5 126a744e86f36bd8fd3418bda35e4380
SHA1 db1df721d01aa8f7fc0172202129b2eedd762716
SHA256 2a83e42e67bb3e4772af85d0a369bc5e0e8bc9df944c1c40435cde6de3e99e4d
SHA512 6bffbe72c0599549a8450b1412072551f2b32e2ec03b41a2e9373241963210c2907adab8fb7f3108590dcbb9e410280f75637e298b652bca7ddb0b3ac9371b17

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Secure Preferences~RFe5898ef.TMP

MD5 9b6d1e5ac0ccc099ba28cf47d52e9472
SHA1 8a68a57fc36ecec03e95d80b359fafd6c8685e9b
SHA256 334259c178b504b75e27f7880ead01e1e56380fd36107f43b7d2508abe471cb9
SHA512 4c86eb31d14fd7fc5247c4a2946f3f11caadad5abbe5a65450e807c681941bb0d640bf9926bf813ad52d90ed82b61e0f058177bd627231b40b45517babf3ac44

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

MD5 6254782ab3c872317196977eb463f839
SHA1 b29182c8afb9aed65cd9feb3d3bf26e2d132ba4e
SHA256 d96ef47f792497105cd69504e68e4972647711a4e2ee5334d2b34f892f848c4a
SHA512 d07bcf656776b69717fcdc8bcc1988664807355c3fd844c646378ae2e9b26e6b89e73488337e52a1dafe90da80846c005d0d8542cc54e99a87e356ef0f16e60c

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\GraphiteDawnCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\GraphiteDawnCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\GraphiteDawnCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\GraphiteDawnCache\data_1

MD5 d0d388f3865d0523e451d6ba0be34cc4
SHA1 8571c6a52aacc2747c048e3419e5657b74612995
SHA256 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b
SHA512 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Sync Data\LevelDB\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Sync Data\LevelDB\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\069500a3-d807-4711-9786-59b39f7aa075.tmp

MD5 e83f8ddcd8a44db1f17574eb0f501331
SHA1 0b30ec881ad62158f896ea47f5c70db3806aefd6
SHA256 3bae34ca8c4ca34ad7177a57d3934891651bea573f72a7da8cdf004f897ffee3
SHA512 8a246ea1417825e1de0ee26af667c849175659441dac4c9f115d58ebb68abaac9245b231d787edfa72384ebdf0f170e871fca352b441faa41bc2984bc1a56223

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

memory/9740-9565-0x000000000C760000-0x000000000C761000-memory.dmp

memory/9740-9532-0x000000000C760000-0x000000000C761000-memory.dmp

memory/9740-9697-0x000000000C9E0000-0x000000000C9E1000-memory.dmp

memory/9740-9729-0x000000000C9E0000-0x000000000C9E1000-memory.dmp

memory/9740-9746-0x000000000C760000-0x000000000C761000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edb.log

MD5 ddf7a5c75c28da9c535976051f1a05ab
SHA1 ad9f2c944450dcf26300607515e137db4423f3d7
SHA256 012143466be218281be03af3ae75ad0632d3cd1535026adbef43a19effe7d644
SHA512 8ad589775641354a42d492f92dc0fb915d2608399717e89ebc3bc5e6b15b4b2354147fd77e8e53f7182cbb589372ab55314728415a10d8f1f60c2a9bf59f850e

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\web_ntp_cache\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\9646cda6-914d-4ef5-8e19-3e0d6f879258\index-dir\the-real-index

MD5 a2fd6934ddac30ad37e6f311d9653144
SHA1 97889ec214dcb71be31e0e104a13dd321013cb18
SHA256 8ddde5bbfbd2d5af11241f2133036b938730a07b6775db7ebd21a6149dbd74d5
SHA512 5f748ee2f5a030855a865d3047d2bea467973b32d5723914ccb3df0ac9f434f619797c8126c6ca7e07b80bca242baff2539d16a678d43e238b51ecbe21c0d94e

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\turboapp_db.json~RFe589c3b.TMP

MD5 ff9d1be75fc3a1f66595cac193aa4dcc
SHA1 683b60f186bc5434709443643eb6375f60195b8d
SHA256 d1ddcfe070b9fef48fdf42efb2ef02882af8b7b59b09888936e21e267a5fa441
SHA512 57934d7952985c29e064b5502343baba05518bc6c8cb648421907306f16e847b1d422c0435ab211db6616d7f7785c7abb72b5b2652d99c81a59c7ea37cdc2659

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\turboapp_db.json

MD5 03badcadb2ec9624bd52c167aa486e09
SHA1 6591acde9e2804f50647bb0a8da6ef312527c9c3
SHA256 c32dc85fa607351a2ee598633a7de07d781274a286c52f79535285f446f25273
SHA512 058201e30f288207effc92b226eec678125853ad55e2ae2a6b524a00ee4220ca86321377bf255ddd228555ecfec4d996388c4385001404097efd24a97f889a1c

memory/3260-10286-0x0000000000400000-0x000000000041F000-memory.dmp

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

MD5 e2c0fdcc863afb8a00b0a2a821e60e4a
SHA1 813a7b7334900b4d0876a40811ad71adf102fcca
SHA256 2465862a9704192aedb0a29f4659c7610551c9e5da8ebf6db8cb701005aacfda
SHA512 b882b2d95914653add9492f79e4cb70e8be78be8f199c5637fd76b2be4fb786a4f8fd46d66424437bb01a77c0b9117cbcd71983beeff6f1b8120a655c09af7c6