Analysis

  • max time kernel
    147s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    23-06-2024 21:54

General

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

windowsdefender

C2

88.168.211.65:6522

Mutex

9300538b8eb52046b545ea0eefc265d2

Attributes
  • reg_key

    9300538b8eb52046b545ea0eefc265d2

  • splitter

    Y262SUCZ4UJJ

Signatures

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

  • Downloads MZ/PE file
  • Modifies Windows Firewall 2 TTPs 2 IoCs
  • Checks computer location settings 2 TTPs 7 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file 2 IoCs
  • Executes dropped EXE 64 IoCs
  • Loads dropped DLL 64 IoCs
  • Modifies file permissions 1 TTPs 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Adds Run key to start application 2 TTPs 3 IoCs
  • Blocklisted process makes network request 1 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Drops file in System32 directory 1 IoCs
  • Drops file in Program Files directory 3 IoCs
  • Drops file in Windows directory 20 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Event Triggered Execution: Netsh Helper DLL 1 TTPs 6 IoCs

    Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

  • Enumerates system info in registry 2 TTPs 7 IoCs
  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
  • Modifies data under HKEY_USERS 5 IoCs
  • Modifies registry class 64 IoCs
  • Modifies system certificate store 2 TTPs 6 IoCs
  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 35 IoCs
  • Suspicious use of SendNotifyMessage 32 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://temp.sh/WwJqO/vmware.exe
    1⤵
    • Modifies Internet Explorer Phishing Filter
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1756
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1756 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2884
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1014REI\vmware.exe
      "C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1014REI\vmware.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1488
      • C:\Users\Admin\AppData\Local\Temp\WTLDR.exe
        "C:\Users\Admin\AppData\Local\Temp\WTLDR.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2156
        • C:\Users\Admin\AppData\Local\Temp\chrome_protect.exe
          "C:\Users\Admin\AppData\Local\Temp\chrome_protect.exe"
          4⤵
          • Drops startup file
          • Executes dropped EXE
          • Adds Run key to start application
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:1108
          • C:\Windows\SysWOW64\netsh.exe
            netsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\chrome_protect.exe" "chrome_protect.exe" ENABLE
            5⤵
            • Modifies Windows Firewall
            • Event Triggered Execution: Netsh Helper DLL
            PID:1544
          • C:\Windows\SysWOW64\netsh.exe
            netsh firewall delete allowedprogram "C:\Users\Admin\AppData\Local\Temp\chrome_protect.exe"
            5⤵
            • Modifies Windows Firewall
            • Event Triggered Execution: Netsh Helper DLL
            PID:1808
          • C:\Windows\SysWOW64\cmd.exe
            cmd.exe /c ping 0 -n 2 & del "C:\Users\Admin\AppData\Local\Temp\chrome_protect.exe"
            5⤵
            • Suspicious use of WriteProcessMemory
            PID:2340
            • C:\Windows\SysWOW64\PING.EXE
              ping 0 -n 2
              6⤵
              • Runs ping.exe
              PID:2372
      • C:\Users\Admin\AppData\Local\Temp\KLSetup.exe
        "C:\Users\Admin\AppData\Local\Temp\KLSetup.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:1568
        • C:\Users\Admin\AppData\Local\Temp\yadl.exe
          "C:\Users\Admin\AppData\Local\Temp\yadl.exe" --partner 418804 --distr /quiet /msicl "YABROWSER=y YAQSEARCH=y YAHOMEPAGE=y VID=354"
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Modifies system certificate store
          • Suspicious use of WriteProcessMemory
          PID:2212
          • C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe
            "C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe" /quiet /msicl "YABROWSER=y YAQSEARCH=y YAHOMEPAGE=y VID=354"
            5⤵
            • Executes dropped EXE
            • Suspicious use of AdjustPrivilegeToken
            PID:1752
          • C:\Users\Admin\AppData\Local\Temp\yadl.exe
            C:\Users\Admin\AppData\Local\Temp\yadl.exe --stat dwnldr/p=418804/rid=8dbd23b5-3c00-4987-97f5-e26184e3f3be/sbr=0-0/hrc=200-200/bd=267-10639168/gtpr=1-1-1-255-1/cdr=0-b7-b7-ff-b7/for=3-0/fole=255-0/fwle=255-0/vr=ff-800b0109/vle=ff-800b0109/hovr=ff-0/hovle=ff-0/shle=ff-0/vmajor=6/vminor=1/vbuild=7601/distr_type=landing/cnt=0/dt=6/ct=2/rt=0 --dh 1528 --st 1719179742
            5⤵
            • Executes dropped EXE
            PID:1768
        • C:\Users\Admin\AppData\Roaming\.minecraft\KLauncher.exe
          "C:\Users\Admin\AppData\Roaming\.minecraft\KLauncher.exe"
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:868
          • C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe
            "C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe" -version
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:348
            • C:\Windows\system32\icacls.exe
              C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
              6⤵
              • Modifies file permissions
              PID:2452
          • C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe
            "C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe" -XX:+UseG1GC -Dfile.encoding=UTF-8 -jar "C:\Users\Admin\AppData\Roaming\.minecraft\KLauncher.exe"
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Suspicious use of SetWindowsHookEx
            PID:796
            • C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\java.exe
              java.exe -version
              6⤵
              • Executes dropped EXE
              PID:1348
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2556
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 24DFC157FCC18C17ADA55185C90E525E
      2⤵
      • Loads dropped DLL
      PID:2336
      • C:\Users\Admin\AppData\Local\Temp\7A211A2D-C79F-453E-9139-561FAC3D7E45\lite_installer.exe
        "C:\Users\Admin\AppData\Local\Temp\7A211A2D-C79F-453E-9139-561FAC3D7E45\lite_installer.exe" --use-user-default-locale --silent --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/5/ --YABROWSER
        3⤵
        • Executes dropped EXE
        PID:1612
      • C:\Users\Admin\AppData\Local\Temp\947A51D1-902C-4954-B5DB-B39E2F620698\seederexe.exe
        "C:\Users\Admin\AppData\Local\Temp\947A51D1-902C-4954-B5DB-B39E2F620698\seederexe.exe" "--yqs=y" "--yhp=y" "--ilight=" "--oem=" "--nopin=n" "--pin_custom=n" "--pin_desktop=n" "--pin_taskbar=y" "--locale=us" "--browser=y" "--browser_default=" "--loglevel=trace" "--ess=" "--clids=C:\Users\Admin\AppData\Local\Temp\clids-yasearch.xml" "--sender=C:\Users\Admin\AppData\Local\Temp\12A0593A-69BF-4E3D-941E-7C00618D24D1\sender.exe" "--is_elevated=yes" "--ui_level=2" "--good_token=x" "--no_opera=n"
        3⤵
        • Executes dropped EXE
        • Modifies Internet Explorer settings
        • Modifies Internet Explorer start page
        PID:1932
        • C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe
          C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe --silent --pin-taskbar=y --pin-desktop=n
          4⤵
          • Executes dropped EXE
          PID:6900
        • C:\Users\Admin\AppData\Local\Temp\12A0593A-69BF-4E3D-941E-7C00618D24D1\sender.exe
          C:\Users\Admin\AppData\Local\Temp\12A0593A-69BF-4E3D-941E-7C00618D24D1\sender.exe --send "/status.xml?clid=6035492-354&uuid=cd6fd94f-AB17-40A5-842C-61F58DF30afc&vnt=Windows 7x64&file-no=6%0A10%0A11%0A12%0A13%0A15%0A17%0A18%0A21%0A22%0A24%0A25%0A40%0A42%0A43%0A45%0A57%0A61%0A89%0A103%0A111%0A123%0A124%0A125%0A129%0A"
          4⤵
          • Executes dropped EXE
          PID:6608
  • C:\Users\Admin\AppData\Local\Temp\{E1B355E0-236E-4E8A-B095-A16158FF3343}.exe
    "C:\Users\Admin\AppData\Local\Temp\{E1B355E0-236E-4E8A-B095-A16158FF3343}.exe" --job-name=yBrowserDownloader-{DB166274-067A-4BF5-95D7-B63D74DD1984} --send-statistics --local-path=C:\Users\Admin\AppData\Local\Temp\{E1B355E0-236E-4E8A-B095-A16158FF3343}.exe --YABROWSER --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/5/ --silent --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe?clid=6035461-354&ui=cd6fd94f-AB17-40A5-842C-61F58DF30afc --use-user-default-locale
    1⤵
    • Executes dropped EXE
    PID:7880
    • C:\Users\Admin\AppData\Local\Temp\yb2B26.tmp
      "C:\Users\Admin\AppData\Local\Temp\yb2B26.tmp" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\34b0acab-c04c-4dbc-be58-57d03fa2211b.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/5/ --install-start-time-no-uac=268071600 --installer-brand-id=yandex --installer-partner-id=pseudoportal-ru --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --job-name=yBrowserDownloader-{DB166274-067A-4BF5-95D7-B63D74DD1984} --local-path="C:\Users\Admin\AppData\Local\Temp\{E1B355E0-236E-4E8A-B095-A16158FF3343}.exe" --partner-package="C:\Users\Admin\AppData\Local\Temp\PartnerFile" --progress-window=0 --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe?clid=6035461-354&ui=cd6fd94f-AB17-40A5-842C-61F58DF30afc --send-statistics --silent --source=lite --use-user-default-locale --variations-update-path="C:\Users\Admin\AppData\Local\Temp\ad433c5e-3a65-4bd2-9f77-fbffa02e1fad.tmp" --verbose-logging --yabrowser --yandex-website-icon-file="C:\Users\Admin\AppData\Local\Temp\website.ico"
      2⤵
      • Executes dropped EXE
      PID:5604
      • C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe
        "C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\BROWSER.PACKED.7Z" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\34b0acab-c04c-4dbc-be58-57d03fa2211b.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/5/ --install-start-time-no-uac=268071600 --installer-brand-id=yandex --installer-partner-id=pseudoportal-ru --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --job-name=yBrowserDownloader-{DB166274-067A-4BF5-95D7-B63D74DD1984} --local-path="C:\Users\Admin\AppData\Local\Temp\{E1B355E0-236E-4E8A-B095-A16158FF3343}.exe" --partner-package="C:\Users\Admin\AppData\Local\Temp\PartnerFile" --progress-window=0 --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe?clid=6035461-354&ui=cd6fd94f-AB17-40A5-842C-61F58DF30afc --send-statistics --silent --source=lite --use-user-default-locale --variations-update-path="C:\Users\Admin\AppData\Local\Temp\ad433c5e-3a65-4bd2-9f77-fbffa02e1fad.tmp" --verbose-logging --yabrowser --yandex-website-icon-file="C:\Users\Admin\AppData\Local\Temp\website.ico"
        3⤵
        • Executes dropped EXE
        PID:5468
        • C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe
          "C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\BROWSER.PACKED.7Z" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\34b0acab-c04c-4dbc-be58-57d03fa2211b.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/5/ --install-start-time-no-uac=268071600 --installer-brand-id=yandex --installer-partner-id=pseudoportal-ru --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --job-name=yBrowserDownloader-{DB166274-067A-4BF5-95D7-B63D74DD1984} --local-path="C:\Users\Admin\AppData\Local\Temp\{E1B355E0-236E-4E8A-B095-A16158FF3343}.exe" --partner-package="C:\Users\Admin\AppData\Local\Temp\PartnerFile" --progress-window=0 --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe?clid=6035461-354&ui=cd6fd94f-AB17-40A5-842C-61F58DF30afc --send-statistics --silent --source=lite --use-user-default-locale --variations-update-path="C:\Users\Admin\AppData\Local\Temp\ad433c5e-3a65-4bd2-9f77-fbffa02e1fad.tmp" --verbose-logging --yabrowser --yandex-website-icon-file="C:\Users\Admin\AppData\Local\Temp\website.ico" --verbose-logging --run-as-admin --target-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application" --child-setup-process --restart-as-admin-time=299628600
          4⤵
          • Executes dropped EXE
          • Modifies registry class
          PID:5632
          • C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe
            C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=a3028db1baffc0578427f8e443889a44 --annotation=main_process_pid=5632 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.6.0.1878 --initial-client-data=0x1b0,0x1b4,0x1b8,0x184,0x1bc,0x6c1cbc,0x6c1cc8,0x6c1cd4
            5⤵
            • Executes dropped EXE
            PID:6044
          • C:\Windows\TEMP\sdwra_5632_436080900\service_update.exe
            "C:\Windows\TEMP\sdwra_5632_436080900\service_update.exe" --setup
            5⤵
            • Executes dropped EXE
            • Drops file in Program Files directory
            PID:9656
            • C:\Program Files (x86)\Yandex\YandexBrowser\24.6.0.1878\service_update.exe
              "C:\Program Files (x86)\Yandex\YandexBrowser\24.6.0.1878\service_update.exe" --install
              6⤵
              • Executes dropped EXE
              PID:9708
          • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
            "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Temp\clids.xml"
            5⤵
            • Executes dropped EXE
            PID:9228
          • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
            "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\source5632_1102270951\Browser-bin\clids_yandex_second.xml"
            5⤵
            • Executes dropped EXE
            PID:9432
  • C:\Program Files (x86)\Yandex\YandexBrowser\24.6.0.1878\service_update.exe
    "C:\Program Files (x86)\Yandex\YandexBrowser\24.6.0.1878\service_update.exe" --run-as-service
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Modifies data under HKEY_USERS
    PID:9544
    • C:\Program Files (x86)\Yandex\YandexBrowser\24.6.0.1878\service_update.exe
      "C:\Program Files (x86)\Yandex\YandexBrowser\24.6.0.1878\service_update.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=a3028db1baffc0578427f8e443889a44 --annotation=main_process_pid=9544 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.6.0.1878 --initial-client-data=0x13c,0x140,0x144,0x110,0x148,0x2ab728,0x2ab734,0x2ab740
      2⤵
      • Executes dropped EXE
      PID:9556
    • C:\Program Files (x86)\Yandex\YandexBrowser\24.6.0.1878\service_update.exe
      "C:\Program Files (x86)\Yandex\YandexBrowser\24.6.0.1878\service_update.exe" --update-scheduler
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      PID:8784
      • C:\Program Files (x86)\Yandex\YandexBrowser\24.6.0.1878\service_update.exe
        "C:\Program Files (x86)\Yandex\YandexBrowser\24.6.0.1878\service_update.exe" --update-background-scheduler
        3⤵
        • Executes dropped EXE
        • Drops file in Windows directory
        PID:8168
  • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
    "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --progress-window=0 --install-start-time-no-uac=268071600
    1⤵
    • Checks computer location settings
    • Executes dropped EXE
    • Adds Run key to start application
    • Drops file in Windows directory
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:9252
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id= --annotation=main_process_pid=9252 --annotation=metrics_client_id=eebb1e7f281049b7b63c8a71002f524a --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.6.0.1878 --initial-client-data=0xf4,0xf8,0xfc,0xc8,0x100,0x70f45a28,0x70f45a34,0x70f45a40
      2⤵
      • Executes dropped EXE
      PID:8720
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --gpu-process-kind=sandboxed --field-trial-handle=1816,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=1812 /prefetch:2
      2⤵
      • Executes dropped EXE
      PID:2500
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=disabled --gpu-process-kind=trampoline --field-trial-handle=1708,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2028 /prefetch:2
      2⤵
      • Executes dropped EXE
      PID:928
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Network Service" --field-trial-handle=2016,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2152 --brver=24.6.0.1878 /prefetch:3
      2⤵
      • Executes dropped EXE
      PID:7976
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=ru --service-sandbox-type=service --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Storage Service" --field-trial-handle=2324,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2336 --brver=24.6.0.1878 /prefetch:8
      2⤵
      • Executes dropped EXE
      PID:7868
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=ru --service-sandbox-type=audio --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Audio Service" --field-trial-handle=2844,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2924 --brver=24.6.0.1878 /prefetch:8
      2⤵
      • Executes dropped EXE
      PID:7804
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --extension-process --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --no-appcompat-clear --enable-ignition --allow-prefetch --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3068,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3064 /prefetch:2
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      PID:7208
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --no-appcompat-clear --enable-ignition --allow-prefetch --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3536,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3532 /prefetch:1
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      PID:6792
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=ru --service-sandbox-type=none --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Импорт профилей" --field-trial-handle=3500,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3660 --brver=24.6.0.1878 /prefetch:8
      2⤵
      • Executes dropped EXE
      PID:6888
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --field-trial-handle=3252,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3508 --brver=24.6.0.1878 /prefetch:8
      2⤵
      • Executes dropped EXE
      PID:7080
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --no-appcompat-clear --enable-ignition --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3660,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3692 /prefetch:1
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      PID:3492
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --field-trial-handle=3816,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4156 --brver=24.6.0.1878 /prefetch:8
      2⤵
      • Executes dropped EXE
      PID:6332
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --gpu-process-kind=sandboxed --field-trial-handle=2020,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4116 /prefetch:2
      2⤵
      • Executes dropped EXE
      PID:4808
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --ya-custo-process --enable-instaserp --no-appcompat-clear --enable-ignition --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=1960,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3996 /prefetch:1
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      PID:4580
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --field-trial-handle=3888,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3900 --brver=24.6.0.1878 /prefetch:8
      2⤵
      • Executes dropped EXE
      PID:5336
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --ya-custo-process --enable-instaserp --no-appcompat-clear --enable-ignition --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4576,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4592 /prefetch:1
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      PID:5388
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --no-appcompat-clear --enable-ignition --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5164,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5160 /prefetch:1
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      PID:6100
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=service --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Распаковщик файлов" --field-trial-handle=5360,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5368 --brver=24.6.0.1878 /prefetch:8
      2⤵
      • Executes dropped EXE
      PID:6568
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --field-trial-handle=4936,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5436 --brver=24.6.0.1878 /prefetch:8
      2⤵
      • Executes dropped EXE
      PID:9872
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --field-trial-handle=5420,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5440 --brver=24.6.0.1878 /prefetch:8
      2⤵
      • Executes dropped EXE
      PID:9572
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --field-trial-handle=5520,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5540 --brver=24.6.0.1878 /prefetch:8
      2⤵
      • Executes dropped EXE
      PID:9796
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --field-trial-handle=5524,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5548 --brver=24.6.0.1878 /prefetch:8
      2⤵
      • Executes dropped EXE
      PID:9668
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --field-trial-handle=5368,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5488 --brver=24.6.0.1878 /prefetch:8
      2⤵
      • Executes dropped EXE
      PID:8124
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --field-trial-handle=5464,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5408 --brver=24.6.0.1878 /prefetch:8
      2⤵
      • Executes dropped EXE
      PID:2164
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --field-trial-handle=5500,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5440 --brver=24.6.0.1878 /prefetch:8
      2⤵
      • Executes dropped EXE
      PID:8880
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --field-trial-handle=5836,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5840 --brver=24.6.0.1878 /prefetch:8
      2⤵
      • Executes dropped EXE
      PID:9044
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --field-trial-handle=5784,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5848 --brver=24.6.0.1878 /prefetch:8
      2⤵
      • Executes dropped EXE
      PID:8396
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --field-trial-handle=5828,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=6024 --brver=24.6.0.1878 /prefetch:8
      2⤵
      • Executes dropped EXE
      PID:8848
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --field-trial-handle=5820,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5936 --brver=24.6.0.1878 /prefetch:8
      2⤵
      • Executes dropped EXE
      PID:9448
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --field-trial-handle=6036,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5892 --brver=24.6.0.1878 /prefetch:8
      2⤵
      • Executes dropped EXE
      PID:956
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=service --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Распаковщик файлов" --field-trial-handle=5336,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5516 --brver=24.6.0.1878 /prefetch:8
      2⤵
      • Executes dropped EXE
      PID:7800
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=ru --service-sandbox-type=none --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Утилиты Windows" --field-trial-handle=3076,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3100 --brver=24.6.0.1878 /prefetch:8
      2⤵
        PID:2800
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=ru --service-sandbox-type=none --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Утилиты Windows" --field-trial-handle=3060,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3156 --brver=24.6.0.1878 /prefetch:8
        2⤵
          PID:820
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --broupdater --broupdater-origin=auto --bits_job_guid={53FD9F1A-B5B5-4642-B009-2AC33990B934}
        1⤵
        • Executes dropped EXE
        • Enumerates system info in registry
        PID:1572
        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
          C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" --url=https://crash-reports.browser.yandex.net/submit --annotation=install_date=1719179816 --annotation=last_update_date=1719179816 --annotation=launches_after_update=1 --annotation=machine_id=a3028db1baffc0578427f8e443889a44 --annotation=main_process_pid=1572 --annotation=metrics_client_id=eebb1e7f281049b7b63c8a71002f524a --annotation=micromode=broupdater --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.6.0.1878 --initial-client-data=0xf8,0xfc,0x100,0xcc,0x104,0x70f45a28,0x70f45a34,0x70f45a40
          2⤵
          • Executes dropped EXE
          PID:2504
        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --gpu-process-kind=sandboxed --field-trial-handle=1808,i,13501747830820339287,12889975122532335750,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=1804 /prefetch:2
          2⤵
          • Executes dropped EXE
          PID:8004
        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Network Service" --field-trial-handle=1936,i,13501747830820339287,12889975122532335750,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=1952 --brver=24.6.0.1878 /prefetch:3
          2⤵
            PID:7924
        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --broupdater-stat-bits --broupdater-stat-name=install --bits_job_guid={95A52657-79CE-4F32-ADBA-05B2F0438A7F}
          1⤵
          • Enumerates system info in registry
          PID:3832
          • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
            C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" --url=https://crash-reports.browser.yandex.net/submit --annotation=install_date=1719179816 --annotation=last_update_date=1719179816 --annotation=launches_after_update=2 --annotation=machine_id=a3028db1baffc0578427f8e443889a44 --annotation=main_process_pid=3832 --annotation=metrics_client_id=eebb1e7f281049b7b63c8a71002f524a --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.6.0.1878 --initial-client-data=0xf8,0xfc,0x100,0xcc,0x104,0x70f45a28,0x70f45a34,0x70f45a40
            2⤵
              PID:7192
            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --gpu-process-kind=sandboxed --field-trial-handle=1792,i,6075720620835992658,10196605529921995734,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=1784 /prefetch:2
              2⤵
                PID:7032
              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Network Service" --field-trial-handle=1920,i,6075720620835992658,10196605529921995734,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=1936 --brver=24.6.0.1878 /prefetch:3
                2⤵
                  PID:6776

              Network

              MITRE ATT&CK Enterprise v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Config.Msi\f76bc32.rbs

                Filesize

                911B

                MD5

                e4d259b8dc0b03020b1ddfa2b8e26653

                SHA1

                3c9e1f6fb89f84c2216ac610036ab460fb647987

                SHA256

                e2b1c5d02f71c528814884677885d64cc07bd4da17417d0371e5ef8e15b65a27

                SHA512

                6d538ce1852fb18d82b6d71230bf8dd2403ae7ac8d80af33912a1bc72d52dafd3342cebc2d45d1d0e3c316ad5fa22a8dbc6d34a593079422b2cf0a8a5b485ffc

              • C:\ProgramData\Yandex\YandexBrowser\service_update.log

                Filesize

                4KB

                MD5

                616bc1bb64201581bfbe8f8194693cba

                SHA1

                446331ae32af9f114acbe3b8808b6bc8145b1053

                SHA256

                ef9b55c527fdd1debb0fcbab5d96fb4419fdc8c197e8ceed5e1817da16baee0b

                SHA512

                3196f415a7d48b9465f7d0292aeaf09d88dce208868d81c91f02fd7454c4daebfca136abf7f7e6970b4b2829d520a3db077d5b510b3a115bb7acb77a9f913afc

              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

                Filesize

                914B

                MD5

                e4a68ac854ac5242460afd72481b2a44

                SHA1

                df3c24f9bfd666761b268073fe06d1cc8d4f82a4

                SHA256

                cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

                SHA512

                5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

                Filesize

                70KB

                MD5

                49aebf8cbd62d92ac215b2923fb1b9f5

                SHA1

                1723be06719828dda65ad804298d0431f6aff976

                SHA256

                b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

                SHA512

                bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

                Filesize

                1KB

                MD5

                a266bb7dcc38a562631361bbf61dd11b

                SHA1

                3b1efd3a66ea28b16697394703a72ca340a05bd5

                SHA256

                df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

                SHA512

                0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

                Filesize

                252B

                MD5

                f04df49b6ae85bfde788624223be9966

                SHA1

                ce2f041307f0fc4e4132bee039981fe25872d6f1

                SHA256

                2c5f08f8a268709d24cd937ae96f936fe0d0659f4015a2a78dc81515c078dc69

                SHA512

                5bc03fc482492186fa51c214b56facb97d8dbcbc3bf5f89cf2fde51d63395f5273e375d0d3d21f1045cd4438c3c4630d12325987c939f8c2848023ce9aecb12d

              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                Filesize

                342B

                MD5

                9116a6b807f784b3071e457645d9d354

                SHA1

                9fbb28ac0d62e2a3f60013ffff2e5dfd6b985f96

                SHA256

                9fc5eb98cfcdcf85e4833f0e8b62b0ef1f019c4c653a85e1019aadfe6291971b

                SHA512

                d96823d6e636602b31ae23730f8dc29e4ec030d3c2dea2d34b1dea1773f260568e34d9aae65cab934a2dfb0f83c9f19d401c440a6b84dadfb7449c61ca1057b5

              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                Filesize

                342B

                MD5

                adcf509412af68bdac89c2e0c5c3e87b

                SHA1

                c707b3415023f1465e99a93b91701593a9938869

                SHA256

                5bcb70aef82348e1779541bf07daeca6ab7a79067599c2059a348e7b800dbc24

                SHA512

                cc5c37a5bbef41d51d0e212b2f982d867558e72612831d581460333c9c049cad1ea27c4582c960680f07e15b14ec72fb76599b7a2cb833b48965547b37ef8ab3

              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                Filesize

                342B

                MD5

                f344d2e972bd66962f5b67ae7deded5c

                SHA1

                72d09c55e34fa27152d5095e60722332d11586de

                SHA256

                58400f611db211ab4689e945cce1731d8116d9ef2b36d5818f6725b80c24ab22

                SHA512

                5767df03597d619eb53f7a4ae195ac3b2fff12a29b63ca2cd5beaec53ddac7141c1df82233480e805c58e317902e7b8cb5e6297ca6600a3a355f8cade816f21b

              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                Filesize

                342B

                MD5

                d3624f2d6c19b66b3dc65c654b02f1fe

                SHA1

                58b5d3d245f21b64651ba6bba51025e036d2f3f3

                SHA256

                ec2675017aed3f84812908f1fc35d71c53371235a247a7b71c6f0660ff5f549e

                SHA512

                ad67c7c6b61908bb05782df01e86c40b9f03550ea52ff8c365e1706ce846af58de3ae33fb10ef42d6c932346996dc0fcf3530042327d8679b83b494f61423dad

              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                Filesize

                342B

                MD5

                f2a93aa1bbce9ba296079e1efaccee72

                SHA1

                da015b38f0740ff8e907b461ec530b9eccafac78

                SHA256

                e95ee5e12cd21523e687acb83f31f104138eba45569a1a739507018ba006c22c

                SHA512

                b29a2ff38bb4221f3a2072a60d345e22df17cd67511e43b9dd34c2bc900c9a5400d38fc77d88a2f8e679d73ecdbca5d2103b11dd779a5eee4f4889881ac72794

              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                Filesize

                342B

                MD5

                a15677bfb3bf3b4342626021928d97b0

                SHA1

                bfbc76cd6c3b52abdc647bcb4673e895a1c5e817

                SHA256

                ed548c122c899c5d672bf51b06be55a26fccb81bc05394ac7173e081ea25e97c

                SHA512

                4b1fad11b8e6375f23c0356861dcf145d4dbf97729562a30f84e20857d0350016b5ad787325bce113c8c1ee27b4ec0cc43ca680793157ec73490d8de04c5f4d3

              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                Filesize

                342B

                MD5

                e2c3d90efc0e60add4a80bb4a0ac08bc

                SHA1

                03add7f2c02ff0bfae766840ec4dd007744678cd

                SHA256

                cb763a7329d69b15bb62277665d346149041fa5bd3185517550a8b35da2e4442

                SHA512

                95ef6a129d44f86debb47f6b98aecb22082c64893e1c407d82114867dac3a4fe92c09e1a1da63129a554fd9b9a2e6139e20e3d3f27502db73c70801aa2f37edc

              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                Filesize

                342B

                MD5

                06a9456e467382df18a3593e4d54af7e

                SHA1

                e36aa1c7c17b12d8007149dfd10660a3eccee341

                SHA256

                2c39a8e836cf8d79fcde99af816da33866321879eace0406fd8da603ea5738fa

                SHA512

                d27c67eed7cb6a2cc308c36cab14b292e6cde4a212fb57c4aa21d4e39a8d3960a556cb8c805464c2c2441f649e3badbfbe2e712c06fd04532d3f32a7a6c2218f

              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                Filesize

                344B

                MD5

                1c866d99680e5d3cc1b81b0ad62cc29d

                SHA1

                4b6b656666f07231cf98fc415a56155e07bc9655

                SHA256

                e53d9a6ff48c2a0eac3c691d98190ad19121f70fac3e6f779aa768d2d2437d61

                SHA512

                a207a31c97e80b8103e963379a98c08cdbbc2d1e9fecac5e08e9964a9245a8946855fd928e908dc9c9488f0d94088c713fd31dd26cea6a19a9909a48fb6d6433

              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                Filesize

                342B

                MD5

                d4038df035884a5a9e9c824962d2bd9d

                SHA1

                c4e9f26c16ebaedacc729d083be5f1dfd74ab872

                SHA256

                5e748bdbdb926a837cea26b54583e5713639be3c43c495b3c59ef551a46a0116

                SHA512

                7299c73cd961fbd5fd9fc0bfe74073470f7e0651a545923ba1ccd9b3a86ad9b10e2f2a53c948e45c3a725aefe915eff50ad40d39f41d7b1d017ea2fdf7ea1671

              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                Filesize

                342B

                MD5

                95e4038bb791bea26477f52ccf8c74fc

                SHA1

                cc008ceee8193f6466470212a8c1f478c79ccadc

                SHA256

                b03637a86350e68440e5b342645c4e3f81e746003e032d9d483e97cde40d672c

                SHA512

                b628d1588302295cd135b2578003333a0e451cc9dd8cfa17d2f4baae6ac6e7cd2f3465e634d9212d7a1e450e4f58913dfb189909a5ee7453c4c8037f9a9eaa51

              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                Filesize

                342B

                MD5

                75bfae8ac53ea2d187c724861cba20e5

                SHA1

                c41956c2d657962d7135a44fabc6f901da716d00

                SHA256

                051181488ddd0876f6f938f9268a8edb78b7f9aa61eb26568e8e308dddfd50b2

                SHA512

                e3842cc4803deacabea378240cdd2c4312402aa5472e5dcc307e33e58a9573df0794267a7316147b2cc7d925a8370216667992c19645ccc019a213f92ccb9f68

              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                Filesize

                342B

                MD5

                5eec5b74a5d2731b6004246f221e63f7

                SHA1

                51dc88984534c5c550f4b01329253ea555c546fa

                SHA256

                36f7059bb93937205386db37273a2d7c8eef9cc8ebf489fd309d3bb329431125

                SHA512

                0fbe207214a37c2e671eca4b5e88f493ca7aadad633bc9ab4b57768ff7d1ae0ec948d7e43a3b9e396fea529ffb666730db458e7d23635938534933743027d43f

              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                Filesize

                342B

                MD5

                523613f4e726830e6120c14ad5bfed22

                SHA1

                d39d221ea8a17155dca036d978f4d9a9853c286c

                SHA256

                d53a32e1246771ec2f6ad2c3ce6f718dfa317109775a73174aebd86f739299c5

                SHA512

                4f28b2628249b999b79203969b08ea2130fc29fbe84237aa12c81c51970f6304d3264f32fb9b9b34ab5d277c3f0e8428345c35326e8fec9686c11a9603670425

              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                Filesize

                342B

                MD5

                2ce0358034ad0d9e9e6b694595d9b6aa

                SHA1

                e5c2a89e2230fa220f9fde10feb86724e6ac9b6c

                SHA256

                b60b8ee859546b65e280c798830fe64f91ab6e365c9a81b1f4de5939ccdb4370

                SHA512

                6e29e8fb2b6c440e975c2394272eb9de781e24a0ee0c5b4195fee227744cee57a870bf04cfc145fff94b06a4f3a4a0bf6633ab76e199be926663376daed25127

              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                Filesize

                342B

                MD5

                4ef79103cc1af90c6e30132516972044

                SHA1

                1e45c1db681a0a959578f18167d4064e511c77d9

                SHA256

                5218e58bb49a72454a74bc44c054eb1ddfb596a95e0111b89c6967e4375f7a52

                SHA512

                52dabd7b42e1696fa6e9a662a2ebfabc5012e0d11a3c6b92b9170b183ae42d247a18af6acd2f6d9568338fe50305eb90e02934133be6ecca12b7d82f56d7ed61

              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                Filesize

                342B

                MD5

                623996f9b4b239d36951ebb24bbda141

                SHA1

                af935d13686860cbcbda027452a50caead31c46c

                SHA256

                cfde8ba2715963fb5a0c488a482dca80a9a2d29eefda87886b428f74eeb7e48c

                SHA512

                c3991fdfe5aef3a5f37c54ef8720a1b54b5fab5b36ca06c301021e98f6498a7ec1c2130560006e0da69954e1b1c869cacf5e1b95c7af2bc49ebc9b76fe6c0131

              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

                Filesize

                242B

                MD5

                fe05b740f8a42c496e25440665d0d3f1

                SHA1

                939a623260bd0a77896d71d57e231eb64256454a

                SHA256

                4a438ee4662260d9bad67d9ed4fe2de67edfada3eed01704c7098d1f74eba993

                SHA512

                7b8be23516ee4071fd3a589466a07536ec82c7b520af90d6ff33c02ad186dfc2d7dbd13ad389e0c717cc5cb1d64caa7c364ca6206938ff002c71265d557d73cc

              • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Services\www.ya.ru.ico

                Filesize

                5KB

                MD5

                a6f6261de61d910e0b828040414cee02

                SHA1

                d9df5043d0405b3f5ddaacb74db36623dd3969dc

                SHA256

                6bb91f1d74389b18bce6e71772e4c5573648c1a4823338193f700afdf8216be5

                SHA512

                20cb7b646c160c942e379c6e7a1a8981a09f520361c0205052c1d66e2fdb76333ffaaf0ca1dfc779754f0e844b9946900fbd5690d01869e1607abc1fda6dffab

              • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3NPBB818\vmware[1].exe

                Filesize

                3.8MB

                MD5

                68e634af1eafb17618018de02dd47be7

                SHA1

                bdc653c130d96a32edeb4f2bc48203432b448498

                SHA256

                2d316619d2522838df93cbb8392c4c3a053279d92e586ccd63431cadfbe7816d

                SHA512

                8220a64c8f89d0c30d42e5bfcf770a26422604ea37f48fbcade5679f42bfb474966203cb5bbd2f29f51e435f7f8e04e168e112b2ed3eb419a46536aa7b947071

              • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9bot8sq2.default-release\thumbnails\68f79a69daa8bcc89cc24690c2324c3b

                Filesize

                15KB

                MD5

                af80a936c10e18de168538a0722d6319

                SHA1

                9b1c84a1cf7330a698c89b9d7f33b17b4ba35536

                SHA256

                2435c0376fca765b21d43e897f4baa52daa0958a7015d04103488c606c99d1d3

                SHA512

                9a1325c8ce05806e5c161a4cf47239f62baad8f79650fbd713e74928fce8171ced10ba7f24fac46c548e1dbf3f64106270cb25ca88c836c870107f5dc1f97879

              • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9bot8sq2.default-release\thumbnails\ba433b350a0a2613ceeb89a6c66e8da6

                Filesize

                6KB

                MD5

                e05d28ab78d61968a7132eafe61f54b4

                SHA1

                dcf260ab7cdea7b6fc934e54765c964c1a20bd36

                SHA256

                cbd302b0ea2218f495b9f0a814f34733f2c5f13a6634d74c6e85a5c0863b5621

                SHA512

                ebea612bf803692fa3c7b2573c58f2e43fba0f7039e01b57203978cf69b6f8ca538b563791a760a7e901bb5e392879bd57bdbdb69b6a3781a3886fc0c01eddc0

              • C:\Users\Admin\AppData\Local\Temp\+JXF1594021999544664996.tmp

                Filesize

                67KB

                MD5

                945426f5363c482553695c661ebc75a0

                SHA1

                feb3a62b783c6cba5175e957c6a4d1564e6de534

                SHA256

                b04761b165a8b32e5ac989a3cee07f27658634e7796f708b3e17ff5ccbe23622

                SHA512

                12658f86b8c3744329c2a4c4552ce25c5756e29aa984e0c7fd3fdee13abaa51b221d8ff78a9c406b084d3c08fffc3cdcb2b58f9cfb6af707ab9e3bc8fcee9e98

              • C:\Users\Admin\AppData\Local\Temp\+JXF2465299824772532332.tmp

                Filesize

                66KB

                MD5

                99c471b10eb25b8f0f1fe76a04926b0f

                SHA1

                807f89e70ccf186bde048c8a51a5c2d668190797

                SHA256

                9042ee73964614ed6b3eb4aa30df23c4ac5d3372deffb201ab9287540a34079c

                SHA512

                cbc263c2fbf1325c56adb312be8026ec25766a172bfd8d742a2e86292692c18fb185f595eb8b6fa2898e66ff95404ae52d9e52c393271e9f1fbbfd6c5bb9707d

              • C:\Users\Admin\AppData\Local\Temp\+JXF3015876882171906206.tmp

                Filesize

                138KB

                MD5

                a3de2170e4e9df77161ea5d3f31b2668

                SHA1

                6484f1af6b485d5096b71b344e67f4164c33dd1f

                SHA256

                7b5a4320fba0d4c8f79327645b4b9cc875a2ec617a557e849b813918eb733499

                SHA512

                94a693ab2ce3c59f7a1d35b4bcc0fd08322dad24ce84203060ceceaf3dac44c4c28413c28dcdab35d289f30f8e28223a43c11cb7d5e9a56d851eb697ff9b9b6b

              • C:\Users\Admin\AppData\Local\Temp\+JXF7432461699662347372.tmp

                Filesize

                66KB

                MD5

                794162f5ab873e624c2e8adaef34aa73

                SHA1

                5e631244b866752f9232e170ed81ab94d252ac42

                SHA256

                b272fda2af48d26da480cd02d76059416539612615d38b9145b3f156d677ef7c

                SHA512

                d14a8abf8a3a4279652132ec145c5fad024001241e6c81d1e07c74ad3d438d61ea6f2e2a3d01812621763afbda99486ebe47f858a8dbd440c82448b1619a2426

              • C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe

                Filesize

                10.1MB

                MD5

                3fb846d3691f3d98a34e669e1b9b5bf6

                SHA1

                4c90c2912aae3b8da4c44a4faa0b8df20525285f

                SHA256

                ead7a779cabae642d09be07283cc99e53c84ecf90349444e0d0ac4bf9901fe47

                SHA512

                e904ecfa7b1c9ba066272bf91b8341bf3877310613370defabee7db58ea825c52582353e97f9398d706d3f3890b3701a1c05fe202e8a87499fb9600f87176b3e

              • C:\Users\Admin\AppData\Local\Temp\Cab3E4B.tmp

                Filesize

                65KB

                MD5

                ac05d27423a85adc1622c714f2cb6184

                SHA1

                b0fe2b1abddb97837ea0195be70ab2ff14d43198

                SHA256

                c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

                SHA512

                6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

              • C:\Users\Admin\AppData\Local\Temp\KLSetup.exe

                Filesize

                8.2MB

                MD5

                65f0ee72fac85b324a0734053d436918

                SHA1

                796d3ab9803f5e6ec370ff948f654842af62fd25

                SHA256

                4f128c759e90606c9c7b5546259a7888b2aaaf5ea59d1aa40d5284056366504c

                SHA512

                b18d612652d2023b7ca49bf0008d6f6a77bab25c70fb9d67bd29c4a917344275c2fbe14058e8121e0ec3e2278ae100b66e49494aa63a2d2570d7d95b6c64ed52

              • C:\Users\Admin\AppData\Local\Temp\OMNIJA~1.ZIP

                Filesize

                41.3MB

                MD5

                b6290143f19876d1a412ec6e9f835c14

                SHA1

                4fa4ae1c8984b35987ef17f69a94646b2b0a6bb2

                SHA256

                3b8867f3a7eebfa5a33ce3286bbe568ec18da28bee72f7e7b28368c000d78438

                SHA512

                afff382a44e821fa84560a36ffef8fb6031a7ad1ac9e6e0fa59938c667676945845a55eb373f2139369dc52e000d63e33e8df52f5d4daeaf869e6d9576abb034

              • C:\Users\Admin\AppData\Local\Temp\Tar3E4C.tmp

                Filesize

                171KB

                MD5

                9c0c641c06238516f27941aa1166d427

                SHA1

                64cd549fb8cf014fcd9312aa7a5b023847b6c977

                SHA256

                4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

                SHA512

                936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

              • C:\Users\Admin\AppData\Local\Temp\Tar3F3C.tmp

                Filesize

                181KB

                MD5

                4ea6026cf93ec6338144661bf1202cd1

                SHA1

                a1dec9044f750ad887935a01430bf49322fbdcb7

                SHA256

                8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

                SHA512

                6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

              • C:\Users\Admin\AppData\Local\Temp\WTLDR.exe

                Filesize

                31KB

                MD5

                7a94013c17dc892cea16fbae38646e43

                SHA1

                8cf54c2ac961dd5c82cb3b07c3de317847aa94bb

                SHA256

                cd35af0a0c71c382760409b7b2343c83857d89af55a0b365b72962f0f9c9a400

                SHA512

                03df47db51270ca87172620e5475ce7a99e1fa1bd61e1956e4a0b28792d145b4e30d5b0d7b0737ea3ed331cecaecde78641b4828b1b9425153b1f9ac3de6f34a

              • C:\Users\Admin\AppData\Local\Temp\YandexSearch00000.log

                Filesize

                1KB

                MD5

                966b237be74cd73151e8bf351e98668d

                SHA1

                ff79c524c53895e7ca4b531da5fd43978d190557

                SHA256

                6fc21d359d992c40dc8e4c6565a5019fc75057585a201f345d1338a3995e08c9

                SHA512

                db04b7f03d346870753ff3486e4981019be5d7e3bc1b1304f2ff85674afe1fd833de0347ab8480c909e7189ac31800ce43daecdec2f91d987e255cfdac3196a0

              • C:\Users\Admin\AppData\Local\Temp\lite_installer.log

                Filesize

                11KB

                MD5

                80f7adc41431eb6ea43be821a956d78e

                SHA1

                bbf1a4a0577ffe7383e4fe0620ec1254a774766a

                SHA256

                850110e1974871753233fb292c8aa4f6f01990e84d0c54d2095b31b68322a973

                SHA512

                30737494c6035a3f9f8e2c032a0de4acd522c6edc2f5a37e8c5f934e3d6ee686bd55748045d0df8e389280bb47a99aec4479bd90df8320fcddb86673d7f91040

              • C:\Users\Admin\AppData\Local\Temp\master_preferences

                Filesize

                164KB

                MD5

                5c627a0acb0b4aa6850222290d1b9b30

                SHA1

                dc52e262636616c0524a08bbbffb62a8b9eab9ce

                SHA256

                15cbe382487e05ebc052b8ae3155e4ffbbb515bce90a76f15cda47e076a037d1

                SHA512

                6250e074b4d65e19ef50b1d7389af8e4ae7b97a47582c774c6dded0a5bde2919236cf991a0652d42e042392582e1a92adca9094f5b32015166ffd8b0f2ee7920

              • C:\Users\Admin\AppData\Local\Temp\vendor00000.xml

                Filesize

                510B

                MD5

                a96e6071a17b74bbd309bf696496b8f7

                SHA1

                63c1ecf860504d390b6f3a32982ddd8946b042c5

                SHA256

                1a855972dc308e47d30d567e1b37fdad349bf555b971bc14ead76e17a8accccc

                SHA512

                2c906e2f11d62d1336be482cc5ff784bf372cc7afb3263754e7810a1ae27e253aa9e22463456b62a25049d33ba1e69f129ed7e0a0273fe928dcaa216b7876449

              • C:\Users\Admin\AppData\Local\Temp\yadl.exe

                Filesize

                726KB

                MD5

                2b0d2f77d8abade07a3dd9a8152ad111

                SHA1

                e7c0ad498f361e3c2d5a0ffa225ee112ed3c5bdb

                SHA256

                85ddc30b6b53ebe529688528e74bcfd74df0b93ea29ee1693d7d9aeec4d48776

                SHA512

                d48a3b9d9d3f83f1b0498103ee1f78467dc84254c762227081ba3218bd2212c1e3c29d2d94737101d55f5793f3d7dca8bdedc7d527cdb701733a6cbc74c938fc

              • C:\Users\Admin\AppData\Local\Temp\yandex_browser_updater.log

                Filesize

                5KB

                MD5

                601685d81571fff1d73605c5bc55c12a

                SHA1

                bc3de3f0ee16cf9e234beb9f3854b9e916e09119

                SHA256

                f55d095763d065704f831ef4b8c133a08c8cbaaaeffffba1f22b19fa2cfe9423

                SHA512

                ae133f31754b385c1f039f9dd01f135175fca7f84b5bd878c7ab440bf9c40767ce28b36d4bc902f013a4e62a9e4a1dd52cf2b8866215285e9cc8a3b6579ca3ac

              • C:\Users\Admin\AppData\Local\Temp\{5B964E0E-B9A3-4276-9ED9-4D5A5720747A}\YandexSearch.msi

                Filesize

                9.8MB

                MD5

                561f202d40eb1a21aa947b2b833f6928

                SHA1

                b48e2f49a416847aa9420ed4b360841e8c28f67b

                SHA256

                b2fda5fb2d8e65fc0448d308647d8afd1e4ecd7bff0103ec3700e0798a7db0a3

                SHA512

                66d172f336ef0b4790e2141711f205682a0ba6ced8d03f26e33b54f6ea1e29be10d387e843df26d1110559888b09a3cdf9198ea40f17ca9d2ac1872c1da82063

              • C:\Users\Admin\AppData\Local\Temp\{E1B355E0-236E-4E8A-B095-A16158FF3343}.exe

                Filesize

                10.6MB

                MD5

                bf2e1399a1e08ae36658b0aaa7fd5a99

                SHA1

                4d233713a23a77309a9470e13ae82c2a83cd8ae8

                SHA256

                c816c0bc31ab41c33f58bc4d3fbabd32bb4e06c7a0044d21a5e626f6bbfb9809

                SHA512

                8cbd230ebefbbd8a12780b60dff83a8543369e851ffc97fa2d5480432e69247eda671ba01a1200dd0adeae4aeb2518322e0564852a599f2c871aa440c0ee192c

              • C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.lnk

                Filesize

                1KB

                MD5

                310697893102d67491def0c5571390f6

                SHA1

                9536c2073b02acf6e7278cadc88ac12cdee12566

                SHA256

                bc66265afb76954ea63956e5a8a19f3f3bc3752166d6ccc9760816b6d26c79b5

                SHA512

                360c4d3ad206d3ed75ab140dcb8b7f06076284806b36b8d2a8c912bc85b1542a09c569aa352270ab166cc3bf4564c5804c2104e5288719da090b316382b18385

              • C:\Users\Admin\AppData\Local\Yandex\YaPin\Яндекс.website

                Filesize

                515B

                MD5

                d2fdab99df8a05cb2233b2b190fedbca

                SHA1

                3303cd68c1732e6cde273faa7789cff16f526aee

                SHA256

                c4a08741f47df82e576f3cedc286d0dd8698a38c0967d4a9eaf1c7ddc02817cc

                SHA512

                59eea6dd75c1987e7c2627f22be86a8521afbdde7c08b41a167241d98ec7717683ac4ca3db86a75220193f5ba9fd5ef8ce86d9a5a8cf7df43fa3f8ff090fcc0c

              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.6.0.1878\Installer\setup.exe

                Filesize

                3.8MB

                MD5

                bfa61a4e9bb19fb367c86bb59b5efedf

                SHA1

                307693074110f0705df46799c59fbadf713c28fd

                SHA256

                6b876f9bc56c351a8b15decf839f2704b61040dcc3dcc59b0361956e33670c65

                SHA512

                bba0d0276405558562a5d7ec04a727b0aa850c961729f4f41d4aa6ea33eae312fc7bf73354961d7bb90af8d913cfca51c0ce6a6872bd7069fe531a5805089be3

              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.6.0.1878\brand_config

                Filesize

                8KB

                MD5

                21a3e1e8b2352d3ee79f3cf3249eb5bd

                SHA1

                1f2d95c3fe89591a09dd8bb19b53ac879809aaa1

                SHA256

                3a9dcb32b11967a0f9e866dfb476d9f68c37ec4fe4b53f0673f376c8c763d80f

                SHA512

                01845d48f444a8d9d17a7f96e161b3bec55237c52340016496baf0a9c550ea9d6a7b89ea1359da079032877b0b9a71a6e4dc8312a4b3fd7b2f19a1a2f685b391

              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.6.0.1878\partner_config

                Filesize

                341B

                MD5

                977bc7b2384ef1b3e78df8fbc3eeb16b

                SHA1

                7ee6110ca253005d738929b7ba0cc54ed2ed0a2e

                SHA256

                82e288090168abe15419015317fd38f56c1136e7481f66656d84e0a2d861d4d6

                SHA512

                4d154832ef3ac05abb1499a5bc8235d72f64cdaa3e6870206a6363c1d85d821604ae8a96850c2c8bd540d479b8dd5f3ce032472ed96bbf7eddb168ea3d2d1cf6

              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\YandexDictionaries\ru.bdic

                Filesize

                4.5MB

                MD5

                ac3768f0462853d08df284e67c7c4ebd

                SHA1

                732581ac6f2e02246696817adc53d2e2e5d0dcb5

                SHA256

                af2bcc135f974aad505a8f55296117dbf4cbc095931e22f424698b181d273656

                SHA512

                27d558deffeeefe1198aebdf65a3fef0b0f3d6b6c4177d03ff32b0363f0a2fb1b7ff6454f45dd3254427cec9174b03181c50bc51dba212e6ab0114a6e72bcf96

              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

                Filesize

                3.7MB

                MD5

                20d11a140d4a8cf002b2e215e0530981

                SHA1

                8b51ef221cdadac07f0d35b750b059d2df542f1e

                SHA256

                2f69a50fd3bc75d3cd7debc4096430d1d7cf39f04cc81952c0313ced6708f5db

                SHA512

                81bed05ad47ff203c551c849c9b29b469c9480376a79d7cd113c0a8593efe6db634286f2cad79671f88220a542be2fbcee2bd861baf3cdb932ff4f9e980ed333

              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\install_state.json

                Filesize

                1KB

                MD5

                66d54e6cdb1ac35534cc1ccd92bf4c2a

                SHA1

                c20edb3a98de51ac1e0edd8c56a5f40ff469f903

                SHA256

                79bb38ec0ec10b3f90f4871ade55c481500a726a8a0ee21e46d5974bc4c72f28

                SHA512

                bb3ba01bfe7257c7d8039df3f294409050b31e4aa713206e6aa3a84d7451e47cd5fe80116b98856b4540269e3f9dbace05f5c44fe4f20f86c1aba2e494aa6821

              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\configs\all_zip

                Filesize

                625KB

                MD5

                33b0f0599e46c248c6e7f41553fa707c

                SHA1

                90305d5f8c31a1ffbbff50a4fdbd4ae54b610298

                SHA256

                c5591c1f105ac121858c10df3cf71b75c7bb671f187b837bac17959d94578f3d

                SHA512

                68932e299ef7c4e5868e16006f193a5d7e606e8f9d96fe0172b4413cb57e5684fd81a3319cddceb3619074299b30a8981a51d9f0d9359af6cb2a2903faf2f533

              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\wallpapers\sea_preview.jpg

                Filesize

                59KB

                MD5

                53ba159f3391558f90f88816c34eacc3

                SHA1

                0669f66168a43f35c2c6a686ce1415508318574d

                SHA256

                f60c331f1336b891a44aeff7cc3429c5c6014007028ad81cca53441c5c6b293e

                SHA512

                94c82f78df95061bcfa5a3c7b6b7bf0b9fb90e33ea3e034f4620836309fb915186da929b0c38aa3d835e60ea632fafd683623f44c41e72a879baf19de9561179

              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\wallpapers\sea_static.jpg

                Filesize

                300KB

                MD5

                5e1d673daa7286af82eb4946047fe465

                SHA1

                02370e69f2a43562f367aa543e23c2750df3f001

                SHA256

                1605169330d8052d726500a2605da63b30613ac743a7fbfb04e503a4056c4e8a

                SHA512

                03f4abc1eb45a66ff3dcbb5618307867a85f7c5d941444c2c1e83163752d4863c5fc06a92831b88c66435e689cdfccdc226472be3fdef6d9cb921871156a0828

              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad\settings.dat

                Filesize

                48B

                MD5

                af643bc376c82e32fe92c738a1037e5d

                SHA1

                ed1bfe05f318e89e034af03414761d2bb05e0472

                SHA256

                d3302853d3d797090e3bad57608258a54514363df00bd77b0c46243c4631797b

                SHA512

                52bfdffa512db4d6b8b3ed9677b89cc8857530ff759149d7c42e33f490266500aff9f968a33a104168855fd525447af942b16f47de7bc84e406e81c84da48333

              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\6adb7b9e-2c00-46f7-bff7-ed01d9925f64.tmp

                Filesize

                35KB

                MD5

                2d81607763a3c4cfc59e8fd69508ee24

                SHA1

                daf828a4ae794cada3104510d8b6a56131dd6d03

                SHA256

                2c3dbe111dec9b4c62652aefa20df0c651cfcebd02a00fc9b607b8a8a580f25f

                SHA512

                dcbe421e07da4705f5e4b82bbbeb57732857178ba38df7b2f50dbf0580ff41a4a38305a10b0adf4f01a13fbb2f31754db20b0bd2df88cdf504c838a7899de6d2

              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\992f24b5-f260-4fc4-9604-41de76f0c4f0.tmp

                Filesize

                160KB

                MD5

                e83f8ddcd8a44db1f17574eb0f501331

                SHA1

                0b30ec881ad62158f896ea47f5c70db3806aefd6

                SHA256

                3bae34ca8c4ca34ad7177a57d3934891651bea573f72a7da8cdf004f897ffee3

                SHA512

                8a246ea1417825e1de0ee26af667c849175659441dac4c9f115d58ebb68abaac9245b231d787edfa72384ebdf0f170e871fca352b441faa41bc2984bc1a56223

              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Cache\Cache_Data\data_2

                Filesize

                8KB

                MD5

                0962291d6d367570bee5454721c17e11

                SHA1

                59d10a893ef321a706a9255176761366115bedcb

                SHA256

                ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

                SHA512

                f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Cache\Cache_Data\data_3

                Filesize

                8KB

                MD5

                41876349cb12d6db992f1309f22df3f0

                SHA1

                5cf26b3420fc0302cd0a71e8d029739b8765be27

                SHA256

                e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

                SHA512

                e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Code Cache\js\index-dir\the-real-index

                Filesize

                48B

                MD5

                72040e9e6e9fdcd3a5cd8bef97ef60c1

                SHA1

                770320d890c72aa4a9a1aa68ad416317bfbe301c

                SHA256

                85b37120f2bac3b0abdef967774fc4b63b4c02b885afb9e261ca5f4e93d5807e

                SHA512

                8d33d3355495413769a90b4eff48fdd75a458f07d6f76c23a7548de90480e34232ce59c33462dd08765b3d0f8a76327ed0cc11e3963d2595427dc46bda48a693

              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\GPUCache\data_0

                Filesize

                8KB

                MD5

                cf89d16bb9107c631daabf0c0ee58efb

                SHA1

                3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

                SHA256

                d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

                SHA512

                8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\GPUCache\data_1

                Filesize

                264KB

                MD5

                f50f89a0a91564d0b8a211f8921aa7de

                SHA1

                112403a17dd69d5b9018b8cede023cb3b54eab7d

                SHA256

                b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                SHA512

                bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Local Storage\leveldb\000002.dbtmp

                Filesize

                16B

                MD5

                206702161f94c5cd39fadd03f4014d98

                SHA1

                bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                SHA256

                1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                SHA512

                0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\SCT Auditing Pending Reports

                Filesize

                2B

                MD5

                d751713988987e9331980363e24189ce

                SHA1

                97d170e1550eee4afc0af065b78cda302a97674c

                SHA256

                4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                SHA512

                b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

                Filesize

                10KB

                MD5

                8629df23cd3f9e1b7a1747d4b5244f67

                SHA1

                57485e69da4e173cbdf1221ba7208ce9c80fb21a

                SHA256

                2dc1e8de365fc58fcf981824a05362b7eabef16b984c681942bb29a232b8f2f9

                SHA512

                09cff68c125a409c30099f9061063ceb2538814c3c714614023673fadce1593b8388df2ef4c9161fc699dc1e4419b46166ce88a0b2f02fa5a48189ec2c7cabda

              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

                Filesize

                7KB

                MD5

                8afc9198cfd38502b2114e71362c5873

                SHA1

                a1e1ec63bc037b7c6de52c9f5e693b871d368cb8

                SHA256

                bf67bd772c82fc7ef08c9b7eb94a7bd0f2a7aa86d530b6f44467b36a486013c2

                SHA512

                9a2f12ee4c97d01129a602d9f8905c4e41894c6becb99d1324b12f1c7e4fef6a779068a6edc163f081546c61523a1c65aff76c8823a61290d2e48b1f25ef1104

              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Secure Preferences

                Filesize

                10KB

                MD5

                3c90a25d1954671f935f6736c18383a1

                SHA1

                2542cd36c983e104ca1a7543949149f8f5aa5841

                SHA256

                c3f21040fea1f922aa6c9cdc09f06b6d5f951407838fa2f499077747e988bc03

                SHA512

                aacc41ab651dbbfe575b7adfd7a551e262e589f808edcef2d0f52c2066722370ebeff0c12cc304d8d6c829ecf6fe9b6f5a006c10d0802fd9e5ea623462d206f2

              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Site Characteristics Database\MANIFEST-000001

                Filesize

                41B

                MD5

                5af87dfd673ba2115e2fcf5cfdb727ab

                SHA1

                d5b5bbf396dc291274584ef71f444f420b6056f1

                SHA256

                f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                SHA512

                de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Sync Data\LevelDB\CURRENT~RFf77d9db.TMP

                Filesize

                16B

                MD5

                46295cac801e5d4857d09837238a6394

                SHA1

                44e0fa1b517dbf802b18faf0785eeea6ac51594b

                SHA256

                0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                SHA512

                8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\b5647938-ba60-4e58-8202-36372a628488\index

                Filesize

                24B

                MD5

                54cb446f628b2ea4a5bce5769910512e

                SHA1

                c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

                SHA256

                fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

                SHA512

                8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Wallpapers\store\picture-13363653417309800

                Filesize

                536KB

                MD5

                3bf3da7f6d26223edf5567ee9343cd57

                SHA1

                50b8deaf89c88e23ef59edbb972c233df53498a2

                SHA256

                2e6f376222299f8142ff330e457867bad3300b21d96daec53579bf011629b896

                SHA512

                fef8e951c6cf5cec82dbeafd306de3ad46fd0d90e3f41dcea2a6046c95ab1ae39bf8a6e4a696580246c11330d712d4e6e8757ba24bbf180eec1e98a4aec1583b

              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Wallpapers\store\preview-13363653417309800

                Filesize

                5KB

                MD5

                9f6a43a5a7a5c4c7c7f9768249cbcb63

                SHA1

                36043c3244d9f76f27d2ff2d4c91c20b35e4452a

                SHA256

                add61971c87104187ae89e50cec62a196d6f8908315e85e76e16983539fba04b

                SHA512

                56d7bd72c8a380099309c36912513bcafbe1970830b000a1b89256aae20137c88e1e281f2455bb381ab120d682d6853d1ef05d8c57dd68a81a24b7a2a8d61387

              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\bcadigmkecmhhknameopgaidphameinh\Icons\16.png

                Filesize

                699B

                MD5

                238b0e7dc06028db4b6aba8078740ffb

                SHA1

                5fd2309587993b371beabb7a9d039e0dba3006ba

                SHA256

                d159e510392f6da58c4d15cc098171d45c7b02a1362cbf7be7a2d47a1a10e7fc

                SHA512

                1dda4de21be647067c04dfc47174df39d0c6c1eeee3e9005211f908351b69d6a27ed268b5ec7480285fb203a95136a3a205f7bafb7eb5223a3dcbab0dadc0e5d

              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\bcadigmkecmhhknameopgaidphameinh\Icons\48.png

                Filesize

                2KB

                MD5

                7cf35c8c1a7bd815f6beea2ef9a5a258

                SHA1

                758f98bfed64e09e0cc52192827836f9e1252fd1

                SHA256

                67c320fa485a8094fc91cd3fcd59a7c75d2474e3046a7eb274b01863257fbe01

                SHA512

                0bbebde654c9f44cf56b74fc1a9525b62c88724ec80658efede3cbb370c3a6d4f3e78df459bbd0559a51838f4a172bdfcd370bd5477038309024b77cd69f2a15

              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\c3a0c2b0-1ec7-4aaf-86b3-70a488747f10.tmp

                Filesize

                15KB

                MD5

                afd7f7a1c33ce199390263e45060412d

                SHA1

                3d955664cf0cd9ee3cf8ddbb107317871e0f19fd

                SHA256

                623765a24305d90d897e7ab862eae5bcfd9c0e7f1143d1884f57303de2ea5e00

                SHA512

                9d397f7a45310994e0204102855a5a329fb81ed26090951511da34c65015edc3b7752591d15b04e46d62172cb86b6b60fddfd994aba35b643493419719bd777b

              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\component_crx_cache\oimompecagnajdejgnnjijobebaeigek_1.2903aec9f77378fa19280af8ff89294fb9ce2caf8e0092c69e19973c0a9cc6fe

                Filesize

                13.5MB

                MD5

                5d9ad58399fbef9be94190d149c2f863

                SHA1

                45f3674f0425d58d9ffc5d9001ff6754f357543c

                SHA256

                2903aec9f77378fa19280af8ff89294fb9ce2caf8e0092c69e19973c0a9cc6fe

                SHA512

                9a9532cce2de086d5934235d21d27b8a0863ae902a81151a728364aebe044faef5e5805d64efe68d67a5a5aaf408f74954d08f10c6a011dc9ea82c629339d3b0

              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\fe7cc995-756b-4eae-8384-3f4450cd1875.tmp

                Filesize

                190KB

                MD5

                9cfdf04d0a3810e577ebfae729a6107f

                SHA1

                5f6aa5e5c8a9a1981d25d9d4aed46ca4aad1f570

                SHA256

                639477a0049adda15dd2b2b80057ea8deef8f26ca463ec6e0b65ab9c2c43f346

                SHA512

                0571bc5a35ae32c240fbb77e246232f8192536dc102a7445ad2d6db0648531bcae53e477abd606a5d0c7cb2bf912257210b7565bfba19d7eba8c7641be3c9713

              • C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\api-ms-win-core-file-l2-1-0.dll

                Filesize

                11KB

                MD5

                721b60b85094851c06d572f0bd5d88cd

                SHA1

                4d0ee4d717aeb9c35da8621a545d3e2b9f19b4e7

                SHA256

                dac867476caa42ff8df8f5dfe869ffd56a18dadee17d47889afb69ed6519afbf

                SHA512

                430a91fcecde4c8cc4ac7eb9b4c6619243ab244ee88c34c9e93ca918e54bd42b08aca8ea4475d4c0f5fa95241e4aacb3206cbae863e92d15528c8e7c9f45601b

              • C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\api-ms-win-core-processthreads-l1-1-1.dll

                Filesize

                11KB

                MD5

                7e8b61d27a9d04e28d4dae0bfa0902ed

                SHA1

                861a7b31022915f26fb49c79ac357c65782c9f4b

                SHA256

                1ef06c600c451e66e744b2ca356b7f4b7b88ba2f52ec7795858d21525848ac8c

                SHA512

                1c5b35026937b45beb76cb8d79334a306342c57a8e36cc15d633458582fc8f7d9ab70ace7a92144288c6c017f33ecfc20477a04432619b40a21c9cda8d249f6d

              • C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\api-ms-win-crt-stdio-l1-1-0.dll

                Filesize

                17KB

                MD5

                55b2eb7f17f82b2096e94bca9d2db901

                SHA1

                44d85f1b1134ee7a609165e9c142188c0f0b17e0

                SHA256

                f9d3f380023a4c45e74170fe69b32bca506ee1e1fbe670d965d5b50c616da0cb

                SHA512

                0cf0770f5965a83f546253decfa967d8f85c340b5f6ea220d3caa14245f3cdb37c53bf8d3da6c35297b22a3fa88e7621202634f6b3649d7d9c166a221d3456a5

              • C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\java.dll

                Filesize

                162KB

                MD5

                583e8b42864ec183c945164f373cb375

                SHA1

                5ec118befbb5d17593a05db2899ee52f7267da37

                SHA256

                9bc9178d3f4246433fe209a0f5ca70e77568e80c928268c78f8c8b00107ce6ed

                SHA512

                1feaac37bac19bde93171ebda2e76a65e9d5472a503b05939f6977b3a4d94d131298f3989dd048d7617ecd69cf09db7ac986fc39f0df9f56c84ea01726d0c898

              • C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\java.exe

                Filesize

                285KB

                MD5

                1562e15220d8771fcb11b9a5b234a970

                SHA1

                50ec8e4e7125bda147a1b2ccc2b2827db2dc3479

                SHA256

                366199821c1efede3f7112d21da045fd6bf38b56fb3da1ae9d6493c4ddc1861f

                SHA512

                a07873f0a5381d202a6439a3245dd51f405cdcec4a9d40ff6ffdd4670a3b218008f7288a89e2a7455782c677d4c661bda96e62f813ce7d8c1f20a6c4c7c2b31f

              • C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe

                Filesize

                285KB

                MD5

                122e34bfa3146ef9ae5a51fdc744353f

                SHA1

                f0cc2294fe150a4cceca8a3da8615edcc4eb20e4

                SHA256

                dd2169db3358ccdf4a4a185e4a22955c989eaa3b9d3e0e6025599b8fa173c968

                SHA512

                306341e00598f02a70d3edc6ef666cb64982f1e31e5c0a1304977a1700c95395c1c7f0857ae8056853370eced0bd2aeafc72da804a65f98c1422929b7c431700

              • C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\plugin2\msvcp140.dll

                Filesize

                558KB

                MD5

                bf78c15068d6671693dfcdfa5770d705

                SHA1

                4418c03c3161706a4349dfe3f97278e7a5d8962a

                SHA256

                a88b8c1c8f27bf90fe960e0e8bd56984ad48167071af92d96ec1051f89f827fb

                SHA512

                5b6b0ab4e82cc979eaa619d387c6995198fd19aa0c455bef44bd37a765685575d57448b3b4accd70d3bd20a6cd408b1f518eda0f6dae5aa106f225bee8291372

              • C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\server\jvm.dll

                Filesize

                8.5MB

                MD5

                36e3e370db5f0b66689811b41f1a8445

                SHA1

                7fcbe290c3a6a0827b77af78115a1b4bc834d685

                SHA256

                9f28a06990d2ed1d14130072109e37e733b3a7d4922e325e679dd4d917741550

                SHA512

                f93bc4ca946e383ee1edfef3c7b5574585d23d660a4cc3db5b6b203f6111a3fe1f245d583ca53852888ac67812fb6efd0d121d0643180875baeb0d7b811d4db9

              • C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\ucrtbase.DLL

                Filesize

                1011KB

                MD5

                849959a003fa63c5a42ae87929fcd18b

                SHA1

                d1b80b3265e31a2b5d8d7da6183146bbd5fb791b

                SHA256

                6238cbfe9f57c142b75e153c399c478d492252fda8cb40ee539c2dcb0f2eb232

                SHA512

                64958dabdb94d21b59254c2f074db5d51e914ddbc8437452115dff369b0c134e50462c3fdbbc14b6fa809a6ee19ab2fb83d654061601cc175cddcb7d74778e09

              • C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\vcruntime140.dll

                Filesize

                95KB

                MD5

                7415c1cc63a0c46983e2a32581daefee

                SHA1

                5f8534d79c84ac45ad09b5a702c8c5c288eae240

                SHA256

                475ab98b7722e965bd38c8fa6ed23502309582ccf294ff1061cb290c7988f0d1

                SHA512

                3d4b24061f72c0e957c7b04a0c4098c94c8f1afb4a7e159850b9939c7210d73398be6f27b5ab85073b4e8c999816e7804fef0f6115c39cd061f4aaeb4dcda8cf

              • C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\vcruntime140_1.dll

                Filesize

                36KB

                MD5

                fcda37abd3d9e9d8170cd1cd15bf9d3f

                SHA1

                b23ff3e9aa2287b9c1249a008c0ae06dc8b6fdf2

                SHA256

                0579d460ea1f7e8a815fa55a8821a5ff489c8097f051765e9beaf25d8d0f27d6

                SHA512

                de8be61499aaa1504dde8c19666844550c2ea7ef774ecbe26900834b252887da31d4cf4fb51338b16b6a4416de733e519ebf8c375eb03eb425232a6349da2257

              • C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\lib\amd64\jvm.cfg

                Filesize

                634B

                MD5

                499f2a4e0a25a41c1ff80df2d073e4fd

                SHA1

                e2469cbe07e92d817637be4e889ebb74c3c46253

                SHA256

                80847ed146dbc5a9f604b07ec887737fc266699abba266177b553149487ce9eb

                SHA512

                7828f7b06d0f4309b9edd3aa71ae0bb7ee92d2f8df5642c13437bba2a3888e457dc9b24c16aa9e0f19231530cb44b8ccd955cbbdf5956ce8622cc208796b357d

              • C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\lib\deploy\messages_zh_TW.properties

                Filesize

                3KB

                MD5

                880baacb176553deab39edbe4b74380d

                SHA1

                37a57aad121c14c25e149206179728fa62203bf0

                SHA256

                ff4a3a92bc92cb08d2c32c435810440fd264edd63e56efa39430e0240c835620

                SHA512

                3039315bb283198af9090bd3d31cfae68ee73bc2b118bbae0b32812d4e3fd0f11ce962068d4a17b065dab9a66ef651b9cb8404c0a2defce74bb6b2d1d93646d5

              • C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\lib\images\cursors\win32_CopyNoDrop32x32.gif

                Filesize

                153B

                MD5

                1e9d8f133a442da6b0c74d49bc84a341

                SHA1

                259edc45b4569427e8319895a444f4295d54348f

                SHA256

                1a1d3079d49583837662b84e11d8c0870698511d9110e710eb8e7eb20df7ae3b

                SHA512

                63d6f70c8cab9735f0f857f5bf99e319f6ae98238dc7829dd706b7d6855c70be206e32e3e55df884402483cf8bebad00d139283af5c0b85dc1c5bf8f253acd37

              • C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\lib\security\policy\unlimited\US_export_policy.jar

                Filesize

                7KB

                MD5

                12f971b6e65cbc7184701235469f0339

                SHA1

                06cb165157c5e0078b872c48707a1328b1dcba19

                SHA256

                84e035372ca8979bb4a387428a74942ffc7248a0e61988b7033b5b266cd187c8

                SHA512

                58646fc81de2e4750a3259d79a207a8cff2dc6692f178a63d92a453fc408c8d1088007ef4e93157d1017be706565716a0236039dbac848c40745a0ad89c4d0de

              • C:\Users\Admin\AppData\Roaming\.minecraft\klauncher.json

                Filesize

                862B

                MD5

                b734dcb1de24f851dbd9bbc3580195ea

                SHA1

                bf47665415a9e2020f761e46a294927316a49679

                SHA256

                1301d3d76958673b6f6fa865f5dcb47e3b851ac045bd32d06c2a073997a44f1a

                SHA512

                44915d73d61ae7c33b523e7162745820670d03d0d1e40e822ffd6f5af220141b7801e66d2cb12198c4084a8401786206280e68f48e14c294ed6250f0842836af

              • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex.lnk

                Filesize

                2KB

                MD5

                37dc53df4884f46dc833cfc102429183

                SHA1

                622591ec2cf6bcb5456cea161232e74aead3a446

                SHA256

                acbad8805f49dbf9ea479acbaa46b8f676909c8e6cb512467cf7263e7ec1b426

                SHA512

                80c85c89ad508f1d902052ed4970c2ce72eb98bed7e1a52954deb40b6b919e27c220f0d85820927315d0a7c69c59ff229914dba693f892648a80c0cd731893b7

              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9bot8sq2.Admin\places.sqlite-20240623215559.061800.backup

                Filesize

                68KB

                MD5

                314cb7ffb31e3cc676847e03108378ba

                SHA1

                3667d2ade77624e79d9efa08a2f1d33104ac6343

                SHA256

                b6d278384a3684409a2a86f03e4f52869818ce7dd8b5779876960353f7d35dc1

                SHA512

                dc795fa35ea214843a781ee2b2ef551b91b6841a799bef2c6fb1907d90f6c114071a951ebb7b2b30e81d52b594d447a26ab12ddb57c331e854577d11e5febef5

              • C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Bookmarks-20240623215600.459800.backup

                Filesize

                1KB

                MD5

                3adec702d4472e3252ca8b58af62247c

                SHA1

                35d1d2f90b80dca80ad398f411c93fe8aef07435

                SHA256

                2b167248e8136c4d45c2c46e2bff6fb5e5137dd4dfdccde998599be2df2e9335

                SHA512

                7562e093d16ee6305c1bb143a3f5d60dafe8b5de74952709abc68a0c353b65416bf78b1fa1a6720331615898848c1464a7758c5dfe78f8098f77fbfa924784c0

              • C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Preferences

                Filesize

                318B

                MD5

                e9f8dc645f24212e3a6a0e17a9b3f8a0

                SHA1

                28cefae18c56e194da88353557f3a453281d54a8

                SHA256

                fd257ef82dd4ab28c302c42b6623aae32fd18c0da806821251cdf9f6c172d9fd

                SHA512

                a7da60b3202b73a703c55dff4d12438447c93c897dcbbae2b1b6062177c92442e69e135cd647ce26f20af28340bcedbec44f21b09434280b51001e055d827724

              • C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Preferences-20240623215600.459800.backup

                Filesize

                313B

                MD5

                af006f1bcc57b11c3478be8babc036a8

                SHA1

                c3bb4fa8c905565ca6a1f218e39fe7494910891e

                SHA256

                ed6a32e11cc99728771989b01f5ae813de80c46a59d3dc68c23a4671a343cb8c

                SHA512

                3d20689b0f39b414349c505be607e6bfc1f33ac401cf62a32f36f7114e4a486552f3e74661e90db29402bb85866944e9f8f31baba9605aa0c6def621511a26af

              • C:\Windows\Temp\sdwra_5632_436080900\service_update.exe

                Filesize

                2.2MB

                MD5

                7d5dcc6514ef69ab179e6744f853a78a

                SHA1

                0a7d0ea8fe4234ffd7cca24eb7fb93ad8f045474

                SHA256

                e80f1cb535a94fdd48bcc06e9b839c2ef831b1ea5f559ecd44bd67efc2a35985

                SHA512

                0e5eed3976624f207fc85217e60270bf28381a70291b46f7ce2a21c26430aa9e4010f66798b334e4a19cf2aacf5558089612e43edc2a27ba55bcf1e9fbab55a3

              • \Users\Admin\AppData\Roaming\.minecraft\KLauncher.exe

                Filesize

                18.4MB

                MD5

                82345958a39e7b1ad0b14ff2adeecaf9

                SHA1

                56e29f91f3ca1d5a3712e339ea5ac70f2904fbf7

                SHA256

                5fdc5fd46f4fbd5f1377c9cde1370b34bef76aec16f7ac3bcb89a1ee59329f99

                SHA512

                1182da48e1be07c2b21036336446e4af55dfc4f4fd1602701cf2a2c56ead437d9be5d994948f7b863215cffe1b627ff4331e4635db12f9eaf9d6ea7b6bf98ea2

              • \Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\api-ms-win-core-file-l1-2-0.dll

                Filesize

                11KB

                MD5

                5a72a803df2b425d5aaff21f0f064011

                SHA1

                4b31963d981c07a7ab2a0d1a706067c539c55ec5

                SHA256

                629e52ba4e2dca91b10ef7729a1722888e01284eed7dda6030d0a1ec46c94086

                SHA512

                bf44997c405c2ba80100eb0f2ff7304938fc69e4d7ae3eac52b3c236c3188e80c9f18bda226b5f4fde0112320e74c198ad985f9ffd7cea99aca22980c39c7f69

              • \Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\api-ms-win-core-localization-l1-2-0.dll

                Filesize

                14KB

                MD5

                1ed0b196ab58edb58fcf84e1739c63ce

                SHA1

                ac7d6c77629bdee1df7e380cc9559e09d51d75b7

                SHA256

                8664222823e122fca724620fd8b72187fc5336c737d891d3cef85f4f533b8de2

                SHA512

                e1fa7f14f39c97aaa3104f3e13098626b5f7cfd665ba52dcb2312a329639aaf5083a9177e4686d11c4213e28acc40e2c027988074b6cc13c5016d5c5e9ef897b

              • \Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\api-ms-win-core-timezone-l1-1-0.dll

                Filesize

                11KB

                MD5

                91a2ae3c4eb79cf748e15a58108409ad

                SHA1

                d402b9df99723ea26a141bfc640d78eaf0b0111b

                SHA256

                b0eda99eabd32fefecc478fd9fe7439a3f646a864fdab4ec3c1f18574b5f8b34

                SHA512

                8527af610c1e2101b6f336a142b1a85ac9c19bb3af4ad4a245cfb6fd602dc185da0f7803358067099475102f3a8f10a834dc75b56d3e6ded2ed833c00ad217ed

              • \Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\api-ms-win-crt-convert-l1-1-0.dll

                Filesize

                15KB

                MD5

                4ec4790281017e616af632da1dc624e1

                SHA1

                342b15c5d3e34ab4ac0b9904b95d0d5b074447b7

                SHA256

                5cf5bbb861608131b5f560cbf34a3292c80886b7c75357acc779e0bf98e16639

                SHA512

                80c4e20d37eff29c7577b2d0ed67539a9c2c228edb48ab05d72648a6ed38f5ff537715c130342beb0e3ef16eb11179b9b484303354a026bda3a86d5414d24e69

              • \Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\api-ms-win-crt-heap-l1-1-0.dll

                Filesize

                12KB

                MD5

                8906279245f7385b189a6b0b67df2d7c

                SHA1

                fcf03d9043a2daafe8e28dee0b130513677227e4

                SHA256

                f5183b8d7462c01031992267fe85680ab9c5b279bedc0b25ab219f7c2184766f

                SHA512

                67cac89ae58cc715976107f3bdf279b1e78945afd07e6f657e076d78e92ee1a98e3e7b8feae295af5ce35e00c804f3f53a890895badb1eed32377d85c21672b9

              • \Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\api-ms-win-crt-runtime-l1-1-0.dll

                Filesize

                15KB

                MD5

                f1a23c251fcbb7041496352ec9bcffbe

                SHA1

                be4a00642ec82465bc7b3d0cc07d4e8df72094e8

                SHA256

                d899c2f061952b3b97ab9cdbca2450290b0f005909ddd243ed0f4c511d32c198

                SHA512

                31f8c5cd3b6e153073e2e2edf0ca8072d0f787784f1611a57219349c1d57d6798a3adbd6942b0f16cef781634dd8691a5ec0b506df21b24cb70aee5523a03fd9

              • \Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\api-ms-win-crt-string-l1-1-0.dll

                Filesize

                17KB

                MD5

                9b79965f06fd756a5efde11e8d373108

                SHA1

                3b9de8bf6b912f19f7742ad34a875cbe2b5ffa50

                SHA256

                1a916c0db285deb02c0b9df4d08dad5ea95700a6a812ea067bd637a91101a9f6

                SHA512

                7d4155c00d65c3554e90575178a80d20dc7c80d543c4b5c4c3f508f0811482515638fe513e291b82f958b4d7a63c9876be4e368557b07ff062961197ed4286fb

              • \Windows\Installer\MSIE202.tmp

                Filesize

                181KB

                MD5

                0c80a997d37d930e7317d6dac8bb7ae1

                SHA1

                018f13dfa43e103801a69a20b1fab0d609ace8a5

                SHA256

                a5dd2f97c6787c335b7807ff9b6966877e9dd811f9e26326837a7d2bd224de86

                SHA512

                fe1caef6d727344c60df52380a6e4ab90ae1a8eb5f96d6054eced1b7734357ce080d944fa518cf1366e14c4c0bd9a41db679738a860800430034a75bb90e51a5

              • memory/348-2066-0x0000000000140000-0x0000000000141000-memory.dmp

                Filesize

                4KB

              • memory/796-10263-0x0000000001F30000-0x0000000001F31000-memory.dmp

                Filesize

                4KB

              • memory/796-10418-0x0000000001F30000-0x0000000001F31000-memory.dmp

                Filesize

                4KB

              • memory/796-2213-0x0000000002080000-0x000000000208A000-memory.dmp

                Filesize

                40KB

              • memory/796-2214-0x0000000002080000-0x000000000208A000-memory.dmp

                Filesize

                40KB

              • memory/796-2212-0x0000000002080000-0x000000000208A000-memory.dmp

                Filesize

                40KB

              • memory/796-2215-0x0000000002080000-0x000000000208A000-memory.dmp

                Filesize

                40KB

              • memory/796-2219-0x0000000001F30000-0x0000000001F31000-memory.dmp

                Filesize

                4KB

              • memory/796-2209-0x0000000001F30000-0x0000000001F31000-memory.dmp

                Filesize

                4KB

              • memory/796-6416-0x0000000001F30000-0x0000000001F31000-memory.dmp

                Filesize

                4KB

              • memory/796-10206-0x0000000001F30000-0x0000000001F31000-memory.dmp

                Filesize

                4KB

              • memory/796-10181-0x0000000001F30000-0x0000000001F31000-memory.dmp

                Filesize

                4KB

              • memory/796-10284-0x0000000001F30000-0x0000000001F31000-memory.dmp

                Filesize

                4KB

              • memory/796-10278-0x0000000001F30000-0x0000000001F31000-memory.dmp

                Filesize

                4KB

              • memory/796-10421-0x0000000001F30000-0x0000000001F31000-memory.dmp

                Filesize

                4KB

              • memory/796-10255-0x0000000001F30000-0x0000000001F31000-memory.dmp

                Filesize

                4KB

              • memory/796-10824-0x0000000002080000-0x000000000208A000-memory.dmp

                Filesize

                40KB

              • memory/796-10253-0x0000000001F30000-0x0000000001F31000-memory.dmp

                Filesize

                4KB

              • memory/796-10315-0x0000000001F30000-0x0000000001F31000-memory.dmp

                Filesize

                4KB

              • memory/796-10825-0x0000000002080000-0x000000000208A000-memory.dmp

                Filesize

                40KB

              • memory/796-10826-0x0000000002080000-0x000000000208A000-memory.dmp

                Filesize

                40KB

              • memory/796-10827-0x0000000002080000-0x000000000208A000-memory.dmp

                Filesize

                40KB

              • memory/868-2081-0x0000000000400000-0x000000000042F000-memory.dmp

                Filesize

                188KB

              • memory/1488-518-0x000007FEF5460000-0x000007FEF5E4C000-memory.dmp

                Filesize

                9.9MB

              • memory/1488-506-0x000007FEF5460000-0x000007FEF5E4C000-memory.dmp

                Filesize

                9.9MB

              • memory/1488-284-0x0000000000EE0000-0x00000000012B0000-memory.dmp

                Filesize

                3.8MB

              • memory/1488-244-0x000007FEF5463000-0x000007FEF5464000-memory.dmp

                Filesize

                4KB

              • memory/1568-2033-0x0000000000A00000-0x0000000001245000-memory.dmp

                Filesize

                8.3MB

              • memory/1568-795-0x0000000000A00000-0x0000000001245000-memory.dmp

                Filesize

                8.3MB

              • memory/1568-556-0x0000000000A00000-0x0000000001245000-memory.dmp

                Filesize

                8.3MB

              • memory/1568-527-0x0000000000A00000-0x0000000001245000-memory.dmp

                Filesize

                8.3MB

              • memory/2156-519-0x00000000003A0000-0x00000000003E0000-memory.dmp

                Filesize

                256KB