Analysis Overview
Threat Level: Known bad
The file https://temp.sh/WwJqO/vmware.exe was found to be: Known bad.
Malicious Activity Summary
njRAT/Bladabindi
Modifies Windows Firewall
Downloads MZ/PE file
Checks computer location settings
Reads user/profile data of web browsers
Executes dropped EXE
Modifies file permissions
Loads dropped DLL
Drops startup file
Looks up external IP address via web service
Checks installed software on the system
Enumerates connected drives
Adds Run key to start application
Blocklisted process makes network request
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
Event Triggered Execution: Netsh Helper DLL
Enumerates physical storage devices
Runs ping.exe
Enumerates system info in registry
Modifies Internet Explorer start page
Suspicious use of AdjustPrivilegeToken
Uses Volume Shadow Copy service COM API
Suspicious use of FindShellTrayWindow
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Uses Task Scheduler COM API
Modifies system certificate store
Modifies Internet Explorer Phishing Filter
Uses Volume Shadow Copy WMI provider
Modifies registry class
Modifies data under HKEY_USERS
Suspicious use of SendNotifyMessage
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-23 21:54
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-23 21:54
Reported
2024-06-23 21:57
Platform
win7-20240221-en
Max time kernel
147s
Max time network
150s
Command Line
Signatures
njRAT/Bladabindi
Downloads MZ/PE file
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9300538b8eb52046b545ea0eefc265d2.exe | C:\Users\Admin\AppData\Local\Temp\chrome_protect.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9300538b8eb52046b545ea0eefc265d2.exe | C:\Users\Admin\AppData\Local\Temp\chrome_protect.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\9300538b8eb52046b545ea0eefc265d2 = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\chrome_protect.exe\" .." | C:\Users\Admin\AppData\Local\Temp\chrome_protect.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\9300538b8eb52046b545ea0eefc265d2 = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\chrome_protect.exe\" .." | C:\Users\Admin\AppData\Local\Temp\chrome_protect.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\YandexBrowserAutoLaunch_45886AE68CD319C7351FF54A1DBD4B87 = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --shutdown-if-not-closed-by-system-restart" | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Checks installed software on the system
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ip-api.com | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Yandex\ui | C:\Program Files (x86)\Yandex\YandexBrowser\24.6.0.1878\service_update.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Yandex\YandexBrowser\24.6.0.1878\service_update.exe | C:\Windows\TEMP\sdwra_5632_436080900\service_update.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Yandex\YandexBrowser\24.6.0.1878\service_update.exe | C:\Windows\TEMP\sdwra_5632_436080900\service_update.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Yandex\YandexBrowser\24.6.0.1878\debug.log | C:\Program Files (x86)\Yandex\YandexBrowser\24.6.0.1878\service_update.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Installer\MSIE8FD.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f76bc31.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIE59D.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIE33C.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIE68B.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Tasks\System update for Yandex Browser.job | C:\Program Files (x86)\Yandex\YandexBrowser\24.6.0.1878\service_update.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIE202.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIE30C.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIE63C.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIE7E4.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Tasks\Update for Yandex Browser.job | C:\Program Files (x86)\Yandex\YandexBrowser\24.6.0.1878\service_update.exe | N/A |
| File created | C:\Windows\Tasks\Repairing Yandex Browser update service.job | C:\Program Files (x86)\Yandex\YandexBrowser\24.6.0.1878\service_update.exe | N/A |
| File opened for modification | C:\Windows\Installer\f76bc2e.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIE5ED.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIE92D.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\f76bc31.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Tasks\Обновление Браузера Яндекс.job | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| File created | C:\Windows\Installer\f76bc2e.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIE5CD.tmp | C:\Windows\system32\msiexec.exe | N/A |
Enumerates physical storage devices
Event Triggered Execution: Netsh Helper DLL
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
Modifies Internet Explorer Phishing Filter
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = 80131804b8c5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PhishingFilter | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\DisplayName = "Яндекс" | C:\Users\Admin\AppData\Local\Temp\947A51D1-902C-4954-B5DB-B39E2F620698\seederexe.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\URL = "https://yandex.ru/search/?win=651&clid=6035498-354&text={searchTerms}" | C:\Users\Admin\AppData\Local\Temp\947A51D1-902C-4954-B5DB-B39E2F620698\seederexe.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\60c5c870-31ab-11ef-a91f-eef45767fdff\DisplayName = "Bing" | C:\Users\Admin\AppData\Local\Temp\947A51D1-902C-4954-B5DB-B39E2F620698\seederexe.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\MINIE\LinksBandEnabled = "1" | C:\Users\Admin\AppData\Local\Temp\947A51D1-902C-4954-B5DB-B39E2F620698\seederexe.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30e44514b8c5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\60c5c870-31ab-11ef-a91f-eef45767fdff\SuggestionsURL | C:\Users\Admin\AppData\Local\Temp\947A51D1-902C-4954-B5DB-B39E2F620698\seederexe.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\60c5c870-31ab-11ef-a91f-eef45767fdff\NTTopResultURL | C:\Users\Admin\AppData\Local\Temp\947A51D1-902C-4954-B5DB-B39E2F620698\seederexe.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\60c5c870-31ab-11ef-a91f-eef45767fdff\TopResultURLFallback = "http://www.bing.com/search?q={searchTerms}&src=IE-TopResult&FORM=IE11TR" | C:\Users\Admin\AppData\Local\Temp\947A51D1-902C-4954-B5DB-B39E2F620698\seederexe.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\buffer | C:\Users\Admin\AppData\Local\Temp\947A51D1-902C-4954-B5DB-B39E2F620698\seederexe.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\buffer\SuggestionsURLFallback = "http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}§ionHeight={ie:sectionHeight}&FORM=IE11SS&market={language}" | C:\Users\Admin\AppData\Local\Temp\947A51D1-902C-4954-B5DB-B39E2F620698\seederexe.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\buffer\FaviconURLFallback = "http://www.bing.com/favicon.ico" | C:\Users\Admin\AppData\Local\Temp\947A51D1-902C-4954-B5DB-B39E2F620698\seederexe.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\60c5c870-31ab-11ef-a91f-eef45767fdff\URL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR" | C:\Users\Admin\AppData\Local\Temp\947A51D1-902C-4954-B5DB-B39E2F620698\seederexe.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\ShowSearchSuggestionsInAddressGlobal = "1" | C:\Users\Admin\AppData\Local\Temp\947A51D1-902C-4954-B5DB-B39E2F620698\seederexe.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Users\Admin\AppData\Local\Temp\947A51D1-902C-4954-B5DB-B39E2F620698\seederexe.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\60c5c870-31ab-11ef-a91f-eef45767fdff\FaviconURLFallback = "https://www.ya.ru/favicon.ico" | C:\Users\Admin\AppData\Local\Temp\947A51D1-902C-4954-B5DB-B39E2F620698\seederexe.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\60c5c870-31ab-11ef-a91f-eef45767fdff\NTLogoURL = "http://downloader.yandex.net/banner/ntpagelogo/{language}/{scalelevel}.png" | C:\Users\Admin\AppData\Local\Temp\947A51D1-902C-4954-B5DB-B39E2F620698\seederexe.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURL_JSON = "https://suggest.yandex.ru/suggest-ff.cgi?uil=ru&part={searchTerms}" | C:\Users\Admin\AppData\Local\Temp\947A51D1-902C-4954-B5DB-B39E2F620698\seederexe.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3F50EEE1-31AB-11EF-9891-EEF45767FDFF} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\60c5c870-31ab-11ef-a91f-eef45767fdff\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" | C:\Users\Admin\AppData\Local\Temp\947A51D1-902C-4954-B5DB-B39E2F620698\seederexe.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "425341573" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\60c5c870-31ab-11ef-a91f-eef45767fdff\URL = "https://yandex.ru/search/?win=651&clid=6035498-354&text={searchTerms}" | C:\Users\Admin\AppData\Local\Temp\947A51D1-902C-4954-B5DB-B39E2F620698\seederexe.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\60c5c870-31ab-11ef-a91f-eef45767fdff\DisplayName = "Яндекс" | C:\Users\Admin\AppData\Local\Temp\947A51D1-902C-4954-B5DB-B39E2F620698\seederexe.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\60c5c870-31ab-11ef-a91f-eef45767fdff\SuggestionsURL_JSON = "https://suggest.yandex.ru/suggest-ff.cgi?uil=ru&part={searchTerms}" | C:\Users\Admin\AppData\Local\Temp\947A51D1-902C-4954-B5DB-B39E2F620698\seederexe.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURL | C:\Users\Admin\AppData\Local\Temp\947A51D1-902C-4954-B5DB-B39E2F620698\seederexe.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000eea70a7786efe43a7a30281857b4a13000000000200000000001066000000010000200000006de755597d9916f64694af876b897cf0bff1e5adc5138a439db8830247c06d28000000000e8000000002000020000000f8fae9e9d2d855cf52723466d6dea47607efa30fb6073c6c8ebf78ff3dab17939000000045b99933857c9fb1d24947e849cf019287e757d563b0cca61058b94741171bf90ee22afa16ed1df1c69e4d77e8827ecd8f095ec7ccb32f74c466e29f4a977211cf654ccebd9e156039fac427b9a16929fad3417235af91355a9f9ac4df864e9da8e12d5a08bac402d84e2af7a146f5035f48d697a8ecc24d59a7aa06883328a883eb3ce52a7b133491bafaae8f5ed4da40000000a3b2bf5bb5b6036938d3b85bad408e3ffa21190eb5042137d21fd20ae71962547ffdb915cd9b433ace395ddb6e1f9dfab2529366a887b5674fa3e95ee5906583 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} | C:\Users\Admin\AppData\Local\Temp\947A51D1-902C-4954-B5DB-B39E2F620698\seederexe.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\Local\\MICROS~1\\INTERN~1\\Services\\YANDEX~1.ICO" | C:\Users\Admin\AppData\Local\Temp\947A51D1-902C-4954-B5DB-B39E2F620698\seederexe.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\60c5c870-31ab-11ef-a91f-eef45767fdff\SuggestionsURLFallback = "http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}§ionHeight={ie:sectionHeight}&FORM=IE11SS&market={language}" | C:\Users\Admin\AppData\Local\Temp\947A51D1-902C-4954-B5DB-B39E2F620698\seederexe.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTURL = "https://yandex.ru/search/?win=651&clid=6035502-354&text={searchTerms}" | C:\Users\Admin\AppData\Local\Temp\947A51D1-902C-4954-B5DB-B39E2F620698\seederexe.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\60c5c870-31ab-11ef-a91f-eef45767fdff | C:\Users\Admin\AppData\Local\Temp\947A51D1-902C-4954-B5DB-B39E2F620698\seederexe.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\60c5c870-31ab-11ef-a91f-eef45767fdff\NTURL = "https://yandex.ru/search/?win=651&clid=6035502-354&text={searchTerms}" | C:\Users\Admin\AppData\Local\Temp\947A51D1-902C-4954-B5DB-B39E2F620698\seederexe.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconURLFallback = "https://www.ya.ru/favicon.ico" | C:\Users\Admin\AppData\Local\Temp\947A51D1-902C-4954-B5DB-B39E2F620698\seederexe.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\buffer\TopResultURLFallback = "http://www.bing.com/search?q={searchTerms}&src=IE-TopResult&FORM=IE11TR" | C:\Users\Admin\AppData\Local\Temp\947A51D1-902C-4954-B5DB-B39E2F620698\seederexe.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\60c5c870-31ab-11ef-a91f-eef45767fdff\FaviconURLFallback = "http://www.bing.com/favicon.ico" | C:\Users\Admin\AppData\Local\Temp\947A51D1-902C-4954-B5DB-B39E2F620698\seederexe.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DefaultScope = "{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" | C:\Users\Admin\AppData\Local\Temp\947A51D1-902C-4954-B5DB-B39E2F620698\seederexe.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} | C:\Users\Admin\AppData\Local\Temp\947A51D1-902C-4954-B5DB-B39E2F620698\seederexe.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTLogoURL = "http://downloader.yandex.net/banner/ntpagelogo/{language}/{scalelevel}.png" | C:\Users\Admin\AppData\Local\Temp\947A51D1-902C-4954-B5DB-B39E2F620698\seederexe.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000eea70a7786efe43a7a30281857b4a130000000002000000000010660000000100002000000028fa4a42dcd4abcd6db431b037682cc2844e7c091e531450b3b95de1ae9fcd54000000000e8000000002000020000000259ee738312bb1601c2c5357c7be9a832277f41655c0ef4831d59db3f2fef79b200000004197207ac0288b8d337395781db3467b053b0548bf25142d4c722ae82496b5df400000001ed05618015792d2e076b3b9ad6844d648ef67e77dbbeb68b23836b8567801f70b11f35bcac57af6e9f2471616e05fad62e3c07c79b1eabc102f231605e5d50f | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\60c5c870-31ab-11ef-a91f-eef45767fdff | C:\Users\Admin\AppData\Local\Temp\947A51D1-902C-4954-B5DB-B39E2F620698\seederexe.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\buffer\DisplayName = "Bing" | C:\Users\Admin\AppData\Local\Temp\947A51D1-902C-4954-B5DB-B39E2F620698\seederexe.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\YaCreationDate = "2024-56-23" | C:\Users\Admin\AppData\Local\Temp\947A51D1-902C-4954-B5DB-B39E2F620698\seederexe.exe | N/A |
Modifies Internet Explorer start page
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Start Page = "https://www.ya.ru/?win=651&clid=6035495-354" | C:\Users\Admin\AppData\Local\Temp\947A51D1-902C-4954-B5DB-B39E2F620698\seederexe.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\AppDataLow\Yandex | C:\Program Files (x86)\Yandex\YandexBrowser\24.6.0.1878\service_update.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software | C:\Program Files (x86)\Yandex\YandexBrowser\24.6.0.1878\service_update.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow | C:\Program Files (x86)\Yandex\YandexBrowser\24.6.0.1878\service_update.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\Yandex | C:\Program Files (x86)\Yandex\YandexBrowser\24.6.0.1878\service_update.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\Yandex\UICreated_SYSTEM = "1" | C:\Program Files (x86)\Yandex\YandexBrowser\24.6.0.1878\service_update.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexFB2.ZPRIUFGQ5KQOETUJVA6LWFNAFA\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexWEBP.ZPRIUFGQ5KQOETUJVA6LWFNAFA\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-123" | C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\.shtml\OpenWithProgids | C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\SystemFileAssociations\.tiff\shell\image_search | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexHTML.ZPRIUFGQ5KQOETUJVA6LWFNAFA\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1" | C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexSVG.ZPRIUFGQ5KQOETUJVA6LWFNAFA\shell\open | C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\.crx\OpenWithProgids | C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\.css\OpenWithProgids\YandexCSS.ZPRIUFGQ5KQOETUJVA6LWFNAFA | C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexJPEG.ZPRIUFGQ5KQOETUJVA6LWFNAFA\shell\open\command | C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexWEBP.ZPRIUFGQ5KQOETUJVA6LWFNAFA\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1" | C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexXML.ZPRIUFGQ5KQOETUJVA6LWFNAFA\shell\open\command | C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexXML.ZPRIUFGQ5KQOETUJVA6LWFNAFA\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1" | C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\.xml\OpenWithProgids | C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexCSS.ZPRIUFGQ5KQOETUJVA6LWFNAFA\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-124" | C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexPNG.ZPRIUFGQ5KQOETUJVA6LWFNAFA\shell\open | C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\SystemFileAssociations\.tif\shell\image_search\ = "Поиск по картинке" | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexCRX.ZPRIUFGQ5KQOETUJVA6LWFNAFA\shell | C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexFB2.ZPRIUFGQ5KQOETUJVA6LWFNAFA\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1" | C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexINFE.ZPRIUFGQ5KQOETUJVA6LWFNAFA | C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\SystemFileAssociations\.png\shell | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexGIF.ZPRIUFGQ5KQOETUJVA6LWFNAFA\shell\open | C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\.infected\OpenWithProgids | C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\.htm | C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\.webp\OpenWithProgids\YandexWEBP.ZPRIUFGQ5KQOETUJVA6LWFNAFA | C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexFB2.ZPRIUFGQ5KQOETUJVA6LWFNAFA\shell | C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexWEBP.ZPRIUFGQ5KQOETUJVA6LWFNAFA\shell\open | C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexXML.ZPRIUFGQ5KQOETUJVA6LWFNAFA | C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\yabrowser | C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\SystemFileAssociations\.webp\shell\image_search\ = "Поиск по картинке" | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexTXT.ZPRIUFGQ5KQOETUJVA6LWFNAFA\ = "Yandex Browser TXT Document" | C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\SystemFileAssociations\.bmp | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexBrowser.crx\shell\open | C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexBrowser.crx\shell\open\command | C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexBrowser.crx\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1" | C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexHTML.ZPRIUFGQ5KQOETUJVA6LWFNAFA\shell\open\command | C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexPNG.ZPRIUFGQ5KQOETUJVA6LWFNAFA\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\SystemFileAssociations\.webp\shell\image_search\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --image-search=\"%1\"" | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexCSS.ZPRIUFGQ5KQOETUJVA6LWFNAFA | C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexSVG.ZPRIUFGQ5KQOETUJVA6LWFNAFA\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexTXT.ZPRIUFGQ5KQOETUJVA6LWFNAFA\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1" | C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexWEBP.ZPRIUFGQ5KQOETUJVA6LWFNAFA | C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\.css | C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexJS.ZPRIUFGQ5KQOETUJVA6LWFNAFA\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexTXT.ZPRIUFGQ5KQOETUJVA6LWFNAFA | C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\SystemFileAssociations\.webp\shell\image_search\Icon = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,0" | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexEPUB.ZPRIUFGQ5KQOETUJVA6LWFNAFA\shell\open | C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexFB2.ZPRIUFGQ5KQOETUJVA6LWFNAFA\ = "Yandex Browser FB2 Document" | C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexPNG.ZPRIUFGQ5KQOETUJVA6LWFNAFA\ = "Yandex Browser PNG Document" | C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\yabrowser\shell\open\ddeexec\ | C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexCSS.ZPRIUFGQ5KQOETUJVA6LWFNAFA\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1" | C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexEPUB.ZPRIUFGQ5KQOETUJVA6LWFNAFA\shell | C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexWEBP.ZPRIUFGQ5KQOETUJVA6LWFNAFA\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\.epub\OpenWithProgids\YandexEPUB.ZPRIUFGQ5KQOETUJVA6LWFNAFA | C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\.jpg\OpenWithProgids\YandexJPEG.ZPRIUFGQ5KQOETUJVA6LWFNAFA | C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexCRX.ZPRIUFGQ5KQOETUJVA6LWFNAFA\ = "Yandex Browser CRX Document" | C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexJPEG.ZPRIUFGQ5KQOETUJVA6LWFNAFA\shell | C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexJPEG.ZPRIUFGQ5KQOETUJVA6LWFNAFA\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1" | C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexWEBM.ZPRIUFGQ5KQOETUJVA6LWFNAFA\ = "Yandex Browser WEBM Document" | C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexWEBM.ZPRIUFGQ5KQOETUJVA6LWFNAFA\shell | C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexCSS.ZPRIUFGQ5KQOETUJVA6LWFNAFA\shell | C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexTIFF.ZPRIUFGQ5KQOETUJVA6LWFNAFA\shell\open | C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\.mhtml\OpenWithProgids | C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexFB2.ZPRIUFGQ5KQOETUJVA6LWFNAFA\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-122" | C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexINFE.ZPRIUFGQ5KQOETUJVA6LWFNAFA\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\SystemCertificates\CA\Certificates\D89E3BD43D5D909B47A18977AA9D5CE36CEE184C | C:\Users\Admin\AppData\Local\Temp\yadl.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\SystemCertificates\CA\Certificates\D89E3BD43D5D909B47A18977AA9D5CE36CEE184C\Blob = 030000000100000014000000d89e3bd43d5d909b47a18977aa9d5ce36cee184c1400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb040000000100000010000000285ec909c4ab0d2d57f5086b225799aa0f000000010000003000000013baa039635f1c5292a8c2f36aae7e1d25c025202e9092f5b0f53f5f752dfa9c71b3d1b8d9a6358fcee6ec75622fabf9190000000100000010000000ea6089055218053dd01e37e1d806eedf1800000001000000100000002aa1c05e2ae606f198c2c5e937c97aa22000000001000000850500003082058130820469a00302010202103972443af922b751d7d36c10dd313595300d06092a864886f70d01010c0500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3139303331323030303030305a170d3238313233313233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a381f23081ef301f0603551d23041830168014a0110a233e96f107ece2af29ef82a57fd030a4b4301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff30110603551d20040a300830060604551d200030430603551d1f043c303a3038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c303406082b0601050507010104283026302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d300d06092a864886f70d01010c05000382010100188751dc74213d9c8ae027b733d02eccecf0e6cb5e11de226f9b758e9e72fee4d6feaa1f9c962def034a7eaef48d6f723c433bc03febb8df5caaa9c6aef2fcd8eea37b43f686367c14e0cdf4f73ffedeb8b48af09196fefd43647efdccd201a17d7df81919c9422b13bf588bbaa4a266047688914e0c8914cea24dc932b3bae8141abc71f15bf0410b98000a220310e50cb1f9cd923719ed3bf1e43ab6f945132675afbbaaef3f7b773bd2c402913d1900d3175c39db3f7b180d45cd9385962f5ddf59164f3f51bdd545183fed4a8ee80661742316b50d50732744477f105d892a6b853114c4e8a96a4c80bc6a78cfb87f8e7672990c9dfed7910816a1a35f95 | C:\Users\Admin\AppData\Local\Temp\yadl.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 | C:\Users\Admin\AppData\Local\Temp\yadl.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e | C:\Users\Admin\AppData\Local\Temp\yadl.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f00000053000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e | C:\Users\Admin\AppData\Local\Temp\yadl.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d00f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e | C:\Users\Admin\AppData\Local\Temp\yadl.exe | N/A |
Runs ping.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://temp.sh/WwJqO/vmware.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1756 CREDAT:275457 /prefetch:2
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1014REI\vmware.exe
"C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1014REI\vmware.exe"
C:\Users\Admin\AppData\Local\Temp\WTLDR.exe
"C:\Users\Admin\AppData\Local\Temp\WTLDR.exe"
C:\Users\Admin\AppData\Local\Temp\KLSetup.exe
"C:\Users\Admin\AppData\Local\Temp\KLSetup.exe"
C:\Users\Admin\AppData\Local\Temp\chrome_protect.exe
"C:\Users\Admin\AppData\Local\Temp\chrome_protect.exe"
C:\Windows\SysWOW64\netsh.exe
netsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\chrome_protect.exe" "chrome_protect.exe" ENABLE
C:\Users\Admin\AppData\Local\Temp\yadl.exe
"C:\Users\Admin\AppData\Local\Temp\yadl.exe" --partner 418804 --distr /quiet /msicl "YABROWSER=y YAQSEARCH=y YAHOMEPAGE=y VID=354"
C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe
"C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe" /quiet /msicl "YABROWSER=y YAQSEARCH=y YAHOMEPAGE=y VID=354"
C:\Users\Admin\AppData\Local\Temp\yadl.exe
C:\Users\Admin\AppData\Local\Temp\yadl.exe --stat dwnldr/p=418804/rid=8dbd23b5-3c00-4987-97f5-e26184e3f3be/sbr=0-0/hrc=200-200/bd=267-10639168/gtpr=1-1-1-255-1/cdr=0-b7-b7-ff-b7/for=3-0/fole=255-0/fwle=255-0/vr=ff-800b0109/vle=ff-800b0109/hovr=ff-0/hovle=ff-0/shle=ff-0/vmajor=6/vminor=1/vbuild=7601/distr_type=landing/cnt=0/dt=6/ct=2/rt=0 --dh 1528 --st 1719179742
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\SysWOW64\netsh.exe
netsh firewall delete allowedprogram "C:\Users\Admin\AppData\Local\Temp\chrome_protect.exe"
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c ping 0 -n 2 & del "C:\Users\Admin\AppData\Local\Temp\chrome_protect.exe"
C:\Windows\SysWOW64\PING.EXE
ping 0 -n 2
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 24DFC157FCC18C17ADA55185C90E525E
C:\Users\Admin\AppData\Roaming\.minecraft\KLauncher.exe
"C:\Users\Admin\AppData\Roaming\.minecraft\KLauncher.exe"
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe
"C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe" -version
C:\Windows\system32\icacls.exe
C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
C:\Users\Admin\AppData\Local\Temp\7A211A2D-C79F-453E-9139-561FAC3D7E45\lite_installer.exe
"C:\Users\Admin\AppData\Local\Temp\7A211A2D-C79F-453E-9139-561FAC3D7E45\lite_installer.exe" --use-user-default-locale --silent --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/5/ --YABROWSER
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe
"C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe" -XX:+UseG1GC -Dfile.encoding=UTF-8 -jar "C:\Users\Admin\AppData\Roaming\.minecraft\KLauncher.exe"
C:\Users\Admin\AppData\Local\Temp\947A51D1-902C-4954-B5DB-B39E2F620698\seederexe.exe
"C:\Users\Admin\AppData\Local\Temp\947A51D1-902C-4954-B5DB-B39E2F620698\seederexe.exe" "--yqs=y" "--yhp=y" "--ilight=" "--oem=" "--nopin=n" "--pin_custom=n" "--pin_desktop=n" "--pin_taskbar=y" "--locale=us" "--browser=y" "--browser_default=" "--loglevel=trace" "--ess=" "--clids=C:\Users\Admin\AppData\Local\Temp\clids-yasearch.xml" "--sender=C:\Users\Admin\AppData\Local\Temp\12A0593A-69BF-4E3D-941E-7C00618D24D1\sender.exe" "--is_elevated=yes" "--ui_level=2" "--good_token=x" "--no_opera=n"
C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe
C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe --silent --pin-taskbar=y --pin-desktop=n
C:\Users\Admin\AppData\Local\Temp\12A0593A-69BF-4E3D-941E-7C00618D24D1\sender.exe
C:\Users\Admin\AppData\Local\Temp\12A0593A-69BF-4E3D-941E-7C00618D24D1\sender.exe --send "/status.xml?clid=6035492-354&uuid=cd6fd94f-AB17-40A5-842C-61F58DF30afc&vnt=Windows 7x64&file-no=6%0A10%0A11%0A12%0A13%0A15%0A17%0A18%0A21%0A22%0A24%0A25%0A40%0A42%0A43%0A45%0A57%0A61%0A89%0A103%0A111%0A123%0A124%0A125%0A129%0A"
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\java.exe
java.exe -version
C:\Users\Admin\AppData\Local\Temp\{E1B355E0-236E-4E8A-B095-A16158FF3343}.exe
"C:\Users\Admin\AppData\Local\Temp\{E1B355E0-236E-4E8A-B095-A16158FF3343}.exe" --job-name=yBrowserDownloader-{DB166274-067A-4BF5-95D7-B63D74DD1984} --send-statistics --local-path=C:\Users\Admin\AppData\Local\Temp\{E1B355E0-236E-4E8A-B095-A16158FF3343}.exe --YABROWSER --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/5/ --silent --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe?clid=6035461-354&ui=cd6fd94f-AB17-40A5-842C-61F58DF30afc --use-user-default-locale
C:\Users\Admin\AppData\Local\Temp\yb2B26.tmp
"C:\Users\Admin\AppData\Local\Temp\yb2B26.tmp" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\34b0acab-c04c-4dbc-be58-57d03fa2211b.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/5/ --install-start-time-no-uac=268071600 --installer-brand-id=yandex --installer-partner-id=pseudoportal-ru --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --job-name=yBrowserDownloader-{DB166274-067A-4BF5-95D7-B63D74DD1984} --local-path="C:\Users\Admin\AppData\Local\Temp\{E1B355E0-236E-4E8A-B095-A16158FF3343}.exe" --partner-package="C:\Users\Admin\AppData\Local\Temp\PartnerFile" --progress-window=0 --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe?clid=6035461-354&ui=cd6fd94f-AB17-40A5-842C-61F58DF30afc --send-statistics --silent --source=lite --use-user-default-locale --variations-update-path="C:\Users\Admin\AppData\Local\Temp\ad433c5e-3a65-4bd2-9f77-fbffa02e1fad.tmp" --verbose-logging --yabrowser --yandex-website-icon-file="C:\Users\Admin\AppData\Local\Temp\website.ico"
C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\BROWSER.PACKED.7Z" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\34b0acab-c04c-4dbc-be58-57d03fa2211b.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/5/ --install-start-time-no-uac=268071600 --installer-brand-id=yandex --installer-partner-id=pseudoportal-ru --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --job-name=yBrowserDownloader-{DB166274-067A-4BF5-95D7-B63D74DD1984} --local-path="C:\Users\Admin\AppData\Local\Temp\{E1B355E0-236E-4E8A-B095-A16158FF3343}.exe" --partner-package="C:\Users\Admin\AppData\Local\Temp\PartnerFile" --progress-window=0 --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe?clid=6035461-354&ui=cd6fd94f-AB17-40A5-842C-61F58DF30afc --send-statistics --silent --source=lite --use-user-default-locale --variations-update-path="C:\Users\Admin\AppData\Local\Temp\ad433c5e-3a65-4bd2-9f77-fbffa02e1fad.tmp" --verbose-logging --yabrowser --yandex-website-icon-file="C:\Users\Admin\AppData\Local\Temp\website.ico"
C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\BROWSER.PACKED.7Z" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\34b0acab-c04c-4dbc-be58-57d03fa2211b.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/5/ --install-start-time-no-uac=268071600 --installer-brand-id=yandex --installer-partner-id=pseudoportal-ru --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --job-name=yBrowserDownloader-{DB166274-067A-4BF5-95D7-B63D74DD1984} --local-path="C:\Users\Admin\AppData\Local\Temp\{E1B355E0-236E-4E8A-B095-A16158FF3343}.exe" --partner-package="C:\Users\Admin\AppData\Local\Temp\PartnerFile" --progress-window=0 --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe?clid=6035461-354&ui=cd6fd94f-AB17-40A5-842C-61F58DF30afc --send-statistics --silent --source=lite --use-user-default-locale --variations-update-path="C:\Users\Admin\AppData\Local\Temp\ad433c5e-3a65-4bd2-9f77-fbffa02e1fad.tmp" --verbose-logging --yabrowser --yandex-website-icon-file="C:\Users\Admin\AppData\Local\Temp\website.ico" --verbose-logging --run-as-admin --target-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application" --child-setup-process --restart-as-admin-time=299628600
C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe
C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=a3028db1baffc0578427f8e443889a44 --annotation=main_process_pid=5632 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.6.0.1878 --initial-client-data=0x1b0,0x1b4,0x1b8,0x184,0x1bc,0x6c1cbc,0x6c1cc8,0x6c1cd4
C:\Windows\TEMP\sdwra_5632_436080900\service_update.exe
"C:\Windows\TEMP\sdwra_5632_436080900\service_update.exe" --setup
C:\Program Files (x86)\Yandex\YandexBrowser\24.6.0.1878\service_update.exe
"C:\Program Files (x86)\Yandex\YandexBrowser\24.6.0.1878\service_update.exe" --install
C:\Program Files (x86)\Yandex\YandexBrowser\24.6.0.1878\service_update.exe
"C:\Program Files (x86)\Yandex\YandexBrowser\24.6.0.1878\service_update.exe" --run-as-service
C:\Program Files (x86)\Yandex\YandexBrowser\24.6.0.1878\service_update.exe
"C:\Program Files (x86)\Yandex\YandexBrowser\24.6.0.1878\service_update.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=a3028db1baffc0578427f8e443889a44 --annotation=main_process_pid=9544 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.6.0.1878 --initial-client-data=0x13c,0x140,0x144,0x110,0x148,0x2ab728,0x2ab734,0x2ab740
C:\Program Files (x86)\Yandex\YandexBrowser\24.6.0.1878\service_update.exe
"C:\Program Files (x86)\Yandex\YandexBrowser\24.6.0.1878\service_update.exe" --update-scheduler
C:\Program Files (x86)\Yandex\YandexBrowser\24.6.0.1878\service_update.exe
"C:\Program Files (x86)\Yandex\YandexBrowser\24.6.0.1878\service_update.exe" --update-background-scheduler
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Temp\clids.xml"
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\source5632_1102270951\Browser-bin\clids_yandex_second.xml"
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --progress-window=0 --install-start-time-no-uac=268071600
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id= --annotation=main_process_pid=9252 --annotation=metrics_client_id=eebb1e7f281049b7b63c8a71002f524a --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.6.0.1878 --initial-client-data=0xf4,0xf8,0xfc,0xc8,0x100,0x70f45a28,0x70f45a34,0x70f45a40
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --gpu-process-kind=sandboxed --field-trial-handle=1816,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=1812 /prefetch:2
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=disabled --gpu-process-kind=trampoline --field-trial-handle=1708,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2028 /prefetch:2
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Network Service" --field-trial-handle=2016,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2152 --brver=24.6.0.1878 /prefetch:3
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=ru --service-sandbox-type=service --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Storage Service" --field-trial-handle=2324,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2336 --brver=24.6.0.1878 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=ru --service-sandbox-type=audio --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Audio Service" --field-trial-handle=2844,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2924 --brver=24.6.0.1878 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --extension-process --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --no-appcompat-clear --enable-ignition --allow-prefetch --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3068,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3064 /prefetch:2
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --no-appcompat-clear --enable-ignition --allow-prefetch --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3536,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3532 /prefetch:1
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=ru --service-sandbox-type=none --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Импорт профилей" --field-trial-handle=3500,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3660 --brver=24.6.0.1878 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --field-trial-handle=3252,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3508 --brver=24.6.0.1878 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --no-appcompat-clear --enable-ignition --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3660,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3692 /prefetch:1
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --field-trial-handle=3816,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4156 --brver=24.6.0.1878 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --gpu-process-kind=sandboxed --field-trial-handle=2020,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4116 /prefetch:2
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --ya-custo-process --enable-instaserp --no-appcompat-clear --enable-ignition --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=1960,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3996 /prefetch:1
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --field-trial-handle=3888,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3900 --brver=24.6.0.1878 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --ya-custo-process --enable-instaserp --no-appcompat-clear --enable-ignition --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4576,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4592 /prefetch:1
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --no-appcompat-clear --enable-ignition --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5164,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5160 /prefetch:1
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=service --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Распаковщик файлов" --field-trial-handle=5360,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5368 --brver=24.6.0.1878 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --field-trial-handle=4936,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5436 --brver=24.6.0.1878 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --field-trial-handle=5420,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5440 --brver=24.6.0.1878 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --field-trial-handle=5520,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5540 --brver=24.6.0.1878 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --field-trial-handle=5524,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5548 --brver=24.6.0.1878 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --field-trial-handle=5368,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5488 --brver=24.6.0.1878 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --field-trial-handle=5464,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5408 --brver=24.6.0.1878 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --field-trial-handle=5500,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5440 --brver=24.6.0.1878 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --field-trial-handle=5836,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5840 --brver=24.6.0.1878 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --field-trial-handle=5784,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5848 --brver=24.6.0.1878 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --field-trial-handle=5828,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=6024 --brver=24.6.0.1878 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --field-trial-handle=5820,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5936 --brver=24.6.0.1878 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --field-trial-handle=6036,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5892 --brver=24.6.0.1878 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=service --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Распаковщик файлов" --field-trial-handle=5336,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5516 --brver=24.6.0.1878 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --broupdater --broupdater-origin=auto --bits_job_guid={53FD9F1A-B5B5-4642-B009-2AC33990B934}
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" --url=https://crash-reports.browser.yandex.net/submit --annotation=install_date=1719179816 --annotation=last_update_date=1719179816 --annotation=launches_after_update=1 --annotation=machine_id=a3028db1baffc0578427f8e443889a44 --annotation=main_process_pid=1572 --annotation=metrics_client_id=eebb1e7f281049b7b63c8a71002f524a --annotation=micromode=broupdater --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.6.0.1878 --initial-client-data=0xf8,0xfc,0x100,0xcc,0x104,0x70f45a28,0x70f45a34,0x70f45a40
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --gpu-process-kind=sandboxed --field-trial-handle=1808,i,13501747830820339287,12889975122532335750,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=1804 /prefetch:2
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Network Service" --field-trial-handle=1936,i,13501747830820339287,12889975122532335750,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=1952 --brver=24.6.0.1878 /prefetch:3
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --broupdater-stat-bits --broupdater-stat-name=install --bits_job_guid={95A52657-79CE-4F32-ADBA-05B2F0438A7F}
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" --url=https://crash-reports.browser.yandex.net/submit --annotation=install_date=1719179816 --annotation=last_update_date=1719179816 --annotation=launches_after_update=2 --annotation=machine_id=a3028db1baffc0578427f8e443889a44 --annotation=main_process_pid=3832 --annotation=metrics_client_id=eebb1e7f281049b7b63c8a71002f524a --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.6.0.1878 --initial-client-data=0xf8,0xfc,0x100,0xcc,0x104,0x70f45a28,0x70f45a34,0x70f45a40
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --gpu-process-kind=sandboxed --field-trial-handle=1792,i,6075720620835992658,10196605529921995734,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=1784 /prefetch:2
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Network Service" --field-trial-handle=1920,i,6075720620835992658,10196605529921995734,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=1936 --brver=24.6.0.1878 /prefetch:3
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=ru --service-sandbox-type=none --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Утилиты Windows" --field-trial-handle=3076,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3100 --brver=24.6.0.1878 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=ru --service-sandbox-type=none --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Утилиты Windows" --field-trial-handle=3060,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3156 --brver=24.6.0.1878 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | temp.sh | udp |
| FR | 51.91.79.17:443 | temp.sh | tcp |
| FR | 51.91.79.17:443 | temp.sh | tcp |
| US | 8.8.8.8:53 | ip-api.com | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | api.klaun.ch | udp |
| US | 104.26.11.58:80 | api.klaun.ch | tcp |
| FR | 88.168.211.65:6522 | tcp | |
| US | 8.8.8.8:53 | download.yandex.ru | udp |
| RU | 5.45.205.245:80 | download.yandex.ru | tcp |
| US | 8.8.8.8:53 | cachev2-kiv01.cdn.yandex.net | udp |
| RU | 5.45.192.183:80 | cachev2-kiv01.cdn.yandex.net | tcp |
| RU | 5.45.205.245:80 | download.yandex.ru | tcp |
| US | 8.8.8.8:53 | repos.klaun.ch | udp |
| US | 172.67.69.202:80 | repos.klaun.ch | tcp |
| US | 8.8.8.8:53 | cachev2-ams01.cdn.yandex.net | udp |
| NL | 5.45.247.51:80 | cachev2-ams01.cdn.yandex.net | tcp |
| US | 8.8.8.8:53 | downloader.yandex.net | udp |
| RU | 5.45.205.244:80 | downloader.yandex.net | tcp |
| US | 8.8.8.8:53 | cachev2-ams02.cdn.yandex.net | udp |
| NL | 5.45.247.52:80 | cachev2-ams02.cdn.yandex.net | tcp |
| FR | 88.168.211.65:6522 | tcp | |
| US | 8.8.8.8:53 | dl.klaun.ch | udp |
| US | 104.26.10.58:80 | dl.klaun.ch | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | clck.yandex.ru | udp |
| RU | 213.180.193.14:80 | clck.yandex.ru | tcp |
| RU | 5.45.205.244:80 | downloader.yandex.net | tcp |
| US | 8.8.8.8:53 | cachev2-kiv02.cdn.yandex.net | udp |
| US | 8.8.8.8:53 | api.klaun.ch | udp |
| US | 104.26.10.58:80 | api.klaun.ch | tcp |
| RU | 213.180.193.14:80 | clck.yandex.ru | tcp |
| RU | 77.88.21.14:80 | clck.yandex.ru | tcp |
| US | 104.26.10.58:80 | api.klaun.ch | tcp |
| US | 104.26.10.58:80 | api.klaun.ch | tcp |
| RU | 87.250.254.20:80 | soft.export.yandex.ru | tcp |
| US | 104.26.10.58:80 | api.klaun.ch | tcp |
| US | 8.8.8.8:53 | repos.klaun.ch | udp |
| US | 104.26.10.58:443 | repos.klaun.ch | tcp |
| US | 104.26.10.58:443 | repos.klaun.ch | tcp |
| US | 104.26.10.58:443 | repos.klaun.ch | tcp |
| US | 104.26.10.58:443 | repos.klaun.ch | tcp |
| US | 104.26.10.58:443 | repos.klaun.ch | tcp |
| US | 104.26.10.58:443 | repos.klaun.ch | tcp |
| US | 104.26.10.58:443 | repos.klaun.ch | tcp |
| US | 104.26.10.58:443 | repos.klaun.ch | tcp |
| US | 104.26.10.58:443 | repos.klaun.ch | tcp |
| US | 104.26.10.58:443 | repos.klaun.ch | tcp |
| US | 104.26.10.58:443 | repos.klaun.ch | tcp |
| US | 104.26.10.58:443 | repos.klaun.ch | tcp |
| US | 104.26.10.58:443 | repos.klaun.ch | tcp |
| US | 104.26.10.58:443 | repos.klaun.ch | tcp |
| US | 104.26.10.58:443 | repos.klaun.ch | tcp |
| US | 104.26.10.58:443 | repos.klaun.ch | tcp |
| US | 104.26.10.58:443 | repos.klaun.ch | tcp |
| US | 104.26.10.58:443 | repos.klaun.ch | tcp |
| US | 104.26.10.58:443 | repos.klaun.ch | tcp |
| US | 104.26.10.58:80 | repos.klaun.ch | tcp |
| RU | 5.45.192.184:80 | cachev2-kiv02.cdn.yandex.net | tcp |
| US | 104.26.10.58:80 | repos.klaun.ch | tcp |
| US | 104.26.10.58:80 | repos.klaun.ch | tcp |
| US | 8.8.8.8:53 | cf.klaun.ch | udp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.10.58:80 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| RU | 213.180.193.14:80 | clck.yandex.ru | tcp |
| US | 8.8.8.8:53 | api.browser.yandex.ru | udp |
| US | 8.8.8.8:53 | api.browser.yandex.net | udp |
| US | 8.8.8.8:53 | download.cdn.yandex.net | udp |
| RU | 213.180.193.234:443 | api.browser.yandex.net | tcp |
| RU | 5.45.205.243:443 | download.cdn.yandex.net | tcp |
| US | 8.8.8.8:53 | fabric.klaun.ch | udp |
| US | 104.26.10.58:443 | fabric.klaun.ch | tcp |
| NL | 5.45.247.52:443 | cachev2-ams02.cdn.yandex.net | tcp |
| US | 104.26.10.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.10.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.10.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.10.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.10.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.10.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.10.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.10.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.10.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.10.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.10.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.10.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.10.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.10.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.10.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.10.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.10.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.10.58:443 | fabric.klaun.ch | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.net | tcp |
| US | 104.26.10.58:443 | fabric.klaun.ch | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.net | tcp |
| US | 104.26.10.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.10.58:443 | fabric.klaun.ch | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.net | tcp |
| US | 104.26.10.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.10.58:443 | fabric.klaun.ch | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.net | tcp |
| US | 104.26.10.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.10.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.10.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.10.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.10.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.10.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.10.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.10.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.10.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.10.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.10.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.10.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.10.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.10.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.10.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.10.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.10.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.10.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.10.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.10.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.10.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.10.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.10.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.10.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.10.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.10.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.10.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.10.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.10.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.10.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.10.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.10.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.10.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.10.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.10.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.10.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.10.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.10.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.10.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.10.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.10.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.10.58:80 | fabric.klaun.ch | tcp |
| US | 104.26.10.58:443 | fabric.klaun.ch | tcp |
| US | 8.8.8.8:53 | quilt.klaun.ch | udp |
| US | 104.26.10.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.10.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.10.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.10.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.10.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.10.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.10.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.10.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.10.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.10.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.10.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.10.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.10.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.10.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.10.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.10.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.10.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.10.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.10.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.10.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.10.58:443 | quilt.klaun.ch | tcp |
| RU | 5.45.205.243:443 | download.cdn.yandex.net | tcp |
| US | 104.26.10.58:443 | quilt.klaun.ch | tcp |
| NL | 5.45.247.51:443 | cachev2-ams01.cdn.yandex.net | tcp |
| US | 104.26.10.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.10.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.10.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.10.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.10.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.10.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.10.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.10.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.10.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.10.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.10.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.10.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.10.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.10.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.10.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.10.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.10.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.10.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.10.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.10.58:443 | quilt.klaun.ch | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.net | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.net | tcp |
| US | 104.26.10.58:443 | quilt.klaun.ch | tcp |
| US | 8.8.8.8:53 | crl.comodoca.com | udp |
| US | 104.18.38.233:80 | crl.comodoca.com | tcp |
| US | 104.26.10.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.10.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.10.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.10.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.10.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.10.58:443 | quilt.klaun.ch | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.net | tcp |
| US | 104.26.10.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.10.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.10.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.10.58:443 | quilt.klaun.ch | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.net | tcp |
| US | 104.26.10.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.10.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.10.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.10.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.10.58:80 | quilt.klaun.ch | tcp |
| US | 104.26.10.58:80 | quilt.klaun.ch | tcp |
| US | 104.26.10.58:80 | quilt.klaun.ch | tcp |
| US | 8.8.8.8:53 | api.mojang.com | udp |
| US | 13.107.246.64:443 | api.mojang.com | tcp |
| US | 13.107.246.64:443 | api.mojang.com | tcp |
| US | 13.107.246.64:443 | api.mojang.com | tcp |
| US | 13.107.246.64:443 | api.mojang.com | tcp |
| US | 8.8.8.8:53 | sessionserver.mojang.com | udp |
| US | 13.107.246.64:443 | sessionserver.mojang.com | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.net | tcp |
| US | 8.8.8.8:53 | storage.ape.yandex.net | udp |
| RU | 213.180.193.234:443 | api.browser.yandex.net | tcp |
| RU | 87.250.251.66:443 | storage.ape.yandex.net | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.net | tcp |
| US | 8.8.8.8:53 | sba.yandex.net | udp |
| US | 8.8.8.8:53 | sba.yandex.net | udp |
| US | 8.8.8.8:53 | update.googleapis.com | udp |
| US | 8.8.8.8:53 | update.googleapis.com | udp |
| US | 8.8.8.8:53 | api.browser.yandex.ru | udp |
| US | 8.8.8.8:53 | api.browser.yandex.ru | udp |
| RU | 93.158.134.232:443 | sba.yandex.net | tcp |
| GB | 216.58.204.67:443 | update.googleapis.com | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| US | 8.8.8.8:53 | sovetnik.market.yandex.ru | udp |
| US | 8.8.8.8:53 | sovetnik.market.yandex.ru | udp |
| US | 8.8.8.8:53 | browser.yandex.ru | udp |
| US | 8.8.8.8:53 | browser.yandex.ru | udp |
| RU | 87.250.250.41:443 | sovetnik.market.yandex.ru | tcp |
| RU | 93.158.134.121:443 | browser.yandex.ru | tcp |
| US | 8.8.8.8:53 | api.browser.yandex.net | udp |
| US | 8.8.8.8:53 | api.browser.yandex.net | udp |
| RU | 213.180.193.234:443 | api.browser.yandex.net | tcp |
| US | 8.8.8.8:53 | storage.ape.yandex.net | udp |
| US | 8.8.8.8:53 | storage.ape.yandex.net | udp |
| RU | 93.158.134.232:443 | sba.yandex.net | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.net | tcp |
| RU | 93.158.134.121:443 | browser.yandex.ru | tcp |
| US | 8.8.8.8:53 | browser-resources.s3.yandex.net | udp |
| US | 8.8.8.8:53 | browser-resources.s3.yandex.net | udp |
| RU | 87.250.251.66:443 | storage.ape.yandex.net | tcp |
| RU | 93.158.134.158:443 | browser-resources.s3.yandex.net | tcp |
| US | 8.8.8.8:53 | cdnrepfu6rku5qba3zpu.svc.cdn.yandex.net | udp |
| US | 8.8.8.8:53 | cdnrepfu6rku5qba3zpu.svc.cdn.yandex.net | udp |
| RU | 37.9.64.225:443 | cdnrepfu6rku5qba3zpu.svc.cdn.yandex.net | tcp |
| RU | 93.158.134.121:443 | browser.yandex.ru | tcp |
| US | 8.8.8.8:53 | browser-resources.s3.yandex.net | udp |
| US | 8.8.8.8:53 | browser-resources.s3.yandex.net | udp |
| US | 8.8.8.8:53 | yastatic.net | udp |
| US | 8.8.8.8:53 | yastatic.net | udp |
| RU | 93.158.134.158:443 | browser-resources.s3.yandex.net | tcp |
| RU | 93.158.134.158:443 | browser-resources.s3.yandex.net | tcp |
| RU | 93.158.134.158:443 | browser-resources.s3.yandex.net | tcp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| US | 8.8.8.8:53 | webntp.yandex.ru | udp |
| US | 8.8.8.8:53 | webntp.yandex.ru | udp |
| US | 8.8.8.8:53 | yandex.ru | udp |
| US | 8.8.8.8:53 | yandex.ru | udp |
| RU | 213.180.204.196:443 | webntp.yandex.ru | tcp |
| RU | 5.255.255.77:443 | yandex.ru | tcp |
| RU | 5.255.255.77:443 | yandex.ru | tcp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| RU | 87.250.250.119:443 | mc.yandex.ru | tcp |
| US | 8.8.8.8:53 | yastatic.net | udp |
| US | 8.8.8.8:53 | yastatic.net | udp |
| RU | 178.154.131.215:443 | yastatic.net | tcp |
| US | 8.8.8.8:53 | uid.yandex.ru | udp |
| US | 8.8.8.8:53 | uid.yandex.ru | udp |
| US | 8.8.8.8:53 | sso.passport.yandex.ru | udp |
| US | 8.8.8.8:53 | sso.passport.yandex.ru | udp |
| US | 8.8.8.8:53 | api.browser.yandex.ru | udp |
| US | 8.8.8.8:53 | api.browser.yandex.ru | udp |
| RU | 87.250.254.216:443 | uid.yandex.ru | tcp |
| RU | 93.158.134.144:443 | sso.passport.yandex.ru | tcp |
| RU | 93.158.134.144:443 | sso.passport.yandex.ru | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| US | 8.8.8.8:53 | mc.yandex.com | udp |
| US | 8.8.8.8:53 | mc.yandex.com | udp |
| US | 8.8.8.8:53 | sso.dzen.ru | udp |
| US | 8.8.8.8:53 | sso.dzen.ru | udp |
| US | 8.8.8.8:53 | sso.ya.ru | udp |
| US | 8.8.8.8:53 | sso.ya.ru | udp |
| RU | 62.217.160.14:443 | sso.dzen.ru | tcp |
| RU | 93.158.134.144:443 | sso.ya.ru | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| RU | 5.255.255.77:443 | yandex.ru | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| N/A | 224.0.0.251:5353 | udp | |
| RU | 213.180.204.158:443 | tcp | |
| RU | 213.180.204.158:443 | tcp | |
| RU | 213.180.204.158:443 | tcp | |
| RU | 213.180.204.158:443 | tcp | |
| RU | 213.180.204.158:443 | tcp | |
| RU | 213.180.204.158:443 | tcp | |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| RU | 87.250.254.20:443 | soft.export.yandex.ru | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| RU | 213.180.204.158:443 | tcp | |
| RU | 77.88.55.242:443 | tcp | |
| RU | 5.255.255.77:443 | yandex.ru | tcp |
| RU | 77.88.21.37:443 | tcp | |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| RU | 5.255.255.77:443 | yandex.ru | tcp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| RU | 93.158.134.121:443 | browser.yandex.ru | tcp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| RU | 178.154.131.217:443 | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3NPBB818\vmware[1].exe
| MD5 | 68e634af1eafb17618018de02dd47be7 |
| SHA1 | bdc653c130d96a32edeb4f2bc48203432b448498 |
| SHA256 | 2d316619d2522838df93cbb8392c4c3a053279d92e586ccd63431cadfbe7816d |
| SHA512 | 8220a64c8f89d0c30d42e5bfcf770a26422604ea37f48fbcade5679f42bfb474966203cb5bbd2f29f51e435f7f8e04e168e112b2ed3eb419a46536aa7b947071 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1c866d99680e5d3cc1b81b0ad62cc29d |
| SHA1 | 4b6b656666f07231cf98fc415a56155e07bc9655 |
| SHA256 | e53d9a6ff48c2a0eac3c691d98190ad19121f70fac3e6f779aa768d2d2437d61 |
| SHA512 | a207a31c97e80b8103e963379a98c08cdbbc2d1e9fecac5e08e9964a9245a8946855fd928e908dc9c9488f0d94088c713fd31dd26cea6a19a9909a48fb6d6433 |
C:\Users\Admin\AppData\Local\Temp\Cab3E4B.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar3E4C.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar3F3C.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 623996f9b4b239d36951ebb24bbda141 |
| SHA1 | af935d13686860cbcbda027452a50caead31c46c |
| SHA256 | cfde8ba2715963fb5a0c488a482dca80a9a2d29eefda87886b428f74eeb7e48c |
| SHA512 | c3991fdfe5aef3a5f37c54ef8720a1b54b5fab5b36ca06c301021e98f6498a7ec1c2130560006e0da69954e1b1c869cacf5e1b95c7af2bc49ebc9b76fe6c0131 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d3624f2d6c19b66b3dc65c654b02f1fe |
| SHA1 | 58b5d3d245f21b64651ba6bba51025e036d2f3f3 |
| SHA256 | ec2675017aed3f84812908f1fc35d71c53371235a247a7b71c6f0660ff5f549e |
| SHA512 | ad67c7c6b61908bb05782df01e86c40b9f03550ea52ff8c365e1706ce846af58de3ae33fb10ef42d6c932346996dc0fcf3530042327d8679b83b494f61423dad |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f2a93aa1bbce9ba296079e1efaccee72 |
| SHA1 | da015b38f0740ff8e907b461ec530b9eccafac78 |
| SHA256 | e95ee5e12cd21523e687acb83f31f104138eba45569a1a739507018ba006c22c |
| SHA512 | b29a2ff38bb4221f3a2072a60d345e22df17cd67511e43b9dd34c2bc900c9a5400d38fc77d88a2f8e679d73ecdbca5d2103b11dd779a5eee4f4889881ac72794 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a15677bfb3bf3b4342626021928d97b0 |
| SHA1 | bfbc76cd6c3b52abdc647bcb4673e895a1c5e817 |
| SHA256 | ed548c122c899c5d672bf51b06be55a26fccb81bc05394ac7173e081ea25e97c |
| SHA512 | 4b1fad11b8e6375f23c0356861dcf145d4dbf97729562a30f84e20857d0350016b5ad787325bce113c8c1ee27b4ec0cc43ca680793157ec73490d8de04c5f4d3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e2c3d90efc0e60add4a80bb4a0ac08bc |
| SHA1 | 03add7f2c02ff0bfae766840ec4dd007744678cd |
| SHA256 | cb763a7329d69b15bb62277665d346149041fa5bd3185517550a8b35da2e4442 |
| SHA512 | 95ef6a129d44f86debb47f6b98aecb22082c64893e1c407d82114867dac3a4fe92c09e1a1da63129a554fd9b9a2e6139e20e3d3f27502db73c70801aa2f37edc |
memory/1488-244-0x000007FEF5463000-0x000007FEF5464000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 06a9456e467382df18a3593e4d54af7e |
| SHA1 | e36aa1c7c17b12d8007149dfd10660a3eccee341 |
| SHA256 | 2c39a8e836cf8d79fcde99af816da33866321879eace0406fd8da603ea5738fa |
| SHA512 | d27c67eed7cb6a2cc308c36cab14b292e6cde4a212fb57c4aa21d4e39a8d3960a556cb8c805464c2c2441f649e3badbfbe2e712c06fd04532d3f32a7a6c2218f |
memory/1488-284-0x0000000000EE0000-0x00000000012B0000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d4038df035884a5a9e9c824962d2bd9d |
| SHA1 | c4e9f26c16ebaedacc729d083be5f1dfd74ab872 |
| SHA256 | 5e748bdbdb926a837cea26b54583e5713639be3c43c495b3c59ef551a46a0116 |
| SHA512 | 7299c73cd961fbd5fd9fc0bfe74073470f7e0651a545923ba1ccd9b3a86ad9b10e2f2a53c948e45c3a725aefe915eff50ad40d39f41d7b1d017ea2fdf7ea1671 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 95e4038bb791bea26477f52ccf8c74fc |
| SHA1 | cc008ceee8193f6466470212a8c1f478c79ccadc |
| SHA256 | b03637a86350e68440e5b342645c4e3f81e746003e032d9d483e97cde40d672c |
| SHA512 | b628d1588302295cd135b2578003333a0e451cc9dd8cfa17d2f4baae6ac6e7cd2f3465e634d9212d7a1e450e4f58913dfb189909a5ee7453c4c8037f9a9eaa51 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 75bfae8ac53ea2d187c724861cba20e5 |
| SHA1 | c41956c2d657962d7135a44fabc6f901da716d00 |
| SHA256 | 051181488ddd0876f6f938f9268a8edb78b7f9aa61eb26568e8e308dddfd50b2 |
| SHA512 | e3842cc4803deacabea378240cdd2c4312402aa5472e5dcc307e33e58a9573df0794267a7316147b2cc7d925a8370216667992c19645ccc019a213f92ccb9f68 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5eec5b74a5d2731b6004246f221e63f7 |
| SHA1 | 51dc88984534c5c550f4b01329253ea555c546fa |
| SHA256 | 36f7059bb93937205386db37273a2d7c8eef9cc8ebf489fd309d3bb329431125 |
| SHA512 | 0fbe207214a37c2e671eca4b5e88f493ca7aadad633bc9ab4b57768ff7d1ae0ec948d7e43a3b9e396fea529ffb666730db458e7d23635938534933743027d43f |
memory/1488-506-0x000007FEF5460000-0x000007FEF5E4C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\WTLDR.exe
| MD5 | 7a94013c17dc892cea16fbae38646e43 |
| SHA1 | 8cf54c2ac961dd5c82cb3b07c3de317847aa94bb |
| SHA256 | cd35af0a0c71c382760409b7b2343c83857d89af55a0b365b72962f0f9c9a400 |
| SHA512 | 03df47db51270ca87172620e5475ce7a99e1fa1bd61e1956e4a0b28792d145b4e30d5b0d7b0737ea3ed331cecaecde78641b4828b1b9425153b1f9ac3de6f34a |
C:\Users\Admin\AppData\Local\Temp\KLSetup.exe
| MD5 | 65f0ee72fac85b324a0734053d436918 |
| SHA1 | 796d3ab9803f5e6ec370ff948f654842af62fd25 |
| SHA256 | 4f128c759e90606c9c7b5546259a7888b2aaaf5ea59d1aa40d5284056366504c |
| SHA512 | b18d612652d2023b7ca49bf0008d6f6a77bab25c70fb9d67bd29c4a917344275c2fbe14058e8121e0ec3e2278ae100b66e49494aa63a2d2570d7d95b6c64ed52 |
memory/1488-518-0x000007FEF5460000-0x000007FEF5E4C000-memory.dmp
memory/2156-519-0x00000000003A0000-0x00000000003E0000-memory.dmp
memory/1568-527-0x0000000000A00000-0x0000000001245000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\yadl.exe
| MD5 | 2b0d2f77d8abade07a3dd9a8152ad111 |
| SHA1 | e7c0ad498f361e3c2d5a0ffa225ee112ed3c5bdb |
| SHA256 | 85ddc30b6b53ebe529688528e74bcfd74df0b93ea29ee1693d7d9aeec4d48776 |
| SHA512 | d48a3b9d9d3f83f1b0498103ee1f78467dc84254c762227081ba3218bd2212c1e3c29d2d94737101d55f5793f3d7dca8bdedc7d527cdb701733a6cbc74c938fc |
memory/1568-556-0x0000000000A00000-0x0000000001245000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 523613f4e726830e6120c14ad5bfed22 |
| SHA1 | d39d221ea8a17155dca036d978f4d9a9853c286c |
| SHA256 | d53a32e1246771ec2f6ad2c3ce6f718dfa317109775a73174aebd86f739299c5 |
| SHA512 | 4f28b2628249b999b79203969b08ea2130fc29fbe84237aa12c81c51970f6304d3264f32fb9b9b34ab5d277c3f0e8428345c35326e8fec9686c11a9603670425 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | fe05b740f8a42c496e25440665d0d3f1 |
| SHA1 | 939a623260bd0a77896d71d57e231eb64256454a |
| SHA256 | 4a438ee4662260d9bad67d9ed4fe2de67edfada3eed01704c7098d1f74eba993 |
| SHA512 | 7b8be23516ee4071fd3a589466a07536ec82c7b520af90d6ff33c02ad186dfc2d7dbd13ad389e0c717cc5cb1d64caa7c364ca6206938ff002c71265d557d73cc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2ce0358034ad0d9e9e6b694595d9b6aa |
| SHA1 | e5c2a89e2230fa220f9fde10feb86724e6ac9b6c |
| SHA256 | b60b8ee859546b65e280c798830fe64f91ab6e365c9a81b1f4de5939ccdb4370 |
| SHA512 | 6e29e8fb2b6c440e975c2394272eb9de781e24a0ee0c5b4195fee227744cee57a870bf04cfc145fff94b06a4f3a4a0bf6633ab76e199be926663376daed25127 |
C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe
| MD5 | 3fb846d3691f3d98a34e669e1b9b5bf6 |
| SHA1 | 4c90c2912aae3b8da4c44a4faa0b8df20525285f |
| SHA256 | ead7a779cabae642d09be07283cc99e53c84ecf90349444e0d0ac4bf9901fe47 |
| SHA512 | e904ecfa7b1c9ba066272bf91b8341bf3877310613370defabee7db58ea825c52582353e97f9398d706d3f3890b3701a1c05fe202e8a87499fb9600f87176b3e |
C:\Users\Admin\AppData\Local\Temp\YandexSearch00000.log
| MD5 | 966b237be74cd73151e8bf351e98668d |
| SHA1 | ff79c524c53895e7ca4b531da5fd43978d190557 |
| SHA256 | 6fc21d359d992c40dc8e4c6565a5019fc75057585a201f345d1338a3995e08c9 |
| SHA512 | db04b7f03d346870753ff3486e4981019be5d7e3bc1b1304f2ff85674afe1fd833de0347ab8480c909e7189ac31800ce43daecdec2f91d987e255cfdac3196a0 |
C:\Users\Admin\AppData\Local\Temp\{5B964E0E-B9A3-4276-9ED9-4D5A5720747A}\YandexSearch.msi
| MD5 | 561f202d40eb1a21aa947b2b833f6928 |
| SHA1 | b48e2f49a416847aa9420ed4b360841e8c28f67b |
| SHA256 | b2fda5fb2d8e65fc0448d308647d8afd1e4ecd7bff0103ec3700e0798a7db0a3 |
| SHA512 | 66d172f336ef0b4790e2141711f205682a0ba6ced8d03f26e33b54f6ea1e29be10d387e843df26d1110559888b09a3cdf9198ea40f17ca9d2ac1872c1da82063 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4ef79103cc1af90c6e30132516972044 |
| SHA1 | 1e45c1db681a0a959578f18167d4064e511c77d9 |
| SHA256 | 5218e58bb49a72454a74bc44c054eb1ddfb596a95e0111b89c6967e4375f7a52 |
| SHA512 | 52dabd7b42e1696fa6e9a662a2ebfabc5012e0d11a3c6b92b9170b183ae42d247a18af6acd2f6d9568338fe50305eb90e02934133be6ecca12b7d82f56d7ed61 |
memory/1568-795-0x0000000000A00000-0x0000000001245000-memory.dmp
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\plugin2\msvcp140.dll
| MD5 | bf78c15068d6671693dfcdfa5770d705 |
| SHA1 | 4418c03c3161706a4349dfe3f97278e7a5d8962a |
| SHA256 | a88b8c1c8f27bf90fe960e0e8bd56984ad48167071af92d96ec1051f89f827fb |
| SHA512 | 5b6b0ab4e82cc979eaa619d387c6995198fd19aa0c455bef44bd37a765685575d57448b3b4accd70d3bd20a6cd408b1f518eda0f6dae5aa106f225bee8291372 |
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\vcruntime140.dll
| MD5 | 7415c1cc63a0c46983e2a32581daefee |
| SHA1 | 5f8534d79c84ac45ad09b5a702c8c5c288eae240 |
| SHA256 | 475ab98b7722e965bd38c8fa6ed23502309582ccf294ff1061cb290c7988f0d1 |
| SHA512 | 3d4b24061f72c0e957c7b04a0c4098c94c8f1afb4a7e159850b9939c7210d73398be6f27b5ab85073b4e8c999816e7804fef0f6115c39cd061f4aaeb4dcda8cf |
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\vcruntime140_1.dll
| MD5 | fcda37abd3d9e9d8170cd1cd15bf9d3f |
| SHA1 | b23ff3e9aa2287b9c1249a008c0ae06dc8b6fdf2 |
| SHA256 | 0579d460ea1f7e8a815fa55a8821a5ff489c8097f051765e9beaf25d8d0f27d6 |
| SHA512 | de8be61499aaa1504dde8c19666844550c2ea7ef774ecbe26900834b252887da31d4cf4fb51338b16b6a4416de733e519ebf8c375eb03eb425232a6349da2257 |
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\lib\deploy\messages_zh_TW.properties
| MD5 | 880baacb176553deab39edbe4b74380d |
| SHA1 | 37a57aad121c14c25e149206179728fa62203bf0 |
| SHA256 | ff4a3a92bc92cb08d2c32c435810440fd264edd63e56efa39430e0240c835620 |
| SHA512 | 3039315bb283198af9090bd3d31cfae68ee73bc2b118bbae0b32812d4e3fd0f11ce962068d4a17b065dab9a66ef651b9cb8404c0a2defce74bb6b2d1d93646d5 |
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\lib\images\cursors\win32_CopyNoDrop32x32.gif
| MD5 | 1e9d8f133a442da6b0c74d49bc84a341 |
| SHA1 | 259edc45b4569427e8319895a444f4295d54348f |
| SHA256 | 1a1d3079d49583837662b84e11d8c0870698511d9110e710eb8e7eb20df7ae3b |
| SHA512 | 63d6f70c8cab9735f0f857f5bf99e319f6ae98238dc7829dd706b7d6855c70be206e32e3e55df884402483cf8bebad00d139283af5c0b85dc1c5bf8f253acd37 |
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\lib\security\policy\unlimited\US_export_policy.jar
| MD5 | 12f971b6e65cbc7184701235469f0339 |
| SHA1 | 06cb165157c5e0078b872c48707a1328b1dcba19 |
| SHA256 | 84e035372ca8979bb4a387428a74942ffc7248a0e61988b7033b5b266cd187c8 |
| SHA512 | 58646fc81de2e4750a3259d79a207a8cff2dc6692f178a63d92a453fc408c8d1088007ef4e93157d1017be706565716a0236039dbac848c40745a0ad89c4d0de |
\Users\Admin\AppData\Roaming\.minecraft\KLauncher.exe
| MD5 | 82345958a39e7b1ad0b14ff2adeecaf9 |
| SHA1 | 56e29f91f3ca1d5a3712e339ea5ac70f2904fbf7 |
| SHA256 | 5fdc5fd46f4fbd5f1377c9cde1370b34bef76aec16f7ac3bcb89a1ee59329f99 |
| SHA512 | 1182da48e1be07c2b21036336446e4af55dfc4f4fd1602701cf2a2c56ead437d9be5d994948f7b863215cffe1b627ff4331e4635db12f9eaf9d6ea7b6bf98ea2 |
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\java.dll
| MD5 | 583e8b42864ec183c945164f373cb375 |
| SHA1 | 5ec118befbb5d17593a05db2899ee52f7267da37 |
| SHA256 | 9bc9178d3f4246433fe209a0f5ca70e77568e80c928268c78f8c8b00107ce6ed |
| SHA512 | 1feaac37bac19bde93171ebda2e76a65e9d5472a503b05939f6977b3a4d94d131298f3989dd048d7617ecd69cf09db7ac986fc39f0df9f56c84ea01726d0c898 |
\Windows\Installer\MSIE202.tmp
| MD5 | 0c80a997d37d930e7317d6dac8bb7ae1 |
| SHA1 | 018f13dfa43e103801a69a20b1fab0d609ace8a5 |
| SHA256 | a5dd2f97c6787c335b7807ff9b6966877e9dd811f9e26326837a7d2bd224de86 |
| SHA512 | fe1caef6d727344c60df52380a6e4ab90ae1a8eb5f96d6054eced1b7734357ce080d944fa518cf1366e14c4c0bd9a41db679738a860800430034a75bb90e51a5 |
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\ucrtbase.DLL
| MD5 | 849959a003fa63c5a42ae87929fcd18b |
| SHA1 | d1b80b3265e31a2b5d8d7da6183146bbd5fb791b |
| SHA256 | 6238cbfe9f57c142b75e153c399c478d492252fda8cb40ee539c2dcb0f2eb232 |
| SHA512 | 64958dabdb94d21b59254c2f074db5d51e914ddbc8437452115dff369b0c134e50462c3fdbbc14b6fa809a6ee19ab2fb83d654061601cc175cddcb7d74778e09 |
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\api-ms-win-core-processthreads-l1-1-1.dll
| MD5 | 7e8b61d27a9d04e28d4dae0bfa0902ed |
| SHA1 | 861a7b31022915f26fb49c79ac357c65782c9f4b |
| SHA256 | 1ef06c600c451e66e744b2ca356b7f4b7b88ba2f52ec7795858d21525848ac8c |
| SHA512 | 1c5b35026937b45beb76cb8d79334a306342c57a8e36cc15d633458582fc8f7d9ab70ace7a92144288c6c017f33ecfc20477a04432619b40a21c9cda8d249f6d |
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\api-ms-win-core-file-l2-1-0.dll
| MD5 | 721b60b85094851c06d572f0bd5d88cd |
| SHA1 | 4d0ee4d717aeb9c35da8621a545d3e2b9f19b4e7 |
| SHA256 | dac867476caa42ff8df8f5dfe869ffd56a18dadee17d47889afb69ed6519afbf |
| SHA512 | 430a91fcecde4c8cc4ac7eb9b4c6619243ab244ee88c34c9e93ca918e54bd42b08aca8ea4475d4c0f5fa95241e4aacb3206cbae863e92d15528c8e7c9f45601b |
\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\api-ms-win-core-timezone-l1-1-0.dll
| MD5 | 91a2ae3c4eb79cf748e15a58108409ad |
| SHA1 | d402b9df99723ea26a141bfc640d78eaf0b0111b |
| SHA256 | b0eda99eabd32fefecc478fd9fe7439a3f646a864fdab4ec3c1f18574b5f8b34 |
| SHA512 | 8527af610c1e2101b6f336a142b1a85ac9c19bb3af4ad4a245cfb6fd602dc185da0f7803358067099475102f3a8f10a834dc75b56d3e6ded2ed833c00ad217ed |
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\api-ms-win-crt-stdio-l1-1-0.dll
| MD5 | 55b2eb7f17f82b2096e94bca9d2db901 |
| SHA1 | 44d85f1b1134ee7a609165e9c142188c0f0b17e0 |
| SHA256 | f9d3f380023a4c45e74170fe69b32bca506ee1e1fbe670d965d5b50c616da0cb |
| SHA512 | 0cf0770f5965a83f546253decfa967d8f85c340b5f6ea220d3caa14245f3cdb37c53bf8d3da6c35297b22a3fa88e7621202634f6b3649d7d9c166a221d3456a5 |
memory/1568-2033-0x0000000000A00000-0x0000000001245000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\vendor00000.xml
| MD5 | a96e6071a17b74bbd309bf696496b8f7 |
| SHA1 | 63c1ecf860504d390b6f3a32982ddd8946b042c5 |
| SHA256 | 1a855972dc308e47d30d567e1b37fdad349bf555b971bc14ead76e17a8accccc |
| SHA512 | 2c906e2f11d62d1336be482cc5ff784bf372cc7afb3263754e7810a1ae27e253aa9e22463456b62a25049d33ba1e69f129ed7e0a0273fe928dcaa216b7876449 |
\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\api-ms-win-crt-convert-l1-1-0.dll
| MD5 | 4ec4790281017e616af632da1dc624e1 |
| SHA1 | 342b15c5d3e34ab4ac0b9904b95d0d5b074447b7 |
| SHA256 | 5cf5bbb861608131b5f560cbf34a3292c80886b7c75357acc779e0bf98e16639 |
| SHA512 | 80c4e20d37eff29c7577b2d0ed67539a9c2c228edb48ab05d72648a6ed38f5ff537715c130342beb0e3ef16eb11179b9b484303354a026bda3a86d5414d24e69 |
\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\api-ms-win-crt-string-l1-1-0.dll
| MD5 | 9b79965f06fd756a5efde11e8d373108 |
| SHA1 | 3b9de8bf6b912f19f7742ad34a875cbe2b5ffa50 |
| SHA256 | 1a916c0db285deb02c0b9df4d08dad5ea95700a6a812ea067bd637a91101a9f6 |
| SHA512 | 7d4155c00d65c3554e90575178a80d20dc7c80d543c4b5c4c3f508f0811482515638fe513e291b82f958b4d7a63c9876be4e368557b07ff062961197ed4286fb |
\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\api-ms-win-crt-heap-l1-1-0.dll
| MD5 | 8906279245f7385b189a6b0b67df2d7c |
| SHA1 | fcf03d9043a2daafe8e28dee0b130513677227e4 |
| SHA256 | f5183b8d7462c01031992267fe85680ab9c5b279bedc0b25ab219f7c2184766f |
| SHA512 | 67cac89ae58cc715976107f3bdf279b1e78945afd07e6f657e076d78e92ee1a98e3e7b8feae295af5ce35e00c804f3f53a890895badb1eed32377d85c21672b9 |
\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\api-ms-win-core-file-l1-2-0.dll
| MD5 | 5a72a803df2b425d5aaff21f0f064011 |
| SHA1 | 4b31963d981c07a7ab2a0d1a706067c539c55ec5 |
| SHA256 | 629e52ba4e2dca91b10ef7729a1722888e01284eed7dda6030d0a1ec46c94086 |
| SHA512 | bf44997c405c2ba80100eb0f2ff7304938fc69e4d7ae3eac52b3c236c3188e80c9f18bda226b5f4fde0112320e74c198ad985f9ffd7cea99aca22980c39c7f69 |
\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\api-ms-win-core-localization-l1-2-0.dll
| MD5 | 1ed0b196ab58edb58fcf84e1739c63ce |
| SHA1 | ac7d6c77629bdee1df7e380cc9559e09d51d75b7 |
| SHA256 | 8664222823e122fca724620fd8b72187fc5336c737d891d3cef85f4f533b8de2 |
| SHA512 | e1fa7f14f39c97aaa3104f3e13098626b5f7cfd665ba52dcb2312a329639aaf5083a9177e4686d11c4213e28acc40e2c027988074b6cc13c5016d5c5e9ef897b |
\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\api-ms-win-crt-runtime-l1-1-0.dll
| MD5 | f1a23c251fcbb7041496352ec9bcffbe |
| SHA1 | be4a00642ec82465bc7b3d0cc07d4e8df72094e8 |
| SHA256 | d899c2f061952b3b97ab9cdbca2450290b0f005909ddd243ed0f4c511d32c198 |
| SHA512 | 31f8c5cd3b6e153073e2e2edf0ca8072d0f787784f1611a57219349c1d57d6798a3adbd6942b0f16cef781634dd8691a5ec0b506df21b24cb70aee5523a03fd9 |
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\server\jvm.dll
| MD5 | 36e3e370db5f0b66689811b41f1a8445 |
| SHA1 | 7fcbe290c3a6a0827b77af78115a1b4bc834d685 |
| SHA256 | 9f28a06990d2ed1d14130072109e37e733b3a7d4922e325e679dd4d917741550 |
| SHA512 | f93bc4ca946e383ee1edfef3c7b5574585d23d660a4cc3db5b6b203f6111a3fe1f245d583ca53852888ac67812fb6efd0d121d0643180875baeb0d7b811d4db9 |
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\lib\amd64\jvm.cfg
| MD5 | 499f2a4e0a25a41c1ff80df2d073e4fd |
| SHA1 | e2469cbe07e92d817637be4e889ebb74c3c46253 |
| SHA256 | 80847ed146dbc5a9f604b07ec887737fc266699abba266177b553149487ce9eb |
| SHA512 | 7828f7b06d0f4309b9edd3aa71ae0bb7ee92d2f8df5642c13437bba2a3888e457dc9b24c16aa9e0f19231530cb44b8ccd955cbbdf5956ce8622cc208796b357d |
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe
| MD5 | 122e34bfa3146ef9ae5a51fdc744353f |
| SHA1 | f0cc2294fe150a4cceca8a3da8615edcc4eb20e4 |
| SHA256 | dd2169db3358ccdf4a4a185e4a22955c989eaa3b9d3e0e6025599b8fa173c968 |
| SHA512 | 306341e00598f02a70d3edc6ef666cb64982f1e31e5c0a1304977a1700c95395c1c7f0857ae8056853370eced0bd2aeafc72da804a65f98c1422929b7c431700 |
memory/348-2066-0x0000000000140000-0x0000000000141000-memory.dmp
memory/868-2081-0x0000000000400000-0x000000000042F000-memory.dmp
memory/796-2215-0x0000000002080000-0x000000000208A000-memory.dmp
memory/796-2214-0x0000000002080000-0x000000000208A000-memory.dmp
memory/796-2213-0x0000000002080000-0x000000000208A000-memory.dmp
C:\Config.Msi\f76bc32.rbs
| MD5 | e4d259b8dc0b03020b1ddfa2b8e26653 |
| SHA1 | 3c9e1f6fb89f84c2216ac610036ab460fb647987 |
| SHA256 | e2b1c5d02f71c528814884677885d64cc07bd4da17417d0371e5ef8e15b65a27 |
| SHA512 | 6d538ce1852fb18d82b6d71230bf8dd2403ae7ac8d80af33912a1bc72d52dafd3342cebc2d45d1d0e3c316ad5fa22a8dbc6d34a593079422b2cf0a8a5b485ffc |
memory/796-2219-0x0000000001F30000-0x0000000001F31000-memory.dmp
memory/796-2212-0x0000000002080000-0x000000000208A000-memory.dmp
memory/796-2209-0x0000000001F30000-0x0000000001F31000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\OMNIJA~1.ZIP
| MD5 | b6290143f19876d1a412ec6e9f835c14 |
| SHA1 | 4fa4ae1c8984b35987ef17f69a94646b2b0a6bb2 |
| SHA256 | 3b8867f3a7eebfa5a33ce3286bbe568ec18da28bee72f7e7b28368c000d78438 |
| SHA512 | afff382a44e821fa84560a36ffef8fb6031a7ad1ac9e6e0fa59938c667676945845a55eb373f2139369dc52e000d63e33e8df52f5d4daeaf869e6d9576abb034 |
memory/796-6416-0x0000000001F30000-0x0000000001F31000-memory.dmp
memory/796-10206-0x0000000001F30000-0x0000000001F31000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9bot8sq2.Admin\places.sqlite-20240623215559.061800.backup
| MD5 | 314cb7ffb31e3cc676847e03108378ba |
| SHA1 | 3667d2ade77624e79d9efa08a2f1d33104ac6343 |
| SHA256 | b6d278384a3684409a2a86f03e4f52869818ce7dd8b5779876960353f7d35dc1 |
| SHA512 | dc795fa35ea214843a781ee2b2ef551b91b6841a799bef2c6fb1907d90f6c114071a951ebb7b2b30e81d52b594d447a26ab12ddb57c331e854577d11e5febef5 |
memory/796-10181-0x0000000001F30000-0x0000000001F31000-memory.dmp
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9bot8sq2.default-release\thumbnails\ba433b350a0a2613ceeb89a6c66e8da6
| MD5 | e05d28ab78d61968a7132eafe61f54b4 |
| SHA1 | dcf260ab7cdea7b6fc934e54765c964c1a20bd36 |
| SHA256 | cbd302b0ea2218f495b9f0a814f34733f2c5f13a6634d74c6e85a5c0863b5621 |
| SHA512 | ebea612bf803692fa3c7b2573c58f2e43fba0f7039e01b57203978cf69b6f8ca538b563791a760a7e901bb5e392879bd57bdbdb69b6a3781a3886fc0c01eddc0 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9bot8sq2.default-release\thumbnails\68f79a69daa8bcc89cc24690c2324c3b
| MD5 | af80a936c10e18de168538a0722d6319 |
| SHA1 | 9b1c84a1cf7330a698c89b9d7f33b17b4ba35536 |
| SHA256 | 2435c0376fca765b21d43e897f4baa52daa0958a7015d04103488c606c99d1d3 |
| SHA512 | 9a1325c8ce05806e5c161a4cf47239f62baad8f79650fbd713e74928fce8171ced10ba7f24fac46c548e1dbf3f64106270cb25ca88c836c870107f5dc1f97879 |
memory/796-10284-0x0000000001F30000-0x0000000001F31000-memory.dmp
memory/796-10278-0x0000000001F30000-0x0000000001F31000-memory.dmp
memory/796-10263-0x0000000001F30000-0x0000000001F31000-memory.dmp
memory/796-10255-0x0000000001F30000-0x0000000001F31000-memory.dmp
memory/796-10253-0x0000000001F30000-0x0000000001F31000-memory.dmp
memory/796-10315-0x0000000001F30000-0x0000000001F31000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\+JXF2465299824772532332.tmp
| MD5 | 99c471b10eb25b8f0f1fe76a04926b0f |
| SHA1 | 807f89e70ccf186bde048c8a51a5c2d668190797 |
| SHA256 | 9042ee73964614ed6b3eb4aa30df23c4ac5d3372deffb201ab9287540a34079c |
| SHA512 | cbc263c2fbf1325c56adb312be8026ec25766a172bfd8d742a2e86292692c18fb185f595eb8b6fa2898e66ff95404ae52d9e52c393271e9f1fbbfd6c5bb9707d |
C:\Users\Admin\AppData\Local\Temp\+JXF7432461699662347372.tmp
| MD5 | 794162f5ab873e624c2e8adaef34aa73 |
| SHA1 | 5e631244b866752f9232e170ed81ab94d252ac42 |
| SHA256 | b272fda2af48d26da480cd02d76059416539612615d38b9145b3f156d677ef7c |
| SHA512 | d14a8abf8a3a4279652132ec145c5fad024001241e6c81d1e07c74ad3d438d61ea6f2e2a3d01812621763afbda99486ebe47f858a8dbd440c82448b1619a2426 |
C:\Users\Admin\AppData\Local\Temp\+JXF1594021999544664996.tmp
| MD5 | 945426f5363c482553695c661ebc75a0 |
| SHA1 | feb3a62b783c6cba5175e957c6a4d1564e6de534 |
| SHA256 | b04761b165a8b32e5ac989a3cee07f27658634e7796f708b3e17ff5ccbe23622 |
| SHA512 | 12658f86b8c3744329c2a4c4552ce25c5756e29aa984e0c7fd3fdee13abaa51b221d8ff78a9c406b084d3c08fffc3cdcb2b58f9cfb6af707ab9e3bc8fcee9e98 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Services\www.ya.ru.ico
| MD5 | a6f6261de61d910e0b828040414cee02 |
| SHA1 | d9df5043d0405b3f5ddaacb74db36623dd3969dc |
| SHA256 | 6bb91f1d74389b18bce6e71772e4c5573648c1a4823338193f700afdf8216be5 |
| SHA512 | 20cb7b646c160c942e379c6e7a1a8981a09f520361c0205052c1d66e2fdb76333ffaaf0ca1dfc779754f0e844b9946900fbd5690d01869e1607abc1fda6dffab |
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Preferences-20240623215600.459800.backup
| MD5 | af006f1bcc57b11c3478be8babc036a8 |
| SHA1 | c3bb4fa8c905565ca6a1f218e39fe7494910891e |
| SHA256 | ed6a32e11cc99728771989b01f5ae813de80c46a59d3dc68c23a4671a343cb8c |
| SHA512 | 3d20689b0f39b414349c505be607e6bfc1f33ac401cf62a32f36f7114e4a486552f3e74661e90db29402bb85866944e9f8f31baba9605aa0c6def621511a26af |
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Bookmarks-20240623215600.459800.backup
| MD5 | 3adec702d4472e3252ca8b58af62247c |
| SHA1 | 35d1d2f90b80dca80ad398f411c93fe8aef07435 |
| SHA256 | 2b167248e8136c4d45c2c46e2bff6fb5e5137dd4dfdccde998599be2df2e9335 |
| SHA512 | 7562e093d16ee6305c1bb143a3f5d60dafe8b5de74952709abc68a0c353b65416bf78b1fa1a6720331615898848c1464a7758c5dfe78f8098f77fbfa924784c0 |
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Preferences
| MD5 | e9f8dc645f24212e3a6a0e17a9b3f8a0 |
| SHA1 | 28cefae18c56e194da88353557f3a453281d54a8 |
| SHA256 | fd257ef82dd4ab28c302c42b6623aae32fd18c0da806821251cdf9f6c172d9fd |
| SHA512 | a7da60b3202b73a703c55dff4d12438447c93c897dcbbae2b1b6062177c92442e69e135cd647ce26f20af28340bcedbec44f21b09434280b51001e055d827724 |
C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.lnk
| MD5 | 310697893102d67491def0c5571390f6 |
| SHA1 | 9536c2073b02acf6e7278cadc88ac12cdee12566 |
| SHA256 | bc66265afb76954ea63956e5a8a19f3f3bc3752166d6ccc9760816b6d26c79b5 |
| SHA512 | 360c4d3ad206d3ed75ab140dcb8b7f06076284806b36b8d2a8c912bc85b1542a09c569aa352270ab166cc3bf4564c5804c2104e5288719da090b316382b18385 |
C:\Users\Admin\AppData\Local\Yandex\YaPin\Яндекс.website
| MD5 | d2fdab99df8a05cb2233b2b190fedbca |
| SHA1 | 3303cd68c1732e6cde273faa7789cff16f526aee |
| SHA256 | c4a08741f47df82e576f3cedc286d0dd8698a38c0967d4a9eaf1c7ddc02817cc |
| SHA512 | 59eea6dd75c1987e7c2627f22be86a8521afbdde7c08b41a167241d98ec7717683ac4ca3db86a75220193f5ba9fd5ef8ce86d9a5a8cf7df43fa3f8ff090fcc0c |
memory/796-10421-0x0000000001F30000-0x0000000001F31000-memory.dmp
memory/796-10418-0x0000000001F30000-0x0000000001F31000-memory.dmp
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\java.exe
| MD5 | 1562e15220d8771fcb11b9a5b234a970 |
| SHA1 | 50ec8e4e7125bda147a1b2ccc2b2827db2dc3479 |
| SHA256 | 366199821c1efede3f7112d21da045fd6bf38b56fb3da1ae9d6493c4ddc1861f |
| SHA512 | a07873f0a5381d202a6439a3245dd51f405cdcec4a9d40ff6ffdd4670a3b218008f7288a89e2a7455782c677d4c661bda96e62f813ce7d8c1f20a6c4c7c2b31f |
C:\Users\Admin\AppData\Roaming\.minecraft\klauncher.json
| MD5 | b734dcb1de24f851dbd9bbc3580195ea |
| SHA1 | bf47665415a9e2020f761e46a294927316a49679 |
| SHA256 | 1301d3d76958673b6f6fa865f5dcb47e3b851ac045bd32d06c2a073997a44f1a |
| SHA512 | 44915d73d61ae7c33b523e7162745820670d03d0d1e40e822ffd6f5af220141b7801e66d2cb12198c4084a8401786206280e68f48e14c294ed6250f0842836af |
memory/796-10824-0x0000000002080000-0x000000000208A000-memory.dmp
memory/796-10827-0x0000000002080000-0x000000000208A000-memory.dmp
memory/796-10826-0x0000000002080000-0x000000000208A000-memory.dmp
memory/796-10825-0x0000000002080000-0x000000000208A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\{E1B355E0-236E-4E8A-B095-A16158FF3343}.exe
| MD5 | bf2e1399a1e08ae36658b0aaa7fd5a99 |
| SHA1 | 4d233713a23a77309a9470e13ae82c2a83cd8ae8 |
| SHA256 | c816c0bc31ab41c33f58bc4d3fbabd32bb4e06c7a0044d21a5e626f6bbfb9809 |
| SHA512 | 8cbd230ebefbbd8a12780b60dff83a8543369e851ffc97fa2d5480432e69247eda671ba01a1200dd0adeae4aeb2518322e0564852a599f2c871aa440c0ee192c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9116a6b807f784b3071e457645d9d354 |
| SHA1 | 9fbb28ac0d62e2a3f60013ffff2e5dfd6b985f96 |
| SHA256 | 9fc5eb98cfcdcf85e4833f0e8b62b0ef1f019c4c653a85e1019aadfe6291971b |
| SHA512 | d96823d6e636602b31ae23730f8dc29e4ec030d3c2dea2d34b1dea1773f260568e34d9aae65cab934a2dfb0f83c9f19d401c440a6b84dadfb7449c61ca1057b5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | adcf509412af68bdac89c2e0c5c3e87b |
| SHA1 | c707b3415023f1465e99a93b91701593a9938869 |
| SHA256 | 5bcb70aef82348e1779541bf07daeca6ab7a79067599c2059a348e7b800dbc24 |
| SHA512 | cc5c37a5bbef41d51d0e212b2f982d867558e72612831d581460333c9c049cad1ea27c4582c960680f07e15b14ec72fb76599b7a2cb833b48965547b37ef8ab3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f344d2e972bd66962f5b67ae7deded5c |
| SHA1 | 72d09c55e34fa27152d5095e60722332d11586de |
| SHA256 | 58400f611db211ab4689e945cce1731d8116d9ef2b36d5818f6725b80c24ab22 |
| SHA512 | 5767df03597d619eb53f7a4ae195ac3b2fff12a29b63ca2cd5beaec53ddac7141c1df82233480e805c58e317902e7b8cb5e6297ca6600a3a355f8cade816f21b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | f04df49b6ae85bfde788624223be9966 |
| SHA1 | ce2f041307f0fc4e4132bee039981fe25872d6f1 |
| SHA256 | 2c5f08f8a268709d24cd937ae96f936fe0d0659f4015a2a78dc81515c078dc69 |
| SHA512 | 5bc03fc482492186fa51c214b56facb97d8dbcbc3bf5f89cf2fde51d63395f5273e375d0d3d21f1045cd4438c3c4630d12325987c939f8c2848023ce9aecb12d |
C:\Users\Admin\AppData\Local\Temp\lite_installer.log
| MD5 | 80f7adc41431eb6ea43be821a956d78e |
| SHA1 | bbf1a4a0577ffe7383e4fe0620ec1254a774766a |
| SHA256 | 850110e1974871753233fb292c8aa4f6f01990e84d0c54d2095b31b68322a973 |
| SHA512 | 30737494c6035a3f9f8e2c032a0de4acd522c6edc2f5a37e8c5f934e3d6ee686bd55748045d0df8e389280bb47a99aec4479bd90df8320fcddb86673d7f91040 |
C:\Users\Admin\AppData\Local\Temp\master_preferences
| MD5 | 5c627a0acb0b4aa6850222290d1b9b30 |
| SHA1 | dc52e262636616c0524a08bbbffb62a8b9eab9ce |
| SHA256 | 15cbe382487e05ebc052b8ae3155e4ffbbb515bce90a76f15cda47e076a037d1 |
| SHA512 | 6250e074b4d65e19ef50b1d7389af8e4ae7b97a47582c774c6dded0a5bde2919236cf991a0652d42e042392582e1a92adca9094f5b32015166ffd8b0f2ee7920 |
C:\Users\Admin\AppData\Local\Temp\+JXF3015876882171906206.tmp
| MD5 | a3de2170e4e9df77161ea5d3f31b2668 |
| SHA1 | 6484f1af6b485d5096b71b344e67f4164c33dd1f |
| SHA256 | 7b5a4320fba0d4c8f79327645b4b9cc875a2ec617a557e849b813918eb733499 |
| SHA512 | 94a693ab2ce3c59f7a1d35b4bcc0fd08322dad24ce84203060ceceaf3dac44c4c28413c28dcdab35d289f30f8e28223a43c11cb7d5e9a56d851eb697ff9b9b6b |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\configs\all_zip
| MD5 | 33b0f0599e46c248c6e7f41553fa707c |
| SHA1 | 90305d5f8c31a1ffbbff50a4fdbd4ae54b610298 |
| SHA256 | c5591c1f105ac121858c10df3cf71b75c7bb671f187b837bac17959d94578f3d |
| SHA512 | 68932e299ef7c4e5868e16006f193a5d7e606e8f9d96fe0172b4413cb57e5684fd81a3319cddceb3619074299b30a8981a51d9f0d9359af6cb2a2903faf2f533 |
C:\Windows\Temp\sdwra_5632_436080900\service_update.exe
| MD5 | 7d5dcc6514ef69ab179e6744f853a78a |
| SHA1 | 0a7d0ea8fe4234ffd7cca24eb7fb93ad8f045474 |
| SHA256 | e80f1cb535a94fdd48bcc06e9b839c2ef831b1ea5f559ecd44bd67efc2a35985 |
| SHA512 | 0e5eed3976624f207fc85217e60270bf28381a70291b46f7ce2a21c26430aa9e4010f66798b334e4a19cf2aacf5558089612e43edc2a27ba55bcf1e9fbab55a3 |
C:\ProgramData\Yandex\YandexBrowser\service_update.log
| MD5 | 616bc1bb64201581bfbe8f8194693cba |
| SHA1 | 446331ae32af9f114acbe3b8808b6bc8145b1053 |
| SHA256 | ef9b55c527fdd1debb0fcbab5d96fb4419fdc8c197e8ceed5e1817da16baee0b |
| SHA512 | 3196f415a7d48b9465f7d0292aeaf09d88dce208868d81c91f02fd7454c4daebfca136abf7f7e6970b4b2829d520a3db077d5b510b3a115bb7acb77a9f913afc |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.6.0.1878\Installer\setup.exe
| MD5 | bfa61a4e9bb19fb367c86bb59b5efedf |
| SHA1 | 307693074110f0705df46799c59fbadf713c28fd |
| SHA256 | 6b876f9bc56c351a8b15decf839f2704b61040dcc3dcc59b0361956e33670c65 |
| SHA512 | bba0d0276405558562a5d7ec04a727b0aa850c961729f4f41d4aa6ea33eae312fc7bf73354961d7bb90af8d913cfca51c0ce6a6872bd7069fe531a5805089be3 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.6.0.1878\partner_config
| MD5 | 977bc7b2384ef1b3e78df8fbc3eeb16b |
| SHA1 | 7ee6110ca253005d738929b7ba0cc54ed2ed0a2e |
| SHA256 | 82e288090168abe15419015317fd38f56c1136e7481f66656d84e0a2d861d4d6 |
| SHA512 | 4d154832ef3ac05abb1499a5bc8235d72f64cdaa3e6870206a6363c1d85d821604ae8a96850c2c8bd540d479b8dd5f3ce032472ed96bbf7eddb168ea3d2d1cf6 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.6.0.1878\brand_config
| MD5 | 21a3e1e8b2352d3ee79f3cf3249eb5bd |
| SHA1 | 1f2d95c3fe89591a09dd8bb19b53ac879809aaa1 |
| SHA256 | 3a9dcb32b11967a0f9e866dfb476d9f68c37ec4fe4b53f0673f376c8c763d80f |
| SHA512 | 01845d48f444a8d9d17a7f96e161b3bec55237c52340016496baf0a9c550ea9d6a7b89ea1359da079032877b0b9a71a6e4dc8312a4b3fd7b2f19a1a2f685b391 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\wallpapers\sea_preview.jpg
| MD5 | 53ba159f3391558f90f88816c34eacc3 |
| SHA1 | 0669f66168a43f35c2c6a686ce1415508318574d |
| SHA256 | f60c331f1336b891a44aeff7cc3429c5c6014007028ad81cca53441c5c6b293e |
| SHA512 | 94c82f78df95061bcfa5a3c7b6b7bf0b9fb90e33ea3e034f4620836309fb915186da929b0c38aa3d835e60ea632fafd683623f44c41e72a879baf19de9561179 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\wallpapers\sea_static.jpg
| MD5 | 5e1d673daa7286af82eb4946047fe465 |
| SHA1 | 02370e69f2a43562f367aa543e23c2750df3f001 |
| SHA256 | 1605169330d8052d726500a2605da63b30613ac743a7fbfb04e503a4056c4e8a |
| SHA512 | 03f4abc1eb45a66ff3dcbb5618307867a85f7c5d941444c2c1e83163752d4863c5fc06a92831b88c66435e689cdfccdc226472be3fdef6d9cb921871156a0828 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
| MD5 | 20d11a140d4a8cf002b2e215e0530981 |
| SHA1 | 8b51ef221cdadac07f0d35b750b059d2df542f1e |
| SHA256 | 2f69a50fd3bc75d3cd7debc4096430d1d7cf39f04cc81952c0313ced6708f5db |
| SHA512 | 81bed05ad47ff203c551c849c9b29b469c9480376a79d7cd113c0a8593efe6db634286f2cad79671f88220a542be2fbcee2bd861baf3cdb932ff4f9e980ed333 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex.lnk
| MD5 | 37dc53df4884f46dc833cfc102429183 |
| SHA1 | 622591ec2cf6bcb5456cea161232e74aead3a446 |
| SHA256 | acbad8805f49dbf9ea479acbaa46b8f676909c8e6cb512467cf7263e7ec1b426 |
| SHA512 | 80c85c89ad508f1d902052ed4970c2ce72eb98bed7e1a52954deb40b6b919e27c220f0d85820927315d0a7c69c59ff229914dba693f892648a80c0cd731893b7 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\install_state.json
| MD5 | 66d54e6cdb1ac35534cc1ccd92bf4c2a |
| SHA1 | c20edb3a98de51ac1e0edd8c56a5f40ff469f903 |
| SHA256 | 79bb38ec0ec10b3f90f4871ade55c481500a726a8a0ee21e46d5974bc4c72f28 |
| SHA512 | bb3ba01bfe7257c7d8039df3f294409050b31e4aa713206e6aa3a84d7451e47cd5fe80116b98856b4540269e3f9dbace05f5c44fe4f20f86c1aba2e494aa6821 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\fe7cc995-756b-4eae-8384-3f4450cd1875.tmp
| MD5 | 9cfdf04d0a3810e577ebfae729a6107f |
| SHA1 | 5f6aa5e5c8a9a1981d25d9d4aed46ca4aad1f570 |
| SHA256 | 639477a0049adda15dd2b2b80057ea8deef8f26ca463ec6e0b65ab9c2c43f346 |
| SHA512 | 0571bc5a35ae32c240fbb77e246232f8192536dc102a7445ad2d6db0648531bcae53e477abd606a5d0c7cb2bf912257210b7565bfba19d7eba8c7641be3c9713 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Sync Data\LevelDB\CURRENT~RFf77d9db.TMP
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Local Storage\leveldb\000002.dbtmp
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Site Characteristics Database\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Wallpapers\store\picture-13363653417309800
| MD5 | 3bf3da7f6d26223edf5567ee9343cd57 |
| SHA1 | 50b8deaf89c88e23ef59edbb972c233df53498a2 |
| SHA256 | 2e6f376222299f8142ff330e457867bad3300b21d96daec53579bf011629b896 |
| SHA512 | fef8e951c6cf5cec82dbeafd306de3ad46fd0d90e3f41dcea2a6046c95ab1ae39bf8a6e4a696580246c11330d712d4e6e8757ba24bbf180eec1e98a4aec1583b |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Wallpapers\store\preview-13363653417309800
| MD5 | 9f6a43a5a7a5c4c7c7f9768249cbcb63 |
| SHA1 | 36043c3244d9f76f27d2ff2d4c91c20b35e4452a |
| SHA256 | add61971c87104187ae89e50cec62a196d6f8908315e85e76e16983539fba04b |
| SHA512 | 56d7bd72c8a380099309c36912513bcafbe1970830b000a1b89256aae20137c88e1e281f2455bb381ab120d682d6853d1ef05d8c57dd68a81a24b7a2a8d61387 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences
| MD5 | 8afc9198cfd38502b2114e71362c5873 |
| SHA1 | a1e1ec63bc037b7c6de52c9f5e693b871d368cb8 |
| SHA256 | bf67bd772c82fc7ef08c9b7eb94a7bd0f2a7aa86d530b6f44467b36a486013c2 |
| SHA512 | 9a2f12ee4c97d01129a602d9f8905c4e41894c6becb99d1324b12f1c7e4fef6a779068a6edc163f081546c61523a1c65aff76c8823a61290d2e48b1f25ef1104 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\992f24b5-f260-4fc4-9604-41de76f0c4f0.tmp
| MD5 | e83f8ddcd8a44db1f17574eb0f501331 |
| SHA1 | 0b30ec881ad62158f896ea47f5c70db3806aefd6 |
| SHA256 | 3bae34ca8c4ca34ad7177a57d3934891651bea573f72a7da8cdf004f897ffee3 |
| SHA512 | 8a246ea1417825e1de0ee26af667c849175659441dac4c9f115d58ebb68abaac9245b231d787edfa72384ebdf0f170e871fca352b441faa41bc2984bc1a56223 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Cache\Cache_Data\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Cache\Cache_Data\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\b5647938-ba60-4e58-8202-36372a628488\index
| MD5 | 54cb446f628b2ea4a5bce5769910512e |
| SHA1 | c27ca848427fe87f5cf4d0e0e3cd57151b0d820d |
| SHA256 | fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d |
| SHA512 | 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\6adb7b9e-2c00-46f7-bff7-ed01d9925f64.tmp
| MD5 | 2d81607763a3c4cfc59e8fd69508ee24 |
| SHA1 | daf828a4ae794cada3104510d8b6a56131dd6d03 |
| SHA256 | 2c3dbe111dec9b4c62652aefa20df0c651cfcebd02a00fc9b607b8a8a580f25f |
| SHA512 | dcbe421e07da4705f5e4b82bbbeb57732857178ba38df7b2f50dbf0580ff41a4a38305a10b0adf4f01a13fbb2f31754db20b0bd2df88cdf504c838a7899de6d2 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\GPUCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\bcadigmkecmhhknameopgaidphameinh\Icons\48.png
| MD5 | 7cf35c8c1a7bd815f6beea2ef9a5a258 |
| SHA1 | 758f98bfed64e09e0cc52192827836f9e1252fd1 |
| SHA256 | 67c320fa485a8094fc91cd3fcd59a7c75d2474e3046a7eb274b01863257fbe01 |
| SHA512 | 0bbebde654c9f44cf56b74fc1a9525b62c88724ec80658efede3cbb370c3a6d4f3e78df459bbd0559a51838f4a172bdfcd370bd5477038309024b77cd69f2a15 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\bcadigmkecmhhknameopgaidphameinh\Icons\16.png
| MD5 | 238b0e7dc06028db4b6aba8078740ffb |
| SHA1 | 5fd2309587993b371beabb7a9d039e0dba3006ba |
| SHA256 | d159e510392f6da58c4d15cc098171d45c7b02a1362cbf7be7a2d47a1a10e7fc |
| SHA512 | 1dda4de21be647067c04dfc47174df39d0c6c1eeee3e9005211f908351b69d6a27ed268b5ec7480285fb203a95136a3a205f7bafb7eb5223a3dcbab0dadc0e5d |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences
| MD5 | 8629df23cd3f9e1b7a1747d4b5244f67 |
| SHA1 | 57485e69da4e173cbdf1221ba7208ce9c80fb21a |
| SHA256 | 2dc1e8de365fc58fcf981824a05362b7eabef16b984c681942bb29a232b8f2f9 |
| SHA512 | 09cff68c125a409c30099f9061063ceb2538814c3c714614023673fadce1593b8388df2ef4c9161fc699dc1e4419b46166ce88a0b2f02fa5a48189ec2c7cabda |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Secure Preferences
| MD5 | 3c90a25d1954671f935f6736c18383a1 |
| SHA1 | 2542cd36c983e104ca1a7543949149f8f5aa5841 |
| SHA256 | c3f21040fea1f922aa6c9cdc09f06b6d5f951407838fa2f499077747e988bc03 |
| SHA512 | aacc41ab651dbbfe575b7adfd7a551e262e589f808edcef2d0f52c2066722370ebeff0c12cc304d8d6c829ecf6fe9b6f5a006c10d0802fd9e5ea623462d206f2 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\YandexDictionaries\ru.bdic
| MD5 | ac3768f0462853d08df284e67c7c4ebd |
| SHA1 | 732581ac6f2e02246696817adc53d2e2e5d0dcb5 |
| SHA256 | af2bcc135f974aad505a8f55296117dbf4cbc095931e22f424698b181d273656 |
| SHA512 | 27d558deffeeefe1198aebdf65a3fef0b0f3d6b6c4177d03ff32b0363f0a2fb1b7ff6454f45dd3254427cec9174b03181c50bc51dba212e6ab0114a6e72bcf96 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\component_crx_cache\oimompecagnajdejgnnjijobebaeigek_1.2903aec9f77378fa19280af8ff89294fb9ce2caf8e0092c69e19973c0a9cc6fe
| MD5 | 5d9ad58399fbef9be94190d149c2f863 |
| SHA1 | 45f3674f0425d58d9ffc5d9001ff6754f357543c |
| SHA256 | 2903aec9f77378fa19280af8ff89294fb9ce2caf8e0092c69e19973c0a9cc6fe |
| SHA512 | 9a9532cce2de086d5934235d21d27b8a0863ae902a81151a728364aebe044faef5e5805d64efe68d67a5a5aaf408f74954d08f10c6a011dc9ea82c629339d3b0 |
C:\Users\Admin\AppData\Local\Temp\yandex_browser_updater.log
| MD5 | 601685d81571fff1d73605c5bc55c12a |
| SHA1 | bc3de3f0ee16cf9e234beb9f3854b9e916e09119 |
| SHA256 | f55d095763d065704f831ef4b8c133a08c8cbaaaeffffba1f22b19fa2cfe9423 |
| SHA512 | ae133f31754b385c1f039f9dd01f135175fca7f84b5bd878c7ab440bf9c40767ce28b36d4bc902f013a4e62a9e4a1dd52cf2b8866215285e9cc8a3b6579ca3ac |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\c3a0c2b0-1ec7-4aaf-86b3-70a488747f10.tmp
| MD5 | afd7f7a1c33ce199390263e45060412d |
| SHA1 | 3d955664cf0cd9ee3cf8ddbb107317871e0f19fd |
| SHA256 | 623765a24305d90d897e7ab862eae5bcfd9c0e7f1143d1884f57303de2ea5e00 |
| SHA512 | 9d397f7a45310994e0204102855a5a329fb81ed26090951511da34c65015edc3b7752591d15b04e46d62172cb86b6b60fddfd994aba35b643493419719bd777b |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad\settings.dat
| MD5 | af643bc376c82e32fe92c738a1037e5d |
| SHA1 | ed1bfe05f318e89e034af03414761d2bb05e0472 |
| SHA256 | d3302853d3d797090e3bad57608258a54514363df00bd77b0c46243c4631797b |
| SHA512 | 52bfdffa512db4d6b8b3ed9677b89cc8857530ff759149d7c42e33f490266500aff9f968a33a104168855fd525447af942b16f47de7bc84e406e81c84da48333 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 72040e9e6e9fdcd3a5cd8bef97ef60c1 |
| SHA1 | 770320d890c72aa4a9a1aa68ad416317bfbe301c |
| SHA256 | 85b37120f2bac3b0abdef967774fc4b63b4c02b885afb9e261ca5f4e93d5807e |
| SHA512 | 8d33d3355495413769a90b4eff48fdd75a458f07d6f76c23a7548de90480e34232ce59c33462dd08765b3d0f8a76327ed0cc11e3963d2595427dc46bda48a693 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-23 21:54
Reported
2024-06-23 21:57
Platform
win10v2004-20240508-en
Max time kernel
28s
Max time network
150s
Command Line
Signatures
Downloads MZ/PE file
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\WTLDR.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\KLSetup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\yadl.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VVOFDIUO\vmware.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VVOFDIUO\vmware.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\WTLDR.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\KLSetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\chrome_protect.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\yadl.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\yadl.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ip-api.com | N/A | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Installer\e58503e.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e58503e.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
Enumerates physical storage devices
Modifies Internet Explorer Phishing Filter
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\Internet Explorer\PhishingFilter | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = ac0790237ba1da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\Internet Explorer\RepId | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\RepId\PublicId = "{94F46ECB-70E4-4A9D-833B-45BE09247A4E}" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{3FDB9D79-31AB-11EF-B8C0-D64620966489} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\Internet Explorer\IESettingSync | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0400000001000000100000001bfe69d191b71933a372a80fe155e5b50f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e190000000100000010000000ea6089055218053dd01e37e1d806eedf2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Users\Admin\AppData\Local\Temp\yadl.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 5c000000010000000400000000100000190000000100000010000000ea6089055218053dd01e37e1d806eedf0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254830400000001000000100000001bfe69d191b71933a372a80fe155e5b52000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Users\Admin\AppData\Local\Temp\yadl.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 | C:\Users\Admin\AppData\Local\Temp\yadl.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b8200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 | C:\Users\Admin\AppData\Local\Temp\yadl.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 1900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 | C:\Users\Admin\AppData\Local\Temp\yadl.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E | C:\Users\Admin\AppData\Local\Temp\yadl.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://temp.sh/WwJqO/vmware.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2588 CREDAT:17410 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4180,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=2376 /prefetch:8
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VVOFDIUO\vmware.exe
"C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VVOFDIUO\vmware.exe"
C:\Users\Admin\AppData\Local\Temp\WTLDR.exe
"C:\Users\Admin\AppData\Local\Temp\WTLDR.exe"
C:\Users\Admin\AppData\Local\Temp\KLSetup.exe
"C:\Users\Admin\AppData\Local\Temp\KLSetup.exe"
C:\Users\Admin\AppData\Local\Temp\chrome_protect.exe
"C:\Users\Admin\AppData\Local\Temp\chrome_protect.exe"
C:\Users\Admin\AppData\Local\Temp\yadl.exe
"C:\Users\Admin\AppData\Local\Temp\yadl.exe" --partner 418804 --distr /quiet /msicl "YABROWSER=y YAQSEARCH=y YAHOMEPAGE=y VID=354"
C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe
"C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe" /quiet /msicl "YABROWSER=y YAQSEARCH=y YAHOMEPAGE=y VID=354"
C:\Users\Admin\AppData\Local\Temp\yadl.exe
C:\Users\Admin\AppData\Local\Temp\yadl.exe --stat dwnldr/p=418804/rid=10b1d6f7-efc7-49b9-9644-adb9b1999803/sbr=0-0/hrc=200-200/bd=267-10639168/gtpr=1-1-1-255-1/cdr=0-b7-b7-ff-b7/for=3-0/fole=255-0/fwle=255-0/vr=ff-0/vle=ff-0/hovr=ff-ff/hovle=ff-ff/shle=ff-0/vmajor=10/vminor=0/vbuild=19041/distr_type=landing/cnt=0/dt=2/ct=0/rt=0 --dh 2400 --st 1719179731
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\SysWOW64\netsh.exe
netsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\chrome_protect.exe" "chrome_protect.exe" ENABLE
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 305E3848A6BE4F7A292571F59A0F957F
C:\Users\Admin\AppData\Local\Temp\E6E36528-865A-4F67-A4B6-616A6EA2DAD6\lite_installer.exe
"C:\Users\Admin\AppData\Local\Temp\E6E36528-865A-4F67-A4B6-616A6EA2DAD6\lite_installer.exe" --use-user-default-locale --silent --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/5/ --YABROWSER
C:\Users\Admin\AppData\Local\Temp\45FA5734-C188-4A17-BD53-A04B9DCA00A5\seederexe.exe
"C:\Users\Admin\AppData\Local\Temp\45FA5734-C188-4A17-BD53-A04B9DCA00A5\seederexe.exe" "--yqs=y" "--yhp=y" "--ilight=" "--oem=" "--nopin=n" "--pin_custom=n" "--pin_desktop=n" "--pin_taskbar=y" "--locale=us" "--browser=y" "--browser_default=" "--loglevel=trace" "--ess=" "--clids=C:\Users\Admin\AppData\Local\Temp\clids-yasearch.xml" "--sender=C:\Users\Admin\AppData\Local\Temp\6920E5B4-1D3A-475A-9E68-F99DF9289181\sender.exe" "--is_elevated=yes" "--ui_level=2" "--good_token=x" "--no_opera=n"
C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe
C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe --silent --pin-taskbar=y --pin-desktop=n
C:\Users\Admin\AppData\Local\Temp\pin\explorer.exe
C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe --silent --pin-taskbar=y --pin-desktop=n /pin-path="C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.lnk" --is-pinning
C:\Users\Admin\AppData\Local\Temp\6920E5B4-1D3A-475A-9E68-F99DF9289181\sender.exe
C:\Users\Admin\AppData\Local\Temp\6920E5B4-1D3A-475A-9E68-F99DF9289181\sender.exe --send "/status.xml?clid=6035492-354&uuid=0805d991-6e7d-4048-beee-e5c45536178d&vnt=Windows 10x64&file-no=8%0A10%0A11%0A12%0A13%0A15%0A17%0A18%0A20%0A21%0A22%0A25%0A36%0A40%0A42%0A45%0A57%0A61%0A89%0A102%0A103%0A111%0A123%0A124%0A125%0A129%0A"
C:\Users\Admin\AppData\Local\Temp\{D75E8FFB-E220-4A56-8F34-15BD8F50E315}.exe
"C:\Users\Admin\AppData\Local\Temp\{D75E8FFB-E220-4A56-8F34-15BD8F50E315}.exe" --job-name=yBrowserDownloader-{2830C1E5-8483-450B-8A59-CC558EB0D581} --send-statistics --local-path=C:\Users\Admin\AppData\Local\Temp\{D75E8FFB-E220-4A56-8F34-15BD8F50E315}.exe --YABROWSER --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/5/ --silent --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe?clid=6035461-354&ui={0805d991-6e7d-4048-beee-e5c45536178d} --use-user-default-locale
C:\Users\Admin\AppData\Roaming\.minecraft\KLauncher.exe
"C:\Users\Admin\AppData\Roaming\.minecraft\KLauncher.exe"
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe
"C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe" -version
C:\Windows\system32\icacls.exe
C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe
"C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe" -XX:+UseG1GC -Dfile.encoding=UTF-8 -jar "C:\Users\Admin\AppData\Roaming\.minecraft\KLauncher.exe"
C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\java.exe
java.exe -version
C:\Users\Admin\AppData\Local\Temp\yb93EE.tmp
"C:\Users\Admin\AppData\Local\Temp\yb93EE.tmp" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\0de1d919-8e76-460f-bae5-959eaf727451.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/5/ --install-start-time-no-uac=541385404 --installer-brand-id=yandex --installer-partner-id=pseudoportal-ru --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --job-name=yBrowserDownloader-{2830C1E5-8483-450B-8A59-CC558EB0D581} --local-path="C:\Users\Admin\AppData\Local\Temp\{D75E8FFB-E220-4A56-8F34-15BD8F50E315}.exe" --partner-package="C:\Users\Admin\AppData\Local\Temp\PartnerFile" --progress-window=0 --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe?clid=6035461-354&ui={0805d991-6e7d-4048-beee-e5c45536178d} --send-statistics --silent --source=lite --use-user-default-locale --variations-update-path="C:\Users\Admin\AppData\Local\Temp\9ed2cb0c-90f5-4967-8273-2b90a8fd393f.tmp" --verbose-logging --yabrowser --yandex-website-icon-file="C:\Users\Admin\AppData\Local\Temp\website.ico"
C:\Users\Admin\AppData\Local\Temp\YB_970D5.tmp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\YB_970D5.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_970D5.tmp\BROWSER.PACKED.7Z" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\0de1d919-8e76-460f-bae5-959eaf727451.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/5/ --install-start-time-no-uac=541385404 --installer-brand-id=yandex --installer-partner-id=pseudoportal-ru --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --job-name=yBrowserDownloader-{2830C1E5-8483-450B-8A59-CC558EB0D581} --local-path="C:\Users\Admin\AppData\Local\Temp\{D75E8FFB-E220-4A56-8F34-15BD8F50E315}.exe" --partner-package="C:\Users\Admin\AppData\Local\Temp\PartnerFile" --progress-window=0 --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe?clid=6035461-354&ui={0805d991-6e7d-4048-beee-e5c45536178d} --send-statistics --silent --source=lite --use-user-default-locale --variations-update-path="C:\Users\Admin\AppData\Local\Temp\9ed2cb0c-90f5-4967-8273-2b90a8fd393f.tmp" --verbose-logging --yabrowser --yandex-website-icon-file="C:\Users\Admin\AppData\Local\Temp\website.ico"
C:\Users\Admin\AppData\Local\Temp\YB_970D5.tmp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\YB_970D5.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_970D5.tmp\BROWSER.PACKED.7Z" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\0de1d919-8e76-460f-bae5-959eaf727451.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/5/ --install-start-time-no-uac=541385404 --installer-brand-id=yandex --installer-partner-id=pseudoportal-ru --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --job-name=yBrowserDownloader-{2830C1E5-8483-450B-8A59-CC558EB0D581} --local-path="C:\Users\Admin\AppData\Local\Temp\{D75E8FFB-E220-4A56-8F34-15BD8F50E315}.exe" --partner-package="C:\Users\Admin\AppData\Local\Temp\PartnerFile" --progress-window=0 --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe?clid=6035461-354&ui={0805d991-6e7d-4048-beee-e5c45536178d} --send-statistics --silent --source=lite --use-user-default-locale --variations-update-path="C:\Users\Admin\AppData\Local\Temp\9ed2cb0c-90f5-4967-8273-2b90a8fd393f.tmp" --verbose-logging --yabrowser --yandex-website-icon-file="C:\Users\Admin\AppData\Local\Temp\website.ico" --verbose-logging --run-as-admin --target-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application" --child-setup-process --restart-as-admin-time=563454059
C:\Users\Admin\AppData\Local\Temp\YB_970D5.tmp\setup.exe
C:\Users\Admin\AppData\Local\Temp\YB_970D5.tmp\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=e7ae39fa5eee477481dc83ee66f9242b --annotation=main_process_pid=19936 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.6.0.1878 --initial-client-data=0x33c,0x340,0x344,0x318,0x348,0x1181cbc,0x1181cc8,0x1181cd4
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\TEMP\sdwra_19936_1205146255\service_update.exe
"C:\Windows\TEMP\sdwra_19936_1205146255\service_update.exe" --setup
C:\Program Files (x86)\Yandex\YandexBrowser\24.6.0.1878\service_update.exe
"C:\Program Files (x86)\Yandex\YandexBrowser\24.6.0.1878\service_update.exe" --install
C:\Program Files (x86)\Yandex\YandexBrowser\24.6.0.1878\service_update.exe
"C:\Program Files (x86)\Yandex\YandexBrowser\24.6.0.1878\service_update.exe" --run-as-service
C:\Program Files (x86)\Yandex\YandexBrowser\24.6.0.1878\service_update.exe
"C:\Program Files (x86)\Yandex\YandexBrowser\24.6.0.1878\service_update.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=e7ae39fa5eee477481dc83ee66f9242b --annotation=main_process_pid=17492 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.6.0.1878 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0x4ab728,0x4ab734,0x4ab740
C:\Program Files (x86)\Yandex\YandexBrowser\24.6.0.1878\service_update.exe
"C:\Program Files (x86)\Yandex\YandexBrowser\24.6.0.1878\service_update.exe" --update-scheduler
C:\Program Files (x86)\Yandex\YandexBrowser\24.6.0.1878\service_update.exe
"C:\Program Files (x86)\Yandex\YandexBrowser\24.6.0.1878\service_update.exe" --update-background-scheduler
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Temp\clids.xml"
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\source19936_39465163\Browser-bin\clids_yandex_second.xml"
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --progress-window=0 --install-start-time-no-uac=541385404
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id= --annotation=main_process_pid=10208 --annotation=metrics_client_id=e7d2bece03224be8a7a2fb7118e369ba --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.6.0.1878 --initial-client-data=0x180,0x184,0x188,0x15c,0x18c,0x6d065a28,0x6d065a34,0x6d065a40
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=0805d991-6e7d-4048-beee-e5c45536178d --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --gpu-process-kind=sandboxed --field-trial-handle=2352,i,16258775396391445102,15492408051929202923,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2348 /prefetch:2
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=0805d991-6e7d-4048-beee-e5c45536178d --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=disabled --gpu-process-kind=trampoline --field-trial-handle=2184,i,16258775396391445102,15492408051929202923,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2456 /prefetch:2
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=0805d991-6e7d-4048-beee-e5c45536178d --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Network Service" --field-trial-handle=2656,i,16258775396391445102,15492408051929202923,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2620 --brver=24.6.0.1878 /prefetch:3
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=ru --service-sandbox-type=service --user-id=0805d991-6e7d-4048-beee-e5c45536178d --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Storage Service" --field-trial-handle=2860,i,16258775396391445102,15492408051929202923,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3036 --brver=24.6.0.1878 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=ru --service-sandbox-type=audio --user-id=0805d991-6e7d-4048-beee-e5c45536178d --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Audio Service" --field-trial-handle=3504,i,16258775396391445102,15492408051929202923,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3500 --brver=24.6.0.1878 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=ru --service-sandbox-type=none --user-id=0805d991-6e7d-4048-beee-e5c45536178d --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Video Capture" --field-trial-handle=3680,i,16258775396391445102,15492408051929202923,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3916 --brver=24.6.0.1878 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=0805d991-6e7d-4048-beee-e5c45536178d --brand-id=yandex --partner-id=pseudoportal-ru --extension-process --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --no-appcompat-clear --allow-prefetch --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4252,i,16258775396391445102,15492408051929202923,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4244 /prefetch:2
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=ru --service-sandbox-type=none --user-id=0805d991-6e7d-4048-beee-e5c45536178d --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Импорт профилей" --field-trial-handle=4320,i,16258775396391445102,15492408051929202923,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4472 --brver=24.6.0.1878 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=0805d991-6e7d-4048-beee-e5c45536178d --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --field-trial-handle=4468,i,16258775396391445102,15492408051929202923,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4488 --brver=24.6.0.1878 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=0805d991-6e7d-4048-beee-e5c45536178d --brand-id=yandex --partner-id=pseudoportal-ru --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --no-appcompat-clear --allow-prefetch --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4188,i,16258775396391445102,15492408051929202923,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4232 /prefetch:1
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=0805d991-6e7d-4048-beee-e5c45536178d --brand-id=yandex --partner-id=pseudoportal-ru --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --no-appcompat-clear --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5368,i,16258775396391445102,15492408051929202923,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5372 /prefetch:1
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=uwp_cookie_provider.mojom.UwpCookieProvider --lang=ru --service-sandbox-type=utility --user-id=0805d991-6e7d-4048-beee-e5c45536178d --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name=uwp_cookie_provider.mojom.UwpCookieProvider --field-trial-handle=4480,i,16258775396391445102,15492408051929202923,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5588 --brver=24.6.0.1878 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=0805d991-6e7d-4048-beee-e5c45536178d --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --field-trial-handle=5812,i,16258775396391445102,15492408051929202923,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4028 --brver=24.6.0.1878 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=0805d991-6e7d-4048-beee-e5c45536178d --brand-id=yandex --partner-id=pseudoportal-ru --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --ya-custo-process --enable-instaserp --no-appcompat-clear --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=6024,i,16258775396391445102,15492408051929202923,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5620 /prefetch:1
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=0805d991-6e7d-4048-beee-e5c45536178d --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --field-trial-handle=6192,i,16258775396391445102,15492408051929202923,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=6092 --brver=24.6.0.1878 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=0805d991-6e7d-4048-beee-e5c45536178d --brand-id=yandex --partner-id=pseudoportal-ru --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --ya-custo-process --enable-instaserp --no-appcompat-clear --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=6420,i,16258775396391445102,15492408051929202923,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=6180 /prefetch:1
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=ru --service-sandbox-type=none --user-id=0805d991-6e7d-4048-beee-e5c45536178d --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Утилиты Windows" --field-trial-handle=2228,i,16258775396391445102,15492408051929202923,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4680 --brver=24.6.0.1878 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=service --user-id=0805d991-6e7d-4048-beee-e5c45536178d --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Распаковщик файлов" --field-trial-handle=5928,i,16258775396391445102,15492408051929202923,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4636 --brver=24.6.0.1878 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=0805d991-6e7d-4048-beee-e5c45536178d --brand-id=yandex --partner-id=pseudoportal-ru --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --no-appcompat-clear --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5900,i,16258775396391445102,15492408051929202923,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=6476 /prefetch:1
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=0805d991-6e7d-4048-beee-e5c45536178d --brand-id=yandex --partner-id=pseudoportal-ru --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --no-appcompat-clear --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6204,i,16258775396391445102,15492408051929202923,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4324 /prefetch:1
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=0805d991-6e7d-4048-beee-e5c45536178d --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --field-trial-handle=7088,i,16258775396391445102,15492408051929202923,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=7044 --brver=24.6.0.1878 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=0805d991-6e7d-4048-beee-e5c45536178d --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --field-trial-handle=6668,i,16258775396391445102,15492408051929202923,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4836 --brver=24.6.0.1878 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=0805d991-6e7d-4048-beee-e5c45536178d --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --field-trial-handle=7108,i,16258775396391445102,15492408051929202923,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=7264 --brver=24.6.0.1878 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=0805d991-6e7d-4048-beee-e5c45536178d --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --field-trial-handle=2744,i,16258775396391445102,15492408051929202923,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=7500 --brver=24.6.0.1878 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=0805d991-6e7d-4048-beee-e5c45536178d --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --field-trial-handle=7120,i,16258775396391445102,15492408051929202923,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=7552 --brver=24.6.0.1878 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=0805d991-6e7d-4048-beee-e5c45536178d --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --field-trial-handle=7792,i,16258775396391445102,15492408051929202923,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=7692 --brver=24.6.0.1878 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=0805d991-6e7d-4048-beee-e5c45536178d --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --field-trial-handle=6368,i,16258775396391445102,15492408051929202923,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=7932 --brver=24.6.0.1878 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=0805d991-6e7d-4048-beee-e5c45536178d --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --field-trial-handle=7132,i,16258775396391445102,15492408051929202923,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=8072 --brver=24.6.0.1878 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=0805d991-6e7d-4048-beee-e5c45536178d --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --field-trial-handle=6704,i,16258775396391445102,15492408051929202923,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=8240 --brver=24.6.0.1878 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=0805d991-6e7d-4048-beee-e5c45536178d --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --field-trial-handle=8380,i,16258775396391445102,15492408051929202923,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=8264 --brver=24.6.0.1878 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=0805d991-6e7d-4048-beee-e5c45536178d --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --field-trial-handle=7112,i,16258775396391445102,15492408051929202923,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=8512 --brver=24.6.0.1878 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=0805d991-6e7d-4048-beee-e5c45536178d --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --field-trial-handle=6284,i,16258775396391445102,15492408051929202923,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=8676 --brver=24.6.0.1878 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=ru --service-sandbox-type=none --user-id=0805d991-6e7d-4048-beee-e5c45536178d --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Утилиты Windows" --field-trial-handle=4828,i,16258775396391445102,15492408051929202923,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5892 --brver=24.6.0.1878 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=ru --service-sandbox-type=none --user-id=0805d991-6e7d-4048-beee-e5c45536178d --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Утилиты Windows" --field-trial-handle=4368,i,16258775396391445102,15492408051929202923,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4392 --brver=24.6.0.1878 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=service --user-id=0805d991-6e7d-4048-beee-e5c45536178d --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Распаковщик файлов" --field-trial-handle=4676,i,16258775396391445102,15492408051929202923,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4636 --brver=24.6.0.1878 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | temp.sh | udp |
| FR | 51.91.79.17:443 | temp.sh | tcp |
| FR | 51.91.79.17:443 | temp.sh | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.79.91.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.101.63.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ip-api.com | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | 1.112.95.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.klaun.ch | udp |
| US | 104.26.10.58:80 | api.klaun.ch | tcp |
| US | 8.8.8.8:53 | 58.10.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | download.yandex.ru | udp |
| RU | 5.45.205.242:80 | download.yandex.ru | tcp |
| US | 8.8.8.8:53 | cachev2-ams03.cdn.yandex.net | udp |
| NL | 5.45.247.53:80 | cachev2-ams03.cdn.yandex.net | tcp |
| US | 8.8.8.8:53 | 242.205.45.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.247.45.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | repos.klaun.ch | udp |
| US | 104.26.11.58:80 | repos.klaun.ch | tcp |
| RU | 5.45.205.242:80 | download.yandex.ru | tcp |
| US | 8.8.8.8:53 | cachev2-kiv01.cdn.yandex.net | udp |
| RU | 5.45.192.183:80 | cachev2-kiv01.cdn.yandex.net | tcp |
| US | 8.8.8.8:53 | downloader.yandex.net | udp |
| RU | 5.45.205.242:80 | downloader.yandex.net | tcp |
| US | 8.8.8.8:53 | cachev2-ams01.cdn.yandex.net | udp |
| NL | 5.45.247.51:80 | cachev2-ams01.cdn.yandex.net | tcp |
| US | 8.8.8.8:53 | 58.11.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.192.45.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.247.45.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dl.klaun.ch | udp |
| US | 172.67.69.202:80 | dl.klaun.ch | tcp |
| US | 8.8.8.8:53 | 202.69.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.19.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clck.yandex.ru | udp |
| RU | 87.250.251.14:80 | clck.yandex.ru | tcp |
| US | 8.8.8.8:53 | 14.251.250.87.in-addr.arpa | udp |
| FR | 88.168.211.65:6522 | tcp | |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.211.168.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| RU | 87.250.251.14:80 | clck.yandex.ru | tcp |
| RU | 77.88.21.14:80 | clck.yandex.ru | tcp |
| US | 8.8.8.8:53 | soft.export.yandex.ru | udp |
| RU | 87.250.254.20:80 | soft.export.yandex.ru | tcp |
| US | 8.8.8.8:53 | 14.21.88.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.254.250.87.in-addr.arpa | udp |
| RU | 5.45.205.242:80 | downloader.yandex.net | tcp |
| NL | 5.45.247.53:80 | cachev2-ams03.cdn.yandex.net | tcp |
| RU | 87.250.251.14:80 | clck.yandex.ru | tcp |
| US | 8.8.8.8:53 | api.browser.yandex.net | udp |
| US | 8.8.8.8:53 | api.browser.yandex.ru | udp |
| US | 8.8.8.8:53 | download.cdn.yandex.net | udp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| RU | 5.45.205.242:443 | download.cdn.yandex.net | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| US | 8.8.8.8:53 | 234.193.180.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cachev2-kiv03.cdn.yandex.net | udp |
| RU | 5.45.192.185:443 | cachev2-kiv03.cdn.yandex.net | tcp |
| US | 8.8.8.8:53 | 185.192.45.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.klaun.ch | udp |
| US | 104.26.11.58:80 | api.klaun.ch | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| US | 104.26.11.58:80 | api.klaun.ch | tcp |
| US | 104.26.11.58:80 | api.klaun.ch | tcp |
| US | 104.26.11.58:80 | api.klaun.ch | tcp |
| US | 8.8.8.8:53 | repos.klaun.ch | udp |
| US | 172.67.69.202:443 | repos.klaun.ch | tcp |
| US | 172.67.69.202:443 | repos.klaun.ch | tcp |
| US | 172.67.69.202:443 | repos.klaun.ch | tcp |
| US | 172.67.69.202:443 | repos.klaun.ch | tcp |
| US | 172.67.69.202:443 | repos.klaun.ch | tcp |
| US | 172.67.69.202:443 | repos.klaun.ch | tcp |
| US | 172.67.69.202:443 | repos.klaun.ch | tcp |
| US | 172.67.69.202:443 | repos.klaun.ch | tcp |
| US | 172.67.69.202:443 | repos.klaun.ch | tcp |
| US | 172.67.69.202:443 | repos.klaun.ch | tcp |
| US | 172.67.69.202:443 | repos.klaun.ch | tcp |
| US | 172.67.69.202:443 | repos.klaun.ch | tcp |
| US | 172.67.69.202:443 | repos.klaun.ch | tcp |
| US | 172.67.69.202:443 | repos.klaun.ch | tcp |
| US | 172.67.69.202:443 | repos.klaun.ch | tcp |
| US | 172.67.69.202:443 | repos.klaun.ch | tcp |
| US | 172.67.69.202:443 | repos.klaun.ch | tcp |
| US | 172.67.69.202:443 | repos.klaun.ch | tcp |
| US | 172.67.69.202:443 | repos.klaun.ch | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| US | 8.8.8.8:53 | 101.58.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| US | 104.26.11.58:80 | repos.klaun.ch | tcp |
| US | 172.67.69.202:80 | repos.klaun.ch | tcp |
| US | 104.26.11.58:80 | repos.klaun.ch | tcp |
| US | 104.26.11.58:80 | repos.klaun.ch | tcp |
| US | 8.8.8.8:53 | cf.klaun.ch | udp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:80 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 104.26.11.58:443 | cf.klaun.ch | tcp |
| US | 8.8.8.8:53 | fabric.klaun.ch | udp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| FR | 88.168.211.65:6522 | tcp | |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:80 | fabric.klaun.ch | tcp |
| US | 104.26.11.58:443 | fabric.klaun.ch | tcp |
| US | 8.8.8.8:53 | quilt.klaun.ch | udp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:443 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:80 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:80 | quilt.klaun.ch | tcp |
| US | 104.26.11.58:80 | quilt.klaun.ch | tcp |
| US | 8.8.8.8:53 | api.mojang.com | udp |
| US | 13.107.246.64:443 | api.mojang.com | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| US | 8.8.8.8:53 | storage.ape.yandex.net | udp |
| US | 13.107.246.64:443 | api.mojang.com | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| RU | 87.250.251.66:443 | storage.ape.yandex.net | tcp |
| US | 13.107.246.64:443 | api.mojang.com | tcp |
| US | 13.107.246.64:443 | api.mojang.com | tcp |
| US | 8.8.8.8:53 | sba.yandex.net | udp |
| US | 8.8.8.8:53 | sba.yandex.net | udp |
| US | 8.8.8.8:53 | update.googleapis.com | udp |
| US | 8.8.8.8:53 | update.googleapis.com | udp |
| US | 8.8.8.8:53 | sovetnik.market.yandex.ru | udp |
| US | 8.8.8.8:53 | sovetnik.market.yandex.ru | udp |
| US | 8.8.8.8:53 | browser.yandex.ru | udp |
| US | 8.8.8.8:53 | browser.yandex.ru | udp |
| GB | 216.58.204.67:443 | update.googleapis.com | tcp |
| RU | 213.180.204.232:443 | sba.yandex.net | tcp |
| RU | 93.158.134.121:443 | browser.yandex.ru | tcp |
| US | 8.8.8.8:53 | api.browser.yandex.net | udp |
| US | 8.8.8.8:53 | api.browser.yandex.net | udp |
| RU | 213.180.193.234:443 | api.browser.yandex.net | tcp |
| US | 8.8.8.8:53 | storage.ape.yandex.net | udp |
| US | 8.8.8.8:53 | storage.ape.yandex.net | udp |
| RU | 213.180.204.232:443 | sba.yandex.net | tcp |
| US | 8.8.8.8:53 | api.browser.yandex.ru | udp |
| US | 8.8.8.8:53 | api.browser.yandex.ru | udp |
| RU | 87.250.251.66:443 | storage.ape.yandex.net | tcp |
| US | 8.8.8.8:53 | browser-resources.s3.yandex.net | udp |
| US | 8.8.8.8:53 | browser-resources.s3.yandex.net | udp |
| RU | 93.158.134.158:443 | browser-resources.s3.yandex.net | tcp |
| RU | 87.250.251.66:443 | storage.ape.yandex.net | tcp |
| US | 8.8.8.8:53 | browser-resources.s3.yandex.net | udp |
| US | 8.8.8.8:53 | browser-resources.s3.yandex.net | udp |
| US | 8.8.8.8:53 | sovetnik.market.yandex.ru | udp |
| RU | 87.250.250.41:443 | sovetnik.market.yandex.ru | tcp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.204.180.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.134.158.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.35.104.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.134.158.93.in-addr.arpa | udp |
| RU | 213.180.204.232:443 | sba.yandex.net | tcp |
| US | 8.8.8.8:53 | cdnrepfu6rku5qba3zpu.svc.cdn.yandex.net | udp |
| US | 8.8.8.8:53 | cdnrepfu6rku5qba3zpu.svc.cdn.yandex.net | udp |
| RU | 37.9.64.225:443 | cdnrepfu6rku5qba3zpu.svc.cdn.yandex.net | tcp |
| RU | 93.158.134.121:443 | browser.yandex.ru | tcp |
| US | 8.8.8.8:53 | yastatic.net | udp |
| US | 8.8.8.8:53 | yastatic.net | udp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| US | 8.8.8.8:53 | webntp.yandex.ru | udp |
| US | 8.8.8.8:53 | webntp.yandex.ru | udp |
| US | 8.8.8.8:53 | yandex.ru | udp |
| US | 8.8.8.8:53 | yandex.ru | udp |
| US | 8.8.8.8:53 | browser-resources.s3.yandex.net | udp |
| US | 8.8.8.8:53 | browser-resources.s3.yandex.net | udp |
| RU | 77.88.44.55:443 | yandex.ru | tcp |
| RU | 93.158.134.158:443 | browser-resources.s3.yandex.net | tcp |
| RU | 93.158.134.158:443 | browser-resources.s3.yandex.net | tcp |
| RU | 93.158.134.158:443 | browser-resources.s3.yandex.net | tcp |
| RU | 213.180.204.196:443 | webntp.yandex.ru | tcp |
| US | 8.8.8.8:53 | 66.251.250.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.250.250.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.64.9.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.131.154.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| RU | 93.158.134.119:443 | mc.yandex.ru | tcp |
| US | 8.8.8.8:53 | sessionserver.mojang.com | udp |
| US | 13.107.246.64:443 | sessionserver.mojang.com | tcp |
| US | 8.8.8.8:53 | uid.yandex.ru | udp |
| US | 8.8.8.8:53 | uid.yandex.ru | udp |
| US | 8.8.8.8:53 | api.browser.yandex.ru | udp |
| US | 8.8.8.8:53 | api.browser.yandex.ru | udp |
| US | 8.8.8.8:53 | sso.passport.yandex.ru | udp |
| US | 8.8.8.8:53 | sso.passport.yandex.ru | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | 55.44.88.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.134.158.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.204.180.213.in-addr.arpa | udp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| RU | 87.250.254.216:443 | uid.yandex.ru | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| RU | 93.158.134.144:443 | sso.passport.yandex.ru | tcp |
| RU | 93.158.134.144:443 | sso.passport.yandex.ru | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| RU | 62.217.160.14:443 | tcp | |
| RU | 93.158.134.144:443 | sso.passport.yandex.ru | tcp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.254.250.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.134.158.93.in-addr.arpa | udp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| US | 8.8.8.8:53 | 14.160.217.62.in-addr.arpa | udp |
| RU | 5.255.255.242:443 | tcp | |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| US | 8.8.8.8:53 | 242.255.255.5.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| RU | 178.154.131.215:443 | yastatic.net | tcp |
| RU | 77.88.21.37:443 | tcp | |
| RU | 213.180.204.158:443 | tcp | |
| RU | 213.180.204.158:443 | tcp | |
| RU | 213.180.204.158:443 | tcp | |
| RU | 213.180.204.158:443 | tcp | |
| RU | 213.180.204.158:443 | tcp | |
| RU | 213.180.204.158:443 | tcp | |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| US | 8.8.8.8:53 | 215.131.154.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.21.88.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.204.180.213.in-addr.arpa | udp |
| RU | 77.88.55.88:443 | yandex.ru | tcp |
| US | 8.8.8.8:53 | 88.55.88.77.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7UY3WOJS\vmware[1].exe
| MD5 | 68e634af1eafb17618018de02dd47be7 |
| SHA1 | bdc653c130d96a32edeb4f2bc48203432b448498 |
| SHA256 | 2d316619d2522838df93cbb8392c4c3a053279d92e586ccd63431cadfbe7816d |
| SHA512 | 8220a64c8f89d0c30d42e5bfcf770a26422604ea37f48fbcade5679f42bfb474966203cb5bbd2f29f51e435f7f8e04e168e112b2ed3eb419a46536aa7b947071 |
memory/3864-15-0x00007FFCC1673000-0x00007FFCC1675000-memory.dmp
memory/3864-16-0x0000000000A10000-0x0000000000DE0000-memory.dmp
memory/3864-17-0x00007FFCC1670000-0x00007FFCC2131000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\WTLDR.exe
| MD5 | 7a94013c17dc892cea16fbae38646e43 |
| SHA1 | 8cf54c2ac961dd5c82cb3b07c3de317847aa94bb |
| SHA256 | cd35af0a0c71c382760409b7b2343c83857d89af55a0b365b72962f0f9c9a400 |
| SHA512 | 03df47db51270ca87172620e5475ce7a99e1fa1bd61e1956e4a0b28792d145b4e30d5b0d7b0737ea3ed331cecaecde78641b4828b1b9425153b1f9ac3de6f34a |
memory/4116-29-0x000000006F7D2000-0x000000006F7D3000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\KLSetup.exe
| MD5 | 65f0ee72fac85b324a0734053d436918 |
| SHA1 | 796d3ab9803f5e6ec370ff948f654842af62fd25 |
| SHA256 | 4f128c759e90606c9c7b5546259a7888b2aaaf5ea59d1aa40d5284056366504c |
| SHA512 | b18d612652d2023b7ca49bf0008d6f6a77bab25c70fb9d67bd29c4a917344275c2fbe14058e8121e0ec3e2278ae100b66e49494aa63a2d2570d7d95b6c64ed52 |
memory/4116-39-0x000000006F7D0000-0x000000006FD81000-memory.dmp
memory/3864-40-0x00007FFCC1670000-0x00007FFCC2131000-memory.dmp
memory/4116-41-0x000000006F7D0000-0x000000006FD81000-memory.dmp
memory/1284-42-0x0000000000A80000-0x0000000000A81000-memory.dmp
memory/4116-52-0x000000006F7D0000-0x000000006FD81000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\yadl.exe
| MD5 | 2b0d2f77d8abade07a3dd9a8152ad111 |
| SHA1 | e7c0ad498f361e3c2d5a0ffa225ee112ed3c5bdb |
| SHA256 | 85ddc30b6b53ebe529688528e74bcfd74df0b93ea29ee1693d7d9aeec4d48776 |
| SHA512 | d48a3b9d9d3f83f1b0498103ee1f78467dc84254c762227081ba3218bd2212c1e3c29d2d94737101d55f5793f3d7dca8bdedc7d527cdb701733a6cbc74c938fc |
C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe
| MD5 | 3fb846d3691f3d98a34e669e1b9b5bf6 |
| SHA1 | 4c90c2912aae3b8da4c44a4faa0b8df20525285f |
| SHA256 | ead7a779cabae642d09be07283cc99e53c84ecf90349444e0d0ac4bf9901fe47 |
| SHA512 | e904ecfa7b1c9ba066272bf91b8341bf3877310613370defabee7db58ea825c52582353e97f9398d706d3f3890b3701a1c05fe202e8a87499fb9600f87176b3e |
C:\Users\Admin\AppData\Local\Temp\YandexSearch00000.log
| MD5 | b9760b39794e8f100dbbe16f50afa62f |
| SHA1 | 5433303238e92d66d0a390e4e37eba5c77c3799a |
| SHA256 | 970a367b703c6c91799b80c82273d6c3160e41cd02c9de293aca6ee240d7aaf8 |
| SHA512 | 1f25acbc1ab1b286b1e766f9b8ca65990c66744d9d82f14a0f2c35fdcac52d81f40d48f11997edfd66994fd9a68996dfa25ae42f9083f2ea4dc654f79f050ee9 |
C:\Users\Admin\AppData\Local\Temp\{5B964E0E-B9A3-4276-9ED9-4D5A5720747A}\YandexSearch.msi
| MD5 | 561f202d40eb1a21aa947b2b833f6928 |
| SHA1 | b48e2f49a416847aa9420ed4b360841e8c28f67b |
| SHA256 | b2fda5fb2d8e65fc0448d308647d8afd1e4ecd7bff0103ec3700e0798a7db0a3 |
| SHA512 | 66d172f336ef0b4790e2141711f205682a0ba6ced8d03f26e33b54f6ea1e29be10d387e843df26d1110559888b09a3cdf9198ea40f17ca9d2ac1872c1da82063 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\357F04AD41BCF5FE18FCB69F60C6680F_394487CAFBCFB8C5917AD7A10924C8A7
| MD5 | 1468177f7f9dcf80975223275c67bc1d |
| SHA1 | f944d670a602a9e7d2628d0570fbfee1062fc49a |
| SHA256 | b77d9353851419c6adc1eb4288c734f9589bdf871525f87487990b3a4db5816f |
| SHA512 | e0b076dd1f2b62bda3bb5ef29620cc711655ea976428ca7564c559e98b1f223e7f03d783649278d44113c4d1c406a58a9e3dce34f4b175dea0965e30cf859f7a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\357F04AD41BCF5FE18FCB69F60C6680F_394487CAFBCFB8C5917AD7A10924C8A7
| MD5 | 4f5d956c5b4bd5351d2be965c67f361e |
| SHA1 | 229f5d2c9057853af96a7c01a874f8453e1a3d3f |
| SHA256 | 9e93c11504999e78b5508b08fc0a984a5b64248be5bae474632238a35811da01 |
| SHA512 | c5b7eed9c1d4ffd66dc4e54b97e78d48dfaab8aa3094fb7587a4aed1b2881e69cf4c4b586f4ead024260308bf2d9c1b023a7c1f48c5373d9c337795066870b91 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E
| MD5 | 453e545f12ef9e011e989a2b63e92ac9 |
| SHA1 | 558a9ab9f8e6a8c4fceb4dfd67d01edc90a93393 |
| SHA256 | 43fb7de5ca016b1777db62838fbcf59d0ea40b63c5ac41a11400d31f23a34469 |
| SHA512 | 3644bc2c4e78f88baefbc1640b4cea67772f40e3b306542bcff581fd9c96264b3f6c9b5cbdbae50af373a56d50d444d46c3a5b2317880a6a257a59528f7c7091 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E
| MD5 | e73658a9b3672f2ce712365fef373306 |
| SHA1 | 3f268986e566e39340e0baa0ea80ad1ee9c3c589 |
| SHA256 | 87e6f70b31ee8800c5cd1d9293ab8ee72e3707ec51ec96d72712f4d07f242a9c |
| SHA512 | 2f0e2f8417136bbf156eed1b3704d7f8ad688aa81bcbdd9f20850fcdde81fea786ee03aa1236fadeef7b864d7840fa1d83f83a5ab016f49fe89217b31d258cae |
C:\Windows\Installer\MSI53C8.tmp
| MD5 | 0c80a997d37d930e7317d6dac8bb7ae1 |
| SHA1 | 018f13dfa43e103801a69a20b1fab0d609ace8a5 |
| SHA256 | a5dd2f97c6787c335b7807ff9b6966877e9dd811f9e26326837a7d2bd224de86 |
| SHA512 | fe1caef6d727344c60df52380a6e4ab90ae1a8eb5f96d6054eced1b7734357ce080d944fa518cf1366e14c4c0bd9a41db679738a860800430034a75bb90e51a5 |
C:\Windows\Installer\MSI54A4.tmp
| MD5 | e6fd0e66cf3bfd3cc04a05647c3c7c54 |
| SHA1 | 6a1b7f1a45fb578de6492af7e2fede15c866739f |
| SHA256 | 669cc0aae068ced3154acaecb0c692c4c5e61bc2ca95b40395a3399e75fcb9b2 |
| SHA512 | fc8613f31acaf6155852d3ad6130fc3b76674b463dcdcfcd08a3b367dfd9e5b991e3f0a26994bcaf42f9e863a46a81e2520e77b1d99f703bcb08800bdca4efcb |
C:\Users\Admin\AppData\Local\Temp\vendor00000.xml
| MD5 | a96e6071a17b74bbd309bf696496b8f7 |
| SHA1 | 63c1ecf860504d390b6f3a32982ddd8946b042c5 |
| SHA256 | 1a855972dc308e47d30d567e1b37fdad349bf555b971bc14ead76e17a8accccc |
| SHA512 | 2c906e2f11d62d1336be482cc5ff784bf372cc7afb3263754e7810a1ae27e253aa9e22463456b62a25049d33ba1e69f129ed7e0a0273fe928dcaa216b7876449 |
C:\Users\Admin\AppData\Local\Temp\E6E36528-865A-4F67-A4B6-616A6EA2DAD6\lite_installer.exe
| MD5 | aafdfaa7a989ddb216510fc9ae5b877f |
| SHA1 | 41cf94692968a7d511b6051b7fe2b15c784770cb |
| SHA256 | 688d0b782437ccfae2944281ade651a2da063f222e80b3510789dbdce8b00fdc |
| SHA512 | 6e2b76ff6df79c6de6887cf739848d05c894fbd70dc9371fff95e6ccd9938d695c46516cb18ec8edd01e78cad1a6029a3d633895f7ddba4db4bf9cd39271bd44 |
C:\Users\Admin\AppData\Local\Temp\45FA5734-C188-4A17-BD53-A04B9DCA00A5\seederexe.exe
| MD5 | 225ba20fa3edd13c9c72f600ff90e6cb |
| SHA1 | 5f1a9baa85c2afe29619e7cc848036d9174701e4 |
| SHA256 | 35585d12899435e13e186490fcf1d270adbe3c74a1e0578b3d9314858bf2d797 |
| SHA512 | 97e699cffe28d3c3611570d341ccbc1a0f0eec233c377c70e0e20d4ed3b956b6fe200a007f7e601a5724e733c97eaddc39d308b9af58d45f7598f10038d94ab3 |
C:\Users\Admin\AppData\Local\Temp\clids-yasearch.xml
| MD5 | 42f904227d6a52fb123a1cbae34f3373 |
| SHA1 | c0f5cfee6915bf65601aed5c662e1696f2b45fa0 |
| SHA256 | c25e6de10909a6c4a45a4e1e93d0eff1b3604cc515cc6ef2ae6b083ffe41a200 |
| SHA512 | b4c8dc57811b0c3d03f00a088bc16ed6eb02ed07db2a99681fd550b8a79e108b82053a3e4d9e12789b429a501bb06e8a684314322605eadcee7b9c633c13a669 |
memory/1284-205-0x0000000000D60000-0x00000000015A5000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tmp696aaaaaa
| MD5 | fefc3d677388386c29d8720c15b9db3f |
| SHA1 | 370f1f40ae5c652d87b3b8f42e67d827af2b1754 |
| SHA256 | 74d5e8d3cd8d659d8df8e6f306832dfc252e1a6e676bb60334e31b5943deb4fb |
| SHA512 | b462ca1ffb0798bedc39c945daa75ff73e0efbb1c6dfdb262e6b2936158933f514f0b4169e811069df11aaeaebd39c826ce0caf9f6eb6d77de249fca6abe39fe |
C:\Users\Admin\AppData\Local\Temp\omnija-20245523.zip
| MD5 | dc5128fcb8d7f6b849f1166532db2dc8 |
| SHA1 | 8427501d440d5edbbb2662294bc5650d2bc8aab5 |
| SHA256 | 36e682f419c2b5d8e7c285d36088b56d59df3869dbd181943280696d4ca391ca |
| SHA512 | bcf0d463ed4f01a313b8e6be745ad55b42108be84cc5850c411dec19aa7c6d996782da49fc208559f1188941bdd1082d954cfa316f08c0ad2efcf0662952e524 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
| MD5 | a11b3e48b8e072b77a5b58538bbeb752 |
| SHA1 | 73b09ee489f44a3614410e114f1ac3bddb817ec3 |
| SHA256 | a719089dfdfc79bc33448d12b87e60701885ab7ad00978c5a73f0e1e6bb3e95a |
| SHA512 | 92328419f5a119ebe58beed7fcbbc897621923e5f4562003aadce9aeeaa48d776e9a536108ca8f24cd77c95739f8dc8b0b5b62730fb9ba72f8419e9c65c7c0f1 |
C:\Config.Msi\e585041.rbs
| MD5 | f3a0cfd72a674f7fed51c89e176c7761 |
| SHA1 | 3e60c50bb9bad402e98fbd3a70b911def04b7be4 |
| SHA256 | a4f8abbe7c7ad95a002d372ec2f957ebc557cb32d4cc994fcb2d03dbedf990cd |
| SHA512 | c527436deab917e68edd5c506da472c9e7187b9f911a07b251e3ab2dff4a1c0ecb09fd26cedad503ba2d096efac136c0571a0bc85afa66870ca7efe039154e2b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
| MD5 | 99963563146961bcd160d909efb7ec06 |
| SHA1 | 429c768b163bd30bd5caafd8059ffa3ca882de7a |
| SHA256 | 8cbff55b9dabfe2305098238d618bb4dcd6ff2971e3d235f4779b023eda1d0b2 |
| SHA512 | 52c7ee0791f74645b4cee9231b41478b7fb4f5b5db546f585ec13e68cdda356fd91d5695f892816a51ed337cbf3616ce42b60385bed05a092b7a9086c6ded60f |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\versionlist.xml
| MD5 | 1a545d0052b581fbb2ab4c52133846bc |
| SHA1 | 62f3266a9b9925cd6d98658b92adec673cbe3dd3 |
| SHA256 | 557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1 |
| SHA512 | bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kwvh0l1k.Admin\places.sqlite-20240623215540.456238.backup
| MD5 | 314cb7ffb31e3cc676847e03108378ba |
| SHA1 | 3667d2ade77624e79d9efa08a2f1d33104ac6343 |
| SHA256 | b6d278384a3684409a2a86f03e4f52869818ce7dd8b5779876960353f7d35dc1 |
| SHA512 | dc795fa35ea214843a781ee2b2ef551b91b6841a799bef2c6fb1907d90f6c114071a951ebb7b2b30e81d52b594d447a26ab12ddb57c331e854577d11e5febef5 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n9vxbo99.default-release\thumbnails\af9aab32f3a8d77462d5c418f4f0b55d
| MD5 | 2d0a37bb716f9ad9fb916eb8b08d34c4 |
| SHA1 | 48658fb5f716478bcfa239ba635589184edc33cf |
| SHA256 | a08d93fef42579ebf000b3496ae50837ba14024fd07df04304534de480c72a1c |
| SHA512 | 15216319722cd68b7e0018cfd360a3ef3ba512a0686646677b51f4926ee8290f984e72fdd5a815dc5fdfc7170e8d9b2f207413574c96c7189291140475fe959b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n9vxbo99.default-release\thumbnails\68f79a69daa8bcc89cc24690c2324c3b
| MD5 | af80a936c10e18de168538a0722d6319 |
| SHA1 | 9b1c84a1cf7330a698c89b9d7f33b17b4ba35536 |
| SHA256 | 2435c0376fca765b21d43e897f4baa52daa0958a7015d04103488c606c99d1d3 |
| SHA512 | 9a1325c8ce05806e5c161a4cf47239f62baad8f79650fbd713e74928fce8171ced10ba7f24fac46c548e1dbf3f64106270cb25ca88c836c870107f5dc1f97879 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Services\www.ya.ru.ico
| MD5 | a6f6261de61d910e0b828040414cee02 |
| SHA1 | d9df5043d0405b3f5ddaacb74db36623dd3969dc |
| SHA256 | 6bb91f1d74389b18bce6e71772e4c5573648c1a4823338193f700afdf8216be5 |
| SHA512 | 20cb7b646c160c942e379c6e7a1a8981a09f520361c0205052c1d66e2fdb76333ffaaf0ca1dfc779754f0e844b9946900fbd5690d01869e1607abc1fda6dffab |
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Bookmarks
| MD5 | c8ec9e6df3c365ec618433b7b317ca37 |
| SHA1 | 01a7827c594e1ef77582125fb229bea876082a29 |
| SHA256 | 12f8dbad0d744ae515807a4639daf28439fc0e9a5f7d6c6a71180cfef8d92b6c |
| SHA512 | ea2de7651fa8a640f7814037db801ecaed40d9de72930f21ae733bd0f3be1571517b05332fdd38fb8b63cde6104732b8045538897eac4f3231412a5d710cd1e1 |
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\BookmarksExtras
| MD5 | 48494b56c9b431d0e3283627a8e21c8a |
| SHA1 | 947054c2e5e73a1ed1198d343b42e33be16a5270 |
| SHA256 | d07780b45981c7728f70278b05181e493e25396966b8ef100e15917fc69de95c |
| SHA512 | b318ea6c2a011088a269853d8263c84bdcf31857b983513ec0f39ed777e6c029064b995a176d580d75e9057fc9286f94597dc21f9619c4b0bbe02839228f39a4 |
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Bookmarks-20240623215541.862481.backup
| MD5 | 3adec702d4472e3252ca8b58af62247c |
| SHA1 | 35d1d2f90b80dca80ad398f411c93fe8aef07435 |
| SHA256 | 2b167248e8136c4d45c2c46e2bff6fb5e5137dd4dfdccde998599be2df2e9335 |
| SHA512 | 7562e093d16ee6305c1bb143a3f5d60dafe8b5de74952709abc68a0c353b65416bf78b1fa1a6720331615898848c1464a7758c5dfe78f8098f77fbfa924784c0 |
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Preferences
| MD5 | e9f8dc645f24212e3a6a0e17a9b3f8a0 |
| SHA1 | 28cefae18c56e194da88353557f3a453281d54a8 |
| SHA256 | fd257ef82dd4ab28c302c42b6623aae32fd18c0da806821251cdf9f6c172d9fd |
| SHA512 | a7da60b3202b73a703c55dff4d12438447c93c897dcbbae2b1b6062177c92442e69e135cd647ce26f20af28340bcedbec44f21b09434280b51001e055d827724 |
C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe
| MD5 | 95828ee007d3586792d53ace50b2357e |
| SHA1 | 3501ccad7573fd467911f207155318db3a1a1554 |
| SHA256 | 8c4be5f1bc4e2f73d4396af48a31bf10362006472e9b28f40aa91f73a3815f12 |
| SHA512 | 9896eccb178fd772fc92e5793340bdbc1bd6169465d9a739df06c1154edbce16f6db5dd50df426ccbc40d8410d4ef170c3fb0bc700e7778149ff2168409638e7 |
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Яндекс.website
| MD5 | d2fdab99df8a05cb2233b2b190fedbca |
| SHA1 | 3303cd68c1732e6cde273faa7789cff16f526aee |
| SHA256 | c4a08741f47df82e576f3cedc286d0dd8698a38c0967d4a9eaf1c7ddc02817cc |
| SHA512 | 59eea6dd75c1987e7c2627f22be86a8521afbdde7c08b41a167241d98ec7717683ac4ca3db86a75220193f5ba9fd5ef8ce86d9a5a8cf7df43fa3f8ff090fcc0c |
C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.lnk
| MD5 | b73ac5b2279039e864e54a39501fd860 |
| SHA1 | 51e092afd0eb71ea9454b96aad3bf2d3fc3b46d5 |
| SHA256 | e549fdc81d788f4e62594f31e6f414a3c314725449ed2f7d53e00b6017bcaaef |
| SHA512 | 0636c7cde979cae4c1e04e5e1a6d29798d6cd623519f354804ffec52bd77145584712fb75d5b2ffa3b16ee45d0f605403ecf2730d5c333d79eb09bce83159578 |
C:\Users\Admin\AppData\Roaming\Yandex\clids-yabrowser.xml
| MD5 | 27a0d63958d264b1d1b307cbcae32d1e |
| SHA1 | 134e6abcb95aa2aeddce10db6325d47d5c2944eb |
| SHA256 | e0148740e2dc882bc85880bdb6c626e4fb6555daf471bf34b4a4689c0634abc7 |
| SHA512 | 33fb4c7c53efc8b6d77baac7fbb7a9848949029de8662ee9e663febc92fd426babc7c2200bf2890e70aa932df5bb883d409fe3ed50a41e3436dfcabe7a1bd229 |
C:\Users\Admin\AppData\Roaming\Yandex\ui
| MD5 | 7c46cea88230d3d4d3d124f3db5063d3 |
| SHA1 | 40193051dcba02f6f74f838ebe4b72c4effa14ab |
| SHA256 | 9068d48477914e99141a8e484ff16b1800f4acba9692e718e96ce37264a15e3e |
| SHA512 | 8906f6ac6b5f49c0c2ab1995b9b40d55992f7b9551be0d53bdd2cf47d532fb4d4429eee5540671ceeb240f16ba4988fe1e11f84285f23ce00ba0cb045dfad601 |
C:\Users\Admin\AppData\Local\Temp\6920E5B4-1D3A-475A-9E68-F99DF9289181\sender.exe
| MD5 | f1a8f60c018647902e70cf3869e1563f |
| SHA1 | 3caf9c51dfd75206d944d4c536f5f5ff8e225ae9 |
| SHA256 | 36022c6ecb3426791e6edee9074a3861fe5b660d98f2b2b7c13b80fe11a75577 |
| SHA512 | c02dfd6276ad136283230cdf07d30ec2090562e6c60d6c0d4ac3110013780fcafd76e13931be53b924a35cf473d0f5ace2f6b5c3f1f70ce66b40338e53d38d1e |
memory/1284-8512-0x0000000000D60000-0x00000000015A5000-memory.dmp
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\plugin2\msvcp140.dll
| MD5 | bf78c15068d6671693dfcdfa5770d705 |
| SHA1 | 4418c03c3161706a4349dfe3f97278e7a5d8962a |
| SHA256 | a88b8c1c8f27bf90fe960e0e8bd56984ad48167071af92d96ec1051f89f827fb |
| SHA512 | 5b6b0ab4e82cc979eaa619d387c6995198fd19aa0c455bef44bd37a765685575d57448b3b4accd70d3bd20a6cd408b1f518eda0f6dae5aa106f225bee8291372 |
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\vcruntime140_1.dll
| MD5 | fcda37abd3d9e9d8170cd1cd15bf9d3f |
| SHA1 | b23ff3e9aa2287b9c1249a008c0ae06dc8b6fdf2 |
| SHA256 | 0579d460ea1f7e8a815fa55a8821a5ff489c8097f051765e9beaf25d8d0f27d6 |
| SHA512 | de8be61499aaa1504dde8c19666844550c2ea7ef774ecbe26900834b252887da31d4cf4fb51338b16b6a4416de733e519ebf8c375eb03eb425232a6349da2257 |
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\vcruntime140.dll
| MD5 | 7415c1cc63a0c46983e2a32581daefee |
| SHA1 | 5f8534d79c84ac45ad09b5a702c8c5c288eae240 |
| SHA256 | 475ab98b7722e965bd38c8fa6ed23502309582ccf294ff1061cb290c7988f0d1 |
| SHA512 | 3d4b24061f72c0e957c7b04a0c4098c94c8f1afb4a7e159850b9939c7210d73398be6f27b5ab85073b4e8c999816e7804fef0f6115c39cd061f4aaeb4dcda8cf |
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\lib\deploy\messages_zh_TW.properties
| MD5 | 880baacb176553deab39edbe4b74380d |
| SHA1 | 37a57aad121c14c25e149206179728fa62203bf0 |
| SHA256 | ff4a3a92bc92cb08d2c32c435810440fd264edd63e56efa39430e0240c835620 |
| SHA512 | 3039315bb283198af9090bd3d31cfae68ee73bc2b118bbae0b32812d4e3fd0f11ce962068d4a17b065dab9a66ef651b9cb8404c0a2defce74bb6b2d1d93646d5 |
C:\Users\Admin\AppData\Local\Temp\{D75E8FFB-E220-4A56-8F34-15BD8F50E315}.exe
| MD5 | bf2e1399a1e08ae36658b0aaa7fd5a99 |
| SHA1 | 4d233713a23a77309a9470e13ae82c2a83cd8ae8 |
| SHA256 | c816c0bc31ab41c33f58bc4d3fbabd32bb4e06c7a0044d21a5e626f6bbfb9809 |
| SHA512 | 8cbd230ebefbbd8a12780b60dff83a8543369e851ffc97fa2d5480432e69247eda671ba01a1200dd0adeae4aeb2518322e0564852a599f2c871aa440c0ee192c |
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\lib\images\cursors\win32_CopyNoDrop32x32.gif
| MD5 | 1e9d8f133a442da6b0c74d49bc84a341 |
| SHA1 | 259edc45b4569427e8319895a444f4295d54348f |
| SHA256 | 1a1d3079d49583837662b84e11d8c0870698511d9110e710eb8e7eb20df7ae3b |
| SHA512 | 63d6f70c8cab9735f0f857f5bf99e319f6ae98238dc7829dd706b7d6855c70be206e32e3e55df884402483cf8bebad00d139283af5c0b85dc1c5bf8f253acd37 |
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\lib\security\policy\unlimited\US_export_policy.jar
| MD5 | 12f971b6e65cbc7184701235469f0339 |
| SHA1 | 06cb165157c5e0078b872c48707a1328b1dcba19 |
| SHA256 | 84e035372ca8979bb4a387428a74942ffc7248a0e61988b7033b5b266cd187c8 |
| SHA512 | 58646fc81de2e4750a3259d79a207a8cff2dc6692f178a63d92a453fc408c8d1088007ef4e93157d1017be706565716a0236039dbac848c40745a0ad89c4d0de |
memory/1284-9665-0x0000000000D60000-0x00000000015A5000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\lite_installer.log
| MD5 | 37f5101a700b1112862cee0b20ea005f |
| SHA1 | 01bec9b57b54f0d5487d2f721d8b9bdff0af7d30 |
| SHA256 | 22f57cf5138807fae125a47010cc884737aab2ce5efcc8ac1443d0dcb34113bb |
| SHA512 | f68d4f5cd3caa02a438d6492d93c99280560264252126b07735d07338d95639aa287717f61eb87c9a1e0bf1cd58207bfb4172f04adb31513908c14556ace1119 |
C:\Users\Admin\AppData\Roaming\.minecraft\KLauncher.exe
| MD5 | 82345958a39e7b1ad0b14ff2adeecaf9 |
| SHA1 | 56e29f91f3ca1d5a3712e339ea5ac70f2904fbf7 |
| SHA256 | 5fdc5fd46f4fbd5f1377c9cde1370b34bef76aec16f7ac3bcb89a1ee59329f99 |
| SHA512 | 1182da48e1be07c2b21036336446e4af55dfc4f4fd1602701cf2a2c56ead437d9be5d994948f7b863215cffe1b627ff4331e4635db12f9eaf9d6ea7b6bf98ea2 |
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe
| MD5 | 122e34bfa3146ef9ae5a51fdc744353f |
| SHA1 | f0cc2294fe150a4cceca8a3da8615edcc4eb20e4 |
| SHA256 | dd2169db3358ccdf4a4a185e4a22955c989eaa3b9d3e0e6025599b8fa173c968 |
| SHA512 | 306341e00598f02a70d3edc6ef666cb64982f1e31e5c0a1304977a1700c95395c1c7f0857ae8056853370eced0bd2aeafc72da804a65f98c1422929b7c431700 |
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\lib\amd64\jvm.cfg
| MD5 | 499f2a4e0a25a41c1ff80df2d073e4fd |
| SHA1 | e2469cbe07e92d817637be4e889ebb74c3c46253 |
| SHA256 | 80847ed146dbc5a9f604b07ec887737fc266699abba266177b553149487ce9eb |
| SHA512 | 7828f7b06d0f4309b9edd3aa71ae0bb7ee92d2f8df5642c13437bba2a3888e457dc9b24c16aa9e0f19231530cb44b8ccd955cbbdf5956ce8622cc208796b357d |
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\java.dll
| MD5 | 583e8b42864ec183c945164f373cb375 |
| SHA1 | 5ec118befbb5d17593a05db2899ee52f7267da37 |
| SHA256 | 9bc9178d3f4246433fe209a0f5ca70e77568e80c928268c78f8c8b00107ce6ed |
| SHA512 | 1feaac37bac19bde93171ebda2e76a65e9d5472a503b05939f6977b3a4d94d131298f3989dd048d7617ecd69cf09db7ac986fc39f0df9f56c84ea01726d0c898 |
memory/1284-9827-0x0000000000D60000-0x00000000015A5000-memory.dmp
memory/25568-9839-0x0000020365770000-0x0000020365771000-memory.dmp
memory/25624-9840-0x0000000000400000-0x000000000042F000-memory.dmp
memory/25284-9853-0x0000023D73DA0000-0x0000023D73DA1000-memory.dmp
memory/25284-9856-0x0000023D73DA0000-0x0000023D73DA1000-memory.dmp
memory/25284-9858-0x0000023D73DA0000-0x0000023D73DA1000-memory.dmp
memory/25284-9868-0x0000023D73DA0000-0x0000023D73DA1000-memory.dmp
memory/25284-9881-0x0000023D73DA0000-0x0000023D73DA1000-memory.dmp
memory/25284-9895-0x0000023D73DA0000-0x0000023D73DA1000-memory.dmp
memory/25284-9921-0x0000023D73DA0000-0x0000023D73DA1000-memory.dmp
memory/25284-9919-0x0000023D73DA0000-0x0000023D73DA1000-memory.dmp
memory/25284-9944-0x0000023D73DA0000-0x0000023D73DA1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\+JXF6331744818194215720.tmp
| MD5 | 99c471b10eb25b8f0f1fe76a04926b0f |
| SHA1 | 807f89e70ccf186bde048c8a51a5c2d668190797 |
| SHA256 | 9042ee73964614ed6b3eb4aa30df23c4ac5d3372deffb201ab9287540a34079c |
| SHA512 | cbc263c2fbf1325c56adb312be8026ec25766a172bfd8d742a2e86292692c18fb185f595eb8b6fa2898e66ff95404ae52d9e52c393271e9f1fbbfd6c5bb9707d |
C:\Users\Admin\AppData\Local\Temp\+JXF8596370695927296266.tmp
| MD5 | 794162f5ab873e624c2e8adaef34aa73 |
| SHA1 | 5e631244b866752f9232e170ed81ab94d252ac42 |
| SHA256 | b272fda2af48d26da480cd02d76059416539612615d38b9145b3f156d677ef7c |
| SHA512 | d14a8abf8a3a4279652132ec145c5fad024001241e6c81d1e07c74ad3d438d61ea6f2e2a3d01812621763afbda99486ebe47f858a8dbd440c82448b1619a2426 |
memory/25284-9973-0x0000023D73DA0000-0x0000023D73DA1000-memory.dmp
memory/25284-10000-0x0000023D73DA0000-0x0000023D73DA1000-memory.dmp
memory/25284-9985-0x0000023D73DA0000-0x0000023D73DA1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\+JXF8192543535060456216.tmp
| MD5 | 945426f5363c482553695c661ebc75a0 |
| SHA1 | feb3a62b783c6cba5175e957c6a4d1564e6de534 |
| SHA256 | b04761b165a8b32e5ac989a3cee07f27658634e7796f708b3e17ff5ccbe23622 |
| SHA512 | 12658f86b8c3744329c2a4c4552ce25c5756e29aa984e0c7fd3fdee13abaa51b221d8ff78a9c406b084d3c08fffc3cdcb2b58f9cfb6af707ab9e3bc8fcee9e98 |
C:\Users\Admin\Videos\Captures\desktop.ini
| MD5 | b0d27eaec71f1cd73b015f5ceeb15f9d |
| SHA1 | 62264f8b5c2f5034a1e4143df6e8c787165fbc2f |
| SHA256 | 86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2 |
| SHA512 | 7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c |
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\java.exe
| MD5 | 1562e15220d8771fcb11b9a5b234a970 |
| SHA1 | 50ec8e4e7125bda147a1b2ccc2b2827db2dc3479 |
| SHA256 | 366199821c1efede3f7112d21da045fd6bf38b56fb3da1ae9d6493c4ddc1861f |
| SHA512 | a07873f0a5381d202a6439a3245dd51f405cdcec4a9d40ff6ffdd4670a3b218008f7288a89e2a7455782c677d4c661bda96e62f813ce7d8c1f20a6c4c7c2b31f |
C:\Users\Admin\AppData\Roaming\.minecraft\klauncher.json
| MD5 | 57c3e459faf3f11f2703b43ebec49aed |
| SHA1 | 5afea178ac17047d3ad276a686858a40cdf833c2 |
| SHA256 | aa5edc077278a5985b07710342f0cf470f37d74709e01bc58f8b7e946f685d41 |
| SHA512 | 81bf054b31925192bf6c615b50b599bf874584583d940b4f8f04aee092091a75fc776b99f77fe0275e7c7ce45d43ab5aa6113e24292b8b40ffeec674c0e0301f |
C:\Users\Admin\AppData\Local\Temp\master_preferences
| MD5 | 5c627a0acb0b4aa6850222290d1b9b30 |
| SHA1 | dc52e262636616c0524a08bbbffb62a8b9eab9ce |
| SHA256 | 15cbe382487e05ebc052b8ae3155e4ffbbb515bce90a76f15cda47e076a037d1 |
| SHA512 | 6250e074b4d65e19ef50b1d7389af8e4ae7b97a47582c774c6dded0a5bde2919236cf991a0652d42e042392582e1a92adca9094f5b32015166ffd8b0f2ee7920 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\YOJF4VYG\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\configs\all_zip
| MD5 | 33b0f0599e46c248c6e7f41553fa707c |
| SHA1 | 90305d5f8c31a1ffbbff50a4fdbd4ae54b610298 |
| SHA256 | c5591c1f105ac121858c10df3cf71b75c7bb671f187b837bac17959d94578f3d |
| SHA512 | 68932e299ef7c4e5868e16006f193a5d7e606e8f9d96fe0172b4413cb57e5684fd81a3319cddceb3619074299b30a8981a51d9f0d9359af6cb2a2903faf2f533 |
C:\Program Files (x86)\Yandex\YandexBrowser\24.6.0.1878\service_update.exe
| MD5 | 7d5dcc6514ef69ab179e6744f853a78a |
| SHA1 | 0a7d0ea8fe4234ffd7cca24eb7fb93ad8f045474 |
| SHA256 | e80f1cb535a94fdd48bcc06e9b839c2ef831b1ea5f559ecd44bd67efc2a35985 |
| SHA512 | 0e5eed3976624f207fc85217e60270bf28381a70291b46f7ce2a21c26430aa9e4010f66798b334e4a19cf2aacf5558089612e43edc2a27ba55bcf1e9fbab55a3 |
C:\ProgramData\Yandex\YandexBrowser\service_update.log
| MD5 | bb320f281895b878006f7896ebcffbb8 |
| SHA1 | 7b823b54b08129e52ac2609a237b10d080afc2b0 |
| SHA256 | f0bb7bf7ae5b29a59b48cab1ae655e8e65e4c727c7bfc2a4663b53cbdc3fd1b4 |
| SHA512 | 78ba117d70c55a5a8bc026dea7f7f6875b97b43a4c1df7b87ae05c700c27bd82ea5385d0abd1231224e5e1818b0bec86a01ec6783e748e513745c69b0fb7f2e3 |
C:\ProgramData\Yandex\YandexBrowser\service_update.log
| MD5 | 78aa92d7791529f0c804352718029c5c |
| SHA1 | d497793182902fb06ad4a80a6dda8d0679979667 |
| SHA256 | 25a0c7d5fd630230de4e10f308a620ce17d822f97c014bfa1893f3e9bfa1b0d9 |
| SHA512 | 5f01ab6c4940ccc11fb8574204435fe38fbb0037590bfb9091e1b5df815e980098a33611ad8af6aab5fc3ea80f1711e85cb8b63c8b16bb003528ba52bc7367cd |
C:\ProgramData\Yandex\YandexBrowser\service_update.log
| MD5 | dafce687574a4d648165635cd6c4fcae |
| SHA1 | fea7166f16600d8a2f7f67de15ff2d60762c2bac |
| SHA256 | a10a16f3b9f61801e3c58b913651d468566317af82a35bc49d45ad3ae3a48942 |
| SHA512 | 60e945609a98a80f0d9994fe1c9bd5584daaf58d8d4e08fcb8209d6e48631a4224210faeed90a952778d0579a4e324db4cd6b7165e3268ed9814e1352e2cb246 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.6.0.1878\partner_config
| MD5 | 977bc7b2384ef1b3e78df8fbc3eeb16b |
| SHA1 | 7ee6110ca253005d738929b7ba0cc54ed2ed0a2e |
| SHA256 | 82e288090168abe15419015317fd38f56c1136e7481f66656d84e0a2d861d4d6 |
| SHA512 | 4d154832ef3ac05abb1499a5bc8235d72f64cdaa3e6870206a6363c1d85d821604ae8a96850c2c8bd540d479b8dd5f3ce032472ed96bbf7eddb168ea3d2d1cf6 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.6.0.1878\brand_config
| MD5 | 21a3e1e8b2352d3ee79f3cf3249eb5bd |
| SHA1 | 1f2d95c3fe89591a09dd8bb19b53ac879809aaa1 |
| SHA256 | 3a9dcb32b11967a0f9e866dfb476d9f68c37ec4fe4b53f0673f376c8c763d80f |
| SHA512 | 01845d48f444a8d9d17a7f96e161b3bec55237c52340016496baf0a9c550ea9d6a7b89ea1359da079032877b0b9a71a6e4dc8312a4b3fd7b2f19a1a2f685b391 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\wallpapers\mountains_preview.jpg
| MD5 | a3272b575aa5f7c1af8eea19074665d1 |
| SHA1 | d4e3def9a37e9408c3a348867169fe573050f943 |
| SHA256 | 55074794869b59cd5c693dfa6f6615aea068c2cd50cdae6dd69bd0410661ded8 |
| SHA512 | c69bf39362658dd6cbd827cf6db0f188a9c4410b3c6b7b532595fd5907974e2141d857942ffb2497282e31eaa33c71240c2c2bd8721046df55e3358e8b76c061 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\wallpapers\huangshan\huangshan.jpg
| MD5 | c51eed480a92977f001a459aa554595a |
| SHA1 | 0862f95662cff73b8b57738dfaca7c61de579125 |
| SHA256 | 713c9e03aac760a11e51b833d7e1c9013759990b9b458363a856fd29ea108eec |
| SHA512 | 6f896c5f7f05524d05f90dc45914478a2f7509ea79114f240396791f658e2f7070e783fab6ac284327361dc2a48c5918b9f1c969b90795ceacce2c5c5bfa56ca |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\wallpapers\meadow\wallpaper.json
| MD5 | f3673bcc0e12e88f500ed9a94b61c88c |
| SHA1 | e96e2b2b5c9de451d76742f04cc8a74b5d9a11c0 |
| SHA256 | c6581e9f59646e0a51a3194798ec994c7c5c99f28897108838aaf4a4e2bda04a |
| SHA512 | 83fb3fe4a3562449a53c13d1c38d5fe9ef1fa55c3006f59b65eace9a6ad4963e768088bc500dbe5266b5979c6ace77874ef11a15a7bd9fabae00ff137e70ecb5 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\morphology\stop-words-ru-RU.list
| MD5 | 24281b7d32717473e29ffab5d5f25247 |
| SHA1 | aa1ae9c235504706891fd34bd172763d4ab122f6 |
| SHA256 | cbeec72666668a12ab6579ae0f45ccbdbe3d29ee9a862916f8c9793e2cf55552 |
| SHA512 | 2f81c87358795640c5724cfabcabe3a4c19e5188cedeab1bd993c8ccfc91c9c63a63e77ac51b257496016027d8bccb779bd766174fa7ea2d744bd2e2c109cb8b |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\morphology\dictionary-ru-RU.mrf.sig
| MD5 | d704b5744ddc826c0429dc7f39bc6208 |
| SHA1 | 92a7ace56fb726bf7ea06232debe10e0f022bd57 |
| SHA256 | 151739137bbbdf5f9608a82ec648bdf5d7454a81b86631b53dfc5ad602b207d6 |
| SHA512 | 1c01217e3480872a6d0f595ceb1b2242ffe3e1ff8b3fdd76eea13a7541606b94d3ccd69492a88220e0e40c17da5d785e4dba1d7501e6be749b9c46f72572ef6f |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\morphology\dictionary-ru-RU.mrf
| MD5 | 0be7417225caaa3c7c3fe03c6e9c2447 |
| SHA1 | ff3a8156e955c96cce6f87c89a282034787ef812 |
| SHA256 | 1585b1599418d790da830ef11e8eeceee0cbb038876fe3959cc41858bd501dbc |
| SHA512 | dfc0de77b717029a8c365146522580ab9d94e4b2327cef24db8f6535479790505c337852d0e924fbfa26e756b3aec911f27f5f17eba824496365c9a526464072 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\safebrowsing\download.png
| MD5 | 528381b1f5230703b612b68402c1b587 |
| SHA1 | c29228966880e1a06df466d437ec90d1cac5bf2e |
| SHA256 | 3129d9eaba1c5f31302c2563ebfa85747eda7a6d3f95602de6b01b34e4369f04 |
| SHA512 | 9eb45b0d4e3480a2d51a27ac5a6f20b9ef4e12bf8ac608043a5f01a372db5ea41a628458f7a0b02aaba94cd6bb8355a583d17666f87c3f29e82a0b899e9700bd |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\wallpapers\abstract\light_preview.jpg
| MD5 | 9f6a43a5a7a5c4c7c7f9768249cbcb63 |
| SHA1 | 36043c3244d9f76f27d2ff2d4c91c20b35e4452a |
| SHA256 | add61971c87104187ae89e50cec62a196d6f8908315e85e76e16983539fba04b |
| SHA512 | 56d7bd72c8a380099309c36912513bcafbe1970830b000a1b89256aae20137c88e1e281f2455bb381ab120d682d6853d1ef05d8c57dd68a81a24b7a2a8d61387 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\wallpapers\abstract\light.jpg
| MD5 | 3bf3da7f6d26223edf5567ee9343cd57 |
| SHA1 | 50b8deaf89c88e23ef59edbb972c233df53498a2 |
| SHA256 | 2e6f376222299f8142ff330e457867bad3300b21d96daec53579bf011629b896 |
| SHA512 | fef8e951c6cf5cec82dbeafd306de3ad46fd0d90e3f41dcea2a6046c95ab1ae39bf8a6e4a696580246c11330d712d4e6e8757ba24bbf180eec1e98a4aec1583b |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\wallpapers\custogray\wallpaper.json
| MD5 | 662f166f95f39486f7400fdc16625caa |
| SHA1 | 6b6081a0d3aa322163034c1d99f1db0566bfc838 |
| SHA256 | 4cd690fb8ed5cd733a9c84d80d20d173496617e8dde6fca19e8a430517349ed5 |
| SHA512 | 360a175c5e72ff8d2a01ee4e0f365237bbd725b695139ea54afc905e9e57686c5db8864b5abf31373a9cb475adcbdb3db292daf0a53c6eb643a5d61b868ad39b |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\wallpapers\custogray\preview.png
| MD5 | 0474a1a6ea2aac549523f5b309f62bff |
| SHA1 | cc4acf26a804706abe5500dc8565d8dfda237c91 |
| SHA256 | 55a236ad63d00d665b86ff7f91f2076226d5ed62b9d9e8f835f7cb998556545f |
| SHA512 | d8e3de4fea62b29fd719376d33a65367a3a2a2a22ed175cc1eeff3e38dfbaac448c97a6fbea55bc6159351d11a6aad97e09cb12548cf297e01bd23bf6074de08 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\wallpapers\custogray\custogray_full.png
| MD5 | 55841c472563c3030e78fcf241df7138 |
| SHA1 | 69f9a73b0a6aaafa41cecff40b775a50e36adc90 |
| SHA256 | a7cd964345c3d15840b88fd9bc88f0d0c34a18edbf1ce39359af4582d1d7da45 |
| SHA512 | f7433d17937342d9d44aa86bcc30db9ae90450b84aa745d2c7390ff430449e195b693a8ae6df35d05fee2d97149a58a7d881737d57902d9885c6c55393d25d6f |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\wallpapers\fir_tree\wallpaper.json
| MD5 | 8a2f19a330d46083231ef031eb5a3749 |
| SHA1 | 81114f2e7bf2e9b13e177f5159129c3303571938 |
| SHA256 | 2cc83bc391587b7fe5ddd387506c3f51840b806f547d203ccd90487753b782f1 |
| SHA512 | 635828e7b6044eeede08e3d2bb2e68bc0dbbe9e14691a9fb6e2bc9a2ac96526d8b39c8e22918ff2d944fb07b2531077f8febd43028be8213aa2fad858b6ee116 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\wallpapers\fir_tree\fir_tree_preview.png
| MD5 | d6305ea5eb41ef548aa560e7c2c5c854 |
| SHA1 | 4d7d24befe83f892fb28a00cf2c4121aeb2d9c5d |
| SHA256 | 4c2b561cf301d9e98383d084a200deb7555ec47a92772a94453d3d8d1de04080 |
| SHA512 | 9330009997d62c1804f1e4cf575345016cda8d6a1dd6cb7d2501df65ea2021df6b8a5bc26809ddfc84e6ff9450f1e404c135561b1b00b9e4915c69e84f89cfec |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\Extensions\ghjgbemlcjioaaejhnnmgfpiplgalgcl.json
| MD5 | 2ec6275318f8bfcab1e2e36a03fd9ffa |
| SHA1 | 063008acf0df2415f5bd28392d05b265427aac5c |
| SHA256 | 20832de8163d5af0a0c8bda863bcd6083df4f92175d856ce527de1dae1f7c433 |
| SHA512 | 5eee4555be05d07bce49c9d89a1a64bb526b83e3ca6f06e2f9ef2094ad04c892110d43c25183da336989a00d05dad6ff5898ff59e2f0a69dcaaf0aa28f89a508 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\easylist\manifest.json
| MD5 | 15bcd6d3b8895b8e1934ef224c947df8 |
| SHA1 | e4a7499779a256475d8748f6a00fb4580ac5d80d |
| SHA256 | 77334f6256abddcc254f31854d1b00aa6743e20aadbb9e69187144847099a66b |
| SHA512 | c2d3778a99af8d8598e653593d5e2d1d0b3b2ace11addd2d3eeb2bf3b57d51bf938ddaf2d2743322e0ce02e291b81f61c319daf34c1cd604ffce1f6407a30b34 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\easylist\easylist.txt
| MD5 | 8e4bcad511334a0d363fc9f0ece75993 |
| SHA1 | 62d4b56e340464e1dc4344ae6cb596d258b8b5de |
| SHA256 | 2f317fee439877eaadb1264bd3d1e153c963ef98596a4ccf227592aea12ae76f |
| SHA512 | 65077bd249c51be198234ff927040ef849cd79adcd611ed2afae511bc2a257a21f13171bf01cb06fce788c1cff88c8ad39cf768c5900d77cd15453a35e7f0721 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\extension\elokbjeafkcggjfjkakpchmcmhkhaofn\brand_settings.json
| MD5 | f70c4b106fa9bb31bc107314c40c8507 |
| SHA1 | 2a39695d79294ce96ec33b36c03e843878397814 |
| SHA256 | 4940847c9b4787e466266f1bb921097abb4269d6d10c0d2f7327fde9f1b032b7 |
| SHA512 | 494dce5543e6dacc77d546015f4ea75fd2588625e13450dba7ba0bd4c2f548b28c746a0d42c7f9b20d37f92af6710927d4bccb2fee4faa17d3ec2c07ff547e70 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\extension\fcgfaidpicddcilhjhafmmcgfodijhjd\brand_settings.json
| MD5 | a3779768809574f70dc2cba07517da14 |
| SHA1 | ffd2343ed344718fa397bac5065f6133008159b8 |
| SHA256 | de0fbb08708d4be7b9af181ec26f45fccd424e437bc0cfb5cf38f2604f01f7b2 |
| SHA512 | 62570be7ea7adee14b765d2af46fcd4dc8eec9d6274d9e00c5f361ff9b0cdb150305edad65a52b557c17dd9682e371004a471fa8958b0bd9cfbe42bb04ca5240 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
| MD5 | 20d11a140d4a8cf002b2e215e0530981 |
| SHA1 | 8b51ef221cdadac07f0d35b750b059d2df542f1e |
| SHA256 | 2f69a50fd3bc75d3cd7debc4096430d1d7cf39f04cc81952c0313ced6708f5db |
| SHA512 | 81bed05ad47ff203c551c849c9b29b469c9480376a79d7cd113c0a8593efe6db634286f2cad79671f88220a542be2fbcee2bd861baf3cdb932ff4f9e980ed333 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\extension\gopnelejddjjkamjfblkcijjikkinnec\brand_settings.json
| MD5 | 30fdb583023f550b0f42fd4e547fea07 |
| SHA1 | fcd6a87cfb7f719a401398a975957039e3fbb877 |
| SHA256 | 114fd03aa5ef1320f6cc586e920031cf5595a0d055218ce30571ff33417806d3 |
| SHA512 | bae328e1be15c368f75396d031364bef170cfcf95dbdf4d78be98cff2b37a174d3f7ebb85b6e9eb915bb6269898cbcecd8a8415dc005c4444175fe0447126395 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\wallpapers\flowers\wallpaper.json
| MD5 | a0ef93341ffbe93762fd707ef00c841c |
| SHA1 | 7b7452fd8f80ddd8fa40fc4dcb7b4c69e4de71a0 |
| SHA256 | 70c8d348f7f3385ac638956a23ef467da2769cb48e28df105d10a0561a8acb9e |
| SHA512 | a40b5f7bd4c2f5e97434d965ef79eed1f496274278f7caf72374989ac795c9b87ead49896a7c9cbcac2346d91a50a9e273669296da78ee1d96d119b87a7ae66a |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\wallpapers\flowers\flowers_preview.png
| MD5 | ba6e7c6e6cf1d89231ec7ace18e32661 |
| SHA1 | b8cba24211f2e3f280e841398ef4dcc48230af66 |
| SHA256 | 70a7a65aa6e8279a1a45d93750088965b65ea8e900c5b155089ca119425df003 |
| SHA512 | 1a532c232dd151474fbc25e1b435a5e0d9d3f61372036d97bcaab3c352e7037f1c424b54a8904ef52cf34c13a77b7ab295fb4fd006c3ab86289577f469a6cd4c |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\wallpapers\huangshan\huangshan_preview.jpg
| MD5 | 1edab3f1f952372eb1e3b8b1ea5fd0cf |
| SHA1 | aeb7edc3503585512c9843481362dca079ac7e4a |
| SHA256 | 649c55ccc096cc37dfe534f992b1c7bda68da589258611924d3f6172d0680212 |
| SHA512 | ecd9609fbf821239ddcbdc18ef69dade6e32efd10c383d79e0db39389fa890a5c2c6db430a01b49a44d5fa185f8197dbbde2e1e946f12a1f97a8c118634c0c34 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\wallpapers\huangshan\huangshan.webm
| MD5 | b78f2fd03c421aa82b630e86e4619321 |
| SHA1 | 0d07bfbaa80b9555e6eaa9f301395c5db99dde25 |
| SHA256 | 05e7170852a344e2f3288fc3b74c84012c3d51fb7ad7d25a15e71b2b574bfd56 |
| SHA512 | 404fb2b76e5b549cbcba0a8cf744b750068cbd8d0f9f6959c4f883b35bcaa92d46b0df454719ca1cef22f5924d1243ba2a677b2f86a239d20bfad5365dc08650 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\wallpapers\meadow\preview.png
| MD5 | d10bda5b0d078308c50190f4f7a7f457 |
| SHA1 | 3f51aae42778b8280cd9d5aa12275b9386003665 |
| SHA256 | 0499c4cc77a64cc89055b3c65d7af8387f5d42399ff2c0a2622eccbd6d481238 |
| SHA512 | 668e1a70a50a0decf633167ac23cba6916d0e05d0894daae1f7e3d487519f0a126abd4298430b38f52746a5c3b83ccd520b3d9b0ae1a79f893e36821a0458566 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\wallpapers\misty_forest\wallpaper.json
| MD5 | 2b65eb8cc132df37c4e673ff119fb520 |
| SHA1 | a59f9abf3db2880593962a3064e61660944fa2de |
| SHA256 | ebe9cadad41bd573f4b5d20e3e251410300b1695dfdf8b1f1f1276d0f0f8fa6d |
| SHA512 | c85fe6895453d0c38a1b393307b52d828bad8fa60d1d65bb83ffa3c5e17b71aa13cab60955489198503839ce5a4a6c1bb353752ab107f5e5b97908116c987e52 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\wallpapers\misty_forest\preview.png
| MD5 | 77aa87c90d28fbbd0a5cd358bd673204 |
| SHA1 | 5813d5759e4010cc21464fcba232d1ba0285da12 |
| SHA256 | ea340a389af6d7ad760dff2016cf4e79488bda1a45d0a415b3cd02a4430c9711 |
| SHA512 | 759519b8822a6a4b88fc9ba47fa9d5d898b2f5a0f359acfbefc04809e6d7f5df86fb130f191eb6f63322792a18c0e7170aedf3ce7060fd9ad7e1bec2e686c3b2 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\wallpapers\peak\wallpaper.json
| MD5 | f0ac84f70f003c4e4aff7cccb902e7c6 |
| SHA1 | 2d3267ff12a1a823664203ed766d0a833f25ad93 |
| SHA256 | e491962b42c3f97649afec56ad4ea78fd49845ceb15f36edddd08d9e43698658 |
| SHA512 | 75e048c1d1db6618ead9b1285846922c16a46ee138a511e21235342a5a6452c467b906578bdd4a56e7b9e0a26535df6fb6319ae1cae238055887b48963fa6ed6 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\wallpapers\peak\preview.png
| MD5 | 1d62921f4efbcaecd5de492534863828 |
| SHA1 | 06e10e044e0d46cd6dccbcd4bae6fb9a77f8be45 |
| SHA256 | f72ea12f6c972edfe3d5a203e1e42cbbaf4985633de419342c2af31363f33dab |
| SHA512 | eec8171bd3bea92e24066e36801f334ac93905b7e8e50935f360e09fa8c9b9f848c4c62b687299e8297c0693d6dbaf9c6035b471e6345d626510b73e3606ee4d |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\wallpapers\raindrops\wallpaper.json
| MD5 | 5f18d6878646091047fec1e62c4708b7 |
| SHA1 | 3f906f68b22a291a3b9f7528517d664a65c85cda |
| SHA256 | bcfea0bebf30ee9744821a61fcce6df0222c1a266e0995b9a8cfbb9156eeeefd |
| SHA512 | 893b2077a4abaa2fe89676c89f5e428ccd2420177268159395b5568824dd3fe08bea8a8b2f828c6c9297b19e0f8e3a1b7899315c0b07f4b61fc86ce94301518b |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\wallpapers\raindrops\raindrops_preview.png
| MD5 | 28b10d683479dcbf08f30b63e2269510 |
| SHA1 | 61f35e43425b7411d3fbb93938407365efbd1790 |
| SHA256 | 1e70fc9965939f6011488f81cd325223f17b07ee158a93c32c124602b506aa6b |
| SHA512 | 05e5b5e9c5ef61f33a883b0286c2239cb2a464581d6e8a86d7b179b1887b4cb2cd7304e0821cdd3208501421c44c63c248a5166c790792717a90f8ac528fbf2f |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\wallpapers\sea\wallpaper.json
| MD5 | 92e86315b9949404698d81b2c21c0c96 |
| SHA1 | 4e3fb8ecf2a5c15141bb324ada92c5c004fb5c93 |
| SHA256 | c2bb1e5d842c7e5b1b318f6eb7fe1ce24a8209661ddd5a83ab051217ca7c3f65 |
| SHA512 | 2834b1ef7bb70b2d24c4fedef87cd32c6e8f401d8ee5f3852808f6a557724ce036c31a71298cd0ed601cde4be59ec4042542351c63c4e0ac3d31419f79240956 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\wallpapers\sea\sea_preview.png
| MD5 | 3c0d06da1b5db81ea2f1871e33730204 |
| SHA1 | 33a17623183376735d04337857fae74bcb772167 |
| SHA256 | 02d8e450f03129936a08b67f3a50ea5d2e79f32c4e8f24d34b464f2cb5e0b086 |
| SHA512 | ff0e60c94fc3c0c61d356a26667c5170256e1143b29adf23d4e7d27012da72ed8865ef59dc2046314c7335b8d3d331e5fd78f38b9b92f6af48729dae80f85b15 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\wallpapers\stars\wallpaper.json
| MD5 | 9660de31cea1128f4e85a0131b7a2729 |
| SHA1 | a09727acb85585a1573db16fa8e056e97264362f |
| SHA256 | d1bef520c71c7222956d25335e3ba2ea367d19e6c821fb96c8112e5871576294 |
| SHA512 | 4cb80766c8e3c77dfb5ca7af515939e745280aa695eca36e1f0a83fb795b2b3ef406472f990a82c727cea42d1b4ef44a0d34a7f4f23e362f2992dbff2527798b |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\wallpapers\stars\preview.png
| MD5 | ed9839039b42c2bf8ac33c09f941d698 |
| SHA1 | 822e8df6bfee8df670b9094f47603cf878b4b3ed |
| SHA256 | 4fa185f67eaf3a65b991cea723d11f78de15a6a9a5235848a6456b98a9d7f689 |
| SHA512 | 85119055ddfc6bc4cca05de034b941b1743cbb787607c053e8c10309572d2ef223786fc454d962fbb5e3cde5320117f9efe99041116db48916bc3d2fcd4ffa25 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\wallpapers\web\web_preview.png
| MD5 | 3f7b54e2363f49defe33016bbd863cc7 |
| SHA1 | 5d62fbfa06a49647a758511dfcca68d74606232c |
| SHA256 | 0bbf72a3c021393192134893777ecb305717ccef81b232961ca97ae4991d9ba8 |
| SHA512 | b3b458860701f3bc163b4d437066a58b5d441d8a427a8b03772c9c519c01983e3d3fdb8da20f6a53ad95c88dcdd0298f72822f39bc3672cb6f1d77fcc3f025a9 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\wallpapers\web\wallpaper.json
| MD5 | e4bd3916c45272db9b4a67a61c10b7c0 |
| SHA1 | 8bafa0f39ace9da47c59b705de0edb5bca56730c |
| SHA256 | 7fdddc908bd2f95411dcc4781b615d5da3b5ab68e8e5a0e2b3d2d25d713f0e01 |
| SHA512 | 4045e262a0808225c37711b361837070d0aeb5d65a32b5d514cc6f3c86962ba68f7d108bf4d81aa3bf645789d0753029a72c1ce34688a6d7af15f3e854c73f07 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\wallpapers\sea_static.jpg
| MD5 | 5e1d673daa7286af82eb4946047fe465 |
| SHA1 | 02370e69f2a43562f367aa543e23c2750df3f001 |
| SHA256 | 1605169330d8052d726500a2605da63b30613ac743a7fbfb04e503a4056c4e8a |
| SHA512 | 03f4abc1eb45a66ff3dcbb5618307867a85f7c5d941444c2c1e83163752d4863c5fc06a92831b88c66435e689cdfccdc226472be3fdef6d9cb921871156a0828 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\wallpapers\sea_preview.jpg
| MD5 | 53ba159f3391558f90f88816c34eacc3 |
| SHA1 | 0669f66168a43f35c2c6a686ce1415508318574d |
| SHA256 | f60c331f1336b891a44aeff7cc3429c5c6014007028ad81cca53441c5c6b293e |
| SHA512 | 94c82f78df95061bcfa5a3c7b6b7bf0b9fb90e33ea3e034f4620836309fb915186da929b0c38aa3d835e60ea632fafd683623f44c41e72a879baf19de9561179 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\wallpapers\1-1x.png
| MD5 | 80121a47bf1bb2f76c9011e28c4f8952 |
| SHA1 | a5a814bafe586bc32b7d5d4634cd2e581351f15c |
| SHA256 | a62f9fdf3de1172988e01a989bf7a2344550f2f05a3ac0e6dc0ccd39ed1a697e |
| SHA512 | a04df34e61fd30764cf344b339ba2636b9280a358863f298690f6a8533c5e5dfa9773a14f8d16a5bb709ea17cf75e1da6302335aa9120009892e529bfad30df9 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\tablo
| MD5 | 58697e15ca12a7906e62fc750e4d6484 |
| SHA1 | c5213072c79a2d3ffe5e24793c725268232f83ab |
| SHA256 | 1313aa26cc9f7bd0f2759cfaff9052159975551618cba0a90f29f15c5387cad4 |
| SHA512 | 196b20d37509ea535889ec13c486f7ee131d6559fb91b95de7fdd739d380c130298d059148c49bf5808d8528d56234c589c9d420d63264f487f283f67a70c9a6 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\sxs.ico
| MD5 | 592b848cb2b777f2acd889d5e1aae9a1 |
| SHA1 | 2753e9021579d24b4228f0697ae4cc326aeb1812 |
| SHA256 | ad566a3e6f8524c705844e95a402cdeb4d6eed36c241c183147409a44e97ebcd |
| SHA512 | c9552f4db4b6c02707d72b6f67c2a11f1cf110b2c4ac5a1b7ac78291a14bf6eb35a9b4a05bc51ac80135504cd9dcad2d7a883249ee2e20a256cb9e9ceeb0032f |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\import-bg.png
| MD5 | 85756c1b6811c5c527b16c9868d3b777 |
| SHA1 | b473844783d4b5a694b71f44ffb6f66a43f49a45 |
| SHA256 | 7573af31ed2bfcfff97ed2132237db65f05aff36637cd4bdeccdf8ca02cd9038 |
| SHA512 | 1709222e696c392ca7bcd360f9a2b301896898eb83ddfb6a9db0d0c226a03f50671633b8bed4d060d8f70df7282ffc2cd7ab1d1449acf2e07a7b6c251aa3a19e |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\about_logo_ru_2x.png
| MD5 | a6911c85bb22e4e33a66532b0ed1a26c |
| SHA1 | cbd2b98c55315ac6e44fb0352580174ed418db0a |
| SHA256 | 5bb0977553ded973c818d43a178e5d9874b24539dacbd7904cd1871e0ba82b23 |
| SHA512 | 279fb0c1f2871ce41b250e9a4662046bc13c6678a79866eaf317cc93c997a683114122092214ce24f8e7f8a40520fe4ca03f54930148f4f794df0df3ecf74e9d |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\about_logo_ru.png
| MD5 | ff321ebfe13e569bc61aee173257b3d7 |
| SHA1 | 93c5951e26d4c0060f618cf57f19d6af67901151 |
| SHA256 | 1039ea2d254d536410588d30f302e6ab727d633cf08cb409caa5d22718af5e64 |
| SHA512 | e98fbfb4ed40c5ac804b9f4d9f0c163508c319ec91f5d1e9deb6a5d3eada9338980f1b5fe11c49e6e88935ecd50119d321ce55ca5bdd0723a6e8c414e1e68e16 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\about_logo_en_2x.png
| MD5 | 900fdf32c590f77d11ad28bf322e3e60 |
| SHA1 | 310932b2b11f94e0249772d14d74871a1924b19f |
| SHA256 | fe20d86fd62a4d1ab51531b78231749bd5990c9221eab1e7958be6d6aef292d9 |
| SHA512 | 64ebc4c6a52440b4f9f05de8ffb343c2024c4690fe5c9f336e78cd1dd01ae8225e8bc446f386feb442e76136b20d6b04ee293467b21f5b294ce25e500922f453 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\about_logo_en.png
| MD5 | 1376f5abbe56c563deead63daf51e4e9 |
| SHA1 | 0c838e0bd129d83e56e072243c796470a6a1088d |
| SHA256 | c56ae312020aef1916a8a01d5a1fc67ed3b41e5da539c0f26632c904a5e49c62 |
| SHA512 | a0bab3bae1307ea8c7ccbd558b86c9f40e748cdd6fd8067bb33eeef863191534af367a0058111553a2c3a24e666a99009176a8636c0a5db3bf1aa6226130498f |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\wallpapers\sea.webm
| MD5 | 00756df0dfaa14e2f246493bd87cb251 |
| SHA1 | 39ce8b45f484a5e3aa997b8c8f3ad174e482b1b9 |
| SHA256 | fa8d0ae53ebdbec47b533239709b7e1514ecb71278907621ca2d288241eb0b13 |
| SHA512 | 967670863f3c77af26fa1d44cd7b4fe78148d2ba6ea930b7b29b9f35d606554d664c0577068e0c26fa125d54627d7e7543360bce4acee0af17783b07450b5f52 |
C:\Users\Admin\AppData\Local\Temp\jna-63116079\jna3733791731895835360.dll
| MD5 | a57eb3837a7aa2b6f87cf3373c072712 |
| SHA1 | 943cf0cf176a96c11b773d78a6e761be15ac08b0 |
| SHA256 | 2475272f129a0b36bd9bf5ed732aef70d9d9ca726ae2518588cebe298561dce8 |
| SHA512 | 57465c188bac732ab27c283e7469af82ca5393a5c0e144e1e4bf8823ccfa812d3528b31e3362b670ab97f31421ea7addfbc6589d4a997e0855d61a98ed385834 |
C:\Users\Admin\AppData\Local\Temp\+JXF2512117598610887454.tmp
| MD5 | a3de2170e4e9df77161ea5d3f31b2668 |
| SHA1 | 6484f1af6b485d5096b71b344e67f4164c33dd1f |
| SHA256 | 7b5a4320fba0d4c8f79327645b4b9cc875a2ec617a557e849b813918eb733499 |
| SHA512 | 94a693ab2ce3c59f7a1d35b4bcc0fd08322dad24ce84203060ceceaf3dac44c4c28413c28dcdab35d289f30f8e28223a43c11cb7d5e9a56d851eb697ff9b9b6b |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\install_state.json
| MD5 | 896fe0f125b9073f0620664fb05fd2b7 |
| SHA1 | dbbe5491a768f9bbc5c276dde5b70a1e9645de0a |
| SHA256 | 3b4b94958f27628a8b7f3151140e759cde030d654eb051716ad2cee0fb6a323d |
| SHA512 | 9184db90cdef45ada7c806b8e57c91d2c5ed51ad1f64623584dd729f99f3e058efc8494834ffd25aaa17b4b436c6a48c3f18da04c00b5199533adf7508bffafb |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\6ec20f29-20a2-48db-8b2d-19675288bad5.tmp
| MD5 | 5554804d26357650a990498014c8537b |
| SHA1 | 9811f29ebf9d204c1c3f59fddb46f7407b3c003f |
| SHA256 | c0f2f4beed6c28465606db60372dffe83c32f0f7f9321b48afc83454f1d17c65 |
| SHA512 | f82c54b4999175560c26a2e9cf4aee0509d235ab73db950de8132f8a4c5cf97180b2ac4cc5deada50a22d0b905b7b557aaeb056fa0b88feb6a669983e0a2aa9f |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Local Storage\leveldb\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Local Storage\leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences
| MD5 | 6e4d3d4c79f8ac8c8675477cbb25c024 |
| SHA1 | f86a231fd9ed45f217c18162c40b9dbd9c54833e |
| SHA256 | 31748f0440f1c3d4a07aab3c520e0c532626935f122f14f5571b9f75f02338df |
| SHA512 | 06dd2a86d3aa88f635d67e5259348b1c73657dd60c537dc567942a77548c737a1b42634fc56e960e315a0e053c871318973c1c6e33da9936655b10b1adbfb13c |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\a32ca639-3039-4908-a272-7413589e10d0.tmp
| MD5 | e83f8ddcd8a44db1f17574eb0f501331 |
| SHA1 | 0b30ec881ad62158f896ea47f5c70db3806aefd6 |
| SHA256 | 3bae34ca8c4ca34ad7177a57d3934891651bea573f72a7da8cdf004f897ffee3 |
| SHA512 | 8a246ea1417825e1de0ee26af667c849175659441dac4c9f115d58ebb68abaac9245b231d787edfa72384ebdf0f170e871fca352b441faa41bc2984bc1a56223 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Secure Preferences
| MD5 | 7a5961bce0d28140152b939abc5b48b6 |
| SHA1 | 2532cd26a0b7ea6c21ee6060de12359571cebe05 |
| SHA256 | d187711372debfbacf0e785828e1bf6f62a00153f6176d5518c4525eeb2ceb0e |
| SHA512 | 5f76e8d49521898f2af733366470243cb112203d746706ca507cbd3bb6f8dfdd506cc36716c68d6cba1f2fb53d8f3db5bcc48e03a2e1953d2959e2243712e23c |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences
| MD5 | ea40b8c00bb8d3c969fc4d368ea4dcf8 |
| SHA1 | 3fcae526a90d3749bd956bb243d4d2c6a423bd04 |
| SHA256 | 94e50b69f6e88264934a499d749263beaabcd78bedb6da5a9f989a92e28417e9 |
| SHA512 | db883fe0644944631f397f2447fcca50915c9b00d2a4092857cebdd315ec8bbfdb63e846ae3b458d782075069fd98a354460984215af3e1e83b676420c2897b0 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Secure Preferences~RFe5948d7.TMP
| MD5 | bf13c71034c7305dcd0adc40a09718ad |
| SHA1 | 8dd24d1b333f5d6a7364d135f8172ad1c3dd5739 |
| SHA256 | 567f88c80e1d2f5d4b8bcdbdd1ee1476c7d15ebe9a31d95c2e799515957387fc |
| SHA512 | 22c981dea56edbc8f4f788bfcd0e3d2c85fc092ae1c6c557afb910f6bd6ca2aac5eb6235fc8ab1ba459b03c00d7094e3c60d73f9fde78a306742186a614ff5aa |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\DawnWebGPUCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\DawnWebGPUCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\DawnWebGPUCache\data_1
| MD5 | d0d388f3865d0523e451d6ba0be34cc4 |
| SHA1 | 8571c6a52aacc2747c048e3419e5657b74612995 |
| SHA256 | 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b |
| SHA512 | 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\DawnWebGPUCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences~RFe594760.TMP
| MD5 | d80cd0af81ed777f5d33605859f16884 |
| SHA1 | 548fd5fdd537a7422e41a78afabc168d498c2ab8 |
| SHA256 | 71fa222a7bafa85621fad160eb72d9847de109f869e51d2c9a910b6c49454524 |
| SHA512 | cde9cb84f11e10b2435754dd2b8a663958a33dbb42abc470e3609ad67acab176814e6e75ea6cfd577400602edf71cc975a2dbe41355e7ba7fd9b30013182864e |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\turboapp_db.json~RFe594b76.TMP
| MD5 | ed108e5046bf82b8d317c1b06a59dd6f |
| SHA1 | 94f3631ccb5a65898b5a465d4c1f87c19b5a78c3 |
| SHA256 | 6147d588cb56ae69c4febdac727f75b8a1f12d79eeba0ca3bb8d1a62dee622a9 |
| SHA512 | 2a3d5191a4fbfed2a249931de1e4db7bc9c8f346a77d2a37de64e7fc33e01f7add67c3f9ac81d55fe9de9c9ab9b67afaf909f6ed0ba0cb77a21b43a3ba39b73a |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\turboapp_db.json
| MD5 | 2e519cc5a0676fa0e3c9b711ffe3e23b |
| SHA1 | dd386b0e5170e8b866f7426ab904d6888d2f6c50 |
| SHA256 | fc53375b07c5a3106f2019cd7be2f8661316efd576ac59bc61f9e2fdc6a1fd04 |
| SHA512 | 7c80a6850882d370dcff08fd50064495ad7397e2c7832dc89f9dac1bd7e30478f3ffeb5a0693d9adb8fdb262d9e05ef1eb3d0a65567a81071f6f84ea8ff4fe61 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\55811988-650c-4420-b0e4-915381989e88\index-dir\the-real-index
| MD5 | 5654b2eb9b74efb2803a17d2b8a71d00 |
| SHA1 | da46045492ff544926a05d745ffdcb8076f885f4 |
| SHA256 | 5f33b53931d66ca8e2c44d3990a88b01b6b9635418cf84df8cc24a64e276be38 |
| SHA512 | f5110e9f644a9758c07376c5735a9f746de52d56baf6be26241df8d2533ade740870b5dbcdacf046932608d56629922393f9cbcbcfc5c1d001a334e94bb10e42 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\web_ntp_cache\index
| MD5 | 54cb446f628b2ea4a5bce5769910512e |
| SHA1 | c27ca848427fe87f5cf4d0e0e3cd57151b0d820d |
| SHA256 | fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d |
| SHA512 | 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\turboapp_db.json
| MD5 | 2199c37acbb0d29a83434a4ee5eb0e55 |
| SHA1 | 5932157c35fd24bbb3ab7b548baa248892e199cf |
| SHA256 | 0b7cf955c7ccf27e80dae662067816c0d8720ee90355a042f0ebc2bd7e0d4ef6 |
| SHA512 | 89b95f1ead85eb0088425d4a8a60de1d4aa05a5ebfe2a6d723e2730f9f2b9ec6720e6408de44afea3c84a2d1bf500b11c77f482d6c2bb1e89f043cfc57554ec0 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\55811988-650c-4420-b0e4-915381989e88\26cb2d5567e6afdc_0
| MD5 | ebf635c5067d14952b5c893d254387cf |
| SHA1 | 46bede00c5b0af5a7c63a6d037857e33a1af3447 |
| SHA256 | 6da6040ded0ab84bcf7077d75072f6447d488be3c97e5b0e10dd148e90d3634f |
| SHA512 | a8017536530b4baa032b6ad7919927838f764d3c1639977311855594c128ab88c529293f7874acffc9ccd364700bb75c5eaacca46319204e0be7c17682ac9793 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\55811988-650c-4420-b0e4-915381989e88\fef132170d47887d_0
| MD5 | d74686822341471290cd8a592617e2d9 |
| SHA1 | cb67ab66e21c484aa478422671d2a7616b9fc083 |
| SHA256 | 1e27535f146707092e8ffa76693b7fabb798159187ce938a6831f661ebd68b2a |
| SHA512 | 0cae1122594f02b78208ff69c96ff0e098e3ede802642eb934264aeb31fddad1b7d0b9007dbddd5918253da9690f675e28982447d9aa60328baf36cb654d92d8 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\55811988-650c-4420-b0e4-915381989e88\8e22ab6f7be8784b_0
| MD5 | 4df5f0978bc12ba21c8b71e6b5d0fe4d |
| SHA1 | 090cda36921c3ce8508584c804e67340f83bc4d7 |
| SHA256 | 60848a4cb8df79886338d288e288ef517f962dffaef9b1d3c6c0b8fcdf88f197 |
| SHA512 | 2c38b1697b31b91c4e22b90f3c4e1e3367704b42629a6bf42ea5c36dfd9299f1fae7930fc437844a7b5eedc7381ab00c756dc8c7b44ef99bbf98f24a5d389fa8 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\bcadigmkecmhhknameopgaidphameinh\Icons\256.png
| MD5 | a363094ba5e40a4760a9bf566e5defd3 |
| SHA1 | 1e74e20f48ec878bd0b76448c722168879c5b387 |
| SHA256 | 05ae2d6161a3acd83798ec56dbc45087e6aeb0a1376401f55aa46539b1d95559 |
| SHA512 | ce30f312cc08366aa588e75b229c178a83cf6d464a1051bd1118b81e5166085a2b1bcfbff97804f3e8662366b59f43a659e4b0e315dabad125f16ec9ad9ac379 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\bcadigmkecmhhknameopgaidphameinh\Icons\128.png
| MD5 | 363bbbffe31e45e3945aa0ff3b8cdd1d |
| SHA1 | f223255a82218ddd45bdf54a0cf1e8b438a67edc |
| SHA256 | 39b835c3dcf4261025de83d49ab151f5af0bc1ed8845932065aa1a333f026684 |
| SHA512 | 7bbfb3810a2bed3d2a8a899afa95412cca95fa6916b1684ae3182bd0ad28faa7076fdf328281d106a53c10385667729b4089b0050610e87eadef2f3ff54e80be |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\bcadigmkecmhhknameopgaidphameinh\Icons\96.png
| MD5 | 115decbc3eb53574b2582f15a0996e83 |
| SHA1 | 598a1d495135f767be6d03cf50418615b22146b6 |
| SHA256 | 07fbfbda84eb5467b120fb3f9b4e028077303098bac8c2934635b14bbda847e0 |
| SHA512 | af237ddb585ad38fd0fc3d0f0b75c60d0117e965a548bda055b2625f86ee7d91fedc840e1afa2fe80814f152732371255133faa21c3d774ca9691446541cf46c |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\bcadigmkecmhhknameopgaidphameinh\Icons\64.png
| MD5 | 6f5486bcca8c4ce582982a196d89ece5 |
| SHA1 | 4648ae13d71b2ff681cabc5d0b5b4bb242cb78a2 |
| SHA256 | c870819a5c73e2ea5f94312bdf10fc56668d3311ef2eab6509b659efb456bb8d |
| SHA512 | 9a36d519a9cadf5b464a98082511906cc5f24c4218f6bc2ae323f6b38bf5fd413614807ef0d442801bfbc3b2ce2a0527b0f7be24fd51f49cbde6b5dfe2cafd7c |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\bcadigmkecmhhknameopgaidphameinh\Icons\48.png
| MD5 | 7cf35c8c1a7bd815f6beea2ef9a5a258 |
| SHA1 | 758f98bfed64e09e0cc52192827836f9e1252fd1 |
| SHA256 | 67c320fa485a8094fc91cd3fcd59a7c75d2474e3046a7eb274b01863257fbe01 |
| SHA512 | 0bbebde654c9f44cf56b74fc1a9525b62c88724ec80658efede3cbb370c3a6d4f3e78df459bbd0559a51838f4a172bdfcd370bd5477038309024b77cd69f2a15 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\bcadigmkecmhhknameopgaidphameinh\Icons\32.png
| MD5 | d2e7ab79b45eda7c4421f296abf37c52 |
| SHA1 | 8490f4e098d50ec161e64db912f8430826daf2bc |
| SHA256 | ded3490683fcf3c5b87803bb1835759df2b65831a6257a326709a708a1dd45ac |
| SHA512 | 094c2150f872e727980f84b6c011f13210d43cbfd9437825b3b014211c69d7bd3f6367e9913370b624ddad270cfe91c190ebf2c5f5fd4e082b5d6c85199cb6b1 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\bcadigmkecmhhknameopgaidphameinh\Icons\16.png
| MD5 | 238b0e7dc06028db4b6aba8078740ffb |
| SHA1 | 5fd2309587993b371beabb7a9d039e0dba3006ba |
| SHA256 | d159e510392f6da58c4d15cc098171d45c7b02a1362cbf7be7a2d47a1a10e7fc |
| SHA512 | 1dda4de21be647067c04dfc47174df39d0c6c1eeee3e9005211f908351b69d6a27ed268b5ec7480285fb203a95136a3a205f7bafb7eb5223a3dcbab0dadc0e5d |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences
| MD5 | 7a40bb6288f065bae4a7134105182c24 |
| SHA1 | 52b2616415d5cef47924c06f354fb769023930f3 |
| SHA256 | e1b3448ff104f90e818a468c1aa37fd4dd494669e99b7f292f7dbd44882f30ca |
| SHA512 | cdef50e0501cdaa0fca52b214f4b43a04d242e1ba4be331593df41d25fd0e8586d36acf801b28600906691b984163ed8ab6b33281933b3b402d7fec5d8ff8735 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\55811988-650c-4420-b0e4-915381989e88\1ad10c4bb9e37138_0
| MD5 | e57ebaa421abb69c998b1c801b8a213e |
| SHA1 | 386a3166fd447d1ec8bf1f8daf51d81b4f9020d6 |
| SHA256 | fe43fa74b6a6c370af142d7ab14d8d89e610923ff0a00a5a777920e4c9d6fcff |
| SHA512 | 5ffbfee9970bfa19ff9242b08870ad1b4d3690363f05d7af792cabced98cb27fdafba3f1161f4fc1544ca34da1fa3ac418131f5210e3452e376456ed57377cb4 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\55811988-650c-4420-b0e4-915381989e88\2a9877b782e7616c_0
| MD5 | 39846803ac3f83839365ce751d1870e7 |
| SHA1 | 1eac7e342ae8a1cbb09e01c2f2e658b06f45458d |
| SHA256 | 35a82e2e896ab0129a3a01aba72f20af0a5d09dc351c6d0250cd849c15dc090c |
| SHA512 | 063dd219c835a58206254301a7ac896580efdb6f762e0f1d81a9ebb56a19eb1bb842f87d1e233ca42d712f30881d9657c98edc3a1b0cb351ac986cb29444647d |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\55811988-650c-4420-b0e4-915381989e88\292fbdd019f435bf_0
| MD5 | ce49ffd96f3a0f37fd409db959c5542c |
| SHA1 | 3603990c7bac5671509d136950c14e43bdf10db4 |
| SHA256 | 8775e72567355d67ab5d1103b497b20fad47c61be6ca754e58f69633891a59f1 |
| SHA512 | 5d150812ecb4e6b38343be33784da153c21a7b8cd6593398cb2b2857e300d9e1496d0ece9cdc600f8ad482e184e784d20420cfbd2add6187bcf41d7659aa2042 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\55811988-650c-4420-b0e4-915381989e88\88a052183f2a4b12_0
| MD5 | a24ec308005470ad8ebf021f60f34c4e |
| SHA1 | 73d84ddf6a6dcf42cde5ca155efd7c2495aaee58 |
| SHA256 | a9500fc6c51d69be22f6c594dbe92c0eac32a505737120663cdad7096fc6b721 |
| SHA512 | 3fb3d6187fd1cb40997b1124c0d3d9d6e64f77a465a439bd49d47c0556c28c35e226049f48d1dd46ff9bee810ab788f6131d522c86c7a31c1a6dfb97ff8a7998 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\55811988-650c-4420-b0e4-915381989e88\de3b030126695833_0
| MD5 | 45d06d56086c9b67cfb8b52c8d806ba7 |
| SHA1 | a86a2333ec99715ca6352e423a74a84d13b13036 |
| SHA256 | 8aaefaa38fa069c69851f3261fbd6234352c358baefc9c0c1427d1483e2ef667 |
| SHA512 | 8c263d46a5384923f5b71e73da8fdd34814b59fbd22f48c60867a68951161af24be6283bab67b68c86ee0ad725ad7e8c30c79b5449de3a7071c9538925b54283 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\55811988-650c-4420-b0e4-915381989e88\25fecb7eba1124c3_0
| MD5 | df5239903c20374d11f3c757a1bbbcfd |
| SHA1 | 7bd4c2d2a26cc4f06aac6089d84822f7e5298d2f |
| SHA256 | bc1738ff3d35f86808babcdd3d8a11603cf213e3abc907b8a9df133d9630856a |
| SHA512 | f4561d450735f614cb4a2f14b23fc6298124f060106a1ad6df1176edc908cc40c91a69baff848f37ebd0c3abd8fe8709fd52d7c7d38fb07b2dfea5fb4c87dd3c |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\55811988-650c-4420-b0e4-915381989e88\26986cc774600b65_0
| MD5 | e639c233ce080d788d8f0e6a3477fa48 |
| SHA1 | 3a27ce65eef3d1461e157291d45aeab1bc7b0438 |
| SHA256 | 5711ea052329a3a27a73fd195d33f4f1016649e6383167bb0626b07a070034f0 |
| SHA512 | 55320631d4496c4320b1728ab4273cb263983b3d5ff423a9876fef2a2bc86f247f5c4bc4c756485609f2ab3b25ed64ad0421912b43257ba875df210c20450a90 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\55811988-650c-4420-b0e4-915381989e88\6d861d3c5a9afc0c_0
| MD5 | d256f73305bf5d044358e64ce8986a2f |
| SHA1 | e28faba7f00fe14ab0642b19af0e4833bbe05514 |
| SHA256 | 6cc735cdc0f34a8ed614d884f8df4adc1c50d7afffad3668747103090a0d9cf7 |
| SHA512 | 2a9d0b0b7185e6be42a8d365813e2cc9d2a012e392c69bd1972a7a3437511dabe37054c8c4f98a0e9bbbf23fd7f80766be858b39d75b9273a3a16e88d7104154 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\55811988-650c-4420-b0e4-915381989e88\5128ede85833242e_0
| MD5 | bee1c94006f703548bd3eb0ba17230e4 |
| SHA1 | 1f6a91404255ddd024e35048772bfa57396590c2 |
| SHA256 | d0f016d16bb9faee831f2713c2b2f6b2ea40ce29990a0e9f25c8e10f24de5fc7 |
| SHA512 | 7a6face339d3f3934d78bbcbb11e4f716130e51d806eddc8b57502acef0b434f34a8d92c02815ef7fbdbcf7785af0183ed8761e190ee6e449de2ebcb1e342e29 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\55811988-650c-4420-b0e4-915381989e88\a81966f4be168991_0
| MD5 | 3ae0f5a4fd05d891bff56d4c0f41d325 |
| SHA1 | 2f3915d6c7d452f9c75b088076bd22309549fdf0 |
| SHA256 | a69351d19806788f8c0e768cef3cc8574cefc855ebfbcd3f655de010def8519a |
| SHA512 | 853c1905cc18e534c8d73829d6278c33571cd41639e02a52e7453d97039d4fee5c50a6c5b53cbe5900db53d02abe0ec5dd896d9e93959ea29afd12ff8ec01bf2 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity
| MD5 | 226bf574e1d1270fefb439dd606bb831 |
| SHA1 | ddea469509b3ce86634c29047495ae4927c8855e |
| SHA256 | 029b35d6f9e4ddb96e1dcb36fd43367c536437faa0fe246bbc34430660a603af |
| SHA512 | c8578a3c414bcdae04766ecd99e145e7df9f4d59fa16cbaacd9f3f4f975545a1bb45fb221477ed10d8c1ed6e62c3f69a8eaf495946118b94dd279180ec97079f |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity~RFe599a33.TMP
| MD5 | f29f28d472810910b03e6cd896b875a1 |
| SHA1 | 6e84b0593c1122ce2ac6396df4402284119a6009 |
| SHA256 | 54aca48f3f184375ece7746c23100cbce24d09be54a8f2c41263da5de4fb4ba2 |
| SHA512 | 36985adfeedc1ab173cbd9b9f608d6a9e818c2908f92a538b5310d7841b6668a2dc0c911c58ea081159514952c13b99293a5d5181be21038f88b6f2e9737bd82 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\google_import_script\24.4.23.0\script
| MD5 | b807ebd3002f71c1de6deb285528a920 |
| SHA1 | 14b2c18684174abd078600bc9ac95628c00ea952 |
| SHA256 | 8b44c53ea53b3ff1465263dec2380c68e88e4964984dbdc1497ff2aeedb010d6 |
| SHA512 | 2885e6e91a8ddb346b15ee22f8bd0ea4735314d16a7a480c999b890fc3fcf68e5ab7ee137c7e788f1652f889f23ed920e70cd58bd9300a1e0af44babeeb9fdab |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\google_import_script\24.4.23.0\_metadata\yandex\verified_contents.json
| MD5 | 683c4594670f2cfde98a198091bf1889 |
| SHA1 | 3d6e271a452024422213183980bcf510226648ec |
| SHA256 | d38c186b9c02f7db4aeaa4326e5012470c3eaffc1f40553761b5db62f6c1d344 |
| SHA512 | 62a24ff8f7d2fe1f5fe1793719b2e3f964ab97552e0c75835f299c8ae3cdd4f92ab71c3c4baead8d234176e96672baa787fdc043ebc2686f6639cbf494c7ab4c |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\Temp\chrome_Unpacker_BeginUnzipping10208_851726657\manifest.json
| MD5 | 29012066e78d4e28ea709f43e49c9cc5 |
| SHA1 | 88c04e80be6ad489b271f3f86a4f1c6d29c53f67 |
| SHA256 | 711594a302c5158486932dc5a5a080a8e7d2542a8c36da00cb8cc388a08a99b1 |
| SHA512 | d4dd602aa722bd46fd9477e7b167e65285003594fd6ece49523533913e8281a4bbe1d971fa7fbbb0baf3944aba1d19b5f3a2c6b56dc1101bcdc6a53905f511ca |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\55811988-650c-4420-b0e4-915381989e88\fd41ca2a883063a6_0
| MD5 | 33904d82f43c90b5e9ffb866e4066b7c |
| SHA1 | ce9ec159724ee3d72e3299fad2d63bd1a5add7e6 |
| SHA256 | 986899c2b72631e9299c4147d5312dcc8a2417a27a22739c81041ebbc32f75d8 |
| SHA512 | 862d44599fd039e1d5d7319e3100642e89f0aa1da9cd629ed2ec9cda09543665d64d201039ecc77d49bd4961b9534304d156141c2d73e3bed3d698247ff9073e |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\55811988-650c-4420-b0e4-915381989e88\72c2e20ca5d250b9_0
| MD5 | fe144e8a946692c1fdbbc1e94d5aab9e |
| SHA1 | 8e93027375dce95f4373e2c38aa3c57634240d48 |
| SHA256 | e9532c23d55b0620c0a6dee30de083b2993c5fbf497fec4de854cfb1262077af |
| SHA512 | 815b2ee2e1ab7c5bd4098555ca948b37e473671d6189d1aa8fe6ed381453555b80fd4f118c74cf58e581c33d4066eab4552673da52f5aebb1fe87c1099cd885b |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\55811988-650c-4420-b0e4-915381989e88\9c1d7216fb32fb2b_0
| MD5 | c79374430f99c63078cd9dea8669d627 |
| SHA1 | 081ab48ee9093d1b0eb1cc5e773a81a2a3c431ea |
| SHA256 | a2b872d715662ed1b369c06b4ee179dee8036e65dadab70f7753f8cfa143392b |
| SHA512 | bdba70c40a19dc1a47e2c2efaf866d8547f810bbec627956652a301df789e46aee9f50be1a5fa89f447f89febd829404cfed35a60706733dc2122e5306add136 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\55811988-650c-4420-b0e4-915381989e88\e7d083353a620397_0
| MD5 | 400d22f91fdbd17ad45b1a39743c69dd |
| SHA1 | fa38d5d97dda5336895e593dd029d224006b242a |
| SHA256 | f3f3a7cd6966e3aec87065042f6b1efac1747fe68d3f676c9a16b86c2dd03fa3 |
| SHA512 | 6ec61a1a277acd448a7bc0c8539aa06819edff1eeab5153e1a6f758309d93d1715bb3d3fdd1c8b01a101203c2a09d356efc2690f47db27ce08eb014d685d68ae |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\YandexDictionaries\ru.bdic
| MD5 | ac3768f0462853d08df284e67c7c4ebd |
| SHA1 | 732581ac6f2e02246696817adc53d2e2e5d0dcb5 |
| SHA256 | af2bcc135f974aad505a8f55296117dbf4cbc095931e22f424698b181d273656 |
| SHA512 | 27d558deffeeefe1198aebdf65a3fef0b0f3d6b6c4177d03ff32b0363f0a2fb1b7ff6454f45dd3254427cec9174b03181c50bc51dba212e6ab0114a6e72bcf96 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\55811988-650c-4420-b0e4-915381989e88\7cf11c68b79887d2_0
| MD5 | d3f933a65fa6b31cb31943910e039e93 |
| SHA1 | 29576c3d01aa653393ba2fd79cf860118a0d2478 |
| SHA256 | 0fb658f3b84f6a2eaa127b14ad6337af02d3533e7c528366208dc4d3bea1d592 |
| SHA512 | 560acc1aeb2a1c6a697cb3bfc60c5ff4cc3a4654f90950efa7e5893c229702e5935e34de2a34f238c6cb361cc1e9973c96ded256fcfdf71fe4618f0a7accf769 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\55811988-650c-4420-b0e4-915381989e88\cd4004d6793712fa_0
| MD5 | 48e994bd49609bf2c6ec3226e26568c4 |
| SHA1 | 8535734f7ce3b5ed311d8963ae8b56cd03b4c6cf |
| SHA256 | 07b5a34147de359b6ce2098c091ee3d6bf159fb1dce6fc7cad9284328dc6b8b1 |
| SHA512 | c59584dc08260820e1446f2b105050d45f04e9a87a8aa3fd23fbd278d666f59fbe79721d2faa1cd7eca1265abd8f0c7ae0d0e815d5564ff46e83cdbdaf1b4d00 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences
| MD5 | 732f58325bbf4d541d32b2fc46789dd6 |
| SHA1 | d03c59ede348c8540d1112d23e5c2e89f037bae2 |
| SHA256 | b37efb04e988e9954436fb6417cec11c2334ec34fd09517274aa132faa010e8b |
| SHA512 | f42dd269ac8ee4de2a7641c67b5a4dca54394b09d09c2374dc7a4a647dbce3878f452a18b463c9025a658130da02b0e75de14f188f2e6ab17fc5f6d999917777 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-23 21:54
Reported
2024-06-23 21:55
Platform
win11-20240508-en
Max time kernel
49s
Max time network
49s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "8" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "13" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000\Software\Microsoft\Internet Explorer\VersionManager\FirstCheckForUpdateHighDateTime = "31114712" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000\Software\Microsoft\Internet Explorer\GPU\DeviceId = "140" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000\Software\Microsoft\Internet Explorer\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionHigh = "268435456" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000\Software\Microsoft\Internet Explorer\BrowserEmulation | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000\Software\Microsoft\Internet Explorer\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\HomepagesUpgradeVersion = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPMigrationVer = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000\Software\Microsoft\Internet Explorer\GPU\SoftwareFallback = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000\Software\Microsoft\Internet Explorer\GPU\VendorId = "4318" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListDomainAttributeSet = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh = "268435456" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000\Software\Microsoft\Internet Explorer\GPU\SubSysId = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000\Software\Microsoft\Internet Explorer\GPU\Revision = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\StaleCompatCache = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "9" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionLow = "395196024" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow = "395196024" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\StaleCompatCache = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000\Software\Microsoft\Internet Explorer\VersionManager\FirstCheckForUpdateLowDateTime = "1679093098" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://temp.sh/WwJqO/vmware.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffaf6753cb8,0x7ffaf6753cc8,0x7ffaf6753cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,1852122942297347906,13021431673877364078,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1944 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1928,1852122942297347906,13021431673877364078,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1928,1852122942297347906,13021431673877364078,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2624 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,1852122942297347906,13021431673877364078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,1852122942297347906,13021431673877364078,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,1852122942297347906,13021431673877364078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,1852122942297347906,13021431673877364078,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4036 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1928,1852122942297347906,13021431673877364078,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4732 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,1852122942297347906,13021431673877364078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,1852122942297347906,13021431673877364078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,1852122942297347906,13021431673877364078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1928,1852122942297347906,13021431673877364078,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5124 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,1852122942297347906,13021431673877364078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2532 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,1852122942297347906,13021431673877364078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,1852122942297347906,13021431673877364078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,1852122942297347906,13021431673877364078,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | temp.sh | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.4.4:53 | google.com | udp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | temp.sh | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0c705388d79c00418e5c1751159353e3 |
| SHA1 | aaeafebce5483626ef82813d286511c1f353f861 |
| SHA256 | 697bd270be634688c48210bee7c5111d7897fd71a6af0bbb2141cefd2f8e4a4d |
| SHA512 | c1614e79650ab9822c4e175ba528ea4efadc7a6313204e4e69b4a9bd06327fb92f56fba95f2595885b1604ca8d8f6b282ab542988995c674d89901da2bc4186f |
\??\pipe\LOCAL\crashpad_1416_NIBMKNXIMCGIGTNN
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0d84d1490aa9f725b68407eab8f0030e |
| SHA1 | 83964574467b7422e160af34ef024d1821d6d1c3 |
| SHA256 | 40c09bb0248add089873d1117aadefb46c1b4e23241ba4621f707312de9c829e |
| SHA512 | f84552335ff96b5b4841ec26e222c24af79b6d0271d27ad05a9dfcee254a7b9e9019e7fac0def1245a74754fae81f7126499bf1001615073284052aaa949fa00 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2e4442b081188e42b8ea40d30af0532c |
| SHA1 | 5b2c157cb36185e1a48818d79247af750c4b6c29 |
| SHA256 | 0e3ff0941d987c89dc459588b078286c0c378cd2a645cb33027395f7696a8d6d |
| SHA512 | 0c4cc1039043364f9c67bbb347fe6ea44cc18eab9e3f8b0c3953c6eeec116871dd14d19af8c9565b452c3754dcebf76a2cb67b1fa3859b15f7efe81231c737cd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 05297ed94f8a538b4c787b9744b5f742 |
| SHA1 | 9e62192c49316c0c2ce50aad0c4acd81c82b976b |
| SHA256 | 86c9502365aed6d55f7ca248f0e9467ec48e3a39f92d9e3a7269f226887c08c1 |
| SHA512 | 17075987f3dc37b4ef672ad8ab77639e17f439589797da38a7c0fded0aeca47d3f6a5916abd642363cb623dd725ad70b95720866c6c6fff4df58dec9c9644e22 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1fff045669ea8d7bcff5d88651e935f4 |
| SHA1 | e72a416e2ba5dda787401df585380c82700ab25f |
| SHA256 | 56983270174507e523767399add4f8965ef5ae744065ff03f3ab547afbc818c4 |
| SHA512 | 4c07f0ce5c223c22bcb784b9df4eea7dca28c7edb0cd1ac91458b59750f86a8223c28b392de54c306d364834e01ec06f1ffc9d4fc6e88ff6536889c8e34156a2 |