Analysis Overview
Threat Level: Known bad
The file https://www.dropbox.com/scl/fi/67epyl2uw2x9t8y93bkch/Unlock_Tool.zip?rlkey=g0dmjtoajve5wofhntuxo673o&st=ibvvsshl&dl=1 was found to be: Known bad.
Malicious Activity Summary
Vidar
Vidar family
Detect Vidar Stealer
Boot or Logon Autostart Execution: Active Setup
Downloads MZ/PE file
Uses browser remote debugging
Loads dropped DLL
Executes dropped EXE
Unsecured Credentials: Credentials In Files
Reads user/profile data of web browsers
Reads data files stored by FTP clients
Checks computer location settings
Enumerates connected drives
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Adds Run key to start application
Drops file in System32 directory
Suspicious use of SetThreadContext
Checks system information in the registry
Subvert Trust Controls: Mark-of-the-Web Bypass
Drops file in Windows directory
Drops file in Program Files directory
Program crash
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
System Time Discovery
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: AddClipboardFormatListener
Uses Volume Shadow Copy service COM API
Modifies system certificate store
Delays execution with timeout.exe
Uses Task Scheduler COM API
Suspicious use of WriteProcessMemory
Modifies data under HKEY_USERS
Suspicious use of SetWindowsHookEx
Suspicious behavior: GetForegroundWindowSpam
Uses Volume Shadow Copy WMI provider
Suspicious use of SendNotifyMessage
Enumerates system info in registry
Modifies Internet Explorer start page
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Opens file in notepad (likely ransom note)
Modifies registry class
Checks SCSI registry key(s)
Checks processor information in registry
Kills process with taskkill
Modifies Internet Explorer settings
NTFS ADS
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-11-14 15:06
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-14 15:06
Reported
2024-11-14 15:20
Platform
win10ltsc2021-20241023-en
Max time kernel
769s
Max time network
822s
Command Line
Signatures
Detect Vidar Stealer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Vidar
Vidar family
Boot or Logon Autostart Execution: Active Setup
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
Downloads MZ/PE file
Uses browser remote debugging
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\install.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Control Panel\International\Geo\Nation | C:\Windows\TEMP\sdwra_6240_1569085659\service_update.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\install.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\StartAllBack-RSLOAD.NET-\StartAllBack_setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\StartAllBack-RSLOAD.NET-\StartAllBack_setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\Unlock_Tool\Unlock_Tool_v2.6.0.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\pin\explorer.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\StartAllBack-RSLOAD.NET-\StartAllBack_setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\YB_0F555.tmp\setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Reads data files stored by FTP clients
Reads user/profile data of web browsers
Unsecured Credentials: Credentials In Files
Accesses cryptocurrency files/wallets, possible credential harvesting
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\YandexBrowserAutoLaunch_45886AE68CD319C7351FF54A1DBD4B87 = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --shutdown-if-not-closed-by-system-restart" | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
Checks installed software on the system
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\D: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\D: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\D: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\D: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\D: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\D: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\D: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\D: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\D: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\D: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\D: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\D: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\D: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\D: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\D: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\explorer.exe | N/A |
Checks system information in the registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Yandex\ui | C:\Program Files (x86)\Yandex\YandexBrowser\24.10.2.705\service_update.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 5364 set thread context of 5376 | N/A | C:\Users\Admin\Downloads\Unlock_Tool\Unlock_Tool_v2.6.0.exe | C:\Users\Admin\Downloads\Unlock_Tool\Unlock_Tool_v2.6.0.exe |
| PID 2236 set thread context of 3388 | N/A | C:\Users\Admin\Downloads\Unlock_Tool\Unlock_Tool_v2.6.0.exe | C:\Users\Admin\Downloads\Unlock_Tool\Unlock_Tool_v2.6.0.exe |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Yandex\YandexBrowser\24.10.2.705\service_update.exe | C:\Windows\TEMP\sdwra_6240_1569085659\service_update.exe | N/A |
| File opened for modification | C:\Program Files\StartAllBack\StartAllBackX64.dll | C:\Users\Admin\Downloads\StartAllBack-RSLOAD.NET-\StartAllBack_3.x_Patch\StartAllBack_3.x_Patch.exe | N/A |
| File opened for modification | C:\Program Files\StartAllBack\StartAllBackX64.dll | C:\Users\Admin\Downloads\StartAllBack-RSLOAD.NET-\StartAllBack_3.x_Patch\StartAllBack_3.x_Patch.exe | N/A |
| File opened for modification | C:\Program Files\StartAllBack\StartAllBackX64.dll | C:\Users\Admin\Downloads\StartAllBack-RSLOAD.NET-\StartAllBack_3.x_Patch\StartAllBack_3.x_Patch.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\933aec7a-f59e-4291-a5dd-9f0d891eaf30.tmp | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241114150629.pma | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Tasks\Update for Yandex Browser.job | C:\Program Files (x86)\Yandex\YandexBrowser\24.10.2.705\service_update.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI2B62.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIB5A7.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIB675.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp\scoped_dir6716_1577666631\History | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI2A10.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Tasks\Repairing Yandex Browser update service.job | C:\Program Files (x86)\Yandex\YandexBrowser\24.10.2.705\service_update.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI2AB2.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp\yandex_browser_installer.log | C:\Users\Admin\AppData\Local\Temp\YB_0F555.tmp\setup.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_url_fetcher_2268_1216655981\oimompecagnajdejgnnjijobebaeigek_4.10.2830.0_win32_pi7fbtgomadufx37pziz5b3buy.crx3 | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2268_326189195\manifest.json | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2268_326189195\manifest.fingerprint | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI2A81.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIB45B.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIB596.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIB780.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2268_435196088\_platform_specific\win_x86\widevinecdm.dll | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI2B03.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIB607.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| File created | C:\Windows\Tasks\Обновление Браузера Яндекс.job | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| File opened for modification | C:\Windows\Installer\e5d2939.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIB42B.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2268_435196088\_platform_specific\win_x86\widevinecdm.dll.sig | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2268_435196088\manifest.fingerprint | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | C:\Users\Admin\AppData\Local\Temp\YB_0F555.tmp\setup.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI2A51.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI2A91.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI2B23.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIB89A.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\scoped_dir6716_1577666631\History | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI2A40.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI2AC3.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIB5D7.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_url_fetcher_2268_8634178\24_10_25_00.crx | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2268_435196088\LICENSE | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp\yandex_browser_installer.log | C:\Users\Admin\AppData\Local\Temp\YB_0F555.tmp\setup.exe | N/A |
| File opened for modification | C:\Windows\Installer\e5d2935.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI2AA2.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5d2939.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Tasks\System update for Yandex Browser.job | C:\Program Files (x86)\Yandex\YandexBrowser\24.10.2.705\service_update.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{5B964E0E-B9A3-4276-9ED9-4D5A5720747A} | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2268_326189195\script | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5d2935.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIB4D9.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIB576.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2268_326189195\_metadata\yandex\verified_contents.json | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2268_435196088\manifest.json | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2268_435196088\_metadata\verified_contents.json | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | C:\Users\Admin\AppData\Local\Temp\YB_0F555.tmp\setup.exe | N/A |
Subvert Trust Controls: Mark-of-the-Web Bypass
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\install.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
Program crash
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Unlock_Tool\Unlock_Tool_v2.6.0.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Unlock_Tool\Unlock_Tool_v2.6.0.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\{CBF06B05-DD72-46CC-9104-4A1B5F08068F}.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\YB_0F555.tmp\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\4CB36697-BE8F-4FA3-9942-28DFC4E83F92\sender.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\8A8E4343-43E5-4BDD-80DC-DE9FBC9660DF\lite_installer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Yandex\YandexBrowser\24.10.2.705\service_update.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Yandex\YandexBrowser\24.10.2.705\service_update.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\timeout.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\install.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\C7E40EDE-204D-4558-AD7A-B8515344CE4F\sender.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\install.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\TEMP\sdwra_6240_1569085659\service_update.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\install.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Yandex\YandexBrowser\24.10.2.705\service_update.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\pin\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\525DABD6-CCB6-4F9C-83FB-40F88F5C00CA\seederexe.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Unlock_Tool\Unlock_Tool_v2.6.0.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\YB_0F555.tmp\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\StartAllBack-RSLOAD.NET-\StartAllBack_3.x_Patch\StartAllBack_3.x_Patch.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\StartAllBack-RSLOAD.NET-\StartAllBack_3.x_Patch\StartAllBack_3.x_Patch.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\83540CE4-5652-4EB0-8BEC-9F4275AEC8FD\seederexe.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
System Time Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\YB_0F555.tmp\setup.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Capabilities | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Capabilities | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Capabilities | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Capabilities | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID | C:\Windows\explorer.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\Downloads\Unlock_Tool\Unlock_Tool_v2.6.0.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\Downloads\Unlock_Tool\Unlock_Tool_v2.6.0.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\Downloads\Unlock_Tool\Unlock_Tool_v2.6.0.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\Downloads\Unlock_Tool\Unlock_Tool_v2.6.0.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Software\Microsoft\Internet Explorer\Main | C:\Users\Admin\AppData\Local\Temp\83540CE4-5652-4EB0-8BEC-9F4275AEC8FD\seederexe.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\e63114e6-a29a-11ef-baed-5a08f5c3f771\YaCreationDate = "2024-12-14" | C:\Users\Admin\AppData\Local\Temp\83540CE4-5652-4EB0-8BEC-9F4275AEC8FD\seederexe.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\buffer\SuggestionsURL = "http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}§ionHeight={ie:sectionHeight}&FORM=IESS02&market={language}" | C:\Users\Admin\AppData\Local\Temp\83540CE4-5652-4EB0-8BEC-9F4275AEC8FD\seederexe.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\Local\\MICROS~1\\INTERN~1\\Services\\YANDEX~1.ICO" | C:\Users\Admin\AppData\Local\Temp\83540CE4-5652-4EB0-8BEC-9F4275AEC8FD\seederexe.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\e63114e6-a29a-11ef-baed-5a08f5c3f771\NTLogoURL = "http://go.microsoft.com/fwlink/?LinkID=403856&language={language}&scale={scalelevel}&contrast={contrast}" | C:\Users\Admin\AppData\Local\Temp\83540CE4-5652-4EB0-8BEC-9F4275AEC8FD\seederexe.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\e63114e6-a29a-11ef-baed-5a08f5c3f771\NTLogoURL = "http://downloader.yandex.net/banner/ntpagelogo/{language}/{scalelevel}.png" | C:\Users\Admin\AppData\Local\Temp\83540CE4-5652-4EB0-8BEC-9F4275AEC8FD\seederexe.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\buffer\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" | C:\Users\Admin\AppData\Local\Temp\83540CE4-5652-4EB0-8BEC-9F4275AEC8FD\seederexe.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\buffer\NTTopResultURL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IENTTR" | C:\Users\Admin\AppData\Local\Temp\83540CE4-5652-4EB0-8BEC-9F4275AEC8FD\seederexe.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\buffer\NTLogoPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\" | C:\Users\Admin\AppData\Local\Temp\83540CE4-5652-4EB0-8BEC-9F4275AEC8FD\seederexe.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ShowSearchSuggestionsInAddressGlobal = "1" | C:\Users\Admin\AppData\Local\Temp\83540CE4-5652-4EB0-8BEC-9F4275AEC8FD\seederexe.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\buffer\NTURL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IENTSR" | C:\Users\Admin\AppData\Local\Temp\83540CE4-5652-4EB0-8BEC-9F4275AEC8FD\seederexe.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\buffer\NTSuggestionsURL = "http://api.bing.com/qsml.aspx?query={searchTerms}&market={language}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}§ionHeight={ie:sectionHeight}&FORM=IENTSS" | C:\Users\Admin\AppData\Local\Temp\83540CE4-5652-4EB0-8BEC-9F4275AEC8FD\seederexe.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURL | C:\Users\Admin\AppData\Local\Temp\83540CE4-5652-4EB0-8BEC-9F4275AEC8FD\seederexe.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Users\Admin\AppData\Local\Temp\83540CE4-5652-4EB0-8BEC-9F4275AEC8FD\seederexe.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\e63114e6-a29a-11ef-baed-5a08f5c3f771\URL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" | C:\Users\Admin\AppData\Local\Temp\83540CE4-5652-4EB0-8BEC-9F4275AEC8FD\seederexe.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Software\Microsoft\Internet Explorer\MINIE | C:\Users\Admin\AppData\Local\Temp\83540CE4-5652-4EB0-8BEC-9F4275AEC8FD\seederexe.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\buffer\DisplayName = "Bing" | C:\Users\Admin\AppData\Local\Temp\83540CE4-5652-4EB0-8BEC-9F4275AEC8FD\seederexe.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTTopResultURL | C:\Users\Admin\AppData\Local\Temp\83540CE4-5652-4EB0-8BEC-9F4275AEC8FD\seederexe.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\e63114e6-a29a-11ef-baed-5a08f5c3f771\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" | C:\Users\Admin\AppData\Local\Temp\83540CE4-5652-4EB0-8BEC-9F4275AEC8FD\seederexe.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\LinksBandEnabled = "1" | C:\Users\Admin\AppData\Local\Temp\83540CE4-5652-4EB0-8BEC-9F4275AEC8FD\seederexe.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\e63114e6-a29a-11ef-baed-5a08f5c3f771\DisplayName = "Яндекс" | C:\Users\Admin\AppData\Local\Temp\83540CE4-5652-4EB0-8BEC-9F4275AEC8FD\seederexe.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\buffer\NTLogoURL = "http://go.microsoft.com/fwlink/?LinkID=403856&language={language}&scale={scalelevel}&contrast={contrast}" | C:\Users\Admin\AppData\Local\Temp\83540CE4-5652-4EB0-8BEC-9F4275AEC8FD\seederexe.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\buffer | C:\Users\Admin\AppData\Local\Temp\83540CE4-5652-4EB0-8BEC-9F4275AEC8FD\seederexe.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\SOFTWARE\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\SOFTWARE\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\e63114e6-a29a-11ef-baed-5a08f5c3f771\URL = "https://yandex.ru/search/?win=672&clid=9183481-848&text={searchTerms}" | C:\Users\Admin\AppData\Local\Temp\83540CE4-5652-4EB0-8BEC-9F4275AEC8FD\seederexe.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURL_JSON = "https://suggest.yandex.ru/suggest-ff.cgi?uil=ru&part={searchTerms}" | C:\Users\Admin\AppData\Local\Temp\83540CE4-5652-4EB0-8BEC-9F4275AEC8FD\seederexe.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\URL = "https://yandex.ru/search/?win=672&clid=9183481-848&text={searchTerms}" | C:\Users\Admin\AppData\Local\Temp\83540CE4-5652-4EB0-8BEC-9F4275AEC8FD\seederexe.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\SOFTWARE\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\buffer\SuggestionsURLFallback = "http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}§ionHeight={ie:sectionHeight}&FORM=IESS02&market={language}" | C:\Users\Admin\AppData\Local\Temp\83540CE4-5652-4EB0-8BEC-9F4275AEC8FD\seederexe.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} | C:\Users\Admin\AppData\Local\Temp\83540CE4-5652-4EB0-8BEC-9F4275AEC8FD\seederexe.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\SOFTWARE\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\buffer | C:\Users\Admin\AppData\Local\Temp\83540CE4-5652-4EB0-8BEC-9F4275AEC8FD\seederexe.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} | C:\Users\Admin\AppData\Local\Temp\83540CE4-5652-4EB0-8BEC-9F4275AEC8FD\seederexe.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\DisplayName = "Яндекс" | C:\Users\Admin\AppData\Local\Temp\83540CE4-5652-4EB0-8BEC-9F4275AEC8FD\seederexe.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\e63114e6-a29a-11ef-baed-5a08f5c3f771\NTSuggestionsURL = "http://api.bing.com/qsml.aspx?query={searchTerms}&market={language}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}§ionHeight={ie:sectionHeight}&FORM=IENTSS" | C:\Users\Admin\AppData\Local\Temp\83540CE4-5652-4EB0-8BEC-9F4275AEC8FD\seederexe.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Users\Admin\AppData\Local\Temp\525DABD6-CCB6-4F9C-83FB-40F88F5C00CA\seederexe.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\SOFTWARE\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\SOFTWARE\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\e63114e6-a29a-11ef-baed-5a08f5c3f771\NTTopResultURL | C:\Users\Admin\AppData\Local\Temp\83540CE4-5652-4EB0-8BEC-9F4275AEC8FD\seederexe.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTLogoURL = "http://downloader.yandex.net/banner/ntpagelogo/{language}/{scalelevel}.png" | C:\Users\Admin\AppData\Local\Temp\83540CE4-5652-4EB0-8BEC-9F4275AEC8FD\seederexe.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\YaCreationDate = "2024-12-14" | C:\Users\Admin\AppData\Local\Temp\83540CE4-5652-4EB0-8BEC-9F4275AEC8FD\seederexe.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\e63114e6-a29a-11ef-baed-5a08f5c3f771\DisplayName = "Bing" | C:\Users\Admin\AppData\Local\Temp\83540CE4-5652-4EB0-8BEC-9F4275AEC8FD\seederexe.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\SOFTWARE\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\e63114e6-a29a-11ef-baed-5a08f5c3f771\FaviconURLFallback = "https://www.ya.ru/favicon.ico" | C:\Users\Admin\AppData\Local\Temp\83540CE4-5652-4EB0-8BEC-9F4275AEC8FD\seederexe.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\e63114e6-a29a-11ef-baed-5a08f5c3f771\SuggestionsURL_JSON = "https://suggest.yandex.ru/suggest-ff.cgi?uil=ru&part={searchTerms}" | C:\Users\Admin\AppData\Local\Temp\83540CE4-5652-4EB0-8BEC-9F4275AEC8FD\seederexe.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\e63114e6-a29a-11ef-baed-5a08f5c3f771\NTURL = "https://yandex.ru/search/?win=672&clid=9183485-848&text={searchTerms}" | C:\Users\Admin\AppData\Local\Temp\83540CE4-5652-4EB0-8BEC-9F4275AEC8FD\seederexe.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\e63114e6-a29a-11ef-baed-5a08f5c3f771\SuggestionsURLFallback = "http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}§ionHeight={ie:sectionHeight}&FORM=IESS02&market={language}" | C:\Users\Admin\AppData\Local\Temp\83540CE4-5652-4EB0-8BEC-9F4275AEC8FD\seederexe.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\e63114e6-a29a-11ef-baed-5a08f5c3f771 | C:\Users\Admin\AppData\Local\Temp\83540CE4-5652-4EB0-8BEC-9F4275AEC8FD\seederexe.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\e63114e6-a29a-11ef-baed-5a08f5c3f771\SuggestionsURL | C:\Users\Admin\AppData\Local\Temp\83540CE4-5652-4EB0-8BEC-9F4275AEC8FD\seederexe.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\buffer\FaviconURLFallback = "http://www.bing.com/favicon.ico" | C:\Users\Admin\AppData\Local\Temp\83540CE4-5652-4EB0-8BEC-9F4275AEC8FD\seederexe.exe | N/A |
Modifies Internet Explorer start page
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page = "https://www.ya.ru/?win=672&clid=9183479-848" | C:\Users\Admin\AppData\Local\Temp\83540CE4-5652-4EB0-8BEC-9F4275AEC8FD\seederexe.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\AppDataLow | C:\Program Files (x86)\Yandex\YandexBrowser\24.10.2.705\service_update.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\AppDataLow\Yandex\UICreated_SYSTEM = "1" | C:\Program Files (x86)\Yandex\YandexBrowser\24.10.2.705\service_update.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133760705508003238" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\AppDataLow\Yandex | C:\Program Files (x86)\Yandex\YandexBrowser\24.10.2.705\service_update.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software | C:\Program Files (x86)\Yandex\YandexBrowser\24.10.2.705\service_update.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 000000000100000002000000ffffffff | C:\Users\Admin\Downloads\StartAllBack-RSLOAD.NET-\StartAllBack_3.x_Patch\StartAllBack_3.x_Patch.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202020202020202020202020202 | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\YandexFB2.7Z7T3FIA4OO255MEQLLMNQ5LPE\Application\ApplicationDescription = "Яндекс\u00a0Браузер – это быстрая и\u00a0удобная программа для\u00a0работы в\u00a0интернете и\u00a0просмотра веб-страниц." | C:\Users\Admin\AppData\Local\Temp\YB_0F555.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\.htm | C:\Users\Admin\AppData\Local\Temp\YB_0F555.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\17 | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202020202020202020202 | C:\Users\Admin\Downloads\StartAllBack-RSLOAD.NET-\StartAllBack_3.x_Patch\StartAllBack_3.x_Patch.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft | C:\Users\Admin\AppData\Local\Temp\83540CE4-5652-4EB0-8BEC-9F4275AEC8FD\seederexe.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\YandexFB2.7Z7T3FIA4OO255MEQLLMNQ5LPE\shell\open | C:\Users\Admin\AppData\Local\Temp\YB_0F555.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\YandexCRX.7Z7T3FIA4OO255MEQLLMNQ5LPE\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-104" | C:\Users\Admin\AppData\Local\Temp\YB_0F555.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\.gif | C:\Users\Admin\AppData\Local\Temp\YB_0F555.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\.jpg\OpenWithProgids\YandexJPEG.7Z7T3FIA4OO255MEQLLMNQ5LPE | C:\Users\Admin\AppData\Local\Temp\YB_0F555.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\YandexTXT.7Z7T3FIA4OO255MEQLLMNQ5LPE\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\YB_0F555.tmp\setup.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202020202020202020202 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoft.windows.search | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\.infected\OpenWithProgids | C:\Users\Admin\AppData\Local\Temp\YB_0F555.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\SystemFileAssociations\.webp\shell\image_search\ = "Поиск по картинке" | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\SystemFileAssociations\.jpg\shell\image_search\ = "Поиск по картинке" | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\YandexTXT.7Z7T3FIA4OO255MEQLLMNQ5LPE\ = "Yandex Browser TXT Document" | C:\Users\Admin\AppData\Local\Temp\YB_0F555.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\YandexWEBP.7Z7T3FIA4OO255MEQLLMNQ5LPE\Application\AppUserModelId = "Yandex.7Z7T3FIA4OO255MEQLLMNQ5LPE" | C:\Users\Admin\AppData\Local\Temp\YB_0F555.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 | C:\Users\Admin\Downloads\StartAllBack-RSLOAD.NET-\StartAllBack_3.x_Patch\StartAllBack_3.x_Patch.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\YandexTXT.7Z7T3FIA4OO255MEQLLMNQ5LPE\Application\ApplicationCompany = "Yandex" | C:\Users\Admin\AppData\Local\Temp\YB_0F555.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\SystemFileAssociations\.bmp\shell\image_search\command | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\Shell\SniffedFolderType = "Generic" | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Vid = "{137E7700-3573-11CF-AE69-08002B2E1262}" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\YandexGIF.7Z7T3FIA4OO255MEQLLMNQ5LPE\Application\ApplicationCompany = "Yandex" | C:\Users\Admin\AppData\Local\Temp\YB_0F555.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Users\Admin\Downloads\StartAllBack-RSLOAD.NET-\StartAllBack_3.x_Patch\StartAllBack_3.x_Patch.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Downloads" | C:\Users\Admin\Downloads\StartAllBack-RSLOAD.NET-\StartAllBack_3.x_Patch\StartAllBack_3.x_Patch.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202020202020202020202 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} | C:\Users\Admin\Downloads\StartAllBack-RSLOAD.NET-\StartAllBack_3.x_Patch\StartAllBack_3.x_Patch.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202020202020202020202 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "856" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\YandexPNG.7Z7T3FIA4OO255MEQLLMNQ5LPE\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-113" | C:\Users\Admin\AppData\Local\Temp\YB_0F555.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\SystemFileAssociations\.tif | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\SystemFileAssociations\.webp | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\MRUListEx = ffffffff | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\YandexSVG.7Z7T3FIA4OO255MEQLLMNQ5LPE\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-123" | C:\Users\Admin\AppData\Local\Temp\YB_0F555.tmp\setup.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 14002e80922b16d365937a46956b92703aca08af0000 | C:\Users\Admin\Downloads\StartAllBack-RSLOAD.NET-\StartAllBack_3.x_Patch\StartAllBack_3.x_Patch.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\18\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668}\FFlags = "1092616209" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\YandexINFE.7Z7T3FIA4OO255MEQLLMNQ5LPE\shell\open | C:\Users\Admin\AppData\Local\Temp\YB_0F555.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\Shell\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{885A186E-A440-4ADA-812B-DB871B942259} | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\YandexEPUB.7Z7T3FIA4OO255MEQLLMNQ5LPE\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1" | C:\Users\Admin\AppData\Local\Temp\YB_0F555.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\YandexEPUB.7Z7T3FIA4OO255MEQLLMNQ5LPE\Application\ApplicationIcon = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,0" | C:\Users\Admin\AppData\Local\Temp\YB_0F555.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\YandexTXT.7Z7T3FIA4OO255MEQLLMNQ5LPE\Application | C:\Users\Admin\AppData\Local\Temp\YB_0F555.tmp\setup.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 | C:\Users\Admin\Downloads\install.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 040000000100000010000000e94fb54871208c00df70f708ac47085b0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b81900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b4200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 | C:\Users\Admin\Downloads\install.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 5c0000000100000004000000001000001900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c040000000100000010000000e94fb54871208c00df70f708ac47085b200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 | C:\Users\Admin\Downloads\install.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 190000000100000010000000ea6089055218053dd01e37e1d806eedf0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254832000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Users\Admin\Downloads\install.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0400000001000000100000001bfe69d191b71933a372a80fe155e5b50f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e190000000100000010000000ea6089055218053dd01e37e1d806eedf2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Users\Admin\Downloads\install.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 5c000000010000000400000000100000190000000100000010000000ea6089055218053dd01e37e1d806eedf0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254830400000001000000100000001bfe69d191b71933a372a80fe155e5b52000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Users\Admin\Downloads\install.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E | C:\Users\Admin\Downloads\install.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Users\Admin\Downloads\install.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\install.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\StartAllBack-RSLOAD.NET-.rar:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\StartIsBack64.dll:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\StartIsBack64.dll.BAK\:Zone.Identifier:$DATA | C:\Users\Admin\Downloads\StartAllBack-RSLOAD.NET-\StartAllBack_3.x_Patch\StartAllBack_3.x_Patch.exe | N/A |
| File created | C:\Users\Admin\Downloads\StartIsBack64.dll\:Zone.Identifier:$DATA | C:\Users\Admin\Downloads\StartAllBack-RSLOAD.NET-\StartAllBack_3.x_Patch\StartAllBack_3.x_Patch.exe | N/A |
| File created | C:\Users\Admin\Downloads\StartIsBack64.dll.BAK\:Zone.Identifier:$DATA | C:\Users\Admin\Downloads\StartAllBack-RSLOAD.NET-\StartAllBack_3.x_Patch\StartAllBack_3.x_Patch.exe | N/A |
| File created | C:\Users\Admin\Downloads\StartIsBack64.dll\:Zone.Identifier:$DATA | C:\Users\Admin\Downloads\StartAllBack-RSLOAD.NET-\StartAllBack_3.x_Patch\StartAllBack_3.x_Patch.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\StartAllBack-RSLOAD.NET-\StartAllBack_3.x_Patch\StartAllBack_3.x_Patch.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\StartAllBack-RSLOAD.NET-\StartAllBack_3.x_Patch\StartAllBack_3.x_Patch.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.dropbox.com/scl/fi/67epyl2uw2x9t8y93bkch/Unlock_Tool.zip?rlkey=g0dmjtoajve5wofhntuxo673o&st=ibvvsshl&dl=1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7fff035e46f8,0x7fff035e4708,0x7fff035e4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,7050646002778469356,866884984826903107,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,7050646002778469356,866884984826903107,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,7050646002778469356,866884984826903107,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2648 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,7050646002778469356,866884984826903107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,7050646002778469356,866884984826903107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2080,7050646002778469356,866884984826903107,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5480 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,7050646002778469356,866884984826903107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,7050646002778469356,866884984826903107,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4236 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x10c,0x108,0x25c,0x114,0x7ff664735460,0x7ff664735470,0x7ff664735480
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,7050646002778469356,866884984826903107,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4236 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2080,7050646002778469356,866884984826903107,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,7050646002778469356,866884984826903107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6560 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,7050646002778469356,866884984826903107,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6564 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,7050646002778469356,866884984826903107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,7050646002778469356,866884984826903107,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6612 /prefetch:1
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\360af860-7594-44c4-8a2a-2e4101285257_Unlock_Tool.zip.257\Password.txt
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe"
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Unlock_Tool\Password.txt
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,7050646002778469356,866884984826903107,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4172 /prefetch:2
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Unlock_Tool\Readme.txt
C:\Users\Admin\Downloads\Unlock_Tool\Unlock_Tool_v2.6.0.exe
"C:\Users\Admin\Downloads\Unlock_Tool\Unlock_Tool_v2.6.0.exe"
C:\Users\Admin\Downloads\Unlock_Tool\Unlock_Tool_v2.6.0.exe
"C:\Users\Admin\Downloads\Unlock_Tool\Unlock_Tool_v2.6.0.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 5364 -ip 5364
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5364 -s 320
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ffef210cc40,0x7ffef210cc4c,0x7ffef210cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1976,i,3648629482459608251,5371554276405283450,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1964 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2208,i,3648629482459608251,5371554276405283450,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2248 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2292,i,3648629482459608251,5371554276405283450,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2496 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3212,i,3648629482459608251,5371554276405283450,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3232 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3240,i,3648629482459608251,5371554276405283450,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3276 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4340,i,3648629482459608251,5371554276405283450,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4588 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4716,i,3648629482459608251,5371554276405283450,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4560 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4844,i,3648629482459608251,5371554276405283450,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4832 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7fff035e46f8,0x7fff035e4708,0x7fff035e4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,459759967091862443,4376707198322606569,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,459759967091862443,4376707198322606569,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2420 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,459759967091862443,4376707198322606569,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2156,459759967091862443,4376707198322606569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3680 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2156,459759967091862443,4376707198322606569,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3744 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2156,459759967091862443,4376707198322606569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3760 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2156,459759967091862443,4376707198322606569,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\EHJKKKFIIJJK" & exit
C:\Windows\SysWOW64\timeout.exe
timeout /t 10
C:\Users\Admin\Downloads\Unlock_Tool\Unlock_Tool_v2.6.0.exe
"C:\Users\Admin\Downloads\Unlock_Tool\Unlock_Tool_v2.6.0.exe"
C:\Users\Admin\Downloads\Unlock_Tool\Unlock_Tool_v2.6.0.exe
"C:\Users\Admin\Downloads\Unlock_Tool\Unlock_Tool_v2.6.0.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 2236 -ip 2236
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 292
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x22c,0x230,0x234,0x208,0x238,0x7fff035dcc40,0x7fff035dcc4c,0x7fff035dcc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2096,i,9377935869603934865,5843483255155792130,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2092 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1872,i,9377935869603934865,5843483255155792130,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2128 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2324,i,9377935869603934865,5843483255155792130,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2340 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3240,i,9377935869603934865,5843483255155792130,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3276 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3248,i,9377935869603934865,5843483255155792130,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3448 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4576,i,9377935869603934865,5843483255155792130,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4352 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4876,i,9377935869603934865,5843483255155792130,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4888 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4988,i,9377935869603934865,5843483255155792130,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5080 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7fff035e46f8,0x7fff035e4708,0x7fff035e4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,17408216172577239317,6164886035737835209,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,17408216172577239317,6164886035737835209,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,17408216172577239317,6164886035737835209,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2144,17408216172577239317,6164886035737835209,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3656 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2144,17408216172577239317,6164886035737835209,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3692 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,17408216172577239317,6164886035737835209,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,17408216172577239317,6164886035737835209,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,17408216172577239317,6164886035737835209,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2872 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2144,17408216172577239317,6164886035737835209,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2160 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2144,17408216172577239317,6164886035737835209,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2552 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,17408216172577239317,6164886035737835209,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3372 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,17408216172577239317,6164886035737835209,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3496 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,17408216172577239317,6164886035737835209,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=2672 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,17408216172577239317,6164886035737835209,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=3844 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,17408216172577239317,6164886035737835209,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=5240 /prefetch:2
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 3388 -ip 3388
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 2600
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 3388 -ip 3388
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 2624
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1972 -parentBuildID 20240401114208 -prefsHandle 1900 -prefMapHandle 1892 -prefsLen 23681 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {927253ed-fa9f-4361-b3ed-f37b849472c5} 5396 "\\.\pipe\gecko-crash-server-pipe.5396" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2380 -parentBuildID 20240401114208 -prefsHandle 2356 -prefMapHandle 2352 -prefsLen 23717 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {61ac4fc3-284e-4125-a86b-d9a0add3df3c} 5396 "\\.\pipe\gecko-crash-server-pipe.5396" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3284 -childID 1 -isForBrowser -prefsHandle 2812 -prefMapHandle 3216 -prefsLen 23858 -prefMapSize 244658 -jsInitHandle 1036 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {595125ff-460c-46f6-9765-ad75da8ac724} 5396 "\\.\pipe\gecko-crash-server-pipe.5396" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3680 -childID 2 -isForBrowser -prefsHandle 2744 -prefMapHandle 3632 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 1036 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {272cba09-7695-4a0b-b2dd-3c6913c82299} 5396 "\\.\pipe\gecko-crash-server-pipe.5396" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4924 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4920 -prefMapHandle 4908 -prefsLen 29091 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f52fe8ca-d155-45b5-990c-19723a980c18} 5396 "\\.\pipe\gecko-crash-server-pipe.5396" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5512 -childID 3 -isForBrowser -prefsHandle 5516 -prefMapHandle 5524 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1036 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {527472a5-ec32-4f5d-a1bd-ab231414ff75} 5396 "\\.\pipe\gecko-crash-server-pipe.5396" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5680 -childID 4 -isForBrowser -prefsHandle 5756 -prefMapHandle 5752 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1036 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cf06fc57-76e6-4de4-885c-f38b23b07dfb} 5396 "\\.\pipe\gecko-crash-server-pipe.5396" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5512 -childID 5 -isForBrowser -prefsHandle 5940 -prefMapHandle 5936 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1036 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f181292-a84d-4020-8b5b-72dc7937dc53} 5396 "\\.\pipe\gecko-crash-server-pipe.5396" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2612 -childID 6 -isForBrowser -prefsHandle 2784 -prefMapHandle 2356 -prefsLen 29279 -prefMapSize 244658 -jsInitHandle 1036 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ed227e63-68b2-43b1-b06b-a79a0639a136} 5396 "\\.\pipe\gecko-crash-server-pipe.5396" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2928 -childID 7 -isForBrowser -prefsHandle 6564 -prefMapHandle 5184 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1036 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c4187fdb-fbcc-4086-99fd-94602c7d62a1} 5396 "\\.\pipe\gecko-crash-server-pipe.5396" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6832 -childID 8 -isForBrowser -prefsHandle 6232 -prefMapHandle 6216 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1036 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f7fd8715-868e-4b1c-9c39-f5e435c56e41} 5396 "\\.\pipe\gecko-crash-server-pipe.5396" tab
C:\Users\Admin\Downloads\install.exe
"C:\Users\Admin\Downloads\install.exe"
C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe
"C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe" /passive /msicl "VID=848 YABROWSER=y YAHOMEPAGE=y YAQSEARCH=y "
C:\Users\Admin\Downloads\install.exe
C:\Users\Admin\Downloads\install.exe --stat dwnldr/p=635487/cnt=0/dt=3/ct=0/rt=0 --dh 2344 --st 1731597162
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 42234009D33E101E6B9B0384FA85A668
C:\Users\Admin\AppData\Local\Temp\8A8E4343-43E5-4BDD-80DC-DE9FBC9660DF\lite_installer.exe
"C:\Users\Admin\AppData\Local\Temp\8A8E4343-43E5-4BDD-80DC-DE9FBC9660DF\lite_installer.exe" --use-user-default-locale --silent --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/5/ --YABROWSER
C:\Users\Admin\AppData\Local\Temp\83540CE4-5652-4EB0-8BEC-9F4275AEC8FD\seederexe.exe
"C:\Users\Admin\AppData\Local\Temp\83540CE4-5652-4EB0-8BEC-9F4275AEC8FD\seederexe.exe" "--yqs=y" "--yhp=y" "--ilight=" "--oem=" "--nopin=n" "--pin_custom=n" "--pin_desktop=n" "--pin_taskbar=y" "--locale=us" "--browser=y" "--browser_default=" "--loglevel=trace" "--ess=" "--clids=C:\Users\Admin\AppData\Local\Temp\clids-yasearch.xml" "--sender=C:\Users\Admin\AppData\Local\Temp\C7E40EDE-204D-4558-AD7A-B8515344CE4F\sender.exe" "--is_elevated=yes" "--ui_level=2" "--good_token=x" "--no_opera=n"
C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe
C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe --silent --pin-taskbar=y --pin-desktop=n
C:\Users\Admin\AppData\Local\Temp\pin\explorer.exe
C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe --silent --pin-taskbar=y --pin-desktop=n /pin-path="C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.lnk" --is-pinning
C:\Users\Admin\AppData\Local\Temp\C7E40EDE-204D-4558-AD7A-B8515344CE4F\sender.exe
C:\Users\Admin\AppData\Local\Temp\C7E40EDE-204D-4558-AD7A-B8515344CE4F\sender.exe --send "/status.xml?clid=9183476-848&uuid=e5225da7-8214-4ecc-a58e-87da771d97f2&vnt=Windows 10x64&file-no=8%0A10%0A12%0A15%0A17%0A18%0A20%0A21%0A22%0A25%0A36%0A40%0A42%0A45%0A57%0A61%0A89%0A102%0A103%0A111%0A123%0A124%0A125%0A129%0A"
C:\Users\Admin\AppData\Local\Temp\{CBF06B05-DD72-46CC-9104-4A1B5F08068F}.exe
"C:\Users\Admin\AppData\Local\Temp\{CBF06B05-DD72-46CC-9104-4A1B5F08068F}.exe" --job-name=yBrowserDownloader-{19A0C893-1D6E-4370-9BAD-056FC1EBC9A1} --send-statistics --local-path=C:\Users\Admin\AppData\Local\Temp\{CBF06B05-DD72-46CC-9104-4A1B5F08068F}.exe --YABROWSER --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/5/ --silent --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe?clid=9183405-848&ui={e5225da7-8214-4ecc-a58e-87da771d97f2} --use-user-default-locale
C:\Users\Admin\Downloads\install.exe
"C:\Users\Admin\Downloads\install.exe"
C:\Users\Admin\AppData\Local\Yandex\YaPin\YandexWorking.exe
"C:\Users\Admin\AppData\Local\Yandex\YaPin\YandexWorking.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.ya.ru/?win=672&clid=9183494-848&from=dist_pin
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffef1cf46f8,0x7ffef1cf4708,0x7ffef1cf4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,5651981606141585521,9904793046845019725,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,5651981606141585521,9904793046845019725,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,5651981606141585521,9904793046845019725,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3060 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,5651981606141585521,9904793046845019725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,5651981606141585521,9904793046845019725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7020 -childID 9 -isForBrowser -prefsHandle 7000 -prefMapHandle 6780 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1036 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {91bac8da-f473-4f26-b797-4a65b75e4486} 5396 "\\.\pipe\gecko-crash-server-pipe.5396" tab
C:\Users\Admin\AppData\Local\Temp\yb4643.tmp
"C:\Users\Admin\AppData\Local\Temp\yb4643.tmp" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\7bd3e576-5e25-4173-9fd8-d5d036811b2b.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/5/ --install-start-time-no-uac=849038384 --installer-brand-id=yandex --installer-partner-id=pseudoportal-ru --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --job-name=yBrowserDownloader-{19A0C893-1D6E-4370-9BAD-056FC1EBC9A1} --local-path="C:\Users\Admin\AppData\Local\Temp\{CBF06B05-DD72-46CC-9104-4A1B5F08068F}.exe" --partner-package="C:\Users\Admin\AppData\Local\Temp\PartnerFile" --progress-window=0 --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe?clid=9183405-848&ui={e5225da7-8214-4ecc-a58e-87da771d97f2} --send-statistics --silent --source=lite --use-user-default-locale --variations-update-path="C:\Users\Admin\AppData\Local\Temp\0b43bdc0-feb7-401c-a13b-02cb7bfffebf.tmp" --verbose-logging --yabrowser --yandex-website-icon-file="C:\Users\Admin\AppData\Local\Temp\website.ico"
C:\Users\Admin\AppData\Local\Temp\YB_0F555.tmp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\YB_0F555.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_0F555.tmp\BROWSER.PACKED.7Z" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\7bd3e576-5e25-4173-9fd8-d5d036811b2b.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/5/ --install-start-time-no-uac=849038384 --installer-brand-id=yandex --installer-partner-id=pseudoportal-ru --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --job-name=yBrowserDownloader-{19A0C893-1D6E-4370-9BAD-056FC1EBC9A1} --local-path="C:\Users\Admin\AppData\Local\Temp\{CBF06B05-DD72-46CC-9104-4A1B5F08068F}.exe" --partner-package="C:\Users\Admin\AppData\Local\Temp\PartnerFile" --progress-window=0 --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe?clid=9183405-848&ui={e5225da7-8214-4ecc-a58e-87da771d97f2} --send-statistics --silent --source=lite --use-user-default-locale --variations-update-path="C:\Users\Admin\AppData\Local\Temp\0b43bdc0-feb7-401c-a13b-02cb7bfffebf.tmp" --verbose-logging --yabrowser --yandex-website-icon-file="C:\Users\Admin\AppData\Local\Temp\website.ico"
C:\Users\Admin\AppData\Local\Temp\YB_0F555.tmp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\YB_0F555.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_0F555.tmp\BROWSER.PACKED.7Z" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\7bd3e576-5e25-4173-9fd8-d5d036811b2b.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/5/ --install-start-time-no-uac=849038384 --installer-brand-id=yandex --installer-partner-id=pseudoportal-ru --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --job-name=yBrowserDownloader-{19A0C893-1D6E-4370-9BAD-056FC1EBC9A1} --local-path="C:\Users\Admin\AppData\Local\Temp\{CBF06B05-DD72-46CC-9104-4A1B5F08068F}.exe" --partner-package="C:\Users\Admin\AppData\Local\Temp\PartnerFile" --progress-window=0 --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe?clid=9183405-848&ui={e5225da7-8214-4ecc-a58e-87da771d97f2} --send-statistics --silent --source=lite --use-user-default-locale --variations-update-path="C:\Users\Admin\AppData\Local\Temp\0b43bdc0-feb7-401c-a13b-02cb7bfffebf.tmp" --verbose-logging --yabrowser --yandex-website-icon-file="C:\Users\Admin\AppData\Local\Temp\website.ico" --verbose-logging --run-as-admin --target-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application" --child-setup-process --restart-as-admin-time=876639474
C:\Users\Admin\AppData\Local\Temp\YB_0F555.tmp\setup.exe
C:\Users\Admin\AppData\Local\Temp\YB_0F555.tmp\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=488dca4c15f9a1d330ad312b391a804e --annotation=main_process_pid=6240 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.10.2.705 --initial-client-data=0x360,0x364,0x368,0x33c,0x36c,0xb9cbe8,0xb9cbf4,0xb9cc00
C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe
"C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe" /passive /msicl "VID=848 YABROWSER=y YAHOMEPAGE=y YAQSEARCH=y "
C:\Users\Admin\Downloads\install.exe
C:\Users\Admin\Downloads\install.exe --stat dwnldr/p=635487/cnt=0/dt=24/ct=0/rt=0 --dh 2196 --st 1731597198
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 865A18074723333A40A85CCC4AD4DF93
C:\Users\Admin\AppData\Local\Temp\D326BCAC-09FE-4931-A139-09DFE5AD63AD\lite_installer.exe
"C:\Users\Admin\AppData\Local\Temp\D326BCAC-09FE-4931-A139-09DFE5AD63AD\lite_installer.exe" --use-user-default-locale --silent --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/5/ --YABROWSER
C:\Users\Admin\AppData\Local\Temp\525DABD6-CCB6-4F9C-83FB-40F88F5C00CA\seederexe.exe
"C:\Users\Admin\AppData\Local\Temp\525DABD6-CCB6-4F9C-83FB-40F88F5C00CA\seederexe.exe" "--yqs=y" "--yhp=y" "--ilight=" "--oem=" "--nopin=n" "--pin_custom=n" "--pin_desktop=n" "--pin_taskbar=y" "--locale=us" "--browser=y" "--browser_default=" "--loglevel=trace" "--ess=" "--clids=C:\Users\Admin\AppData\Local\Temp\clids-yasearch.xml" "--sender=C:\Users\Admin\AppData\Local\Temp\4CB36697-BE8F-4FA3-9942-28DFC4E83F92\sender.exe" "--is_elevated=yes" "--ui_level=2" "--good_token=x" "--no_opera=n"
C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe
C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe --silent --pin-taskbar=y --pin-desktop=n
C:\Users\Admin\AppData\Local\Temp\4CB36697-BE8F-4FA3-9942-28DFC4E83F92\sender.exe
C:\Users\Admin\AppData\Local\Temp\4CB36697-BE8F-4FA3-9942-28DFC4E83F92\sender.exe --send "/status.xml?clid=9183476-848&uuid=%7Be5225da7-8214-4ecc-a58e-87da771d97f2%7D&vnt=Windows 10x64&file-no=8%0A15%0A18%0A25%0A42%0A45%0A49%0A50%0A57%0A61%0A103%0A111%0A123%0A124%0A125%0A"
C:\Users\Admin\AppData\Local\Temp\{CC9EDD08-C6A2-44E0-A367-4043B2046937}.exe
"C:\Users\Admin\AppData\Local\Temp\{CC9EDD08-C6A2-44E0-A367-4043B2046937}.exe" --job-name=yBrowserDownloader-{4016DB5A-D18F-40B4-B321-63F5C3E9A863} --send-statistics --local-path=C:\Users\Admin\AppData\Local\Temp\{CC9EDD08-C6A2-44E0-A367-4043B2046937}.exe --YABROWSER --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/5/ --silent --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe?clid=9183405-848&ui={e5225da7-8214-4ecc-a58e-87da771d97f2} --use-user-default-locale
C:\Windows\TEMP\sdwra_6240_1569085659\service_update.exe
"C:\Windows\TEMP\sdwra_6240_1569085659\service_update.exe" --setup
C:\Program Files (x86)\Yandex\YandexBrowser\24.10.2.705\service_update.exe
"C:\Program Files (x86)\Yandex\YandexBrowser\24.10.2.705\service_update.exe" --install
C:\Program Files (x86)\Yandex\YandexBrowser\24.10.2.705\service_update.exe
"C:\Program Files (x86)\Yandex\YandexBrowser\24.10.2.705\service_update.exe" --run-as-service
C:\Program Files (x86)\Yandex\YandexBrowser\24.10.2.705\service_update.exe
"C:\Program Files (x86)\Yandex\YandexBrowser\24.10.2.705\service_update.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=488dca4c15f9a1d330ad312b391a804e --annotation=main_process_pid=6600 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.10.2.705 --initial-client-data=0x278,0x27c,0x280,0x254,0x284,0xd2e784,0xd2e790,0xd2e79c
C:\Program Files (x86)\Yandex\YandexBrowser\24.10.2.705\service_update.exe
"C:\Program Files (x86)\Yandex\YandexBrowser\24.10.2.705\service_update.exe" --update-scheduler
C:\Program Files (x86)\Yandex\YandexBrowser\24.10.2.705\service_update.exe
"C:\Program Files (x86)\Yandex\YandexBrowser\24.10.2.705\service_update.exe" --update-background-scheduler
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Temp\clids.xml"
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\source6240_601213086\Browser-bin\clids_yandex_second.xml"
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --progress-window=0 --install-start-time-no-uac=849038384
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id= --annotation=main_process_pid=2268 --annotation=metrics_client_id=7b7fcc44ea3147ea9f63796935580e4e --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.10.2.705 --initial-client-data=0x1ac,0x1b0,0x1b4,0x188,0x1b8,0x72569a24,0x72569a30,0x72569a3c
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=e5225da7-8214-4ecc-a58e-87da771d97f2 --brand-id=yandex --partner-id=pseudoportal-ru --gpu-preferences=UAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --gpu-process-kind=sandboxed --field-trial-handle=2384,i,18285681405532562370,13727465733198563391,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2380 /prefetch:2
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=e5225da7-8214-4ecc-a58e-87da771d97f2 --brand-id=yandex --partner-id=pseudoportal-ru --gpu-preferences=UAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=disabled --gpu-process-kind=trampoline --field-trial-handle=2144,i,18285681405532562370,13727465733198563391,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2436 /prefetch:6
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=e5225da7-8214-4ecc-a58e-87da771d97f2 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Network Service" --field-trial-handle=2680,i,18285681405532562370,13727465733198563391,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2672 --brver=24.10.2.705 /prefetch:3
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=ru --service-sandbox-type=service --user-id=e5225da7-8214-4ecc-a58e-87da771d97f2 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Storage Service" --field-trial-handle=2988,i,18285681405532562370,13727465733198563391,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3188 --brver=24.10.2.705 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=ru --service-sandbox-type=audio --user-id=e5225da7-8214-4ecc-a58e-87da771d97f2 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Audio Service" --field-trial-handle=1736,i,18285681405532562370,13727465733198563391,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3460 --brver=24.10.2.705 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=ru --service-sandbox-type=none --user-id=e5225da7-8214-4ecc-a58e-87da771d97f2 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Video Capture" --field-trial-handle=3584,i,18285681405532562370,13727465733198563391,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3588 --brver=24.10.2.705 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=e5225da7-8214-4ecc-a58e-87da771d97f2 --brand-id=yandex --partner-id=pseudoportal-ru --extension-process --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --allow-prefetch --video-capture-use-gpu-memory-buffer --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3596,i,18285681405532562370,13727465733198563391,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3748 /prefetch:2
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=e5225da7-8214-4ecc-a58e-87da771d97f2 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --field-trial-handle=3924,i,18285681405532562370,13727465733198563391,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3952 --brver=24.10.2.705 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=e5225da7-8214-4ecc-a58e-87da771d97f2 --brand-id=yandex --partner-id=pseudoportal-ru --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --allow-prefetch --video-capture-use-gpu-memory-buffer --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4764,i,18285681405532562370,13727465733198563391,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4828 /prefetch:1
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=ru --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --user-id=e5225da7-8214-4ecc-a58e-87da771d97f2 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Импорт профилей" --field-trial-handle=5000,i,18285681405532562370,13727465733198563391,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3604 --brver=24.10.2.705 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=e5225da7-8214-4ecc-a58e-87da771d97f2 --brand-id=yandex --partner-id=pseudoportal-ru --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --video-capture-use-gpu-memory-buffer --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3952,i,18285681405532562370,13727465733198563391,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5524 /prefetch:1
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --user-id=e5225da7-8214-4ecc-a58e-87da771d97f2 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --field-trial-handle=5664,i,18285681405532562370,13727465733198563391,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3988 --brver=24.10.2.705 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=uwp_cookie_provider.mojom.UwpCookieProvider --lang=ru --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --user-id=e5225da7-8214-4ecc-a58e-87da771d97f2 --brand-id=yandex --partner-id=pseudoportal-ru --process-name=uwp_cookie_provider.mojom.UwpCookieProvider --field-trial-handle=5960,i,18285681405532562370,13727465733198563391,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5952 --brver=24.10.2.705 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=e5225da7-8214-4ecc-a58e-87da771d97f2 --brand-id=yandex --partner-id=pseudoportal-ru --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --video-capture-use-gpu-memory-buffer --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5976,i,18285681405532562370,13727465733198563391,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=6008 /prefetch:1
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --user-id=e5225da7-8214-4ecc-a58e-87da771d97f2 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --field-trial-handle=5816,i,18285681405532562370,13727465733198563391,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4820 --brver=24.10.2.705 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=e5225da7-8214-4ecc-a58e-87da771d97f2 --brand-id=yandex --partner-id=pseudoportal-ru --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --ya-custo-process --enable-instaserp --video-capture-use-gpu-memory-buffer --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4768,i,18285681405532562370,13727465733198563391,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4820 /prefetch:1
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=e5225da7-8214-4ecc-a58e-87da771d97f2 --brand-id=yandex --partner-id=pseudoportal-ru --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --ya-custo-process --enable-instaserp --video-capture-use-gpu-memory-buffer --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=4144,i,18285681405532562370,13727465733198563391,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3964 /prefetch:1
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=e5225da7-8214-4ecc-a58e-87da771d97f2 --brand-id=yandex --partner-id=pseudoportal-ru --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --video-capture-use-gpu-memory-buffer --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=6540,i,18285681405532562370,13727465733198563391,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=6520 /prefetch:1
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=e5225da7-8214-4ecc-a58e-87da771d97f2 --brand-id=yandex --partner-id=pseudoportal-ru --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --video-capture-use-gpu-memory-buffer --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6616,i,18285681405532562370,13727465733198563391,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=6636 /prefetch:1
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\StartAllBack-RSLOAD.NET-\" -spe -an -ai#7zMap25788:110:7zEvent24420
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=ru --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --user-id=e5225da7-8214-4ecc-a58e-87da771d97f2 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Утилиты Windows" --field-trial-handle=6868,i,18285681405532562370,13727465733198563391,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=6832 --brver=24.10.2.705 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --user-id=e5225da7-8214-4ecc-a58e-87da771d97f2 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Распаковщик файлов" --field-trial-handle=6920,i,18285681405532562370,13727465733198563391,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=6844 --brver=24.10.2.705 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --user-id=e5225da7-8214-4ecc-a58e-87da771d97f2 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --field-trial-handle=7116,i,18285681405532562370,13727465733198563391,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=7132 --brver=24.10.2.705 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --user-id=e5225da7-8214-4ecc-a58e-87da771d97f2 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --field-trial-handle=7248,i,18285681405532562370,13727465733198563391,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=7268 --brver=24.10.2.705 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --user-id=e5225da7-8214-4ecc-a58e-87da771d97f2 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --field-trial-handle=7448,i,18285681405532562370,13727465733198563391,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=7416 --brver=24.10.2.705 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --user-id=e5225da7-8214-4ecc-a58e-87da771d97f2 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --field-trial-handle=7428,i,18285681405532562370,13727465733198563391,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=7584 --brver=24.10.2.705 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --user-id=e5225da7-8214-4ecc-a58e-87da771d97f2 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --field-trial-handle=6316,i,18285681405532562370,13727465733198563391,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=7780 --brver=24.10.2.705 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --user-id=e5225da7-8214-4ecc-a58e-87da771d97f2 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --field-trial-handle=7432,i,18285681405532562370,13727465733198563391,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=7804 --brver=24.10.2.705 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --user-id=e5225da7-8214-4ecc-a58e-87da771d97f2 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --field-trial-handle=7440,i,18285681405532562370,13727465733198563391,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=8072 --brver=24.10.2.705 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --user-id=e5225da7-8214-4ecc-a58e-87da771d97f2 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --field-trial-handle=7732,i,18285681405532562370,13727465733198563391,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=8212 --brver=24.10.2.705 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --user-id=e5225da7-8214-4ecc-a58e-87da771d97f2 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --field-trial-handle=7748,i,18285681405532562370,13727465733198563391,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=7260 --brver=24.10.2.705 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --user-id=e5225da7-8214-4ecc-a58e-87da771d97f2 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --field-trial-handle=7756,i,18285681405532562370,13727465733198563391,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=8484 --brver=24.10.2.705 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --user-id=e5225da7-8214-4ecc-a58e-87da771d97f2 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --field-trial-handle=8640,i,18285681405532562370,13727465733198563391,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=8652 --brver=24.10.2.705 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --user-id=e5225da7-8214-4ecc-a58e-87da771d97f2 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --field-trial-handle=8492,i,18285681405532562370,13727465733198563391,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=8800 --brver=24.10.2.705 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --user-id=e5225da7-8214-4ecc-a58e-87da771d97f2 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Распаковщик файлов" --field-trial-handle=7740,i,18285681405532562370,13727465733198563391,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2668 --brver=24.10.2.705 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=e5225da7-8214-4ecc-a58e-87da771d97f2 --brand-id=yandex --partner-id=pseudoportal-ru --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --video-capture-use-gpu-memory-buffer --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=7760,i,18285681405532562370,13727465733198563391,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=7880 /prefetch:1
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --broupdater --broupdater-origin=auto --bits_job_guid={4396493D-0939-4E6A-A586-22387E885FA1}
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" --url=https://crash-reports.browser.yandex.net/submit --annotation=install_date=1731597210 --annotation=last_update_date=1731597210 --annotation=launches_after_update=1 --annotation=machine_id=488dca4c15f9a1d330ad312b391a804e --annotation=main_process_pid=4276 --annotation=metrics_client_id=7b7fcc44ea3147ea9f63796935580e4e --annotation=micromode=broupdater --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.10.2.705 --initial-client-data=0x194,0x198,0x19c,0x170,0x1a0,0x72569a24,0x72569a30,0x72569a3c
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=e5225da7-8214-4ecc-a58e-87da771d97f2 --brand-id=yandex --partner-id=pseudoportal-ru --gpu-preferences=UAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=angle --use-angle=swiftshader-webgl --gpu-process-kind=sandboxed --field-trial-handle=2412,i,4822354300531678528,555749598831727998,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2308 /prefetch:2
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=e5225da7-8214-4ecc-a58e-87da771d97f2 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Network Service" --field-trial-handle=2332,i,4822354300531678528,555749598831727998,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2576 --brver=24.10.2.705 /prefetch:3
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=ru --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --user-id=e5225da7-8214-4ecc-a58e-87da771d97f2 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Утилиты Windows" --field-trial-handle=1128,i,18285681405532562370,13727465733198563391,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=7824 --brver=24.10.2.705 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=ru --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --user-id=e5225da7-8214-4ecc-a58e-87da771d97f2 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Утилиты Windows" --field-trial-handle=8744,i,18285681405532562370,13727465733198563391,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=8696 --brver=24.10.2.705 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --broupdater-stat-bits --broupdater-stat-name=install --bits_job_guid={EDCFEE2E-A66C-483D-B054-AACDAC6E822A}
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" --url=https://crash-reports.browser.yandex.net/submit --annotation=install_date=1731597210 --annotation=last_update_date=1731597210 --annotation=launches_after_update=2 --annotation=machine_id=488dca4c15f9a1d330ad312b391a804e --annotation=main_process_pid=7724 --annotation=metrics_client_id=7b7fcc44ea3147ea9f63796935580e4e --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.10.2.705 --initial-client-data=0x1a0,0x1a4,0x1a8,0x17c,0x1ac,0x72569a24,0x72569a30,0x72569a3c
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=e5225da7-8214-4ecc-a58e-87da771d97f2 --brand-id=yandex --partner-id=pseudoportal-ru --gpu-preferences=UAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=angle --use-angle=swiftshader-webgl --gpu-process-kind=sandboxed --field-trial-handle=1832,i,11720508799097979534,7708514929540031797,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=1756 /prefetch:2
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=e5225da7-8214-4ecc-a58e-87da771d97f2 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Network Service" --field-trial-handle=1968,i,11720508799097979534,7708514929540031797,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=1804 --brver=24.10.2.705 /prefetch:3
C:\Users\Admin\Downloads\StartAllBack-RSLOAD.NET-\StartAllBack_setup.exe
"C:\Users\Admin\Downloads\StartAllBack-RSLOAD.NET-\StartAllBack_setup.exe"
C:\Users\Admin\AppData\Local\Temp\SIBSFX.EF1A8F90\StartAllBackCfg.exe
"C:\Users\Admin\AppData\Local\Temp\SIBSFX.EF1A8F90\StartAllBackCfg.exe" /install
C:\Users\Admin\Downloads\StartAllBack-RSLOAD.NET-\StartAllBack_setup.exe
"C:\Users\Admin\Downloads\StartAllBack-RSLOAD.NET-\StartAllBack_setup.exe"
C:\Users\Admin\AppData\Local\Temp\SIBSFX.E9FB4460\StartAllBackCfg.exe
"C:\Users\Admin\AppData\Local\Temp\SIBSFX.E9FB4460\StartAllBackCfg.exe" /install
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\StartAllBack-RSLOAD.NET-\StartAllBack_3.x_Patch\" -spe -an -ai#7zMap166:156:7zEvent20578
C:\Users\Admin\Downloads\StartAllBack-RSLOAD.NET-\StartAllBack_setup.exe
"C:\Users\Admin\Downloads\StartAllBack-RSLOAD.NET-\StartAllBack_setup.exe"
C:\Users\Admin\AppData\Local\Temp\SIBSFX.ED308814\StartAllBackCfg.exe
"C:\Users\Admin\AppData\Local\Temp\SIBSFX.ED308814\StartAllBackCfg.exe" /install
C:\Users\Admin\Downloads\StartAllBack-RSLOAD.NET-\StartAllBack_3.x_Patch\StartAllBack_3.x_Patch.exe
"C:\Users\Admin\Downloads\StartAllBack-RSLOAD.NET-\StartAllBack_3.x_Patch\StartAllBack_3.x_Patch.exe"
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\StartAllBack-RSLOAD.NET-\StartAllBack_3.x_Patch\Readme.txt
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\StartAllBack-RSLOAD.NET-\StartAllBack_3.x_Patch\kill.cmd"
C:\Windows\system32\taskkill.exe
TASKKILL /IM explorer.exe /f
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8032 -childID 10 -isForBrowser -prefsHandle 4528 -prefMapHandle 7988 -prefsLen 28282 -prefMapSize 244658 -jsInitHandle 1036 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {09c0145c-c07e-4a3a-8894-a691d6016abb} 5396 "\\.\pipe\gecko-crash-server-pipe.5396" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5216 -childID 11 -isForBrowser -prefsHandle 4528 -prefMapHandle 6468 -prefsLen 28282 -prefMapSize 244658 -jsInitHandle 1036 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3170bc3c-fc8e-4296-87aa-1ff1c86c369e} 5396 "\\.\pipe\gecko-crash-server-pipe.5396" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4440 -childID 12 -isForBrowser -prefsHandle 7000 -prefMapHandle 7088 -prefsLen 28282 -prefMapSize 244658 -jsInitHandle 1036 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a2c484b-74fd-4b87-a1e6-983d7556c37c} 5396 "\\.\pipe\gecko-crash-server-pipe.5396" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4952 -childID 13 -isForBrowser -prefsHandle 8116 -prefMapHandle 8112 -prefsLen 28282 -prefMapSize 244658 -jsInitHandle 1036 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ef3e3353-afd9-4447-9415-06178f7c7d67} 5396 "\\.\pipe\gecko-crash-server-pipe.5396" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8500 -childID 14 -isForBrowser -prefsHandle 6784 -prefMapHandle 3080 -prefsLen 28282 -prefMapSize 244658 -jsInitHandle 1036 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b8ac1211-abb1-4744-a70b-bdefcdcb7085} 5396 "\\.\pipe\gecko-crash-server-pipe.5396" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5220 -childID 15 -isForBrowser -prefsHandle 8660 -prefMapHandle 8448 -prefsLen 28282 -prefMapSize 244658 -jsInitHandle 1036 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {08ed33f3-b733-4e39-b63a-95519bce8afc} 5396 "\\.\pipe\gecko-crash-server-pipe.5396" tab
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9BA05972-F6A8-11CF-A442-00A0C90A8F39} -Embedding
C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {3eef301f-b596-4c0b-bd92-013beafce793} -Embedding
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\StartAllBack-RSLOAD.NET-\StartAllBack_3.x_Patch\StartAllBack_3.x_Patch.exe
"C:\Users\Admin\Downloads\StartAllBack-RSLOAD.NET-\StartAllBack_3.x_Patch\StartAllBack_3.x_Patch.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\StartAllBack-RSLOAD.NET-\StartAllBack_3.x_Patch\kill.cmd"
C:\Windows\system32\taskkill.exe
TASKKILL /IM explorer.exe /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\StartAllBack-RSLOAD.NET-\StartAllBack_3.x_Patch\start.cmd"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe" -ServerName:InputApp.AppXk0k6mrh4r2q0ct33a9wgbez0x7v9cz5y.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe" -ServerName:InputApp.AppXk0k6mrh4r2q0ct33a9wgbez0x7v9cz5y.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe" -ServerName:InputApp.AppXk0k6mrh4r2q0ct33a9wgbez0x7v9cz5y.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe" -ServerName:InputApp.AppXk0k6mrh4r2q0ct33a9wgbez0x7v9cz5y.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe" -ServerName:InputApp.AppXk0k6mrh4r2q0ct33a9wgbez0x7v9cz5y.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\StartAllBack-RSLOAD.NET-\StartAllBack_3.x_Patch\start.cmd"
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Users\Admin\Downloads\StartAllBack-RSLOAD.NET-\StartAllBack_3.x_Patch\StartAllBack_3.x_Patch.exe
"C:\Users\Admin\Downloads\StartAllBack-RSLOAD.NET-\StartAllBack_3.x_Patch\StartAllBack_3.x_Patch.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\StartAllBack-RSLOAD.NET-\StartAllBack_3.x_Patch\kill.cmd"
C:\Windows\system32\taskkill.exe
TASKKILL /IM explorer.exe /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\StartAllBack-RSLOAD.NET-\StartAllBack_3.x_Patch\start.cmd"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe" -ServerName:InputApp.AppXk0k6mrh4r2q0ct33a9wgbez0x7v9cz5y.mca
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe" -ServerName:InputApp.AppXk0k6mrh4r2q0ct33a9wgbez0x7v9cz5y.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe" -ServerName:InputApp.AppXk0k6mrh4r2q0ct33a9wgbez0x7v9cz5y.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe" -ServerName:InputApp.AppXk0k6mrh4r2q0ct33a9wgbez0x7v9cz5y.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe" -ServerName:InputApp.AppXk0k6mrh4r2q0ct33a9wgbez0x7v9cz5y.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe" -ServerName:InputApp.AppXk0k6mrh4r2q0ct33a9wgbez0x7v9cz5y.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe" -ServerName:InputApp.AppXk0k6mrh4r2q0ct33a9wgbez0x7v9cz5y.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe" -ServerName:InputApp.AppXk0k6mrh4r2q0ct33a9wgbez0x7v9cz5y.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe" -ServerName:InputApp.AppXk0k6mrh4r2q0ct33a9wgbez0x7v9cz5y.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe" -ServerName:InputApp.AppXk0k6mrh4r2q0ct33a9wgbez0x7v9cz5y.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe" -ServerName:InputApp.AppXk0k6mrh4r2q0ct33a9wgbez0x7v9cz5y.mca
C:\Windows\explorer.exe
explorer.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.dropbox.com | udp |
| GB | 162.125.64.18:443 | www.dropbox.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.64.125.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nav.smartscreen.microsoft.com | udp |
| GB | 51.11.108.188:443 | nav.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | uc4d7ecc22fbe657dee80d659e44.dl.dropboxusercontent.com | udp |
| GB | 162.125.64.15:443 | uc4d7ecc22fbe657dee80d659e44.dl.dropboxusercontent.com | tcp |
| GB | 51.11.108.188:443 | nav.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.108.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | data-edge.smartscreen.microsoft.com | udp |
| GB | 13.87.96.169:443 | data-edge.smartscreen.microsoft.com | tcp |
| GB | 13.87.96.169:443 | data-edge.smartscreen.microsoft.com | tcp |
| GB | 13.87.96.169:443 | data-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 15.64.125.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.197.79.204.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | checkappexec.microsoft.com | udp |
| GB | 51.140.244.186:443 | checkappexec.microsoft.com | tcp |
| US | 8.8.8.8:53 | 186.244.140.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | t.me | udp |
| NL | 149.154.167.99:443 | t.me | tcp |
| US | 8.8.8.8:53 | fuare.xyz | udp |
| DE | 116.203.0.159:443 | fuare.xyz | tcp |
| US | 8.8.8.8:53 | 99.167.154.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.249.124.192.in-addr.arpa | udp |
| DE | 116.203.0.159:443 | fuare.xyz | tcp |
| US | 8.8.8.8:53 | e6.o.lencr.org | udp |
| GB | 2.22.144.142:80 | e6.o.lencr.org | tcp |
| US | 8.8.8.8:53 | 159.0.203.116.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.45.26.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.144.22.2.in-addr.arpa | udp |
| DE | 116.203.0.159:443 | fuare.xyz | tcp |
| DE | 116.203.0.159:443 | fuare.xyz | tcp |
| DE | 116.203.0.159:443 | fuare.xyz | tcp |
| DE | 116.203.0.159:443 | fuare.xyz | tcp |
| DE | 116.203.0.159:443 | fuare.xyz | tcp |
| DE | 116.203.0.159:443 | fuare.xyz | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 4.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.200.46:443 | clients2.google.com | udp |
| GB | 142.250.200.46:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | 46.200.250.142.in-addr.arpa | udp |
| DE | 116.203.0.159:443 | fuare.xyz | tcp |
| N/A | 127.0.0.1:9223 | tcp | |
| N/A | 127.0.0.1:9223 | tcp | |
| DE | 116.203.0.159:443 | fuare.xyz | tcp |
| DE | 116.203.0.159:443 | fuare.xyz | tcp |
| DE | 116.203.0.159:443 | fuare.xyz | tcp |
| US | 8.8.8.8:53 | nav.smartscreen.microsoft.com | udp |
| GB | 172.165.69.228:443 | nav.smartscreen.microsoft.com | tcp |
| GB | 172.165.69.228:443 | nav.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 228.69.165.172.in-addr.arpa | udp |
| N/A | 127.0.0.1:9223 | tcp | |
| N/A | 127.0.0.1:9223 | tcp | |
| DE | 116.203.0.159:443 | fuare.xyz | tcp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 20.42.65.92:443 | nw-umwatson.events.data.microsoft.com | tcp |
| DE | 116.203.0.159:443 | fuare.xyz | tcp |
| US | 8.8.8.8:53 | 92.65.42.20.in-addr.arpa | udp |
| DE | 116.203.0.159:443 | fuare.xyz | tcp |
| DE | 116.203.0.159:443 | fuare.xyz | tcp |
| DE | 116.203.0.159:443 | fuare.xyz | tcp |
| DE | 116.203.0.159:443 | fuare.xyz | tcp |
| DE | 116.203.0.159:443 | fuare.xyz | tcp |
| DE | 116.203.0.159:443 | fuare.xyz | tcp |
| DE | 116.203.0.159:443 | fuare.xyz | tcp |
| DE | 116.203.0.159:443 | fuare.xyz | tcp |
| DE | 116.203.0.159:443 | fuare.xyz | tcp |
| DE | 116.203.0.159:443 | fuare.xyz | tcp |
| DE | 116.203.0.159:443 | fuare.xyz | tcp |
| DE | 116.203.0.159:443 | fuare.xyz | tcp |
| DE | 116.203.0.159:443 | fuare.xyz | tcp |
| DE | 116.203.0.159:443 | fuare.xyz | tcp |
| DE | 116.203.0.159:443 | fuare.xyz | tcp |
| US | 8.8.8.8:53 | t.me | udp |
| NL | 149.154.167.99:443 | t.me | tcp |
| DE | 116.203.0.159:443 | fuare.xyz | tcp |
| DE | 116.203.0.159:443 | fuare.xyz | tcp |
| DE | 116.203.0.159:443 | fuare.xyz | tcp |
| DE | 116.203.0.159:443 | fuare.xyz | tcp |
| DE | 116.203.0.159:443 | fuare.xyz | tcp |
| DE | 116.203.0.159:443 | fuare.xyz | tcp |
| DE | 116.203.0.159:443 | fuare.xyz | tcp |
| DE | 116.203.0.159:443 | fuare.xyz | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| GB | 142.250.200.46:443 | clients2.google.com | udp |
| GB | 142.250.200.46:443 | clients2.google.com | tcp |
| DE | 116.203.0.159:443 | fuare.xyz | tcp |
| N/A | 127.0.0.1:9223 | tcp | |
| N/A | 127.0.0.1:9223 | tcp | |
| DE | 116.203.0.159:443 | fuare.xyz | tcp |
| DE | 116.203.0.159:443 | fuare.xyz | tcp |
| DE | 116.203.0.159:443 | fuare.xyz | tcp |
| US | 8.8.8.8:53 | nav.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| GB | 172.165.61.93:443 | nav.smartscreen.microsoft.com | tcp |
| US | 104.208.16.94:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 93.61.165.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.16.208.104.in-addr.arpa | udp |
| N/A | 127.0.0.1:9223 | tcp | |
| DE | 116.203.0.159:443 | fuare.xyz | tcp |
| DE | 116.203.0.159:443 | fuare.xyz | tcp |
| N/A | 127.0.0.1:9223 | tcp | |
| DE | 116.203.0.159:443 | fuare.xyz | tcp |
| DE | 116.203.0.159:443 | fuare.xyz | tcp |
| DE | 116.203.0.159:443 | fuare.xyz | tcp |
| DE | 116.203.0.159:443 | fuare.xyz | tcp |
| DE | 116.203.0.159:443 | fuare.xyz | tcp |
| DE | 116.203.0.159:443 | fuare.xyz | tcp |
| DE | 116.203.0.159:443 | fuare.xyz | tcp |
| DE | 116.203.0.159:443 | fuare.xyz | tcp |
| DE | 116.203.0.159:443 | fuare.xyz | tcp |
| DE | 116.203.0.159:443 | fuare.xyz | tcp |
| DE | 116.203.0.159:443 | fuare.xyz | tcp |
| DE | 116.203.0.159:443 | fuare.xyz | tcp |
| DE | 116.203.0.159:443 | fuare.xyz | tcp |
| DE | 116.203.0.159:443 | fuare.xyz | tcp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 65.204.21.100.in-addr.arpa | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| N/A | 127.0.0.1:58171 | tcp | |
| N/A | 127.0.0.1:58180 | tcp | |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.72.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| GB | 172.217.16.238:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 88.221.134.155:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| GB | 172.217.16.238:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r4---sn-aigzrnsz.gvt1.com | udp |
| GB | 74.125.175.169:443 | r4---sn-aigzrnsz.gvt1.com | tcp |
| US | 8.8.8.8:53 | r4.sn-aigzrnsz.gvt1.com | udp |
| US | 8.8.8.8:53 | r4.sn-aigzrnsz.gvt1.com | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.175.125.74.in-addr.arpa | udp |
| GB | 74.125.175.169:443 | r4.sn-aigzrnsz.gvt1.com | udp |
| US | 8.8.8.8:53 | support.mozilla.org | udp |
| US | 34.149.128.2:443 | support.mozilla.org | tcp |
| US | 8.8.8.8:53 | us-west1.prod.sumo.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | us-west1.prod.sumo.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 2.128.149.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 3.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.109.69.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | csp.withgoogle.com | udp |
| GB | 142.250.200.49:443 | csp.withgoogle.com | tcp |
| US | 8.8.8.8:53 | csp.withgoogle.com | udp |
| US | 8.8.8.8:53 | csp.withgoogle.com | udp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| GB | 142.250.200.49:443 | csp.withgoogle.com | udp |
| US | 8.8.8.8:53 | 226.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.200.250.142.in-addr.arpa | udp |
| GB | 142.250.187.202:443 | ogads-pa.googleapis.com | tcp |
| GB | 142.250.187.202:443 | ogads-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| GB | 142.250.187.202:443 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| GB | 142.250.187.206:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.187.206:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 142.250.180.14:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 142.250.180.14:443 | consent.google.com | udp |
| US | 8.8.8.8:53 | 14.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| GB | 142.250.200.49:443 | csp.withgoogle.com | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| GB | 142.250.187.202:443 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | support.mozilla.org | udp |
| US | 8.8.8.8:53 | us-west1.prod.sumo.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | rsload.net | udp |
| AT | 193.233.233.233:443 | rsload.net | tcp |
| AT | 193.233.233.233:443 | rsload.net | tcp |
| US | 8.8.8.8:53 | rsload.net | udp |
| US | 8.8.8.8:53 | rsload.net | udp |
| AT | 193.233.233.233:443 | rsload.net | tcp |
| AT | 193.233.233.233:443 | rsload.net | tcp |
| AT | 193.233.233.233:443 | rsload.net | tcp |
| AT | 193.233.233.233:443 | rsload.net | tcp |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| US | 8.8.8.8:53 | 233.233.233.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.73.0.192.in-addr.arpa | udp |
| US | 192.0.73.2:443 | www.gravatar.com | udp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| RU | 77.88.21.119:443 | mc.yandex.ru | tcp |
| RU | 88.212.202.52:443 | counter.yadro.ru | tcp |
| US | 8.8.8.8:53 | mc.yandex.com | udp |
| RU | 87.250.251.119:443 | mc.yandex.com | tcp |
| US | 8.8.8.8:53 | 52.202.212.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.21.88.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.251.250.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a.topsoft.site | udp |
| RU | 95.142.42.153:443 | a.topsoft.site | tcp |
| US | 8.8.8.8:53 | a.topsoft.site | udp |
| US | 8.8.8.8:53 | a.topsoft.site | udp |
| AT | 193.233.233.233:80 | rsload.net | tcp |
| US | 8.8.8.8:53 | 153.42.142.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | f1.2rsload.ru | udp |
| RU | 95.142.42.153:443 | a.topsoft.site | tcp |
| RU | 5.189.239.173:443 | f1.2rsload.ru | tcp |
| US | 8.8.8.8:53 | f1.2rsload.ru | udp |
| US | 8.8.8.8:53 | f1.2rsload.ru | udp |
| US | 8.8.8.8:53 | 173.239.189.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | downloader.yandex.net | udp |
| RU | 5.45.205.243:80 | downloader.yandex.net | tcp |
| US | 8.8.8.8:53 | cachev2-rad-01.cdn.yandex.net | udp |
| FI | 5.45.192.4:80 | cachev2-rad-01.cdn.yandex.net | tcp |
| US | 8.8.8.8:53 | 243.205.45.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.192.45.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clck.yandex.ru | udp |
| RU | 77.88.21.14:80 | clck.yandex.ru | tcp |
| US | 8.8.8.8:53 | 14.21.88.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clck.yandex.ru | udp |
| RU | 77.88.21.14:80 | clck.yandex.ru | tcp |
| US | 8.8.8.8:53 | soft.export.yandex.ru | udp |
| RU | 93.158.134.14:80 | clck.yandex.ru | tcp |
| RU | 87.250.254.20:80 | soft.export.yandex.ru | tcp |
| RU | 5.45.205.243:80 | downloader.yandex.net | tcp |
| US | 8.8.8.8:53 | cachev2-kiv-04.cdn.yandex.net | udp |
| FI | 5.45.192.142:80 | cachev2-kiv-04.cdn.yandex.net | tcp |
| US | 8.8.8.8:53 | 14.134.158.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.254.250.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.192.45.5.in-addr.arpa | udp |
| RU | 93.158.134.14:80 | clck.yandex.ru | tcp |
| US | 8.8.8.8:53 | api.browser.yandex.net | udp |
| US | 8.8.8.8:53 | download.cdn.yandex.net | udp |
| US | 8.8.8.8:53 | api.browser.yandex.ru | udp |
| RU | 5.45.205.245:443 | download.cdn.yandex.net | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| US | 8.8.8.8:53 | cachev2-kiv-01.cdn.yandex.net | udp |
| FI | 5.45.192.133:443 | cachev2-kiv-01.cdn.yandex.net | tcp |
| US | 8.8.8.8:53 | 245.205.45.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.193.180.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.66.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.192.45.5.in-addr.arpa | udp |
| RU | 5.45.205.243:80 | download.cdn.yandex.net | tcp |
| US | 8.8.8.8:53 | cachev2-fra-02.cdn.yandex.net | udp |
| DE | 5.45.200.105:80 | cachev2-fra-02.cdn.yandex.net | tcp |
| US | 8.8.8.8:53 | 105.200.45.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.ya.ru | udp |
| US | 8.8.8.8:53 | nav.smartscreen.microsoft.com | udp |
| RU | 77.88.44.242:443 | www.ya.ru | tcp |
| RU | 77.88.44.242:443 | www.ya.ru | tcp |
| GB | 172.165.69.228:443 | nav.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 242.44.88.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ya.ru | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | rsload.net | udp |
| AT | 193.233.233.233:443 | rsload.net | tcp |
| AT | 193.233.233.233:443 | rsload.net | tcp |
| AT | 193.233.233.233:443 | rsload.net | tcp |
| AT | 193.233.233.233:443 | rsload.net | tcp |
| AT | 193.233.233.233:443 | rsload.net | tcp |
| AT | 193.233.233.233:443 | rsload.net | tcp |
| AT | 193.233.233.233:443 | rsload.net | tcp |
| AT | 193.233.233.233:443 | rsload.net | tcp |
| AT | 193.233.233.233:443 | rsload.net | tcp |
| AT | 193.233.233.233:443 | rsload.net | tcp |
| AT | 193.233.233.233:443 | rsload.net | tcp |
| AT | 193.233.233.233:443 | rsload.net | tcp |
| AT | 193.233.233.233:443 | rsload.net | tcp |
| AT | 193.233.233.233:443 | rsload.net | tcp |
| AT | 193.233.233.233:443 | rsload.net | tcp |
| AT | 193.233.233.233:443 | rsload.net | tcp |
| RU | 88.212.202.52:443 | counter.yadro.ru | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| US | 8.8.8.8:53 | 233.38.18.104.in-addr.arpa | udp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| RU | 93.158.134.14:80 | clck.yandex.ru | tcp |
| RU | 95.142.42.153:443 | a.topsoft.site | tcp |
| RU | 5.45.205.243:80 | download.cdn.yandex.net | tcp |
| FI | 5.45.192.142:80 | cachev2-kiv-04.cdn.yandex.net | tcp |
| RU | 77.88.21.14:80 | clck.yandex.ru | tcp |
| RU | 77.88.21.14:80 | clck.yandex.ru | tcp |
| RU | 87.250.254.20:80 | soft.export.yandex.ru | tcp |
| US | 8.8.8.8:53 | f3.2rsload.ru | udp |
| RU | 5.182.5.108:443 | f3.2rsload.ru | tcp |
| RU | 5.182.5.108:443 | f3.2rsload.ru | tcp |
| US | 8.8.8.8:53 | f3.2rsload.ru | udp |
| US | 8.8.8.8:53 | f3.2rsload.ru | udp |
| RU | 5.182.5.108:443 | f3.2rsload.ru | tcp |
| RU | 93.158.134.14:80 | clck.yandex.ru | tcp |
| US | 8.8.8.8:53 | 108.5.182.5.in-addr.arpa | udp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| US | 8.8.8.8:53 | storage.ape.yandex.net | udp |
| RU | 87.250.251.66:443 | storage.ape.yandex.net | tcp |
| US | 8.8.8.8:53 | 66.251.250.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sba.yandex.net | udp |
| US | 8.8.8.8:53 | sba.yandex.net | udp |
| US | 8.8.8.8:53 | update.googleapis.com | udp |
| US | 8.8.8.8:53 | update.googleapis.com | udp |
| US | 8.8.8.8:53 | api.browser.yandex.ru | udp |
| US | 8.8.8.8:53 | api.browser.yandex.ru | udp |
| US | 8.8.8.8:53 | sovetnik.market.yandex.ru | udp |
| US | 8.8.8.8:53 | sovetnik.market.yandex.ru | udp |
| US | 8.8.8.8:53 | browser.yandex.ru | udp |
| US | 8.8.8.8:53 | browser.yandex.ru | udp |
| US | 8.8.8.8:53 | neuro.translate.yandex.ru | udp |
| US | 8.8.8.8:53 | neuro.translate.yandex.ru | udp |
| US | 8.8.8.8:53 | browser-resources.s3.yandex.net | udp |
| US | 8.8.8.8:53 | browser-resources.s3.yandex.net | udp |
| GB | 172.217.169.67:443 | update.googleapis.com | tcp |
| RU | 77.88.21.232:443 | sba.yandex.net | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| US | 8.8.8.8:53 | 300.ya.ru | udp |
| US | 8.8.8.8:53 | 300.ya.ru | udp |
| RU | 93.158.134.158:443 | browser-resources.s3.yandex.net | tcp |
| RU | 93.158.134.158:443 | browser-resources.s3.yandex.net | tcp |
| RU | 93.158.134.158:443 | browser-resources.s3.yandex.net | tcp |
| RU | 93.158.134.121:443 | 300.ya.ru | tcp |
| RU | 87.250.250.41:443 | sovetnik.market.yandex.ru | tcp |
| RU | 87.250.251.20:443 | neuro.translate.yandex.ru | tcp |
| RU | 93.158.134.121:443 | 300.ya.ru | tcp |
| US | 8.8.8.8:53 | api.browser.yandex.net | udp |
| US | 8.8.8.8:53 | api.browser.yandex.net | udp |
| RU | 77.88.21.232:443 | sba.yandex.net | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| RU | 93.158.134.121:443 | 300.ya.ru | tcp |
| US | 8.8.8.8:53 | browser-resources.s3.yandex.net | udp |
| US | 8.8.8.8:53 | browser-resources.s3.yandex.net | udp |
| US | 8.8.8.8:53 | 67.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.21.88.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdnrepfu6rku5qba3zpu.svc.cdn.yandex.net | udp |
| US | 8.8.8.8:53 | cdnrepfu6rku5qba3zpu.svc.cdn.yandex.net | udp |
| RU | 37.9.64.225:443 | cdnrepfu6rku5qba3zpu.svc.cdn.yandex.net | tcp |
| US | 8.8.8.8:53 | yastatic.net | udp |
| US | 8.8.8.8:53 | yastatic.net | udp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| US | 8.8.8.8:53 | api.browser.yandex.net | udp |
| US | 8.8.8.8:53 | api.browser.yandex.net | udp |
| US | 8.8.8.8:53 | 158.134.158.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.134.158.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.250.250.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.251.250.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.64.9.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.35.104.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.131.154.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | yastatic.net | udp |
| US | 8.8.8.8:53 | yastatic.net | udp |
| US | 8.8.8.8:53 | cloudcdn-ams03.cdn.yandex.net | udp |
| US | 8.8.8.8:53 | cloudcdn-ams03.cdn.yandex.net | udp |
| RU | 178.154.131.215:443 | yastatic.net | tcp |
| RU | 178.154.131.215:443 | yastatic.net | tcp |
| RU | 178.154.131.215:443 | yastatic.net | tcp |
| US | 8.8.8.8:53 | browser-resources.s3.yandex.net | udp |
| US | 8.8.8.8:53 | browser-resources.s3.yandex.net | udp |
| NL | 5.45.247.56:443 | cloudcdn-ams03.cdn.yandex.net | tcp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| RU | 93.158.134.121:443 | 300.ya.ru | tcp |
| RU | 93.158.134.158:443 | browser-resources.s3.yandex.net | tcp |
| US | 8.8.8.8:53 | webntp.yandex.ru | udp |
| US | 8.8.8.8:53 | webntp.yandex.ru | udp |
| US | 8.8.8.8:53 | yandex.ru | udp |
| US | 8.8.8.8:53 | yandex.ru | udp |
| US | 8.8.8.8:53 | 215.131.154.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.247.45.5.in-addr.arpa | udp |
| RU | 213.180.204.196:443 | webntp.yandex.ru | tcp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| RU | 77.88.55.88:443 | yandex.ru | tcp |
| US | 8.8.8.8:53 | uid.yandex.ru | udp |
| US | 8.8.8.8:53 | uid.yandex.ru | udp |
| US | 8.8.8.8:53 | sso.passport.yandex.ru | udp |
| US | 8.8.8.8:53 | sso.passport.yandex.ru | udp |
| US | 8.8.8.8:53 | api.browser.yandex.ru | udp |
| US | 8.8.8.8:53 | api.browser.yandex.ru | udp |
| RU | 87.250.251.119:443 | mc.yandex.ru | tcp |
| RU | 87.250.254.216:443 | uid.yandex.ru | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| RU | 77.88.21.232:443 | sba.yandex.net | tcp |
| RU | 77.88.21.232:443 | sba.yandex.net | tcp |
| RU | 93.158.134.144:443 | sso.passport.yandex.ru | tcp |
| RU | 93.158.134.144:443 | sso.passport.yandex.ru | tcp |
| RU | 77.88.55.88:443 | yandex.ru | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| US | 8.8.8.8:53 | sso.ya.ru | udp |
| US | 8.8.8.8:53 | sso.ya.ru | udp |
| US | 8.8.8.8:53 | sso.dzen.ru | udp |
| US | 8.8.8.8:53 | sso.dzen.ru | udp |
| RU | 93.158.134.144:443 | sso.ya.ru | tcp |
| RU | 62.217.160.14:443 | sso.dzen.ru | tcp |
| RU | 93.158.134.144:443 | sso.ya.ru | tcp |
| RU | 62.217.160.14:443 | sso.dzen.ru | tcp |
| US | 8.8.8.8:53 | 196.204.180.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.55.88.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.254.250.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.134.158.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.160.217.62.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | mc.yandex.com | udp |
| US | 8.8.8.8:53 | mc.yandex.com | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:53 | mc.yandex.com | udp |
| US | 8.8.8.8:53 | mc.yandex.com | udp |
| RU | 93.158.134.119:443 | mc.yandex.com | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:53 | 119.134.158.93.in-addr.arpa | udp |
| RU | 178.154.131.215:443 | yastatic.net | tcp |
| RU | 213.180.204.158:443 | tcp | |
| RU | 213.180.204.158:443 | tcp | |
| RU | 213.180.204.158:443 | tcp | |
| RU | 213.180.204.158:443 | tcp | |
| RU | 213.180.204.158:443 | tcp | |
| RU | 213.180.204.158:443 | tcp | |
| US | 8.8.8.8:53 | 158.204.180.213.in-addr.arpa | udp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| RU | 77.88.55.242:443 | ya.ru | tcp |
| US | 8.8.8.8:53 | 242.55.88.77.in-addr.arpa | udp |
| RU | 77.88.21.37:443 | tcp | |
| RU | 77.88.21.37:443 | tcp | |
| US | 8.8.8.8:53 | 37.21.88.77.in-addr.arpa | udp |
| RU | 178.154.131.215:443 | yastatic.net | tcp |
| RU | 93.158.134.36:443 | tcp | |
| RU | 87.250.247.182:443 | tcp | |
| RU | 87.250.254.20:443 | soft.export.yandex.ru | tcp |
| US | 8.8.8.8:53 | 36.134.158.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.247.250.87.in-addr.arpa | udp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | fex.net | udp |
| US | 172.67.202.114:80 | fex.net | tcp |
| US | 8.8.8.8:53 | fex.net | udp |
| US | 172.67.202.114:80 | fex.net | tcp |
| US | 8.8.8.8:53 | fex.net | udp |
| US | 172.67.202.114:443 | fex.net | tcp |
| US | 8.8.8.8:53 | 114.202.67.172.in-addr.arpa | udp |
| US | 172.67.202.114:443 | fex.net | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | api.fex.net | udp |
| US | 8.8.8.8:53 | 74.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.169.217.172.in-addr.arpa | udp |
| US | 172.67.202.114:443 | api.fex.net | tcp |
| US | 172.67.202.114:443 | api.fex.net | tcp |
| US | 8.8.8.8:53 | api.fex.net | udp |
| US | 8.8.8.8:53 | api.fex.net | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| GB | 142.250.179.227:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 172.67.202.114:443 | api.fex.net | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| GB | 142.250.179.227:443 | www.google.co.uk | udp |
| CH | 157.240.17.15:443 | scontent.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | c.hit.ua | udp |
| US | 8.8.8.8:53 | aj1913.online | udp |
| US | 8.8.8.8:53 | c.hit.ua | udp |
| UA | 89.184.81.35:443 | c.hit.ua | tcp |
| US | 8.8.8.8:53 | c.hit.ua | udp |
| GB | 64.233.167.157:443 | stats.g.doubleclick.net | tcp |
| US | 212.124.124.19:443 | aj1913.online | tcp |
| US | 8.8.8.8:53 | aj1913.online | udp |
| US | 212.124.124.19:443 | aj1913.online | tcp |
| CH | 157.240.17.15:443 | scontent.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | aj1913.online | udp |
| GB | 64.233.167.157:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 227.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.17.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.81.184.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.167.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.124.124.212.in-addr.arpa | udp |
| US | 212.124.124.19:443 | aj1913.online | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| CH | 157.240.17.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | star-mini.c10r.facebook.com | udp |
| US | 8.8.8.8:53 | star-mini.c10r.facebook.com | udp |
| CH | 157.240.17.35:443 | star-mini.c10r.facebook.com | udp |
| US | 8.8.8.8:53 | cdn77.aj1913.online | udp |
| US | 8.8.8.8:53 | 2.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.17.240.157.in-addr.arpa | udp |
| GB | 84.17.50.9:443 | cdn77.aj1913.online | tcp |
| US | 8.8.8.8:53 | 1009427042.rsc.cdn77.org | udp |
| US | 8.8.8.8:53 | 9.50.17.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| GB | 172.217.169.2:443 | ep1.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| GB | 172.217.169.2:443 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| GB | 216.58.212.193:443 | ep2.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| GB | 216.58.212.193:443 | ep2.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | 2.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aj1913.online | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| GB | 142.250.200.14:443 | fundingchoicesmessages.google.com | tcp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| GB | 142.250.200.14:443 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 142.250.200.14:443 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | googlehosted.l.googleusercontent.com | udp |
| GB | 216.58.201.97:443 | googlehosted.l.googleusercontent.com | tcp |
| GB | 142.250.200.14:443 | www3.l.google.com | tcp |
| GB | 142.250.200.14:443 | www3.l.google.com | tcp |
| GB | 216.58.201.97:443 | googlehosted.l.googleusercontent.com | udp |
| US | 8.8.8.8:53 | 97.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | 226.16.217.172.in-addr.arpa | udp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | aj1913.online | udp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | fs.fex.net | udp |
| UA | 194.106.216.231:443 | fs.fex.net | tcp |
| UA | 194.106.216.231:443 | fs.fex.net | tcp |
| US | 8.8.8.8:53 | fs.fex.net | udp |
| US | 8.8.8.8:53 | fs.fex.net | udp |
| US | 8.8.8.8:53 | fs41.fex.net | udp |
| US | 8.8.8.8:53 | 231.216.106.194.in-addr.arpa | udp |
| UA | 194.106.216.148:443 | fs41.fex.net | tcp |
| US | 8.8.8.8:53 | fs41.fex.net | udp |
| UA | 194.106.216.148:443 | fs41.fex.net | tcp |
| US | 8.8.8.8:53 | fs41.fex.net | udp |
| US | 8.8.8.8:53 | 148.216.106.194.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 32d05d01d96358f7d334df6dab8b12ed |
| SHA1 | 7b371e4797603b195a34721bb21f0e7f1e2929da |
| SHA256 | 287349738fb9020d95f6468fa4a98684685d0195ee5e63e717e4b09aa99b402e |
| SHA512 | e7f73b1af7c7512899728708b890acd25d4c68e971f84d2d5bc24305f972778d8bced6a3c7e3d9f977cf2fc82e0d9e3746a6ccb0f9668a709ac8a4db290c551c |
\??\pipe\LOCAL\crashpad_4632_XOTVXFFQJPCHEFGJ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ea12c7c0-812c-4151-a9e1-46b205f36534.tmp
| MD5 | e5e3377341056643b0494b6842c0b544 |
| SHA1 | d53fd8e256ec9d5cef8ef5387872e544a2df9108 |
| SHA256 | e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25 |
| SHA512 | 83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b5fffb9ed7c2c7454da60348607ac641 |
| SHA1 | 8d1e01517d1f0532f0871025a38d78f4520b8ebc |
| SHA256 | c8dddfb100f2783ecbb92cec7f878b30d6015c2844296142e710fb9e10cc7c73 |
| SHA512 | 9182a7b31363398393df0e9db6c9e16a14209630cb256e16ccbe41a908b80aa362fc1a736bdfa94d3b74c3db636dc51b717fc31d33a9fa26c3889dec6c0076a7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 89bb7a6133ba4c6743a8d39b75720750 |
| SHA1 | 5785747a92ceefd29e99128143c52c3b8645ea99 |
| SHA256 | 19f335a8d813c8a41ac81c45d780cb2595f8d81a9014dd0ee0537e52f8325c33 |
| SHA512 | d1ac79590dc02ef2702e6b32d38bb8b7fbc428c93fa42761af9b97b361a99917e0c6b7724e5d3ce603659493c3a22fdbe0915ac12c05d34c5ba14502af46cbae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 6e466bd18b7f6077ca9f1d3c125ac5c2 |
| SHA1 | 32a4a64e853f294d98170b86bbace9669b58dfb8 |
| SHA256 | 74fc4f126c0a55211be97a17dc55a73113008a6f27d0fc78b2b47234c0389ddc |
| SHA512 | 9bd77ee253ce4d2971a4b07ed892526ed20ff18a501c6ba2a180c92be62e4a56d4bbf20ba3fc4fbf9cf6ce68b3817cb67013ad5f30211c5af44c1e98608cb9e3 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 771b8ee579ca9b758a9cae305c4ec64b |
| SHA1 | 9449ea9150543a7928af38f3277ab36cde0e0ef7 |
| SHA256 | 24b685c6a1620f177bca11e854f1135ee77c48d59f5122f45b2c5544e9964c41 |
| SHA512 | 5812747d913ffda4b8bc98d8f031e6316b6972b69bf3539db2bb5b5e3b5f41590cdde6b0436d7f7123e350b0d23092fa1c9674760c1eb72c52f3d03526681da6 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 0fe9e9f0168c31fa72495a5b15ad0361 |
| SHA1 | 940422a638503953757e88469d23a86d949b026a |
| SHA256 | b3494a8b69a01970dd47491955d666bfb479f286a278d3cd369a8924df6f96dc |
| SHA512 | 69118f7fed2eacf54d0f3e99a9072de3326cd583c50330aa7e7c18bdac7350014aad956790f25183b184236783fc6ffeabed89101cb70a6f62b8986b5191cdd1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 8f8f14f4a824f7476eb8242cc9b6bfb9 |
| SHA1 | b9e34055f212c283714c7cf09bd950f9334058a8 |
| SHA256 | 0781f0a68cfa0ae1404e481bab049a3054269e5b8344685af677335a2e5b91ef |
| SHA512 | f4ce06f9b760651292b06e646f5ea3ea9c3d2e6e9face7f4ca2d0a1fe3b36b5d4668a120d792b38f13d45564f00af350ba2f4072d59f62b041fc882497ed7e74 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9b3d6c223ad5fb64c0c80577bc9a8ce0 |
| SHA1 | 1b134eec30fb1c10bf1a53bc6fe14624fabb505f |
| SHA256 | 66b461b6d377c2f3e2a63daed5cf84c81f47b42c4eed4911e956ed01a1816959 |
| SHA512 | 3ece0f4ad88b663225611853870f9675394d62df3be4d5323588e6d62318f9df652c5fed9ea94d443021bbeebb4365f22039ce62e2f920c871bc62c46d97ab5c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | ac2b76299740efc6ea9da792f8863779 |
| SHA1 | 06ad901d98134e52218f6714075d5d76418aa7f5 |
| SHA256 | cc35a810ed39033fa4f586141116e74e066e9c0c3a8c8a862e8949e3309f9199 |
| SHA512 | eec3c24ce665f00cd28a2b60eb496a685ca0042c484c1becee89c33c6b0c93d901686dc0142d3c490d349d8b967ecbbd2f45d26c64052fb41aad349100bd8f77 |
C:\Users\Admin\AppData\Local\Temp\7zEC1712168\locales\resources\Data\level4.resS
| MD5 | 64d183ad524dfcd10a7c816fbca3333d |
| SHA1 | 5a180d5c1f42a0deaf475b7390755b3c0ecc951c |
| SHA256 | 5a666340f42f0f985772024d90a83d15c9a241a68d58205cd4afbb1a31f1621a |
| SHA512 | 3cab59dff09981f49d1070fba06a781439bb1ea2dae0cfcb937d9875bbe9e866be2c951cfc6a3ca4a92aea79dd3e9c4792a765f5a06f230a57dabcab2f0b3c1e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 177b39b4b3e3b957502ddbdcebbbab7a |
| SHA1 | c383d6f68c24abb25b0abb1591c5054654ce75ac |
| SHA256 | e5e138634fe7323d49ffbe89352087d4e29590a2e57fea08a20fc15d6479f913 |
| SHA512 | 87323efe564e46130bc0e52a96c1aa2d23ff2d0e31f5576e6ea46f209808f37f8526681c042ea16ace3b4337032bb20ff30ca1a6c27009b8564e7719feca7876 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe5879bf.TMP
| MD5 | 2800881c775077e1c4b6e06bf4676de4 |
| SHA1 | 2873631068c8b3b9495638c865915be822442c8b |
| SHA256 | 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974 |
| SHA512 | e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | b6771735d83939bcc328914272e0351b |
| SHA1 | dd6537983cf4e75c4bd8fa9d7fdea91e3702811b |
| SHA256 | a6d158b55a00818219ec162230cd113393383a20bee687034c00c7e07dd7bae0 |
| SHA512 | 2c6e5063418bf44ba881865e4121c53f3709f863f933a890bd984ebc0f8a57f5ee5d2c59dfe31a7b0c8fe227767398df11a001f360a4584075d7c947279636cc |
C:\Users\Admin\AppData\Local\Temp\7zEC1771E59\Unlock_Tool_v2.6.0.exe
| MD5 | fbaaa5e61fe81ba6a7da0b7042ed0113 |
| SHA1 | 7f726909fd173c37c8fd4fa335c0fdeca1cbc3e7 |
| SHA256 | 7fb0410c958f377fc2aa999146c82a33ea395c84d42ae5ea4c8e1d8d05e40e5f |
| SHA512 | d345ea17292553bedf5501df222472989a1a2a5c7b302827edc1cfc1d99ea820ab5238cc18e771c8934c50dcab31f8e8bc35686d8fd5933b6d1efd39be45637a |
C:\Users\Admin\AppData\Local\Temp\7zEC1771E59\locales\resources\Data\sharedassets0.assets.resS
| MD5 | db887602126900f414e141c698776204 |
| SHA1 | 4cf6ac2535552718bfd28162c15ec0ab0545c58b |
| SHA256 | 7bf15ec0a512b66a888f0d08960c2815e971ea608f93e99cb76d697680bf5c2e |
| SHA512 | 0e162b6623cbd87f73859fbf03217e4afad603304b823a44da9905559251984a05e4651232957f7308a7a4b723b9f29279ab010ae76eb93cd819306b1ce19927 |
C:\Users\Admin\Downloads\Unlock_Tool\Readme.txt
| MD5 | 1c06691ec856e98a333ce2f916950275 |
| SHA1 | 63fac46729740dd012cd484f5f9ce6f241555ce8 |
| SHA256 | a14f94cfd51b5110e71b329b6f3f00188ea33878d8a16a3cb59c3bd3bb652308 |
| SHA512 | d518f69edbf1ac4653b48f94da13915557dd3aa6b586e651016969aede3500d272907ed7874f5ee4101b699790f293e4a41b1147cc8516c829a38d97780465d3 |
memory/5376-1822-0x0000000000400000-0x0000000000659000-memory.dmp
memory/5376-1824-0x0000000000400000-0x0000000000659000-memory.dmp
memory/5376-1826-0x0000000000400000-0x0000000000659000-memory.dmp
memory/5376-1844-0x0000000000400000-0x0000000000659000-memory.dmp
memory/5376-1845-0x0000000000400000-0x0000000000659000-memory.dmp
memory/5376-1846-0x000000001C600000-0x000000001C85F000-memory.dmp
memory/5376-1852-0x0000000000400000-0x0000000000659000-memory.dmp
memory/5376-1853-0x0000000000400000-0x0000000000659000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | 7212cdb66da6620715fc5df56a44abbf |
| SHA1 | 1cfcecf82010f661d9d1d5c52b8b354f0f5d7c1a |
| SHA256 | 090cad83ff9000af78aa34b0e8f0b043b84769e4cd09f838d4af71e034e4fa6a |
| SHA512 | 64e623eb59f1a70ee9e1ddb9a79c5fda65d4b6af8e6deb5ba5ef5d84ebf8345f05afec609ba3db286428a87cea8e12355e7a6089402062c84f70cadb929278c8 |
memory/5376-1887-0x0000000000400000-0x0000000000659000-memory.dmp
memory/5376-1888-0x0000000000400000-0x0000000000659000-memory.dmp
memory/5376-1889-0x0000000000400000-0x0000000000659000-memory.dmp
memory/5376-1890-0x0000000000400000-0x0000000000659000-memory.dmp
memory/5376-1891-0x0000000000400000-0x0000000000659000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 27f901eb28224e1d93a565076614e1e9 |
| SHA1 | c172fc1e18e8a0764eb5a6e9eea38374035f0fb7 |
| SHA256 | 5f11beac6998499aff5a90f4f3a0b81f50076584f68b95833c0530fe50bdecc3 |
| SHA512 | e8fa3ec00f55ff0caea0c43904e6a426a6d98fe42fbe0f1cb0d05604290ce80d1fa85e047e529e9a77b7c79a8def708c226aa111a1078a839f9fbd8f51d3fd80 |
memory/5376-1893-0x0000000000400000-0x0000000000659000-memory.dmp
memory/5376-1894-0x0000000000400000-0x0000000000659000-memory.dmp
memory/5376-1895-0x0000000000400000-0x0000000000659000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4a83a0b7acd9409662c1f2034baecdec |
| SHA1 | 3eb1a84f9ac422e00ec6340e72d1957add6ca887 |
| SHA256 | 6defe1e5ed70f10d7ef216ddfeb994d836531025c02de4755ebcc52541e4a931 |
| SHA512 | a10665dfc737876f44c28d641354a73847eb676252d08eeba24ccdc6c039577646572af87c6342c32c4d196c482aca641b1804339f8026471f0d4b1e5c16c100 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce1330282e251ac424329e8f52673562 |
| SHA1 | 8a9091ad1aca4692680760c5456669a0e3141b1c |
| SHA256 | 9beebdb7a254e62e0d38cfa66715300c65243526bcdcc7b67c7cf3aa2435851f |
| SHA512 | c02fabe46c5f7c1ffbf3dea63f0a99ad5af601ce2030a9bb502705104291af62b888c87f995777ba53480ed18dab6ec44525c8e554d4b051a40943b69c3e3e63 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettings
| MD5 | f222079e71469c4d129b335b7c91355e |
| SHA1 | 0056c3003874efef229a5875742559c8c59887dc |
| SHA256 | e713c1b13a849d759ebaa6256773f4f1d6dfc0c6a4247edaa726e0206ecacb00 |
| SHA512 | e5a49275e056b6628709cf6509a5f33f8d1d1e93125eaa6ec1c7f51be589fd3d8ea7a59b9639db586d76a994ad3dc452c7826e4ac0c8c689dd67ff90e33f0b75 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUris_638343870221005468
| MD5 | 3a05eaea94307f8c57bac69c3df64e59 |
| SHA1 | 9b852b902b72b9d5f7b9158e306e1a2c5f6112c8 |
| SHA256 | a8ef112df7dad4b09aaa48c3e53272a2eec139e86590fd80e2b7cbd23d14c09e |
| SHA512 | 6080aef2339031fafdcfb00d3179285e09b707a846fd2ea03921467df5930b3f9c629d37400d625a8571b900bc46021047770bac238f6bac544b48fb3d522fb0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUris
| MD5 | 6a3a60a3f78299444aacaa89710a64b6 |
| SHA1 | 2a052bf5cf54f980475085eef459d94c3ce5ef55 |
| SHA256 | 61597278d681774efd8eb92f5836eb6362975a74cef807ce548e50a7ec38e11f |
| SHA512 | c5d0419869a43d712b29a5a11dc590690b5876d1d95c1f1380c2f773ca0cb07b173474ee16fe66a6af633b04cc84e58924a62f00dcc171b2656d554864bf57a4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\topTraffic_638004170464094982
| MD5 | e9c502db957cdb977e7f5745b34c32e6 |
| SHA1 | dbd72b0d3f46fa35a9fe2527c25271aec08e3933 |
| SHA256 | 5a6b49358772db0b5c682575f02e8630083568542b984d6d00727740506569d4 |
| SHA512 | b846e682427cf144a440619258f5aa5c94caee7612127a60e4bd3c712f8ff614da232d9a488e27fc2b0d53fd6acf05409958aea3b21ea2c1127821bd8e87a5ca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\topTraffic
| MD5 | 52e2839549e67ce774547c9f07740500 |
| SHA1 | b172e16d7756483df0ca0a8d4f7640dd5d557201 |
| SHA256 | f81b7b9ce24f5a2b94182e817037b5f1089dc764bc7e55a9b0a6227a7e121f32 |
| SHA512 | d80e7351e4d83463255c002d3fdce7e5274177c24c4c728d7b7932d0be3ebcfeb68e1e65697ed5e162e1b423bb8cdfa0864981c4b466d6ad8b5e724d84b4203b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettings_2.0-2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1
| MD5 | 6698422bea0359f6d385a4d059c47301 |
| SHA1 | b1107d1f8cc1ef600531ed87cea1c41b7be474f6 |
| SHA256 | 2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1 |
| SHA512 | d0cdb3fa21e03f950dbe732832e0939a4c57edc3b82adb7a556ebd3a81d219431a440357654dfea94d415ba00fd7dcbd76f49287d85978d12c224cbfa8c1ad8d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
| MD5 | 838a7b32aefb618130392bc7d006aa2e |
| SHA1 | 5159e0f18c9e68f0e75e2239875aa994847b8290 |
| SHA256 | ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa |
| SHA512 | 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
| MD5 | ac7814a1f41ae4c00d5fe4d0ca7e9239 |
| SHA1 | b08733a0e66d7638c882bad930ab12b734fa49d6 |
| SHA256 | 13fbb3e9c762f5c9ad7812430cba5d7a898911842930be6a0993835051808768 |
| SHA512 | 15d0b453c2d60e0c55cddb43d090f06e80d811b0f16489fd7127096bed72cc8a77fab3ca453d55e3290b542f630f6dbcde0f4661f7bd4f182eebea983d1a9230 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
| MD5 | 9744b3b2feacb229f78d98b45573fa67 |
| SHA1 | f3a618c11242bb40ae8d72c4e499d53acd8585c4 |
| SHA256 | e52272f1236f481f92092c792104d20dda489c79855920d7717364b45b3030d1 |
| SHA512 | c1d94c3859abac9e1d04e9f8ecf3a3b421c9764d810d44f26504a1942f3b1078884f4ac685e31e2fb0fb9a645502ab0d2db570be784a6be46b5e560b8ae27bf5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
| MD5 | eed9facaba497c63693a1c28e99c327c |
| SHA1 | 5bd2c62f63667deb95a0e6bc0009b35d620304e4 |
| SHA256 | 709fba6e1220189f1129a7398cc785177d1207ef7a7bc638cf383a7d53d79ee4 |
| SHA512 | 4a6e08577c14613374b4fe054994c7543ec0f6a8428e457dcf0d77fbac3b9e6e8a0b00b6d10b3c625146fe4cd81cebed8a3ec83dd267aaf9c0b4e964af0c216b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 86d1756f5504d4a828bfcf461e8cfb3c |
| SHA1 | 636a8fad361602241076b53ad569c415bce1e390 |
| SHA256 | ef60062402421a818f3d986ad848da42f7206bb5e875cb831662fa482c84f9c6 |
| SHA512 | 5eeed0fd542b6521b6034f01183dd8a5858d8c03e81e14a29d857e696816f14a7e33370892474418e6cc524f2a68441ecf64a127b1811ed0fd2ce14a27cf6b00 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | 26ddda29f5efcf588449697167b1877d |
| SHA1 | 775b26f3d0d9e6bd7f0559d0d516dd6959ce3113 |
| SHA256 | 70ab63fc2a1793acdb382a9d0a43ee9d32b94760181d907d44be6b1e6bd11b68 |
| SHA512 | a9d0ec735f8febadb417558f6ff49e42e35934124b7dbba1e35d3e178c7f8776a8e59fd90da4105ec63f6ea63e9bcb976df9e293a66b10106cb9d3d8b188a9cf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13376070387491798
| MD5 | 68e9820f83cf020bda0a7a4cad5ac52f |
| SHA1 | 5ab3c57e124d5e52fa40034f8ffa4ab6478fd40c |
| SHA256 | 144e41853606e75faa3a6f9e7add661178924b20be6fbe0e62f948a0b4ca0c29 |
| SHA512 | c522029fed03557f98d0deea1dc0a789fc9a324f3da626ba47f5a12646914680a9725b58d437834c49e56c3039fc2b2542616e4ee676a293be16abe2e53d9205 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
| MD5 | 6467c5a0fe6a36b70096b6e1d93ba622 |
| SHA1 | 42886230c02516348d9287bb5e8e85a348ac5853 |
| SHA256 | 5a849bfdc41e6f21c8d8818d1ad47afcf7735e49cd6a5f602f15a3eecb690ce9 |
| SHA512 | 9a73b1e3984f04a6d33802139e642ab7337bfe1bb96d988d4937139a98dcae08acf4656de87a2d247694d40cc7ab9bec17d5eb64304862f4d79524d553dcf49b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\58a9239d-b7dc-4db8-8afe-9767ece94888.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
| MD5 | f70aa3fa04f0536280f872ad17973c3d |
| SHA1 | 50a7b889329a92de1b272d0ecf5fce87395d3123 |
| SHA256 | 8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8 |
| SHA512 | 30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
| MD5 | 9ff8fd7a46ecb2d1767c5c08a68f47e0 |
| SHA1 | 0a0a2f9e0b769ff56b236cbb69f065ae0c923970 |
| SHA256 | 979ca4b11b831de0fbca12191274afd9b77e97b9e76ce9ec49cec6cc408b4ffb |
| SHA512 | 8bb756d73d62ed317885dbfad200c133db005ccf9e42060408362fcd323d5862c47ee55180a7418482a7a78fff312c76d51f9c4211293738e58cf8ef9593f2fb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Top Sites
| MD5 | f44dc73f9788d3313e3e25140002587c |
| SHA1 | 5aec4edc356bc673cba64ff31148b934a41d44c4 |
| SHA256 | 2002c1e5693dd638d840bb9fb04d765482d06ba3106623ce90f6e8e42067a983 |
| SHA512 | e556e3c32c0bc142b08e5c479bf31b6101c9200896dd7fcd74fdd39b2daeac8f6dc9ba4f09f3c6715998015af7317211082d9c811e5f9e32493c9ecd888875d7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal
| MD5 | 426f43bcf0b8f537c2462b44b87ad537 |
| SHA1 | 69fd1c2f41a8a1ac5687346ac035ac2dcee8b64d |
| SHA256 | 920b57c14c37bd1bcd13567f44d99374ad66131a3e8c665306dc4fe6f67475df |
| SHA512 | 5625e8afabd414de6ff70052382d20539e2b3e6c26fbcf0ee54021a7ae99d9ba3f538aabb9466fb0ade584697b377989f50fa4db1d35854a2d2da680f81ed76c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
| MD5 | d0d388f3865d0523e451d6ba0be34cc4 |
| SHA1 | 8571c6a52aacc2747c048e3419e5657b74612995 |
| SHA256 | 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b |
| SHA512 | 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\index
| MD5 | 0eb05c499bd4b9390d38d0a710ee38f3 |
| SHA1 | 99e98a40ddcb7f2cbe67354f827cdfdfbc06f4f0 |
| SHA256 | 367199bdbbaf4fe40c2342edee45f41fe2ae248690d211528ba31f990b0a4ff4 |
| SHA512 | dd51a09ed8526e9344bd99b67615d2d3611d71ae7c1942d0dbddd52b6fe3d82d41882fa77614a2a6e19a1bddd4248728687cae61a1851edea0cb835251e4a53a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
| MD5 | d9f84c8cf73422f2ca07d7e7462b9534 |
| SHA1 | cff6e092bf5bf1f3f47b7074847e204042a881ae |
| SHA256 | 5bf7b14dde109f722782628bbcf3011a23cd2416e7621a62b49ee0333cdec6c2 |
| SHA512 | 1ea893c62d64304c35b9086e2c7e760716ea5ce220bafb76632670fcd2f97eca5c6693ff98004a861b190060c47c9d97ac92b41e3b1da1a4e8f89d9638548c38 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index
| MD5 | fe00388e19e8111ead665fc5b772b35f |
| SHA1 | d323e5a3dc7459127182b737445199186c0c6636 |
| SHA256 | 89a5db9c7f9f57af2ad355c02360f11187c6f02728531746f5fdd919d537906c |
| SHA512 | fd70bcfb182f883fa677fef97d1798a75bb9ca1a9a664f966df8eabbe9a0f9e2c267495df07197409590511d657e76e20390e0151b1fd308d9797553ea1ce6da |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
| MD5 | 0aec31b8e56e821753e22dd623ae8cce |
| SHA1 | d13f53581ac532305e656d6085347d144dad406e |
| SHA256 | a84b984e460e54496a0f0dbebdd0c4d4a8b6082ab064f6c2bcac2e70b1b39564 |
| SHA512 | e6c41cc222eebfcc8848060de4bbdcc5cae531ac86b78b227c22642d41d25e2f2d86cf22e46316585e561d13e8bb0248a13cfcec6a4faaef828563ab8e41a5b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 659a12673dd8df5b013a4a4852158871 |
| SHA1 | 0615ee392022893a745ff0ce7fa0eebb5cab8608 |
| SHA256 | 23cce5a1fca707641a0bc2aad6145f866e80ba582e6c9d6353299bf7d56d5926 |
| SHA512 | 0f06f0bcf4fcc0de7444a684dc38a08d44aed53da6f96293d8c89c1e41e89430f468eb86e5f96e5675ffb186a62273c960045655acbe1f1047f50542fa963ca0 |
memory/5376-1958-0x0000000000400000-0x0000000000659000-memory.dmp
memory/5376-1959-0x0000000000400000-0x0000000000659000-memory.dmp
memory/5376-1960-0x0000000000400000-0x0000000000659000-memory.dmp
memory/5376-1962-0x0000000000400000-0x0000000000659000-memory.dmp
memory/5376-1961-0x0000000000400000-0x0000000000659000-memory.dmp
memory/5376-1963-0x0000000000400000-0x0000000000659000-memory.dmp
memory/5376-1964-0x0000000000400000-0x0000000000659000-memory.dmp
memory/5376-1965-0x0000000000400000-0x0000000000659000-memory.dmp
memory/5376-1977-0x0000000000400000-0x0000000000659000-memory.dmp
memory/5376-1978-0x0000000000400000-0x0000000000659000-memory.dmp
memory/5376-1979-0x0000000000400000-0x0000000000659000-memory.dmp
memory/5376-1980-0x0000000000400000-0x0000000000659000-memory.dmp
memory/4900-1981-0x000001F235020000-0x000001F235021000-memory.dmp
memory/4900-1983-0x000001F235020000-0x000001F235021000-memory.dmp
memory/4900-1982-0x000001F235020000-0x000001F235021000-memory.dmp
memory/4900-1987-0x000001F235020000-0x000001F235021000-memory.dmp
memory/4900-1993-0x000001F235020000-0x000001F235021000-memory.dmp
memory/4900-1992-0x000001F235020000-0x000001F235021000-memory.dmp
memory/4900-1991-0x000001F235020000-0x000001F235021000-memory.dmp
memory/4900-1990-0x000001F235020000-0x000001F235021000-memory.dmp
memory/4900-1989-0x000001F235020000-0x000001F235021000-memory.dmp
memory/4900-1988-0x000001F235020000-0x000001F235021000-memory.dmp
memory/3388-1998-0x0000000000400000-0x0000000000659000-memory.dmp
memory/3388-1999-0x0000000000400000-0x0000000000659000-memory.dmp
memory/3388-2000-0x000000001A0A0000-0x000000001A2FF000-memory.dmp
memory/3388-2006-0x0000000000400000-0x0000000000659000-memory.dmp
memory/3388-2007-0x0000000000400000-0x0000000000659000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | 816ce061ec49c6a23fb6b7c8128948d5 |
| SHA1 | 6fa4065b3a254f59150f2c8ed953909284d655d1 |
| SHA256 | f74a15ea907e169cf0e6cd72379f42f3b8fa77fa05db3b811bafec7e2e0dea66 |
| SHA512 | 747c98bcb115b0f29004935017bd260fec8572ecb5686951d569553d5ace19d7adb0ad4cb732112ab6aaca68f84cacd97e509360ea74d66e280bb52a9bb18f3f |
memory/3388-2036-0x0000000000400000-0x0000000000659000-memory.dmp
memory/3388-2037-0x0000000000400000-0x0000000000659000-memory.dmp
memory/3388-2038-0x0000000000400000-0x0000000000659000-memory.dmp
memory/3388-2039-0x0000000000400000-0x0000000000659000-memory.dmp
memory/3388-2040-0x0000000000400000-0x0000000000659000-memory.dmp
memory/3388-2041-0x0000000000400000-0x0000000000659000-memory.dmp
memory/3388-2042-0x0000000000400000-0x0000000000659000-memory.dmp
memory/3388-2043-0x0000000000400000-0x0000000000659000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f6bf3142ed20e52f909c37c4a016aa1a |
| SHA1 | 4b39f7e4c70db898d0decd759d0997a573b1f9c9 |
| SHA256 | 07b3aefcafef34945d8e7707236ee7df002b4cc9f9372cb02ec52bb7999c12a6 |
| SHA512 | 0a515b35caf5a97c54b045a998ad0cb238bb901a9fe229eda7f9511a4dd9f56dbece21f84efd7c001c59dc2523eb7b55ac585cf633e78d2f4cf91384a91c24b7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\6d54f59c-021f-49f2-a624-9ed0af3e7d9d.dmp
| MD5 | a9d9303739ad44322f97435bfc50bcc5 |
| SHA1 | 6238f5afc1437190376497d33e2b38a212cb4423 |
| SHA256 | 71434d3a21bfb001b3266cfb6489ba39ec6707f095424e29dca34a38a1ba6d01 |
| SHA512 | 5160309e308d3650130e197baeb9680b0fba4d43973514a3c4d8580e178b87ca5e97495c4878da6b1e1a5c6f6636a19ac94ad5dab514a95388b4620f5df50611 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 878ce56a96f69088f9645223d04bd1f7 |
| SHA1 | 24bd11505418efbf6715c21f5796de6d04537130 |
| SHA256 | 603aeb8cf1c408ef5084b22010cc49088b07c2ab0d73847c5be6a9a7bef8427d |
| SHA512 | e979e94472cd1150c7c2d71ca19f289cc5315dab715353bbd70d481f16ba62551e964d7a1cc01038e37056e4a27441f7043835bdb43c08c3883204cdec2804df |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\5bcfffde-4f37-472a-915a-7d0196b60af0.dmp
| MD5 | eb6921dbe78365a4fd20e4a1b89633c3 |
| SHA1 | 6997499c4ac2336b215a93f637661feb8c6961eb |
| SHA256 | 001214ffa046d6936d0f9770d862e0a681b90b7d880089cc9ca90e39df4f38b4 |
| SHA512 | b6f5e2002888abf4f2a035eff5cf1953e2f9cfb8e44d45836a6c3ae04fa04431f472dc85a32bac1be6db204f66fa3a79b44b3f5582b06d13b10b514eeec3031c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 3a50d9bac3d145306a15be7e9f534082 |
| SHA1 | 3a67c84a0eb935f8ab057dff460f6cb63dd71127 |
| SHA256 | 67237bb60db5c37fdb7fde2d8f4982bf6ad25132914d69fd246c711e751ceff5 |
| SHA512 | 9ab7a62b7758f1b53db138386bbb26f9699b25515fa7ab5ae666fba1d48199b94c123a2eacd62fa97348c538f5c7a298dbc2f625fc79f0d20e43ceaff8a92328 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\aa694eb2-ebae-40bd-8627-8a135c9c20da.dmp
| MD5 | 39ecf31aed83b0de23f284ecd012711e |
| SHA1 | 56308be08c3f9d596fecef85a8b43bd291042def |
| SHA256 | dc1d1d9cd70458d7c3705a0c97fa9ed6604fa63e869cc07f363b7b0c5febe4cd |
| SHA512 | 67feb8fb1cc632d0521dec20f6fc080386ef911c89abbda3c95e2258ba0951f8bdeb1a41df4f8540492f75a889bf8bb06b9e1e8ff8bfdc411649ea7b8addb167 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\64002cd9-94ef-4acf-ab5a-c97072f86782.dmp
| MD5 | 6cf75267d98f2390af48eb6b22a34ab6 |
| SHA1 | 5bb46c7058febf6617e2772888ae4b134a786fa2 |
| SHA256 | 9a0a7af24bfdae5b3c2dc4cbd59bc8858546741d6daa7f07623f7fe3b76be1a8 |
| SHA512 | 6bd49dfba5754928d365459ddc8073951ef6eeb7d2b0f45cbf97a64f60c7c7e128f95785ca69a387111d37d10d2917555e36b8670662c73c20ca6ae66a8c2087 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\d087ba63-c64e-4e6b-b444-f884558e4f21.dmp
| MD5 | b1fb68f60453d0a5ba471f005baaaefe |
| SHA1 | 0933b338cf311c460e27ff90ea873c29e84d4649 |
| SHA256 | 673651840f00ebbd795d036a8cae5b7b691e2f37b62791f44635d2772fd347b0 |
| SHA512 | 6cacc1004a8737b320912f408560f215bf797ea9139cec19cce972e2ae8853c4c054a69a80540fb4bed688479799ff6d28763507a21238aea901fdc48cc2cf1e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\459d1546-79e5-4730-8b2a-309cde807bb2.dmp
| MD5 | 65be6dc07e9efd743fdad846928b7911 |
| SHA1 | aa17ea1d6b4da56050203d376dec184336110c4d |
| SHA256 | be776f198a3a6d432a31eb8330b89ed55d14407c9bb9cc6c8c1b21590bd5a944 |
| SHA512 | 0c31a2ea9022689512903f51b61b02e15f51875aeccc8c26996664a3a07d2081e37dcc5c18201b17143a2205f7ab7a0b52170bb22f61aa8a34911a5060ac0835 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 7a46cc99bf4ae41fe9b8e99bf787f393 |
| SHA1 | 08190c67d8b789982e4d6be3682970a826512780 |
| SHA256 | b424a6a53b1dfd87011a26bc4bb83da6e78ed64afaa8b49021bff7cf0fa908b3 |
| SHA512 | 066e78273f8d1b13e00adcdaf0bb6bfe6964be6e4bb5693a414f4e5fbbadb5756bf22fb617105a05d6a2ee17cf8bbbf6b827204d9a0aeccd7ae3128a54f7c0ba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\1feda261-de69-4fee-bad2-299f695e8d61.dmp
| MD5 | 11b546141b41facb672047215632acc6 |
| SHA1 | 9eebade3959af643ebd7d4d7465a712c815ebda7 |
| SHA256 | f4e6e0486bd298cd6dba502e86dfb4fff271c92651038ad4e83e48d7327210cf |
| SHA512 | eb417ecd98b9577d6c381cda1785b2e5ba394ae1eada8b4ea3c5b1f9618c51557f0fa6c98b5ef14b1c6746c197941e95b942c5581a6da4c761a13f5292bce4ca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\6bc05c36-5461-45ac-8735-b8f1b7bae9ac.dmp
| MD5 | f46256d3f8184bccec1dcdd89b448c01 |
| SHA1 | 7ef09818cf17503c8000fc0927764597c4bea652 |
| SHA256 | b3cc9a7300392dc6008fecc83c0b7881ee0a011929743056a45944e9b44a5fae |
| SHA512 | 7f6b9942f850a48077a14b4675ff8a6a417ef93c8343fd876be04d1d0e5449d015d750432d43ed9d57b8b681643dfab749fd1e8c232e19a0d09ca0fa84c4be13 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata
| MD5 | f54cf19286d275f509c47cf21700c4a7 |
| SHA1 | 3113641000451da0f58f681d3a091862119c90cc |
| SHA256 | b82feedd3555755e27c1f134626353aa057b942ba90c93824a14796c5fa500bd |
| SHA512 | 60680fb732cffa53e019db611c0873cae96bc5ff6e28c4f7f5203dc1af967d090353dc604cac3d4904364763fd7bb928c9668d8ecd5005a441c3f91771aa4dd3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\d4919224-54e5-4815-80f2-cb7a83333b11.dmp
| MD5 | 93a690c7e301d60130db7d8640ecde3c |
| SHA1 | 9d772dea7d15590d1db101bcfa491f90dabb3981 |
| SHA256 | 368ededd97084434346781c9423ffefe9682647df925fedd82da98e64a077397 |
| SHA512 | c5206c1be38f3b43470c253c90c81a19ddd630f4ba6f40dc1d5f4fc3a92dd780db9951442c5ba1166341a2c6877ca19133064490b172fa8c4f3b06b2517e32a2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata
| MD5 | 88c801bc57d512017bc00ffeff3cc676 |
| SHA1 | 6361bf53f69f4d5a13465914ee4d32b7114c0f78 |
| SHA256 | b8ee07b887ae59d73e0b93661e00de1003bc5a926a4047f599da6944d9451697 |
| SHA512 | 80ff198c4ca13dc4dbbb0ec2be84211d0a95d7aabd12d9acbec40268ca3d94bea28f5b2ee7946ceeb2d8fb6d8dd112944fe764a4d4e04b1b095fdf1e73e63ef4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\31f808f6-6ae0-49b7-b495-a3abc6bf65c8.dmp
| MD5 | 5f591a21c534c06e52174e49db5a83de |
| SHA1 | 8daa05df3a5b2452367fd1e09528f11dacb58239 |
| SHA256 | c839969c798115737c6c5d8c7cabb5bb63cf77db1026234bc789df9748e97fc3 |
| SHA512 | 4fc48ff39dfce2fbfd737679b11d50155cde97a6cad6660813c2c4eaf2b1a41f8d6ac53eae860e09419a939f764f5a405a4e19f7e252d2cf25e4146106d5a95d |
C:\ProgramData\mozglue.dll
| MD5 | c8fd9be83bc728cc04beffafc2907fe9 |
| SHA1 | 95ab9f701e0024cedfbd312bcfe4e726744c4f2e |
| SHA256 | ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a |
| SHA512 | fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040 |
C:\ProgramData\nss3.dll
| MD5 | 1cc453cdf74f31e4d913ff9c10acdde2 |
| SHA1 | 6e85eae544d6e965f15fa5c39700fa7202f3aafe |
| SHA256 | ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5 |
| SHA512 | dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 6f7a9bacda672d997bb90b0b0d1fe28e |
| SHA1 | 058b46ff163095a28c68ea40a45198c1b784f93b |
| SHA256 | 1df78c7060c526047bff6bc716c77cdf9297cdfb675a0021af66558ff04af70b |
| SHA512 | 04dde702f2a6b7f1315010e025a696b57a7a8ee0f6d7323747f5e05be72c95c813869de724d5c083e09fe9b8066abe4c25bdbabab61e25961f08012c78dc7fb5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | d72ad005995b89de1004e6ac3f54032e |
| SHA1 | bfa5e9db26e8b0ff346b7b1f057e8f831450faba |
| SHA256 | 2ffca2e97e42df2db4a8def9281d985626a2465409f64bf7fb6141a4ed3c1d4e |
| SHA512 | 55bdb38940252826de844aab8b6950495d5031f2eae236d47e6be52f3fafd14ff394aca2d371b3eb3184024a8b24be03743f092a4555c2747e8cd3715f768ce0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\datareporting\glean\pending_pings\701a1ff7-3029-4c4b-a904-7eae80bf120e
| MD5 | 6ff58b3e2288872221806943d0ba1852 |
| SHA1 | 6dffe8e8303ac67ffdeb381528bc70ad7c2d60c4 |
| SHA256 | e11f86f32657469ff88b7c530b7c4eb8ca31318bad3d02f45b9f736c0966ff37 |
| SHA512 | af56446326db68e41b12f777cfbbf548de5dafe26cad439ae42ce8a091d68238465dd94166fb943e69cf96e456fd8236daa45ab1cfdabaeb0e58147a389e50a0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | f1c0fd8833cc20cee426b1d28a616f10 |
| SHA1 | 652fc08fe21e77e2009f8ce77543e570fb94ef2d |
| SHA256 | 1f4b54e0725b7f456c6e2a2deea3f338003ebec4870b28cdb14449b52e3906dc |
| SHA512 | 38f5eeb25bd0f64db12dbd9bcce093ec4abf3da2b6581e4c52e77f9d0c0e9f5e216f4da3929985538c65968765a78359d0bb0ea158eb1374b4bf44ea5c637f07 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\datareporting\glean\pending_pings\0fae6dbb-7807-49e9-8863-3848837c054b
| MD5 | e2016aac27db8be30a8c23edb79ad8ec |
| SHA1 | 151691815284bab94dad716b3a95af8ba0c8b71e |
| SHA256 | b53707af0d0684fc445fd52d6d549d77ec4b5a29d5256c13834486698e1dd67b |
| SHA512 | 4dc317c5350932d3436a274829fd2743ad608739e86f0fbb1de4e8324edfff03a96e1ad54f4ca44e4f5d30dfeb028b3874630e3c1bb79655820e81ee8d4a3b63 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\datareporting\glean\pending_pings\1ab0720d-6191-4f7c-bd43-0e7caf11057d
| MD5 | b6dd121776f767a4bb3157655a34a29d |
| SHA1 | 77e68461d2d7e9751a94ead6a314c723e734faef |
| SHA256 | ce9c2fb209c30ad6c11e09251350820f6ca8ba9c5106612c460c064564415365 |
| SHA512 | fe0fba68a16da96da5cb6aab95e2b4b9ce49afc73263890517d7473302bede106c5a5485c11189d760a202d20549394f0ecd756c4b03fad63a6db2d3bfab3c6b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\prefs.js
| MD5 | a5459a470a499dd64c1e1617d855e979 |
| SHA1 | 5126bdc366422781d8dd3c76fa16f822fd6b7a6d |
| SHA256 | 6788675a0f8c4045f27e77f6ecc8bcf2114e4bdecc4836fd0a79bb4880090c19 |
| SHA512 | 3f818571b453d813327a15824620a52860cde04845be25acd9213e1fe42fc76e636457435d859cfcbafcff4a45011ab8d37978bb6f5ab0dedd7f153328e97c70 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\prefs-1.js
| MD5 | 0947b6d278601340384cf16577568c3f |
| SHA1 | d9b3ed0da3f13c33c50c418eba603a0c1ba8d2d7 |
| SHA256 | 3e9ec7916eac3de49936f7118c32cc2a0dbbbf2dc30795eb48e042e9374c9bfd |
| SHA512 | f0d61bcc65eab0a0ae57b541803cd344bd57814e76bac42f571574d7b958740d24009e8f87dca7e3d48f27a3b5bf86b93b7a5a02e6e3087312190c9893419c65 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 2e6a9b580ec0e401c233c589e9d90e40 |
| SHA1 | 1b1a0b1628d84badcf85de529d94350a28e5c133 |
| SHA256 | 47410c20392435c50fee1461c268a35c4398c874ff18570464a3688dd4608365 |
| SHA512 | 7a0d29faeec9a73486972c126203299d56c134067df18b088db453655fe68f496d7165481b2e0beef945e7980be51fc0366026c372c0c6a2848a8f074496eacf |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 09372174e83dbbf696ee732fd2e875bb |
| SHA1 | ba360186ba650a769f9303f48b7200fb5eaccee1 |
| SHA256 | c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f |
| SHA512 | b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
| MD5 | 2a461e9eb87fd1955cea740a3444ee7a |
| SHA1 | b10755914c713f5a4677494dbe8a686ed458c3c5 |
| SHA256 | 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc |
| SHA512 | 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
| MD5 | 842039753bf41fa5e11b3a1383061a87 |
| SHA1 | 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153 |
| SHA256 | d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c |
| SHA512 | d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 3698a1a4f032acfcd5eb5f142fe81b7c |
| SHA1 | 7294e9e31d0d19efb770534512cd9ecaafbbe1c4 |
| SHA256 | 73915df8c09560cda11e131741e24ccc6e7978a3547c3483f6c565e8d50a5b6d |
| SHA512 | 21a0e201ab651068b2dd8e2f1f0ce2ce80985e35ddb9d7743028fb4beec895f78ae4aa9b518740112c151e3b0e8958f919aedd3233eb2e8a2f678baaa85b5e98 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\AlternateServices.bin
| MD5 | 88aea84cf47507a5671102b7deff91e0 |
| SHA1 | 63b2f498de141158c8ddef5e735e1888cc3af495 |
| SHA256 | 07ab8508de3bd96725ee0f35f9966f90e68e6c3a9c26de6f6465d7f87ebd3dff |
| SHA512 | ff8efed4effc9a185e93c228badf8edaa609f6199bb460c6fab729a46be5c465bd892282e7c5494ed7f355cf317de99a833b7dd96cafddb4351e332e8870e067 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\prefs-1.js
| MD5 | b32fcb0254c1fcda59d07aeedf144be8 |
| SHA1 | 85a1b87e0738f2d72bb1d7306a2758b3db45bd54 |
| SHA256 | b1a1a6d0bd549875d502966e44f39e5d93dd69772e7876f70f962226797981a9 |
| SHA512 | 8fb23e85841c746437a3c3a9b73cc8e43fbb298f692ec7e6f524b92c7b13c6373b7e4520357728329e489640858aa622b86bd285a0a5608d8b608b597fd42398 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | 0a8747a2ac9ac08ae9508f36c6d75692 |
| SHA1 | b287a96fd6cc12433adb42193dfe06111c38eaf0 |
| SHA256 | 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03 |
| SHA512 | 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
| MD5 | bf957ad58b55f64219ab3f793e374316 |
| SHA1 | a11adc9d7f2c28e04d9b35e23b7616d0527118a1 |
| SHA256 | bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda |
| SHA512 | 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
| MD5 | daf7ef3acccab478aaa7d6dc1c60f865 |
| SHA1 | f8246162b97ce4a945feced27b6ea114366ff2ad |
| SHA256 | bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e |
| SHA512 | 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 99a43d7163c35e0a0c418de20e2f4250 |
| SHA1 | d20a3ab9eb7fbb79acbdc89232bc8f501187ba3c |
| SHA256 | c498be85b464c8c66c6d59a038c837e6107ab657280097ed59f4fca031a409bd |
| SHA512 | 99291b98f930df9189380311082779239a172855e32849fb5c4bcf5a4237e62d1d0a17040fe65759b8d38a3002a1c6c1e79b727634c9bd89d7a65c59be53b896 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 833adec8ef2267772acd92a1fb9a39d8 |
| SHA1 | e376c0e556c0edfe1ace172145261739a23d4777 |
| SHA256 | 0ea24f53299f9560feb3e478df2b2124dc90e00f62f62f27dc0533fe5846a21a |
| SHA512 | a390592dafd4d224b6174588c15576db7b00b7de6b661e786ddb352a96739a3e410b8870c3510b128f3c9179582a4c23fb888748cb9546bafb1f566df4fd6210 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | b334c5ac2c5f63f993972d0e8a8e68b4 |
| SHA1 | 4777d79b092ba3d5c7ba30d404b84c3493e7b1cd |
| SHA256 | 63c6300e547c054475153cd2657b3791e96a499602e8b01fde2e87c5fc36ee86 |
| SHA512 | c7c0dda15519eb354a54959e1a51f25d27597d0d09737564b24c15920f8ee675b0abc44c8af2264df880c33d9b0d7e5f06931bb077a412ba1f6f27ffeb3d5ae8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | f89dd2d307cb76b6ed31b875e907b534 |
| SHA1 | dd7a4080f2878f9a40a1f8f30b1c5af347a7d214 |
| SHA256 | dba8b0ae28f11e800db90a984c7f475c1edae41468906e4879961aed80277db0 |
| SHA512 | e11ed8e1e0e8f430fb90d979aca5bdf7721d815caf827abceb9ec9d762ff62aebc6a7d8f1dec9731f979082a42547b8663be9dec28ce73d40d35677103106a88 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 83d644b609427351c5f8199e457f9cb0 |
| SHA1 | 23923b95350ac4a8a7e9a6435978ce5741d2ac38 |
| SHA256 | baf57d8d7827d927c14057ed7be033c63b8f693bff010704f9f4010c924ce6b7 |
| SHA512 | 75ad63b05ee63254c2939408f6d9ffd2882424a9b354ffd8110d93b1458f4c097828d786e3e862cba356254481ee57355834aeb4931756b1a58405f7d6313505 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dom8snqr.default-release\cache2\entries\5B23235D54208C34AFF88FC6F18585FD8A8F8FAD
| MD5 | bbaf0c818d951efc0f71e4b73b9fee8f |
| SHA1 | 52d0b6c246336dac5ddf8a7919e7aa2c5e3aab6c |
| SHA256 | 8f3d66bb5eb64ac89a411eb0de46fd1782701f083e7b7a53ee6b56258cc438f6 |
| SHA512 | fee73a3f79bed4eff57fe6d54d8e2bbb24a68bb20e100153dead425c25b2f505f7c14a7188cbf1b90b6e201c72b5a16d4b03c805150d82a72591056179cb6703 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dom8snqr.default-release\cache2\entries\E997951B63F7AE96DC51949D6F6D3F51CDACA903
| MD5 | 940530036e78c40cd0ba1d1c01df711c |
| SHA1 | 08f9d85419562551eb0aff1c11f43614c6e4b333 |
| SHA256 | 529beec7cbc9772b729e203d7ff8eb22c6cee2f19b800b69b28121b9d704dc43 |
| SHA512 | 4db8e58d0a29f8a4e44a1464a1a5080f28371778019a0741494ff66ec0ccd60e2e9bc9d58c0d2f6c90daa63cafc9586f1227fdd53fe995b96b772c5a2bbba9a4 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dom8snqr.default-release\cache2\entries\597211207C4B5E63FE3C83357258CFA46CFD23CB
| MD5 | 8f984aae625386d080f4cec814bccf32 |
| SHA1 | 3edab07d40fcc955ae0dad801acb8037cc5595f4 |
| SHA256 | 61295d69a56757c4eb4502bb68891a6462041669d5e8beaafb5c359277ab6a5e |
| SHA512 | 9062ed53f9a28ca9e7571d4b466841d0aa49b2bbf5536127ce4380b67e80a77328fe6d48935c2604989b678ed9aa5eab31e5770a38cb985649c96c46f474380e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 1c0e2c249579c724f5486fb390c89600 |
| SHA1 | 26d1017a9f126141609043422e6ae4da85a5d225 |
| SHA256 | a88228aca23d2636df37a00152660d13578f5e100b819dd865a325324d1610ef |
| SHA512 | 33004d416d4ef991f63e90b99f8380b75a4156786aa701e3c1f091dfc2554892495d9427d5189057390c3d455a5753fb8041fc42cbdb5dfa7d730c34bd6ac94c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dom8snqr.default-release\cache2\entries\6B5282315238E0B488EF313215FB83A8323DAF9E
| MD5 | 4802ecc9d297f115d7628651db8f6062 |
| SHA1 | f8ebac513147932ba1d5cd307eba936d239f59d0 |
| SHA256 | f2e6700e269d88e81402976bb5cbd99977384f5a369b44e265e553ec70945219 |
| SHA512 | f1f6377b436134d8bfa2977bc25f34f5e002fdc5428abfab7bf277dcaa0dfa5ca7689f437cf258b545d680094a17fd5592f2cc709111ae296ad3c5364ad75b04 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dom8snqr.default-release\cache2\entries\0CCE6A0835CA03825D55EF0848C7D44B599D761B
| MD5 | fe032ee0009d147643d2841126305efe |
| SHA1 | 2d589205be1c762fe3cefb058e612dd39b2fb191 |
| SHA256 | 59e6f971400aa5f7e1f7d2aa24479b2402c18a8e1de5ff2532ca423a09d5766c |
| SHA512 | ff6413d807380adb68503ad48be5970bd9653b713fc76f8fbd4de8ac1f1f230d44920c1f8b93d6d4acbe12d8e75411a11b1212455f205e3c0d47f9e6ec4cce8a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dom8snqr.default-release\cache2\entries\8FEE9D0A2A8BFD43E094AE5B2240A1AAEEE11E3E
| MD5 | 06e38bf812c424d54456a0b4332fc03f |
| SHA1 | 0ef0cd4a404c82359841a0d09e51eaebc5779bdf |
| SHA256 | 4537db44840540a0b4e51b8dd779a6fa9fb8535b0369ee7fb7d32bf9433bf470 |
| SHA512 | ab31ab1e038e3ac398aeb164acc7b7084fa2ac904b3f8c3da9efb85c59b9b49d33b6cfbc487b07333c4393c6974673a5dea781c7e18c85a1fba49c5cdad20c59 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dom8snqr.default-release\jumpListCache\TMqSSn_pgMNHGaOkGFkAIp130Th0f7txDpyDkr1XYXA=.ico
| MD5 | 42ed60b3ba4df36716ca7633794b1735 |
| SHA1 | c33aa40eed3608369e964e22c935d640e38aa768 |
| SHA256 | 6574e6e55f56eca704a090bf08d0d4175a93a5353ea08f8722f7c985a39a52c8 |
| SHA512 | 4247460a97a43ce20d536fdd11d534b450b075c3c28cd69fc00c48bdf7de1507edb99bef811d4c61bed10f64e4c788ee4bdc58c7c72d3bd160b9b4bd696e3013 |
C:\Users\Admin\Downloads\install.FEJCmrPE.exe.part
| MD5 | 48dc2a3d0873f650464d5db255e2e22a |
| SHA1 | 735e56b1289d72deef3ee41207aa1cf0352aaaff |
| SHA256 | 145f9043bd087b415ca2a20484aba7f4ed3f3b5de13b1d66d2bad34b6d6a1814 |
| SHA512 | fb3ca52f4567d79368ae3061c4d4c6b62f21e51ba4451311408c33699e5d502b66ffe463ce580fcdb4d658f07105e6ad317317decdbb0d8d36f46878b254e360 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | ecece06b5b30b8312a05aab102f16cec |
| SHA1 | 537b3ac5682b62b02e6927798e1af9310b904916 |
| SHA256 | bb3dcf73dd24b3bad1924ab81be89d66f2d8d2fdb947f1d024aa8d66ece74865 |
| SHA512 | 110761eb4e2beac50671714434c7584319d76f27d97938dae464ecc0b0d59f92d464708c0a881ddb27e1fc65d07e9d30b3dda26acc0ec736e54dba23d7ed70fe |
C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe
| MD5 | de5cc8b280f3a924e2c3f269fe7618a0 |
| SHA1 | 5df9f0fb3c75ade6fd314becf9263249b1b8876e |
| SHA256 | 167398f1384b8322e60810eaa3cf147e2884580063cb12e19dab484f63a4bbd6 |
| SHA512 | 782500b6140c9f1c5d269b8a269ff5e0515f762f198a60f5b55eaf39eeeee560c3dbc4035a3c83fff0f5889dba38f7621328dd998f90e83cd8ce47cc52432b26 |
C:\Users\Admin\AppData\Local\Temp\vendor00000.xml
| MD5 | c528466ba6d4f66966aa31021aa339dc |
| SHA1 | ee953f22f33b25d80cbfe250d64fed4d2da80091 |
| SHA256 | 546e928b7127a4515b089f0b913078404b664a5df33c928a281888c25b03760f |
| SHA512 | ebd159dbc6f47b6f70e4f47d9de6bc540c86c915c44df7a4dd50c1c6a431303bb06e22382e8a76e9e2399d24263feca64305a74fa4b50314f8b429b141af601c |
C:\Windows\Installer\MSI2A91.tmp
| MD5 | 0c80a997d37d930e7317d6dac8bb7ae1 |
| SHA1 | 018f13dfa43e103801a69a20b1fab0d609ace8a5 |
| SHA256 | a5dd2f97c6787c335b7807ff9b6966877e9dd811f9e26326837a7d2bd224de86 |
| SHA512 | fe1caef6d727344c60df52380a6e4ab90ae1a8eb5f96d6054eced1b7734357ce080d944fa518cf1366e14c4c0bd9a41db679738a860800430034a75bb90e51a5 |
C:\Config.Msi\e5d2938.rbs
| MD5 | 1cf3e96f623f87d781f7f20204e52daa |
| SHA1 | b04cfcb0f715a269fe92fe77cceb104e82ee933c |
| SHA256 | 4c714aa97f175387d66532c5c1219914a48fa4c6f8815031aefb511edfee8144 |
| SHA512 | c58ed6b0752ed6839f9a1f6da7c053f73d8fda275f4c5d34d1c9f0ae3aea47fd89f81bf186d7164fa9b7ed2ad96e581b0ae0379546608cb5e4ad8865f3aac45d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a4e19la2.Admin\places.sqlite
| MD5 | 314cb7ffb31e3cc676847e03108378ba |
| SHA1 | 3667d2ade77624e79d9efa08a2f1d33104ac6343 |
| SHA256 | b6d278384a3684409a2a86f03e4f52869818ce7dd8b5779876960353f7d35dc1 |
| SHA512 | dc795fa35ea214843a781ee2b2ef551b91b6841a799bef2c6fb1907d90f6c114071a951ebb7b2b30e81d52b594d447a26ab12ddb57c331e854577d11e5febef5 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Services\www.ya.ru.ico
| MD5 | a6f6261de61d910e0b828040414cee02 |
| SHA1 | d9df5043d0405b3f5ddaacb74db36623dd3969dc |
| SHA256 | 6bb91f1d74389b18bce6e71772e4c5573648c1a4823338193f700afdf8216be5 |
| SHA512 | 20cb7b646c160c942e379c6e7a1a8981a09f520361c0205052c1d66e2fdb76333ffaaf0ca1dfc779754f0e844b9946900fbd5690d01869e1607abc1fda6dffab |
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Bookmarks
| MD5 | 3adec702d4472e3252ca8b58af62247c |
| SHA1 | 35d1d2f90b80dca80ad398f411c93fe8aef07435 |
| SHA256 | 2b167248e8136c4d45c2c46e2bff6fb5e5137dd4dfdccde998599be2df2e9335 |
| SHA512 | 7562e093d16ee6305c1bb143a3f5d60dafe8b5de74952709abc68a0c353b65416bf78b1fa1a6720331615898848c1464a7758c5dfe78f8098f77fbfa924784c0 |
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Preferences
| MD5 | 1913b097e94cdcb3a319efe121f528af |
| SHA1 | aafb8c74b2954473cf91771fae7310c10452f038 |
| SHA256 | e2bbfa2daf128258a890994b9eb1d8b6387b4ef762aa6c2a3a79930061b8185e |
| SHA512 | 4d3e34445f429f6eea37dc65b31738df7ebe5f1c1d7cec11fbf719b7204d79353ad2bb1323900bf9e998ccfdfd0a2244fa7245d56e3ade62a681ed5212e431e2 |
C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.lnk
| MD5 | ff9fefd12b1d3d2feec1383976ef9b22 |
| SHA1 | 3934dd82222140f72c5059b9e850cd588c84e11a |
| SHA256 | 7b45cd04f78f96362f7a891d22726672b65e9e4ee7a180c9f79e18ae3c95e5d7 |
| SHA512 | 0431822f5e05ead68b495b7a1f0c4dda87e917635c098e387255aa014d22d26677b63ae0515912e14ccc90f53f88114c10ad0dac5bbab5a59270c5454c11ab07 |
C:\Users\Admin\AppData\Local\Temp\{CBF06B05-DD72-46CC-9104-4A1B5F08068F}.exe
| MD5 | 6e358158ab5be3e47deff097020a2a42 |
| SHA1 | 32cf029a0e15ddb01b0513fda4158addecadf9c9 |
| SHA256 | 8b979e74878e9f8c8b4cbb6bdbd0faf8321718a2ed32040daf28ac2bed365f7a |
| SHA512 | bc5abed9bf03274d9dad6c242cc9870bb5fdccc61f205ba18ee2d5c82f36c1ce7632aa2a94723bc65fc057ff383fcf01312f3d50bf7198c622b5e4aba9f7eebe |
C:\Users\Admin\AppData\Local\Temp\lite_installer.log
| MD5 | 59be5dc21e7da99dd0baee3e04eeb96f |
| SHA1 | 17d111924ff7a3472cec5b44b4e4a40984aaab40 |
| SHA256 | dc63adf9c94fc4d54b0026eadc0106101966705c6b2f6234efee90aa2c83783e |
| SHA512 | 8b229b85a17cecd60976d4bfd1660d0bb385a56e75045681150504b933f86eab6410f4e34cc659cad0b1cd4e596d474e9a38833b8b793aaca390e19e85a7077a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 47b7f8a004efb871b88968bb81a38e32 |
| SHA1 | d0450ab4f1893fa295de573f3166abd96e12bed6 |
| SHA256 | d6ff8d1bc9000ceec98255287bc6be9a0d4d1ddf8032b25289895029c4bcfb46 |
| SHA512 | 499531a43bf2822361adcc0d084f26d2d955c295bde129b91c555d979fb1d61016dd6ac419fe0891ae30a7f91d46dc424952d41b7b18cf881c24921c46b26159 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 142a13fbb3a410760c7b4f3aa8403e7e |
| SHA1 | 3c3d23017f743d39f6840a4ebbcf068bbd156a2e |
| SHA256 | cbe1e9bcba2961dbddc98a5e7b591cdd78afc52557da3f49e7ab0806d3fc194a |
| SHA512 | bddbebbaaa714eb42fd5d2ffa00b8fb7eccfacf552f57242e973e14869caea381be017acac65893a2adb9518d4dac2cb44b22186677ba54857c8dec47bcc09e5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e855627573223727867c54f107611165 |
| SHA1 | 7f97844f9d7c2bc8f5dfbeede80866c689678c87 |
| SHA256 | 1951b2bd84f12d83f3d20bed8a6047f45aa142740c0a31bcd7f0876e906fc31b |
| SHA512 | 7c5d9e65e6a30d90a961c009d35d79bf269c53640c9495348c70e1e8971519c7ddfa351e7f5ed7631d8ca633ffccc378cf9183e49f29ab097b6f5855367243d5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | e188f8e91c18e655057850c95f68d6cc |
| SHA1 | 12194620f3983b0dd9da0fbdd240171ed25d936b |
| SHA256 | 67cc3143e6ea8f63676018c64b9e5ce4df42775d23bd049866c962e908c661e8 |
| SHA512 | 241830ee39a0907f95420f053b008ee0e53110da910b9637dec08372b3dda5bd4a7d9be8eb6ed2ae7b2b9c61fbf9a63c70d75a67f2e8d2b0b563e232eca19a4a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\datareporting\glean\pending_pings\031116e0-475c-4e38-bf52-260b5ccf1359
| MD5 | ee043fa5e24882ad784837c1091a4fed |
| SHA1 | 74aab9d473fe51ac4d531fdb9c5f57aa800bcbf6 |
| SHA256 | 13fdacb39fed6a1df27e1a99b8e846868e98e08d58a57b9caf2da9ff46fd6784 |
| SHA512 | 09258c31fa1ad678c8bf2bfa211d4e2ddd2753aa8b92bed4787673059dc6bc9c196a4c10fc7f8cf2c329dffa60ac41ec31065bc7639d70e9294881c7d2ce3f39 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\datareporting\glean\pending_pings\419a4f93-7bfc-4fcb-8639-ac1757096d59
| MD5 | b9e9e0bc1a6021e379696d8878c1c192 |
| SHA1 | 7a2cc3ce2e5947df23d36a72b1047fe01a5df0bb |
| SHA256 | fb909312ad15462f68dead8bcad1969a00137613660a08c4b2f054d95e612107 |
| SHA512 | c4c5df5d008f91f3b7c8220f81cf866390a538fa989e3753ac36138a46436b5ed9f9fb3c9ce08bdb7436b133b00468732eb49753815b3daa0a618a2be621f765 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bb19899cdc9a566e711a960f5d09c3b4 |
| SHA1 | 5fc8c808b07add70a9c1c0454de91e5ecc76fe3c |
| SHA256 | deaa1c92d3d1921d3163cbc703ad5f74fb19e9bd09c3eb98ddf76d5cc81e9b93 |
| SHA512 | b809a11cc3d93f1352f01b00f975d0f0592fc6ee9b3e9a6885ee4e73cedb5faf961270ba344ea171bca411bd05faa4d1d2e2f73aa1bf67d2d9ce5aa7a59f3451 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 16bcb974ee6a24b7ade3b22ad161d49d |
| SHA1 | bd26b8eb4a5d42e52735ebef45755646c2703cfe |
| SHA256 | 3d95e399bd96372bd39aa8666999d7c060f0ff3318503f15b000fcc48d7f1b2f |
| SHA512 | f9e8cf42a8d81b683fa7438d26628eb866c49f28922bac51f5036561612458ec3a7fd07407b01a61bdeca8471b94243fc520f5f3fed30aa064b2e72d9dd1f77a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 6abde22daf6ebb675be0c05f954f045d |
| SHA1 | 5f47af0e8c4e53eb8600394f481af9b180604caa |
| SHA256 | 54ebb47cf326bc124f138df76b8ea71773f26b4c686f7cfec37f9a4480613044 |
| SHA512 | 202460f27b249a65f5665c7471707963d749991093ed4882370686208418fe80ce4a769a37874330816bc974c2818391f4824870ef5bfcb290c16e1e774b45b3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 802a58d252a27437c780c1d3b05e45cd |
| SHA1 | 78fc66307b054e5d9d70cdcddf3ac70f63d4f6c7 |
| SHA256 | e9338da4d799c06518f88744fa29cf1c5fa0b4818dde7ff6a391e88a3eddb66a |
| SHA512 | a365d8ded3ad24b12419297a2b7057d7ee338d29e48b70e0dc3015dba9d8fad44f18c76fa43cf5f3be7bf2c86f23d4c57b6944024bdf25689d5a82d4b6252158 |
C:\Users\Admin\AppData\Local\Temp\master_preferences
| MD5 | b18d1001e98ec00bfb8c802ce0fefe2a |
| SHA1 | a8fed86e4df6d790486a0db05d6b4e133d04ef8c |
| SHA256 | d6e1c2dcbb7d16bdd7e5082283603608159cf56800409e593d297ab47240dfe1 |
| SHA512 | d07955cf8f84c3330d7990f7f553b0ac120a9bbbe02a918f5777a8667afe3f579aa10c743ec7d66d4b82e4f73df77abfd9305219e07d4ec9d432ff68519e61ca |
C:\Users\Admin\AppData\Local\Temp\{5B964E0E-B9A3-4276-9ED9-4D5A5720747A}\YandexSearch.msi
| MD5 | db69b41b1827ccc598a416e0d32e4a39 |
| SHA1 | acc35592e318c32d0f4ac768f32f1f8243ba230c |
| SHA256 | b5a4c7a05785ac51553953bf951c284ff03a9ac7d1cba15fa391d0b6c7aed5cc |
| SHA512 | d40479e0dd384a99fefbc8a43381dde21b2633320393566ecdb2895fa88008794b996d7fac3ddae102c6dd516cdb3c14e3e52ff7371472cc0894c444a4b4d867 |
C:\Windows\Installer\MSIB45B.tmp
| MD5 | e6fd0e66cf3bfd3cc04a05647c3c7c54 |
| SHA1 | 6a1b7f1a45fb578de6492af7e2fede15c866739f |
| SHA256 | 669cc0aae068ced3154acaecb0c692c4c5e61bc2ca95b40395a3399e75fcb9b2 |
| SHA512 | fc8613f31acaf6155852d3ad6130fc3b76674b463dcdcfcd08a3b367dfd9e5b991e3f0a26994bcaf42f9e863a46a81e2520e77b1d99f703bcb08800bdca4efcb |
C:\Users\Admin\AppData\Local\Temp\23bec59a-beea-439c-a03e-c1e7bafb2041\ya_favicon.ico
| MD5 | ea6ee9ae02402932201de0f23615e815 |
| SHA1 | 17629127d63b37da0a2a2b2b196110d85372707d |
| SHA256 | f7383af8817bac1d59207a2080afc6b0dcb61a091cb1190d25fe18363838f8fb |
| SHA512 | 918fe91a99e0e99e9cc6d17fdd5c2c9b3cb03ae8037681c1875faafc73c05d74fb29b612ea5de867ba96c158dc35fb28cf3f39487bf56f8bf4c6f3e6aaa2cf8f |
C:\Config.Msi\e5d293c.rbs
| MD5 | 8bb22eb181ab198dd276eb7a3b6e7db4 |
| SHA1 | 5e2381c19625058b356fad8a8a5f02e90c19bc3e |
| SHA256 | 84095a06c80328fc414c16afb5bbc85b5067df134da83db61910107c7eb1a1fb |
| SHA512 | ea95ce93ec35d3b6071cc02cffd0685de9138f91dd7afbafcdd586abdbc2d3dab7af2ca10847c7613e8d19fed7909a2a98a46ed1fa07c974e2c9d21f67ed3d9c |
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\BookmarksExtras
| MD5 | 08a0d4017aa42e638ae64c7b3d0cc598 |
| SHA1 | 252704ef75977b76750af7fc257a210ea96e1b27 |
| SHA256 | c653a51f36d7fcebc1e92d0277aa0499bce73ae3beb2eaf133608bb3859dc3cd |
| SHA512 | 73be60cdf58973dc7efe3fccacf49b053de458e96c9838c70428506df5071567a952bd5069bea62030e32d4ceef5d0aa14d6a11ab7fc00d0737aab7382fc4194 |
C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.lnk
| MD5 | 7d508c616b395aa13693408a39986973 |
| SHA1 | cbcce6b22f645f66c8dd89e45fd0b20bbdb611d6 |
| SHA256 | 28ad270936856cdaa89e787883bab7b70e81b158b7c80f7d4ed61c53c5d9ac43 |
| SHA512 | 9d81371c34398c90f24f44da7dc5639a0da84d00ca197d86820eb827cd91acb335ddc4e0b3d2a407c0dd4b8006af130ee4f7cdc74a03a27251ce93e19cb29321 |
C:\Users\Admin\AppData\Local\Yandex\BrowserManager\data\SeederTasks\thumbsv1.json.tmp
| MD5 | cde5bfdbb562b2efd2717dfb9d975541 |
| SHA1 | 2e48892c61d699449a8215c2dacb823c5234b484 |
| SHA256 | ece8119c2023caf8504fb53d3bb70aff0ecef27ebad1bf61bb100c9b95cda085 |
| SHA512 | 6e2aa6f73e5ab02fe51491d663eb34289c8a3540da7ddef3f1a0101975519b71a47d7d6a5eadb0d2f8adf98db84b16d1bfd9aef53d43cf41593a25a0b829f67b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 62ea81e8be0c2736b10ac542735518c7 |
| SHA1 | 7d857b5c893b040f123fcde126de8032e98e91a1 |
| SHA256 | 9bfb1aff9f32a49e0c2c1f2d08e0284fbd2c5d7db53fdbe3034a97ce2efb28ce |
| SHA512 | 2ddf46c8d29e0249eb163cc34090c1236ab9048d7bc33c1c6d296be66566c06d10fe644e9fec899d69927237984c7c32d0c8e5bf8de30e27b0092193b52a6955 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.2.705\resources\configs\all_zip
| MD5 | 2c08a29b24104d4ae2976257924aa458 |
| SHA1 | b318b5591c3c9e114991ff4a138a352fb06c8b54 |
| SHA256 | b56d63a9d59d31d045d8b8bd9368a86080e0d2c0ef1dd92b6318682dc3766a85 |
| SHA512 | 11f71cadb24234f5e280c4c7d4a7bd53f655c4c7aa8c10118dbc665b8a34e2ec6530f22a86d976c7232f27e16976b53b06224e6b307a95b5b7ceaa0acc8e21c7 |
C:\ProgramData\Yandex\YandexBrowser\service_update.log
| MD5 | b36666c1e6ed68ffa3619cbd91ca11c4 |
| SHA1 | 0f223dcb87a92f3c7625b5110be058d841536e0d |
| SHA256 | 4f03e6e3c2d130ea50873c7e13e0745eb6bf032d1639ddd63428f3f706631625 |
| SHA512 | 20a259d605cd566b93253fc6317ff83fb4779717f52ea82c7b6496dde8063bd43a583f0e11dd383c5539393747a3755afffbdc15bd100f46f307850a169739f6 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.2.705\partner_config
| MD5 | 977bc7b2384ef1b3e78df8fbc3eeb16b |
| SHA1 | 7ee6110ca253005d738929b7ba0cc54ed2ed0a2e |
| SHA256 | 82e288090168abe15419015317fd38f56c1136e7481f66656d84e0a2d861d4d6 |
| SHA512 | 4d154832ef3ac05abb1499a5bc8235d72f64cdaa3e6870206a6363c1d85d821604ae8a96850c2c8bd540d479b8dd5f3ce032472ed96bbf7eddb168ea3d2d1cf6 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.2.705\brand_config
| MD5 | 42a97368c30c3f21a3904a70b5ace40e |
| SHA1 | 387abb2af67672b93ff9a5725a091e0856036c8a |
| SHA256 | 8fbb24d7ef68e7ac56afe35feb24e37614f10d343a3a1b906e14d3e89c3e2e57 |
| SHA512 | ff56ae8b1a7f137d183fdf5ac4c03836b5ada7cf91dc59ababaef211d02c4a390b39a216e8571187cb713331771e5f3ccaaf8f06436bef461a7e89467f73d8d5 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.2.705\resources\wallpapers\sea_preview.jpg
| MD5 | 53ba159f3391558f90f88816c34eacc3 |
| SHA1 | 0669f66168a43f35c2c6a686ce1415508318574d |
| SHA256 | f60c331f1336b891a44aeff7cc3429c5c6014007028ad81cca53441c5c6b293e |
| SHA512 | 94c82f78df95061bcfa5a3c7b6b7bf0b9fb90e33ea3e034f4620836309fb915186da929b0c38aa3d835e60ea632fafd683623f44c41e72a879baf19de9561179 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.2.705\resources\wallpapers\sea_static.jpg
| MD5 | 5e1d673daa7286af82eb4946047fe465 |
| SHA1 | 02370e69f2a43562f367aa543e23c2750df3f001 |
| SHA256 | 1605169330d8052d726500a2605da63b30613ac743a7fbfb04e503a4056c4e8a |
| SHA512 | 03f4abc1eb45a66ff3dcbb5618307867a85f7c5d941444c2c1e83163752d4863c5fc06a92831b88c66435e689cdfccdc226472be3fdef6d9cb921871156a0828 |
C:\Users\Admin\Downloads\StartAllBack-RSLOAD.qrLqAb7i.NET-.rar.part
| MD5 | 9793b8ccdb61c4e5efafe668d236ffbd |
| SHA1 | 0eed21f0e11edaee8a7283a8ac430fbe1be5ebc0 |
| SHA256 | 5fc68332232e888c7ac96f5be19f27760e480faf249c338710c61599b53651cb |
| SHA512 | d7dc87ed8bbb64323a9a6b4051bb433a49d81b6bc440b2633cfaa7feafa5d3f7760d4684aa6a84dbee17d5c2e2b05fdadee179c2378d92884f4dd833b111ccbc |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\install_state.json
| MD5 | f54ac4446f3f2b6109e2e806d0354736 |
| SHA1 | 98ca14be96c6b34a62f83ea0a81047497bb2f21c |
| SHA256 | 8806ab8219b6330cf29c89f12e23c7eaf8bce8039fdd5f96665b972338fc763b |
| SHA512 | 0d265c2e255aa9cafb14c826873bb70f42e0a641dcc4ede8db4168ca15bf4f43719f3b438fad43c93f8fbb839c240990a3939f9c66a65c592b5073e23ae096ce |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\e5ccb50e-984d-4b9c-a75b-82bbc7bf4bc6.tmp
| MD5 | e94d1e564b660876eec7ce2111efd62e |
| SHA1 | d18aac6358f3d0da407b5d4df8d94b1c0c47f150 |
| SHA256 | 7f071c5b8360afce815dbf8357e834045b23d22a2e75359805d481a165d32f9d |
| SHA512 | c191c3749a703854416e070c3cd9956d4aa461247cfabdba30ef08086c72beaf1653972d9d5ea10528e397aa4ead24162e482f92c08cab22744675615d9d990c |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences~RFe5de91a.TMP
| MD5 | 5e8527d6c5a15d27939dbc294c83814d |
| SHA1 | 7fd298040036b9ea0b1b8ebe87173c0bb9377927 |
| SHA256 | 537034dad2c71c2ab944f31b9a09f6e9fc243ec6965ac56eba9b3b4c4753fbac |
| SHA512 | 9614dd80474a3f87fb57f9242047091f75e73423b3d0ab7da486e3c24601115d18c4418cce9807da8bf650323af801bc6066eca678536915e6b7fdf2f106aa8d |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences
| MD5 | 8feaae05dbd3dc294e6cbb956ddab7c2 |
| SHA1 | 826954a2ccd225b27e7a09b0494b8cea55ef3dfa |
| SHA256 | 12ca3ca889da82e0e65eaafdbf7eb5fa1cc5f58c638ec8fa927bec3e265662e7 |
| SHA512 | e087c9e706ace42c621f8b66cab6067470757931d9d58af5a5516f4da5c391d0f207bdc737b7c8035af9065263adafb9f5df098a9f8bb09daf5a2596eed34e4d |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Secure Preferences~RFe5deab1.TMP
| MD5 | 858049cd735e63a58bbb0799c6b42aed |
| SHA1 | 85aba03e68ec6f48dc579b05f76f22a7f41170c7 |
| SHA256 | cb77ed79aed97b76be17e1b721e639bcaa3033dfa94c3084df43dcc489042332 |
| SHA512 | 855c04cab3fe7dac9a6bf7f61e2645a20f31fa733a6d536b9902e87bf29da7bd0bb776601dacd74542911cf0298ee52e6101416b95cfd4b621d4cd12573e6dbf |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Secure Preferences
| MD5 | e0d605388f194c1877f521200e2a04ca |
| SHA1 | acb0ee78b08a43db4b499bd07e331be97d9e48bd |
| SHA256 | 141dfd61447c69c1b7dff594f848edd61e0c61673bbf1175bacac3e67ff7c28d |
| SHA512 | f52b00930d492fce37619abea7d94c9e13dfa89b456eed0403456f40fae335b4177ef413bc949218ee88225bd7d64210f6c3b59495a9d2169a707d6a4622a985 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\15fa3eb0-61f2-4f06-80ae-2e99eff648a1.tmp
| MD5 | 54497ce2271deb0e673ec048b44da343 |
| SHA1 | 5f886314234b7aa6a4da5efc937a9d63ed007727 |
| SHA256 | 3dcf052bb8050fa32f28873bb665f63f457799cb9a92549fb2dbea94014f929b |
| SHA512 | d0d77d763b1b12c1b9d7a9a3f2aee4640ed5fb10d828b7c3c2cb051504c2b7b6438309124b934b346a4152c0aca009883d6bda42dc997188b8ca2736ac3419c9 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences
| MD5 | 40abc67573b1310cca9e9be3bb31a962 |
| SHA1 | 571d62f238a0280d5098edd8e326123238224b39 |
| SHA256 | 308417cb2601688a01d217706c781bc2bab6bec5da74ea80a7025d8543f38d11 |
| SHA512 | 6115fba59d6f56da7935446d10a4495e5649e1bd568abf9f4ac525c1fb29e8a47177d05e5c989f07d5522b05e1b4791de296e3849deab11df6f474904f6840da |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\turboapp_db.json
| MD5 | 118e0c995a1b3e374e6ed167da15f378 |
| SHA1 | 5f1a6fec681ed47d645202e48322202fd1614fed |
| SHA256 | ee1f85b9b10192ebb52eb89cf4571dddcd04edd05619081a6a0eacc9dfdec3b2 |
| SHA512 | af7c3613f8e3f3bb9d8677b0e2d45a68068446cc405a33b3264ac452ea848b329251356623a9b0075cd461d7a3c8b5e4e29363e6820ed117dddcaade880c20ec |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\turboapp_db.json
| MD5 | 38256319f102e353918c05fb47db5017 |
| SHA1 | e780e51fa89b26738f33244544e6b170767b7ce0 |
| SHA256 | 6caed8c44c0f661ed46aebb3aafcdbd69cb6249469bc9f793e5db57959259857 |
| SHA512 | b84e1a0381bbcbc1ae65fdd46e23d3d41986ab3a3547e092edb1aa5938d62c10707e56d23555116950dbe0579ebd1af1f2e61f5e318af5c0d23753a698bfa546 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Service Worker\CacheStorage\a401a5c3e5a6e316d830c597aeb6f7a2ff00e988\28858df5-ccd1-4867-b26e-e945f99a0258\index
| MD5 | 54cb446f628b2ea4a5bce5769910512e |
| SHA1 | c27ca848427fe87f5cf4d0e0e3cd57151b0d820d |
| SHA256 | fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d |
| SHA512 | 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Service Worker\CacheStorage\a401a5c3e5a6e316d830c597aeb6f7a2ff00e988\index.txt
| MD5 | cd9f0c75dae6c6afcaedf5aef7a05c17 |
| SHA1 | 2d139a1d45e1aa30ae6f12ef0997cca7896a6a1e |
| SHA256 | aaeb9f826e0594918c7e911da07df9a4f90aea383df734983c0730d9fb1ff3cf |
| SHA512 | 0817c4627fb59eb85d3c74fad57d0a1defab617a428a9ec0ac71bffa9f69c707aebf88dab3a3e5e541fe59cc88b818f6f0fa635e953055c02b17ea4d51a3dec8 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Service Worker\CacheStorage\a401a5c3e5a6e316d830c597aeb6f7a2ff00e988\index.txt~RFe5df0db.TMP
| MD5 | 4579bf862833e5b8a5a7e135af8339d1 |
| SHA1 | cb7f760aae191b8e83da9903f1cb1a3a14d0e2d6 |
| SHA256 | e4ab30a2374e1f00bac1940081cd7f244450ea8d5d4bbf6de3030de1c23e2e8b |
| SHA512 | 42d635a2552583348eeab7ec37c25f623938cc28c75662f54ae3a31d04c82aff2ccf3cfc3b983bfce0d2de4e4b737187fbec02e6edfbf1d827d6dc7fbc9bde6b |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Service Worker\CacheStorage\a401a5c3e5a6e316d830c597aeb6f7a2ff00e988\index.txt
| MD5 | 02c2e6ed88816df1fab59068f14a998f |
| SHA1 | 89bd6fbe700e06e9a68d3c97c1ed7f9137ba0581 |
| SHA256 | 0e2501568620f43ace53f6c22f95404fdf4f9f5c7166e3c310f5905ba4e9f6a3 |
| SHA512 | cb42d819d49082221cda269f57fc9fe04b03018406b869eba46551c77a4d076c79540f9490bcf161c70dfc48e1e4f77a71735fd3c58234a42b1d0efadb40b9d0 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\turboapp_db.json
| MD5 | 01799e69132b8f6c9c5dc28ae858ae32 |
| SHA1 | 1fc299ae9d031ad272cccaa01b5a0ebf747cfdcd |
| SHA256 | bb3120e31d3af92d2de2d7a5241fdfac394dcd40272eaa5e4a2ec2026e8ae888 |
| SHA512 | 27ac20399706ac7463e7070691d05bc055fd39dfb6101fe250d14f23e744ddd5acaabcdcb2427c96a1aeccda6631a664fc7bfbc345a1c2f68d4db39642088400 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences
| MD5 | 171bf608a591697b7afc494b6c540937 |
| SHA1 | 82bfa6a2425be816af60cf3231f1b0962fc70f6a |
| SHA256 | 07951fb595b6df3f2d638d1a2c5a16823344a5032110f981c6b8730dd2e7e801 |
| SHA512 | d2970fee7c5aca5fe78a159b934857d54c2324c98ca2bc645459eab420d5d31ce3245e3450d25532f93861654ed1f174010402f4375a496d41ff86e30fe4c678 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 79bb8cc138dc58d40734e3597ba79c3c |
| SHA1 | 1701ea38d7c4436528b60d87c42336249bc4df01 |
| SHA256 | d99e444b03bca89ec0ab8374f9115d23fcb2bdfbb441c5a4eb326da7fc84d75f |
| SHA512 | 0be42d15a7e525a5978dcf047c300909b92ab58e754448fcc47e1b48727f90035436a3f6627423ba38aee1c43be2b97c81d14ff3d4395e94d699c44e59fbe50e |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Local State
| MD5 | 60f2a34561f9a503ba10fee4e6978ad7 |
| SHA1 | dd90bcb2def7fa9ccb1c68ba406ddf34a01d8115 |
| SHA256 | d663cb4b9c9318e178700f7f0410eed0e2b61826e7fbcbe48d0ff79ed4752f59 |
| SHA512 | d79a00cdd9ee7e2390312868a4361c0d8691b790313b1707184be265ce562319a6c548b7878d49f46853f8daffcf8ea06b60ee60a69cf4362188757a1d45d467 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\YandexDictionaries\ru.bdic
| MD5 | ac3768f0462853d08df284e67c7c4ebd |
| SHA1 | 732581ac6f2e02246696817adc53d2e2e5d0dcb5 |
| SHA256 | af2bcc135f974aad505a8f55296117dbf4cbc095931e22f424698b181d273656 |
| SHA512 | 27d558deffeeefe1198aebdf65a3fef0b0f3d6b6c4177d03ff32b0363f0a2fb1b7ff6454f45dd3254427cec9174b03181c50bc51dba212e6ab0114a6e72bcf96 |
C:\Users\Admin\AppData\Local\Temp\yandex_browser_updater.log
| MD5 | 3d17eedf504630cab60a028592e95351 |
| SHA1 | ab5c7cf8c9ac3a44a3c524e7ca8317f78b2ad946 |
| SHA256 | ac7fba7a591743e06fe08cf66a34bf4eeb41bfac90c6e7813c99a6630d68e9cf |
| SHA512 | f6067a6075bc3bcde5a118959228ae351eaeae683a4a1eba6a5b62b0c7936c177238586a868f4025b7f839add1a0dda778d35234d6d0402aa3b862e842665fbf |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\component_crx_cache\oimompecagnajdejgnnjijobebaeigek_1.e048992735d748b91f29ef7ee29e7a641fcaed108ee1b8ea513d1acbc2d8507e
| MD5 | b5ad0eead457e2adef9e42b2fc6bf0ec |
| SHA1 | ae7481a92aa5addc9a277034c5de20481301cc08 |
| SHA256 | e048992735d748b91f29ef7ee29e7a641fcaed108ee1b8ea513d1acbc2d8507e |
| SHA512 | 986aa5c6e07e121176e05e1408241f8f3b7288c10ef154a270b0c327a8b0aeb867c963a5235bf80c244457a3e98833ef4a943a91e6bb9af7c52e13343738ac63 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity
| MD5 | 8b27a5f8f2edd36625c589726da42aa7 |
| SHA1 | 16100213dc342b445252800f451d8614354c3dba |
| SHA256 | 559e8e037bfe3a17fb773f8343ddcacf3b0fa6d66fec2dcf68d1d734e6d7cba8 |
| SHA512 | 5991567e2579ccae52eb816c9e773af92a778547ca93d8b0a0a61e40fed95859c7d1876e02b34d9960525c67770318cea75d04cbf8abfba581d640056b5fe75e |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity~RFe5e3ce8.TMP
| MD5 | d1548203260d54fc55aaf8daffb58392 |
| SHA1 | e4845fb54268afd20592b74c3c73a442498bc5c6 |
| SHA256 | 4ac522950ef4d9779a782bdaa571cfe64b53bd6d11f24a9aadf41dcc2092db0d |
| SHA512 | 19f355e53bc8fd5368caf80b01db29d947cef1e65013349c251f1bb47215844e34cf038d494bb1808b653a8881b8731870bac29b176468d67b5970437ea7406b |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\7cbe2b78-0225-4b8f-9feb-930ab31a1790.tmp
| MD5 | fda84c8495370eb0cc0608eebee7e421 |
| SHA1 | a6b8343d4bc158400064d8ea66abeb7b99892222 |
| SHA256 | 29018468d904b837dfad8a2baee22d0a06b729d535c1b6b552e27b9a06fe8818 |
| SHA512 | d7e6aef80e6132b637ebe49993e35ec4da2cb8fc025e075046f7db7711de16ea80ee2dc03e8517fdd315047adfad0d8a062a0914147ed831f068eb1d6764a456 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5e3eeb.TMP
| MD5 | b2e210e02cb6bbd42564c5351b92e9b7 |
| SHA1 | cc8317a3812da51169106e5d16d5c193ae108967 |
| SHA256 | de34c9511d17a88571d1c47908695f8b935697bf42bb5a5bcc7eac2440a84ed8 |
| SHA512 | e3cad0e3ed6b31c57a02867020c19595c34c0d0a05ed7a80dee846dcad95d58d62353d25a10e6bca77789f97b8b37f5c28133b6f752843fc1e263fe3f5106912 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 8957d98cc2375ea45c1ccc9a8df7e65e |
| SHA1 | 2b334943a83b6aedd1076d65f8fb11eaae326ce0 |
| SHA256 | 89d6141ea88a0d2204d4337c6f38ed23ccf1e022c61070a07570fbc5505883ae |
| SHA512 | 13bcee4ddf93c2ee409231b8237d94efcb30699d076a362a6abf07951410b7999c4a181012157502cf6b4d4d507f11af8cf7819a40271b1557536ddfe4a86678 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Service Worker\CacheStorage\a401a5c3e5a6e316d830c597aeb6f7a2ff00e988\9970d0b0-443f-4eeb-9c82-d5befac30f4e\index-dir\the-real-index
| MD5 | f13334b326f29d61d2e82b11937a9353 |
| SHA1 | b34be799cc80adacc28da3bb5395e0a03b43d4ed |
| SHA256 | 382f4d98bc70045fb7a95f0b771c8209995174e5c96b34af81c6f8f9608e031a |
| SHA512 | c5e81b91c34cd20c5ceef36aebe878c6d325e32a0fdc3c4a0650c165b95436f0110b8efca2eddf55328ae13907e8aab4d48d669400ba228beafdac81d190cefd |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Service Worker\CacheStorage\a401a5c3e5a6e316d830c597aeb6f7a2ff00e988\9970d0b0-443f-4eeb-9c82-d5befac30f4e\index-dir\the-real-index~RFe5e3fb6.TMP
| MD5 | 8d096f72fa589f9716879c61c738f0b8 |
| SHA1 | 4dd3a9a583693e781baa044087a7b4885a7d522f |
| SHA256 | f87bde005b42607b9ad1284a46fe36d6c62e65a736590ea5fc92b61ef81afb0d |
| SHA512 | 69224a093b3cefe2fa0ae8ec4d33e908ec225d823be7b5522121be525b738f6af21b46e5e7a1f2e9a8cea572c4599644e761a4b6fd68f9b00fd1b05b7b731714 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Service Worker\CacheStorage\a401a5c3e5a6e316d830c597aeb6f7a2ff00e988\c025cd5c-fb72-4ab4-aa9e-a6098c96e448\index-dir\the-real-index
| MD5 | 7f0f7622b7c0dce3718f1316f618e353 |
| SHA1 | 64e165174c52f895cb6003946220de0ef4684918 |
| SHA256 | 2835848c885f6fa746d13b2067d3518e13a2755f5bd8a848a35a36f504d7d921 |
| SHA512 | 69e837ee787c67c3ddf977e47e731f2b1cc5d9ab812061b75699b64ee1706f186debb36067e60ef4e3ba5bc7ebcf097b7ebb2306473e6bb24c76e54cd8e36839 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Service Worker\CacheStorage\a401a5c3e5a6e316d830c597aeb6f7a2ff00e988\c025cd5c-fb72-4ab4-aa9e-a6098c96e448\index-dir\the-real-index~RFe5e40d0.TMP
| MD5 | ecc719ba2b9bc8ba9b88797b5795cd9b |
| SHA1 | dbf3eb563f2697a25798ca052f3437e626d4d7d4 |
| SHA256 | c3c4854c5885216be334c91fdc2764a06564b93b1067cd87088057d587bc261c |
| SHA512 | 566ba50dab181afaf5374563abfda525419f0710bbc8c707ed73335f3c7a8c924d0881a68dd8323967d9d53e94986dd64bcdda3206d2dcf744867e34102e74ef |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Service Worker\CacheStorage\a401a5c3e5a6e316d830c597aeb6f7a2ff00e988\28858df5-ccd1-4867-b26e-e945f99a0258\index-dir\the-real-index
| MD5 | 14e31a7b711c7b8f1bc021323fcbad54 |
| SHA1 | 39abf54246e468966317c1b6b21d1186c02e2602 |
| SHA256 | 4f2c8e33f1b8ccfe0a3c26710cffa78ad56a3b5ce5aae6262029a5f7751f6c44 |
| SHA512 | 203516e97b29e72ce51996d0fe403f1a1dcc29261ddc58cd4f55271dbe61730c067407c9a1d0cc6f02c55a76dbea10b71a9fd99385cc0a05a9b868b936088260 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Service Worker\CacheStorage\a401a5c3e5a6e316d830c597aeb6f7a2ff00e988\28858df5-ccd1-4867-b26e-e945f99a0258\index-dir\the-real-index~RFe5e47d4.TMP
| MD5 | c1ebf9c0d59b08992445bccfc6598a43 |
| SHA1 | 9607e3e103f4948e2e025471fa260f95ac42f6a3 |
| SHA256 | e26dc4e12c66935bb01ee2313d4a8472fb607614c7cfa4e60c6aa6b1992e87ca |
| SHA512 | 57717d14ed8643b61f46af6b5128305e0c648f574ba11b0e210285d432122c2cf1402950070ed0b480ae8669bb172001b6db3e7c8ca9805cf856d64d024dde1a |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Service Worker\CacheStorage\a401a5c3e5a6e316d830c597aeb6f7a2ff00e988\index.txt
| MD5 | 5314d06d27bcb34098361fe3aa51ed37 |
| SHA1 | a1983696116667701b83de248e99d1f4133b2158 |
| SHA256 | f3fb65d99b339a20a9ccf11a30992f89e6d8dbdddb8e290610faeedb5e54d761 |
| SHA512 | 60d320eb9c70b3a837a3c78f3939d4180ef70ecc74034de120304c37c0c7d167d601f3f3500918467f4cd27b14f3efd2067d4f76b4d34bff54a76fb6c39833b5 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Tablo
| MD5 | a4981520dbfa418bad12d14375e4c0bb |
| SHA1 | 5231d16e75ff802755b1357679695e55eae5621f |
| SHA256 | 08610abf7352e6ab437f3acc35977a8e5b58ff691318894d5dee4350f6b06141 |
| SHA512 | 955c2c912e3f34d1e4b18aa2d2895ecaf94d3700fac905f916583129546a441b2b1f2cba6f33171f0090537ca61328b3690dac4f5ae76b4785a31d5d20920444 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Tablo~RFe5e4b20.TMP
| MD5 | 3cfc70695a8c7dc8950318761a03af88 |
| SHA1 | 978c283d4a68b3dad1266544625d05142a6bf699 |
| SHA256 | fb3dd860700cacc638d3c0db244d9f1ab68ccf9a44be58d1cdb4b1cb57b1b9ce |
| SHA512 | aa3cb312ff1754f71f06cc4a34e6d9948edb45d315280164417502df60fb3e0f87b4ba830b14ee95655faf9319e0c23f23506ed6516a4f2de57dc5908873fe7d |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\ea4676ec-bdae-47a7-b329-1cd9a5d6bc9e\index-dir\the-real-index~RFe5e64e2.TMP
| MD5 | 48329034d9e100ee9c0d584ff1e8a8a5 |
| SHA1 | f2c70d99a9a112495f8102268b54270f6064a85d |
| SHA256 | 14f510500c3f186b8bb4a99ac086f4a06164a0ee9b77bfce45729c75942e3143 |
| SHA512 | 7ef2763abe7c16692bea2b9481b47eafed8d13a7671dc00e4b4effa40c92356de884601e91b2dad352dbe006bae08b7d880755d231eb96a4f6fa8daa4733af07 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\ea4676ec-bdae-47a7-b329-1cd9a5d6bc9e\index-dir\the-real-index
| MD5 | 967eb74744c9d814639037c9a193146e |
| SHA1 | d2511d6fffab92af81cdc1636792318c795ec9d0 |
| SHA256 | b69a95f86940e80dd2dfa9207d570a40e2c1b00222f72df05090968ab40fdbd0 |
| SHA512 | 771fb0116d32b0416961b1fd41315b81f69ef39fff1b8d1794a5fe6b666545ba04dd6c7782a1a30d123c0e967637b1e085180eb68141ab054f6af418c5949111 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad\settings.dat
| MD5 | 8292601bbd083d632a826e75039c738c |
| SHA1 | ff7655d2ac8d21d4bdb92f8d0bc61720134af5b6 |
| SHA256 | b2007beb272470f64c7c44037b237ca1e3948ccca7ec039d464458c7ad935107 |
| SHA512 | b0821e0d711af6cc9c6ffcacae83f1fd4567f3dce022f539daf6545deb04f6cc80583a24465db9b4f3c3e95125dddbd65853b982280346c14b7e6e44c098f68c |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Service Worker\CacheStorage\f0a1ef1ab533153702e0a7f73b8d66e0b7e01d1d\index.txt
| MD5 | 636e5ff3dfa4c9382b1a9039366bbb25 |
| SHA1 | b4f3125291e8012e99272d769c3581c3801e2d8a |
| SHA256 | 1b90ef36d7bcf94e62d3079851620ca11311004f49665d87476853b38b07cc92 |
| SHA512 | 1d11aae3b2fc24fdf12e73167956b064d7930e6636f2b392e80d17a97992195cc6da049f5f897135531d57ea014625419fac13b2baa146035669cfcb2be28353 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Service Worker\CacheStorage\f0a1ef1ab533153702e0a7f73b8d66e0b7e01d1d\index.txt~RFe5e684d.TMP
| MD5 | e3c9ec4be86e3ff3f0e92d87522edd94 |
| SHA1 | ea8798a8b7281ba5c1fbd214619f9d94a9db46ed |
| SHA256 | 2c4d8d48b4bf918ea16782f07dd5d3989a068673b75a642f004b9151c2687bd6 |
| SHA512 | b535b2a6ea3fc1bf66aa87fe2c1c29363e9b5704b2c396a6a257369b05fdeee29802e291f04036259c084cd3ec84d6969c7c5f02f349ac5e56ebdc51a870e964 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Service Worker\CacheStorage\f0a1ef1ab533153702e0a7f73b8d66e0b7e01d1d\23a978a3-f80e-4286-9319-44941590cd23\index-dir\the-real-index
| MD5 | 055ceda591e672a0269243fffc5938b1 |
| SHA1 | 52ab667bb8ea24f80a2863703bf05ca20193b133 |
| SHA256 | de81d11535b5facc17f06ede8c5a10284ae79a7a16fa55a41640de06a4373072 |
| SHA512 | 195438c1461159d6b007de9d9eb98e40dd660f4b0ceb5c7bede3ecffa77bb7acac0f85b8e5dd1c5c98e2d47360bc86945e36331ecf0b5290b88672c163daaf59 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Service Worker\CacheStorage\f0a1ef1ab533153702e0a7f73b8d66e0b7e01d1d\23a978a3-f80e-4286-9319-44941590cd23\index-dir\the-real-index~RFe5e684d.TMP
| MD5 | 90ae5319cf6e7c21e767faac2cbe56cb |
| SHA1 | a66ff4deb00948cbd72f26334079161881a48fe6 |
| SHA256 | 176082d430f6c6699aaee3727907fc15e62da071b6c9fe111aa37ce9dd2b09ba |
| SHA512 | d780526507e46680419b6e8e9472b0ea6780dd3e20d41f06b6ea98ca900b23c7c672659b18ba2135ca76ffb5ab1ef4b809cdcb45b5cd1e1b3bbe927d6b967a10 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c54ab0bd14376a8f15521a0503f3150d |
| SHA1 | 70ab3c6f8a7254d8bc2bfe1c2c233b03b2c1738d |
| SHA256 | 952ee68a8126a23a7b59513c3554b21e90e6845a575b1afe965a7cb29973bacb |
| SHA512 | 3d57ab0e3123f047d8344df617bf6614b827f1fc5541534cb257943efcb9d334f56b36ffc1babd8f39e9a94a0c439448763bdb11535012556f07afc19ee2a936 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe5e684d.TMP
| MD5 | a4821fe1c888322d92469d1c2507b383 |
| SHA1 | 83eddfd8a085afce168fe7e8e24dd9727e329940 |
| SHA256 | a8ac28aaad9ac3457c8f9ba800966c0b07da2821afcd322b2cf0c40b7802da11 |
| SHA512 | df539a31b372ed4decb884b252ca4c2ef3910b2fa7c44738fec9ff760c38b5445facf48cddf6440b92c1d4ca214fc9f0b3d5da7e8a21384c04199566c00077bd |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity
| MD5 | 5e4aa914e159f53d7c9026ab34421d42 |
| SHA1 | e57f19935b2a8df9507a47e10aafe056ce40b14d |
| SHA256 | d628bee667aac49bfaca27d0d25ccd5d91d3983fddad439d41d950c6b78eaa9f |
| SHA512 | 952a887950435f240b9e8c8149baff11cf9d4f1f1ddc4ae7cb5992560396b6ae16efce392578ca7c300cbad4abd37760c55c934fd9189211d2ef8736a16594e3 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\Network Persistent State
| MD5 | eaa15fd806280d28aa927a3f0866955b |
| SHA1 | 65ebb233eca881ba2f5447b25efaee33e7317bce |
| SHA256 | 1288a046ea0cdf11c16c5678a87f5ef8bebdf65a8a08e48c5a83de669c652a40 |
| SHA512 | 06e8d335fbd4709d5a779906b3c63dcf32de858ded895a64aec8be2dad5d96d82bd9f1bc540feeaf5a11827334500139d2249fb8db03fd4cf7c7d78c04dabdd9 |
C:\Users\Admin\AppData\Local\Temp\SIBSFX.EF1A8F90\StartAllBackCfg.exe
| MD5 | 4cfd04ba952a5f43f581b0d9eabc6c1c |
| SHA1 | 023682f53bc311db7ae8f170111aef5d658ee3b0 |
| SHA256 | 1d3360f129ccfecacd4a125752ad5a1acd16556686f21fa11b10dbd50aebacbc |
| SHA512 | ba20857c42e10472b510b8fbbf3ae690ccf3e169a37a518d0230bd5e32a1f1580d8872d479686b9fc74c7e0d4013e82e1bc9276e317c76dade5acdd96aa3c055 |
C:\Users\Admin\AppData\Local\Temp\SIBSFX.ED308814\Ribbon\theme-light\Windows.AddRemovePrograms.svg
| MD5 | 80ea667b88a6337c38b2177f2ae84423 |
| SHA1 | 89f24a1562d96eea28d8d3ea821042f9d177641d |
| SHA256 | c118dfe2cca3abbe108b9ca2c664305f79e7b348cb142f504e826d04381bf143 |
| SHA512 | 431d2ebc64e14c291d80d4bc8faff585e4337fb4f2318d6c775b6296967679ffa054dfb7fa41f4586392e9921d64c6dd76b45d6c6dae16255a4005e091e7e3c2 |
C:\Users\Admin\AppData\Local\Temp\SIBSFX.ED308814\Styles\Windows 7.msstyles
| MD5 | 5bcd1f14702ed1c521a13cec168770c7 |
| SHA1 | 60d9b2740ae59e32cb843ae9171db90d24212884 |
| SHA256 | 5d7d0f58359bc0017da66b3b893515435add2908f3c10920e0cad2febd3e0e62 |
| SHA512 | ccd3df8072768e42c607d372c35c5e484c51a3ed24545ae29cad8aab61a1cdd2e9c8c33dfed41406566b31ed775c0ffc56859f97d8dd2859f4899af1a670b752 |
C:\Users\Admin\AppData\Local\Temp\SIBSFX.ED308814\Styles\Plain8.msstyles
| MD5 | 509fd060516d1971da8d0c2173748358 |
| SHA1 | 67ccd63914312b1f491467bec42232916df109c7 |
| SHA256 | 43c7016d950248f52f9512c9e7393c38d61a3ba2235e5fb6deed83564d8e9442 |
| SHA512 | de3d87b7e0a518ffbb10ccd400dbf5f9596177b75dd7aa4785855d36f007ef0417b88b2eb3aa6af7e52fb3670c021f714bcf87a33551ffc4536444d5204aa7e6 |
C:\Users\Admin\AppData\Local\Temp\SIBSFX.ED308814\Ribbon\theme-light\windows.troubleshoot.svg
| MD5 | 093bbd8b65d76465b2c034441f0ac188 |
| SHA1 | acd1e990254e61df8f80749575ad5586528419ff |
| SHA256 | d019f486cc06d5083dda9ac166d538357471ba4076ff0a332ad5a9c048947513 |
| SHA512 | 8029290faeac2bb3ba70c5cc6e9f5c1cbeddf623e5506b33f5d812dcac6fa994bb9d9634a0867e3a389e53fc718f995aa1c54b714536644114105ca580325c95 |
C:\Users\Admin\AppData\Local\Temp\SIBSFX.ED308814\Ribbon\theme-light\windows.SystemProperties.svg
| MD5 | 41f4d4bff29ad862ba7b8c8ba9dfa2ec |
| SHA1 | f1290462632aad2a3c32b005c8a9699e6647f778 |
| SHA256 | 1808bf21c47237f8bb8cde2d014d79281cc41ab8bbffefd929b4d64fdecc2204 |
| SHA512 | e6eca2533f02042fb294b2477c513577759bc5403b8c02a82258143e62a59e06e9dcb68cf1a67f77280abffc4ce29e4bf2e3711cb1574ed987f22b78e4adcd50 |
C:\Users\Admin\AppData\Local\Temp\SIBSFX.ED308814\StartAllBackA64.dll
| MD5 | a69178e50b005021cc9e026d4bc88b07 |
| SHA1 | 6101fb771629f88ccf46f49b964202a3c83ff8fc |
| SHA256 | 5a3b5607f2c068387716b75b9b48ad50b5703ff3812003acd9bccb90c2e667bd |
| SHA512 | 65eaa50f7652e72c59715532eec44744f118bca460a9ec92caec8ede3bb14986d0470d60362ef287c6f2cc11dae12c48b9725363507f74479f9fcba4ff3731fc |
C:\Users\Admin\AppData\Local\Temp\SIBSFX.ED308814\DarkMagicX86.dll
| MD5 | 34c6ee41e2028a35b1fdb5507b6ae972 |
| SHA1 | 7e3e1f38354453fd6523ad8b1c1e8e826d166a78 |
| SHA256 | 83793e7724f8608de8ba71d2138efcdf58ba55f3043c35a76b4552cc2864cdfb |
| SHA512 | f33d7c199807a77fa39230cea206ebc598b7a00bb1ebf34eb815ee6ec7916fdfbfef90b9d91ddaf769d63684c09c6f9586d1c77eb8013da8b2feb08f39eae189 |
C:\Users\Admin\AppData\Local\Temp\SIBSFX.ED308814\DarkMagicX64.dll
| MD5 | d21e0e04c6bed3011828ce92045e2e77 |
| SHA1 | 782d5566c3d0a3528c97844d23372728c1c6beac |
| SHA256 | d701df08bb99e0fc3a46f9f52a8b66bd8465554bab6b11cc7320e407f5940bcb |
| SHA512 | 3bd3ded81382d0bdd095da9be0b982c66d15d19ab78b5a7ba6b927b7e7a5e8a7ad72c5685cd013d730501b716bb1c46e01c1b22730140a68555821a982fde2f0 |
C:\Users\Admin\AppData\Local\Temp\SIBSFX.ED308814\UpdateCheck.exe
| MD5 | 9f2a5327606f6988eafa75d9e3f7358d |
| SHA1 | 17c5b1a7a4827c409d50c3f3cfca5be31bddb551 |
| SHA256 | 9b4d1170f8f16265cb00ed162fb031d625731241f2a933f4342b4ce410357b57 |
| SHA512 | 813dafee6f826e390743afa293d2e784da7c09c0d2f7388d17e87b6058b5d0b8fbf889bab05e0f9da8ab70785a4a0e10e40cc58fcb5a56424d750ce7d92b9fee |
C:\Users\Admin\AppData\Local\Temp\SIBSFX.ED308814\StartAllBackLoaderX64.dll
| MD5 | 8de6ee8ed9264ae48cb14449261609cd |
| SHA1 | 185a3237e451a0fabc28e9115de15a35ac0f720c |
| SHA256 | f378253861b934652dced47eac6f735faf9c2bdbc0c5290e6bc9e4fa2bde836d |
| SHA512 | 8508eeed95b784068b279cbc050d1f2ceb3f6b8d0efb3598b67c8d23f17f2c577177c84576596883fc5f607b419625cbe5d6eda20eb32cc4fe64f5a23bf11490 |
C:\Users\Admin\AppData\Local\Temp\SIBSFX.ED308814\StartAllBackLoaderA64.dll
| MD5 | 15d075a818786dcf33f4626f717a08e5 |
| SHA1 | 779f7a863bbb02a8b677c0161a11894c6f9258ed |
| SHA256 | cd4a37276a077f8c8a8d09fb2f47c3b4613d4a7bc69003468e12878eabb9824f |
| SHA512 | 155e758e63760ea08c06ff1f4cffb1c8325d27527c53aa8a9830d02e605279c7b4d6561b9cc49a8107bb37bd8b90d34c821aa3506c45489b6081141aefadb19a |
C:\Users\Admin\AppData\Local\Temp\SIBSFX.ED308814\DarkMagicLoaderX86.exe
| MD5 | 08ad87eac17f65ff7a86716ef2b396cd |
| SHA1 | 76511a7c176a8d2e9eb0a9eebb9ab207cedd6a60 |
| SHA256 | 13c983d71972eb9b1927a3ddc615dcf0bcc7d135db952e82cfb5f4116d50cf67 |
| SHA512 | 0f54f744e88bef2ae70976dc7b1c6954b1fb83be60db5a6fbb29334ee3d10f9053391dc4bc2b473e9cc7a1acefda4e147adeae060c28d4993b3580fbe118dd83 |
C:\Users\Admin\AppData\Local\Temp\SIBSFX.ED308814\DarkMagicLoaderX64.exe
| MD5 | 162c0b782f77813fbedae5624faeec8c |
| SHA1 | 06dc64d96c6453d2bc402cb8ede250f5db2c65f5 |
| SHA256 | 30c848a65240663f65add1614fae26727641e3f1a8a6931e265f1dd191c249d6 |
| SHA512 | 3e9d08c2fa4cc2b02d13d611d1675f00d5c285ae38f85e31f0267031de6c90ed3aa94ea9d3686c961e01edca3f965642b157af346363bcf84bf5a3c7d70248a9 |
C:\Users\Admin\AppData\Local\Temp\SIBSFX.ED308814\DarkMagicLoaderA64.exe
| MD5 | f92ebe8ec3801ba6103e70ab91ed295d |
| SHA1 | e7662529eccf3c5adb6538b033bfc66c4cb4a2d9 |
| SHA256 | f08aaf6c8a0fc46ffccd4833f6f538a50472c5c67d33f805e61c928f7ca75c13 |
| SHA512 | 517d42d80a7f02ad83b0463207755cbf27088c3a6c7aa89f32de2a2fb0f238a126e3334638fef085931cd963ab4a142929b717682a9c7dba921d24dcfb8587c8 |
C:\Users\Admin\AppData\Local\Temp\SIBSFX.ED308814\DarkMagicA64.dll
| MD5 | 45dc474a635f20838a9ea60b2818223d |
| SHA1 | fe6291afdd050e35ea412534a37b3493e9c3487a |
| SHA256 | 4c023fca85d37839c0397adced35b9ffeca25c12ad988fec475501ac04a2ee99 |
| SHA512 | b7506983f2f2cf71bf937d698477c562a8d66b59199b78d6b273235782ed47798f3dcd12d8fa8d1d3a621660d21412ffe93e643ea8ccdc62a5fc576c834d26db |
C:\Users\Admin\AppData\Local\Temp\SIBSFX.ED308814\Ribbon\theme-light\windows.slideshow.svg
| MD5 | 69b0feba9de26f8a460c519f4699951c |
| SHA1 | ea7bf9dc8127cfae43050eda38871ce377074c89 |
| SHA256 | b24b24932cc2156d51f7ee5365656f83b358d894860ba921eb353f1664dc22fd |
| SHA512 | 26ce95a2dc56a0348b44359b9bf191290373e4837f0b152012c7a8c9ce909aad16f1d3e98ef950ac9c3a1761c7ad6a352ef7591440d8c7e250c78e5fd7ac88bc |
C:\Users\Admin\AppData\Local\Temp\SIBSFX.ED308814\Ribbon\theme-light\Windows.shareprivate.svg
| MD5 | 71f2d59747a3f434e644dcc2d9ae5cf8 |
| SHA1 | 8e355281310095907caddb5505dde9493845991c |
| SHA256 | c3537a0c281a6332ac2a7eb35285b3bc7ec9bda291442d482b98a45b01eed7c7 |
| SHA512 | 016b1fc3c52dc1e83d26daf3d8a2339843291d895f0225331397c80c00c779bbd8284f53cf1d4899d16068b1eeade8426bca66ad2de5ede5495c17d5dae08cf3 |
C:\Users\Admin\AppData\Local\Temp\SIBSFX.ED308814\Ribbon\theme-light\Windows.RibbonPermissionsDialog.svg
| MD5 | e04891b2f5d2a3f7d820874069efbef0 |
| SHA1 | 6a0fd5094b970112bbc059bdfff30e98e38a630b |
| SHA256 | 1fb69fbf893a9c105ef34a722e7bf2bf52cd152f1f5c16d10a5551f9cc3bcfae |
| SHA512 | c06c846faca627d3eb9e28fe2d54c34785139cf8db3e1bbc0c5f600fbe0693dac9b1909e2f7cb5821d2eca60810bdc53ac287f174f8a86893093df217cceb40f |
C:\Users\Admin\AppData\Local\Temp\SIBSFX.ED308814\Ribbon\theme-light\windows.removeproperties.svg
| MD5 | aa7a1f8653ca76f4aa3a6ee5e578a30f |
| SHA1 | 24da64a7c889016fc62721a37650e7c890f8540e |
| SHA256 | 7f7424bc7c1580d0c6fa842fc0c08ad9a4aad1f2100bd314170a81f242a13e2d |
| SHA512 | d52b1c0f26754910cf86f1367c79e780a7baf713a2037d3fd4556747c595f5d7e31dca3f04165a7bf7d09d903e06e356e004974ec3bc555ef87b6f4fa8b7afc4 |
C:\Users\Admin\AppData\Local\Temp\SIBSFX.ED308814\Ribbon\theme-light\windows.pastelink.svg
| MD5 | c166ab708a47bcfd4c9a4db9d49b116c |
| SHA1 | 672873c5f1ae795ad6d6cf79d48916bfefacec13 |
| SHA256 | 7508b21509f19d080ca825c15d3ef4314dc35920f8aff7ffe4ea896f3e384872 |
| SHA512 | 55ec0cf124820386e411868a7ff590cfdd238cb1fb93555943de0587669ef02eb128487ae58c3151b629c8fb82ad1bbebd36a8de592a52e3d083c6b28438c618 |
C:\Users\Admin\AppData\Local\Temp\SIBSFX.ED308814\Ribbon\theme-light\windows.openControlPanel.svg
| MD5 | a7a6d780d544651856596d0a038225f5 |
| SHA1 | 4a1275178521d9949631cd171826298591a07b9e |
| SHA256 | 942cf1dbbc4b72975e512dca10160d0e0c14bbab067b3a2c50bf9d33b8e22fd1 |
| SHA512 | 8f466aa606c743e114c77d8409725cd3f4b831fbc72278959712104c4b7aff140a22d0ae184ac39bf8f3e0b53bb1bcb649fa8fca867c9e1212b1f613ab0afde7 |
C:\Users\Admin\AppData\Local\Temp\SIBSFX.ED308814\Ribbon\theme-light\windows.open.svg
| MD5 | d88f7146f06864129fcee20421c9cad6 |
| SHA1 | f7c359d52db709fd691b2de3594dfcc2c9b5f133 |
| SHA256 | 644d576f3f86307b5f9448b88dce9f53e4fd40e14fd00317c37efc70f8a6c3b5 |
| SHA512 | 73b055d1c273ed4410f8785a9a4e221992a3db860eb3fb684ae4894ddc25c1d1c3df36a690633f57cc20ae1db19acc1e7b08181839b341deb1c7b48ebbacbff6 |
C:\Users\Admin\AppData\Local\Temp\SIBSFX.ED308814\Ribbon\theme-light\Windows.MultiVerb.cmdPromptAsAdministrator.svg
| MD5 | 82c31602416e4be22531b6daa5339ef5 |
| SHA1 | b066f34a2df875b62c7ae81d425d2c92db0cceed |
| SHA256 | 48ee93c6978fb0bf08e2de11ffccb52e190d9325f7889c9c21442b97167fef1e |
| SHA512 | 0683bc5044628cd49ee69fff640b336f60165b387a44d9d4f53552362fd4374c4bb77560b178cb4a279f35f8edea6d479a7a6e839a32cbe7cd89d2aea64c7667 |
C:\Users\Admin\AppData\Local\Temp\SIBSFX.ED308814\Ribbon\theme-light\Windows.MultiVerb.cmd.svg
| MD5 | 950e13db1fc393ea7444f5139e0698c2 |
| SHA1 | 456dcc1c7a494b4fa0aa7d17029cd11ba235926e |
| SHA256 | 118e3fd996a8eaa8406d0e98fb76e8224b23e32210543993c71da993e07c368f |
| SHA512 | 975c7c4c104e4b7935a5e4b7a0bae5da5cc96e02627b6db4565bf8e434d7ea146447a1171538e286886ee83b902ed038a920790dd9284410df69c23e4bfca8f5 |
C:\Users\Admin\AppData\Local\Temp\SIBSFX.ED308814\Ribbon\theme-light\Windows.MoveToMenu.svg
| MD5 | 64a35fc57fb167888db1fc08ae4517cb |
| SHA1 | ef0677fdfdc73684dee13fd10cc37281d5a1654f |
| SHA256 | bf8458615d4d28a96091627aafc0cf6853aaaf93e87bda52e3edc62baff9c5f9 |
| SHA512 | a7aee19efd2c8b019cfb051d88ae458e0fdf0220ce03f634d55e54dec53b8df4d8d255749f3dd06621b9d9b1ac8845f357145810977e542d6d5aded4e33ee7ee |
C:\Users\Admin\AppData\Local\Temp\SIBSFX.ED308814\Ribbon\theme-light\windows.layout.svg
| MD5 | 12dba44c3a22a457c5b75f19a0526100 |
| SHA1 | 617f700da8af1239c27291176a8316619006a43c |
| SHA256 | 9b2c371947eec1f36cf20096e33a32aec971a1148646451863aee8a868df6dab |
| SHA512 | 7c5614de250201375a3f52981a2abc570b2a133880cd40d77ee7d0f50d938ecc3b94466c086f0b4cea0da8c78e9cffe1b48a6a42a8d02933474cf6d2c607f097 |
C:\Users\Admin\AppData\Local\Temp\SIBSFX.ED308814\Ribbon\theme-light\windows.hideSelected.svg
| MD5 | 969f2a95d9f8f53871ec2915b7f899e4 |
| SHA1 | d70d953d5b162503877917d7c388b83cd7533a17 |
| SHA256 | 5cb0408302a93efe9dc8cab07f2f6d450945026f844a5ce7728d2e830d0eeae1 |
| SHA512 | c1cd140e670609b7247605f0dadffe3bd7922403d97fde3335fdbbe60195a4a66530a96b39d8842f469a30d30c5f6e6bce74dd70221a36c1d8544c2bffa4f7a0 |
C:\Users\Admin\AppData\Local\Temp\SIBSFX.ED308814\Ribbon\theme-light\windows.help.svg
| MD5 | d2eaed105868254a169000bc4f8e01b0 |
| SHA1 | 3bf8727922d9362f99ae1513e1337fdb34378d6b |
| SHA256 | 5cff4abe766fa2c18a0e69d5be21388ddbd90e47ff7316090ba2279ccdf19b6f |
| SHA512 | 5cee6dcda5e731d179d5a1194e194047440bdd560850698e165c30ddb7bf6f18827ec815b3df1bd18b0d5727c22a96c05fa5af53798c62f32715b6a78e9a4bb1 |
C:\Users\Admin\AppData\Local\Temp\SIBSFX.ED308814\Ribbon\theme-light\windows.folderoptions.svg
| MD5 | b06dadd8a262cb69caa45a0fc1d2e8e1 |
| SHA1 | e9807e96344a0961115eaf759bb718d8bacd6497 |
| SHA256 | 1b0fbca9b1dad3bd78494ef75632d54f977e22c6835788d00e179af2bc23bafd |
| SHA512 | be626b15478772bc67817034e8133834949da0e91796c1d2f51ef0f830284f76b69eda8137104e28d426b9864e2ded0cef689572d5eceea4f58c56124c323525 |
C:\Users\Admin\AppData\Local\Temp\SIBSFX.ED308814\Ribbon\theme-light\windows.email.svg
| MD5 | e257e78118c790a46596520e85e550ce |
| SHA1 | 9d38ae7247cabab3d34b10f49589bb73fc4dc51c |
| SHA256 | 3568a00a810d5984b8c71df89157bed7a34466ae72ac743e2020e8c29fe3df57 |
| SHA512 | 8de7dc8f3c2bc4a9b725c1c2a45c8d6a5b4f92c46798ed52592b35c7701c3391aa6416f447f2887cc15795f389abcefea2014311d7d94b255a3ed1c6eb2e9b16 |
C:\Users\Admin\AppData\Local\Temp\SIBSFX.ED308814\Ribbon\theme-light\windows.edit.svg
| MD5 | 14c11b2296c00db335bbd269c13d6c88 |
| SHA1 | 331b1f70491c6a271eed972a43a256c025b7ca1b |
| SHA256 | 1e69d480542ecf89010e0947c100605423ec60a92bd87702c72513952065b3b8 |
| SHA512 | 7bbaa9985676b0b7898ef889107ef9294dbc1bb3ac7dc0211c13b481b2eba449233f0bc54bc969fd65d8533bee15113570f470df4ee77b85a41cb98cc2b91977 |
C:\Users\Admin\AppData\Local\Temp\SIBSFX.ED308814\Ribbon\theme-light\Windows.CopyToMenu.svg
| MD5 | fbc42d74506b01301daaa4ed713e59c3 |
| SHA1 | 6cbfcb87d0447c00680c9710dde8d8ff2cd77216 |
| SHA256 | 9d81e9391ee6e6515a573dce662d0d50d4938f81ff640051873667c93c6ac469 |
| SHA512 | 146028277f96039af0c19154ec44f402c560896bbc44cbf9cdac3c4d8fbc8c153169f38d5b8cfcab47144095b688e41345528be049f04621d2673cc0532f13c5 |
C:\Users\Admin\AppData\Local\Temp\SIBSFX.ED308814\Ribbon\theme-light\Windows.Computer.Manage.svg
| MD5 | 8987c299c5fbac9f68136bb012e1eb4b |
| SHA1 | 6878a2a158a7be4e3bfa899763c42a057782d4fb |
| SHA256 | 24ab22832e298877665641631c70ded68e5f9fc750d5e15f59b65cce06d8b4b2 |
| SHA512 | 1564e7e74bbd3dc94dcb51c4cda29718e5caab86bf877084b72338a712f762eb4525424a7acdc0e866b775157064fb6025df2c2276daf83fe12b2aad2b348af0 |
C:\Users\Admin\AppData\Local\Temp\SIBSFX.ED308814\Ribbon\theme-light\easyaccess.svg
| MD5 | bd71ae5561063094ecdbb18d0f38d474 |
| SHA1 | e2eee62bfd715d2bb807ff1daf354f2954f93efc |
| SHA256 | 3a58ece9da8a88a997fb95b0ed8d81f223218f2e089192b451df8a451fcc9800 |
| SHA512 | f9c39d0a4c438402ae71eba7fce031db76c9616ec9b88592fc6f7d80b73b57d6333f567844ea13209afa662e1f879812cb0dfd0a40772d9a94be210c5cedff29 |
C:\Users\Admin\AppData\Local\Temp\SIBSFX.ED308814\Ribbon\theme-light\accessmedia.svg
| MD5 | c5e59d922cc9a14408ee01a473de2051 |
| SHA1 | 6eaf109c422b2ebfc632f5c70e66b91f90d53f7c |
| SHA256 | dc2ab9af2b1cd24b11acd4f0ca0e55cbb65d2eac5228a411c2698d0827ffad7c |
| SHA512 | 9efd45be57ba0727058fb8439794ec62a0b0728a886aafd8069fa8bfa0b23fcc2c011838e29a8268872508875ff1d6ec874cec6b991ac09167784c3b6495681f |
C:\Users\Admin\AppData\Local\Temp\SIBSFX.ED308814\Ribbon\theme-dark\windows.troubleshoot.svg
| MD5 | cddcc9583650cc486eb4cdef5a9b5b98 |
| SHA1 | c37f053ffb211a8889639e52a9ac0767c1b8058a |
| SHA256 | f720372e65c2882f142712338aaeded555129dd4853dd2ccd432613d74707616 |
| SHA512 | abfb7d54dffef751559ce4d3ba7a79c9ac0cf023147c6ea8624df4953090aef489968cebab0c5c633b1a095205cd5e2671a609b2914eb03685ffc3724ee17404 |
C:\Users\Admin\AppData\Local\Temp\SIBSFX.ED308814\Ribbon\theme-dark\windows.SystemProperties.svg
| MD5 | 14d22222ec2d2f20fba16893756ea5d4 |
| SHA1 | b642b876676c1342c6b67ffdb98896a6b02df2a3 |
| SHA256 | e99475d76b50f34ec3b1e4346677237d6737fa78bb572b9b7c7fb6837d8a0662 |
| SHA512 | dac7b0d0c64903fcf1c775e89035709af858fa04667ff046820f5cd7b30658b173c4906fcfc0ff85310d98fcde717fd55f51a92b03c96363dc99a3996b04a14d |
C:\Users\Admin\AppData\Local\Temp\SIBSFX.ED308814\Ribbon\theme-dark\windows.slideshow.svg
| MD5 | 1ac51ba1373596a8d1f06bc083f4a399 |
| SHA1 | 8ac25f224311ce855dd56614730da461d6bac52c |
| SHA256 | d384130da33fa213933956306d7ee8bb8377f8dfd3bc4aee588fb453d2b34fd5 |
| SHA512 | 0a9031ccf4b29444ef460f4df2b63b64bd880b5d79c32343c63a04dbf31af09b7547210bc975bc3c5d2389cec2ba20684205e1465753adfa9733912d97bc5bf7 |
C:\Users\Admin\AppData\Local\Temp\SIBSFX.ED308814\Ribbon\theme-dark\Windows.shareprivate.svg
| MD5 | f330543683bd4ae04f346f54507d22e3 |
| SHA1 | 98fe7d1542a3ebbaaa9c24238fc1f48cadd046df |
| SHA256 | ebfceadfeac8434c464713ec411e1b9059a743ef0e7b676adaba78b005bb877e |
| SHA512 | 4752ca2f4b32b8db793cb746a67a918eb52f46490246179dfccf441a1cb5ae23b95929e766a9ba7200b0c84ef6361051a6efa461ba1175f448126c521fdec5e9 |
C:\Users\Admin\AppData\Local\Temp\SIBSFX.ED308814\Ribbon\theme-dark\Windows.RibbonPermissionsDialog.svg
| MD5 | f0e4bf42cb74c5dd771f24c743f868e0 |
| SHA1 | 65bbc97217ca22ea7228b25b9848d3919b3a502a |
| SHA256 | 2b9a7c378e0160ac8e5843f1ced91021802b677776dcf9ffa71524adbefa1800 |
| SHA512 | d2e4143b52fcac95423966ca78b4bc3c9634eac01f6ea17125125b47d77fb4e68c3c3458fd48c33b10ed9024b18a4c1c66cc466592e47832403f1d20828409d2 |
C:\Users\Admin\AppData\Local\Temp\SIBSFX.ED308814\Ribbon\theme-dark\windows.removeproperties.svg
| MD5 | 3f8ca186cb7ddd7894eb556e4b5fb44d |
| SHA1 | e9f8be66944d1476e672d07e2e807579b2fd1563 |
| SHA256 | a6a11b85c515027090396db56e7f41036861f3fc00f518e23885566d629b44b5 |
| SHA512 | bbefdfeef896ab0878359387584cb7908fcce27726831acaad975d867d1c5b9a70d67ec1f6dbc03ec0fe7955aae95d1ad251e57730ba9598441e18d366452841 |
C:\Users\Admin\AppData\Local\Temp\SIBSFX.ED308814\Ribbon\theme-dark\windows.pastelink.svg
| MD5 | 9529c8cf62cb8d41191701e0fae024bb |
| SHA1 | c526c95ee6a643414789b56acb99de703db8c8ea |
| SHA256 | 2e6c18304704c1ae4885abfe8b002c429a4ca7676f0a0cf8e168950d63f7a218 |
| SHA512 | 7c5061848719d99eebfd5ddef0152c1d591033c3bf1a9162fa2984ffe030d29fec0f0957f3b1d4bbb3d5b8227f8774f74e4832b1d545cfecc09c86ad1eab9cbb |
C:\Users\Admin\AppData\Local\Temp\SIBSFX.ED308814\Ribbon\theme-dark\windows.opencontrolpanel.svg
| MD5 | 643dbb3b6ee4756762b5f54f655e39c0 |
| SHA1 | ea7ee9230092f5fdb7906128e553b70dc5c64fc3 |
| SHA256 | bd0c11262c33d08d2f3030d256ae7c16fad62d0050dfc568e9057871db3b5b5a |
| SHA512 | b63981deff805fbc128d6d6a8be6a53d70fd80ba6dd4c017d6e8866202431c0b3968d1cf3326c5336deeef89e1f7a60251d9874293e7a975cbc340e643f367c1 |
C:\Users\Admin\AppData\Local\Temp\SIBSFX.ED308814\Ribbon\theme-dark\windows.open.svg
| MD5 | 536711aa27aaf290c2410dcda8e2b591 |
| SHA1 | c1a681b60f9c58379aa36854081154819e252fdf |
| SHA256 | 412a37d3e1856910f22c2c35071eae274e3d83047e7a33339f31f501cc5579b2 |
| SHA512 | b45f5b5cc062e961d9152ad76be81b6c0c2d95bde7619ac231cc583c064db2454ca9b4a642778a517021a09563ae004428007d52ee89a0cd9ae5a736f2c3f3d8 |
C:\Users\Admin\AppData\Local\Temp\SIBSFX.ED308814\Ribbon\theme-dark\Windows.MultiVerb.cmdPromptAsAdministrator.svg
| MD5 | 6c377e6d5bd170f014b2352c0ab7421a |
| SHA1 | f96a1db407f92341dd47ebe432de32913de4a45e |
| SHA256 | 8e4de3dfc33b3b3edc2d3b37e95669c9794d98cefefdc50bb6ba02f0937d606c |
| SHA512 | 8218d88c6cbf6c3277f36556f54c4b533502b135c58bb24a2efbcabc2125bc39dc38e51cf130b320b8dc8edc08d04aeb4cedb9472966e907981f19adfa3589ef |
C:\Users\Admin\AppData\Local\Temp\SIBSFX.ED308814\Ribbon\theme-dark\Windows.MultiVerb.cmd.svg
| MD5 | 836de6af228e5d47f4a5eedbe79d9172 |
| SHA1 | 866f1d4825c6e8fc93f2e4284850bd054dfc39cd |
| SHA256 | e642c6fa1611e1e937a31bce4b61d1951d6783e3ff633729f86096b67cfe6228 |
| SHA512 | b022f7ec8acd5c80ce03fcb58ab3d551b2760f93b9bb8770e5f034416738cc87e3c633527939fec584deef38dc25db203844f8cd76856bd24a90694a0ce2edda |
C:\Users\Admin\AppData\Local\Temp\SIBSFX.ED308814\Ribbon\theme-dark\Windows.MoveToMenu.svg
| MD5 | 7beacb39451ca90854d81dc79b25f579 |
| SHA1 | 2fbe3c7c118d0799ced08f530274d04c4530ea99 |
| SHA256 | 40f70db8f7814acf922e25411f82f9d9b9420d30e34f5c6199b8488e260ca13f |
| SHA512 | c66850bf3d41bccdf49859244dd38797e57cc7af8acf774d578f799a769ba7296108252dee262bde7d8268ffd90c2985392a7544f9087e551b519e8ca2293fa0 |
C:\Users\Admin\AppData\Local\Temp\SIBSFX.ED308814\Ribbon\theme-dark\windows.layout.svg
| MD5 | 2105ff4f8f0fefefa00b5ddd93ed9d79 |
| SHA1 | 45f452e56c9aebda14d057e1f1797e20887ef5df |
| SHA256 | f39d73c1cd814615aa74ce9fc04a4b7f4c83156b2173875134eaa3f60fb70c7e |
| SHA512 | fbce0a5606cdeca22f3c53de7b966a9a00cc1ff40bb5af59d25eea7870a2fec140908c086b91760d16674a6d65c90c47d392dd7319ab507b7ea70a5a437bf89c |
C:\Users\Admin\AppData\Local\Temp\SIBSFX.ED308814\Ribbon\theme-dark\windows.hideSelected.svg
| MD5 | aea15430def6cfda52866c7acce670cb |
| SHA1 | 6fb41dc83d8eb9f14c42bfdc734f22aaadf57a51 |
| SHA256 | 931320e31e415b420aa1985d2b7305d4f3b1d2f1d8ffddb18c01690aa84f3d20 |
| SHA512 | d97bd0f7fb7ed1e40ab550e9103eace9139de44a0c4bffe7745b1f99edfd799f07379ef19889cd4a838bdeea99c726ea977539a4de0246eed36fa00c403ff48e |
C:\Users\Admin\AppData\Local\Temp\SIBSFX.ED308814\Ribbon\theme-dark\windows.help.svg
| MD5 | 613988bed41860a9cd8716e840f1b43a |
| SHA1 | 805710d924cd714e84e29b1ad8b19f8166708502 |
| SHA256 | 2aed30dcca71f8d120cffc6b01c318bf1898e62615045fea5e33e1552f289e93 |
| SHA512 | ead70f060366fd23309939e6aff86e394d3ae9517e22147bd1f57c6981004c2b2c01a6624eafd6a80454c1233f85b4d02de7b3eb5618c3bd743540360d931e35 |
C:\Users\Admin\AppData\Local\Temp\SIBSFX.ED308814\Ribbon\theme-dark\windows.folderoptions.svg
| MD5 | fb052ee6b0d4eb3a0ac028075e212e49 |
| SHA1 | 19c6c4b06055ae70c9a35c3c0e4fc51df18a9fcf |
| SHA256 | 3615ad11593e0fa41c9fcebe32b9e96865cf13a27640f87802aa3c33730a05eb |
| SHA512 | c2eea0be65b7b1f325991f671523a34c8383f10a049726ff2b52b270697f9bb29ea1936590dc94e84b02b39449d0a2fbd31104d4670324216248cbdb6116cc72 |
C:\Users\Admin\AppData\Local\Temp\SIBSFX.ED308814\Ribbon\theme-dark\Windows.CopyToMenu.svg
| MD5 | 719b1c337f9362d872c788c1b8a443f2 |
| SHA1 | bf435a2671443a3aa54342219ec7a8413f3fc638 |
| SHA256 | 0d4efb27e6c7b774206155dd6abddd2cc85635a467c869c7675da196869a5e2b |
| SHA512 | b60a9d72d669a41e961849c7d5acd02b03fe043b551c97ba2661d94a39644c3871a137b6bc62c6e8b45919861adbc3e220f54131e4e877ed30ba82d5e998dabd |
C:\Users\Admin\AppData\Local\Temp\SIBSFX.ED308814\Ribbon\theme-dark\Windows.Computer.Manage.svg
| MD5 | 107fe8d57a6d6821321648484ea41333 |
| SHA1 | 98df047cc084171b3485bd2ce8abe287f9487f55 |
| SHA256 | 11b72939689a479cbda2bf96a64774d2ac605c7054cf23deba0663ed4dc11d6c |
| SHA512 | 9de0802330eaca6ae4849c9472decbc97af7dacdd91665f55b43c54c7981e9afa362365da5ae49e30b0a182d5d86d6f863d94e37b8fb92756de857dfdd15b4ad |
C:\Users\Admin\AppData\Local\Temp\SIBSFX.ED308814\Ribbon\theme-dark\Windows.AddRemovePrograms.svg
| MD5 | e0f7ef3d2f36317931a42dddd494c9c2 |
| SHA1 | c6b916609b96d81bbf803a3eaeed1b088b69109b |
| SHA256 | f51c5b5b68f6bc5104188a93f145ca2d6e57d94636fda34e41599bae0e5ec682 |
| SHA512 | d7722dc17345fd4245834f247249b8f9e7595728ea3c176d7349d39d90b8b57df47f2c2eb430366cc1d38df04f2567783976d3ea424bf013ea9e296679f23344 |
C:\Users\Admin\AppData\Local\Temp\SIBSFX.ED308814\Ribbon\theme-dark\easyaccess.svg
| MD5 | b0dbcbb94384185aa810405152782157 |
| SHA1 | 2448bec63e385fd475466178a17b68167ec30398 |
| SHA256 | 6cebc92632e26a4fea23d3e95e3590912f0037f2500ebe576e6d0af54abd4c79 |
| SHA512 | c0fff2be0a62c0c154e071a07aa061ad502fe2916939ebd2fcf64de62d368782c99fac2869e4c5e4c904d2773251d23e1f863e7a4fb1d39e07ebd45f9794f618 |
C:\Users\Admin\AppData\Local\Temp\SIBSFX.ED308814\Ribbon\theme-dark\accessmedia.svg
| MD5 | 87549bfacb19ac7eea47dfdddca9ea80 |
| SHA1 | bec2cd7951d75ef20f9bf8379f61e8121eca8775 |
| SHA256 | a14b44b414971fae445df013a5de357ff625e4a509bfead3b0c01a74844aa515 |
| SHA512 | c0f36410598e26a9783dec3b1fed11fa3dfa563bef210385ec213dc1f49d53637d5fb6ff4405c852bcd150e951b162a1d856151aa2512c15b9ee68ca43d42304 |
C:\Users\Admin\AppData\Local\Temp\SIBSFX.ED308814\Orbs\Windows 7.orb
| MD5 | 85328e698e8a74852b4061a683915dc8 |
| SHA1 | b898267f8574a34e6d605e541e5234c27dd53f5d |
| SHA256 | e5b74e9e7bd6758a0154b11462ae3328edd143190865198104d8bd53b9af7275 |
| SHA512 | 03945c487c6e697f7b352374a989bfe41d1de7d00624461d2b97fb2027b26d36b35035d5e78ea622c31372087dae647c5d3591c7f9a27941c009993e719ee28f |
C:\Users\Admin\AppData\Local\Temp\SIBSFX.ED308814\Orbs\w8logo.svg
| MD5 | f13738b41b7a2042c53dd228601639e0 |
| SHA1 | fa746d221f52d39cd3eb9aecfd2911a2f1b47cbe |
| SHA256 | c75684410793a98a051a1cf95395709c73e9589037d47be3f6277b4ac355b7fb |
| SHA512 | 1d890663a981ecb4794abfb22575bb54f74fea76123d6c9969281e36ef8864c33f77e41986481c386c867a3c6c1a4bb826d20257576d0fbabd1de6264f350291 |
C:\Users\Admin\AppData\Local\Temp\SIBSFX.ED308814\Orbs\e1evenorb-pr.png
| MD5 | e5ecad423623a327b850919bd8a41bd4 |
| SHA1 | a25e38296db28d28d4e50042c84600b35d091f0a |
| SHA256 | 6e451fe2d887698c4290b830aec1a4a196de22eb3bcf6734b567521bf2d6edf2 |
| SHA512 | ef8252abd127f5f1179b828a1d156b2ee4b6781e97a4afa3685418b2e4a94061554e5d23cee3713df18b32337dd2de0fe55841501210f8dfeff0086966bd77a0 |
C:\Users\Admin\AppData\Local\Temp\SIBSFX.ED308814\Orbs\clover.svg
| MD5 | 47b9be5d069d6873cc9bfc3fc7c3b9b2 |
| SHA1 | 481a3689dc871d2286ae51412439d877ca5a5201 |
| SHA256 | 1e0e1ea6149fffe9a6d09a77b404fe17db7d455d1036faebdc168b1ce5869282 |
| SHA512 | 3c8e67f8ff198dc97c76acb8e910e130455ad5bb596a805a08a25ed8fdd78ac8820d97d9cc82a72096cc5d4914f1eff7afb1b03405a8a87688d54aaecfd89b64 |
memory/6660-6808-0x0000000074ED0000-0x0000000074EF7000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 6de0c94ec5da551fc500965cc70f8a4c |
| SHA1 | 898e8154fd5d9e7f0bf7f6f67db45938da9e59a6 |
| SHA256 | d76a96a3630a7b4a120293d95f2a275847a290e52d21b0ad856deb2ca39f79e4 |
| SHA512 | 12cfefaf5ef93c4fa61071901903b6421a4cf6c21a9a44eb0cad85f64ffe6b0a5fa4bf994ab53fbd2c4dffec0e83ae89c0d83df7619db007425b4fa944c7afba |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | aab7063115a89d10f5791914a78b0b3e |
| SHA1 | eaf14c7f99cd66c03cc952cfb7f796974b49964e |
| SHA256 | 03ed0d094d5ab7d9404dded77fe1627cc5721137833f8def39d6361e56b528e2 |
| SHA512 | cbffd20394057aa4682875d64f0f57c29140f52ce9849eb8eaf780f0b472d2724baf063d76fd9675e98f6015a210cf7fba2a82c8eb35949aba486cdfe870182f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 11596107278f942a7c0890df45ca5bd2 |
| SHA1 | 555448452b128f1b9381ba82aa67d86dc783af40 |
| SHA256 | deda9c7638afdbd519928056bae26a173efe189e9395d94ad6251dad6e6acd48 |
| SHA512 | 42dfbb7a5c09364523c17c99a7db6dcc2b60d5b73fa5e6066179ed7dc6a02a1e94253ef65d63d59320115c2c492ef56ca2ab7e4c7a595f7a99deaefe3c4dfea8 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dom8snqr.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F
| MD5 | ccf4eb71361ccffed95e4b5f24d8b3f2 |
| SHA1 | a365d5b290d5b14fd57f44b141b23de317c37a87 |
| SHA256 | d96577e5b2c835a6e2e14cc3790ce9e775bf93e7cc83fd3e82c9821e35d3544f |
| SHA512 | 8764e7e06df6790a7425b4f5ed1bc391eaa08e3c1e053cb5f7c52c51ba5e09b69868ef2aaf6baa2c8eb11bb1617a1fe1015fd632ee799769596e443a7c27edc1 |
memory/6660-6870-0x0000000074ED0000-0x0000000074EF7000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\AlternateServices.bin
| MD5 | 3bc07336ff83abc937708ac65f10430d |
| SHA1 | 416c270e24190f57ad16ba397845878e1452a852 |
| SHA256 | 168bec4100094ab68ca35ad7e788d2a292ea2a2037ad7a0d401b2a23469b2d72 |
| SHA512 | 4caaf35bfde25ed744b2b488cca77f96c67acfdb6ba66ff39ec9d36d6e4fd8c928d0994075526608dd42304b5192b418e0ba8ace0c5168425934f04f1182b830 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | cb5228a1b33ee8883b9ca385c7da842b |
| SHA1 | c0dfb234b08762d7a4df566273dc3a45c1c9f988 |
| SHA256 | 6075ca49b01c4233717ad51115db4b51b9fe2314eee791e899057fc230963865 |
| SHA512 | 8b1489f2373b6deca139ddb232cd189b832bb026786e100ff07ce606e1a8c8d213623862762d3fdf0d9fdcb044b44c9126c2dd8d79c5f0347c65fca9097644e3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 3c060824f6b4c92470be43d7f998753d |
| SHA1 | ffd31014f452ecf0a964d8e12ff13a3247801224 |
| SHA256 | c90349fbdb9da1c6b2afea078adbc0b796c55b9da906ce162a81928879c03c0a |
| SHA512 | adf69d3a5a26f45e3eb2a7e75ec3041904ebf2d36185ea2824523c5a732401b6e5e17e8be3cf10e618cdc2089272dbb2d5c536108e9038a47ed6039747fee99d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dom8snqr.default-release\cache2\doomed\9945
| MD5 | dc60c92db80c6bc564ff08300cd3fc04 |
| SHA1 | 3a02ffc82f528fcc6409d70ee3f0a0541a1ae55b |
| SHA256 | 7ff3d51c418236bae65a926b5cc94a3cefc299a3bf8bb4ccb37c365ba04d7aba |
| SHA512 | 22abd7fcb017d694c719a395f5906e63a1a355cf9e2e8d4a0190c7324691802fdbc18bc1d1bec382a6771b0428a083bb58c68fe53e36df4e81bd5c36fd6bb158 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dom8snqr.default-release\cache2\entries\C9B3E370BA8E617D3363D8F388B58605F9DF6766
| MD5 | bb7af83fabd6c39a6c596da94adf08bf |
| SHA1 | 6067fe2790bc24deaef4a2a3ff90c0f1698b7984 |
| SHA256 | c06dfc8d71e74a50f24e74094c0d3f3fbaec399394b9c0cf30ca050a7f867ccf |
| SHA512 | 3e713c7a5ce97f09a84b2ba0ef2b6d09994578ae04b48822d7c29cd99d7160fe8b75799d79188fa7cff79a9f57bd2c7edd5b3b179cfa8d76ccee2fdeea5aa719 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 0cca9ab886580083b580c19d901b232a |
| SHA1 | da75f75f6e8f18bdfeb38de52b7bbbe464d51687 |
| SHA256 | e7c1f0e35de5490deb0e6ae36db640282419ac1484916fdcbff08df4ebde3b4e |
| SHA512 | 55980ea01cbd50536526955446fe018d97266a2d703126dbeccbbaa2a06499ae82721d76ff0d7c61e11179f2cd3fe858d285379bd8400808a28cda830b243318 |
C:\Users\Admin\Downloads\StartIsBack64.T1DBeCEA.dll.part
| MD5 | 4ca1b2a68a908d316c418fbac7c44a91 |
| SHA1 | 9732dd64565efd55285cda0391aa01c4c515f7cf |
| SHA256 | 3da801e2aa8aea011ea512e025097eb670f6aff44e038b2d65b93ee68fb189e3 |
| SHA512 | b3626d00669811330bbe3e4bb3c7a373f8bff3cd5b42c588d4202f57372dc446abe9c692f327f13251328382efa0c2118b0370f82a8fb4541c12ee32310f3c0b |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 1929b8193ea3429576604c588c9624c1 |
| SHA1 | 58c4b593c7dd9c75ef1e02a8f9fb646fad2a3264 |
| SHA256 | 87284c22b4912e16d7f16f3a0ac40774f74b44d266e772aa77d409a280b39002 |
| SHA512 | 29f46f589a1acfe459bd44da1532cd9f72ee8dd487237e3002722151e1a1190de2d294b42ad47c770c246ad20635a80d537a7ef3415c117b6033e40f00a4627b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 1f196002ec557ec90431aa4cca3051ce |
| SHA1 | 93eca7cebbdee090767a21495f2bb092232e5887 |
| SHA256 | 88d8ded134055aa50e48198961c1a0b7bc6bf19873270548148b8d30c9ba68e5 |
| SHA512 | 7eea670b3accd60e4f67331e24daf8bc6b59c4b06a741b59b2f18556c406f8b232bf707ec848fd7f4276efe72f13bcbe627fe600eb1e10448f5270c1cd39b881 |
memory/7472-7314-0x0000000074ED0000-0x0000000074EF7000-memory.dmp
C:\Users\Admin\Downloads\StartAllBack-RSLOAD.NET-\StartAllBack_3.x_Patch\kill.cmd
| MD5 | b8332745bd37b45e7ec3fc8cc04ec422 |
| SHA1 | 26c9c21faff2c4d747d735d295e5eaee1495b58d |
| SHA256 | f56d48597370f2b4417cab335f95485f065315375f41931fff5d782f3ac103d9 |
| SHA512 | 9e1ef0e3b1fb29217b1755414ac3e07b5badb7c35059f8b8860b4b5f24c0cf40bc7d1f2dd1d41d3acd9333f5646989d1d1186e155d23c410dba6eb2ef51b18ff |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\W3Y3NP6R\microsoft.windows[1].xml
| MD5 | 4ab187465d26f496e12c13074e4b42a3 |
| SHA1 | 47cfa6b8141e1d9147596a39c2b993efeb303759 |
| SHA256 | 30910203391415988b66bc34a1e1aa142cf792fd0a3f68321b533e267eec6b93 |
| SHA512 | db44329562ee57a785eb65d68c34ec0c518d0307808f4dc6332052d2d0f05a4c6b42b9747ea9407b7ba16dca78e4cdc15138c094de409157120b74a56150ed7e |
C:\Users\Admin\Downloads\StartAllBack-RSLOAD.NET-\StartAllBack_3.x_Patch\start.cmd
| MD5 | 911e338d3e70218de331bf02c38b4dac |
| SHA1 | 94c7c351621e4c7910fd90047d83698634519e0b |
| SHA256 | ca3e34e1ecc3df0a2eb47429c1252c24a0fe16cb6805a4eaa698379e0896d999 |
| SHA512 | 595fcbac0bb95477b539b5c5f7c3055df1dd1c3aac1144d00415f82e91593bdf5d99e7cccb5bed351eeee2da4e372ced61c46b09a4d1124396b65972ebfc1f5d |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms
| MD5 | b72922701a220820b59e06cafbc9ef60 |
| SHA1 | 3381c53de8a49432b784173f6ffbcd8f443e34da |
| SHA256 | 11a2e46e514fb1b65640733ac85c0f171485b80d413910e9720ebffd3274d746 |
| SHA512 | d6b1a37bcf25153548b96e079911d7e37464c3a5f821bc9e51ca73af4a0bf7b94e71c3a0251a83b4077f08fb21da83f54f5a940d537b4113f39e404399ea725f |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133760710738771751.txt
| MD5 | bca8ea0b494b7da13afaffd4b01e6646 |
| SHA1 | d7500f0ac704ee326b2b2e9599c04d427b33b077 |
| SHA256 | 8432368f316082ef07d62a320ccf5b26c7747d68e0c0b3f35d9f5c87ce662bc4 |
| SHA512 | 0802c8e1a1cab58de16ac931f443e69459793973e11992fa8506595555f5f4a269efb0836a1d6a2b755635f6d83da7b4856a99364aee7ed1d0bd84063014348d |
C:\Users\Admin\AppData\Local\Temp\dup2patcher.dll
| MD5 | 2fcac0a53e9aaffa146e751f8a1e1ae4 |
| SHA1 | cc074e73c8b50cf1973185188ed2c1ca630f01a3 |
| SHA256 | 62dca27bfcf3cfab9fe834ca78278be7a53d8c1b485c0fa5051a86703fe79059 |
| SHA512 | b2cf9577ab0c9d002d52de15dceb9e52e11686649e9ff5d6a9fdc565eb7ee2aa2ae735cf0c8712c1dde895792542d3d0426624cc62b11f885357646e7e5f3ac6 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 14bf578e9411c014d619fa90d30e9272 |
| SHA1 | 7ff74755a28de6e361bd2b2d6d7e8515ab0dc67b |
| SHA256 | 73117313c52e72150a31527d947f38b2e00437b09228c2eb33d4fe9243ffb112 |
| SHA512 | 32b43ca429455e5d8e2dce5aaa2d35c119388941ae055126eb49aa43421f2229c05ed669a77a2ca1e6d752ec154e33ea7d1ea731351934c5230b5bc7704d0e46 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms
| MD5 | 3ea3eebd37a0da07b17bfb228593344d |
| SHA1 | 5654199409e84522a6c47a0edcfc8f415717bd1a |
| SHA256 | 67afdec0165715c776fd3f3eaccb9214cd00d3fda446f910a3d13acecc1eb699 |
| SHA512 | 111eb09489eda1885bac426826dc2c4f9b4618d4ce1f4f858d1e75fa8212c30d6217a519a9de7c7f6d3a5201b7003d33cb8c51af2a7b44e963f6ddd2070b0064 |
memory/7692-8804-0x0000000074ED0000-0x0000000074EF7000-memory.dmp