Malware Analysis Report

2025-08-11 06:02

Sample ID 240222-whwddadd3v
Target YandexPackLoader (1).exe
SHA256 cac27906e3604dad123d97a55310aa548571c199ce257208a7003e18af3f8dd7
Tags
discovery spyware stealer
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

cac27906e3604dad123d97a55310aa548571c199ce257208a7003e18af3f8dd7

Threat Level: Likely malicious

The file YandexPackLoader (1).exe was found to be: Likely malicious.

Malicious Activity Summary

discovery spyware stealer

Downloads MZ/PE file

Executes dropped EXE

Reads user/profile data of web browsers

Loads dropped DLL

Enumerates connected drives

Checks installed software on the system

Drops file in Windows directory

Unsigned PE

Enumerates physical storage devices

Suspicious use of SendNotifyMessage

Modifies Internet Explorer start page

Modifies Internet Explorer settings

Checks SCSI registry key(s)

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Modifies registry class

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Modifies system certificate store

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-22 17:55

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-22 17:55

Reported

2024-02-22 17:58

Platform

win11-20240221-en

Max time kernel

22s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\YandexPackLoader (1).exe"

Signatures

Downloads MZ/PE file

Reads user/profile data of web browsers

spyware stealer

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Installer\MSI9422.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DFF8EA8CC44805EE58.TMP C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI9609.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI9A17.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e578b0a.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI954C.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI9649.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI96B8.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI98ED.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF496BECB1CB954227.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF8B85EA7948332E29.TMP C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI9755.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e578b0a.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI959B.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI9669.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI9812.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{5B964E0E-B9A3-4276-9ED9-4D5A5720747A} C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF3E440C4BE51430BD.TMP C:\Windows\system32\msiexec.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-627134735-902745853-4257352768-1000\Software\Microsoft\Internet Explorer\SearchScopes\bac50b3e-d1ab-11ee-affc-c6766fa4201c C:\Users\Admin\AppData\Local\Temp\5D62366D-F70B-4F4C-B0C4-72A1BACE7051\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-627134735-902745853-4257352768-1000\Software\Microsoft\Internet Explorer\SearchScopes\bac50b3e-d1ab-11ee-affc-c6766fa4201c\YaCreationDate = "2024-56-22" C:\Users\Admin\AppData\Local\Temp\5D62366D-F70B-4F4C-B0C4-72A1BACE7051\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-627134735-902745853-4257352768-1000\Software\Microsoft\Internet Explorer\SearchScopes\bac50b3e-d1ab-11ee-affc-c6766fa4201c\FaviconPath = "C:\\Users\\Admin\\AppData\\Local\\MICROS~1\\INTERN~1\\Services\\YANDEX~1.ICO" C:\Users\Admin\AppData\Local\Temp\5D62366D-F70B-4F4C-B0C4-72A1BACE7051\seederexe.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-627134735-902745853-4257352768-1000\Software\Microsoft\Internet Explorer\MINIE\LinksBandEnabled = "1" C:\Users\Admin\AppData\Local\Temp\5D62366D-F70B-4F4C-B0C4-72A1BACE7051\seederexe.exe N/A
Key created \REGISTRY\USER\S-1-5-21-627134735-902745853-4257352768-1000\Software\Microsoft\Internet Explorer\Main C:\Users\Admin\AppData\Local\Temp\5D62366D-F70B-4F4C-B0C4-72A1BACE7051\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-627134735-902745853-4257352768-1000\Software\Microsoft\Internet Explorer\SearchScopes\bac50b3e-d1ab-11ee-affc-c6766fa4201c\NTTopResultURL C:\Users\Admin\AppData\Local\Temp\5D62366D-F70B-4F4C-B0C4-72A1BACE7051\seederexe.exe N/A
Key created \REGISTRY\USER\S-1-5-21-627134735-902745853-4257352768-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Users\Admin\AppData\Local\Temp\5D62366D-F70B-4F4C-B0C4-72A1BACE7051\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-627134735-902745853-4257352768-1000\Software\Microsoft\Internet Explorer\SearchScopes\bac50b3e-d1ab-11ee-affc-c6766fa4201c\SuggestionsURL_JSON = "https://suggest.yandex.ru/suggest-ff.cgi?uil=ru&part={searchTerms}" C:\Users\Admin\AppData\Local\Temp\5D62366D-F70B-4F4C-B0C4-72A1BACE7051\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-627134735-902745853-4257352768-1000\Software\Microsoft\Internet Explorer\SearchScopes\bac50b3e-d1ab-11ee-affc-c6766fa4201c\NTURL = "https://yandex.ru/search/?win=634&clid=2598009-383&text={searchTerms}" C:\Users\Admin\AppData\Local\Temp\5D62366D-F70B-4F4C-B0C4-72A1BACE7051\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-627134735-902745853-4257352768-1000\Software\Microsoft\Internet Explorer\SearchScopes\bac50b3e-d1ab-11ee-affc-c6766fa4201c\NTLogoURL = "http://downloader.yandex.net/banner/ntpagelogo/{language}/{scalelevel}.png" C:\Users\Admin\AppData\Local\Temp\5D62366D-F70B-4F4C-B0C4-72A1BACE7051\seederexe.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-627134735-902745853-4257352768-1000\Software\Microsoft\Internet Explorer\SearchScopes\ShowSearchSuggestionsInAddressGlobal = "1" C:\Users\Admin\AppData\Local\Temp\5D62366D-F70B-4F4C-B0C4-72A1BACE7051\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-627134735-902745853-4257352768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DefaultScope = "bac50b3e-d1ab-11ee-affc-c6766fa4201c" C:\Users\Admin\AppData\Local\Temp\5D62366D-F70B-4F4C-B0C4-72A1BACE7051\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-627134735-902745853-4257352768-1000\Software\Microsoft\Internet Explorer\SearchScopes\bac50b3e-d1ab-11ee-affc-c6766fa4201c\DisplayName = "Яндекс" C:\Users\Admin\AppData\Local\Temp\5D62366D-F70B-4F4C-B0C4-72A1BACE7051\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-627134735-902745853-4257352768-1000\Software\Microsoft\Internet Explorer\SearchScopes\bac50b3e-d1ab-11ee-affc-c6766fa4201c\FaviconURLFallback = "https://www.ya.ru/favicon.ico" C:\Users\Admin\AppData\Local\Temp\5D62366D-F70B-4F4C-B0C4-72A1BACE7051\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-627134735-902745853-4257352768-1000\Software\Microsoft\Internet Explorer\SearchScopes\bac50b3e-d1ab-11ee-affc-c6766fa4201c\SuggestionsURL C:\Users\Admin\AppData\Local\Temp\5D62366D-F70B-4F4C-B0C4-72A1BACE7051\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-627134735-902745853-4257352768-1000\Software\Microsoft\Internet Explorer\SearchScopes\bac50b3e-d1ab-11ee-affc-c6766fa4201c\URL = "https://yandex.ru/search/?win=634&clid=2598007-383&text={searchTerms}" C:\Users\Admin\AppData\Local\Temp\5D62366D-F70B-4F4C-B0C4-72A1BACE7051\seederexe.exe N/A
Key created \REGISTRY\USER\S-1-5-21-627134735-902745853-4257352768-1000\Software\Microsoft\Internet Explorer\MINIE C:\Users\Admin\AppData\Local\Temp\5D62366D-F70B-4F4C-B0C4-72A1BACE7051\seederexe.exe N/A

Modifies Internet Explorer start page

stealer
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-627134735-902745853-4257352768-1000\Software\Microsoft\Internet Explorer\Main\Start Page = "https://www.ya.ru/?win=634&clid=2598006-383" C:\Users\Admin\AppData\Local\Temp\5D62366D-F70B-4F4C-B0C4-72A1BACE7051\seederexe.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-627134735-902745853-4257352768-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\5D62366D-F70B-4F4C-B0C4-72A1BACE7051\seederexe.exe N/A
Key created \REGISTRY\USER\S-1-5-21-627134735-902745853-4257352768-1000_Classes\Local Settings\Software C:\Users\Admin\AppData\Local\Temp\5D62366D-F70B-4F4C-B0C4-72A1BACE7051\seederexe.exe N/A
Key created \REGISTRY\USER\S-1-5-21-627134735-902745853-4257352768-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe C:\Users\Admin\AppData\Local\Temp\5D62366D-F70B-4F4C-B0C4-72A1BACE7051\seederexe.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-627134735-902745853-4257352768-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\HomeButtonEnabled = "1" C:\Users\Admin\AppData\Local\Temp\5D62366D-F70B-4F4C-B0C4-72A1BACE7051\seederexe.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe N/A
Key created \REGISTRY\USER\S-1-5-21-627134735-902745853-4257352768-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage C:\Users\Admin\AppData\Local\Temp\5D62366D-F70B-4F4C-B0C4-72A1BACE7051\seederexe.exe N/A
Key created \REGISTRY\USER\S-1-5-21-627134735-902745853-4257352768-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge C:\Users\Admin\AppData\Local\Temp\5D62366D-F70B-4F4C-B0C4-72A1BACE7051\seederexe.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Local\Temp\pin\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-627134735-902745853-4257352768-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main C:\Users\Admin\AppData\Local\Temp\5D62366D-F70B-4F4C-B0C4-72A1BACE7051\seederexe.exe N/A
Key created \REGISTRY\USER\S-1-5-21-627134735-902745853-4257352768-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion C:\Users\Admin\AppData\Local\Temp\5D62366D-F70B-4F4C-B0C4-72A1BACE7051\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-627134735-902745853-4257352768-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\HomeButtonPage = "https://www.ya.ru/?win=634&clid=2598006-383" C:\Users\Admin\AppData\Local\Temp\5D62366D-F70B-4F4C-B0C4-72A1BACE7051\seederexe.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe N/A
Key created \REGISTRY\USER\S-1-5-21-627134735-902745853-4257352768-1000_Classes\Local Settings\Software\Microsoft C:\Users\Admin\AppData\Local\Temp\5D62366D-F70B-4F4C-B0C4-72A1BACE7051\seederexe.exe N/A
Key created \REGISTRY\USER\S-1-5-21-627134735-902745853-4257352768-1000_Classes\Local Settings\Software\Microsoft\Windows C:\Users\Admin\AppData\Local\Temp\5D62366D-F70B-4F4C-B0C4-72A1BACE7051\seederexe.exe N/A
Key created \REGISTRY\USER\S-1-5-21-627134735-902745853-4257352768-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer C:\Users\Admin\AppData\Local\Temp\5D62366D-F70B-4F4C-B0C4-72A1BACE7051\seederexe.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b8200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 C:\Users\Admin\AppData\Local\Temp\YandexPackLoader (1).exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 1900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 C:\Users\Admin\AppData\Local\Temp\YandexPackLoader (1).exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 C:\Users\Admin\AppData\Local\Temp\YandexPackLoader (1).exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\871CEB83-D40F-4DDF-8F8E-F4E714E32D54\lite_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\871CEB83-D40F-4DDF-8F8E-F4E714E32D54\lite_installer.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5D62366D-F70B-4F4C-B0C4-72A1BACE7051\seederexe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5D62366D-F70B-4F4C-B0C4-72A1BACE7051\seederexe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5D62366D-F70B-4F4C-B0C4-72A1BACE7051\seederexe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5D62366D-F70B-4F4C-B0C4-72A1BACE7051\seederexe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5D62366D-F70B-4F4C-B0C4-72A1BACE7051\seederexe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5D62366D-F70B-4F4C-B0C4-72A1BACE7051\seederexe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5D62366D-F70B-4F4C-B0C4-72A1BACE7051\seederexe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5D62366D-F70B-4F4C-B0C4-72A1BACE7051\seederexe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\871CEB83-D40F-4DDF-8F8E-F4E714E32D54\lite_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\871CEB83-D40F-4DDF-8F8E-F4E714E32D54\lite_installer.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5D62366D-F70B-4F4C-B0C4-72A1BACE7051\seederexe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5D62366D-F70B-4F4C-B0C4-72A1BACE7051\seederexe.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4088 wrote to memory of 4824 N/A C:\Users\Admin\AppData\Local\Temp\YandexPackLoader (1).exe C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe
PID 4088 wrote to memory of 4824 N/A C:\Users\Admin\AppData\Local\Temp\YandexPackLoader (1).exe C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe
PID 4088 wrote to memory of 4824 N/A C:\Users\Admin\AppData\Local\Temp\YandexPackLoader (1).exe C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe
PID 4088 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\Temp\YandexPackLoader (1).exe C:\Users\Admin\AppData\Local\Temp\YandexPackLoader (1).exe
PID 4088 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\Temp\YandexPackLoader (1).exe C:\Users\Admin\AppData\Local\Temp\YandexPackLoader (1).exe
PID 4088 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\Temp\YandexPackLoader (1).exe C:\Users\Admin\AppData\Local\Temp\YandexPackLoader (1).exe
PID 472 wrote to memory of 2816 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 472 wrote to memory of 2816 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 472 wrote to memory of 2816 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2816 wrote to memory of 236 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\871CEB83-D40F-4DDF-8F8E-F4E714E32D54\lite_installer.exe
PID 2816 wrote to memory of 236 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\871CEB83-D40F-4DDF-8F8E-F4E714E32D54\lite_installer.exe
PID 2816 wrote to memory of 236 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\871CEB83-D40F-4DDF-8F8E-F4E714E32D54\lite_installer.exe
PID 2816 wrote to memory of 3400 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\5D62366D-F70B-4F4C-B0C4-72A1BACE7051\seederexe.exe
PID 2816 wrote to memory of 3400 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\5D62366D-F70B-4F4C-B0C4-72A1BACE7051\seederexe.exe
PID 2816 wrote to memory of 3400 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\5D62366D-F70B-4F4C-B0C4-72A1BACE7051\seederexe.exe
PID 3400 wrote to memory of 2448 N/A C:\Users\Admin\AppData\Local\Temp\5D62366D-F70B-4F4C-B0C4-72A1BACE7051\seederexe.exe C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe
PID 3400 wrote to memory of 2448 N/A C:\Users\Admin\AppData\Local\Temp\5D62366D-F70B-4F4C-B0C4-72A1BACE7051\seederexe.exe C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe
PID 3400 wrote to memory of 2448 N/A C:\Users\Admin\AppData\Local\Temp\5D62366D-F70B-4F4C-B0C4-72A1BACE7051\seederexe.exe C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe
PID 2448 wrote to memory of 4076 N/A C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe C:\Users\Admin\AppData\Local\Temp\pin\explorer.exe
PID 2448 wrote to memory of 4076 N/A C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe C:\Users\Admin\AppData\Local\Temp\pin\explorer.exe
PID 2448 wrote to memory of 4076 N/A C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe C:\Users\Admin\AppData\Local\Temp\pin\explorer.exe
PID 3400 wrote to memory of 1428 N/A C:\Users\Admin\AppData\Local\Temp\5D62366D-F70B-4F4C-B0C4-72A1BACE7051\seederexe.exe C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe
PID 3400 wrote to memory of 1428 N/A C:\Users\Admin\AppData\Local\Temp\5D62366D-F70B-4F4C-B0C4-72A1BACE7051\seederexe.exe C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe
PID 3400 wrote to memory of 1428 N/A C:\Users\Admin\AppData\Local\Temp\5D62366D-F70B-4F4C-B0C4-72A1BACE7051\seederexe.exe C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe
PID 1428 wrote to memory of 5572 N/A C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe C:\Users\Admin\AppData\Local\Temp\pin\explorer.exe
PID 1428 wrote to memory of 5572 N/A C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe C:\Users\Admin\AppData\Local\Temp\pin\explorer.exe
PID 1428 wrote to memory of 5572 N/A C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe C:\Users\Admin\AppData\Local\Temp\pin\explorer.exe

Processes

C:\Users\Admin\AppData\Local\Temp\YandexPackLoader (1).exe

"C:\Users\Admin\AppData\Local\Temp\YandexPackLoader (1).exe"

C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe

"C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe" /passive /msicl "VID=383 YABROWSER=y YAHOMEPAGE=y YAQSEARCH=y "

C:\Users\Admin\AppData\Local\Temp\YandexPackLoader (1).exe

"C:\Users\Admin\AppData\Local\Temp\YandexPackLoader (1).exe" --stat dwnldr/p=70510/rid=58fcd169-f876-463e-aea9-cb41f358e4e3/sbr=0-0/hrc=200-200/bd=267-10627744/for=3-0/vr=ff-0/vle=ff-0/shle=ff-0/cnt=0/dt=3/ct=1/rt=0 --dh 2400 --st 1708624588

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 1C5009864EA9893228BDAA961B402318

C:\Users\Admin\AppData\Local\Temp\871CEB83-D40F-4DDF-8F8E-F4E714E32D54\lite_installer.exe

"C:\Users\Admin\AppData\Local\Temp\871CEB83-D40F-4DDF-8F8E-F4E714E32D54\lite_installer.exe" --use-user-default-locale --silent --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/5/ --YABROWSER

C:\Users\Admin\AppData\Local\Temp\5D62366D-F70B-4F4C-B0C4-72A1BACE7051\seederexe.exe

"C:\Users\Admin\AppData\Local\Temp\5D62366D-F70B-4F4C-B0C4-72A1BACE7051\seederexe.exe" "--yqs=y" "--yhp=y" "--ilight=" "--oem=" "--nopin=n" "--pin_custom=n" "--pin_desktop=n" "--pin_taskbar=y" "--locale=us" "--browser=y" "--browser_default=" "--loglevel=trace" "--ess=" "--clids=C:\Users\Admin\AppData\Local\Temp\clids-yasearch.xml" "--sender=C:\Users\Admin\AppData\Local\Temp\F8FE164A-52B9-4A71-B2F9-E9FE2666DA93\sender.exe" "--is_elevated=yes" "--ui_level=3" "--good_token=x" "--no_opera=n"

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /0

C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe

C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe --silent --pin-taskbar=y --pin-desktop=n

C:\Users\Admin\AppData\Local\Temp\pin\explorer.exe

C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe --silent --pin-taskbar=y --pin-desktop=n /pin-path="C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.lnk" --is-pinning

C:\Users\Admin\AppData\Local\Temp\{6F24B28A-F0E7-4E94-AE92-93D0024B3193}.exe

"C:\Users\Admin\AppData\Local\Temp\{6F24B28A-F0E7-4E94-AE92-93D0024B3193}.exe" --job-name=yBrowserDownloader-{9E424E66-BB07-4AAD-8269-8B00A7F316DC} --send-statistics --local-path=C:\Users\Admin\AppData\Local\Temp\{6F24B28A-F0E7-4E94-AE92-93D0024B3193}.exe --YABROWSER --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/5/ --silent --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe?clid=2597987-383&ui={17afcaa2-7278-4073-bf5c-76b45657781b} --use-user-default-locale

C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe

C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe --silent --pin-taskbar=y --pin-desktop=n /website-path="C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\Taskbar\Яндекс Маркет.website" /icon-path="C:\Users\Admin\AppData\Local\MICROS~1\INTERN~1\Services\MARKET~1.ICO" /site-id="2AE68B04.8A85F169"

C:\Users\Admin\AppData\Local\Temp\pin\explorer.exe

C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe --silent --pin-taskbar=y --pin-desktop=n /website-path="C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\Taskbar\Яндекс Маркет.website" /icon-path="C:\Users\Admin\AppData\Local\MICROS~1\INTERN~1\Services\MARKET~1.ICO" /site-id="2AE68B04.8A85F169" /pin-path="C:\Users\Admin\AppData\Local\Yandex\YaPin\2AE68B04.8A85F169\Яндекс Маркет.lnk" --is-pinning

C:\Users\Admin\AppData\Local\Temp\F8FE164A-52B9-4A71-B2F9-E9FE2666DA93\sender.exe

C:\Users\Admin\AppData\Local\Temp\F8FE164A-52B9-4A71-B2F9-E9FE2666DA93\sender.exe --send "/status.xml?clid=2598005-383&uuid=17afcaa2-7278-4073-bf5c-76b45657781b&vnt=Windows 11x64&file-no=8%0A10%0A11%0A12%0A13%0A15%0A17%0A18%0A20%0A21%0A22%0A25%0A36%0A38%0A40%0A42%0A43%0A45%0A57%0A59%0A89%0A102%0A103%0A111%0A123%0A124%0A125%0A"

C:\Users\Admin\AppData\Local\Temp\ybBE3F.tmp

"C:\Users\Admin\AppData\Local\Temp\ybBE3F.tmp" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\ff22ad4f-e233-4a89-99ae-450bb1e9b349.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/5/ --install-start-time-no-uac=484513753 --installer-brand-id=yandex --installer-partner-id=pseudoportal-ru --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --job-name=yBrowserDownloader-{9E424E66-BB07-4AAD-8269-8B00A7F316DC} --local-path="C:\Users\Admin\AppData\Local\Temp\{6F24B28A-F0E7-4E94-AE92-93D0024B3193}.exe" --partner-package="C:\Users\Admin\AppData\Local\Temp\PartnerFile" --progress-window=0 --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe?clid=2597987-383&ui={17afcaa2-7278-4073-bf5c-76b45657781b} --send-statistics --silent --source=lite --use-user-default-locale --variations-update-path="C:\Users\Admin\AppData\Local\Temp\131f2cb1-dddb-45d6-8d59-cabb3e501d3c.tmp" --verbose-logging --yabrowser --yandex-website-icon-file="C:\Users\Admin\AppData\Local\Temp\website.ico"

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc

C:\Users\Admin\AppData\Local\Temp\YB_DAC75.tmp\setup.exe

"C:\Users\Admin\AppData\Local\Temp\YB_DAC75.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_DAC75.tmp\BROWSER.PACKED.7Z" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\ff22ad4f-e233-4a89-99ae-450bb1e9b349.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/5/ --install-start-time-no-uac=484513753 --installer-brand-id=yandex --installer-partner-id=pseudoportal-ru --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --job-name=yBrowserDownloader-{9E424E66-BB07-4AAD-8269-8B00A7F316DC} --local-path="C:\Users\Admin\AppData\Local\Temp\{6F24B28A-F0E7-4E94-AE92-93D0024B3193}.exe" --partner-package="C:\Users\Admin\AppData\Local\Temp\PartnerFile" --progress-window=0 --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe?clid=2597987-383&ui={17afcaa2-7278-4073-bf5c-76b45657781b} --send-statistics --silent --source=lite --use-user-default-locale --variations-update-path="C:\Users\Admin\AppData\Local\Temp\131f2cb1-dddb-45d6-8d59-cabb3e501d3c.tmp" --verbose-logging --yabrowser --yandex-website-icon-file="C:\Users\Admin\AppData\Local\Temp\website.ico"

C:\Users\Admin\AppData\Local\Temp\YB_DAC75.tmp\setup.exe

"C:\Users\Admin\AppData\Local\Temp\YB_DAC75.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_DAC75.tmp\BROWSER.PACKED.7Z" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\ff22ad4f-e233-4a89-99ae-450bb1e9b349.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/5/ --install-start-time-no-uac=484513753 --installer-brand-id=yandex --installer-partner-id=pseudoportal-ru --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --job-name=yBrowserDownloader-{9E424E66-BB07-4AAD-8269-8B00A7F316DC} --local-path="C:\Users\Admin\AppData\Local\Temp\{6F24B28A-F0E7-4E94-AE92-93D0024B3193}.exe" --partner-package="C:\Users\Admin\AppData\Local\Temp\PartnerFile" --progress-window=0 --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe?clid=2597987-383&ui={17afcaa2-7278-4073-bf5c-76b45657781b} --send-statistics --silent --source=lite --use-user-default-locale --variations-update-path="C:\Users\Admin\AppData\Local\Temp\131f2cb1-dddb-45d6-8d59-cabb3e501d3c.tmp" --verbose-logging --yabrowser --yandex-website-icon-file="C:\Users\Admin\AppData\Local\Temp\website.ico" --verbose-logging --run-as-admin --target-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application" --child-setup-process --restart-as-admin-time=512029343

C:\Users\Admin\AppData\Local\Temp\YB_DAC75.tmp\setup.exe

C:\Users\Admin\AppData\Local\Temp\YB_DAC75.tmp\setup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=f5ea51da667ecd6b5f2b9d06e4a3fc52 --annotation=main_process_pid=10176 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.1.1.925 --initial-client-data=0x360,0x364,0x368,0x33c,0x36c,0x843768,0x843774,0x843780

C:\Windows\TEMP\sdwra_10176_395216548\service_update.exe

"C:\Windows\TEMP\sdwra_10176_395216548\service_update.exe" --setup

C:\Program Files (x86)\Yandex\YandexBrowser\24.1.1.925\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\24.1.1.925\service_update.exe" --install

C:\Program Files (x86)\Yandex\YandexBrowser\24.1.1.925\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\24.1.1.925\service_update.exe" --run-as-service

C:\Program Files (x86)\Yandex\YandexBrowser\24.1.1.925\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\24.1.1.925\service_update.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=f5ea51da667ecd6b5f2b9d06e4a3fc52 --annotation=main_process_pid=7344 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.1.1.925 --initial-client-data=0x278,0x27c,0x280,0x254,0x284,0x2befe0,0x2befec,0x2beff8

C:\Program Files (x86)\Yandex\YandexBrowser\24.1.1.925\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\24.1.1.925\service_update.exe" --update-scheduler

C:\Program Files (x86)\Yandex\YandexBrowser\24.1.1.925\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\24.1.1.925\service_update.exe" --update-background-scheduler

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Temp\clids.xml"

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\source10176_325098246\Browser-bin\clids_yandex_second.xml"

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --progress-window=0 --install-start-time-no-uac=484513753

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id= --annotation=main_process_pid=8428 --annotation=metrics_client_id=06abbadfeb6b4a078b2b12044741fdab --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.1.1.925 --initial-client-data=0x18c,0x190,0x194,0x168,0x198,0x729e330c,0x729e3318,0x729e3324

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=17afcaa2-7278-4073-bf5c-76b45657781b --brand-id=yandex --partner-id=pseudoportal-ru --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --gpu-process-kind=sandboxed --mojo-platform-channel-handle=2328 --field-trial-handle=2348,i,14241177122427660169,6451128064102186570,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version /prefetch:2

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=17afcaa2-7278-4073-bf5c-76b45657781b --brand-id=yandex --partner-id=pseudoportal-ru --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=disabled --gpu-process-kind=trampoline --mojo-platform-channel-handle=2440 --field-trial-handle=2348,i,14241177122427660169,6451128064102186570,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version /prefetch:2

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=ru --service-sandbox-type=service --user-id=17afcaa2-7278-4073-bf5c-76b45657781b --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Storage Service" --mojo-platform-channel-handle=3016 --field-trial-handle=2348,i,14241177122427660169,6451128064102186570,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.1.1.925 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=17afcaa2-7278-4073-bf5c-76b45657781b --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Network Service" --mojo-platform-channel-handle=2892 --field-trial-handle=2348,i,14241177122427660169,6451128064102186570,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.1.1.925 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=ru --service-sandbox-type=audio --user-id=17afcaa2-7278-4073-bf5c-76b45657781b --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Audio Service" --mojo-platform-channel-handle=3368 --field-trial-handle=2348,i,14241177122427660169,6451128064102186570,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.1.1.925 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=17afcaa2-7278-4073-bf5c-76b45657781b --brand-id=yandex --partner-id=pseudoportal-ru --extension-process --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --first-renderer-process --allow-prefetch --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3968 --field-trial-handle=2348,i,14241177122427660169,6451128064102186570,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version /prefetch:1

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=ru --service-sandbox-type=none --user-id=17afcaa2-7278-4073-bf5c-76b45657781b --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Video Capture" --mojo-platform-channel-handle=3924 --field-trial-handle=2348,i,14241177122427660169,6451128064102186570,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.1.1.925 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.TlsgostService --lang=ru --service-sandbox-type=none --user-id=17afcaa2-7278-4073-bf5c-76b45657781b --brand-id=yandex --partner-id=pseudoportal-ru --process-name=TlsgostService --mojo-platform-channel-handle=4088 --field-trial-handle=2348,i,14241177122427660169,6451128064102186570,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.1.1.925 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=17afcaa2-7278-4073-bf5c-76b45657781b --brand-id=yandex --partner-id=pseudoportal-ru --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --allow-prefetch --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4616 --field-trial-handle=2348,i,14241177122427660169,6451128064102186570,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version /prefetch:1

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=17afcaa2-7278-4073-bf5c-76b45657781b --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=4420 --field-trial-handle=2348,i,14241177122427660169,6451128064102186570,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.1.1.925 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=ru --service-sandbox-type=none --user-id=17afcaa2-7278-4073-bf5c-76b45657781b --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Импорт профилей" --mojo-platform-channel-handle=5156 --field-trial-handle=2348,i,14241177122427660169,6451128064102186570,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.1.1.925 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=17afcaa2-7278-4073-bf5c-76b45657781b --brand-id=yandex --partner-id=pseudoportal-ru --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5124 --field-trial-handle=2348,i,14241177122427660169,6451128064102186570,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version /prefetch:1

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=uwp_cookie_provider.mojom.UwpCookieProvider --lang=ru --service-sandbox-type=utility --user-id=17afcaa2-7278-4073-bf5c-76b45657781b --brand-id=yandex --partner-id=pseudoportal-ru --process-name=uwp_cookie_provider.mojom.UwpCookieProvider --mojo-platform-channel-handle=5440 --field-trial-handle=2348,i,14241177122427660169,6451128064102186570,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.1.1.925 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=17afcaa2-7278-4073-bf5c-76b45657781b --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=5464 --field-trial-handle=2348,i,14241177122427660169,6451128064102186570,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.1.1.925 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=17afcaa2-7278-4073-bf5c-76b45657781b --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=6016 --field-trial-handle=2348,i,14241177122427660169,6451128064102186570,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.1.1.925 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=17afcaa2-7278-4073-bf5c-76b45657781b --brand-id=yandex --partner-id=pseudoportal-ru --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --ya-custo-process --enable-instaserp --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6068 --field-trial-handle=2348,i,14241177122427660169,6451128064102186570,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version /prefetch:1

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=17afcaa2-7278-4073-bf5c-76b45657781b --brand-id=yandex --partner-id=pseudoportal-ru --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --ya-custo-process --enable-instaserp --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4616 --field-trial-handle=2348,i,14241177122427660169,6451128064102186570,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version /prefetch:1

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=ru --service-sandbox-type=none --user-id=17afcaa2-7278-4073-bf5c-76b45657781b --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Утилиты Windows" --mojo-platform-channel-handle=5920 --field-trial-handle=2348,i,14241177122427660169,6451128064102186570,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.1.1.925 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=17afcaa2-7278-4073-bf5c-76b45657781b --brand-id=yandex --partner-id=pseudoportal-ru --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5936 --field-trial-handle=2348,i,14241177122427660169,6451128064102186570,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version /prefetch:1

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=17afcaa2-7278-4073-bf5c-76b45657781b --brand-id=yandex --partner-id=pseudoportal-ru --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=3988 --field-trial-handle=2348,i,14241177122427660169,6451128064102186570,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version /prefetch:1

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=17afcaa2-7278-4073-bf5c-76b45657781b --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=2980 --field-trial-handle=2348,i,14241177122427660169,6451128064102186570,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.1.1.925 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=17afcaa2-7278-4073-bf5c-76b45657781b --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=6432 --field-trial-handle=2348,i,14241177122427660169,6451128064102186570,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.1.1.925 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=17afcaa2-7278-4073-bf5c-76b45657781b --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=6364 --field-trial-handle=2348,i,14241177122427660169,6451128064102186570,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.1.1.925 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=17afcaa2-7278-4073-bf5c-76b45657781b --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=6772 --field-trial-handle=2348,i,14241177122427660169,6451128064102186570,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.1.1.925 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=17afcaa2-7278-4073-bf5c-76b45657781b --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=6892 --field-trial-handle=2348,i,14241177122427660169,6451128064102186570,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.1.1.925 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=17afcaa2-7278-4073-bf5c-76b45657781b --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=7040 --field-trial-handle=2348,i,14241177122427660169,6451128064102186570,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.1.1.925 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 download.yandex.ru udp
RU 5.45.205.243:80 download.yandex.ru tcp
US 8.8.8.8:53 243.205.45.5.in-addr.arpa udp
RU 37.9.116.29:80 cachev2-mar-45.cdn.yandex.net tcp
RU 5.45.205.241:80 downloader.yandex.net tcp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
RU 37.9.116.17:80 cachev2-mar-39.cdn.yandex.net tcp
RU 213.180.204.14:80 clck.yandex.ru tcp
RU 213.180.204.14:80 clck.yandex.ru tcp
RU 5.45.205.241:80 downloader.yandex.net tcp
US 8.8.8.8:53 cachev2-mar-37.cdn.yandex.net udp
RU 37.9.116.13:80 cachev2-mar-37.cdn.yandex.net tcp
RU 213.180.204.14:80 clck.yandex.ru tcp
US 8.8.8.8:53 download.cdn.yandex.net udp
US 8.8.8.8:53 api.browser.yandex.ru udp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 5.45.205.245:443 download.cdn.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 37.9.117.25:443 cachev2-m9-8.cdn.yandex.net tcp
RU 77.88.21.14:80 clck.yandex.ru tcp
RU 87.250.254.20:80 soft.export.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
GB 23.214.133.66:443 cxcs.microsoft.net tcp
GB 92.123.128.172:443 www.bing.com tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
GB 184.25.204.27:443 tcp
US 52.182.143.208:443 browser.pipe.aria.microsoft.com tcp
GB 92.123.128.140:443 r.bing.com tcp
GB 92.123.128.140:443 r.bing.com tcp
GB 92.123.128.140:443 r.bing.com tcp
GB 92.123.128.140:443 r.bing.com tcp
GB 92.123.128.140:443 r.bing.com tcp
GB 92.123.128.140:443 r.bing.com tcp
GB 92.123.128.140:443 r.bing.com tcp
GB 92.123.128.140:443 r.bing.com tcp
GB 92.123.128.140:443 r.bing.com tcp
GB 92.123.128.140:443 r.bing.com tcp
GB 92.123.128.140:443 r.bing.com tcp
GB 92.123.128.140:443 r.bing.com tcp
GB 92.123.128.140:443 r.bing.com tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 87.250.251.66:443 storage.ape.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
US 8.8.8.8:53 update.googleapis.com udp
US 8.8.8.8:53 update.googleapis.com udp
GB 142.250.179.227:443 update.googleapis.com tcp
US 8.8.8.8:53 sba.yandex.net udp
US 8.8.8.8:53 sba.yandex.net udp
US 8.8.8.8:53 sovetnik.market.yandex.ru udp
US 8.8.8.8:53 sovetnik.market.yandex.ru udp
US 8.8.8.8:53 browser.yandex.ru udp
US 8.8.8.8:53 browser.yandex.ru udp
RU 87.250.251.232:443 sba.yandex.net tcp
RU 93.158.134.121:443 browser.yandex.ru tcp
RU 87.250.250.41:443 sovetnik.market.yandex.ru tcp
US 8.8.8.8:53 browser-resources.s3.yandex.net udp
US 8.8.8.8:53 browser-resources.s3.yandex.net udp
RU 93.158.134.158:443 browser-resources.s3.yandex.net tcp
RU 93.158.134.158:443 browser-resources.s3.yandex.net tcp
RU 93.158.134.158:443 browser-resources.s3.yandex.net tcp
US 8.8.8.8:53 41.250.250.87.in-addr.arpa udp
US 8.8.8.8:53 158.134.158.93.in-addr.arpa udp
US 8.8.8.8:53 api.browser.yandex.net udp
US 8.8.8.8:53 api.browser.yandex.net udp
RU 213.180.193.234:443 api.browser.yandex.net tcp
US 8.8.8.8:53 api.browser.yandex.ru udp
US 8.8.8.8:53 api.browser.yandex.ru udp
RU 87.250.251.232:443 sba.yandex.net tcp
US 8.8.8.8:53 browser-resources.s3.yandex.net udp
US 8.8.8.8:53 browser-resources.s3.yandex.net udp
RU 93.158.134.158:443 browser-resources.s3.yandex.net tcp
RU 87.250.251.232:443 sba.yandex.net tcp
RU 87.250.251.232:443 sba.yandex.net tcp
US 8.8.8.8:53 uid.yandex.ru udp
US 8.8.8.8:53 uid.yandex.ru udp
US 8.8.8.8:53 api.browser.yandex.ru udp
US 8.8.8.8:53 api.browser.yandex.ru udp
US 8.8.8.8:53 sso.passport.yandex.ru udp
US 8.8.8.8:53 sso.passport.yandex.ru udp
US 8.8.8.8:53 yastatic.net udp
US 8.8.8.8:53 yastatic.net udp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 213.180.204.24:443 sso.passport.yandex.ru tcp
RU 213.180.204.24:443 sso.passport.yandex.ru tcp
RU 93.158.134.121:443 browser.yandex.ru tcp
RU 87.250.254.216:443 uid.yandex.ru tcp
RU 178.154.131.216:443 yastatic.net tcp
RU 178.154.131.216:443 yastatic.net tcp
RU 178.154.131.216:443 yastatic.net tcp
RU 178.154.131.216:443 yastatic.net tcp
RU 178.154.131.216:443 yastatic.net tcp
RU 178.154.131.216:443 yastatic.net tcp
RU 178.154.131.216:443 yastatic.net tcp
RU 178.154.131.216:443 yastatic.net tcp
RU 178.154.131.216:443 yastatic.net tcp
RU 178.154.131.216:443 yastatic.net tcp
RU 178.154.131.216:443 yastatic.net tcp
RU 178.154.131.216:443 yastatic.net tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
US 8.8.8.8:53 sso.dzen.ru udp
US 8.8.8.8:53 sso.dzen.ru udp
US 8.8.8.8:53 sso.ya.ru udp
US 8.8.8.8:53 sso.ya.ru udp
RU 62.217.160.14:443 sso.dzen.ru tcp
RU 213.180.204.24:443 sso.ya.ru tcp
US 8.8.8.8:53 webntp.yandex.ru udp
US 8.8.8.8:53 webntp.yandex.ru udp
RU 213.180.204.196:443 webntp.yandex.ru tcp
US 8.8.8.8:53 mc.yandex.ru udp
US 8.8.8.8:53 mc.yandex.ru udp
RU 87.250.250.119:443 mc.yandex.ru tcp
US 8.8.8.8:53 yandex.ru udp
US 8.8.8.8:53 yandex.ru udp
RU 77.88.55.88:443 yandex.ru tcp
RU 77.88.55.88:443 yandex.ru tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:53 mc.yandex.com udp
US 8.8.8.8:53 mc.yandex.com udp
US 8.8.4.4:443 dns.google udp
N/A 224.0.0.251:5353 udp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 77.88.55.242:443 tcp
RU 77.88.21.37:443 tcp
RU 77.88.55.88:443 yandex.ru tcp
RU 213.180.204.158:443 tcp
RU 213.180.204.158:443 tcp
RU 213.180.204.158:443 tcp
RU 213.180.204.158:443 tcp
RU 213.180.204.158:443 tcp
RU 213.180.204.158:443 tcp
US 8.8.4.4:443 dns.google udp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 178.154.131.216:443 yastatic.net tcp
RU 178.154.131.216:443 yastatic.net tcp
RU 178.154.131.216:443 yastatic.net tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp

Files

C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe

MD5 3f40d90c084f538bb3420ab66002f945
SHA1 b270b9f639b3e7984f0603c82bac6d6fb9fb3cef
SHA256 15c635bee372dfe753e2685eb1620b736105329ef67628fd0f3079abfd5abddf
SHA512 8be6d65b185779b9ef5a4ff5dbacfb13e0b89cb9b844b65e8649125a8860471551ad80fd0fe328996c7a25583e996fa268293e1d804230f2f38435013c471c3a

C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe

MD5 2ac985960051bf1c4ec022d08863cb9f
SHA1 97b7439e6330e49319a5425343c349439e5c5415
SHA256 6880b02c3f779c501a39c1e553b4014ea74a9e9422508d5b3baa7ce2279de78d
SHA512 a32291ffd1afbe4f7d4816966b1a7d28ecfb35f869b41f9a6af81caa5d585deaaf49db5096fc141851e332f3f28da636fe88014741973bc180f71625cc75d91b

C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe

MD5 03ab785067beb67ff34992c547500911
SHA1 745c61ef6b4fa386bc51841c2e484483a3f3f766
SHA256 83c391a1cf801dece8ee40afa61de002c19bc306d22956de154c989bc54b05fd
SHA512 858e6beb21601067ab30fd42d4b200e93bbfec5c6bfd859a8ed136ca32d234e7d2a597d2b50540f39e2cebaeaf51ea1f4372e777549d5047023af80161dc1f62

C:\Users\Admin\AppData\Local\Temp\YandexSearch00000.log

MD5 b22239c685b062051755600741ac1a65
SHA1 596ea8fdc29a1540f603a48204eff648c0592949
SHA256 6051655ba1f6b1f5002605fcf452388a35e78d4a7ea08551cc2bb385cdc1c562
SHA512 4034a68c8e5c631f496cb035259c6895be69f57d6fb3c836905d36f694f211562d9a01f1d17348f4543ef7bc3f6829085efe14bad05417bd49622fa59ba2bd57

C:\Users\Admin\AppData\Local\Temp\{5B964E0E-B9A3-4276-9ED9-4D5A5720747A}\YandexSearch.msi

MD5 1d5694acaa204c701bc6cf0c50595736
SHA1 d6e8f419926686eb7604b88db152c1c91615b70d
SHA256 3ba81b471dbfd676b6ceaf870dee463289eb092a36f769a4a55fd7d8c85190a5
SHA512 e99de68fee0664d2f3641bb327cf5e39911c8b8d68d0283311584b226022cdf8907524ef240d2c92fd8cd62ce40d8e0ba43a297b538516769f7caaa0c4431e74

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\357F04AD41BCF5FE18FCB69F60C6680F_EBD7B8AF3A6D56C51CDE1B85E8C855A8

MD5 18a7756569e3a7c562e7c8a62ac3f773
SHA1 72b09e78be0eff95bac12601fe32193f7b159555
SHA256 9be436470a056690ef45fa0c0d24a936fbdb4506b2312cbf976797edb7b711ab
SHA512 5418b114598443df8eb61c8ca79979ac9fab3ab03777aa8acb9080d273e3fd7f60e4bf14c301b2458044f695206887e60b48dfb8bb2872a5a84f0b5009312740

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\357F04AD41BCF5FE18FCB69F60C6680F_EBD7B8AF3A6D56C51CDE1B85E8C855A8

MD5 adcfd2ef04d780db56b83edc7aaf5ec3
SHA1 33a326e404b6be465e66f6c7a8ae6976e8bf9964
SHA256 0b47c35ec0647d957d350a32f2370bdede94c8710ad4ecb95080992f32110e9f
SHA512 d59d386de25fa980abd6a7328de56d917fab220ce961b406558644906684eba145d1c8c81039917dfc0a72542c6d5e20a28e2fa537f94a6523b7767c80f9609b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E

MD5 cfc5fc4ff054f88911c5dd0d9a24edac
SHA1 142c41b32e3e43a7b2ce9699ae37a0142788da3b
SHA256 00ede1a2c392fbd70ef7be6b4e176f1dc28ed4e1746943ccc3b44c655a88056c
SHA512 e00b7be9edb4b09cee3b9893ca97d93f207d6cf935b96b3e2d26c293dfa07ecb887dcdd16f57db40232ca767572e0dc8fe9952861ea66814e7d3496e2282bcbd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E

MD5 7b723e9c8ea1f68cf707836efa2bf7f3
SHA1 2c66eb36cb1eabfaaf489176b0e70b6a6c371af9
SHA256 cc7dfc2798e1ec0d099f2f419bb080b5991c7d368f3a0a5b72cb737c690ddae1
SHA512 b8c9a148eb7e2692cd75e04d414e64a43f993d3f9e4e6157a89dbc0672cb250045d69798bc15dc656b110c22d175bf3bf45c6f0a528248307bf5c65089dddfd1

C:\Windows\Installer\MSI9422.tmp

MD5 b502c676e82cb196e20db36601a08ace
SHA1 391e219b99b9eccecfa8f866baa9bd09671c3a3e
SHA256 bca6f0bec828d4f1d9748e78de826c327a853bdceb3c432426f1d53994c0d88f
SHA512 7488451baccd548601a3c69105066842bf47e8e5dd2680b1a8caa50390a7fd6c8e666c603b7a9fef0ad5a0b41f8bd302f69c50f231e95c8ea6e8da98c3de7816

C:\Windows\Installer\MSI954C.tmp

MD5 748143dd96f1e6e67e14384d2edf4daf
SHA1 06928cf9e39b00b654adec334709559ad4e01110
SHA256 ea551d91b1ddb00a266831438b7b0ba4119d479a38bd5fdc254d47bb520a04b9
SHA512 7c9d15ea8ba34a7a6492a83139def07489c236cca1372a5d66eff50b77b38ba8927a305bd460c75676b36ba0ff0f85b841fc835d102ee13b000068fd14e8bc9b

C:\Users\Admin\AppData\Local\Temp\vendor00000.xml

MD5 33b7f01613d444601ba380545467f348
SHA1 decc7fb74ab2c42983e453d4acfb8b9207812652
SHA256 e8ba63fda077fb2a67271a99b45e6c0d7b6d80421ed9cce82d05b75a4b6fd686
SHA512 8505ef3a3a43f0b3a62bd66c82afb9ed15de2563c25fb1a52814234011f2471f82746f6e5d2b9510d6dc4a871e11d5ecae6b3168114b8a7e0f20e345ee03975d

C:\Users\Admin\AppData\Local\Temp\871CEB83-D40F-4DDF-8F8E-F4E714E32D54\lite_installer.exe

MD5 372dd1f1a276a02aa9fbc0435bc9081d
SHA1 258091e03a5eb6c10b242444aa9f8a449212861d
SHA256 5fe9db11665ab3877380a68e19b20e0567a8e2ce888f36c15c188d117ecdc59c
SHA512 640cd883835558a7dcd8c1d8eaf5b87f71341f9ddb2bae83c76d991a3d80b62782e454bf3db74cf16b3dd5952ced213202d8049d5a8efe860930eebd35de9ba9

C:\Users\Admin\AppData\Local\Temp\5D62366D-F70B-4F4C-B0C4-72A1BACE7051\seederexe.exe

MD5 95655309a9106cb2a4ad5428f24c3884
SHA1 655bf0784c80205401f8c9eaba9e999b500904ac
SHA256 05c1d93ff92e2c6cfabd4b41e130e561985ad86435a8b6f7e19000b75b7337b4
SHA512 41bcb91e59d1cc01475cd0f9e4831b226457bd9adc9e6657389c4445b07a4d6483078da1af8bb7c4943efcf9d17770c06e8280b7b8849989d1629eb411ea09d6

C:\Users\Admin\AppData\Local\Temp\clids-yasearch.xml

MD5 d16048d5e765a6b6a1c585a23145567e
SHA1 cbda9cd74b7af22eee49eff7e219ca8273f75c3d
SHA256 b4fbe78b1b012a792b997ff54260227e0059af10f9ff5d6bca05eb94c39ca31d
SHA512 c092009ca0719a984d6da8354b8af8af42a94c96b1c89ee959a8320665bd7480bd76f91e74dabd975847d9632cad7125a396fe301f3363811678539dc62c9d64

C:\Config.Msi\e578b0d.rbs

MD5 377adbcf59d16d4e5063d5b4b0a73435
SHA1 426fae0b079b02993aa6b0962f32bbcde26d77a9
SHA256 d12a21fa75ae07c64c05f9cdb5202d78951d68b43ac38d3153fd5a128d72f0a7
SHA512 9dfe08f7e9190dbcff8cc0b0ca03f2f275d3dedd505129e18b279e32178b45d86e5511c5ee05639537343e3eeff3d9d5d0be693598d7120759eaa282e778ad9f

C:\Users\Admin\AppData\Local\Temp\omnija-20245622.zip

MD5 8ac70d8ca928ad4832d668673aeaba0c
SHA1 cc0e3f2fe044f120976a5f5a8827f28fe65598fe
SHA256 407acf49488c1a16e0f06f606704ef9a48e5c0c40101fe479f0291fbdf3bae2d
SHA512 8c8947d262129d60d0050efe184ac6f69e340480c6151e2061d39faf6fa6dd33e41fa304dc12cccf642bf1a014a6a5486f88a43a463dc1cff8b47e88fe681cc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b70bfthr.Admin\places.sqlite

MD5 314cb7ffb31e3cc676847e03108378ba
SHA1 3667d2ade77624e79d9efa08a2f1d33104ac6343
SHA256 b6d278384a3684409a2a86f03e4f52869818ce7dd8b5779876960353f7d35dc1
SHA512 dc795fa35ea214843a781ee2b2ef551b91b6841a799bef2c6fb1907d90f6c114071a951ebb7b2b30e81d52b594d447a26ab12ddb57c331e854577d11e5febef5

C:\Users\Admin\AppData\Local\Temp\978dafcf-3f27-4789-b3e4-03bf445a5754\sovetnik-at-metabar.json

MD5 5a40649cf7f6923e1e00e67a8e5fc6c8
SHA1 fc849b64b31f2b3d955f0cb205db6921eacc1b53
SHA256 6d432ba7096090837f9533a33a686c846ad67aed8ecc43af7ce8af42649cd51a
SHA512 0fc42a2cc61528b14478f4b9ae098ea90e6b05ddbe10f3a6cdd6326d0d8e6185b49d2b8143b76a9f329bdc277cf02b54d98f374edd65df68a1ffc41e1c817786

C:\Users\Admin\AppData\Local\Temp\978dafcf-3f27-4789-b3e4-03bf445a5754\sovetnik-at-metabar.xpi

MD5 ab6d42f949df8d7e6a48c07e9b0d86e0
SHA1 1830399574b1973e2272e5dcc368c4c10dbbe06b
SHA256 205ebf52c47b42fa0ad1a734a1d882d96b567e15a32b19bdb907562db8ea09e2
SHA512 6c4f9bb726384c87b6523e08339f7821ad4ec8717b26db902ca51df74eb89b46e4ded1504a131683b07b2bba3e6e911a549a8a83b2aad3971047c0fe315a1ad5

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er0iywxg.default-release\thumbnails\215c217729e588d0bbb22cb4b0867aea

MD5 af80a936c10e18de168538a0722d6319
SHA1 9b1c84a1cf7330a698c89b9d7f33b17b4ba35536
SHA256 2435c0376fca765b21d43e897f4baa52daa0958a7015d04103488c606c99d1d3
SHA512 9a1325c8ce05806e5c161a4cf47239f62baad8f79650fbd713e74928fce8171ced10ba7f24fac46c548e1dbf3f64106270cb25ca88c836c870107f5dc1f97879

C:\Users\Admin\AppData\Roaming\Yandex\clids-yabrowser.xml

MD5 8786ed6be2d4d4e0368e857ceeef70cc
SHA1 108ff2cd4eae1b9b63ac6f9dc83f8df1e7f44f33
SHA256 ab4a48c6bdd24db68b72cb8001a55a05d952a9428080ec2d0c87d284ac290fc5
SHA512 9e79284e422b48be1fc7f5d289934bcb1203c4ed75c862a39dbd2d2a09d7ee369a8076cfcb55b83cc9b4c32e3b9af8bb89cfbe1d0d415431faf08c0d0e9e259d

C:\Users\Admin\AppData\Roaming\Yandex\ui

MD5 b0870d3109b2bd0aaf621dae44ba33fa
SHA1 8496ffc283d8c7728e8e6ef7f0054e09b1d42ee0
SHA256 f2aee96b21a06c97e07bb8f6a8bc71cc71ce0f60d1ef7f1691541caa4715283c
SHA512 4d785219a4a56401d5d527199b01dfabba23df2e71a4ed6fea0f3668ef9f13553f1dbfd32f7fe0f9ab662a7b354653d997c183d5ed47dbfb54e8d075d45b4001

memory/436-8202-0x0000023499510000-0x0000023499511000-memory.dmp

memory/436-8205-0x0000023499510000-0x0000023499511000-memory.dmp

memory/436-8206-0x0000023499510000-0x0000023499511000-memory.dmp

memory/436-8216-0x0000023499510000-0x0000023499511000-memory.dmp

memory/436-8215-0x0000023499510000-0x0000023499511000-memory.dmp

memory/436-8217-0x0000023499510000-0x0000023499511000-memory.dmp

memory/436-8212-0x0000023499510000-0x0000023499511000-memory.dmp

memory/436-8218-0x0000023499510000-0x0000023499511000-memory.dmp

memory/436-8219-0x0000023499510000-0x0000023499511000-memory.dmp

memory/436-8220-0x0000023499510000-0x0000023499511000-memory.dmp

\??\c:\users\admin\appdata\local\temp\5d62366d-f70b-4f4c-b0c4-72a1bace7051\seederexe.exe

MD5 41520592bb0e779ed1f2128504f95ded
SHA1 d6b66ac0ec70b4e18e2cf30d5d6eb89cb94f27a3
SHA256 5bf8197d9e45ed2a5c5058535e2234c4ef7e4957181246321a648ea98f9fbba2
SHA512 38dcf582df1113260d16aa466a0796b447c8b7bb6ae025b4d32ed2d908da3cd6090361a1a261e010cd33915150f7bd8c0867609edf64eb7a9c56e87dd57ef387

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Services\www.ya.ru.ico

MD5 534409dface053e62660de921ddc600d
SHA1 bd3dcb399327b1d5a2d53ab24e0217d9f524ab62
SHA256 38a3749cdb839c84168f23a9ee46cfd73d482e923bf2c6b4339184b4c93f91fb
SHA512 f58d2192660472e7cfb3c139c145c37f52aba993e2035afebe729a4ba08cf000d18f58cf20d77239cfad3adc278843238307fd0fba96c387e3f4cbbe84cd6b95

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Services\market.yandex.ru.ico

MD5 037dcb9f2d8c769d7b9e362fedd36e84
SHA1 8019da23adf7b4baa2b4a0e615b9167f8d2aa984
SHA256 ac03c5b69ffe00e7937efa6917d2a4212ddb2f6e911aeba54461fe8c59de53f2
SHA512 c219b4c9c8077fe028fe863046f528ef389953878ec111f8cb9b00aaef74efc0ec428c930bdc5298bd5439afac81de5c9ec09c57a659f7e8ba263e509daed718

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Bookmarks-20240222175640.455911.backup

MD5 3adec702d4472e3252ca8b58af62247c
SHA1 35d1d2f90b80dca80ad398f411c93fe8aef07435
SHA256 2b167248e8136c4d45c2c46e2bff6fb5e5137dd4dfdccde998599be2df2e9335
SHA512 7562e093d16ee6305c1bb143a3f5d60dafe8b5de74952709abc68a0c353b65416bf78b1fa1a6720331615898848c1464a7758c5dfe78f8098f77fbfa924784c0

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Preferences

MD5 1e286810777ce39748665062f31f1ff2
SHA1 f0aac3a9242217a1f7bd226d8556d32ca5f5d25d
SHA256 c856e6977c5119daa4340f6dbdadfe255e19afed3995a67de476b4ff97e246d7
SHA512 3ba06aa3782169c4d58b199f673fbd263aefa1696970374a20d12450ce7f2c96e12bb8e52720363d02355a8caa48f2acfa6189d0368d0ade4b4dd396a71a6d4b

C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe

MD5 1e64bdf002fa6dcae92e0b9ae4283867
SHA1 8db18047e35e77ca365a1da1648918fb710979c6
SHA256 dec6ed68c43845defcc2031c8e8da56fd6e2a476e2d5a2ea204c92b82d559bab
SHA512 b3207a4d10e07d97041bb471ba3f80e46dd70f2037ebc1a012b74943de4e78c5a5a2f5fb4c0a86615db34280b0d9f39a3f98f7b7734a7bf9fc29f41dd1bca1e2

C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Яндекс.website

MD5 d1d366c7a3f7e02c00434474f084cf64
SHA1 0fd0b81c4f492dea87e2c24d83f4c42c5e80b2e7
SHA256 5886a3be3b121da59d7a8fd459d01c4955fc32bf76f6eef7464e2ba821c584e3
SHA512 0cc26391ae54022eae17838ea388f656d3229fe443c500b325fa24fed8b677d846b7cdc94937692b4dfe9afcb06360f3433cdd3677751bd91d037ef2de970b25

C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Яндекс Маркет.website

MD5 213cf2c4ee08b13d7099c0cd57b163ee
SHA1 7a8b78b9aa86646b8a581107ed06b7fd5202d6bb
SHA256 eee16949c591b2cfcb306cdde840c94ee492a87bf0c95da94bcb402c3ca1abd1
SHA512 81839b7f0181ada8d529d959f6e974ebeee20959e57f779ccdcf7aea17566a8cbaac0cc7a7c0b058ebdb53c56308c8d88010a4de8dcdc06f433c0947bcc573ca

C:\Users\Admin\AppData\Local\Yandex\YaPin\YandexWorking.exe

MD5 cfe8c15626d56abb4e97923b1761f915
SHA1 a5b4d5eb2b0fbe9ab50393e8a60010048dcec045
SHA256 b2e9763e2119abcd04da8546d5ee47734427d8855a3c999a53a36ce476450bf1
SHA512 f5562ad87982bb595f28d29802fe91884bd49fd596738167086a940717442d97dc38b23715837ce331eeecc128162eae1b74897f50c33cf445a39ff408869347

C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.lnk

MD5 e4728a45b7b4f73d516ea1760612dd95
SHA1 c525818504f0fe3c2b53e0238a4c80c45b12b3ce
SHA256 293759ef847de2c8963f1813f1075c2963478654177f46cdf041e5a834cd3eed
SHA512 6378bccc72931503679633c9583c65a3dd369c7cdd4c103ea7c8cb532ca3e3e3a579314ff36859cdb3683c1853a31ebd6b194836a2a802f336d1088b5606d204

C:\Users\Admin\AppData\Local\Temp\{6F24B28A-F0E7-4E94-AE92-93D0024B3193}.exe

MD5 73dcc1d69f309c7c8213061eabfe18f8
SHA1 e63ed535166c1e7eb324f192988d2f8fdcba7bae
SHA256 612787227a685b22a3c2526335f25b4556fc9f4aff8146a311107c19581495b2
SHA512 d3f812dbf99a1e4b999611ec51527844e960146d3f179ce276ccd18475fb3374212d7adbb979a723135c6fe5ab7c296c757fcf1fa7029e0e32c07050a3f39fbb

C:\Users\Admin\AppData\Local\Temp\{6F24B28A-F0E7-4E94-AE92-93D0024B3193}.exe

MD5 ce29007f49d370698963082d600c7d69
SHA1 89eafcdd9dbb41ca68d2d2703ce6f870a28c10f1
SHA256 9d356df08ed86962186cffb578f815c056aa3965f0a47eec56ab25ab06ce3c03
SHA512 1f8ad25c47a8192c8d48ef64f829c6f2f4b4b5a2f19889c139b8e4a35316806d7568dce4fa00e0f7be0fd69d59c5ae824aa56197005ccddd40711a4475705fd1

C:\Users\Admin\AppData\Local\Temp\{6F24B28A-F0E7-4E94-AE92-93D0024B3193}.exe

MD5 d0184cb278ee844d0aa3eb1e205ccce3
SHA1 e4724398df3160ae00211d37c01608518d1badf6
SHA256 cba9870f31ea8635dbf53286ad968414c2a0d8436aaa351b1ae4262afab19fd9
SHA512 a1ded53ab8e3ffb3ddaaf63a1241b17be3b4738e6963c508e340d4c2a84c2708df45b2fe9dbeda73aec829f05467ebe8dd497337039f84e85947d28bbb51889f

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 f800852b20c4faeca640318aaf51977a
SHA1 33b8f235cf973a83535a68b805c954c31e369728
SHA256 d92c0bcf7a46f9d58bef3904c572ec40d833edfb16a160f112fdd09d61330e25
SHA512 9b4e985e3c6d912113ddb2206c14b484eacf111c1b16c1352e515e27dfa6d4d06de50f3ebac86ad1eada892e7ab3b788fa07aabb4daab65de44ce3374b73084a

C:\Users\Admin\AppData\Local\Yandex\YaPin\2AE68B04.8A85F169\Яндекс Маркет.lnk

MD5 82625e3b856bbb469d198930d1426e7a
SHA1 05d17e263eb4df430e8f7bafe4f8ee96b4ba9207
SHA256 999b81bc57c2f6755d143468fd4346104d05f7f059ded69965978e84c37195db
SHA512 319e846a3e69e95f3bbff683fd6e2df18de97d1895c57690076f80017a9eb3ec76c3e20e53813ad06dee4ed30585bba1542436dcf345194229f7955d4c4845b7

C:\Users\Admin\AppData\Local\Temp\F8FE164A-52B9-4A71-B2F9-E9FE2666DA93\sender.exe

MD5 e3057443a704b797124507b9cefdece8
SHA1 3fdc3be05efc7038023fa93544d675a2d5b9cbae
SHA256 393f94297e3a2e4ffd771323bcaf8b59ebb57cb29a773a18917e7c0c9a9ecf50
SHA512 62e608324bfc7d05ccb6025d39c96ac9328accd465a11e7fb636fffe7f1fe89c6f9a956778fafc97b70165058fcf903de5ae09847cc286ddc58a7aed6b2c2291

C:\Users\Admin\AppData\Local\Temp\ybBE3F.tmp

MD5 e1ee275e7d8bc86ac619ebaf6de7e957
SHA1 81fb0a6febd888d849eb7f752211841dffb35126
SHA256 11e2936b6b39469e9b8b034465d36dac9ec2b9d89f1f9df35b72d72609c694f3
SHA512 aa2251e98375633a3223f3ff43e777142b91998f88aa6cc23711503b570dc466b7df98554a252618e3d1a1f82cbd8e86c7db3fe3065cbf0a6ab56c5df422d0ee

\??\c:\users\admin\appdata\local\temp\ybbe3f.tmp

MD5 e862b5b1014fe29dfb2017f2ca9abe5d
SHA1 231161a9294bf86efe62da60681598fee678fb16
SHA256 959723af9e9027b4f988cc2ae24823e78a5034bc88416bc703acb822cbf2cd9a
SHA512 617035ed9ea1adbec2053f4ef2c22cb1b07fe362e6e69fb827ab713812aa1ec4b80d393fb48217602afb12b63a36ddaa7489909eec0ad8868083b6dcb570d5c3

C:\Users\Admin\AppData\Local\Temp\ybBE3F.tmp

MD5 ada0895014ce772230b845324ba66ca8
SHA1 108bf6bdaa6c98c78c5f3cba57bf787178455f09
SHA256 ece0cfc3232e0854289e78eab1fd0ac0dbee9917891e2076d276d2a059a5af30
SHA512 b0f96bf741a6082d9bccdeec68ffb5c07780a6a7252245c403ae7065415f95b8ab88b73f15e88cc798cf7317c3add3678a7379bf9dce3d08129122ab47380429

C:\Users\Admin\AppData\Local\Temp\YB_DAC75.tmp\setup.exe

MD5 7de8761de9fd5affc32b8999e1d1a418
SHA1 aa17f3c3c56af25eea5f208cfb7d969786af0c89
SHA256 b63736aff3f7ea2c92ece72c062c7d64388c7d0d21100d7433e1036173cb5622
SHA512 2c9b7bb9e5a5fbd6e9c0a3c3cc4f519297ad3a1fb302cbb2516e0b4930d5b551c146c35fe2626d8ba5316d6adb7225b35d82bb5d9a5af034526998d9aa8ce2c2

C:\Users\Admin\AppData\Local\Temp\YB_DAC75.tmp\setup.exe

MD5 6481b3d78e06de34df41d1e15b7b6982
SHA1 33bc7a035812ddb3f8411f1fbd39dd3637ff4432
SHA256 a8c49cb5d1a5e664fccd543fa2f0acea07cb408f37cb65b430d5aca2d13fd4b5
SHA512 c5acbf4d0f8ee8ac9f4bef935d7a69918489e43bdb9fe977e13217eede9ccd7c404176f58752b4e7446bb1f6d46d63a4fc75f84077449b6edf94f9f115f1db97

C:\Users\Admin\AppData\Local\Temp\master_preferences

MD5 d5e456e8c03665784e4a5027fd3770ab
SHA1 c2bd2226c852a5790b88d77aa5b3b23c07f73efc
SHA256 a6a85eba7b33ae79baa64304c2de312b721c9c38f7bc2e85c3dc975c28ddd032
SHA512 a6f4473be0eac963d7e68bbd21bb676f79bc59a73435fa64635cd426d8bbbac51a5ef7c981ad8bdf30b434662dbb25febd20806eacdc4ef8af1c7eff24162f16

C:\Users\Admin\AppData\Local\Temp\YB_DAC75.tmp\setup.exe

MD5 71321bc542953f04ebb5869d01f2ebb8
SHA1 f56a5b7579920eb64dce746b60b3ee1d311bbabc
SHA256 69bd62c66f592e7d6ca25dfbf785ada28e8357133c98ca2e0a6547bcda4c0104
SHA512 e0078679c46889489b7bdb20e794d016dc31f9a1f9e15a60bb5a1fdc67531c625594452c85b5488d4f15d42b19bae34fa3a9d28ca627ccfb70569012e4635dea

C:\Users\Admin\AppData\Local\Temp\yandex_browser_installer.log

MD5 acc76b59d211b62935e8423ae5bfb089
SHA1 077ec9600a0ed96c13825eb14ce73c1ba4fb6853
SHA256 512bceaab985fb5dae3005e3f47d532ddc577b361e761824f07b1bb2ec2d1852
SHA512 6f9afc1a0c8634130ca21987f54070d1e0fc80d6119be6f717e1862917638ff4a8e327d321492240c3502b201fc9d1eabc9bbd832f0979ff73d2f33c0a4efa6b

C:\Users\Admin\AppData\Local\Temp\YB_DAC75.tmp\setup.exe

MD5 8b016d17b72225aefb788e404d8303a6
SHA1 168ab79fad9afa79850930c58693b57056f12912
SHA256 39c14c22ccb28a0ea0fb15f527514af6c65f609be91a3cd7c0828b0054d5d757
SHA512 87402040276586dbbe5f66443100db8033a13cdccf23a0c7c0f243a1f9de5b1373a45389ac40fb0d22abcc5755f7b250108833e37b90d1757374eab814eae4a7

C:\Users\Admin\AppData\Local\Temp\YB_DAC75.tmp\BROWSER.PACKED.7Z

MD5 08cc972896c07f78e70394eff8ed5797
SHA1 81fe425d698bba7676d839590363d367c07cfa7e
SHA256 dec9d824898da92567bc48738a9c7323b002b2fead55d01ee3aeefd9eeed41fc
SHA512 2dd38d933f5c0fbcbe939f2a50007173a29862db858696d6a1c0345d649ca5f8c72a3e8ac2350badd569f0b44a1fd0db7973f85a4031c5931d29f465ff39d23e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B

MD5 46fe24e623259e4ca1c40875f67669c9
SHA1 d848192033e3d8449607c67df8747b753cc7218d
SHA256 d7395f78954a6820348ce7ea3a9e9ff036179f5ce5d2b8c8f926487caa2d1ed1
SHA512 ac2e04a9a87602bf4b002e94a37e87e6fc9e75212390dc6acce9c2162865ada99d5212ba4b9907fce908d165149c8fce4e4fd34f370dd542ab1e3ea65cbf55c6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B

MD5 cd1af919070e3745c581dc390981696b
SHA1 540364e1a568799038d2cd9c4e156cfe03066fae
SHA256 b6812cf597ca7cd9d60646879a8fb06e9f10913f9e1753e12b003c32cfa53d70
SHA512 00d9b08a9fa07434c7fdfa0a75c5e0b71658f838fdf98bf3c4ac103884833286802e4bdd944548f3185b0bca29046922846ec2faf198af05b3260b65b99b480c

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.1.925\resources\configs\all_zip

MD5 d0447109de3f7a7bd2063e68325c818f
SHA1 c6f6212a1c8ef763cf509bcfc446e624c412b781
SHA256 307d92653b141e764aee38a5ad38fc60842ec253a46caf81c613e856cc4af56c
SHA512 ce6e973164d943ba164387ad3323cd24a6f4da83b8ea1e9e13f1e34664fd13c405ba39b2fdc8c52df8cba14a58dc4818626ea75c20e3e65dd9973c3a02f91e42

C:\Program Files (x86)\Yandex\YandexBrowser\24.1.1.925\service_update.exe

MD5 1c5732cd938dcee7da4308f43baf451e
SHA1 40cec16f0a3087ee4804f49a9fc52549c8f4d0be
SHA256 014068331c22d0427240b67f9500016ba32d1d3d881d45cf7ac186b7db654a1c
SHA512 c9fa6cbca07b08e6a84b89c60ff704a894457709d899cf1d92157a3c4a64fad4928f66271115640129e1179d4efaa7d89f64fec58e46cb90f6ba9fbb03b372a1

C:\ProgramData\Yandex\YandexBrowser\service_update.log

MD5 7217354710f9ea9f64424c7d87072cff
SHA1 1e485d9d8d4e1de9cda71c2883b51ecf22aa794c
SHA256 3cb1e7b6ca8479890906b3316a6598502c257149c57345cf05643192d9f4e1fb
SHA512 767971f0bf6445534bf4277198221c9acc476cfcb70dfe92b5675008ce0d8e65432a6101a2d79debb4e84d3cf85a7cc1196a5c8c2af8a95bfd5ea1b03ccd3716

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.1.1.925\brand_config

MD5 3349e009d7263d3a10ba9010d3f757dc
SHA1 75a8b591af21ab27dc6a624c322adc6c00bbef42
SHA256 c4d29089f83ebba808fcc7ce740a14bf791d594f144ebc7e3f687845fcc5afce
SHA512 66c1c669a78521f40aa0f5c561c5c20bc6a9c90736285a436db2f8321aa528397f191c5d16cbd27786d48b42b1d37b9e70eca5f9c76cd1e4915d0d2de372f41d

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.1.925\resources\about_logo_en.png

MD5 1376f5abbe56c563deead63daf51e4e9
SHA1 0c838e0bd129d83e56e072243c796470a6a1088d
SHA256 c56ae312020aef1916a8a01d5a1fc67ed3b41e5da539c0f26632c904a5e49c62
SHA512 a0bab3bae1307ea8c7ccbd558b86c9f40e748cdd6fd8067bb33eeef863191534af367a0058111553a2c3a24e666a99009176a8636c0a5db3bf1aa6226130498f

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.1.925\resources\about_logo_ru_2x.png

MD5 a6911c85bb22e4e33a66532b0ed1a26c
SHA1 cbd2b98c55315ac6e44fb0352580174ed418db0a
SHA256 5bb0977553ded973c818d43a178e5d9874b24539dacbd7904cd1871e0ba82b23
SHA512 279fb0c1f2871ce41b250e9a4662046bc13c6678a79866eaf317cc93c997a683114122092214ce24f8e7f8a40520fe4ca03f54930148f4f794df0df3ecf74e9d

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.1.925\resources\sxs.ico

MD5 592b848cb2b777f2acd889d5e1aae9a1
SHA1 2753e9021579d24b4228f0697ae4cc326aeb1812
SHA256 ad566a3e6f8524c705844e95a402cdeb4d6eed36c241c183147409a44e97ebcd
SHA512 c9552f4db4b6c02707d72b6f67c2a11f1cf110b2c4ac5a1b7ac78291a14bf6eb35a9b4a05bc51ac80135504cd9dcad2d7a883249ee2e20a256cb9e9ceeb0032f

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.1.925\resources\import-bg.png

MD5 85756c1b6811c5c527b16c9868d3b777
SHA1 b473844783d4b5a694b71f44ffb6f66a43f49a45
SHA256 7573af31ed2bfcfff97ed2132237db65f05aff36637cd4bdeccdf8ca02cd9038
SHA512 1709222e696c392ca7bcd360f9a2b301896898eb83ddfb6a9db0d0c226a03f50671633b8bed4d060d8f70df7282ffc2cd7ab1d1449acf2e07a7b6c251aa3a19e

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.1.925\resources\tablo

MD5 bb60da7176a0286e561af09fa0512635
SHA1 54f8a5d7042b2350848a31bc7f7179d1deb66b6c
SHA256 f330378a339e5fe51e54af531b8a53b01c47b4448196c85a166034e44ead625f
SHA512 ba51700283f6f50de6da0c1585cca1558600e7cc0eb11ce6ee7a21aab7f1c088f7f589dbdeda5e477548c10b86fcdb821d307f3c8bf512f962eecd6ac0436211

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.1.925\resources\about_logo_ru.png

MD5 ff321ebfe13e569bc61aee173257b3d7
SHA1 93c5951e26d4c0060f618cf57f19d6af67901151
SHA256 1039ea2d254d536410588d30f302e6ab727d633cf08cb409caa5d22718af5e64
SHA512 e98fbfb4ed40c5ac804b9f4d9f0c163508c319ec91f5d1e9deb6a5d3eada9338980f1b5fe11c49e6e88935ecd50119d321ce55ca5bdd0723a6e8c414e1e68e16

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.1.925\resources\about_logo_en_2x.png

MD5 900fdf32c590f77d11ad28bf322e3e60
SHA1 310932b2b11f94e0249772d14d74871a1924b19f
SHA256 fe20d86fd62a4d1ab51531b78231749bd5990c9221eab1e7958be6d6aef292d9
SHA512 64ebc4c6a52440b4f9f05de8ffb343c2024c4690fe5c9f336e78cd1dd01ae8225e8bc446f386feb442e76136b20d6b04ee293467b21f5b294ce25e500922f453

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.1.925\resources\wallpapers\1-1x.png

MD5 80121a47bf1bb2f76c9011e28c4f8952
SHA1 a5a814bafe586bc32b7d5d4634cd2e581351f15c
SHA256 a62f9fdf3de1172988e01a989bf7a2344550f2f05a3ac0e6dc0ccd39ed1a697e
SHA512 a04df34e61fd30764cf344b339ba2636b9280a358863f298690f6a8533c5e5dfa9773a14f8d16a5bb709ea17cf75e1da6302335aa9120009892e529bfad30df9

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.1.1.925\partner_config

MD5 977bc7b2384ef1b3e78df8fbc3eeb16b
SHA1 7ee6110ca253005d738929b7ba0cc54ed2ed0a2e
SHA256 82e288090168abe15419015317fd38f56c1136e7481f66656d84e0a2d861d4d6
SHA512 4d154832ef3ac05abb1499a5bc8235d72f64cdaa3e6870206a6363c1d85d821604ae8a96850c2c8bd540d479b8dd5f3ce032472ed96bbf7eddb168ea3d2d1cf6

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.1.925\resources\wallpapers\mountains_preview.jpg

MD5 a3272b575aa5f7c1af8eea19074665d1
SHA1 d4e3def9a37e9408c3a348867169fe573050f943
SHA256 55074794869b59cd5c693dfa6f6615aea068c2cd50cdae6dd69bd0410661ded8
SHA512 c69bf39362658dd6cbd827cf6db0f188a9c4410b3c6b7b532595fd5907974e2141d857942ffb2497282e31eaa33c71240c2c2bd8721046df55e3358e8b76c061

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.1.925\resources\wallpapers\sea_static.jpg

MD5 5e1d673daa7286af82eb4946047fe465
SHA1 02370e69f2a43562f367aa543e23c2750df3f001
SHA256 1605169330d8052d726500a2605da63b30613ac743a7fbfb04e503a4056c4e8a
SHA512 03f4abc1eb45a66ff3dcbb5618307867a85f7c5d941444c2c1e83163752d4863c5fc06a92831b88c66435e689cdfccdc226472be3fdef6d9cb921871156a0828

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.1.925\resources\wallpapers\sea_preview.jpg

MD5 53ba159f3391558f90f88816c34eacc3
SHA1 0669f66168a43f35c2c6a686ce1415508318574d
SHA256 f60c331f1336b891a44aeff7cc3429c5c6014007028ad81cca53441c5c6b293e
SHA512 94c82f78df95061bcfa5a3c7b6b7bf0b9fb90e33ea3e034f4620836309fb915186da929b0c38aa3d835e60ea632fafd683623f44c41e72a879baf19de9561179

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.1.925\resources\wallpapers\sea.webm

MD5 74fe7becc14e3c5267854e3818840972
SHA1 9615af58762fba8530bd03196a68ab6932560b3d
SHA256 5f0fd57abe9f6e4fba51f8fc1003348c82c73bb74800bb2c867851a74d7103e9
SHA512 faa595876721a10be2dd8ec9c37282a6b50025097198d3f90aa1a090818fe2ec93696a3cb54ddd560e786c201e5278dee8d0a6f19e4dd6720c2d0d0bf043fbd1

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.1.925\resources\wallpapers\sea\sea_preview.png

MD5 3c0d06da1b5db81ea2f1871e33730204
SHA1 33a17623183376735d04337857fae74bcb772167
SHA256 02d8e450f03129936a08b67f3a50ea5d2e79f32c4e8f24d34b464f2cb5e0b086
SHA512 ff0e60c94fc3c0c61d356a26667c5170256e1143b29adf23d4e7d27012da72ed8865ef59dc2046314c7335b8d3d331e5fd78f38b9b92f6af48729dae80f85b15

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.1.925\resources\wallpapers\huangshan\huangshan.jpg

MD5 c51eed480a92977f001a459aa554595a
SHA1 0862f95662cff73b8b57738dfaca7c61de579125
SHA256 713c9e03aac760a11e51b833d7e1c9013759990b9b458363a856fd29ea108eec
SHA512 6f896c5f7f05524d05f90dc45914478a2f7509ea79114f240396791f658e2f7070e783fab6ac284327361dc2a48c5918b9f1c969b90795ceacce2c5c5bfa56ca

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.1.925\resources\wallpapers\custogray\wallpaper.json

MD5 19feb60966afbb9d1b797a050278f13e
SHA1 9874bcea4222a8f56d59c91b7abe603687a4f67d
SHA256 94cf5e38c38f78a42d70599c469a3969e4b3feb292da450a947d8463a57bfb9d
SHA512 2abd6fb2bd126ef99a7f0bb79072fdcdea2670d1b296ace2b4f9ebbabb343594b140b6c2728c31af339465619a8ee9faa2e3d64e1847e9557c50a79144d24196

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.1.925\resources\morphology\stop-words-ru-RU.list

MD5 b255d75a7ee1052a3648bfffd2b31f6b
SHA1 57a388c0a6f44bacf8576a4d54ae520f649e9990
SHA256 0f45d855adcb5517b3e8d747ac385cbd7d493bc0529a7c567c750ba765772040
SHA512 9a4cc4a1e6d9c188c24f628ccc109f447a2ebc8b42e5e6daccee0617dcdd3f1cc79206e6278154583c29dd8d1180072c463ed88ac56e87a6de1449f40494c292

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.1.925\Extensions\ghjgbemlcjioaaejhnnmgfpiplgalgcl.json

MD5 8f1ef981951ada25c4b739f4654e73d4
SHA1 cc03a958ce4fa86a76d10f343a4e236e2d4a0c8f
SHA256 a1d9c5c34ae669a1cfc64ed674a1202e2659567c2092a5b16ae0b9bd56ede5e6
SHA512 0687aaec870e30d759804f53a47814ad56a74063c23a5068f013f70fec1296bba0d69b8e002d66cc865f01aba437fdd46c5289454b978f3bb9d840b80e380962

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.1.925\resources\easylist\manifest.json

MD5 15bcd6d3b8895b8e1934ef224c947df8
SHA1 e4a7499779a256475d8748f6a00fb4580ac5d80d
SHA256 77334f6256abddcc254f31854d1b00aa6743e20aadbb9e69187144847099a66b
SHA512 c2d3778a99af8d8598e653593d5e2d1d0b3b2ace11addd2d3eeb2bf3b57d51bf938ddaf2d2743322e0ce02e291b81f61c319daf34c1cd604ffce1f6407a30b34

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.1.925\resources\easylist\easylist.txt

MD5 8e4bcad511334a0d363fc9f0ece75993
SHA1 62d4b56e340464e1dc4344ae6cb596d258b8b5de
SHA256 2f317fee439877eaadb1264bd3d1e153c963ef98596a4ccf227592aea12ae76f
SHA512 65077bd249c51be198234ff927040ef849cd79adcd611ed2afae511bc2a257a21f13171bf01cb06fce788c1cff88c8ad39cf768c5900d77cd15453a35e7f0721

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

MD5 0791fbbd4721a1110d29fccd1ae81600
SHA1 8d0ae61833c778d0373ac5da38a6c41bc947c1ad
SHA256 49d84512fd5d4a8a31f1299093750454e0a774f192d8738ab3038582367e7fea
SHA512 044df00bacd8cce305c6a45f7e755c20719b7bcd7d23f91450eb40160983b9ac7bc71a369d5c030fc30e3661fe083d84fe2707f8cca9ac991a23e93fa2ac560e

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.1.925\resources\extension\elokbjeafkcggjfjkakpchmcmhkhaofn\brand_settings.json

MD5 4bd2ffe5e645a04d6a7047ac47969fa5
SHA1 73b988a08b3b1e72a38e4ee0e9813cc09946e555
SHA256 a9cf92fb5076df30264c75da6f1b6e41bf592567d5e7bf170c21beba628aafe2
SHA512 0125141dc02b40cefa34280311653c1fe0815ecf005d93814f06ceb7f2e2d1789ca7d5907a5cf069880a742db19fc74289467a0538fe329670d9c0397135e1f8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.1.925\resources\extension\fcgfaidpicddcilhjhafmmcgfodijhjd\brand_settings.json

MD5 94e409c4948755c18ed015a9ea88194d
SHA1 9725a6622664ab4332f07e04c4f8a23c86daf695
SHA256 ce1e2092945df5b00797e81185cc4db54070583ed92af19dd5d104e1aa4343a9
SHA512 e59d6730078b06dcd51a68c1a729244f3af76d97083b75a4fa05ac323d6f6e61c882b41a821c15595c3483b75995bfbdcdbc55bc3609f0d470b8e96ca1c4a196

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.1.925\resources\morphology\dictionary-ru-RU.mrf.sig

MD5 d704b5744ddc826c0429dc7f39bc6208
SHA1 92a7ace56fb726bf7ea06232debe10e0f022bd57
SHA256 151739137bbbdf5f9608a82ec648bdf5d7454a81b86631b53dfc5ad602b207d6
SHA512 1c01217e3480872a6d0f595ceb1b2242ffe3e1ff8b3fdd76eea13a7541606b94d3ccd69492a88220e0e40c17da5d785e4dba1d7501e6be749b9c46f72572ef6f

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.1.925\resources\morphology\dictionary-ru-RU.mrf

MD5 0be7417225caaa3c7c3fe03c6e9c2447
SHA1 ff3a8156e955c96cce6f87c89a282034787ef812
SHA256 1585b1599418d790da830ef11e8eeceee0cbb038876fe3959cc41858bd501dbc
SHA512 dfc0de77b717029a8c365146522580ab9d94e4b2327cef24db8f6535479790505c337852d0e924fbfa26e756b3aec911f27f5f17eba824496365c9a526464072

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.1.925\resources\extension\gopnelejddjjkamjfblkcijjikkinnec\brand_settings.json

MD5 338199392c0ee2d8530b8d0516f6d2eb
SHA1 2ce5daca88f6296335dcd3167a5f54d87687f85a
SHA256 c9c85c1fad9bd1e26e42d3b35e7e5ba5d6af4b87e13846b3d71518274896a9cb
SHA512 6a89b757abb2e51c46214bf6b111e7ae085ebdef43ce656695e1d7eec91c2f33bfb95868b2cc3749e5e7f3c435bb65d830c96fdd01abee4f9106d1b11ecaf2c1

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.1.925\resources\safebrowsing\download.png

MD5 528381b1f5230703b612b68402c1b587
SHA1 c29228966880e1a06df466d437ec90d1cac5bf2e
SHA256 3129d9eaba1c5f31302c2563ebfa85747eda7a6d3f95602de6b01b34e4369f04
SHA512 9eb45b0d4e3480a2d51a27ac5a6f20b9ef4e12bf8ac608043a5f01a372db5ea41a628458f7a0b02aaba94cd6bb8355a583d17666f87c3f29e82a0b899e9700bd

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.1.925\resources\wallpapers\abstract\light_preview.jpg

MD5 9f6a43a5a7a5c4c7c7f9768249cbcb63
SHA1 36043c3244d9f76f27d2ff2d4c91c20b35e4452a
SHA256 add61971c87104187ae89e50cec62a196d6f8908315e85e76e16983539fba04b
SHA512 56d7bd72c8a380099309c36912513bcafbe1970830b000a1b89256aae20137c88e1e281f2455bb381ab120d682d6853d1ef05d8c57dd68a81a24b7a2a8d61387

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.1.925\resources\wallpapers\abstract\light.jpg

MD5 3bf3da7f6d26223edf5567ee9343cd57
SHA1 50b8deaf89c88e23ef59edbb972c233df53498a2
SHA256 2e6f376222299f8142ff330e457867bad3300b21d96daec53579bf011629b896
SHA512 fef8e951c6cf5cec82dbeafd306de3ad46fd0d90e3f41dcea2a6046c95ab1ae39bf8a6e4a696580246c11330d712d4e6e8757ba24bbf180eec1e98a4aec1583b

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.1.925\resources\wallpapers\custogray\preview.png

MD5 0474a1a6ea2aac549523f5b309f62bff
SHA1 cc4acf26a804706abe5500dc8565d8dfda237c91
SHA256 55a236ad63d00d665b86ff7f91f2076226d5ed62b9d9e8f835f7cb998556545f
SHA512 d8e3de4fea62b29fd719376d33a65367a3a2a2a22ed175cc1eeff3e38dfbaac448c97a6fbea55bc6159351d11a6aad97e09cb12548cf297e01bd23bf6074de08

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.1.925\resources\wallpapers\custogray\custogray_full.png

MD5 55841c472563c3030e78fcf241df7138
SHA1 69f9a73b0a6aaafa41cecff40b775a50e36adc90
SHA256 a7cd964345c3d15840b88fd9bc88f0d0c34a18edbf1ce39359af4582d1d7da45
SHA512 f7433d17937342d9d44aa86bcc30db9ae90450b84aa745d2c7390ff430449e195b693a8ae6df35d05fee2d97149a58a7d881737d57902d9885c6c55393d25d6f

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.1.925\resources\wallpapers\fir_tree\wallpaper.json

MD5 31b6342128a20e38a224a3c395f1d5d8
SHA1 afea42f96d007c0d02d90a2cf7d3486c73969d9e
SHA256 a135978536ba7409f381fcac3befed527e6d310fd4fb6a9e567adbb22e84ef2d
SHA512 5b53e2a4c66d81f4e3aec91be650c4b151812d7ea8a6ef1ff911dd56933f8153ccf4a9883e406b2a9cf59056037a1e7434ed9c6c102ad446db5b42e1af93ea64

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.1.925\resources\wallpapers\fir_tree\fir_tree_preview.png

MD5 d6305ea5eb41ef548aa560e7c2c5c854
SHA1 4d7d24befe83f892fb28a00cf2c4121aeb2d9c5d
SHA256 4c2b561cf301d9e98383d084a200deb7555ec47a92772a94453d3d8d1de04080
SHA512 9330009997d62c1804f1e4cf575345016cda8d6a1dd6cb7d2501df65ea2021df6b8a5bc26809ddfc84e6ff9450f1e404c135561b1b00b9e4915c69e84f89cfec

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.1.925\resources\wallpapers\flowers\wallpaper.json

MD5 db5d85343264fe69c9452cf6bbddb10c
SHA1 82d97c05c2ee2374a9343f10db78e0ad232ac2aa
SHA256 c15d588d418a5bfc7caa62b62a3e4df7f67990f6912aeda133e616ab0738401d
SHA512 3aa27652f9decf1315630ef83302355065e8c43297c0d8c891295a855499e81d9cfef2767490c2992b3103e44d7f16825e65e9bf2d994d17811f49be9eb37307

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.1.925\resources\wallpapers\flowers\flowers_preview.png

MD5 ba6e7c6e6cf1d89231ec7ace18e32661
SHA1 b8cba24211f2e3f280e841398ef4dcc48230af66
SHA256 70a7a65aa6e8279a1a45d93750088965b65ea8e900c5b155089ca119425df003
SHA512 1a532c232dd151474fbc25e1b435a5e0d9d3f61372036d97bcaab3c352e7037f1c424b54a8904ef52cf34c13a77b7ab295fb4fd006c3ab86289577f469a6cd4c

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.1.925\resources\wallpapers\huangshan\huangshan_preview.jpg

MD5 1edab3f1f952372eb1e3b8b1ea5fd0cf
SHA1 aeb7edc3503585512c9843481362dca079ac7e4a
SHA256 649c55ccc096cc37dfe534f992b1c7bda68da589258611924d3f6172d0680212
SHA512 ecd9609fbf821239ddcbdc18ef69dade6e32efd10c383d79e0db39389fa890a5c2c6db430a01b49a44d5fa185f8197dbbde2e1e946f12a1f97a8c118634c0c34

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.1.925\resources\wallpapers\huangshan\huangshan.webm

MD5 b78f2fd03c421aa82b630e86e4619321
SHA1 0d07bfbaa80b9555e6eaa9f301395c5db99dde25
SHA256 05e7170852a344e2f3288fc3b74c84012c3d51fb7ad7d25a15e71b2b574bfd56
SHA512 404fb2b76e5b549cbcba0a8cf744b750068cbd8d0f9f6959c4f883b35bcaa92d46b0df454719ca1cef22f5924d1243ba2a677b2f86a239d20bfad5365dc08650

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.1.925\resources\wallpapers\meadow\wallpaper.json

MD5 1a8908826d2efe5fa817ce6bf474700a
SHA1 f25ed2de494bae4ffeca33071e5c2dc034c863f7
SHA256 9c75f591907f6a631ba583bce6ddcaafa6f89a84a4bec8108637f7f471e821cf
SHA512 1b68183bd466d01ec25b1281737ac4e752263cd88b64e16324244812d46f8f985ebdeb35d065c7aabc7abcb93286e92b0f3d5b0b7173f5aa6e33891c417b6fc8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.1.925\resources\wallpapers\meadow\preview.png

MD5 d10bda5b0d078308c50190f4f7a7f457
SHA1 3f51aae42778b8280cd9d5aa12275b9386003665
SHA256 0499c4cc77a64cc89055b3c65d7af8387f5d42399ff2c0a2622eccbd6d481238
SHA512 668e1a70a50a0decf633167ac23cba6916d0e05d0894daae1f7e3d487519f0a126abd4298430b38f52746a5c3b83ccd520b3d9b0ae1a79f893e36821a0458566

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.1.925\resources\wallpapers\misty_forest\wallpaper.json

MD5 ea6753f7a10f9f92b7790c93f8ea2411
SHA1 0cb570e8ecc34e16017b920fbcf1036cf1508ab4
SHA256 b1f9aebdb9333b4b15c2a9339d18e974205cbd4a61d2a0b4d34a25b384a0de7c
SHA512 f7974e99c58696a4d739c4d590f5f50094082473754e6b1fb8a82c76566cf3b5713b1e013126f8fbef0f0c8af2e08d09b32307958c9ed1a1007c04ce89539ec7

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.1.925\resources\wallpapers\misty_forest\preview.png

MD5 77aa87c90d28fbbd0a5cd358bd673204
SHA1 5813d5759e4010cc21464fcba232d1ba0285da12
SHA256 ea340a389af6d7ad760dff2016cf4e79488bda1a45d0a415b3cd02a4430c9711
SHA512 759519b8822a6a4b88fc9ba47fa9d5d898b2f5a0f359acfbefc04809e6d7f5df86fb130f191eb6f63322792a18c0e7170aedf3ce7060fd9ad7e1bec2e686c3b2

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.1.925\resources\wallpapers\peak\wallpaper.json

MD5 dabb663536eef90a540783e707a311d6
SHA1 9659fe0463435f3281983ce306ff22fc101f6e57
SHA256 d1c971a197cb79f1df640994465aa7543bada90059f5b2768967d2b57c6afd2d
SHA512 ed6b4090eba519f2814dc51fccb92cdb703656c77be741f07753f9c84d09394d080158e04bba1ca9dee501b0dff2a21020883e538a6c0ced6a12602b7098676b

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.1.925\resources\wallpapers\peak\preview.png

MD5 1d62921f4efbcaecd5de492534863828
SHA1 06e10e044e0d46cd6dccbcd4bae6fb9a77f8be45
SHA256 f72ea12f6c972edfe3d5a203e1e42cbbaf4985633de419342c2af31363f33dab
SHA512 eec8171bd3bea92e24066e36801f334ac93905b7e8e50935f360e09fa8c9b9f848c4c62b687299e8297c0693d6dbaf9c6035b471e6345d626510b73e3606ee4d

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.1.925\resources\wallpapers\raindrops\wallpaper.json

MD5 69472b2b8eb07ec616a8e94a492c6c5b
SHA1 aec5df4e15d292a360a5dd6125217ef063ebe65e
SHA256 6e9ef0bb0853c6c898ec033d54d9d5cfcb68a5f52cd8f9bfff3528a02c73e06c
SHA512 e355958272292bcd7d767af692fb33941ad469809abb6366b1aff2bd4585de6a18b290258799e943f9a53416c9f5c139ccabc47cb337d0e6e4f5d499f2e27aa4

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.1.925\resources\wallpapers\raindrops\raindrops_preview.png

MD5 28b10d683479dcbf08f30b63e2269510
SHA1 61f35e43425b7411d3fbb93938407365efbd1790
SHA256 1e70fc9965939f6011488f81cd325223f17b07ee158a93c32c124602b506aa6b
SHA512 05e5b5e9c5ef61f33a883b0286c2239cb2a464581d6e8a86d7b179b1887b4cb2cd7304e0821cdd3208501421c44c63c248a5166c790792717a90f8ac528fbf2f

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.1.925\resources\wallpapers\sea\wallpaper.json

MD5 a79af1c34d9d4fcc609e57fbd387924b
SHA1 6ae1f8730d03cbca17a1c368da8a600157e0ea49
SHA256 8c60b18ca1810a5e75950095cb0dfb4bb9c32a18f99e5505cf40c39840b8a633
SHA512 b95aef743acb3c6890e3ca74fc260a8fdeb134ba399f6e9851d34a47fb2cad9791a64d6214acb956ba4c8b51dd710f8f10fa8c3e88fb1a0f52a7e2214eca16fe

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.1.925\resources\wallpapers\stars\wallpaper.json

MD5 8571306e9021fc89eff3c5ced3e02098
SHA1 49d6a7baa6ab4182c4b38c95be4bef1b243fc594
SHA256 0529c0be39bdcb289bf29e6a9c774d907b444857cfaa47d3942e5dae1b75531c
SHA512 7657c0e48b4cfa3025bc33b0decacc22646bde2cedda7f51b98b19a17a91461ebee57f054b64edc58318ef6caef7227ac21b740527144f3fb0bc0a2e7b9fef19

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.1.925\resources\wallpapers\stars\preview.png

MD5 ed9839039b42c2bf8ac33c09f941d698
SHA1 822e8df6bfee8df670b9094f47603cf878b4b3ed
SHA256 4fa185f67eaf3a65b991cea723d11f78de15a6a9a5235848a6456b98a9d7f689
SHA512 85119055ddfc6bc4cca05de034b941b1743cbb787607c053e8c10309572d2ef223786fc454d962fbb5e3cde5320117f9efe99041116db48916bc3d2fcd4ffa25

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.1.925\resources\wallpapers\web\web_preview.png

MD5 3f7b54e2363f49defe33016bbd863cc7
SHA1 5d62fbfa06a49647a758511dfcca68d74606232c
SHA256 0bbf72a3c021393192134893777ecb305717ccef81b232961ca97ae4991d9ba8
SHA512 b3b458860701f3bc163b4d437066a58b5d441d8a427a8b03772c9c519c01983e3d3fdb8da20f6a53ad95c88dcdd0298f72822f39bc3672cb6f1d77fcc3f025a9

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.1.925\resources\wallpapers\web\wallpaper.json

MD5 7b00cfeccb0f471865d2ef08fa1d1222
SHA1 1881d5a29dfe86d6d19cac14a1a4b95b05494830
SHA256 22557386855643b706808ea9aed33ac22fa26f58d2fc281fb0ba917cf55f990a
SHA512 b7d80dccfa5f051b1ec8987193857aad83c7365e12f12fa68b8edc6ae0dca1d8a4d846e284fb8e15715b5ce7478dae334da5651b97a68189cb43c74e7fdf7177

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\install_state.json

MD5 5c9a5ff4cd88461c423587ae1d36fd15
SHA1 15c1654659ea8fac71f84a0f5965b33f952a7950
SHA256 fe07c2b0e5d71e4d7d54e4715b57ce7a554182f65869bcb56ce810dc227f50a1
SHA512 bddd293e94e1a2cbcc64c48d34cff1ea9ff252205d9968486922266b2147bee91825d61f1aeba15854ec805c189b6d07cfdd3be94cab18aaa002452c6b624dd0

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\394078b9-b99c-4cba-9c31-41cd4f0a3f6d.tmp

MD5 c61bbb42958fffc5137ac869f74b1ca7
SHA1 3503cf0eee2275602ac1094ecf485e2e92dcafdd
SHA256 982bc28a175b8f28228486e0154c2c67ac418b4244865abd4a04a73665e0d40e
SHA512 ffe5da5cea2e9060efcfeedd5089b8f194d20bd3f8e857a9f00e8cd96ff448c025f504614bf35f0555fce42cd36f601f11bedf3ffee501901ef9fb952d288160

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

MD5 1ed7f1f1364d8c4e9e3c5a24b819a159
SHA1 9f2956656b8a8fcf47c700e21c9867cc5bce235a
SHA256 3d4ee4569e76326faf96cd3233b66eceed40ef7da7435274335bacfd21a47840
SHA512 168259d292a6bb86e4280a68f4903b7e79fd754499c289615d758eb72698bf079ed8cb3678f0c53f94c229a16287e8704099cb34ef1e6652fbfa92b7c48cdde9

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

MD5 90f9df4beee90031c311eeefd3cfa970
SHA1 ce471ba0b2d090a0f80930340b200b9d2d8ae671
SHA256 30b4251741fe411b31388e3ede165c508718e5560fab569a6386805691cb5712
SHA512 67fb185def305aa9c611d1257ea668fdf386d0e45b2d7cffb683024545a76059d4305b35a8e250d003b80eed0df23e1c4266058019a03ddd83b14baf95df8930

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Sync Data\LevelDB\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Sync Data\LevelDB\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences~RFe58faf5.TMP

MD5 fd513c03f012c61e96928ea62fb76bc8
SHA1 2092ac615646cc268d4a39863448db00df276720
SHA256 add9e144cba8fee984be27fe7dbd636542b09f41c20fd2222bed7061c8e4dcea
SHA512 03184ff50b4a95eafe1ac3eded5db0192190b00d53a6da31fa4cebbcfe225ae7c585111ed1bc45c04cae1d3347c3c5dba0dbeb5b6c95762e1072461dcba0dba7

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Secure Preferences

MD5 345db630c8c29e22692fe997ec91a66d
SHA1 52bbcc916c3446a1e635a1f9cad48c13357cda02
SHA256 e9742de721cff65e3a794947b043607b1e5dad930578f2f93f9a8921052ba22a
SHA512 3657f1437c44cc0b3fc059cf5e4bd836db92b2174b00fba15b6d0ab4429d34309c20440cb17f52ff94bacc7af4f3713f25b4772c28a90ee039b9f8ab494cdf9e

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\GraphiteDawnCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\GraphiteDawnCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\GraphiteDawnCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Secure Preferences~RFe58fc6c.TMP

MD5 482b54971950497846b684dc75e0d1a0
SHA1 da40ab73d877f0b294b3efe4ec19d3c04272d05d
SHA256 e0b29794ff505b95c2affb49f2818545e00f23ae95a2131cc9f64442fff8020d
SHA512 41e4df89b85e83068c50bb4c5b21ad74a65d79013c95bdce8cf802dffea4dce1f27e29b8833b7e88b731d2e22288a9ca48e9ec683011446d758d5e00dbc76f7d

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\fe89ba90-1b25-4bd5-8193-a58a117c96cd.tmp

MD5 e83f8ddcd8a44db1f17574eb0f501331
SHA1 0b30ec881ad62158f896ea47f5c70db3806aefd6
SHA256 3bae34ca8c4ca34ad7177a57d3934891651bea573f72a7da8cdf004f897ffee3
SHA512 8a246ea1417825e1de0ee26af667c849175659441dac4c9f115d58ebb68abaac9245b231d787edfa72384ebdf0f170e871fca352b441faa41bc2984bc1a56223

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\turboapp_db.json

MD5 6c032658a1bddcd38ee090fdff088050
SHA1 851aa14d3620303e0fcd46e0a8aecd92d8344aa2
SHA256 a993a81de8db87afc0b0ed01141428c740811b9907b3311a8d4ad2bc56fd1560
SHA512 5a81f01d8b613f9fd76f9641dddf9fbd4a5cead585eda1241413c80a6ff609a178fe396a1012c386e542a7334637a69129bd58ac70c145a71c6c8d54b3e99274

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\turboapp_db.json~RFe590064.TMP

MD5 bcea64aa3932c7070008248df4a96c3f
SHA1 ce7ff5947d57f7a605adbbd300cc1fd90a6d3951
SHA256 6cf4efb2bb0a2e4ebd95a4e4572ad0ec7f11914c1c69a358775f12ce24c54143
SHA512 1b685e8e2e66aac3d1762e66d783699614f8c8deef4c4aae2fb4b6a2d8f1a6e1597585e7f678648d6759bbb9d5d88355b7943c57893d70967f2ad89a55e230cb

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\585e645c-47e0-4dda-998a-db75e9bea5b1\index-dir\the-real-index

MD5 450ecc419d17b204c7474ef4a2633f2d
SHA1 32aca3e3e5964bb821303566fd8af7def640cd7c
SHA256 22e2a38bd250689aea516aeda75430f4ad5817f49d3e44402999d4ab3eb81256
SHA512 00b9f0b9de30a3c51c346849238c6f245ed0ebfdb5345741b4a4265e7e885ceeded8b25ac8e9c2849d46fa06468fe40d1567f85e645d9adf1ea198a3548da8e2

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\web_ntp_cache\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\bcadigmkecmhhknameopgaidphameinh\Icons\256.png

MD5 a363094ba5e40a4760a9bf566e5defd3
SHA1 1e74e20f48ec878bd0b76448c722168879c5b387
SHA256 05ae2d6161a3acd83798ec56dbc45087e6aeb0a1376401f55aa46539b1d95559
SHA512 ce30f312cc08366aa588e75b229c178a83cf6d464a1051bd1118b81e5166085a2b1bcfbff97804f3e8662366b59f43a659e4b0e315dabad125f16ec9ad9ac379

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\bcadigmkecmhhknameopgaidphameinh\Icons\128.png

MD5 363bbbffe31e45e3945aa0ff3b8cdd1d
SHA1 f223255a82218ddd45bdf54a0cf1e8b438a67edc
SHA256 39b835c3dcf4261025de83d49ab151f5af0bc1ed8845932065aa1a333f026684
SHA512 7bbfb3810a2bed3d2a8a899afa95412cca95fa6916b1684ae3182bd0ad28faa7076fdf328281d106a53c10385667729b4089b0050610e87eadef2f3ff54e80be

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\bcadigmkecmhhknameopgaidphameinh\Icons\96.png

MD5 115decbc3eb53574b2582f15a0996e83
SHA1 598a1d495135f767be6d03cf50418615b22146b6
SHA256 07fbfbda84eb5467b120fb3f9b4e028077303098bac8c2934635b14bbda847e0
SHA512 af237ddb585ad38fd0fc3d0f0b75c60d0117e965a548bda055b2625f86ee7d91fedc840e1afa2fe80814f152732371255133faa21c3d774ca9691446541cf46c

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\bcadigmkecmhhknameopgaidphameinh\Icons\64.png

MD5 6f5486bcca8c4ce582982a196d89ece5
SHA1 4648ae13d71b2ff681cabc5d0b5b4bb242cb78a2
SHA256 c870819a5c73e2ea5f94312bdf10fc56668d3311ef2eab6509b659efb456bb8d
SHA512 9a36d519a9cadf5b464a98082511906cc5f24c4218f6bc2ae323f6b38bf5fd413614807ef0d442801bfbc3b2ce2a0527b0f7be24fd51f49cbde6b5dfe2cafd7c

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\bcadigmkecmhhknameopgaidphameinh\Icons\48.png

MD5 7cf35c8c1a7bd815f6beea2ef9a5a258
SHA1 758f98bfed64e09e0cc52192827836f9e1252fd1
SHA256 67c320fa485a8094fc91cd3fcd59a7c75d2474e3046a7eb274b01863257fbe01
SHA512 0bbebde654c9f44cf56b74fc1a9525b62c88724ec80658efede3cbb370c3a6d4f3e78df459bbd0559a51838f4a172bdfcd370bd5477038309024b77cd69f2a15

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\bcadigmkecmhhknameopgaidphameinh\Icons\32.png

MD5 d2e7ab79b45eda7c4421f296abf37c52
SHA1 8490f4e098d50ec161e64db912f8430826daf2bc
SHA256 ded3490683fcf3c5b87803bb1835759df2b65831a6257a326709a708a1dd45ac
SHA512 094c2150f872e727980f84b6c011f13210d43cbfd9437825b3b014211c69d7bd3f6367e9913370b624ddad270cfe91c190ebf2c5f5fd4e082b5d6c85199cb6b1

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\bcadigmkecmhhknameopgaidphameinh\Icons\16.png

MD5 238b0e7dc06028db4b6aba8078740ffb
SHA1 5fd2309587993b371beabb7a9d039e0dba3006ba
SHA256 d159e510392f6da58c4d15cc098171d45c7b02a1362cbf7be7a2d47a1a10e7fc
SHA512 1dda4de21be647067c04dfc47174df39d0c6c1eeee3e9005211f908351b69d6a27ed268b5ec7480285fb203a95136a3a205f7bafb7eb5223a3dcbab0dadc0e5d

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Tablo Cache\data_1

MD5 d0d388f3865d0523e451d6ba0be34cc4
SHA1 8571c6a52aacc2747c048e3419e5657b74612995
SHA256 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b
SHA512 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\turboapp_db.json

MD5 45deec3183ca38073f13a02c856a201b
SHA1 567f18872c1f368d55ef674231cdc40aab86fe37
SHA256 b9fff1bbd9e82dc1d800c0e3c20839fc43f2cfe861989ec0845fb0cb958392f3
SHA512 14294bf7f4774c28a68aa11149af26fbc45b2d59e19bbc82bd2b9bb7058f50c3b79452cdb52153f146707762aa44b149348d702919449b5726fc7ec858ff54bb

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\585e645c-47e0-4dda-998a-db75e9bea5b1\fef132170d47887d_0

MD5 ed69ee2464b84fbc0b4e820efd562b0b
SHA1 61e4fd645c05551de086c2fa449095a760052d34
SHA256 611fe2d1994d08508c92b9bf3fbc1b31114c1c79d4da10165a4853e4a0141823
SHA512 210d7231642faa669f4595a1ed10553100ecdf89b89efaeb599b4268ad26973eb2028eba41a17145b4b61ea37681b22f0c8a94aa42f0d4d4a62be46d199db450

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\585e645c-47e0-4dda-998a-db75e9bea5b1\a5bf558ee294349d_0

MD5 08d766d8c0895ea3bf55fd39642ad1ae
SHA1 9179d799707ad93ff8376a3d9555ead139fa55c2
SHA256 50257b70090bbc4116651e3681bb3af20de2086002d7389271f3650234cc84e5
SHA512 e3797162479708f108d1447c962c65f796c65febab63c47aced81f9aef485ae9520447b06d5dc406c4db33a334d10665822e0b9423627fe61a681fbcb151f491

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\585e645c-47e0-4dda-998a-db75e9bea5b1\ec5181ffe9c89d0f_0

MD5 fa779199c05dcd6fa58557dbe3425647
SHA1 de768489df756a94f5193fde8974047621624adb
SHA256 44ab030cfcf070e425e688becd2abe42cc37ac92c1c3477af2b2cd67d1b6ef5f
SHA512 5ff7399a353861b5c7ec74df41e44261e3a7c0978f48f2a995a8f4408c34710e875b806edbd1c97a59774ad277f588f499438b3fdce43265a47e220241936c1b

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

MD5 d5e04024f5529f1083b36eb6ced8ccab
SHA1 7b533b59f95ff89e44dd90089c4df16d0c40d36e
SHA256 20ee0a952e4d555906ae66af4b51d17b6b67f4c134364d6c9e48eeac201b736a
SHA512 8e4e1c53d2ac97225e3ece744287c13fff1ad30245b0509a2f16ba92ca40986fe48d3d20c61864765b47ed087de3cdcd4f8eacb3d5e4fa73149f93864e5eb264

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\585e645c-47e0-4dda-998a-db75e9bea5b1\bacba500485a7fa6_0

MD5 ff2628533531e2802b5fd4e6d6d14002
SHA1 3c99ced33a7bcf12fac5bc8f3c33e2cacf832864
SHA256 7407c99be4550480a462d4ca9790704c8b15f9227138b687763e39ceca8085d6
SHA512 587e94f313e3017032d99d583580372467dc3135166c1e7ed447c6c79d595503652f3ec598dbfb36d8f6fdb02209ac7cc7edaf4f7d5168c9215f16fdbc1e6618

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\585e645c-47e0-4dda-998a-db75e9bea5b1\c0bda676d50722ea_0

MD5 9c4e16c5b885abcdb66e56540a87b4af
SHA1 fd877510ebf13720a91a3493f0f44519a172278b
SHA256 3d1870b097594711ed03eab81f97d961f8afdd1769fed4ac7e70b78cb2f64fc4
SHA512 57312d80ed9b0520b2c616b8ea097a3859288fcc6f257995491cf980d40e4fa8aa83f91b65a4823b3080d71aeafcd03170acd8bc3b13bbaf5bdf64a6bfd955d7

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\585e645c-47e0-4dda-998a-db75e9bea5b1\8026096bf5034c1d_0

MD5 45cf7dc5468df71d8e4e45655ea90fe1
SHA1 9f3a0f868166d14e68bed63bd5e92daf7f258d33
SHA256 4c09566012826f6b72fecb92ca57fd9dd8bb8c605cf39c409c72ff4b5c50ef16
SHA512 c7ba38d00cc0a5a8b2ed9d2a22070a124b3dcba6e9ad43b10e8dc2623ce02a745b1b55364f660031f496b02042bcfc63cb7ae30c5ab84f5f6fe58920db76b783

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\585e645c-47e0-4dda-998a-db75e9bea5b1\780716c60bb8931c_0

MD5 2ff8ff3854949b25d77a841d76683914
SHA1 0200f8c73300208a7473951bf9f6d0c72ad67b92
SHA256 88c36dfcaad2a32a88e666e73576a5a366a3a2a22b8c5216b144644295c796eb
SHA512 d041b174016fe6b972ace2048bf47795fab9f7474800bad76d7fc81fc0126197ff691ff27f0027d41ffc8aaeaa4f2c6f2a8b254702c580559a72a89c2d63fbe2

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\585e645c-47e0-4dda-998a-db75e9bea5b1\ae662e046f7b3fd9_0

MD5 bca4c558f9dc9d4becb164bfefb0b8f8
SHA1 a735452410f3b870f7017d0579fea61b3326046f
SHA256 2f2d589a50f51e990d758f9d552076e0fde5f9ce9b8be781465f86c3fe1dc810
SHA512 e85c68f22871ebda2d559a22ed0056afd3631f75b4ca09e89da73fca2f9499df7e32e106b3f7227db2529ac93fe375316ec8f3c0501fa794ca60ceed4b645798

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\585e645c-47e0-4dda-998a-db75e9bea5b1\e268339246b29adc_0

MD5 8c611e10191a5e7e967cd33f07b1ef46
SHA1 b96d4222fbba31fbb1aa20d3bc037dd11732e1b1
SHA256 e5da2e40ec931af008ef487190dcfe6236dc25d8be74ebe6535216d49243126a
SHA512 18d074b3b08c2a0568374a77ae307dca01c645cac0f04192a6bc9bfaa7be06a5062e1912a295bbb60407d66bba0db582cde51db1806f85537da69db0d1a91e80

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

MD5 5fb34f90dd1cd679005eb209f8d7d772
SHA1 0265bed39e9d7d1a8a8562cfaeb787bd8e978866
SHA256 3d6beeca3076963ca4693aba9fa18ac44d79e4a8a11761b92470ac20d63ec12c
SHA512 5143b16af1308c1143c76f023570e40a4babfb2bd93a09350fedd8c3f7ba85340f2dae4655f39312ee2167563ad70896cad9841d58fa7068d2304cb8aa72ce23

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\585e645c-47e0-4dda-998a-db75e9bea5b1\1ad10c4bb9e37138_0

MD5 e57ebaa421abb69c998b1c801b8a213e
SHA1 386a3166fd447d1ec8bf1f8daf51d81b4f9020d6
SHA256 fe43fa74b6a6c370af142d7ab14d8d89e610923ff0a00a5a777920e4c9d6fcff
SHA512 5ffbfee9970bfa19ff9242b08870ad1b4d3690363f05d7af792cabced98cb27fdafba3f1161f4fc1544ca34da1fa3ac418131f5210e3452e376456ed57377cb4

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\585e645c-47e0-4dda-998a-db75e9bea5b1\2a9877b782e7616c_0

MD5 39846803ac3f83839365ce751d1870e7
SHA1 1eac7e342ae8a1cbb09e01c2f2e658b06f45458d
SHA256 35a82e2e896ab0129a3a01aba72f20af0a5d09dc351c6d0250cd849c15dc090c
SHA512 063dd219c835a58206254301a7ac896580efdb6f762e0f1d81a9ebb56a19eb1bb842f87d1e233ca42d712f30881d9657c98edc3a1b0cb351ac986cb29444647d

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\585e645c-47e0-4dda-998a-db75e9bea5b1\b3f0dc54e2b61fc9_0

MD5 2c9e5c17e8da365a920813e3e79e5732
SHA1 0edd768f4b90b790776df99f6d0edf9bb9fa90fe
SHA256 1cbf3baf81aa3d5daed696229ade9a5f634d11db656cebf63f3f919784bd22f6
SHA512 be2cc72cc27754921314d24431c6b4b1c9af4cfa414ab36a24c19636cf68aaec9e3f258e3df1c21a1047279d0518aaa9332e75b6c389bbf969eb5c853e312acc

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity

MD5 85c8c9a9f46001be08b030461cb4f1b2
SHA1 261a36be1b18910156d7c3bdf7a0a45e8793fdcb
SHA256 53e691e452201ac9b51a88b6c717e771116c0858639f72a6a1a9d6c38f707da2
SHA512 3ae11a8502c6ebb52689e0c17890258dfbff93459f7143b65b3a95a20114939aedb880c17f4c239388ed38df65291804f68ae41b90dc468c662990202f7eaf2a

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity

MD5 fa98694f1935ecc4b1eb5ff260f33e92
SHA1 fb004de31f42edef79eb13f16b78d8bd06e17843
SHA256 6e1b257caa385f72afb7d5c003099ade526805afd89e51a1bc0a569ae7ae7b7e
SHA512 e8f250ca6ec14d6f305d88acfea6b8822ce526b5bfa1aa229f7710d456510e83b9447e9b547b7aab4dbeb01a11a9bc85bdf4e2114aca97dded1de3f20085cc80