Malware Analysis Report

2024-11-30 02:36

Sample ID 240407-wsczsaaf5v
Target 03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d
SHA256 03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d
Tags
discovery spyware stealer persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d

Threat Level: Likely malicious

The file 03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d was found to be: Likely malicious.

Malicious Activity Summary

discovery spyware stealer persistence

Downloads MZ/PE file

Checks computer location settings

Loads dropped DLL

Reads user/profile data of web browsers

Executes dropped EXE

Checks installed software on the system

Enumerates connected drives

Adds Run key to start application

Drops desktop.ini file(s)

Blocklisted process makes network request

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Unsigned PE

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

Modifies Internet Explorer start page

Enumerates system info in registry

Modifies system certificate store

Modifies data under HKEY_USERS

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-07 18:10

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-07 18:10

Reported

2024-04-07 18:13

Platform

win7-20240215-en

Max time kernel

117s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe"

Signatures

Downloads MZ/PE file

Reads user/profile data of web browsers

spyware stealer

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A

Checks installed software on the system

discovery

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini C:\Users\Admin\AppData\Local\Yandex\yapin\Yandex.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Installer\f761796.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI1AE4.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI1C6D.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f761797.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f761796.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI1A86.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI1C2D.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI19E9.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f761797.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI1CDD.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI1D2E.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI1C4D.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI1C9D.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI1D0C.tmp C:\Windows\system32\msiexec.exe N/A

Enumerates physical storage devices

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\2b4469f0-f50a-11ee-bf38-525094b41941\NTURL = "https://yandex.ru/search/?win=640&clid=2323500-94&text={searchTerms}" C:\Users\Admin\AppData\Local\Temp\35CEBBB8-92B9-4A0E-A50E-089B02031E01\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\2b4469f0-f50a-11ee-bf38-525094b41941\NTLogoURL = "http://downloader.yandex.net/banner/ntpagelogo/{language}/{scalelevel}.png" C:\Users\Admin\AppData\Local\Temp\35CEBBB8-92B9-4A0E-A50E-089B02031E01\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\buffer\TopResultURLFallback = "http://www.bing.com/search?q={searchTerms}&src=IE-TopResult&FORM=IE11TR" C:\Users\Admin\AppData\Local\Temp\35CEBBB8-92B9-4A0E-A50E-089B02031E01\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\DisplayName = "Яндекс" C:\Users\Admin\AppData\Local\Temp\35CEBBB8-92B9-4A0E-A50E-089B02031E01\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\URL = "https://yandex.ru/search/?win=640&clid=2323498-94&text={searchTerms}" C:\Users\Admin\AppData\Local\Temp\35CEBBB8-92B9-4A0E-A50E-089B02031E01\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\2b4469f0-f50a-11ee-bf38-525094b41941\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" C:\Users\Admin\AppData\Local\Temp\35CEBBB8-92B9-4A0E-A50E-089B02031E01\seederexe.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\buffer C:\Users\Admin\AppData\Local\Temp\35CEBBB8-92B9-4A0E-A50E-089B02031E01\seederexe.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main C:\Users\Admin\AppData\Local\Temp\35CEBBB8-92B9-4A0E-A50E-089B02031E01\seederexe.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\2b4469f0-f50a-11ee-bf38-525094b41941 C:\Users\Admin\AppData\Local\Temp\35CEBBB8-92B9-4A0E-A50E-089B02031E01\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\buffer\SuggestionsURLFallback = "http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IE11SS&market={language}" C:\Users\Admin\AppData\Local\Temp\35CEBBB8-92B9-4A0E-A50E-089B02031E01\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\buffer\FaviconURLFallback = "http://www.bing.com/favicon.ico" C:\Users\Admin\AppData\Local\Temp\35CEBBB8-92B9-4A0E-A50E-089B02031E01\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\buffer\DisplayName = "Bing" C:\Users\Admin\AppData\Local\Temp\35CEBBB8-92B9-4A0E-A50E-089B02031E01\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTLogoURL = "http://downloader.yandex.net/banner/ntpagelogo/{language}/{scalelevel}.png" C:\Users\Admin\AppData\Local\Temp\35CEBBB8-92B9-4A0E-A50E-089B02031E01\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\YaCreationDate = "2024-10-07" C:\Users\Admin\AppData\Local\Temp\35CEBBB8-92B9-4A0E-A50E-089B02031E01\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\2b4469f0-f50a-11ee-bf38-525094b41941\TopResultURLFallback = "http://www.bing.com/search?q={searchTerms}&src=IE-TopResult&FORM=IE11TR" C:\Users\Admin\AppData\Local\Temp\35CEBBB8-92B9-4A0E-A50E-089B02031E01\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\2b4469f0-f50a-11ee-bf38-525094b41941\URL = "https://yandex.ru/search/?win=640&clid=2323498-94&text={searchTerms}" C:\Users\Admin\AppData\Local\Temp\35CEBBB8-92B9-4A0E-A50E-089B02031E01\seederexe.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} C:\Users\Admin\AppData\Local\Temp\35CEBBB8-92B9-4A0E-A50E-089B02031E01\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURL_JSON = "https://suggest.yandex.ru/suggest-ff.cgi?uil=ru&part={searchTerms}" C:\Users\Admin\AppData\Local\Temp\35CEBBB8-92B9-4A0E-A50E-089B02031E01\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\2b4469f0-f50a-11ee-bf38-525094b41941\SuggestionsURLFallback = "http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IE11SS&market={language}" C:\Users\Admin\AppData\Local\Temp\35CEBBB8-92B9-4A0E-A50E-089B02031E01\seederexe.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\MINIE C:\Users\Admin\AppData\Local\Temp\35CEBBB8-92B9-4A0E-A50E-089B02031E01\seederexe.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main C:\Users\Admin\AppData\Local\Temp\35CEBBB8-92B9-4A0E-A50E-089B02031E01\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\2b4469f0-f50a-11ee-bf38-525094b41941\NTTopResultURL C:\Users\Admin\AppData\Local\Temp\35CEBBB8-92B9-4A0E-A50E-089B02031E01\seederexe.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\2b4469f0-f50a-11ee-bf38-525094b41941 C:\Users\Admin\AppData\Local\Temp\35CEBBB8-92B9-4A0E-A50E-089B02031E01\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\2b4469f0-f50a-11ee-bf38-525094b41941\FaviconURLFallback = "http://www.bing.com/favicon.ico" C:\Users\Admin\AppData\Local\Temp\35CEBBB8-92B9-4A0E-A50E-089B02031E01\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\2b4469f0-f50a-11ee-bf38-525094b41941\DisplayName = "Яндекс" C:\Users\Admin\AppData\Local\Temp\35CEBBB8-92B9-4A0E-A50E-089B02031E01\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\2b4469f0-f50a-11ee-bf38-525094b41941\YaCreationDate = "2024-10-07" C:\Users\Admin\AppData\Local\Temp\35CEBBB8-92B9-4A0E-A50E-089B02031E01\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURL C:\Users\Admin\AppData\Local\Temp\35CEBBB8-92B9-4A0E-A50E-089B02031E01\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\2b4469f0-f50a-11ee-bf38-525094b41941\DisplayName = "Bing" C:\Users\Admin\AppData\Local\Temp\35CEBBB8-92B9-4A0E-A50E-089B02031E01\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\2b4469f0-f50a-11ee-bf38-525094b41941\URL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR" C:\Users\Admin\AppData\Local\Temp\35CEBBB8-92B9-4A0E-A50E-089B02031E01\seederexe.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\buffer C:\Users\Admin\AppData\Local\Temp\35CEBBB8-92B9-4A0E-A50E-089B02031E01\seederexe.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Users\Admin\AppData\Local\Temp\35CEBBB8-92B9-4A0E-A50E-089B02031E01\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DefaultScope = "{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" C:\Users\Admin\AppData\Local\Temp\35CEBBB8-92B9-4A0E-A50E-089B02031E01\seederexe.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Users\Admin\AppData\Local\Temp\35CEBBB8-92B9-4A0E-A50E-089B02031E01\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\2b4469f0-f50a-11ee-bf38-525094b41941\FaviconURLFallback = "https://www.yandex.ru/favicon.ico" C:\Users\Admin\AppData\Local\Temp\35CEBBB8-92B9-4A0E-A50E-089B02031E01\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\buffer\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" C:\Users\Admin\AppData\Local\Temp\35CEBBB8-92B9-4A0E-A50E-089B02031E01\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\buffer\URL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR" C:\Users\Admin\AppData\Local\Temp\35CEBBB8-92B9-4A0E-A50E-089B02031E01\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconURLFallback = "https://www.yandex.ru/favicon.ico" C:\Users\Admin\AppData\Local\Temp\35CEBBB8-92B9-4A0E-A50E-089B02031E01\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\Local\\MICROS~1\\INTERN~1\\Services\\YANDEX~1.ICO" C:\Users\Admin\AppData\Local\Temp\35CEBBB8-92B9-4A0E-A50E-089B02031E01\seederexe.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\ShowSearchSuggestionsInAddressGlobal = "1" C:\Users\Admin\AppData\Local\Temp\35CEBBB8-92B9-4A0E-A50E-089B02031E01\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\2b4469f0-f50a-11ee-bf38-525094b41941\SuggestionsURL_JSON = "https://suggest.yandex.ru/suggest-ff.cgi?uil=ru&part={searchTerms}" C:\Users\Admin\AppData\Local\Temp\35CEBBB8-92B9-4A0E-A50E-089B02031E01\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\2b4469f0-f50a-11ee-bf38-525094b41941\SuggestionsURL C:\Users\Admin\AppData\Local\Temp\35CEBBB8-92B9-4A0E-A50E-089B02031E01\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\2b4469f0-f50a-11ee-bf38-525094b41941\FaviconPath = "C:\\Users\\Admin\\AppData\\Local\\MICROS~1\\INTERN~1\\Services\\YANDEX~1.ICO" C:\Users\Admin\AppData\Local\Temp\35CEBBB8-92B9-4A0E-A50E-089B02031E01\seederexe.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} C:\Users\Admin\AppData\Local\Temp\35CEBBB8-92B9-4A0E-A50E-089B02031E01\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTURL = "https://yandex.ru/search/?win=640&clid=2323500-94&text={searchTerms}" C:\Users\Admin\AppData\Local\Temp\35CEBBB8-92B9-4A0E-A50E-089B02031E01\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTTopResultURL C:\Users\Admin\AppData\Local\Temp\35CEBBB8-92B9-4A0E-A50E-089B02031E01\seederexe.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\MINIE\LinksBandEnabled = "1" C:\Users\Admin\AppData\Local\Temp\35CEBBB8-92B9-4A0E-A50E-089B02031E01\seederexe.exe N/A

Modifies Internet Explorer start page

stealer
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Start Page = "https://www.yandex.ru/?win=640&clid=2323497-94" C:\Users\Admin\AppData\Local\Temp\35CEBBB8-92B9-4A0E-A50E-089B02031E01\seederexe.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached C:\Users\Admin\AppData\Local\Temp\35CEBBB8-92B9-4A0E-A50E-089B02031E01\seederexe.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{E88DCCE0-B7B3-11D1-A9F0-00AA0060FA31} {000214E6-0000-0000-C000-000000000046} 0xFFFF = 0100000000000000700609eb1689da01 C:\Users\Admin\AppData\Local\Temp\35CEBBB8-92B9-4A0E-A50E-089B02031E01\seederexe.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E C:\Windows\system32\msiexec.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1EB00E30-8098-4084-B8BF-AA41438B4ED2\lite_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1EB00E30-8098-4084-B8BF-AA41438B4ED2\lite_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1EB00E30-8098-4084-B8BF-AA41438B4ED2\lite_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1EB00E30-8098-4084-B8BF-AA41438B4ED2\lite_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35CEBBB8-92B9-4A0E-A50E-089B02031E01\seederexe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35CEBBB8-92B9-4A0E-A50E-089B02031E01\seederexe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35CEBBB8-92B9-4A0E-A50E-089B02031E01\seederexe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35CEBBB8-92B9-4A0E-A50E-089B02031E01\seederexe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35CEBBB8-92B9-4A0E-A50E-089B02031E01\seederexe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35CEBBB8-92B9-4A0E-A50E-089B02031E01\seederexe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1EB00E30-8098-4084-B8BF-AA41438B4ED2\lite_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1EB00E30-8098-4084-B8BF-AA41438B4ED2\lite_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1EB00E30-8098-4084-B8BF-AA41438B4ED2\lite_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1EB00E30-8098-4084-B8BF-AA41438B4ED2\lite_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1FD6CD94-2155-4EFD-AAE4-D8B9A295EB87\sender.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1FD6CD94-2155-4EFD-AAE4-D8B9A295EB87\sender.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1FD6CD94-2155-4EFD-AAE4-D8B9A295EB87\sender.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1FD6CD94-2155-4EFD-AAE4-D8B9A295EB87\sender.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\35CEBBB8-92B9-4A0E-A50E-089B02031E01\seederexe.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2604 wrote to memory of 1056 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2604 wrote to memory of 1056 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2604 wrote to memory of 1056 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2604 wrote to memory of 1056 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2604 wrote to memory of 1056 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2604 wrote to memory of 1056 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2604 wrote to memory of 1056 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1056 wrote to memory of 1444 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\1EB00E30-8098-4084-B8BF-AA41438B4ED2\lite_installer.exe
PID 1056 wrote to memory of 1444 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\1EB00E30-8098-4084-B8BF-AA41438B4ED2\lite_installer.exe
PID 1056 wrote to memory of 1444 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\1EB00E30-8098-4084-B8BF-AA41438B4ED2\lite_installer.exe
PID 1056 wrote to memory of 1444 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\1EB00E30-8098-4084-B8BF-AA41438B4ED2\lite_installer.exe
PID 1056 wrote to memory of 1444 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\1EB00E30-8098-4084-B8BF-AA41438B4ED2\lite_installer.exe
PID 1056 wrote to memory of 1444 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\1EB00E30-8098-4084-B8BF-AA41438B4ED2\lite_installer.exe
PID 1056 wrote to memory of 1444 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\1EB00E30-8098-4084-B8BF-AA41438B4ED2\lite_installer.exe
PID 2604 wrote to memory of 1540 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2604 wrote to memory of 1540 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2604 wrote to memory of 1540 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2604 wrote to memory of 1540 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2604 wrote to memory of 1540 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2604 wrote to memory of 1540 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2604 wrote to memory of 1540 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1540 wrote to memory of 1044 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\35CEBBB8-92B9-4A0E-A50E-089B02031E01\seederexe.exe
PID 1540 wrote to memory of 1044 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\35CEBBB8-92B9-4A0E-A50E-089B02031E01\seederexe.exe
PID 1540 wrote to memory of 1044 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\35CEBBB8-92B9-4A0E-A50E-089B02031E01\seederexe.exe
PID 1540 wrote to memory of 1044 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\35CEBBB8-92B9-4A0E-A50E-089B02031E01\seederexe.exe
PID 1044 wrote to memory of 4992 N/A C:\Users\Admin\AppData\Local\Temp\35CEBBB8-92B9-4A0E-A50E-089B02031E01\seederexe.exe C:\Users\Admin\AppData\Local\Temp\1FD6CD94-2155-4EFD-AAE4-D8B9A295EB87\sender.exe
PID 1044 wrote to memory of 4992 N/A C:\Users\Admin\AppData\Local\Temp\35CEBBB8-92B9-4A0E-A50E-089B02031E01\seederexe.exe C:\Users\Admin\AppData\Local\Temp\1FD6CD94-2155-4EFD-AAE4-D8B9A295EB87\sender.exe
PID 1044 wrote to memory of 4992 N/A C:\Users\Admin\AppData\Local\Temp\35CEBBB8-92B9-4A0E-A50E-089B02031E01\seederexe.exe C:\Users\Admin\AppData\Local\Temp\1FD6CD94-2155-4EFD-AAE4-D8B9A295EB87\sender.exe
PID 1044 wrote to memory of 4992 N/A C:\Users\Admin\AppData\Local\Temp\35CEBBB8-92B9-4A0E-A50E-089B02031E01\seederexe.exe C:\Users\Admin\AppData\Local\Temp\1FD6CD94-2155-4EFD-AAE4-D8B9A295EB87\sender.exe
PID 2604 wrote to memory of 3852 N/A C:\Windows\system32\msiexec.exe C:\Users\Admin\AppData\Local\Yandex\yapin\Yandex.exe
PID 2604 wrote to memory of 3852 N/A C:\Windows\system32\msiexec.exe C:\Users\Admin\AppData\Local\Yandex\yapin\Yandex.exe
PID 2604 wrote to memory of 3852 N/A C:\Windows\system32\msiexec.exe C:\Users\Admin\AppData\Local\Yandex\yapin\Yandex.exe
PID 2604 wrote to memory of 3852 N/A C:\Windows\system32\msiexec.exe C:\Users\Admin\AppData\Local\Yandex\yapin\Yandex.exe

Processes

C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe

"C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 89AA1BB2F40F99035227A6D4058671A7

C:\Users\Admin\AppData\Local\Temp\1EB00E30-8098-4084-B8BF-AA41438B4ED2\lite_installer.exe

"C:\Users\Admin\AppData\Local\Temp\1EB00E30-8098-4084-B8BF-AA41438B4ED2\lite_installer.exe" --use-user-default-locale --silent --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/ --YABROWSER

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding F347DEB7B6A08CC4CEA5DDF1159674C1 M Global\MSI0000

C:\Users\Admin\AppData\Local\Temp\35CEBBB8-92B9-4A0E-A50E-089B02031E01\seederexe.exe

"C:\Users\Admin\AppData\Local\Temp\35CEBBB8-92B9-4A0E-A50E-089B02031E01\seederexe.exe" "--yqs=y" "--yhp=y" "--ilight=" "--locale=us" "--browser=y" "--browser_default=" "--yabm=" "--loglevel=trace" "--ess=" "--clids=C:\Users\Admin\AppData\Local\Temp\clids-yasearch.xml" "--sender=C:\Users\Admin\AppData\Local\Temp\1FD6CD94-2155-4EFD-AAE4-D8B9A295EB87\sender.exe" "--is_elevated=yes" "--ui_level=5"

C:\Users\Admin\AppData\Local\Temp\35CEBBB8-92B9-4A0E-A50E-089B02031E01\seederexe.exe

"C:\Users\Admin\AppData\Local\Temp\35CEBBB8-92B9-4A0E-A50E-089B02031E01\seederexe.exe" "--ypin=y" "--ilight=1" "--loglevel=trace" "--clids=C:\Users\Admin\AppData\Local\Temp\clids-yasearch.xml" "--locale=ru"

C:\Users\Admin\AppData\Local\Temp\1EB00E30-8098-4084-B8BF-AA41438B4ED2\lite_installer.exe

"C:\Users\Admin\AppData\Local\Temp\1EB00E30-8098-4084-B8BF-AA41438B4ED2\lite_installer.exe" --job-name=yBrowserDownloader-{CB159FF5-DE22-4737-AE3C-100468BC3402} --send-statistics --local-path=C:\Users\Admin\AppData\Local\Temp\{A9468179-A631-438B-A757-733685E9B97F}.exe --YABROWSER --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/ --silent --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe?clid=2323476-94&ui={0D1DE350-B671-4BC8-892E-A802D2038B6F} --use-user-default-locale

C:\Users\Admin\AppData\Local\Temp\1FD6CD94-2155-4EFD-AAE4-D8B9A295EB87\sender.exe

C:\Users\Admin\AppData\Local\Temp\1FD6CD94-2155-4EFD-AAE4-D8B9A295EB87\sender.exe --send "/status.xml?clid=2323496-94&uuid=%7B0D1DE350-B671-4BC8-892E-A802D2038B6F%7D&vnt=Windows 7x64&file-no=6%0A10%0A11%0A12%0A13%0A15%0A17%0A18%0A21%0A22%0A24%0A25%0A38%0A40%0A42%0A45%0A57%0A59%0A89%0A103%0A106%0A108%0A111%0A123%0A124%0A129%0A"

C:\Users\Admin\AppData\Local\Yandex\yapin\Yandex.exe

"C:\Users\Admin\AppData\Local\Yandex\yapin\Yandex.exe" --silent

Network

Country Destination Domain Proto
US 8.8.8.8:53 crl.globalsign.com udp
US 151.101.2.133:80 crl.globalsign.com tcp
US 151.101.2.133:80 crl.globalsign.com tcp
US 151.101.2.133:80 crl.globalsign.com tcp
US 8.8.8.8:53 clck.yandex.ru udp
RU 213.180.193.14:80 clck.yandex.ru tcp
US 8.8.8.8:53 adadis.yandex.net udp
US 8.8.8.8:53 downloader.yandex.net udp
RU 5.45.205.241:80 downloader.yandex.net tcp
US 8.8.8.8:53 cachev2-kiv03.cdn.yandex.net udp
RU 5.45.192.185:80 cachev2-kiv03.cdn.yandex.net tcp
RU 213.180.193.14:80 clck.yandex.ru tcp
RU 213.180.193.14:80 clck.yandex.ru tcp
RU 213.180.193.14:80 clck.yandex.ru tcp
US 8.8.8.8:53 soft.export.yandex.ru udp
RU 87.250.254.20:80 soft.export.yandex.ru tcp
RU 213.180.193.14:80 clck.yandex.ru tcp

Files

C:\Users\Admin\AppData\Local\Temp\{5B964E0E-B9A3-4276-9ED9-4D5A5720747A}\YandexSearch.msi

MD5 6f305dca0e175b63e4500f7b0aafdda1
SHA1 491d7a8ad0d4dca128747be398eed2359a0085fd
SHA256 9e3d058b6ff2164f1cd9925016a8eef1bb13130b603a3b19372e9517285205c4
SHA512 73b2a80a8126ee8a8e2fc214966b4ff2476e0ac621b2b2765d75b46b9402d922f3a847ed43e6f6d9af90dfc2ac227765a5554ea8b8d752cb28dfe58cd8546e2b

C:\Users\Admin\AppData\Local\Temp\YandexSearch00000.log

MD5 3b2f1fd748e43678d43a329e6b13176e
SHA1 77108d8a02d886d10a732f7100bf1d3c1ac5ecec
SHA256 2f53cbc751e3cf051e78ad3626ca3b53d8585e063b83531c35cf934f14ba0c8a
SHA512 b65af18d162a104998f93490639f975a1f435437dcd2cc06d2f8d74ab210dfcab2142ddd12bf740d083bacff4990c4a55b5cb45757f66fcc96ded26c8280a95a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_A026C9CD7BA14377D055F4A2325D4501

MD5 401fe33f7613543aab0a99f1104da8d1
SHA1 17cbf2bd7f31530aa5699291df9f14df61a3b50e
SHA256 5a9f6247334712a7e057789672694b8fd0728a9a57cf8f4d38187489bd6f5ffe
SHA512 001da550d0b27c31c577c7e6c13d65dd9e93b6a73af6b86b1e29bd5df99300ee563f363021a7cb6d7a663535b1b0dcfe23fa3f333b270c9f228ad0c5ef9b2435

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_A026C9CD7BA14377D055F4A2325D4501

MD5 745a869175b2603e01db869d58b71b3e
SHA1 c9255584a57749e4a1036f6e8a72e8b29b757e6a
SHA256 6c211ee2d6a68b58f1a8aa9c21c53d6232fd43964e6e006a6f6d3be59eb9b4bf
SHA512 d4b47a98d45fe7ae74de59043c81e20c25426887abd50b6f0aaa8ef26035dff2e8f336c252f9286c4eb91960f1fa1da8e0565767f4a4963ca0b28a2e2b0f300f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B0B1E3C3B1330A269DBEE4BA6313E7B4

MD5 2ffbdb98df2a2b022a48adeb94a3af50
SHA1 6c86923b5c5832bb102f041cb7d38db397074f12
SHA256 dd12c5733bc4b682e1da6353c8c27650f53d11a8ada8fd8a2d06f23cecae5ebd
SHA512 a5f29661ac78ea205dd945fcc53e015152277426af4bcce688231ca1a564dc49144b2953409651737733fec72e9042468c780917543c007d7de74ed44058dbfb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B0B1E3C3B1330A269DBEE4BA6313E7B4

MD5 1a413c170fb4f1a53e4fe79355c0a612
SHA1 d7a7fd8dc7258797054352759ca2cc860b0bedd7
SHA256 3bb9de767eac9b92777d0e92ed266ca4e1fb7ecbbcdab80f522874e96ae0433a
SHA512 0344df8c91c140aa4c2c6d9a5e3bdb9fd544c13a40c79f9f1691d10de26804a4aaba9c08bd1ee2e19226c722b7f14da3a41a837f6917d7bebd7c8df188b28031

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DDA81A73291E20E6ACF6CACA76D5C942_4EA93225B46C4B45501FF0DDE9E306D0

MD5 5bfa51f3a417b98e7443eca90fc94703
SHA1 8c015d80b8a23f780bdd215dc842b0f5551f63bd
SHA256 bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128
SHA512 4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DDA81A73291E20E6ACF6CACA76D5C942_4EA93225B46C4B45501FF0DDE9E306D0

MD5 a020fb67c7f3a9e6a30ccf755619cecc
SHA1 c743a5cf2df3cfcb9f4af5ed1b84fddf0b60b169
SHA256 fe7cb143452e9e2a6676b742a3c52fad8fe411edd1a2db5aac198934cd06a6a0
SHA512 07092571743ea9ae1aba343f4380ac4b2cac3b5c580facd19d20424ef6757965aa24331a7169a0c58b12c5ba2437ed3db744528da86760c6f59807f33b703a57

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c3e0dbc98b6d66edcd78123b6c929420
SHA1 676824fece0c164e0e87c826dd86e37956bf14b7
SHA256 745ba1e894d250b1d9d5bddf14aa7df6b1164a47b45f67213e6c3a7df574ca3f
SHA512 4a9b83cdd3a1868e67f26282217381bc33769f0c944afeaafe5930bdd8924662f4c51cc16caa93bccd169cde8f53ef3d0bde47fa1ee91f6b3c5f11fb4cceb9d8

C:\Users\Admin\AppData\Local\Temp\Cab195A.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Windows\Installer\MSI19E9.tmp

MD5 694a088ff8fa0e3155881bb6500868bc
SHA1 096626661b9bcb3b3197b92e7e3c4e77ad4b2df4
SHA256 6f3a5bbd29f669712d6c2c7e5174dea6807cb86fda293acbe360bde81d29a633
SHA512 bd3a9cdf9ea591d462be8e00e9bc44c391897c40d598ada19f0377f3a6aea97aba03627d97d6362edbb81763fe3c7570d07bdfd5a004dd9e7af4531bc490bdeb

C:\Windows\Installer\MSI1A86.tmp

MD5 c3a831564e7b54fb7b502b728e232542
SHA1 82a4f969b1f19dc6489e13d357ccad9fef4837ab
SHA256 43097d66f86e3a1103d4cc7c410e46daba8d1a7a991ab6c222d41bd2620c19ca
SHA512 4855ca4429974a0b111d42b86cb8f89188310aaaf9174b4cf462a968163c8b92e38d4a519c78133301b341be5cd02e34b55b55575e84f0d01c2cd11ae74cce05

C:\Users\Admin\AppData\Local\Temp\vendor00000.xml

MD5 6ba6c6229c9ff245937f39dd75a8e524
SHA1 861daa91d14ff23b50f7f694e962dc6d6caafece
SHA256 d2081a499ddf4bba9089851139a66fe0c844830780310c4ac2bdc78d61344705
SHA512 cb609ae13a87cc1b061770958073d0ec601016058655b157c49b63b337e8068485ef3354613b7e68072194530c4f8d5f78338ca469a0711b95e9740a5e6f8266

\Users\Admin\AppData\Local\Temp\1EB00E30-8098-4084-B8BF-AA41438B4ED2\lite_installer.exe

MD5 28b10eff9b78787aa18e424fd9319064
SHA1 0bd2bc3665e8988567607460ea6bfc51d45d4d5c
SHA256 dbbbf54115fb97f777180f67ee341cf16803ed6e85bf9af60ea13d9b99be362d
SHA512 a908a231c9db21767066ab13ec4a8ac451bc978f5d8bccf5032e5ecbcaa996c7e2afff0121036cc184a3c19a4caf542bb15dbe6ad6dae16c422f6ac6bc5a791a

C:\Users\Admin\AppData\Roaming\Yandex\clids-yabrowser.xml

MD5 66ce27bfa6e51392a2b1f72d8017479e
SHA1 2d4ee200a4ce73cdaf643373ff814e3c026f123e
SHA256 8a169b18dfe097651f8e4edbab7866228a64b28ef42a54bc4e4b29110d429127
SHA512 4b0e9aaaee38cc710d5ba168dc41cba59bd076f9614aad3aafba2e474c7f1bef096fb7b162381b4ccd73feee7f0315d59d0a1b4475ecb9d26efaec708d973b40

C:\Windows\Installer\MSI1D2E.tmp

MD5 ba84dd4e0c1408828ccc1de09f585eda
SHA1 e8e10065d479f8f591b9885ea8487bc673301298
SHA256 3cff4ac91288a0ff0c13278e73b282a64e83d089c5a61a45d483194ab336b852
SHA512 7a38418f6ee8dbc66fab2cd5ad8e033e761912efc465daa484858d451da4b8576079fe90fd3b6640410edc8b3cac31c57719898134f246f4000d60a252d88290

\Users\Admin\AppData\Local\Temp\35CEBBB8-92B9-4A0E-A50E-089B02031E01\seederexe.exe

MD5 6df2e368846222aef04e596d9ea43aac
SHA1 57b59e1002d9d971fc504df0493d5ac54380027b
SHA256 f4adf79355ff21c11faf8283d06e28013478834a64d9473d27194f4dbcfed359
SHA512 a40636178285fa12b1b6f99802fdfd3b569c674b1864f5c6893ccb6a48c90232539704da8ea478457ead39c1f94c319467b41142c8aa26473a280c4fb329f662

C:\Users\Admin\AppData\Local\Temp\clids-yasearch.xml

MD5 55690eecfa6af686fa5f18033ed8ed26
SHA1 fac531f7b67bac1d4daf9fac601e6a6d5d316b83
SHA256 4ddb3973f44e60e76cea2fb2179ce27f1730a2d74a9ae69241160b79d4165df7
SHA512 18c21f3ee89a904aec97fd2d90aba3922584c23a455d95c44e3efc20692944f49b74ecbb4f72963a682eb041ab5a3524954507e4582ac41fb1a86566a3578ba9

C:\Users\Admin\AppData\Roaming\Yandex\ui

MD5 f7e8ef5bd1c8ab666968f19e4fef5f64
SHA1 a07400e62dfe43c6293a2bd3e507113f58798559
SHA256 64055c7ba150f755c9a48261c6fbc5ab71281df2751687bfe20e1e05ea809754
SHA512 335664114a5b0053e301bf84edef15480f342dcb1b48deeafbf55bc65ad9a22a12453a34c5e4da85921b110cd7ace76a15efd73b6ccb2899e18c287f1a5189b6

C:\Users\Admin\AppData\Local\Temp\OMNIJA~1.ZIP

MD5 1d6cfd7db58008d1b44328c5a3a4220c
SHA1 8e8304bfd7a73b9ae8415b6cbd273e612868a2b2
SHA256 915e46dcc29d6fee123c4b8e88d846ac95ffd4a6f4eb956dc882d305ee1b8256
SHA512 4c17160aa83abeff897462f981226902dd6694817ad95f246511fc63c637bdffa0989a3db00c4309fa673a13b4993c509df538ddad482d1be8b4058749ee93f2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.Admin\places.sqlite-2024100751.632600632.backup

MD5 d57cd95de07d3b15eb5cf8baa80471af
SHA1 322c0e13f2022ab255a8d2a50c5835779b6ccc3e
SHA256 651efdc8961efbf6476e4cc4b3965a4da72690ebedda009fd800c6d936a67696
SHA512 2e98256a9e76ae384f88b83075a321f60cb13ee6f7e8cb93f1919103b82ba79a67b5eec8a7d3043fe26b377fae58545e82323813897c0e67adfacaa885d6f68e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\thumbnails\d88a3c47950098e028e499c97d67208d

MD5 af80a936c10e18de168538a0722d6319
SHA1 9b1c84a1cf7330a698c89b9d7f33b17b4ba35536
SHA256 2435c0376fca765b21d43e897f4baa52daa0958a7015d04103488c606c99d1d3
SHA512 9a1325c8ce05806e5c161a4cf47239f62baad8f79650fbd713e74928fce8171ced10ba7f24fac46c548e1dbf3f64106270cb25ca88c836c870107f5dc1f97879

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\extensions\staged\[email protected]

MD5 856242624386f56874a3f3e71d7993f4
SHA1 96d3199c5eebb0d48c944050fbc753535ee09801
SHA256 d86ed80d2a9e4e1af843a991a6553a2fefd5433b2144be0cfb63a2f18deb86be
SHA512 76d440fe2ed535677a1d249b289463bfedfc5d2afc0e269e4593bb113393f165856c07117735cf3e5a230b5d04a61c7126df24a466594d8c27b47b2047834a09

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\extensions\staged\[email protected]

MD5 e68cea8c6d4b16641f30dd930a952ebb
SHA1 7e8c4b51e6e56f35a2983ab6cb121341aeda565c
SHA256 a7f3f788323a12158d66f341c4711d71fc2244a2b07a68fb8df4baec0ff76f35
SHA512 96351e36a4c5020ed464b96b72bb3063db819981440bde7c6c3a50f7fe470e1d70f0350ec7c4bcd4808fcabe2ddfbdebfc7039ae2248c1455e2245f53ce44ec0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\extensions\staged\[email protected]

MD5 ab6d42f949df8d7e6a48c07e9b0d86e0
SHA1 1830399574b1973e2272e5dcc368c4c10dbbe06b
SHA256 205ebf52c47b42fa0ad1a734a1d882d96b567e15a32b19bdb907562db8ea09e2
SHA512 6c4f9bb726384c87b6523e08339f7821ad4ec8717b26db902ca51df74eb89b46e4ded1504a131683b07b2bba3e6e911a549a8a83b2aad3971047c0fe315a1ad5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\extensions\staged\[email protected]

MD5 5a40649cf7f6923e1e00e67a8e5fc6c8
SHA1 fc849b64b31f2b3d955f0cb205db6921eacc1b53
SHA256 6d432ba7096090837f9533a33a686c846ad67aed8ecc43af7ce8af42649cd51a
SHA512 0fc42a2cc61528b14478f4b9ae098ea90e6b05ddbe10f3a6cdd6326d0d8e6185b49d2b8143b76a9f329bdc277cf02b54d98f374edd65df68a1ffc41e1c817786

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Services\yandex.ru.ico

MD5 534409dface053e62660de921ddc600d
SHA1 bd3dcb399327b1d5a2d53ab24e0217d9f524ab62
SHA256 38a3749cdb839c84168f23a9ee46cfd73d482e923bf2c6b4339184b4c93f91fb
SHA512 f58d2192660472e7cfb3c139c145c37f52aba993e2035afebe729a4ba08cf000d18f58cf20d77239cfad3adc278843238307fd0fba96c387e3f4cbbe84cd6b95

C:\Users\Admin\AppData\Local\Temp\4d1c3694-15e0-4cb9-855c-1b1f162a0f1a\realty-455x256.png

MD5 e05d28ab78d61968a7132eafe61f54b4
SHA1 dcf260ab7cdea7b6fc934e54765c964c1a20bd36
SHA256 cbd302b0ea2218f495b9f0a814f34733f2c5f13a6634d74c6e85a5c0863b5621
SHA512 ebea612bf803692fa3c7b2573c58f2e43fba0f7039e01b57203978cf69b6f8ca538b563791a760a7e901bb5e392879bd57bdbdb69b6a3781a3886fc0c01eddc0

C:\Users\Admin\AppData\Local\Temp\4d1c3694-15e0-4cb9-855c-1b1f162a0f1a\auto-455x256.png

MD5 998228b70e357630b290d2d8816c25b1
SHA1 216440afe56e95a003802aeb28412b8302334c26
SHA256 a61c9c82b6cf7b583bf6c664b343501fc37ac08fa75bf15b01b3aa4ea11297b5
SHA512 53bdae4da0263a09a908ed1c385ca95467d6a6af95b3dc4fbd78c455ef06e71e1668cfaaba7fc9a41a2aaff08aef00ccf3a7f1dc9bb68d846fb0bd8fdf187993

C:\Users\Admin\AppData\Local\Temp\4d1c3694-15e0-4cb9-855c-1b1f162a0f1a\morda-16.ru.png

MD5 6598ec195a698f7a2357084feeeac32b
SHA1 53c3233918c7c112b06fb8686cd6457e230bcd52
SHA256 a9da765a6272037d446afb7d817bed85f08d6b06b380eb6aac7866a99cdc643a
SHA512 fe7398f53d770a4d779af2cef2e323f891323302e7632a6954001be2708748c596094fef7351a078b724f133b62d0fc6a673d17801581af7036a100462027a51

C:\Users\Admin\AppData\Local\Temp\4d1c3694-15e0-4cb9-855c-1b1f162a0f1a\avia-16_32.ico

MD5 ea2ba476fbd8cf3934ff9588cba47a4d
SHA1 144934dad6011ef7653a8de1ff6e34d26f4ac28f
SHA256 333087b7e339015c1f5b3b3bbc1e731372e18da46251f25210c593972cdb12c0
SHA512 179f8602630db1e6d31ae7548f4abd2d811e6900a46967869f351bc62c29cfd8c97a86e254c4c284e4597c3985d0181cdd3f0265a71533b86b0669b1c7a22778

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.Admin\searchplugins\yandex.ru-20241007.xml

MD5 82d5673ea55f71fb47812b934f85cbc5
SHA1 87a2768211b78f2ccf0c8a0b37dc0d8aa74440cd
SHA256 cd9060746c3360ef788ab4455c548fa403a24f4dd558e2aedc721b04cdf16db6
SHA512 80ab3b3a2456617e5944b59487511b233a9509d3328c6fcf95bf65286e5cb77b9ed3a265458cd4b7bf5dc992d16bef7212ad2de52f965d623a070999dfc27382

C:\Users\Admin\Favorites\Links\Авиабилеты.url

MD5 d361288506e1e8487be12d84b8c64b69
SHA1 270571c1a858d696206c7ad91ec457519c66211e
SHA256 f5d77d897e4fc08bbdb0d13dae64873b493fb99bb19504d942e6d7d2f8d81e4c
SHA512 25f5d9496588b76eac3915cd94e3b083ddaa98c525fb9bbaa1b0a04367e1184f2629533c241172941b913ed1a89326b7f12dbacb5595cb4b2394bf9883afe111

C:\Users\Admin\Favorites\Links\Яндекс.url

MD5 61fe909162ddd48df6d02ee151b025af
SHA1 d771666db0f7ee35a9ee6b2e41693cc7c7943b0e
SHA256 a5feafc9b069b4773186c63fc68dc4e79cf91d660bdcec7c62e2cbabdf4f8c28
SHA512 90ea0c0e761e938f3abe0b52b5fbc097d06559f5db802904c53e24afe5716857d025a34839fcb76b73a5f9d08233d9725729c854958c65cb23062bf0844588b2

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Bookmarks

MD5 3adec702d4472e3252ca8b58af62247c
SHA1 35d1d2f90b80dca80ad398f411c93fe8aef07435
SHA256 2b167248e8136c4d45c2c46e2bff6fb5e5137dd4dfdccde998599be2df2e9335
SHA512 7562e093d16ee6305c1bb143a3f5d60dafe8b5de74952709abc68a0c353b65416bf78b1fa1a6720331615898848c1464a7758c5dfe78f8098f77fbfa924784c0

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Preferences

MD5 af006f1bcc57b11c3478be8babc036a8
SHA1 c3bb4fa8c905565ca6a1f218e39fe7494910891e
SHA256 ed6a32e11cc99728771989b01f5ae813de80c46a59d3dc68c23a4671a343cb8c
SHA512 3d20689b0f39b414349c505be607e6bfc1f33ac401cf62a32f36f7114e4a486552f3e74661e90db29402bb85866944e9f8f31baba9605aa0c6def621511a26af

C:\Users\Admin\AppData\Local\Temp\omnija-20241007.zip

MD5 30e619b7e9c1189ef866134a2a58cb7c
SHA1 6f852ec2bf81a582a27239fad093a14f7a678b4c
SHA256 b748bccbf37d04cc01058f1c1fd3fdb272da3c9515d24341110f216eae550028
SHA512 690b9688573d5fd985d3e270553ac5e9733d517ff73224973db2c70fef4ddadade64d9004752496dbfe3fa5ed15f0190acc3b1ea145899ae0fc20d0e1f81b5e2

C:\Users\Admin\AppData\Local\Temp\Tar3535.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\Tar36C1.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.Admin\places.sqlite

MD5 3611024b87262d25c88e5aca0f093105
SHA1 b1103436e69da45ce5877f509fb3f9e6538563d0
SHA256 ad7e9837fb90b0cf9a9a711508ba3025ffc78c8d42b607b2fc1a0ec8a12a9027
SHA512 1cf696e962c745118f6ce83af37a346dc2f0b6be85e5a6159f556858155663e74a4989bb4a8013b2a1b8eedb877ba876d372919c01afa605b2fa8ce372ebbc51

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\places.sqlite

MD5 017b9d42ae433c9a97c3ef4765964694
SHA1 72156aca318628a85092c0c49b58b89a06adef81
SHA256 7713fae18bf818decd01bca4da316234876ce0d6249778d4fbfe6f82b4468e2c
SHA512 65c0709f71dc35993312d8c800a26c94987dc91bb56f2aa08b2e981c2e1ffc1a04fdcc04259da074dfed16087ab37d691d01898472af474f846b4564fd81a332

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Bookmarks

MD5 de58ca20a5520b53f410d01491d90a88
SHA1 467bca610aa0c945d1103df52650d91ae58c2455
SHA256 f39e976863d49ae4fca6b0c2a48364f833f4aa0e1854857be7d218f3ee18420d
SHA512 434a9f89a219b7b6ffefca34fcaf9a0603c4bd1c7fe5468ed939b58c4e1af1dcd168bbd765550f056923231dce7508889ce94faaf4ca05079d34fb41c07b2003

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons

MD5 ae4a1f0d18985dedd22a0e6968d679b4
SHA1 362567b547d4079e757b4dc7cc5fbf63872f0bc2
SHA256 f4e612bd9459815012142ee31fdf795b8560a3b0edc69cd690141fccc85373d9
SHA512 8e10dfe13cb927358332e4370823eeba629e182b80452b3dd7ea4c4549b581bec3973ac0ffe2e99c58bc681f44a1eb5448680707e21a410374a5d16796fa18ff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 167839b3d1843d39615152eb22502ba8
SHA1 340c7427a8708f6dc0ecdb7f4c7111dbd6fc0b21
SHA256 d671902feaf1687c1f537a9a66b94c122e55e0ce111a3fd65c2098eb2412682f
SHA512 39b66b8f439dcaa3d4ea783804701a70e625993001567e10698e16e829017ac2419a0b25e55427e92bc148f11e5a92600f3651782aaf98073f06012ed72f602b

C:\Users\Admin\AppData\Local\Temp\Яндекс.website

MD5 2b75f3db9e8450587f186512cb506b5f
SHA1 0f509dbe010ee6451d57054cccc3ba74b28f2895
SHA256 9a4c5ed5e26c0b8e5ee54b5df5490c67805d9a18e99814b9da3e8feb0bbffaac
SHA512 cacf014f34ce970ba5b0827a2e8d7b2b74e89d1936e6aae80228be7ce78b364d16994f51b717862cc568959bd440b173b5a0970fb7511c5c0bc9b39f819dee8f

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Preferences

MD5 abd3a9d288ca66aee86c8ee848b34d42
SHA1 97b6c79aab0a9a37ea34584a744eca1b86c60770
SHA256 f28d64eb1fe295416f89ac33ad82ec3df066bb40cd275f01a33d5ed87bbf7b6a
SHA512 40fe1ef6f6615403ae3a462b3331f81e53147a37741f2373656b89e8270455ebe7167f21507881e88b4da08b9a3900978b703a3b416dee4cbf29090f5c47a27c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\prefs.js

MD5 5b1e7f5f190d82a238da303773a1b6de
SHA1 e23e1bf38053141b0df7ef117b4b49868636ab47
SHA256 3dee3fa202bb3e8ea084c5c93cd5022f5b7419d05bd584921dacadb0fdeb3c0e
SHA512 1c29381216279da3af8bef3c9236e5e18e7c042676d85ea7c9e9e12f7d6aea7d8a9063e761c6c20e1c8d048d23a62a26f80125c170c1921af65a42352f6e4cba

C:\Users\Admin\AppData\Local\Temp\1FD6CD94-2155-4EFD-AAE4-D8B9A295EB87\sender.exe

MD5 4ce9460ed83b599b1176c4161e0e5816
SHA1 ca1bd4f28ec3e6f4b0253764e6339e480d3549bd
SHA256 118d277f46df036ffb1ca69d9da7890c65c3807a6e88248f3ba703b0f51cd308
SHA512 1064da56e85d3b0c34c47e9fa0821b2ceb79e338e602e705b7f801c0a1bfb83246c340fa1351fc222216a12968bcc52540e105f186a3ef6f3e7c32348936daf3

C:\Config.Msi\f761798.rbs

MD5 db5f795b54c38e2547e79ea752db52f5
SHA1 763d18e0e4ebabe15bec38a90f37de7cc1cdd5a7
SHA256 9243735dc5045dc6d9b0416c2b35eb65f75a6668e3ee178182b81339b0fd254d
SHA512 adad6b693b0aba1c0dbf166070abe252dcdb65538dbde773c85c193400c1dba231350b11ec1f97b9b2b315d3ee7ec14e646da651520938f2257714477dc98aaa

C:\Users\Admin\AppData\Local\Yandex\yapin\Yandex.exe

MD5 ee5d68b0483855bb165f77f7562e54ab
SHA1 07dc9f07a4040ef9d43bf1d4969f172df7815526
SHA256 a9fbbc151bd4d9019fe4b3ff5c6d904451183b398a728654c6072872d99e40ce
SHA512 63c69c2b4df40e55fc70cee71c8905ce6fcedd553db13ac7c4170ab671190274d74fc1fc5784aec361cff47099c11e8a28484bf122c9277d7395c255d3f1a5f5

C:\Users\Admin\AppData\Local\Yandex\yapin\Yandex.lnk

MD5 535ebfb0ba3d7b6ffc8ec7cb1336ce02
SHA1 cbfd298599b1e5032fc7081113084fac90eb468c
SHA256 623660189f7b568e595b4811aec7a6cdb6e1710680093645e2ee11c7fb97b3bb
SHA512 d261a5805abb5eb7198140fa9d87d0f7d25128255bd487a4f801fa324af5aa764d559189008ad4cbb1d3be0cd4131e4214c96ffb8500073625ad8ba5c8a8e851

C:\Users\Admin\AppData\Local\Yandex\yapin\Yandex Site.lnk

MD5 1bff41a6a9048179062c00386e1508d2
SHA1 1f872b5cd8fd283ab871834ac03abcb5839ac21e
SHA256 d6e3fb0e74531e693b53741c1f4f5ec66306f904cbc9ab03241ce796379dc33f
SHA512 b61adb3fa1849daae1943dda68c3b20bce684059c3a17d867cfa1099bf7307ed2c8a3364018cb664761023fc895fa338d654f936aa75969b218befd78f18b761

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-07 18:10

Reported

2024-04-07 18:13

Platform

win10v2004-20240226-en

Max time kernel

43s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe"

Signatures

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\51BE03F2-B667-4F21-A337-DE971BD013BE\seederexe.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Yandex\yapin\Yandex.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation C:\Windows\TEMP\sdwra_9964_482828761\service_update.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\FEF03431-ADA4-4B97-9EAE-38BD869654EA\lite_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51BE03F2-B667-4F21-A337-DE971BD013BE\seederexe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51BE03F2-B667-4F21-A337-DE971BD013BE\seederexe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\D0520D08-FD20-4638-B9FA-B1ECE1768A9D\sender.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\yapin\Yandex.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\yapin\YandexWorking.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FEF03431-ADA4-4B97-9EAE-38BD869654EA\lite_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\yb67C2.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe N/A
N/A N/A C:\Windows\TEMP\sdwra_9964_482828761\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\24.1.5.738\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\24.1.5.738\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\24.1.5.738\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\24.1.5.738\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\24.1.5.738\service_update.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\YandexBrowserAutoLaunch_45886AE68CD319C7351FF54A1DBD4B87 = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --shutdown-if-not-closed-by-system-restart" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Yandex\ui C:\Program Files (x86)\Yandex\YandexBrowser\24.1.5.738\service_update.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Yandex\YandexBrowser\24.1.5.738\service_update.exe C:\Windows\TEMP\sdwra_9964_482828761\service_update.exe N/A
File opened for modification C:\Program Files (x86)\Yandex\YandexBrowser\24.1.5.738\service_update.exe C:\Windows\TEMP\sdwra_9964_482828761\service_update.exe N/A
File opened for modification C:\Program Files (x86)\Yandex\YandexBrowser\24.1.5.738\debug.log C:\Program Files (x86)\Yandex\YandexBrowser\24.1.5.738\service_update.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Installer\MSI400B.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI405B.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{5B964E0E-B9A3-4276-9ED9-4D5A5720747A} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI4109.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI3FDC.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Tasks\Update for Yandex Browser.job C:\Program Files (x86)\Yandex\YandexBrowser\24.1.5.738\service_update.exe N/A
File created C:\Windows\Tasks\Repairing Yandex Browser update service.job C:\Program Files (x86)\Yandex\YandexBrowser\24.1.5.738\service_update.exe N/A
File opened for modification C:\Windows\Installer\MSI40DA.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e573cab.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI3EBE.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI3F1D.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI3F5D.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e573cab.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI3FBB.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI409A.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Tasks\System update for Yandex Browser.job C:\Program Files (x86)\Yandex\YandexBrowser\24.1.5.738\service_update.exe N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\buffer\NTTopResultURL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IENTTR" C:\Users\Admin\AppData\Local\Temp\51BE03F2-B667-4F21-A337-DE971BD013BE\seederexe.exe N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Users\Admin\AppData\Local\Temp\51BE03F2-B667-4F21-A337-DE971BD013BE\seederexe.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31099159" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\2bfeaebe-f50a-11ee-bc53-f2c20acfdc46\DisplayName = "Яндекс" C:\Users\Admin\AppData\Local\Temp\51BE03F2-B667-4F21-A337-DE971BD013BE\seederexe.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Software\Microsoft\Internet Explorer\MINIE C:\Users\Admin\AppData\Local\Temp\51BE03F2-B667-4F21-A337-DE971BD013BE\seederexe.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\ya.ru\Total = "48" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "62" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\2bfeaebe-f50a-11ee-bc53-f2c20acfdc46\FaviconURLFallback = "https://www.yandex.ru/favicon.ico" C:\Users\Admin\AppData\Local\Temp\51BE03F2-B667-4F21-A337-DE971BD013BE\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\ya.ru\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\ya.ru\Total = "414" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\buffer\SuggestionsURLFallback = "http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IESS02&market={language}" C:\Users\Admin\AppData\Local\Temp\51BE03F2-B667-4F21-A337-DE971BD013BE\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\2bfeaebe-f50a-11ee-bc53-f2c20acfdc46\NTTopResultURL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IENTTR" C:\Users\Admin\AppData\Local\Temp\51BE03F2-B667-4F21-A337-DE971BD013BE\seederexe.exe N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\ya.ru\ = "27" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\2bfeaebe-f50a-11ee-bc53-f2c20acfdc46\YaCreationDate = "2024-10-07" C:\Users\Admin\AppData\Local\Temp\51BE03F2-B667-4F21-A337-DE971BD013BE\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\2bfeaebe-f50a-11ee-bc53-f2c20acfdc46\NTLogoPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\" C:\Users\Admin\AppData\Local\Temp\51BE03F2-B667-4F21-A337-DE971BD013BE\seederexe.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTTopResultURL C:\Users\Admin\AppData\Local\Temp\51BE03F2-B667-4F21-A337-DE971BD013BE\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\2bfeaebe-f50a-11ee-bc53-f2c20acfdc46\FaviconURL = "http://www.bing.com/favicon.ico" C:\Users\Admin\AppData\Local\Temp\51BE03F2-B667-4F21-A337-DE971BD013BE\seederexe.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\buffer C:\Users\Admin\AppData\Local\Temp\51BE03F2-B667-4F21-A337-DE971BD013BE\seederexe.exe N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Users\Admin\AppData\Local\Temp\51BE03F2-B667-4F21-A337-DE971BD013BE\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\buffer\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" C:\Users\Admin\AppData\Local\Temp\51BE03F2-B667-4F21-A337-DE971BD013BE\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\2bfeaebe-f50a-11ee-bc53-f2c20acfdc46\FaviconURLFallback = "http://www.bing.com/favicon.ico" C:\Users\Admin\AppData\Local\Temp\51BE03F2-B667-4F21-A337-DE971BD013BE\seederexe.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Software\Microsoft\Internet Explorer\LinksBar C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Internet Explorer\LinksBar\MarketingLinksMigrate = c018bb440969da01 C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Software\Microsoft\Internet Explorer\DOMStorage\ya.ru C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\buffer\NTLogoURL = "http://go.microsoft.com/fwlink/?LinkID=403856&language={language}&scale={scalelevel}&contrast={contrast}" C:\Users\Admin\AppData\Local\Temp\51BE03F2-B667-4F21-A337-DE971BD013BE\seederexe.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\ya.ru\Total = "27" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31099159" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Software\Microsoft\Internet Explorer\Main C:\Users\Admin\AppData\Local\Temp\51BE03F2-B667-4F21-A337-DE971BD013BE\seederexe.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\ya.ru\Total = "62" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconURLFallback = "https://www.yandex.ru/favicon.ico" C:\Users\Admin\AppData\Local\Temp\51BE03F2-B667-4F21-A337-DE971BD013BE\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\URL = "https://yandex.ru/search/?win=640&clid=2323498-94&text={searchTerms}" C:\Users\Admin\AppData\Local\Temp\51BE03F2-B667-4F21-A337-DE971BD013BE\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\2bfeaebe-f50a-11ee-bc53-f2c20acfdc46\URL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" C:\Users\Admin\AppData\Local\Temp\51BE03F2-B667-4F21-A337-DE971BD013BE\seederexe.exe N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "444" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "39095532" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\buffer\DisplayName = "Bing" C:\Users\Admin\AppData\Local\Temp\51BE03F2-B667-4F21-A337-DE971BD013BE\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\buffer\FaviconURLFallback = "http://www.bing.com/favicon.ico" C:\Users\Admin\AppData\Local\Temp\51BE03F2-B667-4F21-A337-DE971BD013BE\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURL C:\Users\Admin\AppData\Local\Temp\51BE03F2-B667-4F21-A337-DE971BD013BE\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTURL = "https://yandex.ru/search/?win=640&clid=2323500-94&text={searchTerms}" C:\Users\Admin\AppData\Local\Temp\51BE03F2-B667-4F21-A337-DE971BD013BE\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\Local\\MICROS~1\\INTERN~1\\Services\\YANDEX~1.ICO" C:\Users\Admin\AppData\Local\Temp\51BE03F2-B667-4F21-A337-DE971BD013BE\seederexe.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ShowSearchSuggestionsInAddressGlobal = "1" C:\Users\Admin\AppData\Local\Temp\51BE03F2-B667-4F21-A337-DE971BD013BE\seederexe.exe N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\ya.ru C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\ya.ru\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\2bfeaebe-f50a-11ee-bc53-f2c20acfdc46\SuggestionsURL = "http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IESS02&market={language}" C:\Users\Admin\AppData\Local\Temp\51BE03F2-B667-4F21-A337-DE971BD013BE\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\2bfeaebe-f50a-11ee-bc53-f2c20acfdc46\NTSuggestionsURL = "http://api.bing.com/qsml.aspx?query={searchTerms}&market={language}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IENTSS" C:\Users\Admin\AppData\Local\Temp\51BE03F2-B667-4F21-A337-DE971BD013BE\seederexe.exe N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "27" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\ya.ru\ = "90" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\ya.ru\Total = "90" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\2bfeaebe-f50a-11ee-bc53-f2c20acfdc46\SuggestionsURL_JSON = "https://suggest.yandex.ru/suggest-ff.cgi?uil=ru&part={searchTerms}" C:\Users\Admin\AppData\Local\Temp\51BE03F2-B667-4F21-A337-DE971BD013BE\seederexe.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\ya.ru\ = "414" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "39562672" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\2bfeaebe-f50a-11ee-bc53-f2c20acfdc46\FaviconPath = "C:\\Users\\Admin\\AppData\\Local\\MICROS~1\\INTERN~1\\Services\\YANDEX~1.ICO" C:\Users\Admin\AppData\Local\Temp\51BE03F2-B667-4F21-A337-DE971BD013BE\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\DisplayName = "Яндекс" C:\Users\Admin\AppData\Local\Temp\51BE03F2-B667-4F21-A337-DE971BD013BE\seederexe.exe N/A

Modifies Internet Explorer start page

stealer
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page = "https://www.yandex.ru/?win=640&clid=2323497-94" C:\Users\Admin\AppData\Local\Temp\51BE03F2-B667-4F21-A337-DE971BD013BE\seederexe.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached C:\Users\Admin\AppData\Local\Temp\51BE03F2-B667-4F21-A337-DE971BD013BE\seederexe.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{E88DCCE0-B7B3-11D1-A9F0-00AA0060FA31} {000214E6-0000-0000-C000-000000000046} 0xFFFF = 01000000000000006c67edeb1689da01 C:\Users\Admin\AppData\Local\Temp\51BE03F2-B667-4F21-A337-DE971BD013BE\seederexe.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\22\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\AppDataLow C:\Program Files (x86)\Yandex\YandexBrowser\24.1.5.738\service_update.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\AppDataLow\Yandex\UICreated_SYSTEM = "1" C:\Program Files (x86)\Yandex\YandexBrowser\24.1.5.738\service_update.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\23 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\AppDataLow\Yandex C:\Program Files (x86)\Yandex\YandexBrowser\24.1.5.738\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software C:\Program Files (x86)\Yandex\YandexBrowser\24.1.5.738\service_update.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\YandexBrowser.crx\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1" C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\YandexCSS.KWY33IWPW5LXBHWIWR33Z73SA4\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-124" C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\YandexFB2.KWY33IWPW5LXBHWIWR33Z73SA4\shell\open C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\YandexTXT.KWY33IWPW5LXBHWIWR33Z73SA4\DefaultIcon C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\YandexWEBP.KWY33IWPW5LXBHWIWR33Z73SA4 C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\YandexBrowser.crx\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\",0" C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\YandexHTML.KWY33IWPW5LXBHWIWR33Z73SA4\DefaultIcon C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\.xhtml C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\YandexTIFF.KWY33IWPW5LXBHWIWR33Z73SA4\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-119" C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\YandexWEBP.KWY33IWPW5LXBHWIWR33Z73SA4\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-123" C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\YandexXML.KWY33IWPW5LXBHWIWR33Z73SA4\shell C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\YandexXML.KWY33IWPW5LXBHWIWR33Z73SA4\shell\open\command C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\.infected C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\YandexCSS.KWY33IWPW5LXBHWIWR33Z73SA4\shell\open C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\YandexEPUB.KWY33IWPW5LXBHWIWR33Z73SA4\shell\open\command C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\YandexWEBM.KWY33IWPW5LXBHWIWR33Z73SA4\ = "Yandex Browser WEBM Document" C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\YandexWEBM.KWY33IWPW5LXBHWIWR33Z73SA4 C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\YandexPDF.KWY33IWPW5LXBHWIWR33Z73SA4\DefaultIcon C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\.htm\OpenWithProgids\YandexHTML.KWY33IWPW5LXBHWIWR33Z73SA4 C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\YandexBrowser.crx\shell C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\YandexSWF.KWY33IWPW5LXBHWIWR33Z73SA4 C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\YandexXML.KWY33IWPW5LXBHWIWR33Z73SA4\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-134" C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\YandexPDF.KWY33IWPW5LXBHWIWR33Z73SA4\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1" C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\.txt\OpenWithProgids\YandexTXT.KWY33IWPW5LXBHWIWR33Z73SA4 C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\HomeButtonEnabled = "1" C:\Users\Admin\AppData\Local\Temp\51BE03F2-B667-4F21-A337-DE971BD013BE\seederexe.exe N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\YandexCSS.KWY33IWPW5LXBHWIWR33Z73SA4\shell C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\YandexHTML.KWY33IWPW5LXBHWIWR33Z73SA4\ = "Yandex Browser HTML Document" C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\YandexJPEG.KWY33IWPW5LXBHWIWR33Z73SA4\shell\open C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\.tif\OpenWithProgids\YandexTIFF.KWY33IWPW5LXBHWIWR33Z73SA4 C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft C:\Users\Admin\AppData\Local\Temp\51BE03F2-B667-4F21-A337-DE971BD013BE\seederexe.exe N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\.crx\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\.tiff\OpenWithProgids\YandexTIFF.KWY33IWPW5LXBHWIWR33Z73SA4 C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\.xml C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\YandexHTML.KWY33IWPW5LXBHWIWR33Z73SA4\shell\open\command C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\YandexCRX.KWY33IWPW5LXBHWIWR33Z73SA4\DefaultIcon C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\YandexWEBM.KWY33IWPW5LXBHWIWR33Z73SA4\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-132" C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\.epub\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\YandexWEBP.KWY33IWPW5LXBHWIWR33Z73SA4\DefaultIcon C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\YandexXML.KWY33IWPW5LXBHWIWR33Z73SA4\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1" C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\.pdf\OpenWithProgids\YandexPDF.KWY33IWPW5LXBHWIWR33Z73SA4 C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main C:\Users\Admin\AppData\Local\Temp\51BE03F2-B667-4F21-A337-DE971BD013BE\seederexe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\YandexBrowser.crx\ = "Yandex Browser Extra" C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\YandexHTML.KWY33IWPW5LXBHWIWR33Z73SA4 C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\YandexSWF.KWY33IWPW5LXBHWIWR33Z73SA4\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1" C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\YandexTXT.KWY33IWPW5LXBHWIWR33Z73SA4\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-120" C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\.tif\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\YandexCRX.KWY33IWPW5LXBHWIWR33Z73SA4\shell C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\YandexEPUB.KWY33IWPW5LXBHWIWR33Z73SA4\shell\open C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\YandexINFE.KWY33IWPW5LXBHWIWR33Z73SA4\ = "Malware Infected File" C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\YandexTXT.KWY33IWPW5LXBHWIWR33Z73SA4\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1" C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\.fb2\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\YandexGIF.KWY33IWPW5LXBHWIWR33Z73SA4\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-107" C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\YandexSWF.KWY33IWPW5LXBHWIWR33Z73SA4\shell\open C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\YandexWEBM.KWY33IWPW5LXBHWIWR33Z73SA4\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1" C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\.css\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\.swf\OpenWithProgids\YandexSWF.KWY33IWPW5LXBHWIWR33Z73SA4 C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\YandexCRX.KWY33IWPW5LXBHWIWR33Z73SA4\shell\open\command C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\YandexFB2.KWY33IWPW5LXBHWIWR33Z73SA4\DefaultIcon C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\YandexPNG.KWY33IWPW5LXBHWIWR33Z73SA4\DefaultIcon C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\YandexXML.KWY33IWPW5LXBHWIWR33Z73SA4\ = "Yandex Browser XML Document" C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\YandexPDF.KWY33IWPW5LXBHWIWR33Z73SA4\shell\open C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\yabrowser\URL Protocol C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\YandexSWF.KWY33IWPW5LXBHWIWR33Z73SA4\DefaultIcon C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\YandexXML.KWY33IWPW5LXBHWIWR33Z73SA4\DefaultIcon C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 C:\Users\Admin\AppData\Local\Temp\FEF03431-ADA4-4B97-9EAE-38BD869654EA\lite_installer.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b8200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 C:\Users\Admin\AppData\Local\Temp\FEF03431-ADA4-4B97-9EAE-38BD869654EA\lite_installer.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 1900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 C:\Users\Admin\AppData\Local\Temp\FEF03431-ADA4-4B97-9EAE-38BD869654EA\lite_installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 0f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b1400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba953030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 040000000100000010000000c5dfb849ca051355ee2dba1ac33eb028030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba9531400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b0b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 190000000100000010000000d0fd3c9c380d7b65e26b9a3fedd39b8f0f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b1400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba953030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad040000000100000010000000c5dfb849ca051355ee2dba1ac33eb0282000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 5c000000010000000400000000080000040000000100000010000000c5dfb849ca051355ee2dba1ac33eb028030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba9531400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b0b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab190000000100000010000000d0fd3c9c380d7b65e26b9a3fedd39b8f2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FEF03431-ADA4-4B97-9EAE-38BD869654EA\lite_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FEF03431-ADA4-4B97-9EAE-38BD869654EA\lite_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51BE03F2-B667-4F21-A337-DE971BD013BE\seederexe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51BE03F2-B667-4F21-A337-DE971BD013BE\seederexe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51BE03F2-B667-4F21-A337-DE971BD013BE\seederexe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51BE03F2-B667-4F21-A337-DE971BD013BE\seederexe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51BE03F2-B667-4F21-A337-DE971BD013BE\seederexe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51BE03F2-B667-4F21-A337-DE971BD013BE\seederexe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51BE03F2-B667-4F21-A337-DE971BD013BE\seederexe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51BE03F2-B667-4F21-A337-DE971BD013BE\seederexe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51BE03F2-B667-4F21-A337-DE971BD013BE\seederexe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51BE03F2-B667-4F21-A337-DE971BD013BE\seederexe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51BE03F2-B667-4F21-A337-DE971BD013BE\seederexe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51BE03F2-B667-4F21-A337-DE971BD013BE\seederexe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FEF03431-ADA4-4B97-9EAE-38BD869654EA\lite_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FEF03431-ADA4-4B97-9EAE-38BD869654EA\lite_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\D0520D08-FD20-4638-B9FA-B1ECE1768A9D\sender.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\D0520D08-FD20-4638-B9FA-B1ECE1768A9D\sender.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\D0520D08-FD20-4638-B9FA-B1ECE1768A9D\sender.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\D0520D08-FD20-4638-B9FA-B1ECE1768A9D\sender.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FEF03431-ADA4-4B97-9EAE-38BD869654EA\lite_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FEF03431-ADA4-4B97-9EAE-38BD869654EA\lite_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FEF03431-ADA4-4B97-9EAE-38BD869654EA\lite_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FEF03431-ADA4-4B97-9EAE-38BD869654EA\lite_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FEF03431-ADA4-4B97-9EAE-38BD869654EA\lite_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FEF03431-ADA4-4B97-9EAE-38BD869654EA\lite_installer.exe N/A
N/A N/A C:\Windows\TEMP\sdwra_9964_482828761\service_update.exe N/A
N/A N/A C:\Windows\TEMP\sdwra_9964_482828761\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\24.1.5.738\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\24.1.5.738\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\24.1.5.738\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\24.1.5.738\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\24.1.5.738\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\24.1.5.738\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\24.1.5.738\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\24.1.5.738\service_update.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\51BE03F2-B667-4F21-A337-DE971BD013BE\seederexe.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2244 wrote to memory of 4744 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2244 wrote to memory of 4744 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2244 wrote to memory of 4744 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 4744 wrote to memory of 3024 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\FEF03431-ADA4-4B97-9EAE-38BD869654EA\lite_installer.exe
PID 4744 wrote to memory of 3024 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\FEF03431-ADA4-4B97-9EAE-38BD869654EA\lite_installer.exe
PID 4744 wrote to memory of 3024 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\FEF03431-ADA4-4B97-9EAE-38BD869654EA\lite_installer.exe
PID 2244 wrote to memory of 384 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2244 wrote to memory of 384 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2244 wrote to memory of 384 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 384 wrote to memory of 1460 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\51BE03F2-B667-4F21-A337-DE971BD013BE\seederexe.exe
PID 384 wrote to memory of 1460 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\51BE03F2-B667-4F21-A337-DE971BD013BE\seederexe.exe
PID 384 wrote to memory of 1460 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\51BE03F2-B667-4F21-A337-DE971BD013BE\seederexe.exe
PID 1460 wrote to memory of 9132 N/A C:\Users\Admin\AppData\Local\Temp\51BE03F2-B667-4F21-A337-DE971BD013BE\seederexe.exe C:\Users\Admin\AppData\Local\Temp\D0520D08-FD20-4638-B9FA-B1ECE1768A9D\sender.exe
PID 1460 wrote to memory of 9132 N/A C:\Users\Admin\AppData\Local\Temp\51BE03F2-B667-4F21-A337-DE971BD013BE\seederexe.exe C:\Users\Admin\AppData\Local\Temp\D0520D08-FD20-4638-B9FA-B1ECE1768A9D\sender.exe
PID 1460 wrote to memory of 9132 N/A C:\Users\Admin\AppData\Local\Temp\51BE03F2-B667-4F21-A337-DE971BD013BE\seederexe.exe C:\Users\Admin\AppData\Local\Temp\D0520D08-FD20-4638-B9FA-B1ECE1768A9D\sender.exe
PID 2244 wrote to memory of 9772 N/A C:\Windows\system32\msiexec.exe C:\Users\Admin\AppData\Local\Yandex\yapin\Yandex.exe
PID 2244 wrote to memory of 9772 N/A C:\Windows\system32\msiexec.exe C:\Users\Admin\AppData\Local\Yandex\yapin\Yandex.exe
PID 2244 wrote to memory of 9772 N/A C:\Windows\system32\msiexec.exe C:\Users\Admin\AppData\Local\Yandex\yapin\Yandex.exe
PID 9772 wrote to memory of 6392 N/A C:\Users\Admin\AppData\Local\Yandex\yapin\Yandex.exe C:\Users\Admin\AppData\Local\Yandex\yapin\YandexWorking.exe
PID 9772 wrote to memory of 6392 N/A C:\Users\Admin\AppData\Local\Yandex\yapin\Yandex.exe C:\Users\Admin\AppData\Local\Yandex\yapin\YandexWorking.exe
PID 9772 wrote to memory of 6392 N/A C:\Users\Admin\AppData\Local\Yandex\yapin\Yandex.exe C:\Users\Admin\AppData\Local\Yandex\yapin\YandexWorking.exe
PID 6392 wrote to memory of 6868 N/A C:\Users\Admin\AppData\Local\Yandex\yapin\YandexWorking.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 6392 wrote to memory of 6868 N/A C:\Users\Admin\AppData\Local\Yandex\yapin\YandexWorking.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 6868 wrote to memory of 5356 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 6868 wrote to memory of 5356 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 6868 wrote to memory of 5356 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 5200 wrote to memory of 7088 N/A C:\Users\Admin\AppData\Local\Temp\FEF03431-ADA4-4B97-9EAE-38BD869654EA\lite_installer.exe C:\Users\Admin\AppData\Local\Temp\{E90CB28E-69CD-4321-BFB3-DB663EF86490}.exe
PID 5200 wrote to memory of 7088 N/A C:\Users\Admin\AppData\Local\Temp\FEF03431-ADA4-4B97-9EAE-38BD869654EA\lite_installer.exe C:\Users\Admin\AppData\Local\Temp\{E90CB28E-69CD-4321-BFB3-DB663EF86490}.exe
PID 5200 wrote to memory of 7088 N/A C:\Users\Admin\AppData\Local\Temp\FEF03431-ADA4-4B97-9EAE-38BD869654EA\lite_installer.exe C:\Users\Admin\AppData\Local\Temp\{E90CB28E-69CD-4321-BFB3-DB663EF86490}.exe
PID 7088 wrote to memory of 4004 N/A C:\Users\Admin\AppData\Local\Temp\{E90CB28E-69CD-4321-BFB3-DB663EF86490}.exe C:\Users\Admin\AppData\Local\Temp\yb67C2.tmp
PID 7088 wrote to memory of 4004 N/A C:\Users\Admin\AppData\Local\Temp\{E90CB28E-69CD-4321-BFB3-DB663EF86490}.exe C:\Users\Admin\AppData\Local\Temp\yb67C2.tmp
PID 7088 wrote to memory of 4004 N/A C:\Users\Admin\AppData\Local\Temp\{E90CB28E-69CD-4321-BFB3-DB663EF86490}.exe C:\Users\Admin\AppData\Local\Temp\yb67C2.tmp
PID 4004 wrote to memory of 10128 N/A C:\Users\Admin\AppData\Local\Temp\yb67C2.tmp C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe
PID 4004 wrote to memory of 10128 N/A C:\Users\Admin\AppData\Local\Temp\yb67C2.tmp C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe
PID 4004 wrote to memory of 10128 N/A C:\Users\Admin\AppData\Local\Temp\yb67C2.tmp C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe
PID 10128 wrote to memory of 9964 N/A C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe
PID 10128 wrote to memory of 9964 N/A C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe
PID 10128 wrote to memory of 9964 N/A C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe
PID 9964 wrote to memory of 9928 N/A C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe
PID 9964 wrote to memory of 9928 N/A C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe
PID 9964 wrote to memory of 9928 N/A C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe
PID 9964 wrote to memory of 7776 N/A C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe C:\Windows\TEMP\sdwra_9964_482828761\service_update.exe
PID 9964 wrote to memory of 7776 N/A C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe C:\Windows\TEMP\sdwra_9964_482828761\service_update.exe
PID 9964 wrote to memory of 7776 N/A C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe C:\Windows\TEMP\sdwra_9964_482828761\service_update.exe
PID 7776 wrote to memory of 10464 N/A C:\Windows\TEMP\sdwra_9964_482828761\service_update.exe C:\Program Files (x86)\Yandex\YandexBrowser\24.1.5.738\service_update.exe
PID 7776 wrote to memory of 10464 N/A C:\Windows\TEMP\sdwra_9964_482828761\service_update.exe C:\Program Files (x86)\Yandex\YandexBrowser\24.1.5.738\service_update.exe
PID 7776 wrote to memory of 10464 N/A C:\Windows\TEMP\sdwra_9964_482828761\service_update.exe C:\Program Files (x86)\Yandex\YandexBrowser\24.1.5.738\service_update.exe
PID 10484 wrote to memory of 10692 N/A C:\Program Files (x86)\Yandex\YandexBrowser\24.1.5.738\service_update.exe C:\Program Files (x86)\Yandex\YandexBrowser\24.1.5.738\service_update.exe
PID 10484 wrote to memory of 10692 N/A C:\Program Files (x86)\Yandex\YandexBrowser\24.1.5.738\service_update.exe C:\Program Files (x86)\Yandex\YandexBrowser\24.1.5.738\service_update.exe
PID 10484 wrote to memory of 10692 N/A C:\Program Files (x86)\Yandex\YandexBrowser\24.1.5.738\service_update.exe C:\Program Files (x86)\Yandex\YandexBrowser\24.1.5.738\service_update.exe
PID 10484 wrote to memory of 6456 N/A C:\Program Files (x86)\Yandex\YandexBrowser\24.1.5.738\service_update.exe C:\Program Files (x86)\Yandex\YandexBrowser\24.1.5.738\service_update.exe
PID 10484 wrote to memory of 6456 N/A C:\Program Files (x86)\Yandex\YandexBrowser\24.1.5.738\service_update.exe C:\Program Files (x86)\Yandex\YandexBrowser\24.1.5.738\service_update.exe
PID 10484 wrote to memory of 6456 N/A C:\Program Files (x86)\Yandex\YandexBrowser\24.1.5.738\service_update.exe C:\Program Files (x86)\Yandex\YandexBrowser\24.1.5.738\service_update.exe
PID 6456 wrote to memory of 7788 N/A C:\Program Files (x86)\Yandex\YandexBrowser\24.1.5.738\service_update.exe C:\Program Files (x86)\Yandex\YandexBrowser\24.1.5.738\service_update.exe
PID 6456 wrote to memory of 7788 N/A C:\Program Files (x86)\Yandex\YandexBrowser\24.1.5.738\service_update.exe C:\Program Files (x86)\Yandex\YandexBrowser\24.1.5.738\service_update.exe
PID 6456 wrote to memory of 7788 N/A C:\Program Files (x86)\Yandex\YandexBrowser\24.1.5.738\service_update.exe C:\Program Files (x86)\Yandex\YandexBrowser\24.1.5.738\service_update.exe
PID 9964 wrote to memory of 7412 N/A C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
PID 9964 wrote to memory of 7412 N/A C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
PID 9964 wrote to memory of 7412 N/A C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
PID 9964 wrote to memory of 8156 N/A C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
PID 9964 wrote to memory of 8156 N/A C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
PID 9964 wrote to memory of 8156 N/A C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
PID 8744 wrote to memory of 8064 N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
PID 8744 wrote to memory of 8064 N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

Processes

C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe

"C:\Users\Admin\AppData\Local\Temp\03505334357a97ab8c42e1e7a9f71a30828e86b3f5cb6d2334f8cb7173ee052d.exe"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 80F84006127EC1D30A20108C1658AC10

C:\Users\Admin\AppData\Local\Temp\FEF03431-ADA4-4B97-9EAE-38BD869654EA\lite_installer.exe

"C:\Users\Admin\AppData\Local\Temp\FEF03431-ADA4-4B97-9EAE-38BD869654EA\lite_installer.exe" --use-user-default-locale --silent --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/ --YABROWSER

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 2568E371BFC89670E5D47BF34E728AF8 E Global\MSI0000

C:\Users\Admin\AppData\Local\Temp\51BE03F2-B667-4F21-A337-DE971BD013BE\seederexe.exe

"C:\Users\Admin\AppData\Local\Temp\51BE03F2-B667-4F21-A337-DE971BD013BE\seederexe.exe" "--yqs=y" "--yhp=y" "--ilight=" "--locale=us" "--browser=y" "--browser_default=" "--yabm=" "--loglevel=trace" "--ess=" "--clids=C:\Users\Admin\AppData\Local\Temp\clids-yasearch.xml" "--sender=C:\Users\Admin\AppData\Local\Temp\D0520D08-FD20-4638-B9FA-B1ECE1768A9D\sender.exe" "--is_elevated=yes" "--ui_level=5"

C:\Users\Admin\AppData\Local\Temp\51BE03F2-B667-4F21-A337-DE971BD013BE\seederexe.exe

"C:\Users\Admin\AppData\Local\Temp\51BE03F2-B667-4F21-A337-DE971BD013BE\seederexe.exe" "--ypin=y" "--ilight=1" "--loglevel=trace" "--clids=C:\Users\Admin\AppData\Local\Temp\clids-yasearch.xml" "--locale=ru"

C:\Users\Admin\AppData\Local\Temp\D0520D08-FD20-4638-B9FA-B1ECE1768A9D\sender.exe

C:\Users\Admin\AppData\Local\Temp\D0520D08-FD20-4638-B9FA-B1ECE1768A9D\sender.exe --send "/status.xml?clid=2323496-94&uuid=abe6f15b-219f-489a-8414-30f5724e480f&vnt=Windows 10x64&file-no=8%0A10%0A11%0A12%0A13%0A15%0A17%0A18%0A20%0A21%0A22%0A25%0A36%0A38%0A40%0A42%0A45%0A57%0A59%0A89%0A102%0A103%0A106%0A108%0A111%0A123%0A124%0A129%0A"

C:\Users\Admin\AppData\Local\Yandex\yapin\Yandex.exe

"C:\Users\Admin\AppData\Local\Yandex\yapin\Yandex.exe" --silent

C:\Users\Admin\AppData\Local\Yandex\yapin\YandexWorking.exe

"C:\Users\Admin\AppData\Local\Yandex\yapin\YandexWorking.exe" --from_tastbar

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"C:\Program Files\Internet Explorer\IEXPLORE.EXE" https://www.yandex.ru/?win=640&clid=2323504-94&from=dist_pin

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6868 CREDAT:17410 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\FEF03431-ADA4-4B97-9EAE-38BD869654EA\lite_installer.exe

"C:\Users\Admin\AppData\Local\Temp\FEF03431-ADA4-4B97-9EAE-38BD869654EA\lite_installer.exe" --job-name=yBrowserDownloader-{64E49AC4-7796-40A6-BDB0-2B69E3952DE9} --send-statistics --local-path=C:\Users\Admin\AppData\Local\Temp\{E90CB28E-69CD-4321-BFB3-DB663EF86490}.exe --YABROWSER --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/ --silent --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe?clid=2323476-94&ui={abe6f15b-219f-489a-8414-30f5724e480f} --use-user-default-locale

C:\Users\Admin\AppData\Local\Temp\{E90CB28E-69CD-4321-BFB3-DB663EF86490}.exe

"C:\Users\Admin\AppData\Local\Temp\{E90CB28E-69CD-4321-BFB3-DB663EF86490}.exe" --send-statistics --job-name=yBrowserDownloader-{64E49AC4-7796-40A6-BDB0-2B69E3952DE9} --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/ --YABROWSER --local-path=C:\Users\Admin\AppData\Local\Temp\{E90CB28E-69CD-4321-BFB3-DB663EF86490}.exe --silent --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe?clid --use-user-default-locale

C:\Users\Admin\AppData\Local\Temp\yb67C2.tmp

"C:\Users\Admin\AppData\Local\Temp\yb67C2.tmp" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\f68f0a9b-1609-4a41-b74e-66d4af5fa0a5.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/ --install-start-time-no-uac=464390910 --installer-brand-id=yandex --installer-partner-id=pseudoportal-ru --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --job-name=yBrowserDownloader-{64E49AC4-7796-40A6-BDB0-2B69E3952DE9} --local-path="C:\Users\Admin\AppData\Local\Temp\{E90CB28E-69CD-4321-BFB3-DB663EF86490}.exe" --partner-package="C:\Users\Admin\AppData\Local\Temp\PartnerFile" --progress-window=0 --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe?clid --send-statistics --silent --source=lite --use-user-default-locale --variations-update-path="C:\Users\Admin\AppData\Local\Temp\62f20491-cdf0-499a-8e00-80e718365825.tmp" --verbose-logging --yabrowser --yandex-website-icon-file="C:\Users\Admin\AppData\Local\Temp\website.ico"

C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe

"C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\BROWSER.PACKED.7Z" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\f68f0a9b-1609-4a41-b74e-66d4af5fa0a5.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/ --install-start-time-no-uac=464390910 --installer-brand-id=yandex --installer-partner-id=pseudoportal-ru --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --job-name=yBrowserDownloader-{64E49AC4-7796-40A6-BDB0-2B69E3952DE9} --local-path="C:\Users\Admin\AppData\Local\Temp\{E90CB28E-69CD-4321-BFB3-DB663EF86490}.exe" --partner-package="C:\Users\Admin\AppData\Local\Temp\PartnerFile" --progress-window=0 --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe?clid --send-statistics --silent --source=lite --use-user-default-locale --variations-update-path="C:\Users\Admin\AppData\Local\Temp\62f20491-cdf0-499a-8e00-80e718365825.tmp" --verbose-logging --yabrowser --yandex-website-icon-file="C:\Users\Admin\AppData\Local\Temp\website.ico"

C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe

"C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\BROWSER.PACKED.7Z" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\f68f0a9b-1609-4a41-b74e-66d4af5fa0a5.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/ --install-start-time-no-uac=464390910 --installer-brand-id=yandex --installer-partner-id=pseudoportal-ru --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --job-name=yBrowserDownloader-{64E49AC4-7796-40A6-BDB0-2B69E3952DE9} --local-path="C:\Users\Admin\AppData\Local\Temp\{E90CB28E-69CD-4321-BFB3-DB663EF86490}.exe" --partner-package="C:\Users\Admin\AppData\Local\Temp\PartnerFile" --progress-window=0 --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe?clid --send-statistics --silent --source=lite --use-user-default-locale --variations-update-path="C:\Users\Admin\AppData\Local\Temp\62f20491-cdf0-499a-8e00-80e718365825.tmp" --verbose-logging --yabrowser --yandex-website-icon-file="C:\Users\Admin\AppData\Local\Temp\website.ico" --verbose-logging --run-as-admin --target-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application" --child-setup-process --restart-as-admin-time=481600318

C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe

C:\Users\Admin\AppData\Local\Temp\YB_0F4D5.tmp\setup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=f5ea51da667ecd6b5f2b9d06e4a3fc52 --annotation=main_process_pid=9964 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.1.5.738 --initial-client-data=0x334,0x338,0x33c,0x310,0x340,0x685768,0x685774,0x685780

C:\Windows\TEMP\sdwra_9964_482828761\service_update.exe

"C:\Windows\TEMP\sdwra_9964_482828761\service_update.exe" --setup

C:\Program Files (x86)\Yandex\YandexBrowser\24.1.5.738\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\24.1.5.738\service_update.exe" --install

C:\Program Files (x86)\Yandex\YandexBrowser\24.1.5.738\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\24.1.5.738\service_update.exe" --run-as-service

C:\Program Files (x86)\Yandex\YandexBrowser\24.1.5.738\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\24.1.5.738\service_update.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=f5ea51da667ecd6b5f2b9d06e4a3fc52 --annotation=main_process_pid=10484 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.1.5.738 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0x26efe0,0x26efec,0x26eff8

C:\Program Files (x86)\Yandex\YandexBrowser\24.1.5.738\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\24.1.5.738\service_update.exe" --update-scheduler

C:\Program Files (x86)\Yandex\YandexBrowser\24.1.5.738\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\24.1.5.738\service_update.exe" --update-background-scheduler

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Temp\clids.xml"

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\source9964_623815771\Browser-bin\clids_yandex_second.xml"

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --progress-window=0 --install-start-time-no-uac=464390910

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id= --annotation=main_process_pid=8744 --annotation=metrics_client_id=765fc715e2e140d6ae600d8b25f468de --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.1.5.738 --initial-client-data=0x180,0x184,0x188,0x15c,0x18c,0x6dfb32cc,0x6dfb32d8,0x6dfb32e4

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=abe6f15b-219f-489a-8414-30f5724e480f --brand-id=yandex --partner-id=pseudoportal-ru --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --gpu-process-kind=sandboxed --mojo-platform-channel-handle=2344 --field-trial-handle=2348,i,13374249178495176665,14543951957011895278,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version /prefetch:2

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=abe6f15b-219f-489a-8414-30f5724e480f --brand-id=yandex --partner-id=pseudoportal-ru --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=disabled --gpu-process-kind=trampoline --mojo-platform-channel-handle=2444 --field-trial-handle=2348,i,13374249178495176665,14543951957011895278,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version /prefetch:2

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=abe6f15b-219f-489a-8414-30f5724e480f --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Network Service" --mojo-platform-channel-handle=3960 --field-trial-handle=2348,i,13374249178495176665,14543951957011895278,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.1.5.738 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=ru --service-sandbox-type=service --user-id=abe6f15b-219f-489a-8414-30f5724e480f --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Storage Service" --mojo-platform-channel-handle=4040 --field-trial-handle=2348,i,13374249178495176665,14543951957011895278,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.1.5.738 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=ru --service-sandbox-type=audio --user-id=abe6f15b-219f-489a-8414-30f5724e480f --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Audio Service" --mojo-platform-channel-handle=4100 --field-trial-handle=2348,i,13374249178495176665,14543951957011895278,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.1.5.738 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=ru --service-sandbox-type=none --user-id=abe6f15b-219f-489a-8414-30f5724e480f --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Video Capture" --mojo-platform-channel-handle=4656 --field-trial-handle=2348,i,13374249178495176665,14543951957011895278,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.1.5.738 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=abe6f15b-219f-489a-8414-30f5724e480f --brand-id=yandex --partner-id=pseudoportal-ru --extension-process --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --first-renderer-process --allow-prefetch --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4696 --field-trial-handle=2348,i,13374249178495176665,14543951957011895278,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version /prefetch:1

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=abe6f15b-219f-489a-8414-30f5724e480f --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=4728 --field-trial-handle=2348,i,13374249178495176665,14543951957011895278,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.1.5.738 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=abe6f15b-219f-489a-8414-30f5724e480f --brand-id=yandex --partner-id=pseudoportal-ru --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --allow-prefetch --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5092 --field-trial-handle=2348,i,13374249178495176665,14543951957011895278,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version /prefetch:1

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=ru --service-sandbox-type=none --user-id=abe6f15b-219f-489a-8414-30f5724e480f --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Импорт профилей" --mojo-platform-channel-handle=5116 --field-trial-handle=2348,i,13374249178495176665,14543951957011895278,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.1.5.738 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=abe6f15b-219f-489a-8414-30f5724e480f --brand-id=yandex --partner-id=pseudoportal-ru --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5356 --field-trial-handle=2348,i,13374249178495176665,14543951957011895278,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version /prefetch:1

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=uwp_cookie_provider.mojom.UwpCookieProvider --lang=ru --service-sandbox-type=utility --user-id=abe6f15b-219f-489a-8414-30f5724e480f --brand-id=yandex --partner-id=pseudoportal-ru --process-name=uwp_cookie_provider.mojom.UwpCookieProvider --mojo-platform-channel-handle=5400 --field-trial-handle=2348,i,13374249178495176665,14543951957011895278,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.1.5.738 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=abe6f15b-219f-489a-8414-30f5724e480f --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=5736 --field-trial-handle=2348,i,13374249178495176665,14543951957011895278,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.1.5.738 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=abe6f15b-219f-489a-8414-30f5724e480f --brand-id=yandex --partner-id=pseudoportal-ru --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --ya-custo-process --enable-instaserp --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5208 --field-trial-handle=2348,i,13374249178495176665,14543951957011895278,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version /prefetch:1

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=abe6f15b-219f-489a-8414-30f5724e480f --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=5296 --field-trial-handle=2348,i,13374249178495176665,14543951957011895278,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.1.5.738 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=abe6f15b-219f-489a-8414-30f5724e480f --brand-id=yandex --partner-id=pseudoportal-ru --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --ya-custo-process --enable-instaserp --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6168 --field-trial-handle=2348,i,13374249178495176665,14543951957011895278,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version /prefetch:1

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=ru --service-sandbox-type=none --user-id=abe6f15b-219f-489a-8414-30f5724e480f --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Утилиты Windows" --mojo-platform-channel-handle=6468 --field-trial-handle=2348,i,13374249178495176665,14543951957011895278,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.1.5.738 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=service --user-id=abe6f15b-219f-489a-8414-30f5724e480f --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Распаковщик файлов" --mojo-platform-channel-handle=6492 --field-trial-handle=2348,i,13374249178495176665,14543951957011895278,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.1.5.738 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=abe6f15b-219f-489a-8414-30f5724e480f --brand-id=yandex --partner-id=pseudoportal-ru --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6636 --field-trial-handle=2348,i,13374249178495176665,14543951957011895278,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version /prefetch:1

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=abe6f15b-219f-489a-8414-30f5724e480f --brand-id=yandex --partner-id=pseudoportal-ru --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6472 --field-trial-handle=2348,i,13374249178495176665,14543951957011895278,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version /prefetch:1

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=abe6f15b-219f-489a-8414-30f5724e480f --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=6948 --field-trial-handle=2348,i,13374249178495176665,14543951957011895278,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.1.5.738 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=abe6f15b-219f-489a-8414-30f5724e480f --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=6960 --field-trial-handle=2348,i,13374249178495176665,14543951957011895278,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.1.5.738 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=abe6f15b-219f-489a-8414-30f5724e480f --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=5972 --field-trial-handle=2348,i,13374249178495176665,14543951957011895278,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.1.5.738 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=abe6f15b-219f-489a-8414-30f5724e480f --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=3856 --field-trial-handle=2348,i,13374249178495176665,14543951957011895278,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.1.5.738 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=abe6f15b-219f-489a-8414-30f5724e480f --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=4940 --field-trial-handle=2348,i,13374249178495176665,14543951957011895278,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.1.5.738 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=abe6f15b-219f-489a-8414-30f5724e480f --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=6520 --field-trial-handle=2348,i,13374249178495176665,14543951957011895278,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.1.5.738 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=abe6f15b-219f-489a-8414-30f5724e480f --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=6600 --field-trial-handle=2348,i,13374249178495176665,14543951957011895278,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.1.5.738 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=abe6f15b-219f-489a-8414-30f5724e480f --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=7440 --field-trial-handle=2348,i,13374249178495176665,14543951957011895278,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.1.5.738 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=abe6f15b-219f-489a-8414-30f5724e480f --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=7576 --field-trial-handle=2348,i,13374249178495176665,14543951957011895278,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.1.5.738 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=abe6f15b-219f-489a-8414-30f5724e480f --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=2604 --field-trial-handle=2348,i,13374249178495176665,14543951957011895278,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.1.5.738 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=abe6f15b-219f-489a-8414-30f5724e480f --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=7116 --field-trial-handle=2348,i,13374249178495176665,14543951957011895278,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.1.5.738 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=abe6f15b-219f-489a-8414-30f5724e480f --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=7124 --field-trial-handle=2348,i,13374249178495176665,14543951957011895278,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.1.5.738 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=ru --service-sandbox-type=none --user-id=abe6f15b-219f-489a-8414-30f5724e480f --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Утилиты Windows" --mojo-platform-channel-handle=5740 --field-trial-handle=2348,i,13374249178495176665,14543951957011895278,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.1.5.738 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=ru --service-sandbox-type=none --user-id=abe6f15b-219f-489a-8414-30f5724e480f --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Утилиты Windows" --mojo-platform-channel-handle=6924 --field-trial-handle=2348,i,13374249178495176665,14543951957011895278,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.1.5.738 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=ru --service-sandbox-type=none --user-id=abe6f15b-219f-489a-8414-30f5724e480f --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Импорт профилей" --mojo-platform-channel-handle=1140 --field-trial-handle=2348,i,13374249178495176665,14543951957011895278,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.1.5.738 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=ru --service-sandbox-type=none --user-id=abe6f15b-219f-489a-8414-30f5724e480f --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Импорт профилей" --mojo-platform-channel-handle=6924 --field-trial-handle=2348,i,13374249178495176665,14543951957011895278,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.1.5.738 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=ru --service-sandbox-type=none --user-id=abe6f15b-219f-489a-8414-30f5724e480f --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Импорт профилей" --mojo-platform-channel-handle=3024 --field-trial-handle=2348,i,13374249178495176665,14543951957011895278,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.1.5.738 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=service --user-id=abe6f15b-219f-489a-8414-30f5724e480f --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Распаковщик файлов" --mojo-platform-channel-handle=4668 --field-trial-handle=2348,i,13374249178495176665,14543951957011895278,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.1.5.738 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=abe6f15b-219f-489a-8414-30f5724e480f --brand-id=yandex --partner-id=pseudoportal-ru --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=7088 --field-trial-handle=2348,i,13374249178495176665,14543951957011895278,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version /prefetch:1

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=ru --service-sandbox-type=none --user-id=abe6f15b-219f-489a-8414-30f5724e480f --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Импорт профилей" --mojo-platform-channel-handle=4548 --field-trial-handle=2348,i,13374249178495176665,14543951957011895278,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.1.5.738 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=ru --service-sandbox-type=none --user-id=abe6f15b-219f-489a-8414-30f5724e480f --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Импорт профилей" --mojo-platform-channel-handle=6776 --field-trial-handle=2348,i,13374249178495176665,14543951957011895278,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --brver=24.1.5.738 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 crl.globalsign.com udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 133.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 216.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 151.101.2.133:80 crl.globalsign.com tcp
US 151.101.2.133:80 crl.globalsign.com tcp
US 151.101.2.133:80 crl.globalsign.com tcp
US 8.8.8.8:53 adadis.yandex.net udp
US 8.8.8.8:53 clck.yandex.ru udp
RU 87.250.251.14:80 clck.yandex.ru tcp
US 8.8.8.8:53 downloader.yandex.net udp
US 8.8.8.8:53 14.251.250.87.in-addr.arpa udp
RU 5.45.205.241:80 downloader.yandex.net tcp
US 8.8.8.8:53 cachev2-ams02.cdn.yandex.net udp
US 8.8.8.8:53 241.205.45.5.in-addr.arpa udp
NL 5.45.247.52:80 cachev2-ams02.cdn.yandex.net tcp
US 8.8.8.8:53 52.247.45.5.in-addr.arpa udp
US 8.8.8.8:53 cachev2-kiv03.cdn.yandex.net udp
RU 5.45.192.185:80 cachev2-kiv03.cdn.yandex.net tcp
RU 87.250.251.14:80 clck.yandex.ru tcp
RU 87.250.251.14:80 clck.yandex.ru tcp
US 8.8.8.8:53 soft.export.yandex.ru udp
RU 87.250.254.20:80 soft.export.yandex.ru tcp
US 8.8.8.8:53 185.192.45.5.in-addr.arpa udp
US 8.8.8.8:53 20.254.250.87.in-addr.arpa udp
RU 87.250.251.14:80 clck.yandex.ru tcp
RU 87.250.251.14:80 clck.yandex.ru tcp
US 8.8.8.8:53 www.yandex.ru udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
RU 77.88.55.88:443 www.yandex.ru tcp
RU 77.88.55.88:443 www.yandex.ru tcp
US 8.8.8.8:53 88.55.88.77.in-addr.arpa udp
US 8.8.8.8:53 www.ya.ru udp
RU 5.255.255.242:443 www.ya.ru tcp
RU 5.255.255.242:443 www.ya.ru tcp
US 8.8.8.8:53 ya.ru udp
RU 5.255.255.242:443 ya.ru tcp
RU 5.255.255.242:443 ya.ru tcp
RU 87.250.251.14:80 clck.yandex.ru tcp
US 8.8.8.8:53 api.browser.yandex.net udp
US 8.8.8.8:53 api.browser.yandex.ru udp
US 8.8.8.8:53 download.cdn.yandex.net udp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 5.45.205.244:443 download.cdn.yandex.net tcp
US 8.8.8.8:53 sso.passport.yandex.ru udp
RU 213.180.204.24:443 sso.passport.yandex.ru tcp
RU 213.180.204.24:443 sso.passport.yandex.ru tcp
US 8.8.8.8:53 242.255.255.5.in-addr.arpa udp
US 8.8.8.8:53 244.205.45.5.in-addr.arpa udp
US 8.8.8.8:53 234.193.180.213.in-addr.arpa udp
RU 5.45.192.185:443 cachev2-kiv03.cdn.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
US 8.8.8.8:53 sso.ya.ru udp
RU 213.180.204.24:443 sso.ya.ru tcp
RU 213.180.204.24:443 sso.ya.ru tcp
US 8.8.8.8:53 24.204.180.213.in-addr.arpa udp
US 8.8.8.8:53 yastatic.net udp
RU 178.154.131.216:443 yastatic.net tcp
RU 178.154.131.216:443 yastatic.net tcp
RU 178.154.131.216:443 yastatic.net tcp
RU 178.154.131.216:443 yastatic.net tcp
RU 178.154.131.216:443 yastatic.net tcp
RU 178.154.131.216:443 yastatic.net tcp
US 8.8.8.8:53 mc.yandex.ru udp
RU 87.250.251.119:443 mc.yandex.ru tcp
RU 87.250.251.119:443 mc.yandex.ru tcp
US 8.8.8.8:53 216.131.154.178.in-addr.arpa udp
RU 178.154.131.216:443 yastatic.net tcp
RU 178.154.131.216:443 yastatic.net tcp
US 8.8.8.8:53 119.251.250.87.in-addr.arpa udp
RU 178.154.131.215:443 yastatic.net tcp
RU 77.88.21.119:443 mc.yandex.ru tcp
US 8.8.8.8:53 mc.yandex.com udp
RU 93.158.134.119:443 mc.yandex.com tcp
RU 93.158.134.119:443 mc.yandex.com tcp
US 8.8.8.8:53 119.21.88.77.in-addr.arpa udp
US 8.8.8.8:53 215.131.154.178.in-addr.arpa udp
US 8.8.8.8:53 119.134.158.93.in-addr.arpa udp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
US 20.231.121.79:80 tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 api.browser.yandex.ru udp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
US 8.8.8.8:53 yandex.ru udp
RU 77.88.55.88:443 yandex.ru tcp
RU 77.88.55.88:443 yandex.ru tcp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 17.143.109.104.in-addr.arpa udp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
US 8.8.8.8:53 storage.ape.yandex.net udp
RU 87.250.251.66:443 storage.ape.yandex.net tcp
US 8.8.8.8:53 api.browser.yandex.ru udp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
US 8.8.8.8:53 66.251.250.87.in-addr.arpa udp
US 8.8.8.8:53 sba.yandex.net udp
US 8.8.8.8:53 sba.yandex.net udp
US 8.8.8.8:53 update.googleapis.com udp
US 8.8.8.8:53 update.googleapis.com udp
DE 172.217.16.195:443 update.googleapis.com tcp
RU 93.158.134.232:443 sba.yandex.net tcp
US 8.8.8.8:53 sovetnik.market.yandex.ru udp
US 8.8.8.8:53 sovetnik.market.yandex.ru udp
US 8.8.8.8:53 browser.yandex.ru udp
US 8.8.8.8:53 browser.yandex.ru udp
RU 93.158.134.121:443 browser.yandex.ru tcp
RU 87.250.250.41:443 sovetnik.market.yandex.ru tcp
US 8.8.8.8:53 api.browser.yandex.net udp
US 8.8.8.8:53 api.browser.yandex.net udp
RU 213.180.193.234:443 api.browser.yandex.net tcp
US 8.8.8.8:53 api.browser.yandex.ru udp
US 8.8.8.8:53 api.browser.yandex.ru udp
RU 93.158.134.232:443 sba.yandex.net tcp
US 8.8.8.8:53 browser-resources.s3.yandex.net udp
US 8.8.8.8:53 browser-resources.s3.yandex.net udp
RU 93.158.134.158:443 browser-resources.s3.yandex.net tcp
RU 93.158.134.158:443 browser-resources.s3.yandex.net tcp
RU 93.158.134.158:443 browser-resources.s3.yandex.net tcp
US 8.8.8.8:53 storage.mds.yandex.net udp
US 8.8.8.8:53 storage.mds.yandex.net udp
RU 213.180.204.158:443 storage.mds.yandex.net tcp
US 8.8.8.8:53 browser-resources.s3.yandex.net udp
US 8.8.8.8:53 browser-resources.s3.yandex.net udp
RU 93.158.134.158:443 browser-resources.s3.yandex.net tcp
US 8.8.8.8:53 195.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 232.134.158.93.in-addr.arpa udp
US 8.8.8.8:53 121.134.158.93.in-addr.arpa udp
US 8.8.8.8:53 41.250.250.87.in-addr.arpa udp
US 8.8.8.8:53 123.35.104.34.in-addr.arpa udp
US 8.8.8.8:53 yastatic.net udp
US 8.8.8.8:53 yastatic.net udp
RU 93.158.134.121:443 browser.yandex.ru tcp
RU 178.154.131.216:443 yastatic.net tcp
RU 178.154.131.216:443 yastatic.net tcp
RU 178.154.131.216:443 yastatic.net tcp
RU 178.154.131.216:443 yastatic.net tcp
RU 178.154.131.216:443 yastatic.net tcp
RU 178.154.131.216:443 yastatic.net tcp
RU 178.154.131.216:443 yastatic.net tcp
RU 178.154.131.216:443 yastatic.net tcp
RU 178.154.131.216:443 yastatic.net tcp
RU 178.154.131.216:443 yastatic.net tcp
RU 178.154.131.216:443 yastatic.net tcp
RU 178.154.131.216:443 yastatic.net tcp
RU 178.154.131.216:443 yastatic.net tcp
RU 178.154.131.216:443 yastatic.net tcp
US 8.8.8.8:53 158.134.158.93.in-addr.arpa udp
US 8.8.8.8:53 158.204.180.213.in-addr.arpa udp
US 8.8.8.8:53 webntp.yandex.ru udp
US 8.8.8.8:53 webntp.yandex.ru udp
RU 213.180.204.196:443 webntp.yandex.ru tcp
US 8.8.8.8:53 mc.yandex.ru udp
US 8.8.8.8:53 mc.yandex.ru udp
RU 87.250.251.119:443 mc.yandex.ru tcp
US 8.8.8.8:53 uid.yandex.ru udp
US 8.8.8.8:53 uid.yandex.ru udp
US 8.8.8.8:53 api.browser.yandex.ru udp
US 8.8.8.8:53 api.browser.yandex.ru udp
US 8.8.8.8:53 sso.passport.yandex.ru udp
US 8.8.8.8:53 sso.passport.yandex.ru udp
RU 213.180.204.24:443 sso.passport.yandex.ru tcp
RU 213.180.204.24:443 sso.passport.yandex.ru tcp
RU 87.250.254.216:443 uid.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
US 8.8.8.8:53 196.204.180.213.in-addr.arpa udp
US 8.8.8.8:53 mc.yandex.com udp
US 8.8.8.8:53 mc.yandex.com udp
US 8.8.8.8:53 sso.ya.ru udp
US 8.8.8.8:53 sso.ya.ru udp
US 8.8.8.8:53 sso.dzen.ru udp
US 8.8.8.8:53 sso.dzen.ru udp
RU 62.217.160.14:443 sso.dzen.ru tcp
RU 213.180.204.24:443 sso.ya.ru tcp
US 8.8.8.8:53 yandex.ru udp
US 8.8.8.8:53 yandex.ru udp
RU 5.255.255.77:443 yandex.ru tcp
RU 5.255.255.77:443 yandex.ru tcp
US 8.8.8.8:53 14.160.217.62.in-addr.arpa udp
US 8.8.8.8:53 216.254.250.87.in-addr.arpa udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 77.255.255.5.in-addr.arpa udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google udp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
N/A 224.0.0.251:5353 udp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 5.255.255.242:443 ya.ru tcp
RU 77.88.21.37:443 tcp
RU 213.180.204.158:443 storage.mds.yandex.net tcp
RU 213.180.204.158:443 storage.mds.yandex.net tcp
RU 213.180.204.158:443 storage.mds.yandex.net tcp
RU 213.180.204.158:443 storage.mds.yandex.net tcp
RU 213.180.204.158:443 storage.mds.yandex.net tcp
RU 213.180.204.158:443 storage.mds.yandex.net tcp
US 8.8.8.8:53 211.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 37.21.88.77.in-addr.arpa udp
US 8.8.8.8:53 yandex.ru udp
US 8.8.8.8:53 yandex.ru udp
RU 178.154.131.216:443 yastatic.net tcp
RU 77.88.55.88:443 yandex.ru tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 api.browser.yandex.ru udp
US 8.8.8.8:53 api.browser.yandex.ru udp
RU 213.180.193.234:80 api.browser.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
US 8.8.8.8:443 dns.google udp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
RU 178.154.131.216:443 yastatic.net tcp
US 8.8.8.8:53 avatars.mds.yandex.net udp
US 8.8.8.8:53 avatars.mds.yandex.net udp
US 8.8.8.8:53 favicon.yandex.net udp
US 8.8.8.8:53 favicon.yandex.net udp
RU 77.88.21.36:443 favicon.yandex.net tcp
RU 87.250.247.181:443 avatars.mds.yandex.net tcp
US 8.8.8.8:53 36.21.88.77.in-addr.arpa udp
US 8.8.8.8:53 181.247.250.87.in-addr.arpa udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google udp
DE 172.217.16.195:443 update.googleapis.com udp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\{5B964E0E-B9A3-4276-9ED9-4D5A5720747A}\YandexSearch.msi

MD5 6f305dca0e175b63e4500f7b0aafdda1
SHA1 491d7a8ad0d4dca128747be398eed2359a0085fd
SHA256 9e3d058b6ff2164f1cd9925016a8eef1bb13130b603a3b19372e9517285205c4
SHA512 73b2a80a8126ee8a8e2fc214966b4ff2476e0ac621b2b2765d75b46b9402d922f3a847ed43e6f6d9af90dfc2ac227765a5554ea8b8d752cb28dfe58cd8546e2b

C:\Users\Admin\AppData\Local\Temp\YandexSearch00000.log

MD5 0b36083e5752505bbe3236d27309f099
SHA1 51c0872eed7e6ee20efa5e0b3cc892b25873cf28
SHA256 ee8b1337ae5a0d76786bfabf87cc97e1f4671d5b7ff87e6af84219aeedce769d
SHA512 d0759d51d0979a6c315ce594cab302336f2d60b842c17cc99bfb09350bd9e919f5e501f4798088f46778970e76c308d6b5fde7e4702e6e279cf1c1560fd0a94e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B0B1E3C3B1330A269DBEE4BA6313E7B4

MD5 2ffbdb98df2a2b022a48adeb94a3af50
SHA1 6c86923b5c5832bb102f041cb7d38db397074f12
SHA256 dd12c5733bc4b682e1da6353c8c27650f53d11a8ada8fd8a2d06f23cecae5ebd
SHA512 a5f29661ac78ea205dd945fcc53e015152277426af4bcce688231ca1a564dc49144b2953409651737733fec72e9042468c780917543c007d7de74ed44058dbfb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B0B1E3C3B1330A269DBEE4BA6313E7B4

MD5 db67c8886e319e41244e53bff18ce556
SHA1 1ae3ad8634339b3a61b3f4e2aaf2f737ff660c1a
SHA256 f63f96d1079bd32c9f6d9efb307c7aff1430305fa89be5f4cd2f7c622e167a04
SHA512 899ffc73d4fc30e76f3168f5826c80b751876ed8a1482f7eb21628bcdde22f32671e76e0032a95a7874e34d7667ed1b08328c0404369aac8790e0eaf6ff154f1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DDA81A73291E20E6ACF6CACA76D5C942_4EA93225B46C4B45501FF0DDE9E306D0

MD5 5bfa51f3a417b98e7443eca90fc94703
SHA1 8c015d80b8a23f780bdd215dc842b0f5551f63bd
SHA256 bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128
SHA512 4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DDA81A73291E20E6ACF6CACA76D5C942_4EA93225B46C4B45501FF0DDE9E306D0

MD5 4f1948454288c0fb087544c845f80f1f
SHA1 536dc9856f5ef379851b496b4578fb5a6060f8ed
SHA256 b3e541ed213e7accf305686b45e37236ac544dab5e5a333f04b31de209a90710
SHA512 8e488ce7ad6e86c2b15792417fafa6707ac0d97c4d3944664392e5837027ba55a240282eb0eb91d6b856870f702d36519915381a20c179ed8130d6e6721b55ae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_A026C9CD7BA14377D055F4A2325D4501

MD5 401fe33f7613543aab0a99f1104da8d1
SHA1 17cbf2bd7f31530aa5699291df9f14df61a3b50e
SHA256 5a9f6247334712a7e057789672694b8fd0728a9a57cf8f4d38187489bd6f5ffe
SHA512 001da550d0b27c31c577c7e6c13d65dd9e93b6a73af6b86b1e29bd5df99300ee563f363021a7cb6d7a663535b1b0dcfe23fa3f333b270c9f228ad0c5ef9b2435

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_A026C9CD7BA14377D055F4A2325D4501

MD5 20ed51b7bd1a44b2e17a1b4e92e2afa0
SHA1 d97b73e77c0b3bc96b80b20ebde8190ec0e3c635
SHA256 c23b3e5792bc0256cd5006bfb736d2bf5856aa09ee83b80e29326d89f07f9264
SHA512 d3130190397567040c9785113579003ba1aea6a2c5db7ee3a3aed28ec43c3a015be9c415a2111e534040a5d7ae40f031fc5f16c9f23fbcc2e39f3e3f9354690b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\769F85394FB15C375FF89A7488274D5B_22252D7CC6CD0EA80FCE3FF30A53AFB2

MD5 f2a089d97a19bcf6463a44acb111560e
SHA1 01989e7fee210e16754824ebaf111a18e4ec774c
SHA256 b17deee118e3381c49803db44ed6163a5534d920583adbad98237cc4a31ef31b
SHA512 328a26e42b6f14af62967f1b74f00983e00db1a030b6fe3c5db9af186c9f38d7027b1937e6e493299dc7f376326f451c576793e33bf603d65bdc608cf831aae2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_4BB72A60CF9C652B353353202101C0E4

MD5 ae714c472832d03f94da71a13b97ac46
SHA1 f96d6dcb1ba2eccdda154d6ec7015f547486b874
SHA256 8320d075f49c73ab4ef59dd4e8d09dbc3846901fc8f48ad2bb92d5d3042d7dde
SHA512 d3290b7949b5a2921fe84a268fd376771b13df6ba061c568e02d4a21adf621405617b4b55b5d40aa96513cfdcf7137f72dd9a0424ccd89da79f95026c1034bc4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\769F85394FB15C375FF89A7488274D5B_22252D7CC6CD0EA80FCE3FF30A53AFB2

MD5 e21eff054a7ccef0d7cbe87ba35c6e38
SHA1 be3d4d71d7c6d9156d576e9fdd3ca78ec8df6404
SHA256 1fcecc45c98e2935bdb3bcd1f3d799ff483de8f7902cd773de17da5cd4b67c0e
SHA512 4ecf742cfb1022be895b4fc007ea1f286646349a03f2130e4d7f22ead5156a8cf29d600bcbda190ddc05cfc9079c549f7cf6454953de47a17f0f9b81cff9bd2c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_4BB72A60CF9C652B353353202101C0E4

MD5 13fc1e4900c3177cab1bcb37f514d0ea
SHA1 430ee23edeedf546e20ceb557ba292821abd0068
SHA256 688271cc97035bbb3231b5fc9ba773da830abd2f32b1b39c59790b0e394c69ba
SHA512 9cb506f6227fa81631777bbf7bc321c6a150cb7e906b1dd27032d1d999faf6c154922c2cc05a4b925a5fab74bdc422ace212664a16091e2bb0d8dd0ad29216b1

C:\Windows\Installer\MSI3EBE.tmp

MD5 694a088ff8fa0e3155881bb6500868bc
SHA1 096626661b9bcb3b3197b92e7e3c4e77ad4b2df4
SHA256 6f3a5bbd29f669712d6c2c7e5174dea6807cb86fda293acbe360bde81d29a633
SHA512 bd3a9cdf9ea591d462be8e00e9bc44c391897c40d598ada19f0377f3a6aea97aba03627d97d6362edbb81763fe3c7570d07bdfd5a004dd9e7af4531bc490bdeb

C:\Windows\Installer\MSI3F1D.tmp

MD5 c3a831564e7b54fb7b502b728e232542
SHA1 82a4f969b1f19dc6489e13d357ccad9fef4837ab
SHA256 43097d66f86e3a1103d4cc7c410e46daba8d1a7a991ab6c222d41bd2620c19ca
SHA512 4855ca4429974a0b111d42b86cb8f89188310aaaf9174b4cf462a968163c8b92e38d4a519c78133301b341be5cd02e34b55b55575e84f0d01c2cd11ae74cce05

C:\Users\Admin\AppData\Local\Temp\vendor00000.xml

MD5 6ba6c6229c9ff245937f39dd75a8e524
SHA1 861daa91d14ff23b50f7f694e962dc6d6caafece
SHA256 d2081a499ddf4bba9089851139a66fe0c844830780310c4ac2bdc78d61344705
SHA512 cb609ae13a87cc1b061770958073d0ec601016058655b157c49b63b337e8068485ef3354613b7e68072194530c4f8d5f78338ca469a0711b95e9740a5e6f8266

C:\Users\Admin\AppData\Local\Temp\FEF03431-ADA4-4B97-9EAE-38BD869654EA\lite_installer.exe

MD5 28b10eff9b78787aa18e424fd9319064
SHA1 0bd2bc3665e8988567607460ea6bfc51d45d4d5c
SHA256 dbbbf54115fb97f777180f67ee341cf16803ed6e85bf9af60ea13d9b99be362d
SHA512 a908a231c9db21767066ab13ec4a8ac451bc978f5d8bccf5032e5ecbcaa996c7e2afff0121036cc184a3c19a4caf542bb15dbe6ad6dae16c422f6ac6bc5a791a

C:\Windows\Installer\MSI4109.tmp

MD5 ba84dd4e0c1408828ccc1de09f585eda
SHA1 e8e10065d479f8f591b9885ea8487bc673301298
SHA256 3cff4ac91288a0ff0c13278e73b282a64e83d089c5a61a45d483194ab336b852
SHA512 7a38418f6ee8dbc66fab2cd5ad8e033e761912efc465daa484858d451da4b8576079fe90fd3b6640410edc8b3cac31c57719898134f246f4000d60a252d88290

C:\Users\Admin\AppData\Local\Temp\51BE03F2-B667-4F21-A337-DE971BD013BE\seederexe.exe

MD5 6df2e368846222aef04e596d9ea43aac
SHA1 57b59e1002d9d971fc504df0493d5ac54380027b
SHA256 f4adf79355ff21c11faf8283d06e28013478834a64d9473d27194f4dbcfed359
SHA512 a40636178285fa12b1b6f99802fdfd3b569c674b1864f5c6893ccb6a48c90232539704da8ea478457ead39c1f94c319467b41142c8aa26473a280c4fb329f662

C:\Users\Admin\AppData\Local\Temp\clids-yasearch.xml

MD5 55690eecfa6af686fa5f18033ed8ed26
SHA1 fac531f7b67bac1d4daf9fac601e6a6d5d316b83
SHA256 4ddb3973f44e60e76cea2fb2179ce27f1730a2d74a9ae69241160b79d4165df7
SHA512 18c21f3ee89a904aec97fd2d90aba3922584c23a455d95c44e3efc20692944f49b74ecbb4f72963a682eb041ab5a3524954507e4582ac41fb1a86566a3578ba9

C:\Users\Admin\AppData\Local\Temp\omnija-20241007.zip

MD5 5bd929cad944a8e8af51a118495d42fd
SHA1 4d68508d28fb9444863300f789ffe7ef19949eda
SHA256 e4f9c28c2957e8fa60c800801a93aef46a924b0cfe26c6ecd3f029442928b187
SHA512 5030e5c6eb0b5f27412ac238417676573c70cab2ba9faeff8e903e75269e2dbc0f4c3cab155ef2ff9acfccc233ac1ee15590aeee0c8c06bd9359d0d798844cfc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l21he39w.Admin\places.sqlite-2024100752.899717899.backup

MD5 d57cd95de07d3b15eb5cf8baa80471af
SHA1 322c0e13f2022ab255a8d2a50c5835779b6ccc3e
SHA256 651efdc8961efbf6476e4cc4b3965a4da72690ebedda009fd800c6d936a67696
SHA512 2e98256a9e76ae384f88b83075a321f60cb13ee6f7e8cb93f1919103b82ba79a67b5eec8a7d3043fe26b377fae58545e82323813897c0e67adfacaa885d6f68e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\on1px6pk.default-release\thumbnails\d88a3c47950098e028e499c97d67208d

MD5 af80a936c10e18de168538a0722d6319
SHA1 9b1c84a1cf7330a698c89b9d7f33b17b4ba35536
SHA256 2435c0376fca765b21d43e897f4baa52daa0958a7015d04103488c606c99d1d3
SHA512 9a1325c8ce05806e5c161a4cf47239f62baad8f79650fbd713e74928fce8171ced10ba7f24fac46c548e1dbf3f64106270cb25ca88c836c870107f5dc1f97879

C:\Users\Admin\AppData\Local\Temp\8aa592e7-a3a6-42b2-bf86-706adb45eb61\[email protected]

MD5 e68cea8c6d4b16641f30dd930a952ebb
SHA1 7e8c4b51e6e56f35a2983ab6cb121341aeda565c
SHA256 a7f3f788323a12158d66f341c4711d71fc2244a2b07a68fb8df4baec0ff76f35
SHA512 96351e36a4c5020ed464b96b72bb3063db819981440bde7c6c3a50f7fe470e1d70f0350ec7c4bcd4808fcabe2ddfbdebfc7039ae2248c1455e2245f53ce44ec0

C:\Users\Admin\AppData\Local\Temp\8aa592e7-a3a6-42b2-bf86-706adb45eb61\[email protected]

MD5 856242624386f56874a3f3e71d7993f4
SHA1 96d3199c5eebb0d48c944050fbc753535ee09801
SHA256 d86ed80d2a9e4e1af843a991a6553a2fefd5433b2144be0cfb63a2f18deb86be
SHA512 76d440fe2ed535677a1d249b289463bfedfc5d2afc0e269e4593bb113393f165856c07117735cf3e5a230b5d04a61c7126df24a466594d8c27b47b2047834a09

C:\Users\Admin\AppData\Local\Temp\8aa592e7-a3a6-42b2-bf86-706adb45eb61\[email protected]

MD5 5a40649cf7f6923e1e00e67a8e5fc6c8
SHA1 fc849b64b31f2b3d955f0cb205db6921eacc1b53
SHA256 6d432ba7096090837f9533a33a686c846ad67aed8ecc43af7ce8af42649cd51a
SHA512 0fc42a2cc61528b14478f4b9ae098ea90e6b05ddbe10f3a6cdd6326d0d8e6185b49d2b8143b76a9f329bdc277cf02b54d98f374edd65df68a1ffc41e1c817786

C:\Users\Admin\AppData\Local\Temp\8aa592e7-a3a6-42b2-bf86-706adb45eb61\[email protected]

MD5 ab6d42f949df8d7e6a48c07e9b0d86e0
SHA1 1830399574b1973e2272e5dcc368c4c10dbbe06b
SHA256 205ebf52c47b42fa0ad1a734a1d882d96b567e15a32b19bdb907562db8ea09e2
SHA512 6c4f9bb726384c87b6523e08339f7821ad4ec8717b26db902ca51df74eb89b46e4ded1504a131683b07b2bba3e6e911a549a8a83b2aad3971047c0fe315a1ad5

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Services\yandex.ru.ico

MD5 534409dface053e62660de921ddc600d
SHA1 bd3dcb399327b1d5a2d53ab24e0217d9f524ab62
SHA256 38a3749cdb839c84168f23a9ee46cfd73d482e923bf2c6b4339184b4c93f91fb
SHA512 f58d2192660472e7cfb3c139c145c37f52aba993e2035afebe729a4ba08cf000d18f58cf20d77239cfad3adc278843238307fd0fba96c387e3f4cbbe84cd6b95

C:\Users\Admin\AppData\Roaming\Yandex\ui

MD5 f434c2dead292ee0ccdacc517ea861b8
SHA1 8a8911ec26eb19da62fe75cfa8be43ca783e156d
SHA256 e0fa026711dc14b638ee998ce81d8803b787b640dff4cf85aa93a2fda7ea9aba
SHA512 841d15d1247c742a71c1f837622b77e1c744c56f7c88b69f2716afcead9e456534d5dc5d4afefddd7651eddd72184220794f7e212e01f0a28a34b72845de0a86

C:\Users\Admin\AppData\Local\Temp\fa38c45e-2274-4c07-b8aa-445c6d7c4d20\market-455x256.png

MD5 2d0a37bb716f9ad9fb916eb8b08d34c4
SHA1 48658fb5f716478bcfa239ba635589184edc33cf
SHA256 a08d93fef42579ebf000b3496ae50837ba14024fd07df04304534de480c72a1c
SHA512 15216319722cd68b7e0018cfd360a3ef3ba512a0686646677b51f4926ee8290f984e72fdd5a815dc5fdfc7170e8d9b2f207413574c96c7189291140475fe959b

C:\Users\Admin\AppData\Local\Temp\fa38c45e-2274-4c07-b8aa-445c6d7c4d20\realty-455x256.png

MD5 e05d28ab78d61968a7132eafe61f54b4
SHA1 dcf260ab7cdea7b6fc934e54765c964c1a20bd36
SHA256 cbd302b0ea2218f495b9f0a814f34733f2c5f13a6634d74c6e85a5c0863b5621
SHA512 ebea612bf803692fa3c7b2573c58f2e43fba0f7039e01b57203978cf69b6f8ca538b563791a760a7e901bb5e392879bd57bdbdb69b6a3781a3886fc0c01eddc0

C:\Users\Admin\AppData\Local\Temp\fa38c45e-2274-4c07-b8aa-445c6d7c4d20\avia-16_32.ico

MD5 ea2ba476fbd8cf3934ff9588cba47a4d
SHA1 144934dad6011ef7653a8de1ff6e34d26f4ac28f
SHA256 333087b7e339015c1f5b3b3bbc1e731372e18da46251f25210c593972cdb12c0
SHA512 179f8602630db1e6d31ae7548f4abd2d811e6900a46967869f351bc62c29cfd8c97a86e254c4c284e4597c3985d0181cdd3f0265a71533b86b0669b1c7a22778

C:\Users\Admin\AppData\Local\Temp\fa38c45e-2274-4c07-b8aa-445c6d7c4d20\morda-16.ru.png

MD5 6598ec195a698f7a2357084feeeac32b
SHA1 53c3233918c7c112b06fb8686cd6457e230bcd52
SHA256 a9da765a6272037d446afb7d817bed85f08d6b06b380eb6aac7866a99cdc643a
SHA512 fe7398f53d770a4d779af2cef2e323f891323302e7632a6954001be2708748c596094fef7351a078b724f133b62d0fc6a673d17801581af7036a100462027a51

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Bookmarks

MD5 3adec702d4472e3252ca8b58af62247c
SHA1 35d1d2f90b80dca80ad398f411c93fe8aef07435
SHA256 2b167248e8136c4d45c2c46e2bff6fb5e5137dd4dfdccde998599be2df2e9335
SHA512 7562e093d16ee6305c1bb143a3f5d60dafe8b5de74952709abc68a0c353b65416bf78b1fa1a6720331615898848c1464a7758c5dfe78f8098f77fbfa924784c0

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Preferences

MD5 af006f1bcc57b11c3478be8babc036a8
SHA1 c3bb4fa8c905565ca6a1f218e39fe7494910891e
SHA256 ed6a32e11cc99728771989b01f5ae813de80c46a59d3dc68c23a4671a343cb8c
SHA512 3d20689b0f39b414349c505be607e6bfc1f33ac401cf62a32f36f7114e4a486552f3e74661e90db29402bb85866944e9f8f31baba9605aa0c6def621511a26af

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l21he39w.Admin\searchplugins\yandex.ru-20241007.xml

MD5 82d5673ea55f71fb47812b934f85cbc5
SHA1 87a2768211b78f2ccf0c8a0b37dc0d8aa74440cd
SHA256 cd9060746c3360ef788ab4455c548fa403a24f4dd558e2aedc721b04cdf16db6
SHA512 80ab3b3a2456617e5944b59487511b233a9509d3328c6fcf95bf65286e5cb77b9ed3a265458cd4b7bf5dc992d16bef7212ad2de52f965d623a070999dfc27382

C:\Users\Admin\Favorites\Links\Яндекс.url

MD5 61fe909162ddd48df6d02ee151b025af
SHA1 d771666db0f7ee35a9ee6b2e41693cc7c7943b0e
SHA256 a5feafc9b069b4773186c63fc68dc4e79cf91d660bdcec7c62e2cbabdf4f8c28
SHA512 90ea0c0e761e938f3abe0b52b5fbc097d06559f5db802904c53e24afe5716857d025a34839fcb76b73a5f9d08233d9725729c854958c65cb23062bf0844588b2

C:\Users\Admin\Favorites\Links\Авиабилеты.url

MD5 d361288506e1e8487be12d84b8c64b69
SHA1 270571c1a858d696206c7ad91ec457519c66211e
SHA256 f5d77d897e4fc08bbdb0d13dae64873b493fb99bb19504d942e6d7d2f8d81e4c
SHA512 25f5d9496588b76eac3915cd94e3b083ddaa98c525fb9bbaa1b0a04367e1184f2629533c241172941b913ed1a89326b7f12dbacb5595cb4b2394bf9883afe111

C:\Users\Admin\AppData\Local\Temp\omnija-20241007.zip

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Roaming\Yandex\clids-yabrowser.xml

MD5 66ce27bfa6e51392a2b1f72d8017479e
SHA1 2d4ee200a4ce73cdaf643373ff814e3c026f123e
SHA256 8a169b18dfe097651f8e4edbab7866228a64b28ef42a54bc4e4b29110d429127
SHA512 4b0e9aaaee38cc710d5ba168dc41cba59bd076f9614aad3aafba2e474c7f1bef096fb7b162381b4ccd73feee7f0315d59d0a1b4475ecb9d26efaec708d973b40

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Bookmarks

MD5 89daf9c2bb05859d030c1ae50180e921
SHA1 1a38d6711b48c1edb44d9405a33894b19dae3d33
SHA256 4d4db2c15e4cc0ebc603c0a58dc2e1e131a625a80b3ce21dfadc47724660d88d
SHA512 8d4d0bf240ab9f2795e92483637c4d185532b5d9a94ef8f7ef8dd57c878a9734a33937ba44e0d25a5e3e0905ec74dad44a0e205a306ab8e4e504e6bd5e241643

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\places.sqlite

MD5 9d55dbf21bb02bd9594a21fd73232554
SHA1 4c12f89746905de123a9bdf55a66e0f209ae9bd5
SHA256 ca08348e9adc1172fb5d04f6d02b1fb24865accb38210a2c07d4d0d4928039fa
SHA512 878f41c6d256b2f3cdef8b8ea5bfa1eac5abb5ddd2c2de2542f76e626c7436d173defeb4d7671eb1e9636c594c7f1942306bf63f9f54d1ae47e34ecc2f7135e7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l21he39w.Admin\places.sqlite

MD5 007acadb3b3a7c014eb5e0705e04b5b6
SHA1 8797bb8acf6a0c98c8aaaa1b99db882ab02c8df6
SHA256 14943c5aed589a98df43393697dc61e360edd8f3bedbd8ddbf4713b163efb27c
SHA512 feee0a85c2886c7e179c78aac81697fd2d71131c8318d6001bb1902292792e942274a026f584452f395dffb9d94772628642eda1c6ef50ef0d6464463b5425b9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons

MD5 f2e4e03385ded4980b3267dbd78bfddb
SHA1 362553d0cb476773077507038d0f0e7a73fdd89f
SHA256 b13645c1a13dfc8c87039c7857bb4aa9badc6afcd5e852f484b3f233f054baaf
SHA512 20856c196ccff3eb267a99fa80c5dcd17949c1f294efa4fb36591698d3f34db9df19b6721cdebffdc12ba6cf4d2e50f18758d20cdb2dbba063807e2af95bace7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 98f94e5d3be8180913a41d69d758b3b4
SHA1 d2e6171bacefe4de47778726f90fd0a3159ca720
SHA256 3349f6ed8c62d0c6a003f5576224673ce33a3ff3f1e4cc69668864396b86abd2
SHA512 4cea91b0019bcadbd707e2fb718df3bf961ea5bbb52ffe295f38b4ea36dfb8ef494efb40891e25844e7803d75252c19a1899bc29d27919c453941d7d8585d496

C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Яндекс.website

MD5 2b75f3db9e8450587f186512cb506b5f
SHA1 0f509dbe010ee6451d57054cccc3ba74b28f2895
SHA256 9a4c5ed5e26c0b8e5ee54b5df5490c67805d9a18e99814b9da3e8feb0bbffaac
SHA512 cacf014f34ce970ba5b0827a2e8d7b2b74e89d1936e6aae80228be7ce78b364d16994f51b717862cc568959bd440b173b5a0970fb7511c5c0bc9b39f819dee8f

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Preferences

MD5 abd3a9d288ca66aee86c8ee848b34d42
SHA1 97b6c79aab0a9a37ea34584a744eca1b86c60770
SHA256 f28d64eb1fe295416f89ac33ad82ec3df066bb40cd275f01a33d5ed87bbf7b6a
SHA512 40fe1ef6f6615403ae3a462b3331f81e53147a37741f2373656b89e8270455ebe7167f21507881e88b4da08b9a3900978b703a3b416dee4cbf29090f5c47a27c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\prefs.js

MD5 4ea548857f052b23e38ccc2c45447251
SHA1 79f00d5ff98a19b6988c6d14e13759b82f13df14
SHA256 423ff6ddc6eabe045edd84027830efa4c24b29137080b291e269e217aa158389
SHA512 94a343492bbfba0e1d86e22995e6bb73e3693414c92fc90254aa341a9085d3f7395fee0946d379dffdadc3ec2dd3ebe0bb06218f1a51eb34e422aa5226f75552

C:\Users\Admin\AppData\Local\Temp\D0520D08-FD20-4638-B9FA-B1ECE1768A9D\sender.exe

MD5 4ce9460ed83b599b1176c4161e0e5816
SHA1 ca1bd4f28ec3e6f4b0253764e6339e480d3549bd
SHA256 118d277f46df036ffb1ca69d9da7890c65c3807a6e88248f3ba703b0f51cd308
SHA512 1064da56e85d3b0c34c47e9fa0821b2ceb79e338e602e705b7f801c0a1bfb83246c340fa1351fc222216a12968bcc52540e105f186a3ef6f3e7c32348936daf3

C:\Config.Msi\e573cac.rbs

MD5 b5eb8e5421952159113928d9b535dd3c
SHA1 4b6354e4717ca169830e9fa012d6a2303aa44788
SHA256 6bd8e90203beff1a20905f33cbe5beb34b65a30da3ff467eb3f4e21ff0418e44
SHA512 ba459b6f43e54e2b30129f9b522c4efbdc3f408f89eff4b50e19e08488c0d8a6d0c6d60e42cf45aacb0aa7495ced0f491a48e86c4b2247bdd14ed618bd58bb1a

C:\Users\Admin\AppData\Local\Yandex\yapin\Yandex.exe

MD5 ee5d68b0483855bb165f77f7562e54ab
SHA1 07dc9f07a4040ef9d43bf1d4969f172df7815526
SHA256 a9fbbc151bd4d9019fe4b3ff5c6d904451183b398a728654c6072872d99e40ce
SHA512 63c69c2b4df40e55fc70cee71c8905ce6fcedd553db13ac7c4170ab671190274d74fc1fc5784aec361cff47099c11e8a28484bf122c9277d7395c255d3f1a5f5

C:\Users\Admin\AppData\Local\Yandex\yapin\Yandex.lnk

MD5 ee969f5df1b363954b70d74310b02cbe
SHA1 540901448a345711a71e8b5d8a85a196e4bacac4
SHA256 6ea03695c738d7af46e3adc4ab74d2bb3884be0cf4881545d178b2309db054d6
SHA512 6a00365a93e33353c656de59e5b96cfdcfb1392391858af54432bcdfa8bea5356429cd4e5c9f02d32eb3fc15af76e5e21e42b1caa2126eb8601214ece13bf427

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 7cc297bd06370f6fbac340e1ca08b6e4
SHA1 a1e3c5f8b03a519419fc3568471091b784ffd7ab
SHA256 b5e84d9488ed2af4cbfbf9b87c664f65b78cf13a1992b5d0932f9980c82e71c4
SHA512 8fe853e00a0505fb7f00a89ef29764317ad33d4b182e9c80fa2729749749c3812592446d9b367b0f5458c6e95d5120c5ccd9a0fc762e0703af7a1c02a94d1307

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_7DAD5545724AA2C98C55095F428499FB

MD5 ec6bb9e5043f8f41ac696c337ee5c050
SHA1 8212be59d0b92691af4b6ce3beb4bd77d2067c92
SHA256 53cba0f5a0ae234775af4ef0fbf1588c31fca6202b26dfc0c1a3249e853146a2
SHA512 41125c21f409879b990756a201e23dec4673b863db4bd20c7708519c15b5cf037785cba2456553e2d2c5f56164e71cc386cc06913cb4b20d8a55503da9d12af5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_7DAD5545724AA2C98C55095F428499FB

MD5 11085b45d8e2d89cd540d13c932fee60
SHA1 273ae7aff6325bb6f9cae5f762ab4bfd8930d531
SHA256 d10123084f6409d29abd4456a6f787862e88998608cc16a9364f68aa1e40f2b9
SHA512 e3ff3e367febc2deb6dab3fe59b9173b2491fe73a46725902e96f15140ca6d56390806050e3ee50a6f7e2c8960c8f9a36fab8437333145d1e39a30ad1331cbb1

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\FLHBWBTR\ya[1].xml

MD5 05913cb5c2a29605b4440ec57d7fabd5
SHA1 e8c9ffb016f1353483023a4297ac45a0000b2d0f
SHA256 f2fda0f9be9d3eea977f3bbee19b76e338939db4639f69646ae329a2fd15fde2
SHA512 d5fc4759f0e4835d45b389d10fad05b63682e6bad615c1366a5d2373873be2b32198029d2778494f8f1e77e651d2b34032f52aa643e66693cace9317ae2f435f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\FLHBWBTR\ya[1].xml

MD5 4e3d6be1d797d27b06db60523545f7db
SHA1 3376699e94631276c9bf36441c67ad201cda80d7
SHA256 3511f9d7cd3841d6c28b6de4916fa27f66242c9d090527fcbef98e8a7ea06898
SHA512 963b7233ea21433703e7894fcbc997377b271daba21bb6f9fe3bb3e67cd6a1a1e7c951e14e0d262a8316d27ce483a15e10406d6f8b027f716c416ca0a981eec3

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\FLHBWBTR\ya[1].xml

MD5 fd194cc1c47cf367df1e65cac05122e9
SHA1 89efccb68b68a5a802bf1debac1bbd84425fcd9d
SHA256 33996cbcf053e7d486c068067f9dc2693469f25cbf1c2abdc8cb51e05847105f
SHA512 3c7b50a8dd9e6d33e36b7c5157f51e4b79a63b30069b823f6382cf21f8988ecc31c7442c37f69dcc4a8cad7e2d82460ba9426cb051370d60bd15c282b3db62ab

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1YRVVION\a6a296b741b51880ae8a9b04a67cfe3f[1].png

MD5 a36a8925e78ff868c4fe3b743c37c017
SHA1 d2f71980c19c42fe0953cf02b62ab4cd99c855c3
SHA256 c0bfee039c6a5062c75fc3d7c3705abb3f16ab1ec94140ab3f326f0964720046
SHA512 3bdd96f3b206ea51abe9edd7703163636603748b08640d122c7362c150bd9d186929602a0ac88b2ef7f15716559298af3de32ad35ed16fb2022674f3740c4d08

C:\Users\Admin\AppData\Local\Temp\yb67C2.tmp

MD5 7d4a7629dec582b65ea6a710b4aef3ac
SHA1 8562895e4763e68dd4eec72a13b64a22a6318666
SHA256 20eb03c3aacdf59c203a7e09739d7ee343b00c1b3dfccd2803c98b96055730d1
SHA512 17d2825dd1a3b026f1838388586d630b06c0220ebebc48364332ee7fcff4fc07a6fe9c62884244ca1a6913ab3d5124e9aea95498020a9080b20a9f54ad0e98d2

C:\Users\Admin\AppData\Local\Temp\master_preferences

MD5 86ac698d721c2b3f1df1f9d76ca1f6f2
SHA1 de5fc6e6209966ff133b220c086ac524400b515c
SHA256 f45e764ac2f46225256d8564d092befe2c53f3e9fbb6cbae8ebe08c3efee54cc
SHA512 05c90b402c28151d3a345bf912c14c4cf4a2ad6e3c84204c46b18e5674d957cf9cecac9f6d8ba590b609a6e51193c81cabbb434ce6007f7cbd790550f30b96ed

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.5.738\resources\configs\all_zip

MD5 09d16870218691bf0da845699209adcd
SHA1 50e5d30a3eebd953d781091a26599cc4cdf7917c
SHA256 547f6e00ee2cf3b416aa02217c9f398b5c04dec0b77d76cdb97fb6b56074ee9f
SHA512 925e15cbd37ff45fb2e002da92e86ef4c887b2981d90cbe79ce2526718efd20275a48a8affc926d78755d20ea007e610021613bfb1cdcc9a641adcd3961607fb

C:\Program Files (x86)\Yandex\YandexBrowser\24.1.5.738\service_update.exe

MD5 f76b26232d7786b182fa47fab4cf8066
SHA1 ba49e1d21fd7cf407d0f9ca5cc3d7f30ae84100c
SHA256 fbf18680bbba7c591b5c82585ab1b8ea182cdb5883a92ae4db9101bc05b6c6ab
SHA512 8cb1f05a8188fc1bb8bd6f053efb52eeaa709b8f04a0281beceb30d4ad4045da91558d7c0b185b342aac2cb0c284d72cf57e45aa943507bd0bba61e7b29c7748

C:\ProgramData\Yandex\YandexBrowser\service_update.log

MD5 03e4574eb00021d327a0a4e5f15b7753
SHA1 6084c85a90925baa4c12f11ec4414734f84339e9
SHA256 6157b11e84a69021c470452ae7fe450b2b5dd197ab55e5a51228ba1c182abccf
SHA512 6fa4c55fe10d99c7b402915cc248e271dd4b45ad61a3db1b6684e0dd67c00368504b9ff645a19960d9461c0b13c1850008e086cda0a9356c1daa4ca1bebea1bf

C:\ProgramData\Yandex\YandexBrowser\service_update.log

MD5 814ef1b0ae78a2a51d6e74f94d87f607
SHA1 0b09f6179c0496a9fee7c493bfd3dc71d7d2f6e9
SHA256 772ceedaa1b573740b93d05ae97c4b888901d731085eb468c0c0cb9f37376064
SHA512 37669ee2cecf6b3f109888dc0e60af99e51b25a1ac7ecb69f2e3f2409aa809f2ca8536feae827df9accb7c6d78f9b101bd263c3a959c4bc5584da508b1419221

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.1.5.738\partner_config

MD5 977bc7b2384ef1b3e78df8fbc3eeb16b
SHA1 7ee6110ca253005d738929b7ba0cc54ed2ed0a2e
SHA256 82e288090168abe15419015317fd38f56c1136e7481f66656d84e0a2d861d4d6
SHA512 4d154832ef3ac05abb1499a5bc8235d72f64cdaa3e6870206a6363c1d85d821604ae8a96850c2c8bd540d479b8dd5f3ce032472ed96bbf7eddb168ea3d2d1cf6

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.5.738\resources\about_logo_en.png

MD5 1376f5abbe56c563deead63daf51e4e9
SHA1 0c838e0bd129d83e56e072243c796470a6a1088d
SHA256 c56ae312020aef1916a8a01d5a1fc67ed3b41e5da539c0f26632c904a5e49c62
SHA512 a0bab3bae1307ea8c7ccbd558b86c9f40e748cdd6fd8067bb33eeef863191534af367a0058111553a2c3a24e666a99009176a8636c0a5db3bf1aa6226130498f

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.5.738\resources\about_logo_ru_2x.png

MD5 a6911c85bb22e4e33a66532b0ed1a26c
SHA1 cbd2b98c55315ac6e44fb0352580174ed418db0a
SHA256 5bb0977553ded973c818d43a178e5d9874b24539dacbd7904cd1871e0ba82b23
SHA512 279fb0c1f2871ce41b250e9a4662046bc13c6678a79866eaf317cc93c997a683114122092214ce24f8e7f8a40520fe4ca03f54930148f4f794df0df3ecf74e9d

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.5.738\resources\about_logo_ru.png

MD5 ff321ebfe13e569bc61aee173257b3d7
SHA1 93c5951e26d4c0060f618cf57f19d6af67901151
SHA256 1039ea2d254d536410588d30f302e6ab727d633cf08cb409caa5d22718af5e64
SHA512 e98fbfb4ed40c5ac804b9f4d9f0c163508c319ec91f5d1e9deb6a5d3eada9338980f1b5fe11c49e6e88935ecd50119d321ce55ca5bdd0723a6e8c414e1e68e16

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.5.738\resources\about_logo_en_2x.png

MD5 900fdf32c590f77d11ad28bf322e3e60
SHA1 310932b2b11f94e0249772d14d74871a1924b19f
SHA256 fe20d86fd62a4d1ab51531b78231749bd5990c9221eab1e7958be6d6aef292d9
SHA512 64ebc4c6a52440b4f9f05de8ffb343c2024c4690fe5c9f336e78cd1dd01ae8225e8bc446f386feb442e76136b20d6b04ee293467b21f5b294ce25e500922f453

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.1.5.738\brand_config

MD5 61cae05d4bfa5be3e2b3353c74fe7fb0
SHA1 92b1989713a25f5cf1bfcceab6aa64b11fff0a8d
SHA256 8cae9a96bce7bee2ccb3465b9cbc75d82beb7e43e2e03c3b34e430d3d19105f7
SHA512 c5e0403158d9a0f2dc3608634a03be06faf5b89c85d4de427c7cac8e6efcd58cc2cbe0c1c09fb5fb6f2b83d095e422c4c59712d0a53a718cce88a047aad0b92a

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.5.738\resources\sxs.ico

MD5 592b848cb2b777f2acd889d5e1aae9a1
SHA1 2753e9021579d24b4228f0697ae4cc326aeb1812
SHA256 ad566a3e6f8524c705844e95a402cdeb4d6eed36c241c183147409a44e97ebcd
SHA512 c9552f4db4b6c02707d72b6f67c2a11f1cf110b2c4ac5a1b7ac78291a14bf6eb35a9b4a05bc51ac80135504cd9dcad2d7a883249ee2e20a256cb9e9ceeb0032f

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.5.738\resources\import-bg.png

MD5 85756c1b6811c5c527b16c9868d3b777
SHA1 b473844783d4b5a694b71f44ffb6f66a43f49a45
SHA256 7573af31ed2bfcfff97ed2132237db65f05aff36637cd4bdeccdf8ca02cd9038
SHA512 1709222e696c392ca7bcd360f9a2b301896898eb83ddfb6a9db0d0c226a03f50671633b8bed4d060d8f70df7282ffc2cd7ab1d1449acf2e07a7b6c251aa3a19e

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.5.738\resources\tablo

MD5 bb60da7176a0286e561af09fa0512635
SHA1 54f8a5d7042b2350848a31bc7f7179d1deb66b6c
SHA256 f330378a339e5fe51e54af531b8a53b01c47b4448196c85a166034e44ead625f
SHA512 ba51700283f6f50de6da0c1585cca1558600e7cc0eb11ce6ee7a21aab7f1c088f7f589dbdeda5e477548c10b86fcdb821d307f3c8bf512f962eecd6ac0436211

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.5.738\resources\wallpapers\1-1x.png

MD5 80121a47bf1bb2f76c9011e28c4f8952
SHA1 a5a814bafe586bc32b7d5d4634cd2e581351f15c
SHA256 a62f9fdf3de1172988e01a989bf7a2344550f2f05a3ac0e6dc0ccd39ed1a697e
SHA512 a04df34e61fd30764cf344b339ba2636b9280a358863f298690f6a8533c5e5dfa9773a14f8d16a5bb709ea17cf75e1da6302335aa9120009892e529bfad30df9

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.5.738\resources\wallpapers\mountains_preview.jpg

MD5 a3272b575aa5f7c1af8eea19074665d1
SHA1 d4e3def9a37e9408c3a348867169fe573050f943
SHA256 55074794869b59cd5c693dfa6f6615aea068c2cd50cdae6dd69bd0410661ded8
SHA512 c69bf39362658dd6cbd827cf6db0f188a9c4410b3c6b7b532595fd5907974e2141d857942ffb2497282e31eaa33c71240c2c2bd8721046df55e3358e8b76c061

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.5.738\resources\wallpapers\sea.webm

MD5 00756df0dfaa14e2f246493bd87cb251
SHA1 39ce8b45f484a5e3aa997b8c8f3ad174e482b1b9
SHA256 fa8d0ae53ebdbec47b533239709b7e1514ecb71278907621ca2d288241eb0b13
SHA512 967670863f3c77af26fa1d44cd7b4fe78148d2ba6ea930b7b29b9f35d606554d664c0577068e0c26fa125d54627d7e7543360bce4acee0af17783b07450b5f52

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.5.738\resources\wallpapers\sea_static.jpg

MD5 5e1d673daa7286af82eb4946047fe465
SHA1 02370e69f2a43562f367aa543e23c2750df3f001
SHA256 1605169330d8052d726500a2605da63b30613ac743a7fbfb04e503a4056c4e8a
SHA512 03f4abc1eb45a66ff3dcbb5618307867a85f7c5d941444c2c1e83163752d4863c5fc06a92831b88c66435e689cdfccdc226472be3fdef6d9cb921871156a0828

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.5.738\resources\wallpapers\sea_preview.jpg

MD5 53ba159f3391558f90f88816c34eacc3
SHA1 0669f66168a43f35c2c6a686ce1415508318574d
SHA256 f60c331f1336b891a44aeff7cc3429c5c6014007028ad81cca53441c5c6b293e
SHA512 94c82f78df95061bcfa5a3c7b6b7bf0b9fb90e33ea3e034f4620836309fb915186da929b0c38aa3d835e60ea632fafd683623f44c41e72a879baf19de9561179

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.5.738\resources\wallpapers\sea\sea_preview.png

MD5 3c0d06da1b5db81ea2f1871e33730204
SHA1 33a17623183376735d04337857fae74bcb772167
SHA256 02d8e450f03129936a08b67f3a50ea5d2e79f32c4e8f24d34b464f2cb5e0b086
SHA512 ff0e60c94fc3c0c61d356a26667c5170256e1143b29adf23d4e7d27012da72ed8865ef59dc2046314c7335b8d3d331e5fd78f38b9b92f6af48729dae80f85b15

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.5.738\resources\wallpapers\stars\wallpaper.json

MD5 8571306e9021fc89eff3c5ced3e02098
SHA1 49d6a7baa6ab4182c4b38c95be4bef1b243fc594
SHA256 0529c0be39bdcb289bf29e6a9c774d907b444857cfaa47d3942e5dae1b75531c
SHA512 7657c0e48b4cfa3025bc33b0decacc22646bde2cedda7f51b98b19a17a91461ebee57f054b64edc58318ef6caef7227ac21b740527144f3fb0bc0a2e7b9fef19

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.5.738\resources\wallpapers\stars\preview.png

MD5 ed9839039b42c2bf8ac33c09f941d698
SHA1 822e8df6bfee8df670b9094f47603cf878b4b3ed
SHA256 4fa185f67eaf3a65b991cea723d11f78de15a6a9a5235848a6456b98a9d7f689
SHA512 85119055ddfc6bc4cca05de034b941b1743cbb787607c053e8c10309572d2ef223786fc454d962fbb5e3cde5320117f9efe99041116db48916bc3d2fcd4ffa25

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.5.738\resources\wallpapers\web\web_preview.png

MD5 3f7b54e2363f49defe33016bbd863cc7
SHA1 5d62fbfa06a49647a758511dfcca68d74606232c
SHA256 0bbf72a3c021393192134893777ecb305717ccef81b232961ca97ae4991d9ba8
SHA512 b3b458860701f3bc163b4d437066a58b5d441d8a427a8b03772c9c519c01983e3d3fdb8da20f6a53ad95c88dcdd0298f72822f39bc3672cb6f1d77fcc3f025a9

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.5.738\resources\wallpapers\web\wallpaper.json

MD5 7b00cfeccb0f471865d2ef08fa1d1222
SHA1 1881d5a29dfe86d6d19cac14a1a4b95b05494830
SHA256 22557386855643b706808ea9aed33ac22fa26f58d2fc281fb0ba917cf55f990a
SHA512 b7d80dccfa5f051b1ec8987193857aad83c7365e12f12fa68b8edc6ae0dca1d8a4d846e284fb8e15715b5ce7478dae334da5651b97a68189cb43c74e7fdf7177

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.5.738\resources\wallpapers\sea\wallpaper.json

MD5 a79af1c34d9d4fcc609e57fbd387924b
SHA1 6ae1f8730d03cbca17a1c368da8a600157e0ea49
SHA256 8c60b18ca1810a5e75950095cb0dfb4bb9c32a18f99e5505cf40c39840b8a633
SHA512 b95aef743acb3c6890e3ca74fc260a8fdeb134ba399f6e9851d34a47fb2cad9791a64d6214acb956ba4c8b51dd710f8f10fa8c3e88fb1a0f52a7e2214eca16fe

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.5.738\resources\wallpapers\peak\wallpaper.json

MD5 dabb663536eef90a540783e707a311d6
SHA1 9659fe0463435f3281983ce306ff22fc101f6e57
SHA256 d1c971a197cb79f1df640994465aa7543bada90059f5b2768967d2b57c6afd2d
SHA512 ed6b4090eba519f2814dc51fccb92cdb703656c77be741f07753f9c84d09394d080158e04bba1ca9dee501b0dff2a21020883e538a6c0ced6a12602b7098676b

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.5.738\resources\wallpapers\peak\preview.png

MD5 1d62921f4efbcaecd5de492534863828
SHA1 06e10e044e0d46cd6dccbcd4bae6fb9a77f8be45
SHA256 f72ea12f6c972edfe3d5a203e1e42cbbaf4985633de419342c2af31363f33dab
SHA512 eec8171bd3bea92e24066e36801f334ac93905b7e8e50935f360e09fa8c9b9f848c4c62b687299e8297c0693d6dbaf9c6035b471e6345d626510b73e3606ee4d

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.5.738\resources\wallpapers\raindrops\wallpaper.json

MD5 69472b2b8eb07ec616a8e94a492c6c5b
SHA1 aec5df4e15d292a360a5dd6125217ef063ebe65e
SHA256 6e9ef0bb0853c6c898ec033d54d9d5cfcb68a5f52cd8f9bfff3528a02c73e06c
SHA512 e355958272292bcd7d767af692fb33941ad469809abb6366b1aff2bd4585de6a18b290258799e943f9a53416c9f5c139ccabc47cb337d0e6e4f5d499f2e27aa4

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.5.738\resources\wallpapers\raindrops\raindrops_preview.png

MD5 28b10d683479dcbf08f30b63e2269510
SHA1 61f35e43425b7411d3fbb93938407365efbd1790
SHA256 1e70fc9965939f6011488f81cd325223f17b07ee158a93c32c124602b506aa6b
SHA512 05e5b5e9c5ef61f33a883b0286c2239cb2a464581d6e8a86d7b179b1887b4cb2cd7304e0821cdd3208501421c44c63c248a5166c790792717a90f8ac528fbf2f

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.5.738\resources\wallpapers\misty_forest\preview.png

MD5 77aa87c90d28fbbd0a5cd358bd673204
SHA1 5813d5759e4010cc21464fcba232d1ba0285da12
SHA256 ea340a389af6d7ad760dff2016cf4e79488bda1a45d0a415b3cd02a4430c9711
SHA512 759519b8822a6a4b88fc9ba47fa9d5d898b2f5a0f359acfbefc04809e6d7f5df86fb130f191eb6f63322792a18c0e7170aedf3ce7060fd9ad7e1bec2e686c3b2

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.5.738\resources\wallpapers\meadow\preview.png

MD5 d10bda5b0d078308c50190f4f7a7f457
SHA1 3f51aae42778b8280cd9d5aa12275b9386003665
SHA256 0499c4cc77a64cc89055b3c65d7af8387f5d42399ff2c0a2622eccbd6d481238
SHA512 668e1a70a50a0decf633167ac23cba6916d0e05d0894daae1f7e3d487519f0a126abd4298430b38f52746a5c3b83ccd520b3d9b0ae1a79f893e36821a0458566

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.5.738\resources\wallpapers\meadow\wallpaper.json

MD5 1a8908826d2efe5fa817ce6bf474700a
SHA1 f25ed2de494bae4ffeca33071e5c2dc034c863f7
SHA256 9c75f591907f6a631ba583bce6ddcaafa6f89a84a4bec8108637f7f471e821cf
SHA512 1b68183bd466d01ec25b1281737ac4e752263cd88b64e16324244812d46f8f985ebdeb35d065c7aabc7abcb93286e92b0f3d5b0b7173f5aa6e33891c417b6fc8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.5.738\resources\wallpapers\huangshan\huangshan.jpg

MD5 c51eed480a92977f001a459aa554595a
SHA1 0862f95662cff73b8b57738dfaca7c61de579125
SHA256 713c9e03aac760a11e51b833d7e1c9013759990b9b458363a856fd29ea108eec
SHA512 6f896c5f7f05524d05f90dc45914478a2f7509ea79114f240396791f658e2f7070e783fab6ac284327361dc2a48c5918b9f1c969b90795ceacce2c5c5bfa56ca

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.5.738\resources\wallpapers\misty_forest\wallpaper.json

MD5 ea6753f7a10f9f92b7790c93f8ea2411
SHA1 0cb570e8ecc34e16017b920fbcf1036cf1508ab4
SHA256 b1f9aebdb9333b4b15c2a9339d18e974205cbd4a61d2a0b4d34a25b384a0de7c
SHA512 f7974e99c58696a4d739c4d590f5f50094082473754e6b1fb8a82c76566cf3b5713b1e013126f8fbef0f0c8af2e08d09b32307958c9ed1a1007c04ce89539ec7

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.5.738\resources\wallpapers\huangshan\huangshan.webm

MD5 b78f2fd03c421aa82b630e86e4619321
SHA1 0d07bfbaa80b9555e6eaa9f301395c5db99dde25
SHA256 05e7170852a344e2f3288fc3b74c84012c3d51fb7ad7d25a15e71b2b574bfd56
SHA512 404fb2b76e5b549cbcba0a8cf744b750068cbd8d0f9f6959c4f883b35bcaa92d46b0df454719ca1cef22f5924d1243ba2a677b2f86a239d20bfad5365dc08650

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.5.738\resources\wallpapers\flowers\flowers_preview.png

MD5 ba6e7c6e6cf1d89231ec7ace18e32661
SHA1 b8cba24211f2e3f280e841398ef4dcc48230af66
SHA256 70a7a65aa6e8279a1a45d93750088965b65ea8e900c5b155089ca119425df003
SHA512 1a532c232dd151474fbc25e1b435a5e0d9d3f61372036d97bcaab3c352e7037f1c424b54a8904ef52cf34c13a77b7ab295fb4fd006c3ab86289577f469a6cd4c

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.5.738\resources\wallpapers\huangshan\huangshan_preview.jpg

MD5 1edab3f1f952372eb1e3b8b1ea5fd0cf
SHA1 aeb7edc3503585512c9843481362dca079ac7e4a
SHA256 649c55ccc096cc37dfe534f992b1c7bda68da589258611924d3f6172d0680212
SHA512 ecd9609fbf821239ddcbdc18ef69dade6e32efd10c383d79e0db39389fa890a5c2c6db430a01b49a44d5fa185f8197dbbde2e1e946f12a1f97a8c118634c0c34

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.5.738\resources\wallpapers\fir_tree\fir_tree_preview.png

MD5 d6305ea5eb41ef548aa560e7c2c5c854
SHA1 4d7d24befe83f892fb28a00cf2c4121aeb2d9c5d
SHA256 4c2b561cf301d9e98383d084a200deb7555ec47a92772a94453d3d8d1de04080
SHA512 9330009997d62c1804f1e4cf575345016cda8d6a1dd6cb7d2501df65ea2021df6b8a5bc26809ddfc84e6ff9450f1e404c135561b1b00b9e4915c69e84f89cfec

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.5.738\resources\wallpapers\fir_tree\wallpaper.json

MD5 31b6342128a20e38a224a3c395f1d5d8
SHA1 afea42f96d007c0d02d90a2cf7d3486c73969d9e
SHA256 a135978536ba7409f381fcac3befed527e6d310fd4fb6a9e567adbb22e84ef2d
SHA512 5b53e2a4c66d81f4e3aec91be650c4b151812d7ea8a6ef1ff911dd56933f8153ccf4a9883e406b2a9cf59056037a1e7434ed9c6c102ad446db5b42e1af93ea64

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.5.738\resources\wallpapers\custogray\custogray_full.png

MD5 55841c472563c3030e78fcf241df7138
SHA1 69f9a73b0a6aaafa41cecff40b775a50e36adc90
SHA256 a7cd964345c3d15840b88fd9bc88f0d0c34a18edbf1ce39359af4582d1d7da45
SHA512 f7433d17937342d9d44aa86bcc30db9ae90450b84aa745d2c7390ff430449e195b693a8ae6df35d05fee2d97149a58a7d881737d57902d9885c6c55393d25d6f

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.5.738\resources\wallpapers\custogray\preview.png

MD5 0474a1a6ea2aac549523f5b309f62bff
SHA1 cc4acf26a804706abe5500dc8565d8dfda237c91
SHA256 55a236ad63d00d665b86ff7f91f2076226d5ed62b9d9e8f835f7cb998556545f
SHA512 d8e3de4fea62b29fd719376d33a65367a3a2a2a22ed175cc1eeff3e38dfbaac448c97a6fbea55bc6159351d11a6aad97e09cb12548cf297e01bd23bf6074de08

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.5.738\resources\wallpapers\flowers\wallpaper.json

MD5 db5d85343264fe69c9452cf6bbddb10c
SHA1 82d97c05c2ee2374a9343f10db78e0ad232ac2aa
SHA256 c15d588d418a5bfc7caa62b62a3e4df7f67990f6912aeda133e616ab0738401d
SHA512 3aa27652f9decf1315630ef83302355065e8c43297c0d8c891295a855499e81d9cfef2767490c2992b3103e44d7f16825e65e9bf2d994d17811f49be9eb37307

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.5.738\resources\wallpapers\custogray\wallpaper.json

MD5 19feb60966afbb9d1b797a050278f13e
SHA1 9874bcea4222a8f56d59c91b7abe603687a4f67d
SHA256 94cf5e38c38f78a42d70599c469a3969e4b3feb292da450a947d8463a57bfb9d
SHA512 2abd6fb2bd126ef99a7f0bb79072fdcdea2670d1b296ace2b4f9ebbabb343594b140b6c2728c31af339465619a8ee9faa2e3d64e1847e9557c50a79144d24196

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.5.738\resources\wallpapers\abstract\light_preview.jpg

MD5 9f6a43a5a7a5c4c7c7f9768249cbcb63
SHA1 36043c3244d9f76f27d2ff2d4c91c20b35e4452a
SHA256 add61971c87104187ae89e50cec62a196d6f8908315e85e76e16983539fba04b
SHA512 56d7bd72c8a380099309c36912513bcafbe1970830b000a1b89256aae20137c88e1e281f2455bb381ab120d682d6853d1ef05d8c57dd68a81a24b7a2a8d61387

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.5.738\resources\wallpapers\abstract\light.jpg

MD5 3bf3da7f6d26223edf5567ee9343cd57
SHA1 50b8deaf89c88e23ef59edbb972c233df53498a2
SHA256 2e6f376222299f8142ff330e457867bad3300b21d96daec53579bf011629b896
SHA512 fef8e951c6cf5cec82dbeafd306de3ad46fd0d90e3f41dcea2a6046c95ab1ae39bf8a6e4a696580246c11330d712d4e6e8757ba24bbf180eec1e98a4aec1583b

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.5.738\resources\morphology\dictionary-ru-RU.mrf

MD5 0be7417225caaa3c7c3fe03c6e9c2447
SHA1 ff3a8156e955c96cce6f87c89a282034787ef812
SHA256 1585b1599418d790da830ef11e8eeceee0cbb038876fe3959cc41858bd501dbc
SHA512 dfc0de77b717029a8c365146522580ab9d94e4b2327cef24db8f6535479790505c337852d0e924fbfa26e756b3aec911f27f5f17eba824496365c9a526464072

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.5.738\resources\safebrowsing\download.png

MD5 528381b1f5230703b612b68402c1b587
SHA1 c29228966880e1a06df466d437ec90d1cac5bf2e
SHA256 3129d9eaba1c5f31302c2563ebfa85747eda7a6d3f95602de6b01b34e4369f04
SHA512 9eb45b0d4e3480a2d51a27ac5a6f20b9ef4e12bf8ac608043a5f01a372db5ea41a628458f7a0b02aaba94cd6bb8355a583d17666f87c3f29e82a0b899e9700bd

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.5.738\resources\morphology\dictionary-ru-RU.mrf.sig

MD5 d704b5744ddc826c0429dc7f39bc6208
SHA1 92a7ace56fb726bf7ea06232debe10e0f022bd57
SHA256 151739137bbbdf5f9608a82ec648bdf5d7454a81b86631b53dfc5ad602b207d6
SHA512 1c01217e3480872a6d0f595ceb1b2242ffe3e1ff8b3fdd76eea13a7541606b94d3ccd69492a88220e0e40c17da5d785e4dba1d7501e6be749b9c46f72572ef6f

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.5.738\resources\morphology\stop-words-ru-RU.list

MD5 b255d75a7ee1052a3648bfffd2b31f6b
SHA1 57a388c0a6f44bacf8576a4d54ae520f649e9990
SHA256 0f45d855adcb5517b3e8d747ac385cbd7d493bc0529a7c567c750ba765772040
SHA512 9a4cc4a1e6d9c188c24f628ccc109f447a2ebc8b42e5e6daccee0617dcdd3f1cc79206e6278154583c29dd8d1180072c463ed88ac56e87a6de1449f40494c292

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.5.738\resources\extension\gopnelejddjjkamjfblkcijjikkinnec\brand_settings.json

MD5 338199392c0ee2d8530b8d0516f6d2eb
SHA1 2ce5daca88f6296335dcd3167a5f54d87687f85a
SHA256 c9c85c1fad9bd1e26e42d3b35e7e5ba5d6af4b87e13846b3d71518274896a9cb
SHA512 6a89b757abb2e51c46214bf6b111e7ae085ebdef43ce656695e1d7eec91c2f33bfb95868b2cc3749e5e7f3c435bb65d830c96fdd01abee4f9106d1b11ecaf2c1

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.5.738\resources\extension\fcgfaidpicddcilhjhafmmcgfodijhjd\brand_settings.json

MD5 94e409c4948755c18ed015a9ea88194d
SHA1 9725a6622664ab4332f07e04c4f8a23c86daf695
SHA256 ce1e2092945df5b00797e81185cc4db54070583ed92af19dd5d104e1aa4343a9
SHA512 e59d6730078b06dcd51a68c1a729244f3af76d97083b75a4fa05ac323d6f6e61c882b41a821c15595c3483b75995bfbdcdbc55bc3609f0d470b8e96ca1c4a196

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.5.738\resources\extension\elokbjeafkcggjfjkakpchmcmhkhaofn\brand_settings.json

MD5 4bd2ffe5e645a04d6a7047ac47969fa5
SHA1 73b988a08b3b1e72a38e4ee0e9813cc09946e555
SHA256 a9cf92fb5076df30264c75da6f1b6e41bf592567d5e7bf170c21beba628aafe2
SHA512 0125141dc02b40cefa34280311653c1fe0815ecf005d93814f06ceb7f2e2d1789ca7d5907a5cf069880a742db19fc74289467a0538fe329670d9c0397135e1f8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.5.738\Extensions\ghjgbemlcjioaaejhnnmgfpiplgalgcl.json

MD5 8f1ef981951ada25c4b739f4654e73d4
SHA1 cc03a958ce4fa86a76d10f343a4e236e2d4a0c8f
SHA256 a1d9c5c34ae669a1cfc64ed674a1202e2659567c2092a5b16ae0b9bd56ede5e6
SHA512 0687aaec870e30d759804f53a47814ad56a74063c23a5068f013f70fec1296bba0d69b8e002d66cc865f01aba437fdd46c5289454b978f3bb9d840b80e380962

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.5.738\resources\easylist\manifest.json

MD5 15bcd6d3b8895b8e1934ef224c947df8
SHA1 e4a7499779a256475d8748f6a00fb4580ac5d80d
SHA256 77334f6256abddcc254f31854d1b00aa6743e20aadbb9e69187144847099a66b
SHA512 c2d3778a99af8d8598e653593d5e2d1d0b3b2ace11addd2d3eeb2bf3b57d51bf938ddaf2d2743322e0ce02e291b81f61c319daf34c1cd604ffce1f6407a30b34

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.1.5.738\resources\easylist\easylist.txt

MD5 8e4bcad511334a0d363fc9f0ece75993
SHA1 62d4b56e340464e1dc4344ae6cb596d258b8b5de
SHA256 2f317fee439877eaadb1264bd3d1e153c963ef98596a4ccf227592aea12ae76f
SHA512 65077bd249c51be198234ff927040ef849cd79adcd611ed2afae511bc2a257a21f13171bf01cb06fce788c1cff88c8ad39cf768c5900d77cd15453a35e7f0721

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

MD5 598fb743296e944e8bca83d94b733593
SHA1 fb24032a3e9a2515aa3a41f1045bff43e8d492e9
SHA256 136f465255f6e350aafb0e5f196960f7bd80123d6fb0adb9640df1579724c4b0
SHA512 5f58b5f3b73d3709f687ea63e75cd3f880a27c1b0868646f8ad594a9f4dfeb528419d20e40b61d5bab8cae074e34333b318de6d33320bf72479c2cf35a09ff7e

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\install_state.json

MD5 ca7634110debb7de8a886ef05d6155cb
SHA1 00eab5637d6b6b53beeb058ab9bb8dd22eafe98d
SHA256 23742cedf60898a888c8a9f251a981667bc46dfaaa6a1ccf4887f40d8853fd23
SHA512 95fa8f5ff5dc570e8d04b4ed0160e5916cceab26535657938b46e61510763104539404959e2adbf6cee77e0024b03cf68e59a9865735e1d9eeadcca096176064

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verD726.tmp

MD5 1a545d0052b581fbb2ab4c52133846bc
SHA1 62f3266a9b9925cd6d98658b92adec673cbe3dd3
SHA256 557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1
SHA512 bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\e5e19edb-b4ba-4299-a7a4-e9120df827bb.tmp

MD5 9d3350bec46e232ed1c6606717d75d0b
SHA1 d03fc4fcca49d2387e960d6efb3c2bdbf80d65d7
SHA256 f42734a038acbe9f87b90861c04238f927e5b2003c55fd2968e623b6b9aeadf6
SHA512 9d0e88b7ea53180c8bb87dcdb8e6bbb50e6be1895e7bd6eb768bddd5c8ad87e711fb8e3096f8a5b1e2f154bb363e2ce00d0056178fe2b3d525951718aceb0221

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\86d48d1e-6383-4fda-b252-be3b0a3f0dd4.tmp

MD5 e83f8ddcd8a44db1f17574eb0f501331
SHA1 0b30ec881ad62158f896ea47f5c70db3806aefd6
SHA256 3bae34ca8c4ca34ad7177a57d3934891651bea573f72a7da8cdf004f897ffee3
SHA512 8a246ea1417825e1de0ee26af667c849175659441dac4c9f115d58ebb68abaac9245b231d787edfa72384ebdf0f170e871fca352b441faa41bc2984bc1a56223

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Platform Notifications\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

MD5 06e4becc94973ce95e1a9c5e850c26c1
SHA1 c82f7946cdc5cd0c802577648020bf3fda5cfc7a
SHA256 a58be65ee660ed72eb8c0cf6e232a16c9cc389a640ee7b69f8f4ec2b98594e8d
SHA512 4e53b0eed42df1aeff3af8914e47129af9d5ca358f7e44f4c8ff61fe888b345cff375cb5270d9226dbbd1dd020b68154879ca8561d6a051e7e33eda3d63d7574

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences~RFe57dd12.TMP

MD5 1601abaaed5019dd5f4fc405dfadf06a
SHA1 9a32a581b6991c9fb76ad5068f1a481aedad5232
SHA256 4a28c8c63a7701923c51ab6cf483668090c90d31aa0bc30bbaa87a538aebd89a
SHA512 94bf6572bb0ea9e26b4f75ef6feb4893f93c629a7d4f4752f71de1dcfa0861ce70a7af243b5afc1c1ae1ef684991cb1c61caa10c60a8371898b122d257fb1ec0

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Sync Data\LevelDB\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Secure Preferences~RFe57dd9e.TMP

MD5 3c09682ab10d7e8482060e5875b25e92
SHA1 24521d63caa82a21c7cdd554bd72654dcb8d675b
SHA256 7d93d74b1de0c87c7cbb805b7f247c40e737f6f8e2b8846c7c477023e5fe010e
SHA512 5860af01e0dc69ab89a0742c5509c912438a4fe2c9ef2c0b2783789187730b6eeceea352ef2d7c86d5cac21d0fe31a3fdf3be326dde3ca552b2e5917d0a3c46c

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Secure Preferences

MD5 b6a27fbe49b310e80fca5f52e13abfc4
SHA1 1819f16f69243a978ec8b45a81aac16486cb2e97
SHA256 75d900e62208eac8d4fa201950f43e044533081b7091cff01c39f0cc672f7ee5
SHA512 27b30e1828043fe9e55a7b97c5f5092c939cb7fde4635136a45ebb02150ccc6eabb6ce80703687685e1c4690aea18e4f990f1ecf5167ef55c93f51738e98aeae

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

MD5 999402f07586b58df44057c40513eb11
SHA1 97f52c7ad82f4e9020870d37b670e7d7e40f5323
SHA256 eeefcc181b1e7c92d5586a5b7b7f07562682cab60873c223389e17a4f4e09877
SHA512 7e9275c97c03910c6ae92511a0088efa044cfb01632543f65fa6c720405ff7ef6219b8d77b151793a97bc1895d31d05ae4c44ca1f5b83208a9d4dcfd6aa79895

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\GraphiteDawnCache\data_1

MD5 d0d388f3865d0523e451d6ba0be34cc4
SHA1 8571c6a52aacc2747c048e3419e5657b74612995
SHA256 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b
SHA512 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\GraphiteDawnCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\GraphiteDawnCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\GraphiteDawnCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\f155747d-fd7a-465d-9b03-450665acbc43\index-dir\the-real-index

MD5 96fedb08398a8c22139ccf2dbd4672a2
SHA1 345049e99b0ac1f0f416a9f57a8f57fc620dd24e
SHA256 509dcc525b149440503cbc80ae50a83f90f1d135526be5d99e0557b647140ccc
SHA512 bef987aaf13182a7dce9f42e6b9015d7dbed00e64cdf09c33d6374a5430029d16b5c363dcc21a0b18d78dcd3d97bec434f41318eaa98fedb1b00f4b553ad1e4a

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\web_ntp_cache\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\turboapp_db.json

MD5 dcbb76460a0157c2943f043a417ee738
SHA1 072090ac7f8143abe7c16de028557f55cb49ed1c
SHA256 efa89931dedf09ff1b5674b3313fe95aee772cb0b3986c1e25ecc2009a2c662f
SHA512 4963ea10dd19677e3d5c073af7a0ad672b76ab5411710ddda5e401833ab1b48e173cb14b95799370cfa08ce604ea912be06c27548ea4bb05a68f248b91a4a6d3

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\turboapp_db.json~RFe57e271.TMP

MD5 a3977b52f80640e443f2e441d4ab8348
SHA1 bf7cb01d80634828fd59dbf2a3b3da3a7e77e180
SHA256 a156b986ee09cf3d732062122e8bcf40bd3d7133d86e6ab751fc176f55080083
SHA512 739f26919774ef4f82c51ed7af4f3591e6d31ee5ef75e05b68f3d7880cd33777930e5663bcb5fc8dcbabb4f3d2a421b1a70e641ae818800b4af6cf1c159bc3c4

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\bcadigmkecmhhknameopgaidphameinh\Icons\48.png

MD5 7cf35c8c1a7bd815f6beea2ef9a5a258
SHA1 758f98bfed64e09e0cc52192827836f9e1252fd1
SHA256 67c320fa485a8094fc91cd3fcd59a7c75d2474e3046a7eb274b01863257fbe01
SHA512 0bbebde654c9f44cf56b74fc1a9525b62c88724ec80658efede3cbb370c3a6d4f3e78df459bbd0559a51838f4a172bdfcd370bd5477038309024b77cd69f2a15

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\bcadigmkecmhhknameopgaidphameinh\Icons\256.png

MD5 a363094ba5e40a4760a9bf566e5defd3
SHA1 1e74e20f48ec878bd0b76448c722168879c5b387
SHA256 05ae2d6161a3acd83798ec56dbc45087e6aeb0a1376401f55aa46539b1d95559
SHA512 ce30f312cc08366aa588e75b229c178a83cf6d464a1051bd1118b81e5166085a2b1bcfbff97804f3e8662366b59f43a659e4b0e315dabad125f16ec9ad9ac379

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\bcadigmkecmhhknameopgaidphameinh\Icons\128.png

MD5 363bbbffe31e45e3945aa0ff3b8cdd1d
SHA1 f223255a82218ddd45bdf54a0cf1e8b438a67edc
SHA256 39b835c3dcf4261025de83d49ab151f5af0bc1ed8845932065aa1a333f026684
SHA512 7bbfb3810a2bed3d2a8a899afa95412cca95fa6916b1684ae3182bd0ad28faa7076fdf328281d106a53c10385667729b4089b0050610e87eadef2f3ff54e80be

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\bcadigmkecmhhknameopgaidphameinh\Icons\96.png

MD5 115decbc3eb53574b2582f15a0996e83
SHA1 598a1d495135f767be6d03cf50418615b22146b6
SHA256 07fbfbda84eb5467b120fb3f9b4e028077303098bac8c2934635b14bbda847e0
SHA512 af237ddb585ad38fd0fc3d0f0b75c60d0117e965a548bda055b2625f86ee7d91fedc840e1afa2fe80814f152732371255133faa21c3d774ca9691446541cf46c

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\bcadigmkecmhhknameopgaidphameinh\Icons\64.png

MD5 6f5486bcca8c4ce582982a196d89ece5
SHA1 4648ae13d71b2ff681cabc5d0b5b4bb242cb78a2
SHA256 c870819a5c73e2ea5f94312bdf10fc56668d3311ef2eab6509b659efb456bb8d
SHA512 9a36d519a9cadf5b464a98082511906cc5f24c4218f6bc2ae323f6b38bf5fd413614807ef0d442801bfbc3b2ce2a0527b0f7be24fd51f49cbde6b5dfe2cafd7c

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\bcadigmkecmhhknameopgaidphameinh\Icons\32.png

MD5 d2e7ab79b45eda7c4421f296abf37c52
SHA1 8490f4e098d50ec161e64db912f8430826daf2bc
SHA256 ded3490683fcf3c5b87803bb1835759df2b65831a6257a326709a708a1dd45ac
SHA512 094c2150f872e727980f84b6c011f13210d43cbfd9437825b3b014211c69d7bd3f6367e9913370b624ddad270cfe91c190ebf2c5f5fd4e082b5d6c85199cb6b1

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\bcadigmkecmhhknameopgaidphameinh\Icons\16.png

MD5 238b0e7dc06028db4b6aba8078740ffb
SHA1 5fd2309587993b371beabb7a9d039e0dba3006ba
SHA256 d159e510392f6da58c4d15cc098171d45c7b02a1362cbf7be7a2d47a1a10e7fc
SHA512 1dda4de21be647067c04dfc47174df39d0c6c1eeee3e9005211f908351b69d6a27ed268b5ec7480285fb203a95136a3a205f7bafb7eb5223a3dcbab0dadc0e5d

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\turboapp_db.json

MD5 cd0054467476c2fb1c72f6affa438b7b
SHA1 b56d057765b3c99d358b31c72305183ac1144d84
SHA256 e4f872d8a85430ab932cd5a193d45058398dd4d8815ece8164b36e964035bdac
SHA512 25ba164babb6cf412c7ae4ef17d6de478d2f53a1abdf50caf40fc6e739abb9f11628bc58fbe296bfbf285e0235b48c069129d6bc7a35232503acc3661b35dd1f

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\f155747d-fd7a-465d-9b03-450665acbc43\fef132170d47887d_0

MD5 0ab9282b577df527e3442d9abe07470c
SHA1 64b7abc1fd044f01a0df66dc1a0439598e9292a4
SHA256 44fe579fa3a8253f179b932e05f29ed01b156d48e066544e27c600163aa6ad98
SHA512 cf883723387f1f7e400737b6887799c89764d721008495b9e79ece338d37d77f664e75c5400573b6e55136c91e0ee49ebd412bda751621ac5415dff1b316ef5a

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\f155747d-fd7a-465d-9b03-450665acbc43\7782b52ccf8d3aa9_0

MD5 8adb56e675486e9b0f44b3e24c9a60f6
SHA1 19b938e73381155af6109bc3c91dc2d3db0b0f6d
SHA256 509d36688ed48607c96edab92ac898277d46400024bdf03e612904a5cdad0ab7
SHA512 6f66546ad6bcc73488f28163d3dd4e7e541f3e973ee5f73f734fbdea60b1016f0a87dd15a174d04059e4af959471c7e91f9addce26d2726ec3f1fb5f12959e40

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\f155747d-fd7a-465d-9b03-450665acbc43\f21d1e381c3ee2f1_0

MD5 599ff78335660fb81505cf36f173ba25
SHA1 577d8584eb1bc2e6ea66265757a0ca56e42b0af6
SHA256 18950d94888a1eeacbfefe8ded8b36df7f2de7507e6896b0fd094a60c462fbc3
SHA512 b55bc3a0d7ac7ec5e4126265df7e5a36a2cc011251e93487465c50b4d3e71f6b338b205ac6a95727450360d6b150328c4a83b28fb2a538642f20bf3da94e14ce

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

MD5 5c33595663093504378c84fd61c6b380
SHA1 d55fe894def89b0b8c1eb0bcf7e34baf746cbc6f
SHA256 c44e1018f63507b0036e3b6703888cbaa816cd54be29a2a252e8661c59c9107d
SHA512 ed4db3b94d22891b56462a78bde8b853cc3d3c56f27b3e1eaad7ba3be876a030b747fa1ca8228918e9db0ee532614ae9207b6f09b1491eacf836af20dc01516d

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\google_import_script\24.3.6.0\script

MD5 1151338c156e5f20b740b7fbbc4e5901
SHA1 df801323c877e6b3766de0d6d5b113c179efdc23
SHA256 6a9149fa86cde2ee3a5ddce054f1da9b74a9d3c5012312a43cc6ab106b8f0c5b
SHA512 07384583736227e943b1996ff55633c03c8dc71faaa0eb95e51bd08fa72ff7f1741f78afd37818ef9ff8619c24d717897d492cd0e98bda647d94e161c8e04c0a

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\google_import_script\24.3.6.0\_metadata\yandex\verified_contents.json

MD5 9132e0bf4a1946e575ca30908e06957c
SHA1 2bb4b0ef2e87d2179a25ffd53dea70fd460e9157
SHA256 42baab6d1bf34e92448ff3fd78fd73ec3821733ebf87e210c82ec152d762a13a
SHA512 f90e06f188d22ac347cb300892811a2314c79f9fa393ecde793b176095f160969b83b7eb0680f6ca44336f35714f530794b87f79065d342ad86876436eb37b52

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\Temp\chrome_PuffinComponentUnpacker_BeginUnzipping8744_671998255\manifest.json

MD5 71fc4a2844b51a591e70f4464e1fd0d4
SHA1 5149029c88b3c76cff9afe2fe2facb0c909c1973
SHA256 6045ed20802738ac91ee1197e7a7614e288b89293c6683066ea67fcf6b7807b7
SHA512 a2d523ccf3b42317e3160d4176b52b2fdc554064dc0603f450624ebf074d72ce0c6c88d749012ed0f54106875a4104dfe15d35681544be9db5d99742d814b2ec

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\f155747d-fd7a-465d-9b03-450665acbc43\e7d083353a620397_0

MD5 400d22f91fdbd17ad45b1a39743c69dd
SHA1 fa38d5d97dda5336895e593dd029d224006b242a
SHA256 f3f3a7cd6966e3aec87065042f6b1efac1747fe68d3f676c9a16b86c2dd03fa3
SHA512 6ec61a1a277acd448a7bc0c8539aa06819edff1eeab5153e1a6f758309d93d1715bb3d3fdd1c8b01a101203c2a09d356efc2690f47db27ce08eb014d685d68ae

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\f155747d-fd7a-465d-9b03-450665acbc43\20e9671275c24612_0

MD5 03136b4aba22b6a03ce47724ee689c9b
SHA1 8d61f761440db776665728498823b060b12ac8fb
SHA256 091caae9216e505fbd993db17847ca907790d5bc0ca129821858cf27dcdf9540
SHA512 c666d9d60d13333dfdc94f999030f03ca92d3dd9e5d82012f8ca26382cdd7fc19c84cc4c837029b2fbb3056310106630365a841757aaccf3147ce9956e458533

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\f155747d-fd7a-465d-9b03-450665acbc43\45d20d0e83ad425b_0

MD5 73f75a6383ac09c6ec06b789cc7328ea
SHA1 e3367fbf396da914a205ba57fe6a9ed163650061
SHA256 7e0844da29da5aae83c54f64cf19bb5c4eaaf1ad228e5f524665c2ac3b0e27ef
SHA512 eef57035b58f3f2816b90a4ee6f91cfa1fa8e613f5eb931959a21dc77ceae31c43d609d9c0304318a4ffe98a1da8dfdeda6f9773b1c1f0e9b56ff992934d007e

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\f155747d-fd7a-465d-9b03-450665acbc43\fd41ca2a883063a6_0

MD5 33904d82f43c90b5e9ffb866e4066b7c
SHA1 ce9ec159724ee3d72e3299fad2d63bd1a5add7e6
SHA256 986899c2b72631e9299c4147d5312dcc8a2417a27a22739c81041ebbc32f75d8
SHA512 862d44599fd039e1d5d7319e3100642e89f0aa1da9cd629ed2ec9cda09543665d64d201039ecc77d49bd4961b9534304d156141c2d73e3bed3d698247ff9073e

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\f155747d-fd7a-465d-9b03-450665acbc43\1ad10c4bb9e37138_0

MD5 e57ebaa421abb69c998b1c801b8a213e
SHA1 386a3166fd447d1ec8bf1f8daf51d81b4f9020d6
SHA256 fe43fa74b6a6c370af142d7ab14d8d89e610923ff0a00a5a777920e4c9d6fcff
SHA512 5ffbfee9970bfa19ff9242b08870ad1b4d3690363f05d7af792cabced98cb27fdafba3f1161f4fc1544ca34da1fa3ac418131f5210e3452e376456ed57377cb4

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\f155747d-fd7a-465d-9b03-450665acbc43\2a9877b782e7616c_0

MD5 39846803ac3f83839365ce751d1870e7
SHA1 1eac7e342ae8a1cbb09e01c2f2e658b06f45458d
SHA256 35a82e2e896ab0129a3a01aba72f20af0a5d09dc351c6d0250cd849c15dc090c
SHA512 063dd219c835a58206254301a7ac896580efdb6f762e0f1d81a9ebb56a19eb1bb842f87d1e233ca42d712f30881d9657c98edc3a1b0cb351ac986cb29444647d

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\f155747d-fd7a-465d-9b03-450665acbc43\292fbdd019f435bf_0

MD5 ce49ffd96f3a0f37fd409db959c5542c
SHA1 3603990c7bac5671509d136950c14e43bdf10db4
SHA256 8775e72567355d67ab5d1103b497b20fad47c61be6ca754e58f69633891a59f1
SHA512 5d150812ecb4e6b38343be33784da153c21a7b8cd6593398cb2b2857e300d9e1496d0ece9cdc600f8ad482e184e784d20420cfbd2add6187bcf41d7659aa2042

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\f155747d-fd7a-465d-9b03-450665acbc43\88a052183f2a4b12_0

MD5 a24ec308005470ad8ebf021f60f34c4e
SHA1 73d84ddf6a6dcf42cde5ca155efd7c2495aaee58
SHA256 a9500fc6c51d69be22f6c594dbe92c0eac32a505737120663cdad7096fc6b721
SHA512 3fb3d6187fd1cb40997b1124c0d3d9d6e64f77a465a439bd49d47c0556c28c35e226049f48d1dd46ff9bee810ab788f6131d522c86c7a31c1a6dfb97ff8a7998

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\f155747d-fd7a-465d-9b03-450665acbc43\de3b030126695833_0

MD5 45d06d56086c9b67cfb8b52c8d806ba7
SHA1 a86a2333ec99715ca6352e423a74a84d13b13036
SHA256 8aaefaa38fa069c69851f3261fbd6234352c358baefc9c0c1427d1483e2ef667
SHA512 8c263d46a5384923f5b71e73da8fdd34814b59fbd22f48c60867a68951161af24be6283bab67b68c86ee0ad725ad7e8c30c79b5449de3a7071c9538925b54283

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\f155747d-fd7a-465d-9b03-450665acbc43\25fecb7eba1124c3_0

MD5 df5239903c20374d11f3c757a1bbbcfd
SHA1 7bd4c2d2a26cc4f06aac6089d84822f7e5298d2f
SHA256 bc1738ff3d35f86808babcdd3d8a11603cf213e3abc907b8a9df133d9630856a
SHA512 f4561d450735f614cb4a2f14b23fc6298124f060106a1ad6df1176edc908cc40c91a69baff848f37ebd0c3abd8fe8709fd52d7c7d38fb07b2dfea5fb4c87dd3c

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\f155747d-fd7a-465d-9b03-450665acbc43\26986cc774600b65_0

MD5 e639c233ce080d788d8f0e6a3477fa48
SHA1 3a27ce65eef3d1461e157291d45aeab1bc7b0438
SHA256 5711ea052329a3a27a73fd195d33f4f1016649e6383167bb0626b07a070034f0
SHA512 55320631d4496c4320b1728ab4273cb263983b3d5ff423a9876fef2a2bc86f247f5c4bc4c756485609f2ab3b25ed64ad0421912b43257ba875df210c20450a90

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\f155747d-fd7a-465d-9b03-450665acbc43\6d861d3c5a9afc0c_0

MD5 d256f73305bf5d044358e64ce8986a2f
SHA1 e28faba7f00fe14ab0642b19af0e4833bbe05514
SHA256 6cc735cdc0f34a8ed614d884f8df4adc1c50d7afffad3668747103090a0d9cf7
SHA512 2a9d0b0b7185e6be42a8d365813e2cc9d2a012e392c69bd1972a7a3437511dabe37054c8c4f98a0e9bbbf23fd7f80766be858b39d75b9273a3a16e88d7104154

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\f155747d-fd7a-465d-9b03-450665acbc43\5128ede85833242e_0

MD5 bee1c94006f703548bd3eb0ba17230e4
SHA1 1f6a91404255ddd024e35048772bfa57396590c2
SHA256 d0f016d16bb9faee831f2713c2b2f6b2ea40ce29990a0e9f25c8e10f24de5fc7
SHA512 7a6face339d3f3934d78bbcbb11e4f716130e51d806eddc8b57502acef0b434f34a8d92c02815ef7fbdbcf7785af0183ed8761e190ee6e449de2ebcb1e342e29

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\f155747d-fd7a-465d-9b03-450665acbc43\a81966f4be168991_0

MD5 3ae0f5a4fd05d891bff56d4c0f41d325
SHA1 2f3915d6c7d452f9c75b088076bd22309549fdf0
SHA256 a69351d19806788f8c0e768cef3cc8574cefc855ebfbcd3f655de010def8519a
SHA512 853c1905cc18e534c8d73829d6278c33571cd41639e02a52e7453d97039d4fee5c50a6c5b53cbe5900db53d02abe0ec5dd896d9e93959ea29afd12ff8ec01bf2

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Tablo

MD5 41f11d70d28e5472006eb6d596c5d0b1
SHA1 1b0746785bf4710a35dcf58396578c4cff0a5212
SHA256 c5babf3179bca2846bb1ca9aff93c897ae303232c44695fea4bb7152e117d938
SHA512 6ca9506845cc99796d93e2a9386d69ed2d2b4f64318137c0011ffe63fda5dc78d3716b33ddd087d6661c2e410ceb552203e06a6dad111ad23a10e631dcf2d56a

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Tablo~RFe587162.TMP

MD5 65be471bd61b6e0e480af55c5183834c
SHA1 3e8b7d445ffda931c601b7b37ecb6e867bf33448
SHA256 76a715a966e5b9e3b28383033ca0e7f9df16910aad426c670e5016d1c78d2794
SHA512 70e216d8c83e013990cc42c4b8037bd6939449ee927bfa52a1489d414566b4af2f46e68fd8320ab43acdfafc96fc6618846d4a96b2f46f935cabce6befcc5293

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

MD5 5bff1c527db76f4e4ed3211aec018d67
SHA1 fefcb936c02ec0bd46dad84729ae151d3579211d
SHA256 bfe466a7b92963769af138680786cce07e103046f16efbb9087e466294a25711
SHA512 29dcc627ef37d7244a5951acbd303d6d24299f209412119a598799f6bce14a02110759035f1d0815da57e066eca33a216bc7eee65a23b33a8341bb2ef8e6e41c

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\f155747d-fd7a-465d-9b03-450665acbc43\117a31cc925f4f50_0

MD5 b9247655900bf80ef4b203706aee19a4
SHA1 f4b7775120d89eaa0724b0943b1d49670978d3e6
SHA256 6442c8ddda7b557656ed327144c8e2d33d060d81c6c755ba62cdeaf530ae2f1d
SHA512 76c55d1ed1538b0437f01258edf6e54fe0b6345c7552b3f794005cbd11118cc9e404b883497b92c01c4249e2cf6bb6176a39d51a0a2cef5cae1abc4d92b5d5d1

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity

MD5 a1ab5e930a6aa64931d02a194e58d1f2
SHA1 4e1db63ce7ea69af9d437c8a8923c455ee346097
SHA256 421e42ac6c0a83c9970efaa778738ea67afdc26fcfcad7c39f492999ed576934
SHA512 53d3378901a537fa70a8a756cb226e6bb44dfd7b3bcbba7c3150f5a26b9e75fbfc8ec08abb4f2bd94feec2abb72dddae44aaf29902cf98db6b6f4781e517754a

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity~RFe587124.TMP

MD5 33bdd38d915ac3866b4882305834d1f3
SHA1 237dcb3db65813749fd08aed2754ee76013b4a87
SHA256 a8a4300b5a1cadc0c509b0100e3e8ebe1125e1d1aae70a4dbdec1b83dd96153f
SHA512 31279c7ed56ea6c93402db9daf99a5189f0ab5e2b936f5b2440f63abb81ebd191c8c1cd821e88785b30614d5aacad0ac05914d2ef524678c98f344de9d6a3f61

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3ae5e1036e444c12441814053f2aaa27
SHA1 6a7b1697eee3ada43d4f2437eade382642a2ce56
SHA256 4ddfde983fe8d0afb995bb2dfd159f07099c4f031b1319f1d0463788ac9a6648
SHA512 ce88da5f03f13826784f07e082d592531e70001092f7593254d0e060c5015716e59087f5384bad7d61e7fee6cb54ab7154d1b85674c2ba10ce283915ad06c2dd

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 1520747893581afaccce47456cbcc1d5
SHA1 45b73cc711abf10a90fb325bd5ff167c39101df4
SHA256 8fd55ea7fabcbc4c552fe0d51224ef94e7aa0409d2ca89d13f6de516840c6420
SHA512 8bc593b182f71d6037fc67327942e15b4020a2f0946ce87c5852270dff76308018c4574dbefd153ca2bfa58f8affbb6d32d5d50d9aba1dae5dc0dc5badacf5b1

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\f155747d-fd7a-465d-9b03-450665acbc43\dcd100f566d000a0_0

MD5 aa44ff5d3fc20a45b973649d2804ef6c
SHA1 dbf61de0d2a646df9c9cf4307c23f867d5f45648
SHA256 8c44591d4861f4a2377b41396d7219201bcecb733678889213fa57ab89042cdf
SHA512 7e1d16fbdf5c39b4968cdf74ecc797c3db3bf1d6a0629fbacf51e7333570e0980792bddace388b964a3494afc001f02d97620bdfb2c2c20a368fbade29a487b1

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\f155747d-fd7a-465d-9b03-450665acbc43\f8cc2ee6decb29eb_0

MD5 2906de6385107a0f0752f496628c6398
SHA1 4110b591fb7ca86ca29d9f9f1010b59ce954b921
SHA256 2b915861632982fead90b36f3891de53304f6b04c67d1403e54ce8df6a8782ad
SHA512 cea365813e676f8f831011379e6ef5739bf67352e9440710a5d949d92a3c9936258a14411488fdfc448d60d5ff1740990a40100fcabf95e8f045227398020a2d

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\f155747d-fd7a-465d-9b03-450665acbc43\7156433a9407da9c_0

MD5 376f35815f934d94862fa0ff03d64667
SHA1 dcba150dff4a4378e3682595808af568f398f783
SHA256 dd0b4b4280899c9422334f04169fc3d3328cd3e5d489eade122cd38b50642ad6
SHA512 42e9c5dcf34601368cbef32cb1618c82f26e4a8a3eaaaeba1eae31474b66ee6e7a71a61c34f959d2f409c3e5fb605d9e15c0c7722bf31fcb22e0f07c8233e58f

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\f155747d-fd7a-465d-9b03-450665acbc43\8026096bf5034c1d_0

MD5 45cf7dc5468df71d8e4e45655ea90fe1
SHA1 9f3a0f868166d14e68bed63bd5e92daf7f258d33
SHA256 4c09566012826f6b72fecb92ca57fd9dd8bb8c605cf39c409c72ff4b5c50ef16
SHA512 c7ba38d00cc0a5a8b2ed9d2a22070a124b3dcba6e9ad43b10e8dc2623ce02a745b1b55364f660031f496b02042bcfc63cb7ae30c5ab84f5f6fe58920db76b783

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\f155747d-fd7a-465d-9b03-450665acbc43\ae662e046f7b3fd9_0

MD5 bca4c558f9dc9d4becb164bfefb0b8f8
SHA1 a735452410f3b870f7017d0579fea61b3326046f
SHA256 2f2d589a50f51e990d758f9d552076e0fde5f9ce9b8be781465f86c3fe1dc810
SHA512 e85c68f22871ebda2d559a22ed0056afd3631f75b4ca09e89da73fca2f9499df7e32e106b3f7227db2529ac93fe375316ec8f3c0501fa794ca60ceed4b645798

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\f155747d-fd7a-465d-9b03-450665acbc43\cd4004d6793712fa_0

MD5 d8b4c2d97d843da3f576599122e45bf6
SHA1 33423ee82244450056292e4d46a0ce2c8abd545b
SHA256 1dc739f09ae3c59b424c64ce51e701117cb878852a337095309c4589c0b4b8f5
SHA512 06d8324a1e1e7516d45c6c825468a326286ff47cf5a85007cbbcee64643264b0e8243abebd290c2b5b45526aaf677d5176481c98625e0a22ed58bc62f95e9bbf

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity

MD5 eaf96627ed6fc9e81ed498de86ea70b7
SHA1 3a8670ae413cddca9fa1b986826cf20bef176a97
SHA256 400b49d30ccb932e21c81feed29112dee3beaea437c7adf50adf631b79fe51c6
SHA512 ae2e1335a5da8b941ea541457b3913a3469378abe68b8e3f9c54f03debc68dc6cd310baf844938609ab7e9d0df7c2dcdd3c02a9020a1c62ad6a6c03c7adffe19

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\f155747d-fd7a-465d-9b03-450665acbc43\11b2a035e28b3e94_0

MD5 813361932b486b0dcc95b6ccdac636bd
SHA1 544e770f3050fe551f2b027fcfcea75d7945bc2b
SHA256 383836a0a9b32d9dd4994ed625fdc3b0b5106fc4895a520f05b0f5572dcb8009
SHA512 421144f48f7972ddbffd709bd5acde5ca0de25060e46a09ec64fdefa71e2bb6a8b98fbf98ca65a5635364e68014818dd1c5fb170c0daef8e75be609fd15e2eff

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity

MD5 71d64805a2f546bac68ab47cba168dcc
SHA1 52f1493c8ca043c82114e37754ef4e461004d44c
SHA256 d6304b432bcefb84248c0fd8b9cbe01b8bda88864e71729b451a196e1a571723
SHA512 20494eefbc04eeafe6c23b4c32a8d697a63d12ef0cecaa6ca89c49442a1cc687d90676e6a4d121c0636abcc01128a914d4dd881de4b63324a88feb5c61fe320d

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

MD5 b0b58e851be2e29d47ad87eb947ce4f0
SHA1 45565fa85ad0dcb7a2da716576fc5dc7cbcd2edb
SHA256 d71ea7217f2c9a71a00efc4d92c1b0c8aa2f209740561dfa9cef0afe11d7a7ee
SHA512 2a72ec99f6c508ede522f026c1ac032b5d5316329ea2f78862a8cfd9179f8880107e5af66757a01fff636055da0e227f92024247edfc4af8cee8cd643d2fc37c

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\Network Persistent State

MD5 78bfcecb05ed1904edce3b60cb5c7e62
SHA1 bf77a7461de9d41d12aa88fba056ba758793d9ce
SHA256 c257f929cff0e4380bf08d9f36f310753f7b1ccb5cb2ab811b52760dd8cb9572
SHA512 2420dff6eb853f5e1856cdab99561a896ea0743fcff3e04b37cb87eddf063770608a30c6ffb0319e5d353b0132c5f8135b7082488e425666b2c22b753a6a4d73

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\Network Persistent State~RFe58be59.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

memory/5036-18626-0x0000000008E10000-0x0000000008E11000-memory.dmp

memory/5036-18627-0x00000000116E0000-0x0000000011CF1000-memory.dmp

memory/5036-18628-0x00000000116E0000-0x0000000011CF1000-memory.dmp

memory/5036-18629-0x00000000116E0000-0x0000000011CF1000-memory.dmp

memory/5036-18630-0x0000000008E20000-0x0000000008E21000-memory.dmp

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\YandexDictionaries\ru.bdic

MD5 ac3768f0462853d08df284e67c7c4ebd
SHA1 732581ac6f2e02246696817adc53d2e2e5d0dcb5
SHA256 af2bcc135f974aad505a8f55296117dbf4cbc095931e22f424698b181d273656
SHA512 27d558deffeeefe1198aebdf65a3fef0b0f3d6b6c4177d03ff32b0363f0a2fb1b7ff6454f45dd3254427cec9174b03181c50bc51dba212e6ab0114a6e72bcf96

C:\Users\Admin\AppData\Local\Temp\yandex_browser_updater.log

MD5 c51fdd23ab6241cb52ce695d46e6c5ef
SHA1 828e0a91e553088b79d9fab74575815b7a56a5ef
SHA256 889a9e7f13b7e3f1fd330c5123426bf748125648187f14c96210e5b4d3e50d7f
SHA512 94c7ad09210fc7a79063de8683b53629241488ceec3df41048fd5124c0dbae441a51e72b35b88540006055801662b8d1059604f7a592fa36fddfae4535a25cd9

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Tablo

MD5 6899d67940718b26087f80b903c87e1c
SHA1 550050dc5759ffa3c2b449f4862496fb76502e0f
SHA256 f1a6b04bbf242b7a917bb1da25ff3823ceb8555271958607d85064aa32d4f69b
SHA512 f1a5f93adf0932254b9b84c049d60c5b2446630bc8246eacab5e1b58cfb1c91bfde48c588f459091c354094ba31358cf7bb667163b374b4b92b4a6340dd26fa9

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity

MD5 e6f8055d7e1b0cfc6cb33509da40c5df
SHA1 303b0b480f7564f859eba75c7920f54d956461d9
SHA256 bb91119a07d435ea88c54d8f1fabe5e183c05994514772bf2f599cceb0c3347d
SHA512 95de1a0be30cc391732d2c2868f8cf3320a622627d4e11a8079e8858b79644593f713cdb2735cf69f31d00949f43ade5db568fc998e04674bd64eece0f6c10c4

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\f155747d-fd7a-465d-9b03-450665acbc43\index-dir\the-real-index

MD5 749f6c3b46d5295aabd07066297f70f3
SHA1 64b9441b5bb6cb23d42aa43e15aa9cf17d81c466
SHA256 05684a0a354208269953bdb6daae26fd27b9a51ffa15dda92b3862bd1189c3ad
SHA512 cc4c313046183228fa751373a4a1bab802cb30b6a8acdb2d0bb8f65a6fac112b07ba005eda1f965e8b4cd2975f70716c9a809df7177469a58baba402e4237fc2

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

MD5 f452a0906231135325a7d419db19fde4
SHA1 e6cf5a332a6a809ca3f809ada4e46a016ae60728
SHA256 d987e58996c776ada13f1779fae31d5ba99c6162ebcc4a0a680a85962588cdae
SHA512 48b9041c990196dbc99ebf974a84d510e28f9b824fa5c1f7bee434eda53743b28e0b3b17dead3b7c8870192a2973246748ee4a3225db532d334c8d02775a2028

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\f155747d-fd7a-465d-9b03-450665acbc43\index-dir\the-real-index~RFe58dbb5.TMP

MD5 7874822b39f24fbb37cf8a131066584b
SHA1 c55cda288d415b3e9e510c19b80654ac6d2312c9
SHA256 e152b3d73e16e264dfada35774b8d62e6b68380a7eb094b5cb7e5d4ce70e81ff
SHA512 05d7177d5c8915a3cbad9b3d479429d486d75db36c6b96cfa7680b805587157b119059a1a0b4626d0d869d6175ebf8493da8be384cf839ede6cf87974067156e

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GP57WU1M\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\Network Persistent State

MD5 555bfb3809e28ce6eade961eb6ac9f36
SHA1 b87191de8187e42ca1103651fde4a9634cb3836d
SHA256 4f74a733a9cb12dda8e5e25862b0b4a30af9a349eed8db9c00b7f2fe49c76a28
SHA512 1194aeba01601498d78c011b5528246d76a3741660dd746774bfb33cbf8044424dbe694fbf8cc5eca32564c896d6afeb00c03a706bf0a940c429246dc2dc1d6f

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 4a31bb3113d138f7b5ce29de4fe65cf9
SHA1 db59c78d1bbce0d4ddfaa696647896f7899b5041
SHA256 950249d24fc84f3400ace87d92575e18a01a52c47e13ad0cbb451d49ab49c28b
SHA512 47192387f904826386b99ac413fb344b2ec36efd9fa981c40a17a386e7253a29ce7c5e3fe6941722d4a586affb61daeb903ccca8b45690c228c7af7593e09c3f

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity

MD5 e122dab50775b00d8b2a408c56953696
SHA1 6d37d0cf10d24c89a7d7448c53411c9eb708e25f
SHA256 aa733d294ebea0b8b4c53cc6ed778db2f069f1bc38e763744804641918795dff
SHA512 7d7cecfc86f1a0689a7d6e33f1c95648704e9620bc4cbd68d4237a65f542d924df0ad074e66d835f26f008e616e4fd0ef1c5f63f14b55ad0bbbbd65aebcde0cd

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity

MD5 5a78de64013dde1b49118313dd9d0689
SHA1 2a221f978ac9c53e0b8d783e8b451f0d0470cd23
SHA256 80a2b30065677d3f15304f598b0342430da04be2e829493680a85c84c8730104
SHA512 d8a7f85278e8c01403e4d2aabeaf1b0e375eaf34a12764f2b1f56968df9d233f23fe24e0c4d1494cef9a93f9ce4cf84b9d9527a056ec1b1067e9adf64dc2c093

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\Temp\chrome_PuffinComponentUnpacker_BeginUnzipping8744_1421074802\manifest.json

MD5 0359d5b66d73a97ce5dc9f89ed84c458
SHA1 ce17e52eaac909dd63d16d93410de675d3e6ec0d
SHA256 beeab2f8d3833839399dde15ce9085c17b304445577d21333e883d6db6d0b755
SHA512 8fd94a098a4ab5c0fcd48c2cef2bb03328dd4d25c899bf5ed1ca561347d74a8aab8a214ba2d3180a86df72c52eb26987a44631d0ecd9edc84976c28d6c9dc16a

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\component_crx_cache\oimompecagnajdejgnnjijobebaeigek_1.2903aec9f77378fa19280af8ff89294fb9ce2caf8e0092c69e19973c0a9cc6fe

MD5 10ad99a1c196f612fa6acb191f6025bf
SHA1 e2afa84dcec06ecaf86f2fe72ab56fffb5dc9dfc
SHA256 92c73ea50a2e8a29dac54fd8c68704fbcdbfba41da488e69cb8ca4cf249c93de
SHA512 e172935d7f034cde7415a4efcad62a40151828fb59d5505c9b9eb332d3e63a9903f2b0a9675844296a5a79347fad902dceff2ca303c1215ad3d7b9c91d8226f3