Malware Analysis Report

2025-03-15 04:28

Sample ID 241025-z3llfssnes
Target ac2e8963f3ea0e4bd612078f555ec1888e8ed2118b63a4091a162d341fcafbde
SHA256 ac2e8963f3ea0e4bd612078f555ec1888e8ed2118b63a4091a162d341fcafbde
Tags
discovery persistence spyware stealer
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

ac2e8963f3ea0e4bd612078f555ec1888e8ed2118b63a4091a162d341fcafbde

Threat Level: Likely malicious

The file ac2e8963f3ea0e4bd612078f555ec1888e8ed2118b63a4091a162d341fcafbde was found to be: Likely malicious.

Malicious Activity Summary

discovery persistence spyware stealer

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Checks computer location settings

Adds Run key to start application

Legitimate hosting services abused for malware hosting/C2

Checks installed software on the system

Drops file in System32 directory

Checks system information in the registry

Drops file in Program Files directory

Drops file in Windows directory

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Unsigned PE

Browser Information Discovery

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: EnumeratesProcesses

Modifies registry class

Modifies system certificate store

Modifies Internet Explorer settings

Suspicious use of WriteProcessMemory

Uses Task Scheduler COM API

Modifies data under HKEY_USERS

Suspicious use of AdjustPrivilegeToken

Enumerates system info in registry

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-25 21:14

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-25 21:14

Reported

2024-10-25 21:17

Platform

win7-20240903-en

Max time kernel

150s

Max time network

145s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ac2e8963f3ea0e4bd612078f555ec1888e8ed2118b63a4091a162d341fcafbde.exe"

Signatures

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\ybAD01.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe N/A
N/A N/A C:\Windows\TEMP\scoped_dir2700_97829645\temp\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\ac2e8963f3ea0e4bd612078f555ec1888e8ed2118b63a4091a162d341fcafbde.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ac2e8963f3ea0e4bd612078f555ec1888e8ed2118b63a4091a162d341fcafbde.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ac2e8963f3ea0e4bd612078f555ec1888e8ed2118b63a4091a162d341fcafbde.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ac2e8963f3ea0e4bd612078f555ec1888e8ed2118b63a4091a162d341fcafbde.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ybAD01.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe N/A
N/A N/A C:\Windows\TEMP\scoped_dir2700_97829645\temp\service_update.exe N/A
N/A N/A C:\Windows\TEMP\scoped_dir2700_97829645\temp\service_update.exe N/A
N/A N/A C:\Windows\TEMP\scoped_dir2700_97829645\temp\service_update.exe N/A
N/A N/A C:\Windows\TEMP\scoped_dir2700_97829645\temp\service_update.exe N/A
N/A N/A C:\Windows\TEMP\scoped_dir2700_97829645\temp\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Run\GoogleChromeAutoLaunch_45886AE68CD319C7351FF54A1DBD4B87 = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --shutdown-if-not-closed-by-system-restart" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Checks installed software on the system

discovery

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A yandex.com N/A N/A
N/A yandex.com N/A N/A
N/A yandex.com N/A N/A

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\UCP0HAMZ.txt C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\QMRBVA4P.txt C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\28R2XPC1.txt C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\TQH39BS5.txt C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Yandex\ui C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\UCP0HAMZ.txt C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\VAKLWVV3.txt C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\VI5WOZ4D.txt C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\28R2XPC1.txt C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\VAKLWVV3.txt C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\TQH39BS5.txt C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3 C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3 C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\349D186F1CB5682FA0194D4F3754EF36_329286CE101A90C7D927A9DF52224760 C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\349D186F1CB5682FA0194D4F3754EF36_329286CE101A90C7D927A9DF52224760 C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\QMRBVA4P.txt C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\I6P0K6YJ.txt C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\I6P0K6YJ.txt C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\_[1].js C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\VI5WOZ4D.txt C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe C:\Windows\TEMP\scoped_dir2700_97829645\temp\service_update.exe N/A
File opened for modification C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe C:\Windows\TEMP\scoped_dir2700_97829645\temp\service_update.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\System update for Yandex Browser.job C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File created C:\Windows\Tasks\Update for Yandex Browser.job C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File created C:\Windows\Tasks\Repairing Yandex Browser update service.job C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\Tasks\Update for Yandex Browser.job C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ac2e8963f3ea0e4bd612078f555ec1888e8ed2118b63a4091a162d341fcafbde.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ybAD01.tmp N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\TEMP\scoped_dir2700_97829645\temp\service_update.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ac2e8963f3ea0e4bd612078f555ec1888e8ed2118b63a4091a162d341fcafbde.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000045c0dde48c11474f81d9a2c02be4ea2200000000020000000000106600000001000020000000f1ccc24261d16ed4c02e10a4d4e25ee97198b32366ee2052555e604e5919e886000000000e8000000002000020000000b22a070d982f2e66e8c1e9821593b0668ce66b2aab4bcefe332d85873c1dc5452000000099ba3d5f9d5f1e5049fbee4dd84839438d921ddfba5fdca26ef54e1d144303d84000000060d6339d7357196d3d2b7db295c240b1a5e9582678e9123c8cd0014f8197a37ef1681662d7b1ca9a75bef3a17e54d6b8272209ddb046f3bb29b9a14751789f19 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 305f8d1b2327db01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\ = "12" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "436052758" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "90" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "606" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\Total = "637" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\Total = "9" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\Total = "48" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "62" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\Total = "90" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "48" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2970D231-9316-11EF-A97E-EE9D5ADBD8E3} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\Total = "62" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "9" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\Total = "12" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\Total = "27" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\ = "90" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "27" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\ = "48" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\ = "27" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "637" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\ = "606" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\ = "62" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000045c0dde48c11474f81d9a2c02be4ea220000000002000000000010660000000100002000000079fdb81b523d51a7ec81f0bebc2f30cfdf0dcddd881eeb2730bbce29f6065965000000000e8000000002000020000000b81f13b953361a8893a217089e07de56975a5634cf9777827130e83c5991f2d7900000009324c68def959953094a726c4ad610fa04cfb0b7c10e8c760d161a0e00cc1fd63c97355f677a829465fb24755f25917520d588e1830e8a86f421d6ef5e196b13d583fe435d54b4b07caf48f8aeaf2d79a2ad9e1436599ba78fb997c232d58b21732558505982cd2e6ec60e0c54a21c1be6c2d99cb58503757bde5778e6510943ea3063b7cc07a359fddeeab4a4b5b7b740000000ee164f8d7958157f782f81b4a85112579c15f26f61f33581451e248857f9b12faf35ffe0a396c85f6ec169df4c6ccfe317793998bfdb37a215134d9d92d4c532 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\ = "9" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\Total = "606" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{8DCF7C7F-6E45-4C7D-87E0-57267A3AB5FD}\WpadDecision = "0" C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\ae-59-e5-63-ee-d8\WpadDecision = "0" C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings = 4600000002000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{8DCF7C7F-6E45-4C7D-87E0-57267A3AB5FD}\WpadDecisionTime = 983cdb372327db01 C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings = 4600000002000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "1" C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{8DCF7C7F-6E45-4C7D-87E0-57267A3AB5FD}\WpadDecisionReason = "1" C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{8DCF7C7F-6E45-4C7D-87E0-57267A3AB5FD}\WpadNetworkName = "Network 3" C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\Yandex\UICreated_SYSTEM = "1" C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\ae-59-e5-63-ee-d8\WpadDecisionTime = 983cdb372327db01 C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\Yandex C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:" C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\ae-59-e5-63-ee-d8 C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\ae-59-e5-63-ee-d8\WpadDecisionReason = "1" C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\AppDataLow\Yandex C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{8DCF7C7F-6E45-4C7D-87E0-57267A3AB5FD} C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{8DCF7C7F-6E45-4C7D-87E0-57267A3AB5FD}\ae-59-e5-63-ee-d8 C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:" C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\.shtml\ = "YandexHTML.3QYOG4SOOGAMCVAKTLB45W7K4I" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\YandexWEBM.3QYOG4SOOGAMCVAKTLB45W7K4I\shell\open C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\.tif\OpenWithProgids C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\.xml C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\YandexWEBP.3QYOG4SOOGAMCVAKTLB45W7K4I\shell C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\YandexJS.3QYOG4SOOGAMCVAKTLB45W7K4I\DefaultIcon C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\YandexJPEG.3QYOG4SOOGAMCVAKTLB45W7K4I\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\.webp C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\YandexXML.3QYOG4SOOGAMCVAKTLB45W7K4I\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-134" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\.tiff C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\YandexTIFF.3QYOG4SOOGAMCVAKTLB45W7K4I\shell\open\command C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\YandexTIFF.3QYOG4SOOGAMCVAKTLB45W7K4I\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1" C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\YandexHTML.3QYOG4SOOGAMCVAKTLB45W7K4I\shell\open\command C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\yabrowser\shell\open\command C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\YandexJS.3QYOG4SOOGAMCVAKTLB45W7K4I C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\.htm C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\YandexSWF.3QYOG4SOOGAMCVAKTLB45W7K4I\shell\open C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\YandexCRX.3QYOG4SOOGAMCVAKTLB45W7K4I\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-104" C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\YandexHTML.3QYOG4SOOGAMCVAKTLB45W7K4I\ = "Yandex HTML Document" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\YandexWEBM.3QYOG4SOOGAMCVAKTLB45W7K4I\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\YandexINFE.3QYOG4SOOGAMCVAKTLB45W7K4I\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-135" C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\YandexPDF.3QYOG4SOOGAMCVAKTLB45W7K4I\DefaultIcon C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\.fb2 C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\.crx\ = "YandexBrowser.crx" C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\YandexCSS.3QYOG4SOOGAMCVAKTLB45W7K4I C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\.xhtml\ = "YandexHTML.3QYOG4SOOGAMCVAKTLB45W7K4I" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\YandexWEBM.3QYOG4SOOGAMCVAKTLB45W7K4I\DefaultIcon C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\.fb2\OpenWithProgids C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\.xml\OpenWithProgids\YandexXML.3QYOG4SOOGAMCVAKTLB45W7K4I C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\https\shell\open\command C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\YandexFB2.3QYOG4SOOGAMCVAKTLB45W7K4I\shell\open C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\.webm\OpenWithProgids\YandexWEBM.3QYOG4SOOGAMCVAKTLB45W7K4I C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\YandexTXT.3QYOG4SOOGAMCVAKTLB45W7K4I\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\.xml\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\yabrowser\DefaultIcon C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\YandexXML.3QYOG4SOOGAMCVAKTLB45W7K4I\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-134" C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\yabrowser\shell\open C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\YandexHTML.3QYOG4SOOGAMCVAKTLB45W7K4I C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\YandexCSS.3QYOG4SOOGAMCVAKTLB45W7K4I\shell C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\YandexCSS.3QYOG4SOOGAMCVAKTLB45W7K4I\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-124" C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\YandexPDF.3QYOG4SOOGAMCVAKTLB45W7K4I C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\.shtml\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\.xhtml C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\YandexWEBM.3QYOG4SOOGAMCVAKTLB45W7K4I\ = "Yandex Browser WEBM Document" C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\.epub\OpenWithProgids\YandexEPUB.3QYOG4SOOGAMCVAKTLB45W7K4I C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\YandexCSS.3QYOG4SOOGAMCVAKTLB45W7K4I\shell\open C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\YandexGIF.3QYOG4SOOGAMCVAKTLB45W7K4I\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-107" C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\YandexCSS.3QYOG4SOOGAMCVAKTLB45W7K4I\ = "Yandex Browser CSS Document" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\YandexTIFF.3QYOG4SOOGAMCVAKTLB45W7K4I\DefaultIcon C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\.infected\OpenWithProgids\YandexINFE.3QYOG4SOOGAMCVAKTLB45W7K4I C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\.webp\OpenWithProgids C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\.png\OpenWithProgids\YandexPNG.3QYOG4SOOGAMCVAKTLB45W7K4I C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\.png\OpenWithProgids\YandexPNG.3QYOG4SOOGAMCVAKTLB45W7K4I C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\YandexGIF.3QYOG4SOOGAMCVAKTLB45W7K4I\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-107" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\.jpeg\OpenWithProgids\YandexJPEG.3QYOG4SOOGAMCVAKTLB45W7K4I C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\.htm\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\yabrowser\shell C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\YandexCSS.3QYOG4SOOGAMCVAKTLB45W7K4I\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\YandexTIFF.3QYOG4SOOGAMCVAKTLB45W7K4I\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-119" C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\YandexTXT.3QYOG4SOOGAMCVAKTLB45W7K4I\shell\open C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\YandexWEBM.3QYOG4SOOGAMCVAKTLB45W7K4I\shell C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\YandexFB2.3QYOG4SOOGAMCVAKTLB45W7K4I\DefaultIcon C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\YandexTIFF.3QYOG4SOOGAMCVAKTLB45W7K4I C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\YandexHTML.3QYOG4SOOGAMCVAKTLB45W7K4I\shell C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 C:\Users\Admin\AppData\Local\Temp\ac2e8963f3ea0e4bd612078f555ec1888e8ed2118b63a4091a162d341fcafbde.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 C:\Users\Admin\AppData\Local\Temp\ac2e8963f3ea0e4bd612078f555ec1888e8ed2118b63a4091a162d341fcafbde.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 C:\Users\Admin\AppData\Local\Temp\ac2e8963f3ea0e4bd612078f555ec1888e8ed2118b63a4091a162d341fcafbde.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe N/A
N/A N/A C:\Windows\TEMP\scoped_dir2700_97829645\temp\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1704 wrote to memory of 1776 N/A C:\Users\Admin\AppData\Local\Temp\ac2e8963f3ea0e4bd612078f555ec1888e8ed2118b63a4091a162d341fcafbde.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1704 wrote to memory of 1776 N/A C:\Users\Admin\AppData\Local\Temp\ac2e8963f3ea0e4bd612078f555ec1888e8ed2118b63a4091a162d341fcafbde.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1704 wrote to memory of 1776 N/A C:\Users\Admin\AppData\Local\Temp\ac2e8963f3ea0e4bd612078f555ec1888e8ed2118b63a4091a162d341fcafbde.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1704 wrote to memory of 1776 N/A C:\Users\Admin\AppData\Local\Temp\ac2e8963f3ea0e4bd612078f555ec1888e8ed2118b63a4091a162d341fcafbde.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1704 wrote to memory of 2004 N/A C:\Users\Admin\AppData\Local\Temp\ac2e8963f3ea0e4bd612078f555ec1888e8ed2118b63a4091a162d341fcafbde.exe C:\Users\Admin\AppData\Local\Temp\ac2e8963f3ea0e4bd612078f555ec1888e8ed2118b63a4091a162d341fcafbde.exe
PID 1704 wrote to memory of 2004 N/A C:\Users\Admin\AppData\Local\Temp\ac2e8963f3ea0e4bd612078f555ec1888e8ed2118b63a4091a162d341fcafbde.exe C:\Users\Admin\AppData\Local\Temp\ac2e8963f3ea0e4bd612078f555ec1888e8ed2118b63a4091a162d341fcafbde.exe
PID 1704 wrote to memory of 2004 N/A C:\Users\Admin\AppData\Local\Temp\ac2e8963f3ea0e4bd612078f555ec1888e8ed2118b63a4091a162d341fcafbde.exe C:\Users\Admin\AppData\Local\Temp\ac2e8963f3ea0e4bd612078f555ec1888e8ed2118b63a4091a162d341fcafbde.exe
PID 1704 wrote to memory of 2004 N/A C:\Users\Admin\AppData\Local\Temp\ac2e8963f3ea0e4bd612078f555ec1888e8ed2118b63a4091a162d341fcafbde.exe C:\Users\Admin\AppData\Local\Temp\ac2e8963f3ea0e4bd612078f555ec1888e8ed2118b63a4091a162d341fcafbde.exe
PID 1704 wrote to memory of 2004 N/A C:\Users\Admin\AppData\Local\Temp\ac2e8963f3ea0e4bd612078f555ec1888e8ed2118b63a4091a162d341fcafbde.exe C:\Users\Admin\AppData\Local\Temp\ac2e8963f3ea0e4bd612078f555ec1888e8ed2118b63a4091a162d341fcafbde.exe
PID 1704 wrote to memory of 2004 N/A C:\Users\Admin\AppData\Local\Temp\ac2e8963f3ea0e4bd612078f555ec1888e8ed2118b63a4091a162d341fcafbde.exe C:\Users\Admin\AppData\Local\Temp\ac2e8963f3ea0e4bd612078f555ec1888e8ed2118b63a4091a162d341fcafbde.exe
PID 1704 wrote to memory of 2004 N/A C:\Users\Admin\AppData\Local\Temp\ac2e8963f3ea0e4bd612078f555ec1888e8ed2118b63a4091a162d341fcafbde.exe C:\Users\Admin\AppData\Local\Temp\ac2e8963f3ea0e4bd612078f555ec1888e8ed2118b63a4091a162d341fcafbde.exe
PID 1776 wrote to memory of 1028 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1776 wrote to memory of 1028 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1776 wrote to memory of 1028 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1776 wrote to memory of 1028 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2004 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\ac2e8963f3ea0e4bd612078f555ec1888e8ed2118b63a4091a162d341fcafbde.exe C:\Users\Admin\AppData\Local\Temp\ybAD01.tmp
PID 2004 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\ac2e8963f3ea0e4bd612078f555ec1888e8ed2118b63a4091a162d341fcafbde.exe C:\Users\Admin\AppData\Local\Temp\ybAD01.tmp
PID 2004 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\ac2e8963f3ea0e4bd612078f555ec1888e8ed2118b63a4091a162d341fcafbde.exe C:\Users\Admin\AppData\Local\Temp\ybAD01.tmp
PID 2004 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\ac2e8963f3ea0e4bd612078f555ec1888e8ed2118b63a4091a162d341fcafbde.exe C:\Users\Admin\AppData\Local\Temp\ybAD01.tmp
PID 2004 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\ac2e8963f3ea0e4bd612078f555ec1888e8ed2118b63a4091a162d341fcafbde.exe C:\Users\Admin\AppData\Local\Temp\ybAD01.tmp
PID 2004 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\ac2e8963f3ea0e4bd612078f555ec1888e8ed2118b63a4091a162d341fcafbde.exe C:\Users\Admin\AppData\Local\Temp\ybAD01.tmp
PID 2004 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\ac2e8963f3ea0e4bd612078f555ec1888e8ed2118b63a4091a162d341fcafbde.exe C:\Users\Admin\AppData\Local\Temp\ybAD01.tmp
PID 2200 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\ybAD01.tmp C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe
PID 2200 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\ybAD01.tmp C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe
PID 2200 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\ybAD01.tmp C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe
PID 2200 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\ybAD01.tmp C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe
PID 2200 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\ybAD01.tmp C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe
PID 2200 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\ybAD01.tmp C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe
PID 2200 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\ybAD01.tmp C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe
PID 2436 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe
PID 2436 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe
PID 2436 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe
PID 2436 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe
PID 2436 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe
PID 2436 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe
PID 2436 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe
PID 2700 wrote to memory of 1036 N/A C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe
PID 2700 wrote to memory of 1036 N/A C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe
PID 2700 wrote to memory of 1036 N/A C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe
PID 2700 wrote to memory of 1036 N/A C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe
PID 2700 wrote to memory of 1036 N/A C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe
PID 2700 wrote to memory of 1036 N/A C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe
PID 2700 wrote to memory of 1036 N/A C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe
PID 2700 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe C:\Windows\TEMP\scoped_dir2700_97829645\temp\service_update.exe
PID 2700 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe C:\Windows\TEMP\scoped_dir2700_97829645\temp\service_update.exe
PID 2700 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe C:\Windows\TEMP\scoped_dir2700_97829645\temp\service_update.exe
PID 2700 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe C:\Windows\TEMP\scoped_dir2700_97829645\temp\service_update.exe
PID 2700 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe C:\Windows\TEMP\scoped_dir2700_97829645\temp\service_update.exe
PID 2700 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe C:\Windows\TEMP\scoped_dir2700_97829645\temp\service_update.exe
PID 2700 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe C:\Windows\TEMP\scoped_dir2700_97829645\temp\service_update.exe
PID 2740 wrote to memory of 2844 N/A C:\Windows\TEMP\scoped_dir2700_97829645\temp\service_update.exe C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe
PID 2740 wrote to memory of 2844 N/A C:\Windows\TEMP\scoped_dir2700_97829645\temp\service_update.exe C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe
PID 2740 wrote to memory of 2844 N/A C:\Windows\TEMP\scoped_dir2700_97829645\temp\service_update.exe C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe
PID 2740 wrote to memory of 2844 N/A C:\Windows\TEMP\scoped_dir2700_97829645\temp\service_update.exe C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe
PID 2740 wrote to memory of 2844 N/A C:\Windows\TEMP\scoped_dir2700_97829645\temp\service_update.exe C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe
PID 2740 wrote to memory of 2844 N/A C:\Windows\TEMP\scoped_dir2700_97829645\temp\service_update.exe C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe
PID 2740 wrote to memory of 2844 N/A C:\Windows\TEMP\scoped_dir2700_97829645\temp\service_update.exe C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe
PID 2304 wrote to memory of 2656 N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe
PID 2304 wrote to memory of 2656 N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe
PID 2304 wrote to memory of 2656 N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe
PID 2304 wrote to memory of 2656 N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe
PID 2304 wrote to memory of 2656 N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe
PID 2304 wrote to memory of 2656 N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe
PID 2304 wrote to memory of 2656 N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe

Processes

C:\Users\Admin\AppData\Local\Temp\ac2e8963f3ea0e4bd612078f555ec1888e8ed2118b63a4091a162d341fcafbde.exe

"C:\Users\Admin\AppData\Local\Temp\ac2e8963f3ea0e4bd612078f555ec1888e8ed2118b63a4091a162d341fcafbde.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://yandex.com/legal/browser_agreement/?lang=en

C:\Users\Admin\AppData\Local\Temp\ac2e8963f3ea0e4bd612078f555ec1888e8ed2118b63a4091a162d341fcafbde.exe

"C:\Users\Admin\AppData\Local\Temp\ac2e8963f3ea0e4bd612078f555ec1888e8ed2118b63a4091a162d341fcafbde.exe" --parent-installer-process-id=1704 --run-as-admin --setup-cmd-line="fake_browser_arc --abt-config-resource-file=\"C:\Users\Admin\AppData\Local\Temp\abt_config_resource\" --abt-update-path=\"C:\Users\Admin\AppData\Local\Temp\e3074628-7ba7-4459-93da-a28060499a6a.tmp\" --brand-name=int --browser-present=none --disableyapin --distr-info-file=\"C:\Users\Admin\AppData\Local\Temp\distrib_info\" --installer-brand-id=int --make-browser-default-after-import --ok-button-pressed-time=242716800 --progress-window=131534 --send-statistics --server-config-bundle-path=\"C:\Users\Admin\AppData\Local\Temp\29511878-d62e-4a0e-8720-c04c10c2f200.tmp\" --testids=1114347 --variations-update-path=\"C:\Users\Admin\AppData\Local\Temp\bbd8fc5f-a23c-48b6-9762-6e47c7bd0d93.tmp\" --verbose-logging"

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1776 CREDAT:275457 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\ybAD01.tmp

"C:\Users\Admin\AppData\Local\Temp\ybAD01.tmp" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\e3074628-7ba7-4459-93da-a28060499a6a.tmp" --brand-name=int --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --browser-present=none --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --disableyapin --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=119 --install-start-time-no-uac=242841600 --installer-brand-id=int --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --make-browser-default-after-import --ok-button-pressed-time=242716800 --progress-window=131534 --send-statistics --server-config-bundle-path="C:\Users\Admin\AppData\Local\Temp\29511878-d62e-4a0e-8720-c04c10c2f200.tmp" --source=lite --testids=1114347 --variations-update-path="C:\Users\Admin\AppData\Local\Temp\bbd8fc5f-a23c-48b6-9762-6e47c7bd0d93.tmp" --verbose-logging

C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe

"C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\BROWSER.PACKED.7Z" --searchband-file="C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\SEARCHBAND.EXE" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\e3074628-7ba7-4459-93da-a28060499a6a.tmp" --brand-name=int --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --browser-present=none --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --disableyapin --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=119 --install-start-time-no-uac=242841600 --installer-brand-id=int --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --make-browser-default-after-import --ok-button-pressed-time=242716800 --progress-window=131534 --send-statistics --server-config-bundle-path="C:\Users\Admin\AppData\Local\Temp\29511878-d62e-4a0e-8720-c04c10c2f200.tmp" --source=lite --testids=1114347 --variations-update-path="C:\Users\Admin\AppData\Local\Temp\bbd8fc5f-a23c-48b6-9762-6e47c7bd0d93.tmp" --verbose-logging

C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe

"C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\BROWSER.PACKED.7Z" --searchband-file="C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\SEARCHBAND.EXE" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\e3074628-7ba7-4459-93da-a28060499a6a.tmp" --brand-name=int --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --browser-present=none --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --disableyapin --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=119 --install-start-time-no-uac=242841600 --installer-brand-id=int --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --make-browser-default-after-import --ok-button-pressed-time=242716800 --progress-window=131534 --send-statistics --server-config-bundle-path="C:\Users\Admin\AppData\Local\Temp\29511878-d62e-4a0e-8720-c04c10c2f200.tmp" --source=lite --testids=1114347 --variations-update-path="C:\Users\Admin\AppData\Local\Temp\bbd8fc5f-a23c-48b6-9762-6e47c7bd0d93.tmp" --verbose-logging --verbose-logging --run-as-admin --target-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application" --child-setup-process --restart-as-admin-time=358767700

C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe

C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=45323b5b377897c846fc6c473cf984a9 --annotation=main_process_pid=2700 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=22.1.5.812 --initial-client-data=0x1a0,0x1a4,0x1a8,0x174,0x1ac,0x12eed30,0x12eed40,0x12eed4c

C:\Windows\TEMP\scoped_dir2700_97829645\temp\service_update.exe

"C:\Windows\TEMP\scoped_dir2700_97829645\temp\service_update.exe" --setup

C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe" --install

C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe" --run-as-service

C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=45323b5b377897c846fc6c473cf984a9 --annotation=main_process_pid=2304 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=22.1.5.812 --initial-client-data=0x12c,0x130,0x134,0x100,0x138,0x5a3560,0x5a3570,0x5a357c

C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe" --update-scheduler

C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe" --update-background-scheduler

C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe" --statistics=https://api.browser.yandex.ru/installstats/send/dtype=stred/pid=457/cid=72992/path=extended_stat/vars=-action=version_folder_files_check_unused,-brand_id=unknown,-error=FONT_NOT_FOUND,-files_mask=66977119,-installer_type=service_audit,-launched=false,-old_style=0,-old_ver=,-result=0,-stage=error,-target=version_folder_files_check,-ui=51FFC564_69EA_4D47_B566_867BABEB7BE1/*

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Temp\clids.xml"

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\source2700_607732039\Browser-bin\clids_yandex.xml"

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=searchband --vendor-xml-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\source2700_607732039\Browser-bin\clids_searchband.xml"

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --progress-window=131534 --ok-button-pressed-time=242716800 --install-start-time-no-uac=242841600

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id= --annotation=main_process_pid=636 --annotation=metrics_client_id=9477e3bc9b6340268440385c02042b0b --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=22.1.5.812 --initial-client-data=0xe4,0xe8,0xec,0xb8,0xf0,0x70db2a08,0x70db2a18,0x70db2a24

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --field-trial-handle=1080,1066583727181785859,15417888899427872908,131072 --user-id=81954C68-C75F-4355-BE8D-CEEAEEAC8AB3 --brand-id=int --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAANAAAAEAAAAAAAAAABAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1088 /prefetch:2

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1080,1066583727181785859,15417888899427872908,131072 --lang=en-US --service-sandbox-type=none --user-id=81954C68-C75F-4355-BE8D-CEEAEEAC8AB3 --brand-id=int --process-name="Network Service" --brver=22.1.5.812 --mojo-platform-channel-handle=1376 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1080,1066583727181785859,15417888899427872908,131072 --lang=en-US --service-sandbox-type=utility --user-id=81954C68-C75F-4355-BE8D-CEEAEEAC8AB3 --brand-id=int --process-name="Storage Service" --brver=22.1.5.812 --mojo-platform-channel-handle=1564 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1080,1066583727181785859,15417888899427872908,131072 --lang=en-US --service-sandbox-type=audio --user-id=81954C68-C75F-4355-BE8D-CEEAEEAC8AB3 --brand-id=int --process-name="Audio Service" --brver=22.1.5.812 --mojo-platform-channel-handle=2176 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=81954C68-C75F-4355-BE8D-CEEAEEAC8AB3 --brand-id=int --extension-process --help-url=https://api.browser.yandex.com/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://yastatic.net --display-capture-permissions-policy-allowed --enable-instaserp --field-trial-handle=1080,1066583727181785859,15417888899427872908,131072 --enable-ignition --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2188 /prefetch:1

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=81954C68-C75F-4355-BE8D-CEEAEEAC8AB3 --brand-id=int --extension-process --help-url=https://api.browser.yandex.com/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://yastatic.net --display-capture-permissions-policy-allowed --enable-instaserp --field-trial-handle=1080,1066583727181785859,15417888899427872908,131072 --enable-ignition --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2488 /prefetch:1

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1080,1066583727181785859,15417888899427872908,131072 --lang=en-US --service-sandbox-type=service --user-id=81954C68-C75F-4355-BE8D-CEEAEEAC8AB3 --brand-id=int --process-name="Data Decoder Service" --brver=22.1.5.812 --mojo-platform-channel-handle=2604 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=speechkit.mojom.Speechkit --field-trial-handle=1080,1066583727181785859,15417888899427872908,131072 --lang=en-US --service-sandbox-type=none --user-id=81954C68-C75F-4355-BE8D-CEEAEEAC8AB3 --brand-id=int --process-name="Speechkit Service" --brver=22.1.5.812 --mojo-platform-channel-handle=2672 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --field-trial-handle=1080,1066583727181785859,15417888899427872908,131072 --user-id=81954C68-C75F-4355-BE8D-CEEAEEAC8AB3 --brand-id=int --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAANAAAAEAAAAAAAAAABAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1136 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.browser.yandex.net udp
US 8.8.8.8:53 api.browser.yandex.ru udp
US 8.8.8.8:53 download.cdn.yandex.net udp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 5.45.205.243:443 download.cdn.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
US 8.8.8.8:53 cachev2-fra-01.cdn.yandex.net udp
DE 5.45.200.104:443 cachev2-fra-01.cdn.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
US 8.8.8.8:53 yandex.com udp
US 8.8.8.8:53 cachev2-ams02.cdn.yandex.net udp
NL 5.45.247.52:443 cachev2-ams02.cdn.yandex.net tcp
RU 77.88.55.88:443 yandex.com tcp
RU 77.88.55.88:443 yandex.com tcp
US 8.8.8.8:53 cachev2-kiv-03.cdn.yandex.net udp
FI 5.45.192.141:443 cachev2-kiv-03.cdn.yandex.net tcp
US 8.8.8.8:53 yastatic.net udp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
US 8.8.8.8:53 cachev2-ams01.cdn.yandex.net udp
NL 5.45.247.51:443 cachev2-ams01.cdn.yandex.net tcp
US 8.8.8.8:53 mc.yandex.ru udp
US 8.8.8.8:53 samsara.s3.yandex.net udp
RU 93.158.134.158:443 samsara.s3.yandex.net tcp
RU 93.158.134.158:443 samsara.s3.yandex.net tcp
US 8.8.8.8:53 cachev2-fra-02.cdn.yandex.net udp
RU 87.250.251.119:443 mc.yandex.ru tcp
RU 87.250.251.119:443 mc.yandex.ru tcp
DE 5.45.200.105:443 cachev2-fra-02.cdn.yandex.net tcp
US 8.8.8.8:53 uxfeedback-cdn.s3.yandex.net udp
RU 93.158.134.158:443 uxfeedback-cdn.s3.yandex.net tcp
RU 93.158.134.158:443 uxfeedback-cdn.s3.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 5.45.205.243:443 download.cdn.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 5.45.205.243:443 download.cdn.yandex.net tcp
RU 93.158.134.158:443 uxfeedback-cdn.s3.yandex.net tcp
US 8.8.8.8:53 mc.yandex.com udp
RU 87.250.251.119:443 mc.yandex.com tcp
RU 87.250.251.119:443 mc.yandex.com tcp
RU 178.154.131.215:443 yastatic.net tcp
US 8.8.8.8:53 crl.globalsign.com udp
US 104.18.20.226:80 crl.globalsign.com tcp
RU 5.45.205.242:443 download.cdn.yandex.net tcp
US 8.8.8.8:53 cachev2-ams17.cdn.yandex.net udp
NL 5.45.247.13:443 cachev2-ams17.cdn.yandex.net tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 2.18.190.147:80 crl.microsoft.com tcp
RU 5.45.205.242:443 download.cdn.yandex.net tcp
US 8.8.8.8:53 cachev2-ams21.cdn.yandex.net udp
NL 5.45.247.25:443 cachev2-ams21.cdn.yandex.net tcp
US 8.8.8.8:53 cachev2-rad-01.cdn.yandex.net udp
FI 5.45.192.4:443 cachev2-rad-01.cdn.yandex.net tcp
US 8.8.8.8:53 cachev2-kiv-05.cdn.yandex.net udp
FI 5.45.192.144:443 cachev2-kiv-05.cdn.yandex.net tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
US 8.8.8.8:53 cachev2-rad-05.cdn.yandex.net udp
FI 5.45.192.12:443 cachev2-rad-05.cdn.yandex.net tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 cachev2-kiv-06.cdn.yandex.net udp
FI 5.45.192.146:443 cachev2-kiv-06.cdn.yandex.net tcp
US 8.8.8.8:53 cachev2-rad-02.cdn.yandex.net udp
FI 5.45.192.6:443 cachev2-rad-02.cdn.yandex.net tcp
RU 5.45.205.242:443 download.cdn.yandex.net tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 cachev2-rad-04.cdn.yandex.net udp
FI 5.45.192.10:443 cachev2-rad-04.cdn.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
US 8.8.8.8:53 cachev2-kiv-01.cdn.yandex.net udp
FI 5.45.192.133:443 cachev2-kiv-01.cdn.yandex.net tcp
RU 5.45.205.242:443 download.cdn.yandex.net tcp
US 8.8.8.8:53 cachev2-ams18.cdn.yandex.net udp
NL 5.45.247.18:443 cachev2-ams18.cdn.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
US 104.18.21.226:80 crl.globalsign.com tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
US 8.8.8.8:53 api.browser.yandex.ru udp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
US 8.8.8.8:53 storage.ape.yandex.net udp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
US 8.8.8.8:53 storage.ape.yandex.net udp
RU 87.250.251.66:443 storage.ape.yandex.net tcp
US 8.8.8.8:53 browser.yandex.ru udp
US 8.8.8.8:53 browser.yandex.com udp
RU 87.250.251.66:443 storage.ape.yandex.net tcp
RU 93.158.134.121:443 browser.yandex.com tcp
US 8.8.8.8:53 yastatic.net udp
RU 178.154.131.215:443 yastatic.net tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp

Files

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 aef7662e93a978d067f889ad4ed894dd
SHA1 0aab134cca9af23faf88282bc6c21d12f04b17f2
SHA256 b04ae2e9fd6aceebda17a745be8d46d5d03d86d82fdc497728eadf5c91ce5d99
SHA512 22157ca517546f7441cdcd178ac3f2c5105f8570b087e9325fcfaa8c90d9011d1c48dc7883e44d3e0125047bfd3fd1166b7d2ba3aa35babcf4bae62cce5e63d0

C:\Users\Admin\AppData\Roaming\Yandex\ui

MD5 7a5542ca7149e01905ed3fba17660eb0
SHA1 de7de54b4ccc1a10f184d42eacceff87ebeb5540
SHA256 c2d63d035e3dc34e74fcb981db099b0d1223995b705bbe85de8d9fc5e4429bab
SHA512 1d1f9dc5cf118f03c48a0a8128f5230d9c709a99f44d98a59f3e112bf398b15e74ecbd6f8ca86bd821d8dce2ba2687a03fa5520f92082ef80f05bc31933c34c3

C:\Users\Admin\AppData\Local\Temp\CabC2D4.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 ec15826ab3514935cef3248992771dfa
SHA1 58e54d8a47522894d4adcf68341adbfe6e408822
SHA256 2b686e117db8c133b1fc129e6d2c4cc24edfccae352471563214bd713dad6cc3
SHA512 7f5e3bc800b818c055897ed622e59c96f7eb1e72de4cae2efcd55c92aef58f3f2f9ede46b8631474e040c48441bd9403483e69c9c2320642066c6fda9fb75b08

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 5ad4f0d51524f8e47b2bacd79dc88400
SHA1 1fbc454c75277412dff1d2a63ffca7a8eec81a77
SHA256 da067212fcea84eab8d11be209f2089a5f70567cb707b4bfd10f7aa921fe3cfd
SHA512 98260370261f69825b84d97a9d69511f29ab33406e21c7820c99f4249271be3bf7b524279c468f6bcf1d6af0196919510722351ea6ea43ce1e10591d1f119666

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\66F835E41EC6A985EB9271E4A70169D7_CF44E3C99F7F4AC558EEB35244F7E046

MD5 ed93418bad7b9e116ea0163c40ee77c7
SHA1 0bc029dc9502743101ddf9bab537da7df54c9e00
SHA256 1e1b1b5f5789d2544025795285c39d38e46a15a2c5e0c481602d90345df45cf7
SHA512 ce57a26801d423933827d30a508cd80a5dc93dbf18ae4f5abddc7fc6354941e0a270718963497c7c7fbd5c9bbfc565dc484e1a5d08200fb0595d843b4bbd833c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\66F835E41EC6A985EB9271E4A70169D7_CF44E3C99F7F4AC558EEB35244F7E046

MD5 2275e316df725248691e93eea5598e6d
SHA1 9a4d2fb131e59526db7e8c0c0aa7b673562afd1e
SHA256 3fa5e4759d1aa1d2039f435ee55d36d360a8f54e92f747dd7fec2c4cdf5fac90
SHA512 61417c300008cb414ed835fa565ac91a3c957f0ff7f96913a4310acf390e9e818f78d47e2d0e6056acef13368be4e4272fd5bec9456f4f8c34c7c636af7313e1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_7DAD5545724AA2C98C55095F428499FB

MD5 b20a2d2b881b6b0894850cc97d4ff2bb
SHA1 c2740c7cc1abb613ca67c584790c6a0f0dcff27f
SHA256 40b95cf0a84813cdb7555af0ca2a2513e350aecc1120b12898df45fdc53ad8b4
SHA512 f5f7ff0fe457ec29b8a68ea4287ce863ae3a4d3225d324d524a299ab371121ecdfa5c7c3352e3f89edd309419cdd91263dc2f6327be8c9d2876388fbffd75b83

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_7DAD5545724AA2C98C55095F428499FB

MD5 29258a09988453a845fc1574beddd385
SHA1 ef746151098e2242b3bc7e40d40a65ae6e9b408a
SHA256 2ec6579a42d70e3805cd74c5ff8ef63f3e4fa1e4edc7567461aed06f73f05225
SHA512 41841d0a5fd6b4073f7e4b5cc1f1369ab4c08ad5b444385a9abac201e4acc6c88afa2aa8db240610b56f4c0a1fe05308dc88548ab9fda9d3557e390231a6c70f

C:\Users\Admin\AppData\Local\Temp\TarCB3C.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\81B9B36F9ABC4DA631A4713EE66FAEC6_3127807E14AC026FFAE1EDED5FD0DA62

MD5 77e5b8940259d7af2b205c67f7b08ad2
SHA1 ee10f52ad6193c73c8b57452a1b059ebb4e688f6
SHA256 e5425105bbf14933cd91f1d0a6e95b35ae92c76c63acb6d1198983d7f4aa0155
SHA512 9c1ebf306fcf7d95a8ad213f39b16cdac0f839ea667fdeeec07fdbb74d3ab0ddc89a9d819b2d969e6ae0624ee27c299e4936e719806f63164aa16fa394bf9bb6

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Y57749Q6.txt

MD5 ac11f1d37781938c602b7e75b8c6c197
SHA1 b2ee5a280e74fc1cb7337fc5c60e93d3db43508b
SHA256 364961724a54edc560a12a2e24251958d3c2337e5d3e678ba42e0c06d12ac1fa
SHA512 b061b5c22c38261e7caab5ffd38b38f93a0acd981c3c041296be9c384fd2cd89e98ad88be1871db46cdbbf513e3c0cd3b8c62817ecd55aaeae059ad1b32ab440

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3

MD5 ffb66c88c2d6b84524ef78e5773beb92
SHA1 8599e701a2f1a942f0ac156e19c616434cd908c9
SHA256 b92d0d76ed25becc2aa4397afe84dc7e2770b24aeba463d6302c53d28f851e32
SHA512 281112f1ddb23ac2cbff946a1687ce6f1b6ea6e57e39d5f4e8b73f8a56cda57e7c608d5a4ad81b587193867e88843cbc67d7de01f378be0cd2514b20a51efc8f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3

MD5 76309ab3f5b2e6f53696167d025c0a4d
SHA1 5d0458779f0fc3ff8277a5a5bf579955dacc9a9b
SHA256 c7ec0ba4ce989a5d604609c4d5f7515ec28134c6ebdfd6948a78f4c402b6dca9
SHA512 012c93481e9ab0dcf1c687f2697de8c11b118e32d0e252d50bc639f0f162ca0207185c0c4ba717c7eecbf3a5ae638f5fa0eb06e644cc0140aba240018f2b9b77

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B

MD5 61ff8809c54f61d39d3a3b7775ee70e5
SHA1 7a6f6ed461041bd121338dad5c480d26a8c23e9c
SHA256 f0dca7754074176c7e68812a82bb70a36d3394c94314d486e4fc1b16741350b4
SHA512 c821150eeb89d6428d84144279f078f64bede58224f848973774c8308c733f0caa711c6f0a13bb1d6e121afd566a0d470e9b946d61401aa2adfc429e72cb3967

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B

MD5 658aef23fbb6fef67ffd3181581214b8
SHA1 aa38485abaf6e5077a78bcb75867878c41b8557b
SHA256 ff3b32580e25f540618f2b37ddfc9b919c6d28dff643386ce12c60aef6bb13ed
SHA512 5f9fc01b6ee5518952b7e954d77631e5dbb6f46c300a254f3f03ea3832761a599708cc317e6d8785697e9d677d198eae948ed678332554dd8d5ad7eb080decd7

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BT1FQ0AO\yandex[1].xml

MD5 3eea91e78d504064f8686cb94d1b98a9
SHA1 c87c5b50a47b61880c62a0ad934b42bd9a7543dd
SHA256 bf397977a05e83313dffdf8f90d402fb1955c7539f27ee2274224c1f092dbe0e
SHA512 fc532676cad5f909d6a54c38976d1d24b2c91bd820dc75e0a47acfd00f341d8407f76dddf4f068e1d640423617d2816e4567f12725eb113667e7ecdc6e1188c4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6f8ec4eb6dac122a86d50f30b343baff
SHA1 fe207f4642865423d588ab7d393916ccd315e1cd
SHA256 4e385c230c8afe859fa7f2de8df1f5e41555a68b7aad7cb2be9b8b674e02d6a0
SHA512 4dacd6cf0edfdfd69a0366f0e0163b91a9331bb68257c1790c0b41fa0f5a85dd0248cc8057326a9772d0de5bf2b0e8b84a033353e55ea8ee91eed0e120ecc124

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 bc57438c9433ae9c30543615f871bd2c
SHA1 fd85c484459d8a36babe48022ec8a42ded3a8a3a
SHA256 360638b96c818191e9007636aa1ecd1ef67709d3f0e02e52d876220ef308f25c
SHA512 7d65a00141e10ba288d49a098994963226e7b90aa057e8485f4b29f3f73b43e7e6472bbeb3e50c82134378b1349330e8e40c4ea39df163af06d5612145f3d7ee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 858dc9bc00c035111bff9ada2068245d
SHA1 aeeb3b3df4f539b561a2422e55d2ff497d3f7328
SHA256 fad1cf32c8ab2d4c2670d73a01b21702c712f9a85bc16a6ecf2fba044b7cd31e
SHA512 08485e4236ba6162f9518ea04ed24d1c04fff4135ec78ef32b2f2ec7fc49db131fc7f2b46bd0a3bf94e579d208bbaccc3584dbf69a588651872199c2af762725

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 93fa3c96c22bc446fb4d49a14c2d2414
SHA1 8c09180fc0e3501e3045bde698103a32efce099e
SHA256 0e1dd97aea86b09626af7c3e01e18ea686bf8231641609b29595a42d7cfe5f30
SHA512 88b1bf77c8ac347a96f3fa575a88f075332baf5e8bd8e62e4dc6f7cc13c1e042bfbf44c6f0fae61ee95df010674e8a029f588c390988c72eaf894b426541c07b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 326f3f9bd1106a875fc8e2f7da40abd1
SHA1 d4ee8875fdd1691755a87455a7023e0559ff9e27
SHA256 b4d8d99291889c0e2994918095622646cae15add4492884a4c7b442479909047
SHA512 ad0f8d808d0e539196ce1733db3e9dae43e844810df7a2d6568b84ccd0074cfe23916c4b1f48a8b997232372828211e783c09382185eaf04c2e88dd45714ae5f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\yiu0yt6\imagestore.dat

MD5 0f3ad1520e77eb2d30a6de97ab40c6a3
SHA1 e9343afb6e4e6e1262245b3afefd1121b6be0b70
SHA256 83a903f4bdc735b4bd7e19dfb3cd5f6addbf71acf295244f1fbe550ad9d5c567
SHA512 e24bf3feb7646f54e6f251af0947f3bc268abad33a41136647fc4cb2ce640e0236e7caf128cd96e160b4fbb7917b9eaf1017da7b1641c25f9f9f137e3dee569e

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F91VN88R\favicon[1].ico

MD5 5bd286ded38badeda66e9c395b814405
SHA1 49e2213a60c70825b9552505cb8b7334a3a29a40
SHA256 bdd8486f2d838c7d9b0e2dcfe732a52c92f63879525206c2662905a051dd31ea
SHA512 96bfc9211f0f1c1c375e49ebcfec9e85280bba64352a4936b95e15d5128e77e9b4d5ba60cbdd76f8e39ce7bf537e8c77fef218e0b24856f28fc34671fcbecd0f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 6b10aa54b69d0efbde04cb9f5b8783a7
SHA1 7d962e8696887eb8b41b9d4d7bf45ab22b001b40
SHA256 b73fd043ad66b782e1af9fce465c1373d026e72ebcbd30e2c3bb4b1d536d7045
SHA512 ef6a57d0769c95f28d16e261a35b9b82b4a2b64b7db218622837a3f976d4c755c5d32566829e6732717c1fe30d92b88cb51df1c8a986d5d9668a2a65743a5621

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3bd625ff03624c5e8a7fb50cba9a90e1
SHA1 3b63233d20e16dbf13fdd2e72b27a28a49976aba
SHA256 6ac04c439e2b10ab954a45e5abdfa2e85a60ae16c46a3d41a1fa78177ea2eefc
SHA512 9389a33b538c1fb0838e3f8552747171277f525b4e674c260edbdc31de6692274228f7ac40e37b77c7cea5956f60e12045bae6a4e266b9aa5b4784ebc392ab56

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5a3b2119bcb4be5a4c0be0db273c740b
SHA1 af829fc539327a0c015236693f53948967f79b13
SHA256 a59ea4562954dfe4080a4ae8849b64a90b19ad2a3d48952b84fb6f28d5eab5db
SHA512 2cb1c26d2a3a057031dd939ae566e1b0d1a6f906433f78d3f1f1613706458220c3ad6059e4bf9ffd8f0f2a52a6b60313acf6a6b794bf3214b26adae8fa25ffaf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ff19237e65d3ad95e961fffb4a7fac60
SHA1 cd159007c2b2f3f583498ccf50621598c52e0058
SHA256 a1d3957da227eb6073ac796e542a31adca8c93814623c0933a354f7626eb956e
SHA512 8e73a919719cdbf7561e9bb8baddb2646decb2419c1c4b02a12599410ab5e65f85bb2438984012f1093225f82a8c54bf44f9cefb4eea9ff1294ce79fb183111a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 119c90ff0b7664e139ef1ba43d222bcc
SHA1 3d5a165e0cd9ef999e2cb4d87d9dd46d9dac67bc
SHA256 38a5a3cece0d89cff544f2605c2f3752f3f2fb10f6dcd5df64a5964e4c4a7c1d
SHA512 6dc969f61c60caae267bf6bcfb459202e9b0fe882653a270c575fb28515ded83facf275afce78d9c85af68b2c3c8ced730e8f254f7d6c44361cc4e040cb6ac8c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a6244183af292a241727e80f9f4b784f
SHA1 32cb921371e09dccfc14215b735dd673842a4104
SHA256 5acb5fa8acafbff77ed2fc29ae9e53cb59fb1b15e4ee331050d2c3b150c5a9e1
SHA512 bd25614357814a7db93a2760cc67e926bc9d27eb2b784ad71e5c48426dad4afa59c3cfb03e993550f3b5f1469bee69f113cff1bcae242206776c851792d0b78c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5045a9700d07564eb9527c16a4a46f52
SHA1 5bb202382e1f66aec83436c16dbd1318b6975ae6
SHA256 dd8ea9df086c5a5a003b2e65fcf32b96b233d6c2fe20b2b5f5390083a7480de8
SHA512 c16810b43f22994ecb7066dfecda990b8b606d0abeddce61c906c25fef89c46bdc28e4333bb1b40d2c5c5db780213e16d9336d5289da9ebdff7d1acc71b61c3c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4878af11924f22f59f8665ff3643def3
SHA1 730a735e4144f7e163e73b662eb35b70a33a291e
SHA256 b660082f49c2fbaf3525e518e3c8ba68b31f9419bf091aa649558ff3bbacd37e
SHA512 79d4b6e420b9370b22104d59138768956a1cbea1c18b29c3c94c459f3f04952a0783a6a7eb3ec4944be3d15557789b7b961b97eeefd90bd317d59080eac0c0e8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7d6580f9e7bc15fafbc35693b25ea792
SHA1 053bf897c4d0b9344c8b8f44ed67aac1471dda27
SHA256 bbf10db43e683abe83deeda8eda6f7fd097aa4d29c835fb5eddf522351dd73e9
SHA512 042bb06e983b6c197535d79ef6e23208461d7b202015e17409ce90754e792073e32d196a427fdbe8b542d572aa097aa99caf3512dc92d1ee9f28c903681782ed

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\4EKMS3ZO.txt

MD5 b10282100b6755c2dab122c5f2ed7021
SHA1 a38091ed8254e77afa3b98439bd71b9f6a23ba53
SHA256 3c1b7dda99320549c79e184d99cb29966606cf2b10036a44b60259576fc827b3
SHA512 cd3dc8b6a110f23575ebae8c9521ebaac66b387ea8a69f63d26b6ce965133c1d6a1f15808f35d4b60677666a1c427b42aa92568e5464de6babe7cf8843b7031b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6be472d20dc6b1d294f3970afbe382a8
SHA1 b69bfef762d0be35a223fb5b825434ed23348b5c
SHA256 4f6a132a4d4e882f8919ebe297768bcfec31af4351cfb72d54066e28ddad0b05
SHA512 ee57ab243ab5b856b5604762fe44dac2fc4c736dbc4d1acca3372284942fe5ee886447518b9b05234a36c9b7da272b8735345edadada0923fdd7552e7a14ede2

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 f2219739e1b6f128271a22063ec4f927
SHA1 cc1882d714b95ccee571d9f401f7e42f0ec87429
SHA256 44306172e18980b18e7cc8979644f819218ed22165b11d7ba3606da42a840f5d
SHA512 dd30e34e177728ee3546b3eb66a9755e159fc20796150b73cb98bd0e415b4b3ae97e7e3e37256467ae7eeb0fbfd82e96de302dcbc165d3a8fc8f38cd82aa41a8

C:\Users\Admin\AppData\Local\Temp\website.ico

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\setup.exe

MD5 5fdeff4b89456b836f351443aa9b3d5b
SHA1 7112f415950c45877265f98aa8388e8093d4abcd
SHA256 7dab48f2004dd9481294d59caccd8573a6e28c1c42b6d7a354dcd3e79f9c7f2a
SHA512 35962b165c4604d3262bdc564e03d791df6175bc4825ab60237c17b7b9f67a4db190ba3f410829c4112a67b6fedf7049e5c5ad3c6f6d41f01a0d3b5c2a0e8346

C:\Users\Admin\AppData\Local\Temp\master_preferences

MD5 3586905f5e3af3c5d82e582cf7bb408a
SHA1 d9455549aaf38e06ebaef9a8871ea1f5bf7e6d86
SHA256 f119b58c9b8935652a9bc476f507defad189bb67c785c4504276e7e5e353cc8e
SHA512 17336dc37891544ac55199d0e4bb9241598d4e28736c91f1f843a1abb06de40dff90ec7cca55ff1e3c5ec366045e18002d71b022025ea91a64a70690fecd8167

C:\Users\Admin\AppData\Local\Temp\yandex_browser_installer.log

MD5 cacd2108c57d4075934d56bb1714c120
SHA1 96631a728e14afbc284f2441759120a7cb9ac9ca
SHA256 4d70885d19145807183a49ed92c907bb2bea42ad4737407487660529607af630
SHA512 1656e1fbf90338abe4503cfee355d30ad998c9cb48c93ae76b1305fbfd27fcb1e2333be911e60d224c6f240c2a262ce5b739938ebd6331c4ab0249551f2c359d

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad\settings.dat

MD5 ef0b47ed0ec7cc66fe22062bf7f7000b
SHA1 248ae96e4b6cb1eb601bc4812eada1c9dc6f0a16
SHA256 ab4ea69ce0694e328c6e0f9024ed4bdfdb0dabd2e53bcf9a98ba7fc39a43ded7
SHA512 4eedd2413fa88b41b68792564d89fe05437d156a4c508f7953a8e2b8f142e795f820d9d7dc11209e42e80805305c341e1d88a45729b13835bd762ed6c80d5226

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 ac8f6d8e23628031cd3252358cc171c0
SHA1 5b428925dc1d56965b8431459bf7b585f22afe46
SHA256 d8236ad8f6f83872c22641044d1d4c4f8b13314c4affa6237973aa8506cae29c
SHA512 48231b05c1a24a865894785cbbaa10c1c0011538f8f7ac648b52bc3bea7aff6f9ea1c777a5197497239c004f3681d1dfdf583a19064247e72e6d501eef160002

C:\Users\Admin\AppData\Local\Temp\distrib_info

MD5 dfa737ac9665c5c43bbd35ccd020488a
SHA1 5d5c9e3c877355fe41157d2058395ada293ad1f0
SHA256 ce44a2717e329671135391d477c95ccd325e7f401478fb566048d45393cf2282
SHA512 2eac61fc87abcd6c692531ee8fcdedfc8db9e87b7c5032d1b5fb60ef8f0f431974719520aeb2c13525cca66ef2a63845ff576fefd27534c2ec6de1aeb106b028

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\349D186F1CB5682FA0194D4F3754EF36_329286CE101A90C7D927A9DF52224760

MD5 411d69cbd600b304ea54559c84249c0e
SHA1 65d54ffa07beb3a1268dec6697668d5159091972
SHA256 09d3b7d0b905eafffbd3cf78cd38cc365a343976ef182d05eb2c06892c1e5d61
SHA512 b1122470614a58ff4f0bc6eb6e4aa4a876ac92e87eb24b580bd2edd31a7e4a8f7d32ba0da24c8bd08177e47878cbec38460a411180fd12da884d741ca252ecd3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\349D186F1CB5682FA0194D4F3754EF36_329286CE101A90C7D927A9DF52224760

MD5 23aa02cb25d6a535f578584f2318ca22
SHA1 3e10a03b8fd5f0ed39ae128304d25f9fdb00d705
SHA256 2f896753a7e1998fb490b7f43d58e9cf3e53d480c2214f25b94a47c3b1d38f37
SHA512 085a57744b445413951103bc815c4cb9530ca498b3bd6f99e092e1cd9fa5f035e102499819cb0b6f40bbfd72e025855e6aa3bc5f6c8b0941e266a9d1ce3254a5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e0ed7c56d6433885813461c5d7d08f41
SHA1 023f8ea929ce701dc7d74fbefff5584510f98d42
SHA256 9acb754ba7e562e7d8ba9ccd8560b5506d6e4cdf2ea9d40e8d60d1cecf3cceae
SHA512 8fd197700906a8b1e2336a96ae83edc13dca112d03fc3fba2e82416004666891bf845e3472f305f314053d722f70cf3fdae51164118be0e8f721855b073b0cc3

C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\BRAND_COMMON

MD5 8fb3d5252fd262cf808f6f0359998b0a
SHA1 cdb8072dfe898c72c15c2c381349ccf7f2d4d440
SHA256 7ad5104dd8c35ebbc06c56fc6a2cc3f8cf7391ab2e97c8c9d9b3de1d8ab4a5c9
SHA512 57f1b72e210aaa880cdcd04eb1cdadf13dfe373c50a0d98346e64ad93521da43a5b71b068fa3ccadddb03a6e97084b7d25cbb94fcf9c3dea1904bde0c2396bf1

C:\Users\Admin\AppData\Local\Temp\YB_B17B7.tmp\brand_int

MD5 3e499ac6cab5c37d47c0ce7079be9408
SHA1 bc28c35a5feff7ed7061f36addf1b9bb439bf0b3
SHA256 7c69e77970d70ab50c45e70a20b67e4d3c03123b384e723cf2cd515062d22613
SHA512 16e08366a863f3730b880df0f4f34789638a67cfe26e295a8f834594f2ff67bcbdba0cb65b8a316009cd0408c9742c17f13d6a5257e3a7bd5245e5b5549d9fee

\Windows\Temp\scoped_dir2700_97829645\temp\service_update.exe

MD5 ecc2447cad674a68a24f76772cb51dbe
SHA1 6928b8b96cb7a1fa8dc8a8bacef8ab6163a15af9
SHA256 2d6ea9290d3676dbeb61bfd94aced56025cc2e357626ef58854b8be4ae4abce9
SHA512 3edc14b1efe6fa1b36c77e3e70faeeec7eec58e2f4ba9c6ff0c4ec772d3ebcee26ac1d0be76502416be82638a5ba78b81eec552ffad9be5d1d3ad8a90743fbee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B0B1E3C3B1330A269DBEE4BA6313E7B4

MD5 2ffbdb98df2a2b022a48adeb94a3af50
SHA1 6c86923b5c5832bb102f041cb7d38db397074f12
SHA256 dd12c5733bc4b682e1da6353c8c27650f53d11a8ada8fd8a2d06f23cecae5ebd
SHA512 a5f29661ac78ea205dd945fcc53e015152277426af4bcce688231ca1a564dc49144b2953409651737733fec72e9042468c780917543c007d7de74ed44058dbfb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B0B1E3C3B1330A269DBEE4BA6313E7B4

MD5 4f1be417b1b0a30cb74c89b1f2b73ec1
SHA1 87286221a3da94d5147c58e02518302cb3e8538a
SHA256 cfc6b08f8f38730a520e1808eab6ca81d9272e6a0af6ae92d67fb6d355552290
SHA512 3238c87202c69ccf9e62216971e3f59ac9ea85d9f25336982a8336c61a345052ba7972b8651cca94484671a032e95f3fd411c759045eaa7105c30f49cc243ce1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DDA81A73291E20E6ACF6CACA76D5C942_2A2080AC7EEFAA81BA7361978F5743B9

MD5 5bfa51f3a417b98e7443eca90fc94703
SHA1 8c015d80b8a23f780bdd215dc842b0f5551f63bd
SHA256 bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128
SHA512 4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DDA81A73291E20E6ACF6CACA76D5C942_2A2080AC7EEFAA81BA7361978F5743B9

MD5 2d30e5a72a9c7c2264fcd6fc014c1011
SHA1 4cec8d0367f867c9105d2a5cd4c06491089fce7c
SHA256 168fd397c35dc57dff43546e6509d6beee5833383f489cb4edd8ca36350a3143
SHA512 6150fdc0db8025dabd55b69eb58fb65c2f29b3c960c55ec2a9b4c7489fd020a5d29cd5b766008bbea74ad8201fcd4d0c383fb06c8ed7e3b3d2bc289518e5a21f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_A026C9CD7BA14377D055F4A2325D4501

MD5 f2ed94ae89ed3fedcd41c5d3d653dfe8
SHA1 75e525bd684db06745dcaa8eff4d83fe46412dfe
SHA256 1420bdc652461d30aec865b2cb7b91cb511edb3c7821b1c85e31db249774f5ad
SHA512 50d45859a40cb825a746d66ca3f7cd34eabf5747d088563085fe83d6be44c912dac2ff1a3a030d1ae86015e17a95f0ee55a206bfa24326a6f391b7ef76a0a85a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_A026C9CD7BA14377D055F4A2325D4501

MD5 5d0fc47d4897296de5feee77ddadac1b
SHA1 b7eb783f6591e463348fffdca1795a462e1f9644
SHA256 91a45efeed5a29e3c19393cb1c1d192839ed509ec0b7a1a4827faada4d4ccabd
SHA512 d26a90958e9250c23de6fe1a491a65823947fd27b240c03646f153f0a1ee230d48c1306f6a200a59364b1f52662ab4e1a560cf457c2feaeebcf1b0204b9ca577

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FC68FB72D4FBC7E0F151BC2282D75E47_367FA2447481C3DB640CE44BE2E5A181

MD5 a56f87439c003ed92a7cd449ecd15053
SHA1 5645926a0015cf74d22570d5933c57494e27be58
SHA256 51b876e104a5e6a36baa572f69c1fa3379127c42cf47d8cb34866b7f4850f5f2
SHA512 5399a1d38f15371424de9b62aa1feeaa32a52a8cab78c4522d7be371a80fabba67bcfe7daeb78e60c1165aa85386ad320eb43754c85620b6574ceef27d4c8af7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FC68FB72D4FBC7E0F151BC2282D75E47_367FA2447481C3DB640CE44BE2E5A181

MD5 4694142b5d8bb052b903b806f3d01fca
SHA1 2805b21299405723b71a659547644a9006f428cf
SHA256 d56482d34a76e4a1382362f92db2802eadfbd07605514523642c15ff82af8bcc
SHA512 07add85213fc0acab278b7c1090042dcd54ed233ce733cff69acca44b81938a7de515237c1f35e54491a4954291fc9aa2216cec9b8e3600f08627dc719859bca

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\42B9A473B4DAF01285A36B4D3C7B1662_38924EDF39D8802D6946FB22E5DD0835

MD5 22ff46d9675ed452a5f9e2219f577d9b
SHA1 0020b3133a7da9ab0bdf0b5f498f09abe98f7417
SHA256 d959ae44f0ac220cdc7dbe8dff98307891368a6f2e64e5bfb6cc7136cef66822
SHA512 786bf71e3217c6374e1fbcdc2c86a2bf8669d39beae7ebaf9236ef17cb2053fa8efe0212018ba0cef6a7325412bd854b2b424cd34f0bc359aaacc2dcf0a7c864

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\42B9A473B4DAF01285A36B4D3C7B1662_38924EDF39D8802D6946FB22E5DD0835

MD5 d965d23fc4650412e7376e13bacd47c8
SHA1 5dcc327db3df937f4461bb4b59e6b8c1540ab2d2
SHA256 6055e8b820cc99d3f983c19646c320f3cc5294592b6bb73a2a9fd455108780aa
SHA512 27356dc8b9f47e3f71099c8a23a0a19de8c044b714504654badf4e5266b73c51660049f8d73dc93d937ff299076c6bfc691a28b29f6a9a74cbf726407e34aafe

C:\ProgramData\Yandex\YandexBrowser\service_update.log

MD5 3db3ade98ef1e949dcf0ee4bc73e2845
SHA1 a08f234dfa8325bf6e37a113a04654ee01867409
SHA256 cca344c147edce01cd3b9641a42d1246e2473149539cb5947bfb72bb657fce53
SHA512 1213d6b0526318d615cb242c19846a50ebb4e818f2c21e1cf8f8f79defc71bda8674567c8e6a997c0947f9f6cfcd37a5ac8d1be7fb08ed5470c955c7d1b2de5f

C:\ProgramData\Yandex\YandexBrowser\service_update.log

MD5 bf8fef7f1ac643431bcdd18f5f5109c6
SHA1 6628a22cac26bdd7cfdab0e883cfeed28cb4c80d
SHA256 8bea253e625c84b34476468db1c14ea04e51c320c913a064d1ade06e8d479b7e
SHA512 5122d23b5b828ef133a2988779d95de0ec9548fce38621685fd0b7958499a25c72b952937312f91787aa9479d197ddababe6ed2980e5a870858e0fe3996bd9eb

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\brand_config

MD5 f88326bf75f9377d75dc3b34df88b59d
SHA1 f4eec740fe217e0743dc8b4f478d881550f8e12b
SHA256 778033d4ad9e66340c0bd06770e6d673d76d83d1cc3e9abe52d98ad4276585cf
SHA512 9aeb77c703d3d2e1bf4575c94585109d62c7d51fa07b3192af23b861069b65c28baff67c096b94b1620dfb80777e42cfdf9cae891a7d664fbe895abd7ece4791

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\tablo_PT_

MD5 cbfc45587ec6c290e2d7382fb125bb06
SHA1 5b02fcc706a9f3a35a5d74927bbfa717ad6836d0
SHA256 320a0b330e0a40d1a5c74221bd3e4b1efdd9a1c353cb07a73d88399c2a991208
SHA512 fb22df834a02a9df01bb479cf28437641455c113d84166672a15a76bcb977bf5deb230cbb21c99730ac883545e7f457cdab048c278cc2802b11568d4fdfaa1a3

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\sea_static.jpg

MD5 5e1d673daa7286af82eb4946047fe465
SHA1 02370e69f2a43562f367aa543e23c2750df3f001
SHA256 1605169330d8052d726500a2605da63b30613ac743a7fbfb04e503a4056c4e8a
SHA512 03f4abc1eb45a66ff3dcbb5618307867a85f7c5d941444c2c1e83163752d4863c5fc06a92831b88c66435e689cdfccdc226472be3fdef6d9cb921871156a0828

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\sea_preview.jpg

MD5 53ba159f3391558f90f88816c34eacc3
SHA1 0669f66168a43f35c2c6a686ce1415508318574d
SHA256 f60c331f1336b891a44aeff7cc3429c5c6014007028ad81cca53441c5c6b293e
SHA512 94c82f78df95061bcfa5a3c7b6b7bf0b9fb90e33ea3e034f4620836309fb915186da929b0c38aa3d835e60ea632fafd683623f44c41e72a879baf19de9561179

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\tablo_ES_

MD5 a2ab187fa748a38db8b6736269f64972
SHA1 5e2e542d1e3fc32b3677b0aab5efa32a245d0311
SHA256 dc67a1ba4e945e0c8188112ce3ecb9c32d39d77d992ce801a2ac9f500191a4be
SHA512 5f295f3f7e61b6f206f70d776faeb78df337d3e2ef79212cd4af163eef31b7479b438749dc594374f5956048239513992c3763b6f3f5ac68bed5412a2f877797

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\configs\all_zip

MD5 c9ac75ad5c047a40d4553130b013d891
SHA1 e6239762e63030317343a25368ba1c79a6c16bdf
SHA256 afd8d61655f0411c32e70823f917c10230f2cf4688d6334e72989ab99f72d1b6
SHA512 16a7f6396d9b5a099b6e5b032652d54a87120d87c584cf57d63d203ad1ec85f5199ae85a1589a4f193b456205e3d8b64c320093f3aee3d495b4fe424f0fa5f40

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

MD5 25b5d707792b12afcb8513be382ea6cb
SHA1 edd9c3959cfc870b3df4b4e0e9e7164d1699c430
SHA256 b91574003d8d139ee29c494308f654bf9718f66966c549980d6770955c6a2b1d
SHA512 236fb96e80e3d6f54e204fa75d5772b2892e9d355f0aaddcbffa543dff80ba01d76ea7907ad496ec7754daca7420e4623b68edc8f08d5ceac6ddbc01a7de4c93

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex.lnk

MD5 7bd6ae1f87023e817ea64f6f1e78e125
SHA1 72938ec5db5ecc847ae10959b1522aee39f04b49
SHA256 c125cbab38741d0e838a7ab7e7f681dd60ffa7c51dc17a8530e51ad23fddbbbd
SHA512 07309e3bb73980308bdcdade8ca71d49892df770079ec777484add1f21e0183ae0c30b40a9422d6a2e4661d939b5e92c0a04126cfda0e9f0524b71e62cc1c885

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe

MD5 86b97526f262ecf87ed7ecd6c7eb4218
SHA1 d009c56e5fdadb73975c253a14616098dc8d243d
SHA256 33919f6b6975431c22a06c41c32e5f7092860958c68e453eaff9781bb6ab274a
SHA512 dcfa8730ff4da19ecdf72507f36fac86f47c6133a13499605de9a70e8533da1984ff7f5800dc9a597c27b4649f237203f5400e344e22d3b3eb98e2d63f34f20f

memory/2700-2224-0x0000000000F10000-0x0000000000F12000-memory.dmp

memory/2828-2337-0x0000000000ED0000-0x0000000000ED1000-memory.dmp

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Platform Notifications\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Wallpapers\store\video-13374364614749300

MD5 b78f2fd03c421aa82b630e86e4619321
SHA1 0d07bfbaa80b9555e6eaa9f301395c5db99dde25
SHA256 05e7170852a344e2f3288fc3b74c84012c3d51fb7ad7d25a15e71b2b574bfd56
SHA512 404fb2b76e5b549cbcba0a8cf744b750068cbd8d0f9f6959c4f883b35bcaa92d46b0df454719ca1cef22f5924d1243ba2a677b2f86a239d20bfad5365dc08650

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Wallpapers\store\picture-13374364614749300

MD5 c51eed480a92977f001a459aa554595a
SHA1 0862f95662cff73b8b57738dfaca7c61de579125
SHA256 713c9e03aac760a11e51b833d7e1c9013759990b9b458363a856fd29ea108eec
SHA512 6f896c5f7f05524d05f90dc45914478a2f7509ea79114f240396791f658e2f7070e783fab6ac284327361dc2a48c5918b9f1c969b90795ceacce2c5c5bfa56ca

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Wallpapers\store\preview-13374364614749300

MD5 1edab3f1f952372eb1e3b8b1ea5fd0cf
SHA1 aeb7edc3503585512c9843481362dca079ac7e4a
SHA256 649c55ccc096cc37dfe534f992b1c7bda68da589258611924d3f6172d0680212
SHA512 ecd9609fbf821239ddcbdc18ef69dade6e32efd10c383d79e0db39389fa890a5c2c6db430a01b49a44d5fa185f8197dbbde2e1e946f12a1f97a8c118634c0c34

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Platform Notifications\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

MD5 5798349a6ae3ff86ad5e199a6285cc35
SHA1 eb056a76b1ceb6d1325a9230899c5cd943beb613
SHA256 4261ba4cae8502dc0f3dcbe13c9cb958d2fdc15e1a81e30577ec35f7a06d0c95
SHA512 7bd79b5b7aad9b16db295b9f0aa227f85d1ab8eb5efc2aa26ca55c02e7b1b55d9320d93368adc5e0d62aeb6439219c091e0c52dc1b58f89821a6d906ff060b41

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Yandex Profile.ico

MD5 4d4b657a4d0b9703e41b3e14991c5f6f
SHA1 65858616de1ec60bba42d2afc307cec3d6da232c
SHA256 a0b1ad95ddf3645510625d1f6da088b1d78ad2fd3d19aa1550dcac7e8e4ccf1e
SHA512 10b753ca1898a8c5ca162feb1f58e9c90d17a2cca47b6a70c555d7e7a1188e331e339a2177f83e8211e742a0a2e680b0d86e0f2ee2fb17c8914fb1d6c6b3cd92

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

MD5 f8b4d44734ed867273fa62a727fb4b84
SHA1 a23dc4fa8216f62e7d5896072f73258fd4972b21
SHA256 896bd057b4ef5b3174e90f8c6215e10d08356a9eee473bd2368403683e8d66de
SHA512 6f3ac279c93903c1c99ffd01102a484cd090c0278440919c32ed9347602838ae5659ccc020a8b9389b684fead74ff4730f43f3ec819c9f18daea897b1634eb32

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\e6ee7df3-b6a9-4a0d-96c8-b4edbf62ad0f.tmp

MD5 13d0ffe9550d8c8ebbaa23d8f005dc97
SHA1 6a8b81187e58ebfb64cd30722059b09ee9979ded
SHA256 ce961290d9df1639a5ea85626fcd258ae0dacfe78b97bb0f7d7578b20cce73e2
SHA512 b5caa02e0e401d4fd2b5f67c3fa656451e1c87f45d53579135df07f609313a0c87c80190bbc4c1d62e87f91cc537ea4010ae913705128abcf265f92f1a33b6c0

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\b3706796-a828-4243-a231-a2cc533db540\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\b3706796-a828-4243-a231-a2cc533db540\index-dir\todelete_12f54f55ece8257c

MD5 388f81493adc0e4e31bbd43d35209754
SHA1 a29abcee688fb655c4eedcc0d174d6fbbe030359
SHA256 9afa21b110da0bf62b3cce2175e6cc0e0dea8b85a33a0769c830c4b2d40cf56e
SHA512 09a21fdea67ce61b094882a1ccad8d9158ef391537eaa40ae4c2875e902affdd99e68148a72ca1474d77a79c01c67e8deb1bc0c57aad736746ba76efe4a8529a

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\15ac6d05-c91f-4188-9a9c-6ed3ef07e103.tmp

MD5 d8bcd807c2b995dc65c7c5bc196c4d9b
SHA1 191e276badf3644fad7e6601ff9e346e6dda547e
SHA256 b9360831ee214b09e3256d45241d0961212fd5daf599e2a33f04e48446fa10a7
SHA512 3670f2c05bc6901d5b5938c73b4af7b7ede73e74e7845656bc7c013e6e7f3617a2fe48229f9145785f3d55e29d587bcb434cfbc429db07bbe454f26b9dd33977

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\e3f387ad-b357-48fd-82b7-8923807df190.tmp

MD5 b6f86495f7a8023a76f423f3b959ccc3
SHA1 c2208c9dc1ba66e7d0d67d14ae1fffdf8fee727e
SHA256 4328381d1845742ab12b4773cc36fb30604b1efee1a4a5730aeb1f981ffe9128
SHA512 7686427f1d13cf48efb6585ef2016dd34d4d11bb08cd43595542f573aa91946c002e541a3ed1dbb4bb4eae92afd4228323bf442d9831cf04fb5add55830a3ff1

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\GrShaderCache\GPUCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\GrShaderCache\GPUCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\GrShaderCache\GPUCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Local State

MD5 34e48062d420ffb1cbe866c858f16bae
SHA1 6bff1f153436633ab17919aa5888e43b28e00ee9
SHA256 708a10212eb62dc7aa7fc931fadd3e8fb993024d5f1a77aff80297307f8d3b81
SHA512 b7b69a2380b0cfde500263c2d7c2d9be34523a07db8b35cb7b847833607a36e6c35ff042e199fb506ed246f6da485395bbe6cfd1ef7c398a2dd6747d70e46301

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

MD5 53a7b546410a75f1fce16662734a9086
SHA1 69358fdf02f4b8e58dba97223402f32c3c03bb87
SHA256 6b7c21586034520101c83ca355861953d40c06cb40464209c86b3f7a3d34d893
SHA512 c8b8771fa8c4e7d12809245a4814cfffcb42a4a6c686d02f8a069b361dcda3035bcf6e8d872921101bfb83f9e2c94b08c5663f1149c96799131f3f7d7099a41e

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-25 21:14

Reported

2024-10-25 21:17

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

159s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ac2e8963f3ea0e4bd612078f555ec1888e8ed2118b63a4091a162d341fcafbde.exe"

Signatures

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\YB_EA3E5.tmp\Temp\scoped_dir5888_583590490\explorer.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Windows\TEMP\sdwra_5888_351831887\service_update.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ac2e8963f3ea0e4bd612078f555ec1888e8ed2118b63a4091a162d341fcafbde.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\YB_EA3E5.tmp\setup.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\ybB5A4.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_EA3E5.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_EA3E5.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_EA3E5.tmp\setup.exe N/A
N/A N/A C:\Windows\TEMP\sdwra_5888_351831887\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_EA3E5.tmp\Temp\scoped_dir5888_583590490\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_EA3E5.tmp\Temp\scoped_dir5888_583590490\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\Installer\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\Installer\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\YandexBrowserAutoLaunch_45886AE68CD319C7351FF54A1DBD4B87 = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --shutdown-if-not-closed-by-system-restart" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Checks installed software on the system

discovery

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A yandex.com N/A N/A
N/A yandex.com N/A N/A

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\system32\config\systemprofile\AppData\Roaming\Yandex\ui C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\yandex_browser_installer.log C:\Users\Admin\AppData\Local\Temp\YB_EA3E5.tmp\setup.exe N/A
File created C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe C:\Windows\TEMP\sdwra_5888_351831887\service_update.exe N/A
File opened for modification C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe C:\Windows\TEMP\sdwra_5888_351831887\service_update.exe N/A
File opened for modification C:\Program Files\yandex_browser_installer.log C:\Users\Admin\AppData\Local\Temp\YB_EA3E5.tmp\Temp\scoped_dir5888_583590490\explorer.exe N/A
File opened for modification C:\Program Files\yandex_browser_installer.log C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\Installer\setup.exe N/A
File opened for modification C:\Program Files\yandex_browser_installer.log C:\Users\Admin\AppData\Local\Temp\YB_EA3E5.tmp\setup.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\System update for Yandex Browser.job C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe N/A
File created C:\Windows\Tasks\Update for Yandex Browser.job C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe N/A
File created C:\Windows\Tasks\Repairing Yandex Browser update service.job C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe N/A
File opened for modification C:\Windows\Tasks\Update for Yandex Browser.job C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ac2e8963f3ea0e4bd612078f555ec1888e8ed2118b63a4091a162d341fcafbde.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ac2e8963f3ea0e4bd612078f555ec1888e8ed2118b63a4091a162d341fcafbde.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\AppDataLow\Yandex C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\AppDataLow C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\AppDataLow\Yandex\UICreated_SYSTEM = "1" C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexHTML.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\shell C:\Users\Admin\AppData\Local\Temp\YB_EA3E5.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexTXT.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\ = "Yandex Browser TXT Document" C:\Users\Admin\AppData\Local\Temp\YB_EA3E5.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexSWF.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\Application\AppUserModelId = "Yandex.Z7U7QVUCLRRNYFIB2IBUGKKOQQ" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexTXT.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\Application\ApplicationName = "Yandex" C:\Users\Admin\AppData\Local\Temp\YB_EA3E5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexEPUB.Z7U7QVUCLRRNYFIB2IBUGKKOQQ C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexSVG.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\Application C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexINFE.Z7U7QVUCLRRNYFIB2IBUGKKOQQ C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexSVG.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\Application\ApplicationDescription = "Yandex\u00a0Browser is a fast and convenient software for working online and viewing web pages." C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\.fb2 C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\.txt C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexINFE.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\Application\AppUserModelId = "Yandex.Z7U7QVUCLRRNYFIB2IBUGKKOQQ" C:\Users\Admin\AppData\Local\Temp\YB_EA3E5.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexHTML.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\ = "Yandex Browser HTML Document" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexHTML.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\Application\ApplicationCompany = "Yandex" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexEPUB.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\Application\ApplicationName = "Yandex" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexWEBP.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\Application\ApplicationIcon = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,0" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexPDF.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\Application\ApplicationName = "Yandex" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\.png C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\.xhtml\OpenWithProgids C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexCSS.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-124" C:\Users\Admin\AppData\Local\Temp\YB_EA3E5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexWEBM.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\shell C:\Users\Admin\AppData\Local\Temp\YB_EA3E5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\.fb2 C:\Users\Admin\AppData\Local\Temp\YB_EA3E5.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexCSS.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-124" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexHTML.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-108" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexINFE.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\DefaultIcon C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexJPEG.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-109" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexHTML.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\Application C:\Users\Admin\AppData\Local\Temp\YB_EA3E5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexSVG.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\shell\open C:\Users\Admin\AppData\Local\Temp\YB_EA3E5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexCRX.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\shell C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexFB2.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\Application C:\Users\Admin\AppData\Local\Temp\YB_EA3E5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\.infected C:\Users\Admin\AppData\Local\Temp\YB_EA3E5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexEPUB.Z7U7QVUCLRRNYFIB2IBUGKKOQQ C:\Users\Admin\AppData\Local\Temp\YB_EA3E5.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexGIF.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-107" C:\Users\Admin\AppData\Local\Temp\YB_EA3E5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexWEBP.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\shell C:\Users\Admin\AppData\Local\Temp\YB_EA3E5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexSVG.Z7U7QVUCLRRNYFIB2IBUGKKOQQ C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexWEBP.Z7U7QVUCLRRNYFIB2IBUGKKOQQ C:\Users\Admin\AppData\Local\Temp\YB_EA3E5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\.pdf\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\YB_EA3E5.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexHTML.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\.gif\OpenWithProgids\YandexGIF.Z7U7QVUCLRRNYFIB2IBUGKKOQQ C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\.htm\OpenWithProgids\YandexHTML.Z7U7QVUCLRRNYFIB2IBUGKKOQQ C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexFB2.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\Application C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexJS.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\Application\AppUserModelId = "Yandex.Z7U7QVUCLRRNYFIB2IBUGKKOQQ" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexWEBM.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexCRX.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\Application\ApplicationIcon = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,0" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexEPUB.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\ = "Yandex Browser EPUB Document" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexEPUB.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\DefaultIcon C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexCSS.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\Application\ApplicationCompany = "Yandex" C:\Users\Admin\AppData\Local\Temp\YB_EA3E5.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexEPUB.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\Application\AppUserModelId = "Yandex.Z7U7QVUCLRRNYFIB2IBUGKKOQQ" C:\Users\Admin\AppData\Local\Temp\YB_EA3E5.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexSWF.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\Application\ApplicationName = "Yandex" C:\Users\Admin\AppData\Local\Temp\YB_EA3E5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexFB2.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\shell\open\command C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexSWF.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-118" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\.infected\OpenWithProgids\YandexINFE.Z7U7QVUCLRRNYFIB2IBUGKKOQQ C:\Users\Admin\AppData\Local\Temp\YB_EA3E5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\yabrowser\shell C:\Users\Admin\AppData\Local\Temp\YB_EA3E5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexEPUB.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\Application C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\.shtml C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexEPUB.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\shell\open\command C:\Users\Admin\AppData\Local\Temp\YB_EA3E5.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexXML.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\ = "Yandex Browser XML Document" C:\Users\Admin\AppData\Local\Temp\YB_EA3E5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\.tiff C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\.jpeg C:\Users\Admin\AppData\Local\Temp\YB_EA3E5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexHTML.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\shell\open\command C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexJS.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\Application\ApplicationName = "Yandex" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\yabrowser\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,0" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexPDF.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\ = "Yandex Browser PDF Document" C:\Users\Admin\AppData\Local\Temp\YB_EA3E5.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\.crx\OpenWithProgids\YandexCRX.Z7U7QVUCLRRNYFIB2IBUGKKOQQ C:\Users\Admin\AppData\Local\Temp\YB_EA3E5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\.jpg C:\Users\Admin\AppData\Local\Temp\YB_EA3E5.tmp\setup.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 5c000000010000000400000000100000190000000100000010000000ea6089055218053dd01e37e1d806eedf0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254830400000001000000100000001bfe69d191b71933a372a80fe155e5b52000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd C:\Users\Admin\AppData\Local\Temp\ac2e8963f3ea0e4bd612078f555ec1888e8ed2118b63a4091a162d341fcafbde.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 C:\Users\Admin\AppData\Local\Temp\YB_EA3E5.tmp\setup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 040000000100000010000000e94fb54871208c00df70f708ac47085b0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b81900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b4200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 C:\Users\Admin\AppData\Local\Temp\YB_EA3E5.tmp\setup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 1900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 C:\Users\Admin\AppData\Local\Temp\ac2e8963f3ea0e4bd612078f555ec1888e8ed2118b63a4091a162d341fcafbde.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 190000000100000010000000ea6089055218053dd01e37e1d806eedf0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254832000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd C:\Users\Admin\AppData\Local\Temp\ac2e8963f3ea0e4bd612078f555ec1888e8ed2118b63a4091a162d341fcafbde.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E C:\Users\Admin\AppData\Local\Temp\ac2e8963f3ea0e4bd612078f555ec1888e8ed2118b63a4091a162d341fcafbde.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd C:\Users\Admin\AppData\Local\Temp\ac2e8963f3ea0e4bd612078f555ec1888e8ed2118b63a4091a162d341fcafbde.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0400000001000000100000001bfe69d191b71933a372a80fe155e5b50f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e190000000100000010000000ea6089055218053dd01e37e1d806eedf2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd C:\Users\Admin\AppData\Local\Temp\ac2e8963f3ea0e4bd612078f555ec1888e8ed2118b63a4091a162d341fcafbde.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 5c0000000100000004000000001000001900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c040000000100000010000000e94fb54871208c00df70f708ac47085b200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 C:\Users\Admin\AppData\Local\Temp\YB_EA3E5.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 C:\Users\Admin\AppData\Local\Temp\ac2e8963f3ea0e4bd612078f555ec1888e8ed2118b63a4091a162d341fcafbde.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b8200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 C:\Users\Admin\AppData\Local\Temp\ac2e8963f3ea0e4bd612078f555ec1888e8ed2118b63a4091a162d341fcafbde.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\ac2e8963f3ea0e4bd612078f555ec1888e8ed2118b63a4091a162d341fcafbde.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_EA3E5.tmp\Temp\scoped_dir5888_583590490\explorer.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4424 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\ac2e8963f3ea0e4bd612078f555ec1888e8ed2118b63a4091a162d341fcafbde.exe C:\Users\Admin\AppData\Local\Temp\ac2e8963f3ea0e4bd612078f555ec1888e8ed2118b63a4091a162d341fcafbde.exe
PID 4424 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\ac2e8963f3ea0e4bd612078f555ec1888e8ed2118b63a4091a162d341fcafbde.exe C:\Users\Admin\AppData\Local\Temp\ac2e8963f3ea0e4bd612078f555ec1888e8ed2118b63a4091a162d341fcafbde.exe
PID 4424 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\ac2e8963f3ea0e4bd612078f555ec1888e8ed2118b63a4091a162d341fcafbde.exe C:\Users\Admin\AppData\Local\Temp\ac2e8963f3ea0e4bd612078f555ec1888e8ed2118b63a4091a162d341fcafbde.exe
PID 4424 wrote to memory of 3108 N/A C:\Users\Admin\AppData\Local\Temp\ac2e8963f3ea0e4bd612078f555ec1888e8ed2118b63a4091a162d341fcafbde.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 3108 N/A C:\Users\Admin\AppData\Local\Temp\ac2e8963f3ea0e4bd612078f555ec1888e8ed2118b63a4091a162d341fcafbde.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 4612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 4612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 4612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 4612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 4612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 4612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 4612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 4612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 4612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 4612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 4612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 4612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 4612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 4612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 4612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 4612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 4612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 4612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 4612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 4612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 4612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 4612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 4612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 4612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 4612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 4612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 4612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 4612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 4612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 4612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 4612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 4612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 4612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 4612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 4612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 4612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 4612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 4612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 4612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 4612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 2484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 2484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\ac2e8963f3ea0e4bd612078f555ec1888e8ed2118b63a4091a162d341fcafbde.exe

"C:\Users\Admin\AppData\Local\Temp\ac2e8963f3ea0e4bd612078f555ec1888e8ed2118b63a4091a162d341fcafbde.exe"

C:\Users\Admin\AppData\Local\Temp\ac2e8963f3ea0e4bd612078f555ec1888e8ed2118b63a4091a162d341fcafbde.exe

"C:\Users\Admin\AppData\Local\Temp\ac2e8963f3ea0e4bd612078f555ec1888e8ed2118b63a4091a162d341fcafbde.exe" --parent-installer-process-id=4424 --run-as-admin --setup-cmd-line="fake_browser_arc --abt-config-resource-file=\"C:\Users\Admin\AppData\Local\Temp\abt_config_resource\" --abt-update-path=\"C:\Users\Admin\AppData\Local\Temp\aa30f9b2-9271-4106-b916-7b319a6f8dd8.tmp\" --brand-name=int --browser-present=none --disableyapin --distr-info-file=\"C:\Users\Admin\AppData\Local\Temp\distrib_info\" --installer-brand-id=int --make-browser-default-after-import --ok-button-pressed-time=492312674 --progress-window=328256 --send-statistics --server-config-bundle-path=\"C:\Users\Admin\AppData\Local\Temp\aa550471-f0c6-4f69-9916-e98db229a3a0.tmp\" --testids=1114347 --variations-update-path=\"C:\Users\Admin\AppData\Local\Temp\f35fa58c-f611-401d-b1aa-aaa1864c2d8d.tmp\" --verbose-logging"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://yandex.com/legal/browser_agreement/?lang=en

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdef1d46f8,0x7ffdef1d4708,0x7ffdef1d4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,14804192603041103517,6434385149501894035,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,14804192603041103517,6434385149501894035,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,14804192603041103517,6434385149501894035,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14804192603041103517,6434385149501894035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14804192603041103517,6434385149501894035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14804192603041103517,6434385149501894035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3112 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,14804192603041103517,6434385149501894035,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5816 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,14804192603041103517,6434385149501894035,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5816 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14804192603041103517,6434385149501894035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14804192603041103517,6434385149501894035,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14804192603041103517,6434385149501894035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4264 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14804192603041103517,6434385149501894035,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\ybB5A4.tmp

"C:\Users\Admin\AppData\Local\Temp\ybB5A4.tmp" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\aa30f9b2-9271-4106-b916-7b319a6f8dd8.tmp" --brand-name=int --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --browser-present=none --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --disableyapin --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=68 --install-start-time-no-uac=494172061 --installer-brand-id=int --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --make-browser-default-after-import --ok-button-pressed-time=492312674 --progress-window=328256 --send-statistics --server-config-bundle-path="C:\Users\Admin\AppData\Local\Temp\aa550471-f0c6-4f69-9916-e98db229a3a0.tmp" --source=lite --testids=1114347 --variations-update-path="C:\Users\Admin\AppData\Local\Temp\f35fa58c-f611-401d-b1aa-aaa1864c2d8d.tmp" --verbose-logging

C:\Users\Admin\AppData\Local\Temp\YB_EA3E5.tmp\setup.exe

"C:\Users\Admin\AppData\Local\Temp\YB_EA3E5.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_EA3E5.tmp\BROWSER.PACKED.7Z" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\aa30f9b2-9271-4106-b916-7b319a6f8dd8.tmp" --brand-name=int --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --browser-present=none --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --disableyapin --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=68 --install-start-time-no-uac=494172061 --installer-brand-id=int --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --make-browser-default-after-import --ok-button-pressed-time=492312674 --progress-window=328256 --send-statistics --server-config-bundle-path="C:\Users\Admin\AppData\Local\Temp\aa550471-f0c6-4f69-9916-e98db229a3a0.tmp" --source=lite --testids=1114347 --variations-update-path="C:\Users\Admin\AppData\Local\Temp\f35fa58c-f611-401d-b1aa-aaa1864c2d8d.tmp" --verbose-logging

C:\Users\Admin\AppData\Local\Temp\YB_EA3E5.tmp\setup.exe

"C:\Users\Admin\AppData\Local\Temp\YB_EA3E5.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_EA3E5.tmp\BROWSER.PACKED.7Z" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\aa30f9b2-9271-4106-b916-7b319a6f8dd8.tmp" --brand-name=int --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --browser-present=none --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --disableyapin --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=68 --install-start-time-no-uac=494172061 --installer-brand-id=int --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --make-browser-default-after-import --ok-button-pressed-time=492312674 --progress-window=328256 --send-statistics --server-config-bundle-path="C:\Users\Admin\AppData\Local\Temp\aa550471-f0c6-4f69-9916-e98db229a3a0.tmp" --source=lite --testids=1114347 --variations-update-path="C:\Users\Admin\AppData\Local\Temp\f35fa58c-f611-401d-b1aa-aaa1864c2d8d.tmp" --verbose-logging --verbose-logging --run-as-admin --target-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application" --child-setup-process --restart-as-admin-time=560242020

C:\Users\Admin\AppData\Local\Temp\YB_EA3E5.tmp\setup.exe

C:\Users\Admin\AppData\Local\Temp\YB_EA3E5.tmp\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=488dca4c15f9a1d330ad312b391a804e --annotation=main_process_pid=5888 --annotation=plat=Win64 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.10.1.598 --initial-client-data=0x28c,0x290,0x294,0x268,0x298,0x7ff7e5b804b8,0x7ff7e5b804c4,0x7ff7e5b804d0

C:\Windows\TEMP\sdwra_5888_351831887\service_update.exe

"C:\Windows\TEMP\sdwra_5888_351831887\service_update.exe" --setup

C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe" --install

C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe" --run-as-service

C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=488dca4c15f9a1d330ad312b391a804e --annotation=main_process_pid=5648 --annotation=plat=Win64 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.10.1.598 --initial-client-data=0x20c,0x210,0x214,0x1ec,0x218,0x7ff7ff72caf8,0x7ff7ff72cb04,0x7ff7ff72cb10

C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe" --update-scheduler

C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe" --update-background-scheduler

C:\Users\Admin\AppData\Local\Temp\YB_EA3E5.tmp\Temp\scoped_dir5888_583590490\explorer.exe

"C:\Users\Admin\AppData\Local\Temp\YB_EA3E5.tmp\Temp\scoped_dir5888_583590490\explorer.exe" --pttw1="C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex.lnk"

C:\Users\Admin\AppData\Local\Temp\YB_EA3E5.tmp\Temp\scoped_dir5888_583590490\explorer.exe

C:\Users\Admin\AppData\Local\Temp\YB_EA3E5.tmp\Temp\scoped_dir5888_583590490\explorer.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=488dca4c15f9a1d330ad312b391a804e --annotation=main_process_pid=5564 --annotation=plat=Win64 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.10.1.598 --initial-client-data=0x28c,0x290,0x294,0x268,0x298,0x7ff7acc104b8,0x7ff7acc104c4,0x7ff7acc104d0

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Temp\clids.xml"

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\source5888_2061385510\Browser-bin\clids_yandex.xml"

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --progress-window=328256 --ok-button-pressed-time=492312674 --install-start-time-no-uac=494172061

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id= --annotation=main_process_pid=6088 --annotation=metrics_client_id=0802de459b1d4d69b35482d5053c178a --annotation=plat=Win64 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.10.1.598 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ffdeab8ef88,0x7ffdeab8ef94,0x7ffdeab8efa0

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=5DBBBF7E-4E81-491E-ABFE-C75C06D52638 --brand-id=int --gpu-preferences=UAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --gpu-process-kind=sandboxed --field-trial-handle=2440,i,3629609464584658070,15873417881824430150,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2436 /prefetch:2

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=5DBBBF7E-4E81-491E-ABFE-C75C06D52638 --brand-id=int --gpu-preferences=UAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=disabled --gpu-process-kind=trampoline --field-trial-handle=2160,i,3629609464584658070,15873417881824430150,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3512 /prefetch:6

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-id=5DBBBF7E-4E81-491E-ABFE-C75C06D52638 --brand-id=int --process-name="Network Service" --field-trial-handle=2192,i,3629609464584658070,15873417881824430150,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3536 --brver=24.10.1.598 /prefetch:3

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-id=5DBBBF7E-4E81-491E-ABFE-C75C06D52638 --brand-id=int --process-name="Storage Service" --field-trial-handle=2704,i,3629609464584658070,15873417881824430150,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3644 --brver=24.10.1.598 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --user-id=5DBBBF7E-4E81-491E-ABFE-C75C06D52638 --brand-id=int --process-name="Audio Service" --field-trial-handle=3048,i,3629609464584658070,15873417881824430150,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3704 --brver=24.10.1.598 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=5DBBBF7E-4E81-491E-ABFE-C75C06D52638 --brand-id=int --extension-process --help-url=https://api.browser.yandex.com/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --allow-prefetch --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3076,i,3629609464584658070,15873417881824430150,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3848 /prefetch:2

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --user-id=5DBBBF7E-4E81-491E-ABFE-C75C06D52638 --brand-id=int --process-name="Video Capture" --field-trial-handle=3156,i,3629609464584658070,15873417881824430150,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3996 --brver=24.10.1.598 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --user-id=5DBBBF7E-4E81-491E-ABFE-C75C06D52638 --brand-id=int --process-name="Data Decoder Service" --field-trial-handle=3400,i,3629609464584658070,15873417881824430150,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4496 --brver=24.10.1.598 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=5DBBBF7E-4E81-491E-ABFE-C75C06D52638 --brand-id=int --help-url=https://api.browser.yandex.com/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --allow-prefetch --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4548,i,3629609464584658070,15873417881824430150,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4636 /prefetch:1

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --user-id=5DBBBF7E-4E81-491E-ABFE-C75C06D52638 --brand-id=int --process-name="Profile Importer" --field-trial-handle=4928,i,3629609464584658070,15873417881824430150,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4940 --brver=24.10.1.598 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\Installer\setup.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\Installer\setup.exe" --set-as-default-browser

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\Installer\setup.exe

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\Installer\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=488dca4c15f9a1d330ad312b391a804e --annotation=main_process_pid=6392 --annotation=plat=Win64 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.10.1.598 --initial-client-data=0x28c,0x290,0x294,0x268,0x298,0x7ff6308604b8,0x7ff6308604c4,0x7ff6308604d0

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=uwp_cookie_provider.mojom.UwpCookieProvider --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --user-id=5DBBBF7E-4E81-491E-ABFE-C75C06D52638 --brand-id=int --process-name=uwp_cookie_provider.mojom.UwpCookieProvider --field-trial-handle=5548,i,3629609464584658070,15873417881824430150,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5564 --brver=24.10.1.598 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=5DBBBF7E-4E81-491E-ABFE-C75C06D52638 --brand-id=int --help-url=https://api.browser.yandex.com/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5576,i,3629609464584658070,15873417881824430150,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5724 /prefetch:1

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=5DBBBF7E-4E81-491E-ABFE-C75C06D52638 --brand-id=int --help-url=https://api.browser.yandex.com/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4788,i,3629609464584658070,15873417881824430150,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5528 /prefetch:1

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=5DBBBF7E-4E81-491E-ABFE-C75C06D52638 --brand-id=int --help-url=https://api.browser.yandex.com/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3988,i,3629609464584658070,15873417881824430150,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3832 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,14804192603041103517,6434385149501894035,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3052 /prefetch:2

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --user-id=5DBBBF7E-4E81-491E-ABFE-C75C06D52638 --brand-id=int --process-name="Windows Utilities" --field-trial-handle=3832,i,3629609464584658070,15873417881824430150,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=6028 --brver=24.10.1.598 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --user-id=5DBBBF7E-4E81-491E-ABFE-C75C06D52638 --brand-id=int --process-name="Windows Utilities" --field-trial-handle=6024,i,3629609464584658070,15873417881824430150,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4176 --brver=24.10.1.598 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 download.cdn.yandex.net udp
US 8.8.8.8:53 api.browser.yandex.ru udp
US 8.8.8.8:53 api.browser.yandex.net udp
RU 213.180.193.234:443 api.browser.yandex.net tcp
RU 5.45.205.245:443 download.cdn.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp
US 8.8.8.8:53 cachev2-ams01.cdn.yandex.net udp
NL 5.45.247.51:443 cachev2-ams01.cdn.yandex.net tcp
US 8.8.8.8:53 234.193.180.213.in-addr.arpa udp
US 8.8.8.8:53 245.205.45.5.in-addr.arpa udp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
RU 213.180.193.234:443 api.browser.yandex.net tcp
US 8.8.8.8:53 51.247.45.5.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
RU 213.180.193.234:443 api.browser.yandex.net tcp
RU 5.45.205.245:443 download.cdn.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp
US 8.8.8.8:53 yandex.com udp
RU 5.255.255.77:443 yandex.com tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp
US 8.8.8.8:53 cachev2-fra-02.cdn.yandex.net udp
US 8.8.8.8:53 77.255.255.5.in-addr.arpa udp
US 8.8.8.8:53 yastatic.net udp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
DE 5.45.200.105:443 cachev2-fra-02.cdn.yandex.net tcp
US 8.8.8.8:53 215.131.154.178.in-addr.arpa udp
US 8.8.8.8:53 105.200.45.5.in-addr.arpa udp
US 8.8.8.8:53 samsara.s3.yandex.net udp
US 8.8.8.8:53 mc.yandex.ru udp
RU 93.158.134.158:443 samsara.s3.yandex.net tcp
RU 93.158.134.158:443 samsara.s3.yandex.net tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
US 8.8.8.8:53 158.134.158.93.in-addr.arpa udp
RU 87.250.251.119:443 mc.yandex.ru tcp
US 8.8.8.8:53 uxfeedback-cdn.s3.yandex.net udp
US 8.8.8.8:53 119.251.250.87.in-addr.arpa udp
US 8.8.8.8:53 mc.yandex.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
RU 93.158.134.158:443 uxfeedback-cdn.s3.yandex.net tcp
RU 93.158.134.158:443 uxfeedback-cdn.s3.yandex.net tcp
RU 93.158.134.158:443 uxfeedback-cdn.s3.yandex.net tcp
RU 93.158.134.158:443 uxfeedback-cdn.s3.yandex.net tcp
RU 5.45.205.245:443 download.cdn.yandex.net tcp
US 8.8.8.8:53 api.uxfeedback.yandex.net udp
RU 87.250.250.159:443 api.uxfeedback.yandex.net tcp
RU 87.250.250.159:443 api.uxfeedback.yandex.net tcp
US 8.8.8.8:53 159.250.250.87.in-addr.arpa udp
NL 5.45.247.51:443 cachev2-ams01.cdn.yandex.net tcp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
RU 87.250.250.159:443 api.uxfeedback.yandex.net tcp
US 8.8.8.8:53 74.169.217.172.in-addr.arpa udp
RU 5.45.205.245:443 download.cdn.yandex.net tcp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 cachev2-rad-05.cdn.yandex.net udp
FI 5.45.192.12:443 cachev2-rad-05.cdn.yandex.net tcp
US 8.8.8.8:53 12.192.45.5.in-addr.arpa udp
US 8.8.8.8:53 101.11.19.2.in-addr.arpa udp
RU 5.45.205.245:443 download.cdn.yandex.net tcp
US 8.8.8.8:53 cachev2-ams21.cdn.yandex.net udp
NL 5.45.247.25:443 cachev2-ams21.cdn.yandex.net tcp
US 8.8.8.8:53 cachev2-kiv-04.cdn.yandex.net udp
FI 5.45.192.142:443 cachev2-kiv-04.cdn.yandex.net tcp
US 8.8.8.8:53 25.247.45.5.in-addr.arpa udp
US 8.8.8.8:53 cachev2-kiv-03.cdn.yandex.net udp
FI 5.45.192.141:443 cachev2-kiv-03.cdn.yandex.net tcp
US 8.8.8.8:53 141.192.45.5.in-addr.arpa udp
RU 213.180.193.234:443 api.browser.yandex.net tcp
US 8.8.8.8:53 cachev2-fra-01.cdn.yandex.net udp
DE 5.45.200.104:443 cachev2-fra-01.cdn.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp
US 8.8.8.8:53 233.38.18.104.in-addr.arpa udp
RU 213.180.193.234:443 api.browser.yandex.net tcp
US 8.8.8.8:53 104.200.45.5.in-addr.arpa udp
RU 5.45.205.245:443 download.cdn.yandex.net tcp
US 8.8.8.8:53 api.browser.yandex.ru udp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
US 8.8.8.8:53 cachev2-kiv-05.cdn.yandex.net udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
FI 5.45.192.144:443 cachev2-kiv-05.cdn.yandex.net tcp
US 8.8.8.8:53 144.192.45.5.in-addr.arpa udp
DE 5.45.200.105:443 cachev2-fra-02.cdn.yandex.net tcp
RU 5.45.205.245:443 download.cdn.yandex.net tcp
US 8.8.8.8:53 cachev2-ams22.cdn.yandex.net udp
NL 5.45.247.27:443 cachev2-ams22.cdn.yandex.net tcp
US 8.8.8.8:53 27.247.45.5.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
RU 5.45.205.245:443 download.cdn.yandex.net tcp
US 8.8.8.8:53 cachev2-ams02.cdn.yandex.net udp
NL 5.45.247.52:443 cachev2-ams02.cdn.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
US 8.8.8.8:53 52.247.45.5.in-addr.arpa udp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
US 8.8.8.8:53 api.browser.yandex.com udp
RU 5.45.205.245:443 download.cdn.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.com tcp
US 8.8.8.8:53 cachev2-rad-03.cdn.yandex.net udp
FI 5.45.192.8:443 cachev2-rad-03.cdn.yandex.net tcp
US 8.8.8.8:53 27.247.45.5.in-addr.arpa udp
US 8.8.8.8:53 cachev2-kiv-01.cdn.yandex.net udp
FI 5.45.192.133:443 cachev2-kiv-01.cdn.yandex.net tcp
US 8.8.8.8:53 api.browser.yandex.com udp
US 8.8.8.8:53 api.browser.yandex.com udp
US 8.8.8.8:53 sba.yandex.net udp
US 8.8.8.8:53 sba.yandex.net udp
US 8.8.8.8:53 update.googleapis.com udp
US 8.8.8.8:53 update.googleapis.com udp
GB 142.250.200.35:443 update.googleapis.com tcp
RU 213.180.193.234:443 api.browser.yandex.com tcp
RU 213.180.204.232:443 sba.yandex.net tcp
US 8.8.8.8:53 browser-resources.s3.yandex.net udp
US 8.8.8.8:53 browser-resources.s3.yandex.net udp
US 8.8.8.8:53 browser.yandex.com udp
US 8.8.8.8:53 browser.yandex.com udp
US 8.8.8.8:53 neuro.translate.yandex.ru udp
US 8.8.8.8:53 neuro.translate.yandex.ru udp
US 8.8.8.8:53 300.ya.ru udp
US 8.8.8.8:53 300.ya.ru udp
US 8.8.8.8:53 8.192.45.5.in-addr.arpa udp
US 8.8.8.8:53 133.192.45.5.in-addr.arpa udp
RU 87.250.251.20:443 neuro.translate.yandex.ru tcp
RU 93.158.134.158:443 browser-resources.s3.yandex.net tcp
RU 93.158.134.158:443 browser-resources.s3.yandex.net tcp
RU 93.158.134.158:443 browser-resources.s3.yandex.net tcp
RU 93.158.134.121:443 300.ya.ru tcp
RU 93.158.134.121:443 300.ya.ru tcp
RU 93.158.134.121:443 300.ya.ru tcp
RU 93.158.134.121:443 300.ya.ru tcp
US 8.8.8.8:53 232.204.180.213.in-addr.arpa udp
US 8.8.8.8:53 20.251.250.87.in-addr.arpa udp
US 8.8.8.8:53 121.134.158.93.in-addr.arpa udp
US 8.8.8.8:53 storage.ape.yandex.net udp
RU 87.250.251.66:443 storage.ape.yandex.net tcp
US 8.8.8.8:53 yastatic.net udp
US 8.8.8.8:53 yastatic.net udp
US 8.8.8.8:53 66.251.250.87.in-addr.arpa udp
US 8.8.8.8:53 123.35.104.34.in-addr.arpa udp
US 8.8.8.8:53 yastatic.net udp
US 8.8.8.8:53 yastatic.net udp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
US 8.8.8.8:53 yastatic.net udp
US 8.8.8.8:53 yastatic.net udp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google udp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
RU 77.88.55.242:443 tcp
RU 77.88.21.37:443 tcp
US 8.8.8.8:53 242.55.88.77.in-addr.arpa udp
US 8.8.8.8:53 37.21.88.77.in-addr.arpa udp
RU 178.154.131.217:443 yastatic.net tcp
US 8.8.8.8:53 217.131.154.178.in-addr.arpa udp
RU 77.88.55.88:443 yandex.com tcp
RU 77.88.55.88:443 yandex.com tcp
US 8.8.8.8:53 88.55.88.77.in-addr.arpa udp
RU 87.250.247.183:443 tcp
RU 93.158.134.36:443 tcp
US 8.8.8.8:53 183.247.250.87.in-addr.arpa udp
US 8.8.8.8:53 36.134.158.93.in-addr.arpa udp
RU 93.158.134.121:443 300.ya.ru tcp
RU 178.154.131.215:443 yastatic.net tcp
US 8.8.8.8:53 235.17.178.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 b3b2e906fb3fabe2a034d2892d852f8b
SHA1 b96b4f4bbeb16535dc00f0c0a6b90ac2c63599ec
SHA256 9eeed36fee1da26ea6f8763e57e0e80881ed58d10ee7d66c98653e8c18a72f6c
SHA512 5e60e7934684dd62af52512a64236df0010bea88a2bd67b2f9c2532da72c178538dae8681f2a403b46f936dfe60a331639a7c2ffa04366ecad58f9d8a010801c

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 9552bd0ce6b3a9a1d6147406668ca8e9
SHA1 88c1721b0f65932a8a99157afc7d945c1207d9ed
SHA256 0cd6b688a07a306ea44641be2b5660aad0a5eb34f839582b798c4ebfa4435713
SHA512 125590419ea2330a29e47881d39c7a512dd5de0a1f2db7cbe42fbd4a695eb994643fa2dbc7b2f08e65d1010a66d79c36b93707697c9c4ea30885acde270aaedb

C:\Users\Admin\AppData\Roaming\Yandex\ui

MD5 c6aa6d2c8bc5b36a2880b3a65ef3f330
SHA1 b8ddccf3e4e08732ab32cc887f0e5b5da4aceb84
SHA256 2135777ff8e14918b9a5b37ee081bb55e22c91863961ef578952539f81035ef1
SHA512 f0453594e0bb56ebf3693fc270a24c0e1206947933b8719d8de566460559f389e21a9bdcce54c640c145551ff3ab4bfa4927892e277c3e1e5ce38d816295dfd7

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 ee1ed278407475ac1bc49f8a8e2815f6
SHA1 dfd7d485ab57e18f832accbf318c562acd66db5c
SHA256 1489b3a89898203cefe195f5687dfbbef4f9bd6b03954189fad38ed93863cde2
SHA512 3921a7547efde6ce633e0e54c40b45c48c887f867c1e6b106520a6179beee3e1891ce4e85b5f3d87f2ad7408b5eafdd1902f647ad7b782a6f936c4f23d2b992a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 61cef8e38cd95bf003f5fdd1dc37dae1
SHA1 11f2f79ecb349344c143eea9a0fed41891a3467f
SHA256 ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e
SHA512 6fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0a9dc42e4013fc47438e96d24beb8eff
SHA1 806ab26d7eae031a58484188a7eb1adab06457fc
SHA256 58d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151
SHA512 868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f

\??\pipe\LOCAL\crashpad_3108_ZQWTPFAHBRXCROMC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 aa98e21c3d99355a5393533cd6563161
SHA1 12247c1b0364787597599fc481a49028969dc566
SHA256 a8e959752240109e2340945421a9fc0e901a5fa3d143a290c06954d64a517dae
SHA512 890b8bf3e2fe0f1caa85fba956655a2c842db39cadc3fea865eb9daa47ea39296ca1266988fed7d14973b4efceabced5c845c00f6458bd45fc1e22bb3005de87

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 5cb5f62467f03dd71cef466441ceefe0
SHA1 63ad937c69f5041645c7761bc658fcbc3be12d69
SHA256 c1b4658777e80166fb0e41fe8f788fd05875b1801077f388a30d7490c9279692
SHA512 ac4779cb5482efe9cace6006a10f777021b7b94345664780e3a0df06f091a5e753c2f10f1e29f82d6703319b654ad60084744059c6202258181483465b292aa1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\66F835E41EC6A985EB9271E4A70169D7_CF44E3C99F7F4AC558EEB35244F7E046

MD5 ed93418bad7b9e116ea0163c40ee77c7
SHA1 0bc029dc9502743101ddf9bab537da7df54c9e00
SHA256 1e1b1b5f5789d2544025795285c39d38e46a15a2c5e0c481602d90345df45cf7
SHA512 ce57a26801d423933827d30a508cd80a5dc93dbf18ae4f5abddc7fc6354941e0a270718963497c7c7fbd5c9bbfc565dc484e1a5d08200fb0595d843b4bbd833c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\66F835E41EC6A985EB9271E4A70169D7_CF44E3C99F7F4AC558EEB35244F7E046

MD5 c4f99d09011bbb73a5ee36ea2363a07c
SHA1 4eab35cea2c021dea32e69d735b644e2b49e62df
SHA256 195441acde9afb777e0b642c9ea8569d372553ba87f6038c34aac9e1569a0967
SHA512 9f1fe2ef922592ca99173d0a0d7d130ffec90ae7d101801ea9b410e27c8474e95e81767baec9ca53cfec1917c57c83b1a7ac0ae4fb38cd18b14a6485fbee37a0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_7DAD5545724AA2C98C55095F428499FB

MD5 b20a2d2b881b6b0894850cc97d4ff2bb
SHA1 c2740c7cc1abb613ca67c584790c6a0f0dcff27f
SHA256 40b95cf0a84813cdb7555af0ca2a2513e350aecc1120b12898df45fdc53ad8b4
SHA512 f5f7ff0fe457ec29b8a68ea4287ce863ae3a4d3225d324d524a299ab371121ecdfa5c7c3352e3f89edd309419cdd91263dc2f6327be8c9d2876388fbffd75b83

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_7DAD5545724AA2C98C55095F428499FB

MD5 d0f45938e1a76b6cd151c2a029f2f6c8
SHA1 ef87a5085f85c49c9e95ca7aaa59c00f412dfc41
SHA256 6d08606266f809e74e513063b593a02692eca7b1c7f1f9ebfd0bf39d9615974a
SHA512 661ce46189dccf047b811a556e85ebf232ab37158859eeae35a279b3808743aba7b7d9eb98ce4ded53e6095904d5a9ab9ebffc1eb64301e81b62f1baaf1201f7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3

MD5 ffb66c88c2d6b84524ef78e5773beb92
SHA1 8599e701a2f1a942f0ac156e19c616434cd908c9
SHA256 b92d0d76ed25becc2aa4397afe84dc7e2770b24aeba463d6302c53d28f851e32
SHA512 281112f1ddb23ac2cbff946a1687ce6f1b6ea6e57e39d5f4e8b73f8a56cda57e7c608d5a4ad81b587193867e88843cbc67d7de01f378be0cd2514b20a51efc8f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3

MD5 43d4366ab60f1fd5c5a3961cabce6a57
SHA1 5d553a52f88a9e3a535aacef6fd7227385462901
SHA256 7ecd6d28606be6744bd5903ffd20c35fe25f927caa5d89b6c4fc4f8cb3d661bf
SHA512 bf65a24956fd8391350a8cfba37dd030490f79d86fd609bc87619b453dfaa0e7e8421f33791b6ae19b7005a03e59abb6b2c79df6ebc08a7411f24f2afcc4df0a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B

MD5 61ff8809c54f61d39d3a3b7775ee70e5
SHA1 7a6f6ed461041bd121338dad5c480d26a8c23e9c
SHA256 f0dca7754074176c7e68812a82bb70a36d3394c94314d486e4fc1b16741350b4
SHA512 c821150eeb89d6428d84144279f078f64bede58224f848973774c8308c733f0caa711c6f0a13bb1d6e121afd566a0d470e9b946d61401aa2adfc429e72cb3967

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B

MD5 8b0d3731995a4558a09f4172f54eed4b
SHA1 c1838151113cd706ce5ce92db00f725b1b2ebeef
SHA256 14f5dcf1d130f769eb1f1f0f1ad6dbb2f06637db188e51eaa17958ecf90621c3
SHA512 29f7f1bd75f1fdddf976ef92319bc4a16f38b789f3e8d01c5d048fba29be77c7be5a225671a5b745dade20cf43db54c9371ad5878747ad5d9956f6171212f01e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e8d7fcfb4390a57d04ff6dbf41efdc11
SHA1 84b923f178d3d5109a0bc12aaa7a8df54c9deddf
SHA256 8e44598c4ac30ef1a4d00aa62cc2e11c4a1e14665a64ff08e1f7921b16996b9e
SHA512 192ab9b68c2a182c57854eeab4be973213a577c93d29260d2464ea1f35ba7c4b5e35d622dfdc4d99d2f1c45efd107c97eeb6e4b8ffc2c20903afe94fe9eaa7c9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 273299dfb2ce39e2ab259f57b5dd28b6
SHA1 27e1fc62bd8aff54cc0eb1a77b2b36ef7de92d34
SHA256 484735112fe0977d14ed755d52ced017a181c50da003fe6fbc007a3fbcfb236c
SHA512 e9e83695b4972c08e06f8d01da59654589d606d1dd95c727bf48064d4fba2faf6b26e2b7020113b038d1c80b00689abe226958dbc0ee6d6c6d9a2294522e9663

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 807419ca9a4734feaf8d8563a003b048
SHA1 a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256 aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512 f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7f52474223366ac8d88c001c0c20548b
SHA1 f5cc3303e402925b8be3308acdbdc2fdf1b4b2ff
SHA256 1129d7a9028e46f912c8c1a8558342fd8bd4aed95d303ba6d77d5e5daedc6650
SHA512 6c232e0b685155538c7ad5690e583082526343bfe756a5b222bc6f051632d8c23c8bd5fe89f8c4ebc24996004abf2c631604ef930fe0a1cde1c798314c335fe0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9a50fb8da6c75fecf7f2ec4c7fafcad3
SHA1 476a7fe791618f6475dac69bd6dfb25e3c0235cf
SHA256 52399c56780451fa715bfdd35d8687bb61283905011c1342f4807e72b20ad5a5
SHA512 1ff524479cb1819266eb97c84e226418fed675d50540d022b5ee3ded79e50566092bf4628d75e12fc5c2c064a08972ec1ca85861cf878a62946202314751d0e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586184.TMP

MD5 f5eedee73756fad575730deb0c8e736d
SHA1 f410d5a247e268245e83dc5f5ce39ee841dff8a5
SHA256 7e5dddcf4266318f1f00dade053ea64a5ac4a37eca232ca3cc95e2f3122c5dfc
SHA512 84675b3fd182b8a923427f83445368d73680f1bfe9928074b73d6c9a6a3f3266a7c3570a555fcea17131ec66541ee7de4547042d9ccc2944711888c3f8a551bc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 aa58fceba82ad56635b00811f67fa133
SHA1 e67344dfe5b5c5bbe0e6705a9064d89298bdd1ea
SHA256 62ed96857b685f7936e195270da5e5b8d478d517e4f72c0d2c569e7a4eedb88c
SHA512 d7fd211f14bb37511f9f77984e0011b69b2fa88e220da8f33a0c9fcc5e2ce5f6d95e863adb433b5dfd96b5215769497e05fe44a9bee8cce83f4cb869067b7815

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 1bd65f8611d788e94e41f3baba498d34
SHA1 59a597ce639eccdbb19b2a7cab099d3603154713
SHA256 dca3aadcc6bd2319e114215c4630a6504c7bda9f5311d2dd97782f0349e256c1
SHA512 1c2234f579a496c60c610f2ccb6de784cf79eccad4981231526b093260dfdb0917450917ecf197029fcf48d2e2c1a483b6cd58f1a214da37ad9c97c6235f1397

C:\Users\Admin\AppData\Local\Temp\YB_EA3E5.tmp\setup.exe

MD5 85d846823c88a1bb8836cfd8907320cf
SHA1 6d9b5bd3edb701f1403f7f65ba83ba493a106192
SHA256 3e9b0d73bec058270f9e233b57f13c276f054e1be5da5a5a6c26a510cf3a15f9
SHA512 6a043c9e594b77d45532244735a334541bfb3ce379159ede9d44e4d40ce2d77e68c632e044b1ab02216eb34801bae99fe1439a9c86c89320d0c3dcb9db65f272

C:\Users\Admin\AppData\Local\Temp\master_preferences

MD5 3586905f5e3af3c5d82e582cf7bb408a
SHA1 d9455549aaf38e06ebaef9a8871ea1f5bf7e6d86
SHA256 f119b58c9b8935652a9bc476f507defad189bb67c785c4504276e7e5e353cc8e
SHA512 17336dc37891544ac55199d0e4bb9241598d4e28736c91f1f843a1abb06de40dff90ec7cca55ff1e3c5ec366045e18002d71b022025ea91a64a70690fecd8167

C:\Program Files\yandex_browser_installer.log

MD5 0cfe6f96b76350a26dbffba469432f45
SHA1 1aa40bfa0c03665cb78a813b8d908abf26ede2bc
SHA256 fb002f7ce6eba5a151ba71477e9b6bbc1dd159cc5235e0f05d5bb0729b1a04e6
SHA512 432558799233ecd6bb07eb9b5bd4dd753460a0830b9f166fdeb129fc606ae3103a7cbd1f12a55b32036ba7ebb2c8617f50f9b9ac7433dca5e47f497842eae7a4

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 53e4e919cc579e1ceb861bc536ef7867
SHA1 0b6b4543e3817acd369d8b7c028a689e99438e3d
SHA256 895707209a983dd1e98c35367cb3fa1710e9c3fbc113fce35f21d55483343850
SHA512 d24c43c90893a89c81489be01c55030d619a1641005d3798e7825c3dd4b8ee7bd1ebc5d2cd40d464082acf38991e99940b27022efb1157105d59400cb199f6c0

C:\Users\Admin\AppData\Local\Temp\distrib_info

MD5 dfa737ac9665c5c43bbd35ccd020488a
SHA1 5d5c9e3c877355fe41157d2058395ada293ad1f0
SHA256 ce44a2717e329671135391d477c95ccd325e7f401478fb566048d45393cf2282
SHA512 2eac61fc87abcd6c692531ee8fcdedfc8db9e87b7c5032d1b5fb60ef8f0f431974719520aeb2c13525cca66ef2a63845ff576fefd27534c2ec6de1aeb106b028

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\349D186F1CB5682FA0194D4F3754EF36_329286CE101A90C7D927A9DF52224760

MD5 23aa02cb25d6a535f578584f2318ca22
SHA1 3e10a03b8fd5f0ed39ae128304d25f9fdb00d705
SHA256 2f896753a7e1998fb490b7f43d58e9cf3e53d480c2214f25b94a47c3b1d38f37
SHA512 085a57744b445413951103bc815c4cb9530ca498b3bd6f99e092e1cd9fa5f035e102499819cb0b6f40bbfd72e025855e6aa3bc5f6c8b0941e266a9d1ce3254a5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\349D186F1CB5682FA0194D4F3754EF36_329286CE101A90C7D927A9DF52224760

MD5 a070e417d52371fef353fcc824775fde
SHA1 07094900838dbd76110e8f12d754acef38f44df1
SHA256 24a5adccc337fdb568c00f646d96e7cd9aa87159e94b18ff9d789caf8a22d61a
SHA512 3919afd6d64ae765254cfa66855133e8f6d4a22a0b4c709f6833a9ae74cb8aa6f5cb9936c7de42a832d8d75a7373349d50571c10d6099a967b430e28ad669716

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 1e691ad9b1af93c20f9b256b3af1372a
SHA1 ce9318b5191d798e59c0bda34449da13f161a761
SHA256 0e6c9b4dab9390777847a67e0ea0f63be70adc8403db9cc519be25060539fab9
SHA512 5b7bc664924ed78b501f6688fa886252fafe48be12b6008a10e53d1f272c5e65ac62f71c9819569e91d539596f41926aa5d620710181184998da06c6870e4b68

C:\Users\Admin\AppData\Local\Temp\YB_EA3E5.tmp\BRAND_COMMON

MD5 9da8a139bf4d5e0776cef62f05bf2407
SHA1 90841e68f3c61d8a54fadd0b2ddfa6e373b2c939
SHA256 f8a69b101323c8a730167620420867e2ad1664904cd4b06ad691db23fc61453f
SHA512 2a0997ce8ba8046e2748b46d1ec3b9da5bd308eeac88558248e3320aa61efcad0745e8cf1edc10fa8303df2cdea11b9f2210261963212148dc881cfc4cbf6f80

C:\Users\Admin\AppData\Local\Temp\YB_EA3E5.tmp\brand_int

MD5 8c167f6e79cac9ead27bbf354f6856d9
SHA1 b913e37b79cdc47dc9ea02286532becda4d64d0a
SHA256 bc98136f08488fa26b258de3a6456c0365446219448788353ef5eb204e454d82
SHA512 6c9e7526cfef7aa23c5bffd961814d5b74a0cd025b71e96dbf90077e5739c075ce10b9a3c48115d364f3a9cb16dfd0e7ed0a82ab436277fc593bdd8c9ebda7da

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_D94F4A82266DCEDAC0F3F1BFD0843F4D

MD5 01e5affe94af39b931ad4963ce10d45c
SHA1 0061165fec634d34e1b5919f2a9bb6aab04233b0
SHA256 d99d28be14b635cde5e684ba839cf57a366ac35b72d06d403a81a3d119fb89a3
SHA512 b9c2d367cdd1e772ccc9f1b67ed481d9f5b69201b2cd4fb69e5f5394ba142803a01a9f889b1260b9968d86fe6a1aa335b0b7e57a5cf750cced62cb880d002a23

C:\Windows\Temp\sdwra_5888_351831887\service_update.exe

MD5 8cfe6ee4fa6c0d2916de38c4601ef40d
SHA1 1d5f29ea1909489cc552c108f92dfa7e1b9022eb
SHA256 a96b4cc2627b0084412910e9e7f965a99c1e19f65d202308dfcd21e0b831b2a7
SHA512 fd7b1daff2960846a2bb20ae3147a0b6c55bd15e9f35dd6cedd4bc6fd5e6010132b4e6a77eecc89b6248c22e09f749c56a052a2b6ca70de644780f64b26fef5f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A334956C3F99BD182BF4859935BADE72_FACA7E02B2152427A5B3C5BC1AC9CE92

MD5 edb0767c39d199858b62776e38406cb5
SHA1 39477cee82e65475030c85119c5804b4d4920d90
SHA256 8330b9abfb58363f7d139d4def2d390cc50c9a0281ce73ede1b2975de27ae5c4
SHA512 7163ea24c472d1ff60636a9e1f7dbb98483cbd0a650bb2bc80584129a378a72ea46f3da8e05b74d071a3b7684a22f3d0934d7b593d51cf94d85d8b81aeec14d4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A334956C3F99BD182BF4859935BADE72_FACA7E02B2152427A5B3C5BC1AC9CE92

MD5 b4b384a47ad87be5f2a5d1decccae8f5
SHA1 61466994606176e90cf99e411d24028c21561057
SHA256 1f76b2ee00feb60ad0965659b1aad432a732dad7fbfe81f8eabc10a1e9093b2e
SHA512 29fa2aa6d481543ad38f63a0d5813857d977951cbeaece556153225671dee879ab912089d96f509bc92445a61db7da2a56e1582a81f5c3300976a377de1cbd93

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9E5AF9A59B2A0198F537F5F6F7EBA776_57ABCF7C80DDF20409A123C0B25EDA1D

MD5 1d5fe659c2d228ad490a3afc0bf39894
SHA1 47a80a2b639c9cca12b3c2b3024fc07e5b24643e
SHA256 d104cff2bc0652165f3c9b39eaca7e123c63a8fe3752e693c188787b07405416
SHA512 95ad6052dcb2ceac39378070f0437c108e05789f32299ee177ed3b01c2b666b956b28de18587240e80b0bbfe2629a462df33bf0d30d2d2b0bc2862e9830b3547

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9E5AF9A59B2A0198F537F5F6F7EBA776_57ABCF7C80DDF20409A123C0B25EDA1D

MD5 688dc85ae631fbd9ef1e4d044a3b37b3
SHA1 933e3a574a928de30ed8e7d4c0aea6e7638ca7a7
SHA256 c2718f94059de49bf40e29e33d2760b99d19dc10926f0742105ff634479d77aa
SHA512 7420f11dc881830e490cd03fd0e439c7fbbb544ce9ab94261552142096352a343f21a9f5ff715468664ee9b85b402dba5ea761a5f7908741ae43052e9de40839

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_D94F4A82266DCEDAC0F3F1BFD0843F4D

MD5 ff3ee913eb5497231872ed3d2e001be4
SHA1 a5dfd039581e06937c88e955844232f0dc9f49b5
SHA256 3b7798191dfaec61ef2e73e85a73c1a061ceec9377089a6d4bf2e14461716577
SHA512 aeafc99e0441b5c668abd664b85bff84b7e42723a90f284e812f10c2f9ae1328f0dae0ef7b092ccaa51f2572534d40d421861de34a02be8b6643f62970a6eb4a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\357F04AD41BCF5FE18FCB69F60C6680F_394487CAFBCFB8C5917AD7A10924C8A7

MD5 330a6b21ca4cf323b696913816836028
SHA1 6cd5d2cca64de402336434ee1a24df3cb126c044
SHA256 df0a638e4b1ea5f56e93ad90bae8de95e349aedde82379c7f2d7d54757c61aa0
SHA512 400590788d9ca67a4017be967f77aa9525232f7b37453825211cb9d97c3b3f734349580f91202f43bf0c2defaf526d2031a0ab45c9c45b4a0d63fabadc41c25e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\357F04AD41BCF5FE18FCB69F60C6680F_394487CAFBCFB8C5917AD7A10924C8A7

MD5 45165b06cf549390aea3ff4c6d9a4cd1
SHA1 69574e9c5ebe47936ac7a8e2bebad46eb36487cd
SHA256 8a14817e8c3321209e409941d42ad6b390a81cce8c4d104bad913cfab088ef55
SHA512 cde1f7c9905ab0210ae29903c6b7d490ca98002b42527cea4034ce90777a31c1c491a8efc1bc06f90df63a8cb4630c9541b640940962c2452e284d215e749996

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E

MD5 536950fb90e5082065882ee3131f07ec
SHA1 2043984f7f3ff62787f10efbf49249a45bfd68ec
SHA256 94bfff3f2319c4b404665750ecf6168068b1d2775d1273296c90c1ac2e18494e
SHA512 7ead4cbf20c377fc8f2798564b48eebc6a7e4d4e6bc09705ac0dc3727e51418ec116f9eae12ebb38f9659b9974097eddfd61a6c8d61e4df26641a7c8a7bfe171

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E

MD5 b260bac2e3a93f53db1ccfe64c015eff
SHA1 0c6a5d0b884b2beab7b27deb02513400fa198d4f
SHA256 158d85ef9b9fccfc90cb2e46b3a1e9cdf3e6f2afdc039cfa22a20b3f59e1fe12
SHA512 d10bc5d8f7eca0e794bb98287a6c15d3ecce136c76f3b254245935297afb0e049777799be71ec39ebe1dc7e1aef4ec1197a29c4a86644de9b6d17ea65687e52e

C:\ProgramData\Yandex\YandexBrowser\service_update.log

MD5 2150e7ebe395e0aec4f2d8ef7471c9a9
SHA1 db8f6d52f9563561453dcd96fe4a6ae69197fa25
SHA256 11e03ac56ff4f7106bab90da354fdf5b027c0c408781fbeba587bee68eb9d758
SHA512 7dccb0405917d970267fdc12e5d1c9f1feb12f8e6ee9ffcc2e795b369ee63feffd77736929efb77719ae165f2d46536cc94b8f1689fb8e1918994d6f8a19baa0

C:\ProgramData\Yandex\YandexBrowser\service_update.log

MD5 99b43bc644a0c620adbe2f1fe9cfb3e6
SHA1 b442e714dfd626e5e7aa0b499026eb6817b2f720
SHA256 d0d755bfc40f05467e8600eb5e0280a8dab65193ff2c408bd5dc3dc911eef2a7
SHA512 c0f7b80c9a45682cfc32dbd3cfa077f900b1d199f3d1d116ecf68e43bb77ed39c3719af5e053b81176a9c65a98b8c71cb1e6712fc8e6837ceea45c165e8841ca

C:\ProgramData\Yandex\YandexBrowser\service_update.log

MD5 a0c985e51e7b752518eff4218109029d
SHA1 4cc5f8669c9ce746ede4cd3839e9f81b39623edf
SHA256 cf1787843decccf291096ad1d619888d90a3640c039ab6a99caba514a307a2b1
SHA512 390e9d4228a0930f02798940b86f35ba33ed6fdd2f18b68b162c1e517739e809d810bca7e06bbaff8ac406b57a01edc0c651453db6678b604b9afb985538086b

C:\ProgramData\Yandex\YandexBrowser\service_update.log

MD5 31853d9035ac9f82834ff1bd8653dece
SHA1 e4558ed3041353c085dbf878e5d2047c2a315515
SHA256 4f492c3ec63ea1b81ed2ee56ebe253450b72ed2a50e61512c2ffb26313f5ee4c
SHA512 61b1c0c072085a50421c79467ab2bd6e963d5d5676fb272de4242d9c9893a3da2219dde7984d3bc5fc8f05bba0e6c0af3f9bad2089598092384c33c53e8dbaff

C:\ProgramData\Yandex\YandexBrowser\service_update.log

MD5 51b959a3946440759f43722f87c4f3cd
SHA1 e59cdbf56a40bfdf71f88f10a9083ef442e46ce2
SHA256 cd2e046213bc427afa0e8fb57b14f69d2630245fd18647382dbacfa84249af48
SHA512 b62f562cec4c1abd97fd99f468b0f806e9986415a2fad8f1e22987cb4fee34c8fde3de922c5538c532505917bc96012c931f151dfb5f447ebf18d84fa99bf74c

C:\ProgramData\Yandex\YandexBrowser\service_update.log

MD5 39e5be25fae55e0f7f6482372fa2e69d
SHA1 2d3091c6bd720e2a2b790ca97f3828389e3b20e1
SHA256 636b7651780552d5c38407d2e286b3f475d538f911ee7bce786653823b867719
SHA512 0197f0d6440c5ea367294c92468781a5eeca47d25fbf48857de96c3603de7ef818ee04b10b2b941e7189dae3ae5aea3cd16354e6d266ff44edd3cb5ee6649ea0

C:\ProgramData\Yandex\YandexBrowser\service_update.log

MD5 706912edbf6cf5cbd333f8e69cafe970
SHA1 ccfa97320c4496d6f6bb3fc3b22145df6b80f9d5
SHA256 354e2a42bb626bcaf533ec17461e8f59de1f4d9f13cc09dfff9c0db6d8daec9d
SHA512 9b0b5864785bb01be064388fa32f8f6d83571580bf83cd61b20653ffcf7d748799238294467e87b80acea92c464cd833a7bc5da062eb23dd47795ce52bd019fe

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\import-bg.png

MD5 be2acbae1c7b09125a85c5517a7dd70c
SHA1 091dbd354f830ddf74258b337dc4f7177a860d1b
SHA256 d1f78371b8d86ecd9a1e6c5878ff5da756f8c9ebb6b1a6d5d24ed017ad64c010
SHA512 dfc66f11ab6f79a8726efe47c478664973b04a277a9290cc6703899a12271909c757482be8c0a2cdcdd290e5a2a29d441a8d09c2bfc686a9482f07ceeb33f673

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\wallpapers\mountains_preview.jpg

MD5 a3272b575aa5f7c1af8eea19074665d1
SHA1 d4e3def9a37e9408c3a348867169fe573050f943
SHA256 55074794869b59cd5c693dfa6f6615aea068c2cd50cdae6dd69bd0410661ded8
SHA512 c69bf39362658dd6cbd827cf6db0f188a9c4410b3c6b7b532595fd5907974e2141d857942ffb2497282e31eaa33c71240c2c2bd8721046df55e3358e8b76c061

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\wallpapers\sea_static.jpg

MD5 5e1d673daa7286af82eb4946047fe465
SHA1 02370e69f2a43562f367aa543e23c2750df3f001
SHA256 1605169330d8052d726500a2605da63b30613ac743a7fbfb04e503a4056c4e8a
SHA512 03f4abc1eb45a66ff3dcbb5618307867a85f7c5d941444c2c1e83163752d4863c5fc06a92831b88c66435e689cdfccdc226472be3fdef6d9cb921871156a0828

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\morphology\dictionary-en-US.mrf

MD5 c8a293e130ee93c08592f0f5ba9616a8
SHA1 49e7d245af097bd28af5ffa503858830cd45011e
SHA256 fbd6c8f911927a994db26eac21e4c028d75ea9de593eaa525f331e5c9a911ce3
SHA512 9f4c01c6083ad7063db29b7075e0ac475794dfaa9b6714b119174607aefbf5384cbf17a96256b097de5b2a73669d060d5082cf2aa9244e7968c3d8853d09083b

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

MD5 4eedf5b0592bc1191a681b1fa9a01d04
SHA1 35e16ff9fb343b8b320fd53b82e78427a8b598ea
SHA256 8af21b5c5ce8355cef9dc007c423c0ffd6faae8354ee017322e9936d96a6f852
SHA512 2ce6f622537b966c0d0e07ebcf3c73e996ad8ee1e2fd1cbb2bb8f0fd7e988fac20ce7fb94c790c275c418a2bd8a0c28a1c657d80768d64bff81ec8a4d8a6f629

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\configs\all_zip

MD5 1d71aab097bac538c29bfe8cf5a78326
SHA1 65e63399ecd362051bed39b4521e4b6d0d069666
SHA256 bd1e003c3964da816c6e824caaeb5b18c06299f6783dffffc382b94029f4c5f6
SHA512 9450373f3a1d4f0913e13b8c019c2a1dd97211a88dcd3371251ae1e08a9e36b4db9958ef320353fe9bc45725947165f2161fc8e8f00b6eedd806e161f7508315

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\extension\elokbjeafkcggjfjkakpchmcmhkhaofn\brand_settings.json

MD5 909b09582eadd71cdfd92d615ea70a87
SHA1 715f244e8c4b306f26649167a2186a598f65f3df
SHA256 7bbd3e9581b9990cd48933c7b6ed0a22216db7f3544daf510b4acfadcab0426a
SHA512 95a6d43d88b88bacc7ad49ea40b1797f28c2fe835f8c5287b13426581088154d952803c8461d6c311520fa3b92ceae4ee9f9328a9e70ceb9b48be639f948cc4c

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\extension\fcgfaidpicddcilhjhafmmcgfodijhjd\brand_settings.json

MD5 fda6c7f7660e9be254ef3745b8dcc4c0
SHA1 953062beb6ba234633f1de0a6964e7dec3ba2cf0
SHA256 29660aabd512c66468f36862bf0087855e4c18bee937e9d1a403d548f0ce1b8c
SHA512 0b18601b8771071d601c00a8ecb687d807ca4c785c387701f6dff99566fab72227b9af84a17bf9c40a583c2501d3c20cb93681f4a1f6cb0227e4dd5b5a005077

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\extension\gopnelejddjjkamjfblkcijjikkinnec\brand_settings.json

MD5 4c817e4c2d0ed4b5603e7192da413a6a
SHA1 e70fe2b6c5548273bc00b8863e0752c7bf93ad11
SHA256 cbbda477eaadbaf9fc385bff50dfaf9af360dd82fd8b345209456d8da580273b
SHA512 39a4796f25ee166dd8a079b3556b1e50d9e85a1bad8a9229a428a9d160411c7362fdf05db872ff167ce23f7769de582f63155863bd3e06313d49e71841f369ae

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\morphology\stop-words-en-US.list

MD5 202e1cc3e24e0a76bb1fd8779ddae5cb
SHA1 7566a9437663e808740ef75c9a79f414daa6b44d
SHA256 95984aa8caca82fc5c2ac6721e17206e45f12404567bf05bf397131ab83cef58
SHA512 dba1d7714da25c670cef62d22638ba759add34e26e69666973e26b7e7542b7c04d3694bb0f22ec2b7f89a33e48b3546507a108a385ba5945e0d293f501511717

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\morphology\dictionary-en-US.mrf.sig

MD5 197eaa00216af72690c09b8b82211809
SHA1 1e49ba86b771b391b63335fede7614f5ac427f84
SHA256 d5e3a63301977129113a9c0bdc0dd14173768c6f9f5ce2f2036c0cc6a53d706c
SHA512 f57b8e7d481ba5791c6bf454363fca3aad042270b572fb4b2ae1c0429a6e2f70d153b6bf44b139d48c959a1817c4e72ad3b280257b7877746fe93c40c880f514

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\safebrowsing\download.png

MD5 528381b1f5230703b612b68402c1b587
SHA1 c29228966880e1a06df466d437ec90d1cac5bf2e
SHA256 3129d9eaba1c5f31302c2563ebfa85747eda7a6d3f95602de6b01b34e4369f04
SHA512 9eb45b0d4e3480a2d51a27ac5a6f20b9ef4e12bf8ac608043a5f01a372db5ea41a628458f7a0b02aaba94cd6bb8355a583d17666f87c3f29e82a0b899e9700bd

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\wallpapers\abstract\light_preview.jpg

MD5 9f6a43a5a7a5c4c7c7f9768249cbcb63
SHA1 36043c3244d9f76f27d2ff2d4c91c20b35e4452a
SHA256 add61971c87104187ae89e50cec62a196d6f8908315e85e76e16983539fba04b
SHA512 56d7bd72c8a380099309c36912513bcafbe1970830b000a1b89256aae20137c88e1e281f2455bb381ab120d682d6853d1ef05d8c57dd68a81a24b7a2a8d61387

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\wallpapers\abstract\light.jpg

MD5 3bf3da7f6d26223edf5567ee9343cd57
SHA1 50b8deaf89c88e23ef59edbb972c233df53498a2
SHA256 2e6f376222299f8142ff330e457867bad3300b21d96daec53579bf011629b896
SHA512 fef8e951c6cf5cec82dbeafd306de3ad46fd0d90e3f41dcea2a6046c95ab1ae39bf8a6e4a696580246c11330d712d4e6e8757ba24bbf180eec1e98a4aec1583b

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\wallpapers\custogray\wallpaper.json

MD5 662f166f95f39486f7400fdc16625caa
SHA1 6b6081a0d3aa322163034c1d99f1db0566bfc838
SHA256 4cd690fb8ed5cd733a9c84d80d20d173496617e8dde6fca19e8a430517349ed5
SHA512 360a175c5e72ff8d2a01ee4e0f365237bbd725b695139ea54afc905e9e57686c5db8864b5abf31373a9cb475adcbdb3db292daf0a53c6eb643a5d61b868ad39b

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\wallpapers\custogray\preview.png

MD5 0474a1a6ea2aac549523f5b309f62bff
SHA1 cc4acf26a804706abe5500dc8565d8dfda237c91
SHA256 55a236ad63d00d665b86ff7f91f2076226d5ed62b9d9e8f835f7cb998556545f
SHA512 d8e3de4fea62b29fd719376d33a65367a3a2a2a22ed175cc1eeff3e38dfbaac448c97a6fbea55bc6159351d11a6aad97e09cb12548cf297e01bd23bf6074de08

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\wallpapers\custogray\custogray_full.png

MD5 55841c472563c3030e78fcf241df7138
SHA1 69f9a73b0a6aaafa41cecff40b775a50e36adc90
SHA256 a7cd964345c3d15840b88fd9bc88f0d0c34a18edbf1ce39359af4582d1d7da45
SHA512 f7433d17937342d9d44aa86bcc30db9ae90450b84aa745d2c7390ff430449e195b693a8ae6df35d05fee2d97149a58a7d881737d57902d9885c6c55393d25d6f

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\wallpapers\fir_tree\wallpaper.json

MD5 8a2f19a330d46083231ef031eb5a3749
SHA1 81114f2e7bf2e9b13e177f5159129c3303571938
SHA256 2cc83bc391587b7fe5ddd387506c3f51840b806f547d203ccd90487753b782f1
SHA512 635828e7b6044eeede08e3d2bb2e68bc0dbbe9e14691a9fb6e2bc9a2ac96526d8b39c8e22918ff2d944fb07b2531077f8febd43028be8213aa2fad858b6ee116

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\wallpapers\fir_tree\fir_tree_preview.png

MD5 d6305ea5eb41ef548aa560e7c2c5c854
SHA1 4d7d24befe83f892fb28a00cf2c4121aeb2d9c5d
SHA256 4c2b561cf301d9e98383d084a200deb7555ec47a92772a94453d3d8d1de04080
SHA512 9330009997d62c1804f1e4cf575345016cda8d6a1dd6cb7d2501df65ea2021df6b8a5bc26809ddfc84e6ff9450f1e404c135561b1b00b9e4915c69e84f89cfec

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\wallpapers\flowers\wallpaper.json

MD5 4938bc67f6e2d6e8faeb7ba9ca8dbc69
SHA1 7600cfbe9d5e6be6a12642670107857abe36e383
SHA256 3bdb98cfc0379426a56ac7813f4bdd4787bea9ee8a65b7914e62226e584ac977
SHA512 27b680deb837cf7831c2d865f210fa1321fe5a2ee885be1dc058916ae0fa0e6fcf9c9f9de4ee86806dd3ab271c47f79ab621741664b8bdce7be117ff52ef6c85

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\wallpapers\flowers\flowers_preview.png

MD5 ba6e7c6e6cf1d89231ec7ace18e32661
SHA1 b8cba24211f2e3f280e841398ef4dcc48230af66
SHA256 70a7a65aa6e8279a1a45d93750088965b65ea8e900c5b155089ca119425df003
SHA512 1a532c232dd151474fbc25e1b435a5e0d9d3f61372036d97bcaab3c352e7037f1c424b54a8904ef52cf34c13a77b7ab295fb4fd006c3ab86289577f469a6cd4c

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\wallpapers\huangshan\huangshan_preview.jpg

MD5 1edab3f1f952372eb1e3b8b1ea5fd0cf
SHA1 aeb7edc3503585512c9843481362dca079ac7e4a
SHA256 649c55ccc096cc37dfe534f992b1c7bda68da589258611924d3f6172d0680212
SHA512 ecd9609fbf821239ddcbdc18ef69dade6e32efd10c383d79e0db39389fa890a5c2c6db430a01b49a44d5fa185f8197dbbde2e1e946f12a1f97a8c118634c0c34

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\wallpapers\huangshan\huangshan.webm

MD5 b78f2fd03c421aa82b630e86e4619321
SHA1 0d07bfbaa80b9555e6eaa9f301395c5db99dde25
SHA256 05e7170852a344e2f3288fc3b74c84012c3d51fb7ad7d25a15e71b2b574bfd56
SHA512 404fb2b76e5b549cbcba0a8cf744b750068cbd8d0f9f6959c4f883b35bcaa92d46b0df454719ca1cef22f5924d1243ba2a677b2f86a239d20bfad5365dc08650

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\wallpapers\huangshan\huangshan.jpg

MD5 c51eed480a92977f001a459aa554595a
SHA1 0862f95662cff73b8b57738dfaca7c61de579125
SHA256 713c9e03aac760a11e51b833d7e1c9013759990b9b458363a856fd29ea108eec
SHA512 6f896c5f7f05524d05f90dc45914478a2f7509ea79114f240396791f658e2f7070e783fab6ac284327361dc2a48c5918b9f1c969b90795ceacce2c5c5bfa56ca

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\wallpapers\meadow\wallpaper.json

MD5 f3673bcc0e12e88f500ed9a94b61c88c
SHA1 e96e2b2b5c9de451d76742f04cc8a74b5d9a11c0
SHA256 c6581e9f59646e0a51a3194798ec994c7c5c99f28897108838aaf4a4e2bda04a
SHA512 83fb3fe4a3562449a53c13d1c38d5fe9ef1fa55c3006f59b65eace9a6ad4963e768088bc500dbe5266b5979c6ace77874ef11a15a7bd9fabae00ff137e70ecb5

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\wallpapers\meadow\preview.png

MD5 d10bda5b0d078308c50190f4f7a7f457
SHA1 3f51aae42778b8280cd9d5aa12275b9386003665
SHA256 0499c4cc77a64cc89055b3c65d7af8387f5d42399ff2c0a2622eccbd6d481238
SHA512 668e1a70a50a0decf633167ac23cba6916d0e05d0894daae1f7e3d487519f0a126abd4298430b38f52746a5c3b83ccd520b3d9b0ae1a79f893e36821a0458566

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\wallpapers\misty_forest\wallpaper.json

MD5 2b65eb8cc132df37c4e673ff119fb520
SHA1 a59f9abf3db2880593962a3064e61660944fa2de
SHA256 ebe9cadad41bd573f4b5d20e3e251410300b1695dfdf8b1f1f1276d0f0f8fa6d
SHA512 c85fe6895453d0c38a1b393307b52d828bad8fa60d1d65bb83ffa3c5e17b71aa13cab60955489198503839ce5a4a6c1bb353752ab107f5e5b97908116c987e52

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\wallpapers\misty_forest\preview.png

MD5 77aa87c90d28fbbd0a5cd358bd673204
SHA1 5813d5759e4010cc21464fcba232d1ba0285da12
SHA256 ea340a389af6d7ad760dff2016cf4e79488bda1a45d0a415b3cd02a4430c9711
SHA512 759519b8822a6a4b88fc9ba47fa9d5d898b2f5a0f359acfbefc04809e6d7f5df86fb130f191eb6f63322792a18c0e7170aedf3ce7060fd9ad7e1bec2e686c3b2

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\wallpapers\neuro_dark\neuro_dark_static.jpg

MD5 e6f09f71de38ed2262fd859445c97c21
SHA1 486d44dae3e9623273c6aca5777891c2b977406f
SHA256 a274d201df6c2e612b7fa5622327fd1c7ad6363f69a4e5ca376081b8e1346b86
SHA512 f6060b78c02e4028ac6903b820054db784b4e63c255bfbdc2c0db0d5a6abc17ff0cb50c82e589746491e8a0ea34fd076628bbcf0e75fa98b4647335417f6c1b7

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\wallpapers\neuro_dark\neuro_dark_preview.jpg

MD5 29c69a5650cab81375e6a64e3197a1ea
SHA1 5a9d17bd18180ef9145e2f7d4b9a2188262417d1
SHA256 462614d8d683691842bdfb437f50bfdea3c8e05ad0d5dac05b1012462d8b4f66
SHA512 6d287be30edcb553657e68aef0abc7932dc636306afed3d24354f054382852f0064c96bebb7ae12315e84aab1f0fd176672f07b0a6b8901f60141b1042b8d0be

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\wallpapers\neuro_light\neuro_light_static.jpg

MD5 9c71dbde6af8a753ba1d0d238b2b9185
SHA1 4d3491fa6b0e26b1924b3c49090f03bdb225d915
SHA256 111f666d5d5c3ffbcb774403df5267d2fd816bdf197212af3ac7981c54721d2e
SHA512 9529a573013038614cd016a885af09a5a06f4d201205258a87a5008676746c4082d1c4a52341d73f7c32c47135763de6d8f86760a3d904336f4661e65934077e

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\wallpapers\neuro_light\neuro_light_preview.jpg

MD5 d72d6a270b910e1e983aa29609a18a21
SHA1 f1f8c4a01d0125fea1030e0cf3366e99a3868184
SHA256 031f129cb5bab4909e156202f195a95fa571949faa33e64fe5ff7a6f3ee3c6b3
SHA512 96151c80aac20dbad5021386e23132b5c91159355b49b0235a82ca7d3f75312cfea9a2158479ebc99878728598b7316b413b517b681486105538bbeb7490b9c2

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\wallpapers\peak\wallpaper.json

MD5 f0ac84f70f003c4e4aff7cccb902e7c6
SHA1 2d3267ff12a1a823664203ed766d0a833f25ad93
SHA256 e491962b42c3f97649afec56ad4ea78fd49845ceb15f36edddd08d9e43698658
SHA512 75e048c1d1db6618ead9b1285846922c16a46ee138a511e21235342a5a6452c467b906578bdd4a56e7b9e0a26535df6fb6319ae1cae238055887b48963fa6ed6

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\wallpapers\peak\preview.png

MD5 1d62921f4efbcaecd5de492534863828
SHA1 06e10e044e0d46cd6dccbcd4bae6fb9a77f8be45
SHA256 f72ea12f6c972edfe3d5a203e1e42cbbaf4985633de419342c2af31363f33dab
SHA512 eec8171bd3bea92e24066e36801f334ac93905b7e8e50935f360e09fa8c9b9f848c4c62b687299e8297c0693d6dbaf9c6035b471e6345d626510b73e3606ee4d

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\wallpapers\raindrops\wallpaper.json

MD5 5f18d6878646091047fec1e62c4708b7
SHA1 3f906f68b22a291a3b9f7528517d664a65c85cda
SHA256 bcfea0bebf30ee9744821a61fcce6df0222c1a266e0995b9a8cfbb9156eeeefd
SHA512 893b2077a4abaa2fe89676c89f5e428ccd2420177268159395b5568824dd3fe08bea8a8b2f828c6c9297b19e0f8e3a1b7899315c0b07f4b61fc86ce94301518b

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\wallpapers\raindrops\raindrops_preview.png

MD5 28b10d683479dcbf08f30b63e2269510
SHA1 61f35e43425b7411d3fbb93938407365efbd1790
SHA256 1e70fc9965939f6011488f81cd325223f17b07ee158a93c32c124602b506aa6b
SHA512 05e5b5e9c5ef61f33a883b0286c2239cb2a464581d6e8a86d7b179b1887b4cb2cd7304e0821cdd3208501421c44c63c248a5166c790792717a90f8ac528fbf2f

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\wallpapers\sea\wallpaper.json

MD5 92e86315b9949404698d81b2c21c0c96
SHA1 4e3fb8ecf2a5c15141bb324ada92c5c004fb5c93
SHA256 c2bb1e5d842c7e5b1b318f6eb7fe1ce24a8209661ddd5a83ab051217ca7c3f65
SHA512 2834b1ef7bb70b2d24c4fedef87cd32c6e8f401d8ee5f3852808f6a557724ce036c31a71298cd0ed601cde4be59ec4042542351c63c4e0ac3d31419f79240956

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\wallpapers\sea\sea_preview.png

MD5 3c0d06da1b5db81ea2f1871e33730204
SHA1 33a17623183376735d04337857fae74bcb772167
SHA256 02d8e450f03129936a08b67f3a50ea5d2e79f32c4e8f24d34b464f2cb5e0b086
SHA512 ff0e60c94fc3c0c61d356a26667c5170256e1143b29adf23d4e7d27012da72ed8865ef59dc2046314c7335b8d3d331e5fd78f38b9b92f6af48729dae80f85b15

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\wallpapers\stars\wallpaper.json

MD5 9660de31cea1128f4e85a0131b7a2729
SHA1 a09727acb85585a1573db16fa8e056e97264362f
SHA256 d1bef520c71c7222956d25335e3ba2ea367d19e6c821fb96c8112e5871576294
SHA512 4cb80766c8e3c77dfb5ca7af515939e745280aa695eca36e1f0a83fb795b2b3ef406472f990a82c727cea42d1b4ef44a0d34a7f4f23e362f2992dbff2527798b

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\wallpapers\stars\preview.png

MD5 ed9839039b42c2bf8ac33c09f941d698
SHA1 822e8df6bfee8df670b9094f47603cf878b4b3ed
SHA256 4fa185f67eaf3a65b991cea723d11f78de15a6a9a5235848a6456b98a9d7f689
SHA512 85119055ddfc6bc4cca05de034b941b1743cbb787607c053e8c10309572d2ef223786fc454d962fbb5e3cde5320117f9efe99041116db48916bc3d2fcd4ffa25

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\wallpapers\web\web_preview.png

MD5 3f7b54e2363f49defe33016bbd863cc7
SHA1 5d62fbfa06a49647a758511dfcca68d74606232c
SHA256 0bbf72a3c021393192134893777ecb305717ccef81b232961ca97ae4991d9ba8
SHA512 b3b458860701f3bc163b4d437066a58b5d441d8a427a8b03772c9c519c01983e3d3fdb8da20f6a53ad95c88dcdd0298f72822f39bc3672cb6f1d77fcc3f025a9

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\wallpapers\web\wallpaper.json

MD5 e4bd3916c45272db9b4a67a61c10b7c0
SHA1 8bafa0f39ace9da47c59b705de0edb5bca56730c
SHA256 7fdddc908bd2f95411dcc4781b615d5da3b5ab68e8e5a0e2b3d2d25d713f0e01
SHA512 4045e262a0808225c37711b361837070d0aeb5d65a32b5d514cc6f3c86962ba68f7d108bf4d81aa3bf645789d0753029a72c1ce34688a6d7af15f3e854c73f07

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\wallpapers\sea_preview.jpg

MD5 53ba159f3391558f90f88816c34eacc3
SHA1 0669f66168a43f35c2c6a686ce1415508318574d
SHA256 f60c331f1336b891a44aeff7cc3429c5c6014007028ad81cca53441c5c6b293e
SHA512 94c82f78df95061bcfa5a3c7b6b7bf0b9fb90e33ea3e034f4620836309fb915186da929b0c38aa3d835e60ea632fafd683623f44c41e72a879baf19de9561179

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\wallpapers\sea.webm

MD5 00756df0dfaa14e2f246493bd87cb251
SHA1 39ce8b45f484a5e3aa997b8c8f3ad174e482b1b9
SHA256 fa8d0ae53ebdbec47b533239709b7e1514ecb71278907621ca2d288241eb0b13
SHA512 967670863f3c77af26fa1d44cd7b4fe78148d2ba6ea930b7b29b9f35d606554d664c0577068e0c26fa125d54627d7e7543360bce4acee0af17783b07450b5f52

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\wallpapers\1-1x.png

MD5 80121a47bf1bb2f76c9011e28c4f8952
SHA1 a5a814bafe586bc32b7d5d4634cd2e581351f15c
SHA256 a62f9fdf3de1172988e01a989bf7a2344550f2f05a3ac0e6dc0ccd39ed1a697e
SHA512 a04df34e61fd30764cf344b339ba2636b9280a358863f298690f6a8533c5e5dfa9773a14f8d16a5bb709ea17cf75e1da6302335aa9120009892e529bfad30df9

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\tablo_UA_

MD5 1af7c65a09f5b23c8919656a631580db
SHA1 c9dca1523cc25f50bdd8d5ce2d354abb40cf6e5c
SHA256 71f09d4dc7592990580ad74d2f5262c29f98f72e11319daccdbcd1f095cec3f0
SHA512 f39f7490857186663577af939c802757ba35a8b15fd0d7acc9786779f5cd2e179dc41d5b89695abaeaf1b6acc9d20b5754e6201f2ffe55c393e8fedb3ac24eb6

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\tablo_TR_

MD5 9aac83dab47ce1228e8819cdcf1cceb4
SHA1 c3d60af194dc7be089ea62750ecedbb6e5fa16fe
SHA256 199b7586e0d25718342e3657eedbe81d20968759af4a8a63b04eb9ac6ee56d5f
SHA512 3cf47d3c13c752222a34a94896c005db96927c2d5d4c132655bd7a84bfb9607a0feeccefbfae8e98467cd8642c31d843bba4c6293007ef071d91e7dcfc8bf1b3

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\tablo_RU_

MD5 fbd7c40aa538b758a4588a07e88ac57c
SHA1 af30b54822bbd0674cb1ea9a51be19b7a78d43b4
SHA256 4ff2f383821f2e77878e4e624aadda8d4fc942e54803c69747da41c9988919c8
SHA512 bb183fe4b7f197bcf1ef72b5095cf41065f288c1426b006a6b99873969592825b623eeec51642a98fa783f6d7817766747a3f1209c8344559d21614f12c58448

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\tablo_PT_

MD5 0dde45f225a4290e59bfb55c80d4a51c
SHA1 3ebbbbb509d51a7c8e5cf409068644ad5ddbc09e
SHA256 8acb93ee7331e6b12feb81102b435c4bc044c614ef0fb8e69d2a0116bfe33d40
SHA512 d250d3891165505eb1fb7c5d2ccad397428785e8a6bb689dc56b55f2313f4b11bf402132d6f34ab6e9192453c43b74915bd7ddfafaf1716a954ccabd8b4d28c7

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\tablo_KZ_

MD5 7a9698fd54deaf12679dfa246adf5b60
SHA1 e824691b404a9aafe617c9c88e2063aaa08794bb
SHA256 8ff43d0de20a9e37107bd6428d6ac41843fe4f8261b00b8cea5792b72e365122
SHA512 805d72d8ade2e2018e7dba83bfdc292b3cdc4dff9746e717d74f5955466e55f67f8d03076bf1a6c5f8be37e77f8aaf855044b8b28a0e7f39580dad009fea4e8c

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\tablo_JP_

MD5 eb6d55790b6164b73e275c2401ad0550
SHA1 5c47d0c866925eb05a4b59986921ed60f8a612c4
SHA256 61f5b2ef85394c0034cfb05b650d7f4d9d79ffa87f2f6448566929f27a11411f
SHA512 0d4915979764f168b320e5152adfc18b186c5c966a3d42ba02c81bd5041386e08a89c818aa79d1c76304a3c9a3971982d5c97fc0493f19c1f283a64317acf9f3

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\tablo_IT_

MD5 da963f528183e2c335b3523c5b5e667f
SHA1 1b63bc824508cc978916ad6ace199d8058ef53dc
SHA256 bdc01e40b4ac8d262d616d31bef7d8bd2784c918ec9ea76e2be929bfb554585e
SHA512 8e1dca38a869a00bf7eb86b4173850631b1085068da2b49a184ef68029e03b8fe1906d8d0df2f6a5457905570b6dad57191a8175d6581a50092d531bda672e73

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\tablo_ID_

MD5 2271cc49e222c5fd558572fe9d7808b0
SHA1 6dbcf76e96e67434b8b9f294a61d1185afd9cbba
SHA256 8a4d261a6344c0eca555038eab21dd54d68c3cfbbe6eb11e7792c33f12537d03
SHA512 f3c5b9480dda3b8d7d7c36e5b2d4084c776ddd92d3a1e8086b9bb447486060ba07fb3d7ad9c8a15421d19b82b4e61f60057e94da726e5c8a7362438fa8b1961d

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\tablo_GB_

MD5 efda29551136fcc4de2ab4092ff02e21
SHA1 a911fb873c1221efd99e9ca330435788aea01a75
SHA256 c491c7db179d23b53ec7f378f280d971d7b96d738187c1377fed5bc8c89a652c
SHA512 e650b8b567dc658720cf74d8eb5cb6d51b4685f208232b9510a6b8739f8caa7f1d5e5e7b20a98b0b856ee56dce86cdae3eb7cf1b83974cb473011253a0af5c25

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\tablo_ES_

MD5 1c5d71e5a413ad550a08fe785f11d94c
SHA1 6c90db1ac6f5aa58202ee350f4e53ae3971be2bb
SHA256 e60f38def5e81c8784a6e09c61bb9577e3bba62a959d01a1a858f1ac30b61643
SHA512 5a74f8161ee5cbca1d935186b28d3650a6632be8d9b558996043decf0ebe05ab81af5ad8d94aa4632e370e596e9db9912c8e08bfaf0e1ef127c0cfd4d059b3af

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\tablo_CN_

MD5 f2826b7f3232265257d6efad0c443d21
SHA1 9da0d12745e199ac3f30f92c672b4dc97f35c75c
SHA256 cfb1791b0a72d00fde5675da5c041fc2de53123b5f5b2b2129237404eb8ba482
SHA512 4a8ac9dda75df8016e9b367b5d76afbab7f4f7f6fdcfe7f36d6273b7709fb992c377d21954a3665c234f84f640342b90161965e5dd09942ff8fbeaa8cccf7b8d

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\tablo_CA_

MD5 f8495a109372348b2f3aa8fd41fac4f7
SHA1 77c42c500e5a0889ad83d7693c6988b091a45012
SHA256 3b5a77e2a5d9bd96d68ae95981d82aab133fca44110622fcf5ee7e12dd667ebd
SHA512 19126463e599d7a41a7b1815ca8176a7aac922ef39807c262ae15671bb49c0244e884094b361a20554c08e0aae028155d6608f080fd0d72ee12d36185ea203a2

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\tablo_BR_

MD5 6a8fa7f8a6893d052627cd428d1e3237
SHA1 81422d8c739a136967a6bf77167bda1afee1280c
SHA256 71e8cdfe763f3479b399ffdb8dacd136e118c52b9d980e75e97a41e592cd258c
SHA512 86bf094a4b2d7d13ac1d9d872458ca88cadca6744a638173e0425f4eba5ff624343de2c9b9ef38502174847e0b4f00ce768c7fafdf8e7f8a9ad1d1c2fb308d42

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\tablo

MD5 b8aca2f09f3c9ecbd1c848007c3fd8b6
SHA1 e81fc8e2512026f9df9a661529a1e7a9ce0b2ba3
SHA256 a3b688dbadf99ba57652809adf074bb6e441895d0035983fae33912128fdb7cc
SHA512 df4eae94ee9eee02ce2fb7ced9968d9f644369638ec1ff392a15a28c89e4ec112aef966260be4072681f87145eee1460db1ced15b61798e3955c10eed3454a38

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\sxs.ico

MD5 592b848cb2b777f2acd889d5e1aae9a1
SHA1 2753e9021579d24b4228f0697ae4cc326aeb1812
SHA256 ad566a3e6f8524c705844e95a402cdeb4d6eed36c241c183147409a44e97ebcd
SHA512 c9552f4db4b6c02707d72b6f67c2a11f1cf110b2c4ac5a1b7ac78291a14bf6eb35a9b4a05bc51ac80135504cd9dcad2d7a883249ee2e20a256cb9e9ceeb0032f

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\tablo_DE_

MD5 4757da1b4ddb8085be308d987b150a35
SHA1 ce3492d4efa7f87e29c6b53aa7e3ac6d9ee95152
SHA256 9133f9eca9355387159ecfecc7158796305713c4046445d601eb5ded5fc0d3c3
SHA512 025d1e09494ac470f0cdefea6136d928d47f5f795f105603b43f37e43884e2c73da15757dc24f6793760bcc11501a2a4b3832a31f213c6751da20fc866ce9d72

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\about_logo_ru_2x.png

MD5 a6911c85bb22e4e33a66532b0ed1a26c
SHA1 cbd2b98c55315ac6e44fb0352580174ed418db0a
SHA256 5bb0977553ded973c818d43a178e5d9874b24539dacbd7904cd1871e0ba82b23
SHA512 279fb0c1f2871ce41b250e9a4662046bc13c6678a79866eaf317cc93c997a683114122092214ce24f8e7f8a40520fe4ca03f54930148f4f794df0df3ecf74e9d

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\about_logo_ru.png

MD5 ff321ebfe13e569bc61aee173257b3d7
SHA1 93c5951e26d4c0060f618cf57f19d6af67901151
SHA256 1039ea2d254d536410588d30f302e6ab727d633cf08cb409caa5d22718af5e64
SHA512 e98fbfb4ed40c5ac804b9f4d9f0c163508c319ec91f5d1e9deb6a5d3eada9338980f1b5fe11c49e6e88935ecd50119d321ce55ca5bdd0723a6e8c414e1e68e16

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\about_logo_en_2x.png

MD5 900fdf32c590f77d11ad28bf322e3e60
SHA1 310932b2b11f94e0249772d14d74871a1924b19f
SHA256 fe20d86fd62a4d1ab51531b78231749bd5990c9221eab1e7958be6d6aef292d9
SHA512 64ebc4c6a52440b4f9f05de8ffb343c2024c4690fe5c9f336e78cd1dd01ae8225e8bc446f386feb442e76136b20d6b04ee293467b21f5b294ce25e500922f453

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\about_logo_en.png

MD5 1376f5abbe56c563deead63daf51e4e9
SHA1 0c838e0bd129d83e56e072243c796470a6a1088d
SHA256 c56ae312020aef1916a8a01d5a1fc67ed3b41e5da539c0f26632c904a5e49c62
SHA512 a0bab3bae1307ea8c7ccbd558b86c9f40e748cdd6fd8067bb33eeef863191534af367a0058111553a2c3a24e666a99009176a8636c0a5db3bf1aa6226130498f

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\brand_config

MD5 61facde1de4ca1ed571f9edf5f09af09
SHA1 8b0371af8d36a883b2c2af320d3fb0f34dc9dff3
SHA256 0fc8a43e353d856891874f3a8b253d7cd0642643a9836d2ae61361815a3ee2f6
SHA512 5034579d7d743d0f18e4d15fd0914d773ac16b52933ce46a484a204b69430426fe94ff399977cb56421b03426ddba85d3d51db5bcedf88f3b030149cf0c8eb05

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\install_state.json

MD5 b35d85a6e29cc9b78da8e71f52ced7f4
SHA1 956681ff693af9ca7f6d49b3977e4c6d2777d008
SHA256 7c648ce5d11cc18fa508b4545356903f50e4577c405bd70b241c73d06218be33
SHA512 8f93bf2a52a08e0bc3c5bf618320025ca558179ff6fa4a3b03b73c8412ba49bf9d2d48b41e23197a14229e00d5c563fb6f1770f6bcd8aec7e0c0ac6769215a3b

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

MD5 e9699b91c5384e572229b3890f97d346
SHA1 5015c6fdd44fb7d7776b2d5571043071cf588129
SHA256 5aaefb719a0f48fdafa2720e7a9b2e6b3f2337bdeefc923891126eefb6087b37
SHA512 c1d058cf7cf6a4c17b54d86ff4221b4d68d33495607db3ccc6c3b980e11418ebf6505309b8cb21f9a9371417da83736137e6d81c52e50c92cc265d897ec929fe

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences~RFe5958b5.TMP

MD5 2dbdcbd7f27ef2120b8cc6eaf01d1386
SHA1 e27ac35a7e2ce2c9b159031bccb6b984ef4bdfc1
SHA256 7cb37b47fefb163a6972d31ba0ff378f89d45605c8fefaf486bd94fcb1894501
SHA512 378c45de1835395ea03d473d6aeac3ae61c9549ca508340cb48c67b6726414d3520fefe5e5d9f51ffbf5a076c361e2cbc0eb8beb5e9d02ed5f04ecbf26e8c452

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Sync Data\LevelDB\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

MD5 e47ee9a93018e2c068d3dee4e2f16515
SHA1 bbb28ff6df7049633b3450d4e9c69ccb7d5cec00
SHA256 6cb4d7abd468911b4c00fdb0e440c31cd32e1666e64812e46820dda82694b390
SHA512 a5501f63bdcd9e98e86a9a1bef6fdd20ce12faaea6c5995ac5b38c0335069c6c2071baa4147409367e303a945b7444c24dba7dfca238d73811b20225d767eb59

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\a1bc1ba8-81b0-4457-97b6-e59df24166ef.tmp

MD5 e21a669e6347a4697fb33b3bd8fc358b
SHA1 9e593d590e243125802c22a159693b5bc3d55db5
SHA256 be8ac618c2f5834455574468d68e90eb9a79e0f1df6c6eacd5253934dc83672d
SHA512 e4663388ec61635bbbfca6ec26b1c76de210c787e720d02de868f4c250da4bbb13d927e00988d6ad9e74538cf98decf962157ffd9e65abe05c92255be18c2c3c

memory/5684-1328-0x00007FFE0C9A0000-0x00007FFE0C9A1000-memory.dmp

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Secure Preferences

MD5 d327c623db652cd2a9be691d68f40613
SHA1 d49d57e8193afe96a08ae317805eea8d04a67b16
SHA256 04f28efffb25f20aee4700fa164d4c41f159cef03d65209ff85e02803e37207c
SHA512 36fdd321a2b08135802b589f44c55e3ec2d7163bd384da71f57e38f22dd5e977aa41eb2202722ae820baa10ac13c87402859db8258236d2bcc5ca0ec509bdeaa

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Secure Preferences~RFe595990.TMP

MD5 38576e4ad016342c9e4fa37f015cf015
SHA1 293f5199224f02e00f1ee073f8942868364f6935
SHA256 6d717a7712b43446ab906b795c49d62d5ba93b35c694a4f9c1449b15a25a4f84
SHA512 922e0b15e4165081f1d6c88f75b854be77bc1105c4e561c5da58fb23ace1db733b68f7a3e6367d545591ef07ab152b64d23cc669b4083925efea4a40848396f4

memory/3164-1344-0x00007FFE0D140000-0x00007FFE0D141000-memory.dmp

memory/3164-1343-0x00007FFE0C1D0000-0x00007FFE0C1D1000-memory.dmp

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\GrShaderCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\GraphiteDawnCache\data_1

MD5 d0d388f3865d0523e451d6ba0be34cc4
SHA1 8571c6a52aacc2747c048e3419e5657b74612995
SHA256 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b
SHA512 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\GrShaderCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\c1d6f69d-6ed6-43c8-8d52-22d40b106bd7.tmp

MD5 54497ce2271deb0e673ec048b44da343
SHA1 5f886314234b7aa6a4da5efc937a9d63ed007727
SHA256 3dcf052bb8050fa32f28873bb665f63f457799cb9a92549fb2dbea94014f929b
SHA512 d0d77d763b1b12c1b9d7a9a3f2aee4640ed5fb10d828b7c3c2cb051504c2b7b6438309124b934b346a4152c0aca009883d6bda42dc997188b8ca2736ac3419c9

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\GrShaderCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\web_ntp_cache\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\fe79e290-848a-4b47-b420-b1ce47747931\index-dir\the-real-index

MD5 d020774004660b7e20fafef896ec3950
SHA1 5cfde7dcc5b330b1d2c417ac8e93003e56d50a62
SHA256 7cc9320d0fe9393a86e6df9d205eb9efe31354a45e9d1a033cd316cae0760627
SHA512 9917f4fc03e26278bd8665b53d98ca71eb647b9e2f965d063f42eea88b9592c07aa6a76ac1c8ea03dd5b3c5fb921c9ce16ae3b7081c76df5bdd771301ba5c96f

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\turboapp_db.json

MD5 cc321782e9792c42c51803cb4c2b5867
SHA1 df06fe1c2fca9fb5e42da138d13de1b003c2432d
SHA256 95f2d83dee8c9856c9c99c2018d5ce4efdfaf1f6b1e2f6512b6ec538dddd061a
SHA512 a5a2b4b52304045485ea92376a9de255b18deed70e2ae25f75325929faeec94198e0f296a57b450f70c8eff6dd72e9e7e5107f3c3bc5ac978ed14f8e1c8e5709

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\turboapp_db.json~RFe595f8b.TMP

MD5 54643e0d6615f4af01a399e82c984b03
SHA1 7207b28d8f0a8c8524490a26b5dc79f3938da7d5
SHA256 39f412f40d5f2ee82d975d3979c6bed02f2af7c7aa5f6edb15c7f092eb357c12
SHA512 baf49c562fcb1655979d8d7ad001c808d88de994a0b63784c9f35ad947be27eb20b1134c92b78d4a04decb698adc9b46031b642a114d8071f23a584e5942c255

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Service Worker\CacheStorage\a401a5c3e5a6e316d830c597aeb6f7a2ff00e988\index.txt

MD5 917341e151193a3a543e700ef00c21a1
SHA1 c0c0fa141be882250a10ed289be4adfd842027ca
SHA256 b763d876b1cdbb1ab5bbea6aa1d3cf19b7f3fd2ca07cd9b8168bbda97008f953
SHA512 230a06c823d7fd59e56ec5181837fbb786e72da560ed0797fcdd9988ecd0d4aac675b3799171e103f1dea2994f56472014cec1785fe4fc26772afc3b0f841540

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Service Worker\CacheStorage\a401a5c3e5a6e316d830c597aeb6f7a2ff00e988\index.txt~RFe596b72.TMP

MD5 e862a8b3816b0e32baf7d5279369f0fc
SHA1 b42553fd0b9896db2e8a10d128e600189d7f1197
SHA256 dcae19b106023f6e0f0a354a4db4c4112b440f657f53175af06e683950eae5ab
SHA512 1f5f278cb23e21a19dc1ed50c0ec85451f85c1f657097e78c93c9204a716ce6c4fc50993aaaae14fd8c10e3272ba37748fa8eb8663d0ec052480ac5c874c23b0

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Service Worker\CacheStorage\a401a5c3e5a6e316d830c597aeb6f7a2ff00e988\index.txt

MD5 2e98b80563a75dadb3a2e179ec2757ac
SHA1 7c6500159a333370c568a2310f949709af5df692
SHA256 684b14831ebd9f63a76659aa51170cb15dda97508261f2bc58be034f75acebfa
SHA512 6595204bb9ad0548b607872e607fb7b1f9fb43b32a8cf23850c8fd2a295321034d1f53dde8c74c77d439cd414f26079950db67d6bbed1b87ce49254a51025bbe

memory/1260-2552-0x0000023F28870000-0x0000023F288A0000-memory.dmp

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

MD5 bfdf6c8fe7957093f29c483de6f9df79
SHA1 7484f5e09d51eda629e81d33b4bb6b8d298dc7df
SHA256 694d9383c32959112b4c85baf1a6f9e419c7b0c1f7f7f8b6f86f1b2860b99bfa
SHA512 36839b3f8f1bed9a0bb670e843a131c3bbab035aaa1626448c6a6c50d5b595ed679a92c211aec57428fc2b25999d743fcd10290f18aed17a1899446f501c28d9

memory/5684-2573-0x00000202B46F0000-0x00000202B4720000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f139a09b779b5ad02eceaacf7afc88e7
SHA1 2c2211de9515441fceffb4d530d945057000ed39
SHA256 0669d58cc09a870abdd48002657102aeac80cf38cd0e0204846015795b254f70
SHA512 e99aa6dc5e7c29a61707d7e5c697a4b212152c8daa339b19cc5e738ca6e2ecbfd892f28728ae87c8ad387cc985bbc324151a2ec3ea6188e311332fbf51bbb4f8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe59a975.TMP

MD5 d66dd18b8e3e0264d4389d49e72d4da6
SHA1 76ce2d08b937507b00ed7b3e3399c37a23551a70
SHA256 fc30ce21239a95ddc09ec76b3a22ea2c9aed99a5d3af49aa30a523b87ece0274
SHA512 d4e1b1347657d6cd956d2ef44f13417cbb4e7287051174704f310ed1b561d7e2c944da32d0b159285e05bf2d64d2b4eea11324c272e8d25952a281187ed9fbde

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b2694f3d6109b0c3124c4572397ce684
SHA1 dcd69b20b310e9a742663a53f8822c4a44180862
SHA256 49757a6b1ffde96c2baafe3ec0f722cd33fec5d028cd8a787e0aab33f434a0fc
SHA512 2c434d61a36811dadbfba9f2e9339de8b3d0e80352c3463421b3d42d0eb9018c6d0bfda599bfcac0ce7fa26f44b83a374e00c5f1182008fdb449f3b64905aa7f

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 b5446597daa0e238a6c7cb9f524e59f2
SHA1 de2f628306877aa0b02e498e17a1e0d152349572
SHA256 8f58168f12b2d0391ebf066e86d065b08acbefd14afa15735f01310d12e99f70
SHA512 a54405ebfd30e34b3bf47d210c58ec1ff01086901c42d58ecdbe3a4f45950331c1fd85b329e8addc8bc7e9c0295e51afd9f31f8e587626092664188d75260c53

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59b7ec.TMP

MD5 a8e252013327574ebe71df1b45d3f689
SHA1 cb927e8cc3b1a301d9d397bc6355be98ea8b6654
SHA256 4bf25857d31bacd935ac01866555eff20ebd8bdb78ce23ea686a0a639f6c0cdd
SHA512 05622a195814a9ea10ed5625099e1486a6129a1392e4a9543f13362817e3e130d08000944e082f3b2a69943b0ce41f78a304da0b5e28802eca50d436724db0a7

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

MD5 596a77c60c69dd245375f40db8b96a85
SHA1 aa1b20d169a1438395377c4ede1fbb8c8165e360
SHA256 1da72f0d38eec0473ec2247b1d640d4719e39db0c105974353b5f4e199788a36
SHA512 3409b7836c91fa082b9647c71eb527dd61cc90204b9990f62dccf0138c24b77a63968b466e168310ab842fe864d268bc2118d78c3f752064ad3b081bac7d509b

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Service Worker\CacheStorage\a401a5c3e5a6e316d830c597aeb6f7a2ff00e988\4bdf31bb-637a-4b27-b1c3-8b9250dd2162\index-dir\the-real-index

MD5 cc221c194576af34060c1eb8d732d19b
SHA1 275876cc7d7bb3436512f73d43cc79673174862a
SHA256 8036d0984b81a9711a0cfa772d8ba0cc86e227dd63195911755cdcbffa71be75
SHA512 48a6f6aa69aff93f3e38f17f5175e1de834af92105d4d2544d26bc5d22818eabae69c98ae6fdd5948d01694618c51db89e496535e3377edd6a5e5776a6c55bf9

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Service Worker\CacheStorage\a401a5c3e5a6e316d830c597aeb6f7a2ff00e988\4bdf31bb-637a-4b27-b1c3-8b9250dd2162\index-dir\the-real-index~RFe59bbd4.TMP

MD5 ab5a035d47b3f5bdfcfce1e4e5234850
SHA1 3d4e47c90b59a0c4beb3b7519f82d683223f6958
SHA256 c159820d28cacd744f8c9cd301c3b103560931e423329e95ca46b5520cb03639
SHA512 e8814623fecf82ebde2bf00e90c179154c711a53ecc186c3f3b74783fb1a13419de3c02e2d9cd50817049e47498af8e0fe92042abe30e8fc4fce63a6b79eec7e

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Service Worker\CacheStorage\a401a5c3e5a6e316d830c597aeb6f7a2ff00e988\c4e0e40e-e786-47de-955c-a9183c63e8fe\index-dir\the-real-index

MD5 b1b46551d3240e2d32f1b4c1d41f1847
SHA1 6aac4d0a4e40925d025b0e3f5bc8d0fae732c637
SHA256 6206bcee1501a9222d8f64b9b0420c8e4003dbd10ef0a05dcf59205fecf61f8a
SHA512 ccb68284786ef283c73ea31d81017dc9491b2afab7b1c03a91cd6186a25d8254b2758ecf284b311cad49edb71de013cc285246ab9f8fafea65f247e8ec194f73

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Service Worker\CacheStorage\a401a5c3e5a6e316d830c597aeb6f7a2ff00e988\c4e0e40e-e786-47de-955c-a9183c63e8fe\index-dir\the-real-index~RFe59bd1c.TMP

MD5 42275796c41c6d01058c0d70c12ff861
SHA1 699904c1ef152cf56d7240a0fdbdde23ec8829b0
SHA256 dc834b065a92431cf5507426494f62bc8e25fc63662f295640ac2d4761e50b49
SHA512 32edad3d79b45c45e1e3b9eef0d561de7c9044781b03a5fa6da47cfb8bff61950efd9fc06ee2f4d36d17e83a85f34b1dff3a7dfc925596730c9793245c98b644

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity~RFe59c087.TMP

MD5 1ef244f7c78662d886bce4f09039b148
SHA1 0fa4041471c4b1eee858519552680f4b73f87b64
SHA256 1bb11ae99fc7858f1413b0df6f7f15b6cc01013ec29e87b5859f9f10400ca300
SHA512 b577ac9bf7b0cc83df1d26e0b986d09fe85db0b0d0722f568705304d1587a0cf918b4841be6651390ed8ddb27787721b807ebb35daccae34923ea90c75576726

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity

MD5 5c90576ebd467eb3e0fc29ebfddab4c9
SHA1 b62bb2a40c58aa61e3e81ca4c1470b97121bcf37
SHA256 2bd0179b3281e6fe5b8b441ef7fad268b657cfd9776cb57671f203404492b8ec
SHA512 3499094ae6cadd1e1e1ecd6eb84b95be48768e93a29c0d5ee59366531ee7a3d11cc34e63cae190ced7095e119b5d9e539e0c0f9f6267c3ddc94ee563c4cf052b

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Service Worker\CacheStorage\a401a5c3e5a6e316d830c597aeb6f7a2ff00e988\eb8c5a2d-cb6a-45bf-b8d8-5b4cb6d9c459\index-dir\the-real-index~RFe59c0b6.TMP

MD5 6031708782076fe622e1b2b060a2480f
SHA1 d971ba5bc7c767a7022769d42050695dba558749
SHA256 f0e868f63d9ee0ad6fd30eb3abf0a8474e7a414b85bd3fe116015dd5757a4161
SHA512 6ac0ee95df093dfc99be965e8b8900b57f28108c87366c1359c3c39a2c6c57638c22f3946ea7d537aa9c5d846f8816a561967e64611682c245b5f4e7c95dcfab

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Service Worker\CacheStorage\a401a5c3e5a6e316d830c597aeb6f7a2ff00e988\eb8c5a2d-cb6a-45bf-b8d8-5b4cb6d9c459\index-dir\the-real-index

MD5 14f8be0ceb8db472f78f163196a21ba2
SHA1 1dc03712f77ddd73a07fa1ae119c21c218880d76
SHA256 95f120a626e66857ec8a2c424569c22ae7cf392e18357be587c40c3111adb3e1
SHA512 7893afae764ca9577fa873573afe85af8a0a63c1ea305a0397ca3cf4067a05f675d22a9b2d31d8e8d42b67e5c95e1627fb60ee9b95995e5343b49550f5723c41

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Service Worker\CacheStorage\a401a5c3e5a6e316d830c597aeb6f7a2ff00e988\index.txt

MD5 c0606658d4d3a7326d5a68752149ff66
SHA1 55564869243ba54e006521df7497be5ef05a4daa
SHA256 80194b4357c4e1fd0cc4bcbf32e1a077d9b02e9d3b9488fab3690d52c7bedd3d
SHA512 3b9dc354750169295341fdd6a1aea72c85ed2005f6350dd63afb53b3279e97fe816c082a3cfa1a1e24808367e2c66ce2134636f69c6622a12fda74994084a30f

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Service Worker\CacheStorage\f0a1ef1ab533153702e0a7f73b8d66e0b7e01d1d\337b61ec-869e-46c9-8390-e31dab6c64fd\index-dir\the-real-index~RFe59d603.TMP

MD5 fbf7c10f1cc401e150ed8c7fec948ec5
SHA1 8955430764106aaa424dfc48124244f5bf38e065
SHA256 2c6a83d7ccba9a5887f37cbd064c079330588331b0f989897ea39e525d0a251b
SHA512 06b2908f073d2bd0d3522ed18bfe33b5879486f173549769b663ede449e5023383cb05f2a354d819b2b5fd20f414d09f45f32d2c17fa85918647ccad8c3a5235

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Service Worker\CacheStorage\f0a1ef1ab533153702e0a7f73b8d66e0b7e01d1d\337b61ec-869e-46c9-8390-e31dab6c64fd\index-dir\the-real-index

MD5 2a9b1a681501777e625a8acd54a1f9f2
SHA1 188cb066aace534fc3a0b1082237b5e214ab3ca3
SHA256 ec519de5e49fcda7a3fd573cb9effd49d89757739f10ecbd46bee9b7d2a97deb
SHA512 2d8c5acb708cf9b893345dc6bc2403fa732feee0935920313ff4f5ace892ffdeb93a8f2d3e25002bfe7f89c108282181625b51805b4baa3ead2fc72ba63a15e3

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Service Worker\CacheStorage\f0a1ef1ab533153702e0a7f73b8d66e0b7e01d1d\index.txt

MD5 5218370880f4aa4927061bf55926a050
SHA1 ae7a70c440d12e17f14ec276b7f0adade36ebb24
SHA256 9e81fc335eabf73e55dc56512a228d762e5e4d33bbf57880b4a40b3e2d414eef
SHA512 08dc5e4b8a8268824917846a7cd5774cca85eefd063c59c7550e181eb9c0658895662e0ced1cb49b10fe855131033932ce1e407d39f0ecabb13dc3888a51bfb1

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Service Worker\CacheStorage\f0a1ef1ab533153702e0a7f73b8d66e0b7e01d1d\index.txt~RFe59d632.TMP

MD5 64904c7f69dce5913bb7748b20af1b9a
SHA1 ca9fd58c5ff60f2ca5ce9f96aa1155b8686f176c
SHA256 96c830cf1f8008476f4c333cd0fce6cbeff6efdfcffbd31b63ca7ccc3da690ad
SHA512 2bec0c76f51c70ff2157c6a1b98424adce7e2e1ad9ce6cf13945de47ccdf9a5d9119c8982cd5dc0e77a4b4eeefc2df2cf16c2d00b57bd85f43dbb0ba65f1e5dc

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity

MD5 86eb523f270edea70d1edde90d653e8e
SHA1 71ee2c2a6d25d0a6e7699e87d8d408e2af3da5af
SHA256 ac95e28d2320cc2aa0da9e8f93802f8e5067984a56a74deb81377c53b5716da4
SHA512 2109fef8d5a344ed283b3973cc409b908ddf2039f57231d2c0eefd9c86ddea2fa135a474e4f229736ed99a272f8dc258a87bcf10878c5f89359380f0082d781a