Malware Analysis Report

2025-03-15 04:36

Sample ID 241027-176ymavbnr
Target 3f5928c606208c18b770c53e231d7b9444d8d76b032acc2c549cde011cd73b80
SHA256 3f5928c606208c18b770c53e231d7b9444d8d76b032acc2c549cde011cd73b80
Tags
discovery persistence spyware stealer
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

3f5928c606208c18b770c53e231d7b9444d8d76b032acc2c549cde011cd73b80

Threat Level: Likely malicious

The file 3f5928c606208c18b770c53e231d7b9444d8d76b032acc2c549cde011cd73b80 was found to be: Likely malicious.

Malicious Activity Summary

discovery persistence spyware stealer

Downloads MZ/PE file

Reads user/profile data of web browsers

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

Checks installed software on the system

Adds Run key to start application

Drops file in System32 directory

Checks system information in the registry

Drops file in Windows directory

Drops file in Program Files directory

Browser Information Discovery

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Unsigned PE

Suspicious use of SetWindowsHookEx

Modifies registry class

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies Internet Explorer settings

Modifies data under HKEY_USERS

Modifies system certificate store

Suspicious behavior: EnumeratesProcesses

Enumerates system info in registry

Suspicious use of AdjustPrivilegeToken

Uses Task Scheduler COM API

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-27 22:18

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-27 22:18

Reported

2024-10-27 22:21

Platform

win7-20241010-en

Max time kernel

150s

Max time network

158s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3f5928c606208c18b770c53e231d7b9444d8d76b032acc2c549cde011cd73b80.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\yb7DF6.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\setup.exe N/A
N/A N/A C:\Windows\TEMP\sdwra_1440_754407338\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f5928c606208c18b770c53e231d7b9444d8d76b032acc2c549cde011cd73b80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f5928c606208c18b770c53e231d7b9444d8d76b032acc2c549cde011cd73b80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f5928c606208c18b770c53e231d7b9444d8d76b032acc2c549cde011cd73b80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f5928c606208c18b770c53e231d7b9444d8d76b032acc2c549cde011cd73b80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\yb7DF6.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\setup.exe N/A
N/A N/A C:\Windows\TEMP\sdwra_1440_754407338\service_update.exe N/A
N/A N/A C:\Windows\TEMP\sdwra_1440_754407338\service_update.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\setup.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\setup.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Run\YandexBrowserAutoLaunch_45886AE68CD319C7351FF54A1DBD4B87 = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --shutdown-if-not-closed-by-system-restart" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Checks installed software on the system

discovery

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A yandex.com N/A N/A
N/A yandex.com N/A N/A
N/A yandex.com N/A N/A

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\system32\config\systemprofile\AppData\Roaming\Yandex\ui C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe C:\Windows\TEMP\sdwra_1440_754407338\service_update.exe N/A
File opened for modification C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe C:\Windows\TEMP\sdwra_1440_754407338\service_update.exe N/A
File opened for modification C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\debug.log C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\System update for Yandex Browser.job C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe N/A
File created C:\Windows\Tasks\Update for Yandex Browser.job C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe N/A
File created C:\Windows\Tasks\Repairing Yandex Browser update service.job C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe N/A
File opened for modification C:\Windows\Tasks\Update for Yandex Browser.job C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\3f5928c606208c18b770c53e231d7b9444d8d76b032acc2c549cde011cd73b80.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\3f5928c606208c18b770c53e231d7b9444d8d76b032acc2c549cde011cd73b80.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "63" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\ = "27" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\ = "91" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecf3e4259aa05419b9c0951a15b131900000000020000000000106600000001000020000000ff348daddb6320dfbe23dfe68aeb912a2d53b1749fe9c74b2be539b7e78c5297000000000e80000000020000200000002884ce3da8535056bb4d63ca9a8de4e471eec720960b6fef2ce99d58beebec7590000000137b8cc980b28b3d27fafbd8de2442a9550f6b1017930d53d42072c2344ecc92e64c5a5c6e9f67c133bc9fbfde678391e7104e52555be36da9a90b1d0c61665deb3a102dc5d5063f0f8584864c7d0e851304c785b14e8101522947c9abdfefe4a7633adfcf836c8c17c89c98604b5bfb65ffe174de502b76e89403230a94e6e4fcca9441de70642e86b8d2b75fe7f72c4000000042d040a2da9b86ae213215cb38c171e2f465c836feffc563e2b4a043270169e935209509aaf54a194e51d1f000533e622e8c6b41328f459841ef618ccc24cc4b C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "49" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e061e852be28db01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\ = "9" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\Total = "9" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\ = "63" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "91" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\Total = "91" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "9" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "607" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "27" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\ = "49" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\Total = "49" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "638" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7AC250E1-94B1-11EF-8121-F6D98E36DBEF} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecf3e4259aa05419b9c0951a15b131900000000020000000000106600000001000020000000b7637e39e9dcefef7b6f3a9498a0265751b5ed210b0e9bec25c1a3865e72e3f0000000000e80000000020000200000004850121bc699b348314a84eab046fd87860b0acaa19cb969e5a7a3087674f01f200000001fcbfcd25873a57800024a629be204313830bbf3f63eb2e967f529364ff3e9004000000039d0b56dfa9b5a13f713eeb9f99e638a3fe5fa070d08b645c067648414ecf11af8463a033ef09b5d6b5248b60a5c049bc202823c83a3c9f65ec853d1ed9898ca C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "436229416" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\Total = "63" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\Total = "638" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "12" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\Total = "27" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\ = "12" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\ = "638" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\Total = "12" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\ = "607" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\AppDataLow C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\AppDataLow\Yandex\UICreated_SYSTEM = "1" C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\AppDataLow\Yandex C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000_CLASSES\YandexWEBP.LHZZQ35XRN4RHZUWDTFU7RRRMQ\shell\open C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000_CLASSES\.tif\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000_CLASSES\YandexEPUB.LHZZQ35XRN4RHZUWDTFU7RRRMQ\ = "Yandex Browser EPUB Document" C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000_CLASSES\YandexTIFF.LHZZQ35XRN4RHZUWDTFU7RRRMQ\Application C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000_CLASSES\YandexCSS.LHZZQ35XRN4RHZUWDTFU7RRRMQ C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000_CLASSES\YandexJPEG.LHZZQ35XRN4RHZUWDTFU7RRRMQ\Application\ApplicationIcon = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,0" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000_CLASSES\YandexTXT.LHZZQ35XRN4RHZUWDTFU7RRRMQ\Application\ApplicationIcon = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,0" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000_CLASSES\https\shell\ = "open" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000_CLASSES\YandexFB2.LHZZQ35XRN4RHZUWDTFU7RRRMQ\shell\open C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000_CLASSES\.shtml\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000_CLASSES\YandexINFE.LHZZQ35XRN4RHZUWDTFU7RRRMQ\Application\ApplicationName = "Yandex" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000_CLASSES\YandexTXT.LHZZQ35XRN4RHZUWDTFU7RRRMQ\DefaultIcon C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000_CLASSES\YandexHTML.LHZZQ35XRN4RHZUWDTFU7RRRMQ\Application\ApplicationCompany = "Yandex" C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000_CLASSES\YandexJPEG.LHZZQ35XRN4RHZUWDTFU7RRRMQ\ = "Yandex Browser JPEG Document" C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000_CLASSES\.infected\OpenWithProgids\YandexINFE.LHZZQ35XRN4RHZUWDTFU7RRRMQ C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000_CLASSES\YandexCSS.LHZZQ35XRN4RHZUWDTFU7RRRMQ\shell C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000_CLASSES\YandexTIFF.LHZZQ35XRN4RHZUWDTFU7RRRMQ\shell\open C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000_CLASSES\YandexBrowser.crx\Application\ApplicationCompany = "Yandex" C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000_CLASSES\YandexHTML.LHZZQ35XRN4RHZUWDTFU7RRRMQ\ = "Yandex HTML Document" C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000_CLASSES\YandexTXT.LHZZQ35XRN4RHZUWDTFU7RRRMQ\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-120" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000_CLASSES\YandexTXT.LHZZQ35XRN4RHZUWDTFU7RRRMQ\shell\open\command C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000_CLASSES\.fb2 C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000_CLASSES\YandexBrowser.crx C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000_CLASSES\YandexGIF.LHZZQ35XRN4RHZUWDTFU7RRRMQ\Application\ApplicationName = "Yandex" C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000_CLASSES\YandexJPEG.LHZZQ35XRN4RHZUWDTFU7RRRMQ\Application\ApplicationIcon = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,0" C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000_CLASSES\YandexSWF.LHZZQ35XRN4RHZUWDTFU7RRRMQ\Application\ApplicationName = "Yandex" C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000_CLASSES\YandexPDF.LHZZQ35XRN4RHZUWDTFU7RRRMQ\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-112" C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000_CLASSES\yabrowser\shell\ = "open" C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000_CLASSES\YandexTIFF.LHZZQ35XRN4RHZUWDTFU7RRRMQ\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-119" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000_CLASSES\.tif\OpenWithProgids C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000_CLASSES\yabrowser\DefaultIcon C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000_CLASSES\http\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,0" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000_CLASSES\YandexGIF.LHZZQ35XRN4RHZUWDTFU7RRRMQ C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000_CLASSES\YandexJS.LHZZQ35XRN4RHZUWDTFU7RRRMQ\Application\ApplicationDescription = "Yandex\u00a0Browser is a fast and convenient software for working online and viewing web pages." C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000_CLASSES\YandexSVG.LHZZQ35XRN4RHZUWDTFU7RRRMQ\shell C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000_CLASSES\YandexTIFF.LHZZQ35XRN4RHZUWDTFU7RRRMQ\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1" C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000_CLASSES\YandexWEBP.LHZZQ35XRN4RHZUWDTFU7RRRMQ\shell\open\command C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000_CLASSES\.infected\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000_CLASSES\.js C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000_CLASSES\YandexFB2.LHZZQ35XRN4RHZUWDTFU7RRRMQ\Application\ApplicationIcon = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,0" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000_CLASSES\YandexPDF.LHZZQ35XRN4RHZUWDTFU7RRRMQ C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000_CLASSES\YandexGIF.LHZZQ35XRN4RHZUWDTFU7RRRMQ\shell\open\command C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000_CLASSES\.crx\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000_CLASSES\.epub C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000_CLASSES\YandexCRX.LHZZQ35XRN4RHZUWDTFU7RRRMQ\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000_CLASSES\YandexHTML.LHZZQ35XRN4RHZUWDTFU7RRRMQ\Application C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000_CLASSES\YandexPNG.LHZZQ35XRN4RHZUWDTFU7RRRMQ\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-113" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000_CLASSES\YandexEPUB.LHZZQ35XRN4RHZUWDTFU7RRRMQ\Application\ApplicationCompany = "Yandex" C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000_CLASSES\YandexFB2.LHZZQ35XRN4RHZUWDTFU7RRRMQ\shell\open\command C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000_CLASSES\YandexSWF.LHZZQ35XRN4RHZUWDTFU7RRRMQ\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-118" C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000_CLASSES\YandexHTML.LHZZQ35XRN4RHZUWDTFU7RRRMQ\ = "Yandex HTML Document" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000_CLASSES\.webm\OpenWithProgids C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000_CLASSES\https\shell\open C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000_CLASSES\YandexCRX.LHZZQ35XRN4RHZUWDTFU7RRRMQ\Application\AppUserModelId = "Yandex.LHZZQ35XRN4RHZUWDTFU7RRRMQ" C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000_CLASSES\YandexSWF.LHZZQ35XRN4RHZUWDTFU7RRRMQ C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000_CLASSES\YandexTXT.LHZZQ35XRN4RHZUWDTFU7RRRMQ\Application\ApplicationName = "Yandex" C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000_CLASSES\.epub\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000_CLASSES\.webp C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000_CLASSES\YandexFB2.LHZZQ35XRN4RHZUWDTFU7RRRMQ\Application\ApplicationCompany = "Yandex" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000_CLASSES\YandexJS.LHZZQ35XRN4RHZUWDTFU7RRRMQ\ = "Yandex Browser JS Document" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000_CLASSES\.pdf C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000_CLASSES\.html\ = "YandexHTML.LHZZQ35XRN4RHZUWDTFU7RRRMQ" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000_CLASSES\YandexJPEG.LHZZQ35XRN4RHZUWDTFU7RRRMQ\Application C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000_CLASSES\YandexTXT.LHZZQ35XRN4RHZUWDTFU7RRRMQ\Application\ApplicationDescription = "Yandex\u00a0Browser is a fast and convenient software for working online and viewing web pages." C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\setup.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\setup.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2604 wrote to memory of 2032 N/A C:\Users\Admin\AppData\Local\Temp\3f5928c606208c18b770c53e231d7b9444d8d76b032acc2c549cde011cd73b80.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2604 wrote to memory of 2032 N/A C:\Users\Admin\AppData\Local\Temp\3f5928c606208c18b770c53e231d7b9444d8d76b032acc2c549cde011cd73b80.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2604 wrote to memory of 2032 N/A C:\Users\Admin\AppData\Local\Temp\3f5928c606208c18b770c53e231d7b9444d8d76b032acc2c549cde011cd73b80.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2604 wrote to memory of 2032 N/A C:\Users\Admin\AppData\Local\Temp\3f5928c606208c18b770c53e231d7b9444d8d76b032acc2c549cde011cd73b80.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2604 wrote to memory of 1828 N/A C:\Users\Admin\AppData\Local\Temp\3f5928c606208c18b770c53e231d7b9444d8d76b032acc2c549cde011cd73b80.exe C:\Users\Admin\AppData\Local\Temp\3f5928c606208c18b770c53e231d7b9444d8d76b032acc2c549cde011cd73b80.exe
PID 2604 wrote to memory of 1828 N/A C:\Users\Admin\AppData\Local\Temp\3f5928c606208c18b770c53e231d7b9444d8d76b032acc2c549cde011cd73b80.exe C:\Users\Admin\AppData\Local\Temp\3f5928c606208c18b770c53e231d7b9444d8d76b032acc2c549cde011cd73b80.exe
PID 2604 wrote to memory of 1828 N/A C:\Users\Admin\AppData\Local\Temp\3f5928c606208c18b770c53e231d7b9444d8d76b032acc2c549cde011cd73b80.exe C:\Users\Admin\AppData\Local\Temp\3f5928c606208c18b770c53e231d7b9444d8d76b032acc2c549cde011cd73b80.exe
PID 2604 wrote to memory of 1828 N/A C:\Users\Admin\AppData\Local\Temp\3f5928c606208c18b770c53e231d7b9444d8d76b032acc2c549cde011cd73b80.exe C:\Users\Admin\AppData\Local\Temp\3f5928c606208c18b770c53e231d7b9444d8d76b032acc2c549cde011cd73b80.exe
PID 2604 wrote to memory of 1828 N/A C:\Users\Admin\AppData\Local\Temp\3f5928c606208c18b770c53e231d7b9444d8d76b032acc2c549cde011cd73b80.exe C:\Users\Admin\AppData\Local\Temp\3f5928c606208c18b770c53e231d7b9444d8d76b032acc2c549cde011cd73b80.exe
PID 2604 wrote to memory of 1828 N/A C:\Users\Admin\AppData\Local\Temp\3f5928c606208c18b770c53e231d7b9444d8d76b032acc2c549cde011cd73b80.exe C:\Users\Admin\AppData\Local\Temp\3f5928c606208c18b770c53e231d7b9444d8d76b032acc2c549cde011cd73b80.exe
PID 2604 wrote to memory of 1828 N/A C:\Users\Admin\AppData\Local\Temp\3f5928c606208c18b770c53e231d7b9444d8d76b032acc2c549cde011cd73b80.exe C:\Users\Admin\AppData\Local\Temp\3f5928c606208c18b770c53e231d7b9444d8d76b032acc2c549cde011cd73b80.exe
PID 2032 wrote to memory of 2268 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2032 wrote to memory of 2268 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2032 wrote to memory of 2268 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2032 wrote to memory of 2268 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1828 wrote to memory of 824 N/A C:\Users\Admin\AppData\Local\Temp\3f5928c606208c18b770c53e231d7b9444d8d76b032acc2c549cde011cd73b80.exe C:\Users\Admin\AppData\Local\Temp\yb7DF6.tmp
PID 1828 wrote to memory of 824 N/A C:\Users\Admin\AppData\Local\Temp\3f5928c606208c18b770c53e231d7b9444d8d76b032acc2c549cde011cd73b80.exe C:\Users\Admin\AppData\Local\Temp\yb7DF6.tmp
PID 1828 wrote to memory of 824 N/A C:\Users\Admin\AppData\Local\Temp\3f5928c606208c18b770c53e231d7b9444d8d76b032acc2c549cde011cd73b80.exe C:\Users\Admin\AppData\Local\Temp\yb7DF6.tmp
PID 1828 wrote to memory of 824 N/A C:\Users\Admin\AppData\Local\Temp\3f5928c606208c18b770c53e231d7b9444d8d76b032acc2c549cde011cd73b80.exe C:\Users\Admin\AppData\Local\Temp\yb7DF6.tmp
PID 824 wrote to memory of 2428 N/A C:\Users\Admin\AppData\Local\Temp\yb7DF6.tmp C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\setup.exe
PID 824 wrote to memory of 2428 N/A C:\Users\Admin\AppData\Local\Temp\yb7DF6.tmp C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\setup.exe
PID 824 wrote to memory of 2428 N/A C:\Users\Admin\AppData\Local\Temp\yb7DF6.tmp C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\setup.exe
PID 2428 wrote to memory of 1440 N/A C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\setup.exe
PID 2428 wrote to memory of 1440 N/A C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\setup.exe
PID 2428 wrote to memory of 1440 N/A C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\setup.exe
PID 1440 wrote to memory of 2088 N/A C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\setup.exe
PID 1440 wrote to memory of 2088 N/A C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\setup.exe
PID 1440 wrote to memory of 2088 N/A C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\setup.exe
PID 1440 wrote to memory of 2292 N/A C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\setup.exe C:\Windows\TEMP\sdwra_1440_754407338\service_update.exe
PID 1440 wrote to memory of 2292 N/A C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\setup.exe C:\Windows\TEMP\sdwra_1440_754407338\service_update.exe
PID 1440 wrote to memory of 2292 N/A C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\setup.exe C:\Windows\TEMP\sdwra_1440_754407338\service_update.exe
PID 2292 wrote to memory of 2864 N/A C:\Windows\TEMP\sdwra_1440_754407338\service_update.exe C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe
PID 2292 wrote to memory of 2864 N/A C:\Windows\TEMP\sdwra_1440_754407338\service_update.exe C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe
PID 2292 wrote to memory of 2864 N/A C:\Windows\TEMP\sdwra_1440_754407338\service_update.exe C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe
PID 2744 wrote to memory of 1632 N/A C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe
PID 2744 wrote to memory of 1632 N/A C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe
PID 2744 wrote to memory of 1632 N/A C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe
PID 2744 wrote to memory of 2116 N/A C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe
PID 2744 wrote to memory of 2116 N/A C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe
PID 2744 wrote to memory of 2116 N/A C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe
PID 2116 wrote to memory of 2364 N/A C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe
PID 2116 wrote to memory of 2364 N/A C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe
PID 2116 wrote to memory of 2364 N/A C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe
PID 1440 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\setup.exe C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
PID 1440 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\setup.exe C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
PID 1440 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\setup.exe C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
PID 1440 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\setup.exe C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
PID 1440 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\setup.exe C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
PID 1440 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\setup.exe C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
PID 1440 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\setup.exe C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
PID 1440 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\setup.exe C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
PID 268 wrote to memory of 1100 N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
PID 268 wrote to memory of 1100 N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
PID 268 wrote to memory of 1100 N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
PID 268 wrote to memory of 2188 N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
PID 268 wrote to memory of 2188 N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
PID 268 wrote to memory of 2188 N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
PID 268 wrote to memory of 2188 N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
PID 268 wrote to memory of 2188 N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
PID 268 wrote to memory of 2188 N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
PID 268 wrote to memory of 2188 N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
PID 268 wrote to memory of 2188 N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
PID 268 wrote to memory of 2188 N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
PID 268 wrote to memory of 2188 N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\3f5928c606208c18b770c53e231d7b9444d8d76b032acc2c549cde011cd73b80.exe

"C:\Users\Admin\AppData\Local\Temp\3f5928c606208c18b770c53e231d7b9444d8d76b032acc2c549cde011cd73b80.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://yandex.com/legal/browser_agreement/?lang=en

C:\Users\Admin\AppData\Local\Temp\3f5928c606208c18b770c53e231d7b9444d8d76b032acc2c549cde011cd73b80.exe

"C:\Users\Admin\AppData\Local\Temp\3f5928c606208c18b770c53e231d7b9444d8d76b032acc2c549cde011cd73b80.exe" --parent-installer-process-id=2604 --run-as-admin --setup-cmd-line="fake_browser_arc --abt-config-resource-file=\"C:\Users\Admin\AppData\Local\Temp\abt_config_resource\" --abt-update-path=\"C:\Users\Admin\AppData\Local\Temp\66510b89-67e0-48e5-96cf-c25e0eec4032.tmp\" --brand-name=int --browser-present=none --disableyapin --distr-info-file=\"C:\Users\Admin\AppData\Local\Temp\distrib_info\" --installer-brand-id=int --make-browser-default-after-import --ok-button-pressed-time=360889500 --progress-window=393502 --server-config-bundle-path=\"C:\Users\Admin\AppData\Local\Temp\f9d2550c-a359-4288-84f1-a028e33290e1.tmp\" --variations-update-path=\"C:\Users\Admin\AppData\Local\Temp\cfb68ed1-9e2e-4fa4-8b40-911692d448ef.tmp\" --verbose-logging"

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2032 CREDAT:275457 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\yb7DF6.tmp

"C:\Users\Admin\AppData\Local\Temp\yb7DF6.tmp" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\66510b89-67e0-48e5-96cf-c25e0eec4032.tmp" --brand-name=int --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --browser-present=none --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --disableyapin --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=41 --install-start-time-no-uac=361107900 --installer-brand-id=int --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --make-browser-default-after-import --ok-button-pressed-time=360889500 --progress-window=393502 --server-config-bundle-path="C:\Users\Admin\AppData\Local\Temp\f9d2550c-a359-4288-84f1-a028e33290e1.tmp" --source=lite --variations-update-path="C:\Users\Admin\AppData\Local\Temp\cfb68ed1-9e2e-4fa4-8b40-911692d448ef.tmp" --verbose-logging

C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\setup.exe

"C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\BROWSER.PACKED.7Z" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\66510b89-67e0-48e5-96cf-c25e0eec4032.tmp" --brand-name=int --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --browser-present=none --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --disableyapin --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=41 --install-start-time-no-uac=361107900 --installer-brand-id=int --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --make-browser-default-after-import --ok-button-pressed-time=360889500 --progress-window=393502 --server-config-bundle-path="C:\Users\Admin\AppData\Local\Temp\f9d2550c-a359-4288-84f1-a028e33290e1.tmp" --source=lite --variations-update-path="C:\Users\Admin\AppData\Local\Temp\cfb68ed1-9e2e-4fa4-8b40-911692d448ef.tmp" --verbose-logging

C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\setup.exe

"C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\BROWSER.PACKED.7Z" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\66510b89-67e0-48e5-96cf-c25e0eec4032.tmp" --brand-name=int --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --browser-present=none --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --disableyapin --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=41 --install-start-time-no-uac=361107900 --installer-brand-id=int --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --make-browser-default-after-import --ok-button-pressed-time=360889500 --progress-window=393502 --server-config-bundle-path="C:\Users\Admin\AppData\Local\Temp\f9d2550c-a359-4288-84f1-a028e33290e1.tmp" --source=lite --variations-update-path="C:\Users\Admin\AppData\Local\Temp\cfb68ed1-9e2e-4fa4-8b40-911692d448ef.tmp" --verbose-logging --verbose-logging --run-as-admin --target-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application" --child-setup-process --restart-as-admin-time=409857400

C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\setup.exe

C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=45323b5b377897c846fc6c473cf984a9 --annotation=main_process_pid=1440 --annotation=plat=Win64 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.10.1.598 --initial-client-data=0x158,0x15c,0x160,0x12c,0x164,0x13f7f04b8,0x13f7f04c4,0x13f7f04d0

C:\Windows\TEMP\sdwra_1440_754407338\service_update.exe

"C:\Windows\TEMP\sdwra_1440_754407338\service_update.exe" --setup

C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe" --install

C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe" --run-as-service

C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=45323b5b377897c846fc6c473cf984a9 --annotation=main_process_pid=2744 --annotation=plat=Win64 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.10.1.598 --initial-client-data=0x11c,0x120,0x124,0xf0,0x128,0x13f63caf8,0x13f63cb04,0x13f63cb10

C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe" --update-scheduler

C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe" --update-background-scheduler

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Temp\clids.xml"

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\source1440_1031051953\Browser-bin\clids_yandex.xml"

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --progress-window=393502 --ok-button-pressed-time=360889500 --install-start-time-no-uac=361107900

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id= --annotation=main_process_pid=268 --annotation=metrics_client_id=c744882af5554dcd9dfe62199d5a4dd2 --annotation=plat=Win64 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.10.1.598 --initial-client-data=0xd8,0xdc,0xe0,0xac,0xe4,0x7fef59bef88,0x7fef59bef94,0x7fef59befa0

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=C5EA8A21-4AB9-4BD0-BE4A-5A81C4BDF805 --brand-id=int --gpu-preferences=UAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --gpu-process-kind=sandboxed --field-trial-handle=1756,i,12277782069851258200,2313075714246569649,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=1788 /prefetch:2

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=C5EA8A21-4AB9-4BD0-BE4A-5A81C4BDF805 --brand-id=int --gpu-preferences=UAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=disabled --gpu-process-kind=trampoline --field-trial-handle=1740,i,12277782069851258200,2313075714246569649,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=1844 /prefetch:6

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-id=C5EA8A21-4AB9-4BD0-BE4A-5A81C4BDF805 --brand-id=int --process-name="Network Service" --field-trial-handle=2156,i,12277782069851258200,2313075714246569649,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2168 --brver=24.10.1.598 /prefetch:3

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-id=C5EA8A21-4AB9-4BD0-BE4A-5A81C4BDF805 --brand-id=int --process-name="Storage Service" --field-trial-handle=2296,i,12277782069851258200,2313075714246569649,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2332 --brver=24.10.1.598 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --user-id=C5EA8A21-4AB9-4BD0-BE4A-5A81C4BDF805 --brand-id=int --process-name="Audio Service" --field-trial-handle=2584,i,12277782069851258200,2313075714246569649,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2380 --brver=24.10.1.598 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=C5EA8A21-4AB9-4BD0-BE4A-5A81C4BDF805 --brand-id=int --extension-process --help-url=https://api.browser.yandex.com/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --enable-ignition --allow-prefetch --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=2960,i,12277782069851258200,2313075714246569649,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2972 /prefetch:2

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --user-id=C5EA8A21-4AB9-4BD0-BE4A-5A81C4BDF805 --brand-id=int --process-name="Data Decoder Service" --field-trial-handle=3400,i,12277782069851258200,2313075714246569649,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3408 --brver=24.10.1.598 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=C5EA8A21-4AB9-4BD0-BE4A-5A81C4BDF805 --brand-id=int --help-url=https://api.browser.yandex.com/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --enable-ignition --allow-prefetch --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3556,i,12277782069851258200,2313075714246569649,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3568 /prefetch:1

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=C5EA8A21-4AB9-4BD0-BE4A-5A81C4BDF805 --brand-id=int --gpu-preferences=UAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=angle --use-angle=swiftshader-webgl --gpu-process-kind=sandboxed --field-trial-handle=1864,i,12277782069851258200,2313075714246569649,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3492 /prefetch:2

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=C5EA8A21-4AB9-4BD0-BE4A-5A81C4BDF805 --brand-id=int --help-url=https://api.browser.yandex.com/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --enable-ignition --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=1920,i,12277782069851258200,2313075714246569649,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2068 /prefetch:1

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=C5EA8A21-4AB9-4BD0-BE4A-5A81C4BDF805 --brand-id=int --help-url=https://api.browser.yandex.com/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --enable-ignition --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3504,i,12277782069851258200,2313075714246569649,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4168 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.browser.yandex.ru udp
US 8.8.8.8:53 api.browser.yandex.net udp
US 8.8.8.8:53 download.cdn.yandex.net udp
RU 213.180.193.234:443 api.browser.yandex.net tcp
RU 5.45.205.243:443 download.cdn.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp
US 8.8.8.8:53 cachev2-fra-02.cdn.yandex.net udp
DE 5.45.200.105:443 cachev2-fra-02.cdn.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp
US 8.8.8.8:53 cachev2-kiv-05.cdn.yandex.net udp
US 8.8.8.8:53 yandex.com udp
FI 5.45.192.144:443 cachev2-kiv-05.cdn.yandex.net tcp
RU 77.88.55.88:443 yandex.com tcp
RU 77.88.55.88:443 yandex.com tcp
US 8.8.8.8:53 cachev2-kiv-04.cdn.yandex.net udp
FI 5.45.192.142:443 cachev2-kiv-04.cdn.yandex.net tcp
US 8.8.8.8:53 yastatic.net udp
RU 178.154.131.217:443 yastatic.net tcp
RU 178.154.131.217:443 yastatic.net tcp
RU 178.154.131.217:443 yastatic.net tcp
RU 178.154.131.217:443 yastatic.net tcp
RU 178.154.131.217:443 yastatic.net tcp
RU 178.154.131.217:443 yastatic.net tcp
RU 178.154.131.217:443 yastatic.net tcp
US 8.8.8.8:53 cachev2-ams20.cdn.yandex.net udp
NL 5.45.247.21:443 cachev2-ams20.cdn.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp
US 8.8.8.8:53 cachev2-kiv-01.cdn.yandex.net udp
FI 5.45.192.133:443 cachev2-kiv-01.cdn.yandex.net tcp
US 8.8.8.8:53 mc.yandex.ru udp
RU 87.250.250.119:443 mc.yandex.ru tcp
RU 87.250.250.119:443 mc.yandex.ru tcp
US 8.8.8.8:53 samsara.s3.yandex.net udp
RU 93.158.134.158:443 samsara.s3.yandex.net tcp
RU 93.158.134.158:443 samsara.s3.yandex.net tcp
US 8.8.8.8:53 uxfeedback-cdn.s3.yandex.net udp
US 8.8.8.8:53 mc.yandex.com udp
RU 93.158.134.158:443 uxfeedback-cdn.s3.yandex.net tcp
RU 93.158.134.158:443 uxfeedback-cdn.s3.yandex.net tcp
RU 77.88.21.119:443 mc.yandex.com tcp
RU 77.88.21.119:443 mc.yandex.com tcp
US 8.8.8.8:53 cachev2-ams17.cdn.yandex.net udp
NL 5.45.247.13:443 cachev2-ams17.cdn.yandex.net tcp
US 8.8.8.8:53 cachev2-ams21.cdn.yandex.net udp
NL 5.45.247.25:443 cachev2-ams21.cdn.yandex.net tcp
US 8.8.8.8:53 cachev2-kiv-02.cdn.yandex.net udp
FI 5.45.192.140:443 cachev2-kiv-02.cdn.yandex.net tcp
US 8.8.8.8:53 cachev2-ams18.cdn.yandex.net udp
NL 5.45.247.18:443 cachev2-ams18.cdn.yandex.net tcp
US 8.8.8.8:53 cachev2-ams03.cdn.yandex.net udp
NL 5.45.247.53:443 cachev2-ams03.cdn.yandex.net tcp
US 8.8.8.8:53 cachev2-rad-03.cdn.yandex.net udp
FI 5.45.192.8:443 cachev2-rad-03.cdn.yandex.net tcp
US 8.8.8.8:53 cachev2-rad-01.cdn.yandex.net udp
FI 5.45.192.4:443 cachev2-rad-01.cdn.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp
US 8.8.8.8:53 api.browser.yandex.com udp
RU 213.180.193.234:443 api.browser.yandex.com tcp
RU 213.180.193.234:443 api.browser.yandex.com tcp
US 8.8.8.8:53 storage.ape.yandex.net udp
RU 87.250.251.66:443 storage.ape.yandex.net tcp
US 8.8.8.8:53 update.googleapis.com udp
US 8.8.8.8:53 update.googleapis.com udp
US 8.8.8.8:53 api.browser.yandex.com udp
US 8.8.8.8:53 api.browser.yandex.com udp
GB 142.250.200.35:443 update.googleapis.com tcp
RU 213.180.193.234:443 api.browser.yandex.com tcp
US 8.8.8.8:53 browser.yandex.com udp
US 8.8.8.8:53 browser.yandex.com udp
US 8.8.8.8:53 neuro.translate.yandex.ru udp
US 8.8.8.8:53 neuro.translate.yandex.ru udp
US 8.8.8.8:53 300.ya.ru udp
US 8.8.8.8:53 300.ya.ru udp
RU 93.158.134.121:443 300.ya.ru tcp
RU 87.250.251.20:443 neuro.translate.yandex.ru tcp
RU 93.158.134.121:443 300.ya.ru tcp
US 8.8.8.8:53 browser-resources.s3.yandex.net udp
US 8.8.8.8:53 browser-resources.s3.yandex.net udp
RU 93.158.134.158:443 browser-resources.s3.yandex.net tcp
RU 93.158.134.158:443 browser-resources.s3.yandex.net tcp
RU 93.158.134.158:443 browser-resources.s3.yandex.net tcp
US 8.8.8.8:53 yastatic.net udp
US 8.8.8.8:53 yastatic.net udp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
US 8.8.8.8:53 yastatic.net udp
US 8.8.8.8:53 yastatic.net udp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:443 dns.google udp
RU 77.88.44.242:443 tcp
RU 77.88.21.37:443 tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 93.158.134.121:443 300.ya.ru tcp
RU 178.154.131.217:443 yastatic.net tcp

Files

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 dbde47edc4504ca4ceb35f43acfede18
SHA1 34eff5897ddc7ece8c2c5236dcf5a3bab84b4396
SHA256 f4d1efe41a2d1e209a11ce657e973007325b30161345f87c1c97165959beeaa6
SHA512 9df6876deacb61b7b1c4f9eb547593577e83cfb9fc5f0e87daabebccaa7dfba8bd50e88817f51a9a74a98a39ce2db0cce721111442515e2b6ca9426451d99e71

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 c9740a065bfcdac54ce8d816151ba953
SHA1 231e132f02b104e049eca567e8f8c4b3daef3a84
SHA256 71ddfd6a32e90037e69f2971d22e442c4f49fa2db92729a9311ae5dfa58637e6
SHA512 334077be0019db2176eb1566f18871d179383e3c1188deb13270376165ac49b95cde04812acb9c32f6aa2d6fab0ae3af24d7368215aacf206a3b147f5c94d100

C:\Users\Admin\AppData\Roaming\Yandex\ui

MD5 c4276cde85f7cf209fce9687bf13d157
SHA1 9e2e1b8d13db3c7fcde41fb63bb963cd3bf4fdc4
SHA256 90314c43d4684d80a11061a732493c36a2f10f13e0942ae5dd93c7fe59ddc4e7
SHA512 e15ee3f0dd69d0ba7bb41634414e88eaca7fac4f0e5b1e97bf59c42b538068847dddf3544c5a6439bfe4edc471e3075090fef83f2fcd6bac266cdc7ec4017398

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 da5987e0cb7561c5696286febac4385f
SHA1 c1eb3ca6945fb6ea4034c7644fe59381421efb6c
SHA256 af8310956cb9df4d382b3375c0f9c42a9a2a62efaea33a6e2221f7a7bcb29e02
SHA512 31d7906e8183d2c1428c1d8feb4ae6f96f25ef961f1db7334b77d76ded5e94393c9ccc3b14332413e034870bb3b8252d9cba289ea4e645413bf12fcd89e03349

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 b3225d6ff5dc5c850ba03ec4d7b17911
SHA1 abf2c132803ee60acd1d113c95734857ef8388ff
SHA256 5ecf90991b38518cd0bbc869d3bd023e7eb0172c510da8babbe02ced6f154cd2
SHA512 3300ed012123d14d03320b915071234d32868578fadd0c6ac41de83b9e1153f9327c39379f25a72146f0abe52e9539e30de5f908b1b2d42cd9fc4e69483d7cd3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\66F835E41EC6A985EB9271E4A70169D7_CF44E3C99F7F4AC558EEB35244F7E046

MD5 b3a50f5cdbbc1412bddec5c13362f70c
SHA1 b4de15a110f9d9fbeb485c7cb01d9a7d7acf8357
SHA256 9a56a079e89a16586180a7fbfc7146d69aee8ac6a1e62e9bbb89ac5e603a7774
SHA512 c1513444c63cbafe2d4fdd1e8951c72f21773419004515f2652a5b9ae89e40585327c53da545cb8a53700f34ede0c92dcb9766efb29cdb66bc69b0da0393f525

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\66F835E41EC6A985EB9271E4A70169D7_CF44E3C99F7F4AC558EEB35244F7E046

MD5 feaa57f55e0e2858b8d0ad21cea71dcc
SHA1 943cc5eee9af8bcc55dc1fc35f7ae2aebdb9bcd8
SHA256 992ddbed78e47b67af983936642861240c626e379162d51b92a5a5602ebcdbe0
SHA512 920542d166cd2eef6af6076f1676518a8fdd656efefffdd02e9e160ab9049e4b8efd90ee08b3b2473079c88d449962a1c9a87521369c62c4843284148d556775

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_7DAD5545724AA2C98C55095F428499FB

MD5 92503143624810cb146c058280333015
SHA1 436f428df88da2809f12faf918837cf92f5dbbee
SHA256 2a8099bb289e3fa43bc78d5a55a78b2c4b4d117d86c0ddeffa57bdb651ff5aad
SHA512 c245ce6170880bef6f5972aa4062e021caf637d7e6c769ba7d647ab9cb9119e5783f51c8fb621f7d6b7a6f21f9f6022394781df2b77e4fd6c1754885d6074539

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_7DAD5545724AA2C98C55095F428499FB

MD5 be1fbc4cc3edc8562677893f47d85fc8
SHA1 6265b9cea568bcf0ad443fb51ebf6a8c21d73551
SHA256 d29d2c293fe970a9a808247a3007ad876436595adba7ea03476a5999249423d2
SHA512 d916fa0eb2bee464d104a421fd2b15c1253714276d328d301770c116e885d80c278f8dcd5e7e6d4c3b9de53b74766a902e29c92297dcbc4374211903aef40919

C:\Users\Admin\AppData\Local\Temp\Cab9BC3.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eeb374d5e4629ac7a9ac71502233bfd2
SHA1 f35164e438dd0e33d5877d185a843b46905c7cfc
SHA256 824649d9c6239ac9b1fd02e7f8200d65611e165abcb74a8f34dab3d782cde5c0
SHA512 b47211cb8216f0a7e83df164e06ad1ff0b06f696a4d4d7d7a75452d4bce7185755e5eeb34c4977e2c840b5f1c5545bd860bf76cca2ec3363bf9371b976c22337

C:\Users\Admin\AppData\Local\Temp\Tar9BE5.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\81B9B36F9ABC4DA631A4713EE66FAEC6_3127807E14AC026FFAE1EDED5FD0DA62

MD5 08a89799911ad92bc9844f49563e6825
SHA1 4c1151294433a4a2614f4179e54c8386821005d2
SHA256 b5e9d04cfae5a54d7e71ef9a58775072275752ab2ed2d4351a2e0146e8afcfc9
SHA512 32de41441cf126c8441d48942ee845186e03b13097a15c6226780992257f5dd189a56ed92c37846d6bd5305c88a7110b2dc9d16e2cacada16769689d97d8cd95

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\81B9B36F9ABC4DA631A4713EE66FAEC6_3127807E14AC026FFAE1EDED5FD0DA62

MD5 449210bc461fda54be09eb1bcc6c8c04
SHA1 a1ad005afaa3b60c7ee62d426416cf10fb8ebd16
SHA256 13056fe2c4fde7ba3436c85598ab2f05841399cb544398028cd8fdd432ced6ec
SHA512 012c7c801ec915fecd8d90281bc645a841cbc63300cb1878d0319c395132aaed175508948bda6807332e1c9bce9c73e5a055a2f0136a19426cefd28633a38d39

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\OPO9U7LK.txt

MD5 9f854df6af262aacd2b569c7057ba100
SHA1 3007733519b0f9e98c3f3643b66191d86f75bdb1
SHA256 263bc62ba99586cb818d1eb78199bd05e2089fbebe943867274283fdcf610beb
SHA512 0dee1f8d504bd1490d2bf32adfdd19a953a3ecf204c4ea76f74f21e5c7cd069e4961dcfbbaf88f553c098444d454b8ed4d35a68a11fb003f928f63a65f3de29a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3

MD5 706719f21a1381d24f926b0081592f14
SHA1 5297657e4a1d5310cb0157e24c55d4ae7d66dc81
SHA256 8616db10de0d16ef21b4a88ce8f9ef04156427d1f9a6aaa508f0f07ee72c1b7e
SHA512 e2888a0a1b7d3672598ce318d81b0d51d2f77ebec0a191365a0327560fa831d5712174c5aaa609c47c9b1efc6a901616a35cefca05de498bd8f2fa9399c28ba7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3

MD5 fede0599f99d998099f9b3e09e30a955
SHA1 5db128736c03f1e5cb0c5ba8f3182fa9ed9c06a0
SHA256 35a1dfbdcc0bb0168559715e40873dea43b0a0f89d698394bee56f7d7a2489a3
SHA512 5ef2f060f981f8c0e9fa1049e590add15bef7a26d79abbb945774d805658aa1be2828bf3b01c61ae730054ec7158a266055abd1ca7072d0a2a45d38fd2939b21

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B

MD5 3fdad953acb347dead14a0c881ac9f95
SHA1 cb11d9684dd49ccc6723259b877d7d8a9715af7e
SHA256 f4c1b14856d27ac155f4fe0d85fb4d5e7c37441d009359e27b5a52cea8e68078
SHA512 aeaece5c5f60265bbaf8d176f1cc95141c741eb15c08aa8167b4efe6fcdbad9499d2959f24cff4609d562f782c4225e817edf6ba6193d318e8cdc8dab8c7158b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B

MD5 1806051c7bd11084c7f96b4551e200a0
SHA1 f7b06cf8e663be3abd2088aa33b48c7a7edc2ff0
SHA256 589498252f3dba7236201c5771fdca1bda20178731d6aa66796cf1d1dd4f0394
SHA512 c5fdcefda625bc91d56048da9a320c4a44989c1b2ed292ce6d13497dbb33a43bdb2adc4ca6f9e89b805366c17c9b7ec185ae172b8eba786e8650cc63d07cd7b2

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ULO3S8D2\yandex[1].xml

MD5 2e2ded7d4324f54991a8e8a43cc2a4cb
SHA1 6757c03ffb907faa3d0d94caf90e300f2df48f76
SHA256 9bbdab455e7ed323261fe75d446c6fd9ea4028eb13d7a820023cbddb0346e5cb
SHA512 f883e2a03329f6773f2da0bd600f7a941d2de289ee4fbb011e1960bd3be47865fa9e70876ff9ae114f51134619de32d5d66d6c29523fede02e9fa7c870560c01

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ULO3S8D2\yandex[1].xml

MD5 80fe64c30809ad0e68ce89a419366893
SHA1 4a5cac153a988147a371eb889235170d507a4c18
SHA256 c8bb9d19007e09eda56c4074d13d472e83f79b15595b54fd06252bb2f74b6256
SHA512 b14945069f215aeb3905196e3fcea2a2a6a9402f11f0c1c2d5216483b7875cbbdaedf66b4a9b8a0e2c4793d29e7b82dcca4e82cf6619bbf7066df46f92a03021

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\melo7gx\imagestore.dat

MD5 c2863de5405ad70c360df5361f4affb2
SHA1 f6665cfbe66b9901496a4f137b2135b79738ce1b
SHA256 fbadb541303d8e0a6479e267aef17d0d89e043ea9957c5a5461943ef5977e408
SHA512 a0e99e0c702e7384008748ba53aa7871b397ceb52a488d9a5f6a9161ac23d666a0c62626c6a1b038e58e20567634c89836f60841374efcf671836de7e3d1f154

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT668XG4\favicon[1].ico

MD5 5bd286ded38badeda66e9c395b814405
SHA1 49e2213a60c70825b9552505cb8b7334a3a29a40
SHA256 bdd8486f2d838c7d9b0e2dcfe732a52c92f63879525206c2662905a051dd31ea
SHA512 96bfc9211f0f1c1c375e49ebcfec9e85280bba64352a4936b95e15d5128e77e9b4d5ba60cbdd76f8e39ce7bf537e8c77fef218e0b24856f28fc34671fcbecd0f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e829d09c813a18b43a207cc2dccf236b
SHA1 dd1bab27a3fd3c6b69ae0e07dddf2ff0aee20a17
SHA256 a4fa1930e3d2e8d2e0abac9352882a01e871fbb98dfe1f7ed28af3a4b283d872
SHA512 346333c2fb62ba62fc9b12216950acb2db6b3fb01ce908e15ba162c1531d5790b56931f66d9ac1f6e9f26ab36355da35a6a326701adaf77ef2e060b61a0b51ab

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a07ac99592bd05931a9cd3a084e835c0
SHA1 6f9228c7cf46af816a99b4876cea2982c3f52161
SHA256 571e9623ca04f2132793cf8fbe087db59be9f0ee39de0541cf1080b88f465be2
SHA512 c79f45c718d3cbd80c4aeeb0b0f50af950acd29eadf1058be1cd4a3dfa2f120d4ad29ce7d02941f30e0b540a22fa5c59f0d2b662ef656907ca2255fbcaae6923

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e4b38f13d8748abd9ab35eb743d9a15c
SHA1 26909169ce4af5af2ec45222bba1a31ba9b4c22e
SHA256 177f9dccfcd882f7f731dcbeb2ab6e974608256e6b11a26c66e7995f029e14db
SHA512 3007731f01e573877f8233ddb253315f29200b49b375a91a27874bc071d681cfaf164235798541659843e09b7430f97e91cd94ac68a26ecf9c27fadd1d37858e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b9df4961ae105bea322287a62acf1079
SHA1 8350aa4e22ef4fc9e4586c15fa4513434619b324
SHA256 95b4e143d15d61891d3b1465fb3e70ee5eb99a9a9093c5d0269ef992a8b9e78e
SHA512 c61f8a2fd40c6bf5baf9df17bb798ea1c3dee0507540c327eb0646c7714a8d4ad06ec7648e6d22d54cbf1a1a050d33f184df079d55671e25e51ab9827ac0610b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d89ed360ff62599e0b5b41ccf57e656c
SHA1 0a273cacf3d68a2cb3a0f84406383528d0a3863d
SHA256 13102ad9d840042481d5429050129232aa575ac7e7f55f71fa3a0ed0b64b71d1
SHA512 0a38188223fbbe507cbfe45940624490ddd773f5bdae9237cbe4db3153350904f3eea018dae9061635c0ff2538bb9388d30702449a58f6387af59f5573a91260

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 efbde2c46bee0bfe997462e1f5e9959e
SHA1 920807253c5bd3ea106e8b37616dc3dd86daf2d3
SHA256 c64c2efad3a367f853646f7ca19d2534d05ce1e82e0fbd822078c6e6a6c06209
SHA512 0de2e1d5d305db72239c5cbb6349bccce5166906f6c5118c84be4733f5602059756d419a02e19c4de362a7c04950e4da097e74c153989d44909a5a50ad692557

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7ca85e5f761b02c245090b5fbc51f9d2
SHA1 48302c52b29cc97a31d39755bf2ffd858a53e7a6
SHA256 5484d36d1f0069dbad3c3759790d6874c6c298193d9fb53d3605ca6a09c5ff3c
SHA512 28a814f34fdd9c462e47499af85272101f2d8c46ddcea0875bef1a344370b89df0f4d6ff971db5c2220d65bdf490d35c0a2e0889f2ae1b1405335509ad13814f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 95141a4fde8a8826a84024880b8bb960
SHA1 16b90b7cc883d6773e40cbdd6945a4aaab8a1470
SHA256 3496c98a23f4bef6f84968db9bc41252d46b3c1107db2b1f4d721806ce9b7127
SHA512 589ab46467e46232f4c82b4ff9e0aee92f47f5f14f766ea9845e39be936e7967768661eef579838501b47204a6c4295d32df53f1713b643e9c428776a229f81e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8f36e9ebd7ee64ad0bde778b793942b6
SHA1 b1b14b012904a62f529593231fc97749b63a1e42
SHA256 f4c74c29040245aa891703f997eff87bac957eaeaffb7f3dd8c7f2212112ae76
SHA512 b1ad66ebd64d0e6d20b2cc89f4d9167923436b5f799de20ad9d52cd24a8b4dadd32bde3974bd625df820c2690db3d9f07c59893d283486605d9465a9c6fa0fdc

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\QXHO4104.txt

MD5 6397ad94609bb461530bc246865ab932
SHA1 4e97ac1a387c4336578cc790b29f0700af8add45
SHA256 2594502ef79ffc8b98938461714904b921b560ad39d7b8643b892e9bc7281a8c
SHA512 95ecaa05ab2ca4aa02c0f115d6410e564f42f4de68b7326006c059f06238724a9f8716a4ff400acb6f98c653fa3740f177a377fa864de2006acb79294aa18d5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9982bc6d381d9720221538d6ff27a39b
SHA1 701d24dee83377ad0ceebd2b936b3fe5034ed63a
SHA256 bc0bb8be135b8baf124b010cf4798f577cb1b4913258b3e7a7eb01452bd17b08
SHA512 aec5db0820193c026f0fd9c6699537e119f94a85c4101286f24fb3a07158fc8f0e0db8f47dd305604b354646ce189b7e18c326df5b96b0507fba4f6a1ebe5136

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 233a0ff8abd28a3d4651842ff9c6755a
SHA1 b18999cdb6737802f8c44fb7750c16a4d9741624
SHA256 ce34d87b43f34fbb70c62fcc8fcbd3f82e41493f08f5e2af98aac2eeb9103986
SHA512 f30821bbc1e4a7092c626529e9f6130590ab7671b504ed69855e16ef19d3aa056df3bc9e022fe26d7ab2cdcc1dddb400223f5857d6cc5851676a507d7c97b753

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 fe31622d60da77a5a5a5d4eea553b614
SHA1 00c76088722f1cb6980c48aacb0e747065c2c2ba
SHA256 ad3dab353d98597869f71a151e4f43da7f2a7145e3f8a80d254df7b467e7724d
SHA512 5cad57fe6baf15b1fdbe3d901b9e94ca174769b07075417cd27db17e708d84a2d5959d7e4f7263ec96d448952334a64ab353cbeb60c427e92ed6d148a5e9b700

C:\Users\Admin\AppData\Local\Temp\website.ico

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\setup.exe

MD5 85d846823c88a1bb8836cfd8907320cf
SHA1 6d9b5bd3edb701f1403f7f65ba83ba493a106192
SHA256 3e9b0d73bec058270f9e233b57f13c276f054e1be5da5a5a6c26a510cf3a15f9
SHA512 6a043c9e594b77d45532244735a334541bfb3ce379159ede9d44e4d40ce2d77e68c632e044b1ab02216eb34801bae99fe1439a9c86c89320d0c3dcb9db65f272

C:\Users\Admin\AppData\Local\Temp\master_preferences

MD5 140d790b876aefd9f1a0812d544bf9ae
SHA1 896a7819f2e8bc36ca92992ffc3febbf7851e161
SHA256 c8fb515b5a762aa96cb702bd098a247ec6a573d9d70f258eff954627f02a0e00
SHA512 193b073994a2acaf87becde3daf0a64bde5cca296ec987945ab0044da43469f01abee7efe21d0f870a6c53d65f50e84b09be871b048fb87b83b0212090c0abe0

C:\Users\Admin\AppData\Local\Temp\yandex_browser_installer.log

MD5 ec5a62130d8020b4c912cf91859a7485
SHA1 dc229356be1c997a01df55248a11fc2404d76557
SHA256 d5fcdca367a8fbb812ff20438f6e72369847ef6ea0eb357e9f98610928109945
SHA512 e9e1c293a609e0d03cd3a5740210a2fffcc6c25923f0cea2be79283494abbb76418735cc4306df976c59a494d4c35057a82f6ad1fee99743d3626d14050c4253

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 d5e9dac1a3efdb0d9e350574d48d353d
SHA1 f19ebebab28a79d0b11352a6769a2059d2a42c34
SHA256 9735a0105ca82d2b6249d15231bf52b0334a9d8d7681b4beb1d7c739ad41f65a
SHA512 2720ae95ff0fcfe7c4df5b06a00f07b67c7ed9d3dfe399061f34030eee3d0025cdd08b2db48cd3bdcc006360f11707b55ccc04e9d33c648e60c4b1173c39cecd

C:\Users\Admin\AppData\Local\Temp\distrib_info

MD5 6e057e23dce650497eef288ee99d525f
SHA1 6b0829f7412265042bc1b12dced488e2ab2af186
SHA256 aa40a3e699555d6533e89de29f42007094c5cdf216e77687150b64213b96abe1
SHA512 c17c0e8daa32692d214abe83036da03a654225c43e95d267c4b518d90071b9ec9475c842a114182ad34d1e7289defd100ca718181971e2ca6181e07415854b9a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\349D186F1CB5682FA0194D4F3754EF36_329286CE101A90C7D927A9DF52224760

MD5 2bdf46be5878816941f3eab4dd59a9ae
SHA1 1e0fc79bc3f2738ce10e024415908b72c85b4f81
SHA256 a6e7072a3edc428503398f72eac0d47fc8d503eda91368b6034b5d92177f58ec
SHA512 f5ee8c28d74c2a37224ce3ca2116b0188a33e36b745721a8034ab1f39e65052757fc0c2fe470c742f19a3abe6cd0a25d5767248d3e6c4fdc81bcf0ade24b257d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\349D186F1CB5682FA0194D4F3754EF36_329286CE101A90C7D927A9DF52224760

MD5 474728d0b81a96dc4663c2719f441036
SHA1 545c0574723f9e56c4582d4a7e4872dbe312b3d9
SHA256 4e90f1a068eeacc2f6d7c80fe0d157e418b3d582b4b84f7814e74c33e4d41f0c
SHA512 3988d9167b4f2c5639e7c2498eda7c3a49aca9ca4ed253dfdd8cee4fe32a4138e89ec879e62c75ba692d60e6770e75bcfd34a06e6b4ed42f2c9500ad1b622c9d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2b1c41f6664ab4df7738478c7aaffe32
SHA1 b55c8ea85462168de041689dc461a0efc0f87012
SHA256 2d78666bbf40a9b2c42555fd6c5fb8a4752ce12acb8575c142077836dd79b2d7
SHA512 7992316971f11652f0b560d5d53529d83b1522563aed92cfc3e0f746575f89fb96bf00ec6695ea8069898c10392144b723964b54e6f56b881932d72d0f314392

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 989bcabc1e4f1536b013a2676a9ae639
SHA1 4f0eab17d9b582960165b6a811d42794d7ea4a1f
SHA256 423ae1d4cae5678cf1fd671d2d8a390c7dc13deda6612001bf524148bf629f0d
SHA512 6c2b209717bcfeb798d308e5d6b3cf976c0a0071434893de4b4ccf778c246312214fbeaab98006d2c04d5b4a5944902d359e41e41d5e504621967145fd74321e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1bf2326ffa2f27730325d511c3413e32
SHA1 6d93423b7c62810fd4742c0f3dae6f724279a54a
SHA256 b32bab2bee4ad7933b2febb4deb53eccfe5fbf400170cb7ed5361a85be338966
SHA512 98cc12649fdfe26bec5a1c92d1c200b074f85575f4750e7730a7f31936921249f88027f1f9d3c669d06190daaee0125a2d4f36954f0b1853a5a14788d53457bd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 79688d4e8761925e913de301af326bd9
SHA1 69f94894af66194d35dda6502ecf5a80af98efb3
SHA256 33e7e8a6216c5f94662544e20d6f71b2901fe4a48e17d32231de99e6ea57d6f6
SHA512 277c9b081cb8576d371074bc0c59e4fa57b45ab7197aaaa5a0c758c668337319f79bcd3e1c5bafad524104e94df7651d379ed88675163ea5a28cdcf2518f71d1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f078bb6a6b8bf2a89d8d9fb99565c4db
SHA1 844694c9fa4d9d1ba1f55b5c565a185c918afac3
SHA256 12a105d3ddaa412b4f46c2f170aa877021672e7779a36f668d7ffbf61c220105
SHA512 ac0950a1e60e28d17e0ad91ac9f44178d774223e52216e3ba34f5e833d048d262648b1d63e8867470bee4632e8893ff6696215596a411b2f66c02c8ba4dc4f84

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ab98ef793ce15bfd9de34e8826293286
SHA1 738e041775855b462205ab228bbe4207f80a6cd2
SHA256 3d34ba86ccb20297114d992cdfb580409f6f15c7d39ebb447bb5ad49db613551
SHA512 3de472f8a53a40328a1c85d121fb02e74c4ef3bdd35035afe4fb469b7cf2f4d49b3ad4e9da5d76f1b2ae796e31c9aef49e92d25c37d43ea77068b11cc2880b24

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f78e63bfd95c95c820862eb089e63f1e
SHA1 6456f8ea49a50bbec368b5d0d53d16122c731462
SHA256 fb7afa3919f782055d5a41885cc4361ab1fac4868545f0ba4095d1665b3e26eb
SHA512 5e77c4d0f6c241601d692de877e3ba1d2e885b2983b0eb7b0d29b8e2e2bbb2b74c442ddac036067a2c57ffa206c779e2cc4e5635063d9239053ca49ce95b6a9a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7bf34885ba94feb4e9e46a295c878040
SHA1 8a156fcadcf6112b5c5f4b6557133364e8067439
SHA256 953accd2370bf43457b73e9159661cdcbc82b6a6d6724228d9e9ddb9e4f2f310
SHA512 2c4f9c9091c9669684b70c919541b50e8c40e364da0126b69bf2c41227f4b572f7e0805ff940b923249b01b7823f30fc3adc614cf823f757bca234d3c67be0fd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e212493cb27acb79ceaba3c248434145
SHA1 d35d882031e59a3f0bc88d342fdd26af6e8b8eae
SHA256 21efb1367c4c88aa49e63022fa8e4c2d5a8e49f424b1d7ab9e104acd55038935
SHA512 f6d5bbdf710c9ed4af3c8a1c0856ba0e1f43387c04bdfe22370807ba5fede8af65655b5383e979564be2570107920164d167e52151b5933c2858688fb84405f9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 705fe471a96702f5090d6ad882142351
SHA1 ce241236a3f34ea51e71761a513a89e775058731
SHA256 06ce344f9ea7474285d3bc3be4059ddab6e60a056545f9f226518caa9a835ecc
SHA512 47dbf3b6cc33a6307a85e8c8d7c62484829e52bdd9b4aa93987742a247d9f9276f3781029cb7d17cecfa8e0990996a5d37e275024cfa0c6e4ad53aab1cdc8e75

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 04cdf9384a48d7e5ee2f87e70cb4435f
SHA1 b75017a824bda86f512ddc5a3db9c88a59a45721
SHA256 b855ba970e6401f1666676a7fa419391ed936c6baa88e37fe7d30ef427644e13
SHA512 914d9045a74d6c1e89c3ab2a45f9c24c3e5a6ee7b577b5ebf497e340656397e170f7d04f4f89a317529eb5ef26039fb80ef1ccbe22953e83772ea6d0071d0dac

C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\BRAND_COMMON

MD5 9da8a139bf4d5e0776cef62f05bf2407
SHA1 90841e68f3c61d8a54fadd0b2ddfa6e373b2c939
SHA256 f8a69b101323c8a730167620420867e2ad1664904cd4b06ad691db23fc61453f
SHA512 2a0997ce8ba8046e2748b46d1ec3b9da5bd308eeac88558248e3320aa61efcad0745e8cf1edc10fa8303df2cdea11b9f2210261963212148dc881cfc4cbf6f80

C:\Users\Admin\AppData\Local\Temp\YB_71B87.tmp\brand_int

MD5 8c167f6e79cac9ead27bbf354f6856d9
SHA1 b913e37b79cdc47dc9ea02286532becda4d64d0a
SHA256 bc98136f08488fa26b258de3a6456c0365446219448788353ef5eb204e454d82
SHA512 6c9e7526cfef7aa23c5bffd961814d5b74a0cd025b71e96dbf90077e5739c075ce10b9a3c48115d364f3a9cb16dfd0e7ed0a82ab436277fc593bdd8c9ebda7da

\Windows\Temp\sdwra_1440_754407338\service_update.exe

MD5 8cfe6ee4fa6c0d2916de38c4601ef40d
SHA1 1d5f29ea1909489cc552c108f92dfa7e1b9022eb
SHA256 a96b4cc2627b0084412910e9e7f965a99c1e19f65d202308dfcd21e0b831b2a7
SHA512 fd7b1daff2960846a2bb20ae3147a0b6c55bd15e9f35dd6cedd4bc6fd5e6010132b4e6a77eecc89b6248c22e09f749c56a052a2b6ca70de644780f64b26fef5f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8a07780e3fceaa6739f99f4e97ebf682
SHA1 054cd7aa97ca33655ecdf094ac03ac1031ca494f
SHA256 b74503f1f4431b0a78c2a447089f43cdd2106de53cce3d5a8ef6ce3222da9ae8
SHA512 32f929829c77470c2d923976dc9f997ea5131cccb409db559413f19473db1fcd09844ad7207649568c763e11e400d7a2000271c4066760087da9e43635f8de52

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 657f0dbc0084f5a511350ea4ec27b1de
SHA1 b665d24116633b3b2eb555b8762190269d4ca512
SHA256 6216bf4c84b5c63ff8fcf98e4b31739dcc9d538e04bc532e25aa0455cb9d092b
SHA512 11de6a24eedeeb757e152b97a158b95818d704cd6945e7506e8ae195526d848bd6e5d3854a31fbb324bd7fbfff7eb1f0b4e508dcf0f2382d3a1af90f98095d49

C:\ProgramData\Yandex\YandexBrowser\service_update.log

MD5 cbef29df42ac84f932b8c39afe4be7cd
SHA1 76db170eb447a728e3d82d829fd67168d88367e5
SHA256 2e7a04c04c844ee8b552eb961251c5902a4168fc7d65d6e3a2856a082459e851
SHA512 4a4895bf64d59ecf505faead8e695ea414f8945e96a68438eb10f292bd42ec6b3900333a137aab24a73e3e49ee03902fabe4fd99a393d93a897b3331e1decd16

C:\ProgramData\Yandex\YandexBrowser\service_update.log

MD5 9b0ee1e5fb362afec8270b2435c413e5
SHA1 10e26ea0a5aaff3d44317787a2e38f6970bfba38
SHA256 c94a968a9b328bfabb1f0e848f68f8468fa857723fa40fa5f7591b2da3f3eee2
SHA512 4089d833575a35b9e20c3b081b75db319e6ec55f668d9cb0dce769504f469ed9bfb4e69ae14f2a25b81aadce3d526e3d6fb115be93dbeca60b466254722c0177

C:\ProgramData\Yandex\YandexBrowser\service_update.log

MD5 4798925e376ba12076cf96398feac6d6
SHA1 cbb1130b752fb4700a23231aa509603026b24724
SHA256 d40bdd8f612c4097efb4403bdcec7351f66fd272fe0fdcd40a3c27e14d24e153
SHA512 355f54ff72df5787b41f5496bb4fa623eb68db29508e5928d56ea7b8759a71e80fb8995ea745885328481ae8fa00f81219fd37300033028e962e9f03f1d3a92f

C:\ProgramData\Yandex\YandexBrowser\service_update.log

MD5 87d8f6db733edbc3ef101e42e0edb823
SHA1 ade56adb448abd7dcf27ba6b65bc7cb745798c44
SHA256 6b3bc27b0e2c612409605ba27be0bda4f43fa7e8b012959901e97fb72b630ead
SHA512 3cf261e4366af1007c80607386c757a33886b6b496c3bab75b6f051f4dcff736d5114d16b2f3a2d0f1a3f6df0f527320a4b9a617b963cd9983e187b89d4157ed

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\brand_config

MD5 61facde1de4ca1ed571f9edf5f09af09
SHA1 8b0371af8d36a883b2c2af320d3fb0f34dc9dff3
SHA256 0fc8a43e353d856891874f3a8b253d7cd0642643a9836d2ae61361815a3ee2f6
SHA512 5034579d7d743d0f18e4d15fd0914d773ac16b52933ce46a484a204b69430426fe94ff399977cb56421b03426ddba85d3d51db5bcedf88f3b030149cf0c8eb05

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\tablo_ES_

MD5 1c5d71e5a413ad550a08fe785f11d94c
SHA1 6c90db1ac6f5aa58202ee350f4e53ae3971be2bb
SHA256 e60f38def5e81c8784a6e09c61bb9577e3bba62a959d01a1a858f1ac30b61643
SHA512 5a74f8161ee5cbca1d935186b28d3650a6632be8d9b558996043decf0ebe05ab81af5ad8d94aa4632e370e596e9db9912c8e08bfaf0e1ef127c0cfd4d059b3af

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\tablo_PT_

MD5 0dde45f225a4290e59bfb55c80d4a51c
SHA1 3ebbbbb509d51a7c8e5cf409068644ad5ddbc09e
SHA256 8acb93ee7331e6b12feb81102b435c4bc044c614ef0fb8e69d2a0116bfe33d40
SHA512 d250d3891165505eb1fb7c5d2ccad397428785e8a6bb689dc56b55f2313f4b11bf402132d6f34ab6e9192453c43b74915bd7ddfafaf1716a954ccabd8b4d28c7

C:\ProgramData\Yandex\YandexBrowser\service_update.log

MD5 ad8f2ba6c388f577fd2f39ca568a146a
SHA1 f4cf517e759c3909bcd00b4edcdd5c0b0096d8c0
SHA256 b1805f17204cebbb35a9ee1d3585c605cafb7aaf8d5bace02accd0afd38b1c3a
SHA512 ef701b6d00e3b7189329d78fcb0fc7be5f246e2a3da4555c40e930322e6141bad904b425bc8d394c4568114dd6c3f9a582e1b522c0c90fa774a92c11c367b753

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\wallpapers\sea_static.jpg

MD5 5e1d673daa7286af82eb4946047fe465
SHA1 02370e69f2a43562f367aa543e23c2750df3f001
SHA256 1605169330d8052d726500a2605da63b30613ac743a7fbfb04e503a4056c4e8a
SHA512 03f4abc1eb45a66ff3dcbb5618307867a85f7c5d941444c2c1e83163752d4863c5fc06a92831b88c66435e689cdfccdc226472be3fdef6d9cb921871156a0828

C:\ProgramData\Yandex\YandexBrowser\service_update.log

MD5 05a2fdcf79505a901bda8f7518c3d160
SHA1 cb3e9389d64d3ffb567f7ec856d43beb1944e137
SHA256 d79898cf993aeffd6b0cb3f3ccdb6889135262cd0519eb01a69423e24e98635a
SHA512 6283b9681140a8b7142e87c86f142d23b8ad75f17aa3c392eede558d2594fa955f0ccf79972d41918bc26e0bbbd9452b194897c7f75cb8156a59a448c4a9b546

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\wallpapers\sea_preview.jpg

MD5 53ba159f3391558f90f88816c34eacc3
SHA1 0669f66168a43f35c2c6a686ce1415508318574d
SHA256 f60c331f1336b891a44aeff7cc3429c5c6014007028ad81cca53441c5c6b293e
SHA512 94c82f78df95061bcfa5a3c7b6b7bf0b9fb90e33ea3e034f4620836309fb915186da929b0c38aa3d835e60ea632fafd683623f44c41e72a879baf19de9561179

C:\ProgramData\Yandex\YandexBrowser\service_update.log

MD5 4efe8768f1b3e8b822cbf73f0fb27f3d
SHA1 b1b42e91e43d4e22789bf44796e21fa1e2a7d629
SHA256 c161eb4c64e5a9925a9537b21700001ae386adb4b09378c16e5f307ed08cfb13
SHA512 b3798ed41b8c0f568f25a9d1159fcb984e8b243cb70a266f01fb984d5b755eb03f5554a1108c88ff3e620facf70bf891c50ba05e95917e6cd4f8fce1b3bcc0a0

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\configs\all_zip

MD5 1d71aab097bac538c29bfe8cf5a78326
SHA1 65e63399ecd362051bed39b4521e4b6d0d069666
SHA256 bd1e003c3964da816c6e824caaeb5b18c06299f6783dffffc382b94029f4c5f6
SHA512 9450373f3a1d4f0913e13b8c019c2a1dd97211a88dcd3371251ae1e08a9e36b4db9958ef320353fe9bc45725947165f2161fc8e8f00b6eedd806e161f7508315

C:\ProgramData\Yandex\YandexBrowser\service_update.log

MD5 42c67a618167aa84919365046a50b53b
SHA1 9471bfd85ee21b1f82fce27da5a2a153543e3078
SHA256 36ce70d79dc9cb46fdf37bef14e70fc8bae848289e4ea3338c64a43b469f33e3
SHA512 245c37f3e224183d786be6bd48ae45b0cd112722e4819f4adc40a5794d081762396c750f32104703ad9e5e000e77a00dde90db3219f73fbbfd928777777fcd11

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

MD5 4eedf5b0592bc1191a681b1fa9a01d04
SHA1 35e16ff9fb343b8b320fd53b82e78427a8b598ea
SHA256 8af21b5c5ce8355cef9dc007c423c0ffd6faae8354ee017322e9936d96a6f852
SHA512 2ce6f622537b966c0d0e07ebcf3c73e996ad8ee1e2fd1cbb2bb8f0fd7e988fac20ce7fb94c790c275c418a2bd8a0c28a1c657d80768d64bff81ec8a4d8a6f629

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex.lnk

MD5 9c25c6b066c6023f516e047cacdd396e
SHA1 ce23cdcd76ff68ac83daf4e2f485d6410041ce31
SHA256 0280748ceb5ff3c396da4ffa3b374cc9fcab0eb8ae0bcf06b466182c8df39eb2
SHA512 3cc6cf82b80251b4680074d71842f708ed2883dc9945cc1daddadb0c5db0b31b7f34d1966699d2e7f8f2176786b67c5212e303cfac30150e39d1f0d85b21f06f

memory/1440-2418-0x0000000002640000-0x0000000002650000-memory.dmp

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\install_state.json

MD5 28a972c0afa658a30ae7b703de599b58
SHA1 9fa544f71fd312c2d794e214931d8451a413f65a
SHA256 cb68346257bad8a4407a10f495a0e312e6476c6db13bd7b8cdc140cb818fc07f
SHA512 45587f7230e0affd9543b612800ce2a20f91d88b6b46fa349b16a42f7f38c1d7fb03a2481532d51a60182697fcb5c11e014d9b07673cbd36e55dd6af7c4e91aa

memory/2188-2537-0x0000000000060000-0x0000000000061000-memory.dmp

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\c627c88a-9f43-4c26-abf2-e3613ca0069d.tmp

MD5 9ef64c505b1842f6840d8957120e072a
SHA1 eae93ae1c8b0538bf01f657af2dfea5ff6679b05
SHA256 a9f83164ef146ce3979028b22f6c7a22d83d070b8ec43e428125a941cf6167b5
SHA512 256572518120ea394df8a59250ff91d19ebba29c1ff0562f365c6763f1458479ceeddfe012ad0fc3a6ce0eb3ef7051bff22142c8a6eb4b92c0cbc80445545523

memory/1552-2603-0x0000000077170000-0x0000000077171000-memory.dmp

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Sync Data\LevelDB\CURRENT~RFf7a0b85.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Site Characteristics Database\000002.dbtmp

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\117bf19d-68fa-4222-a8b6-43c33c77f8fd.tmp

MD5 6428d6b745f9755c872b390cff368ee2
SHA1 39ff51d9cadbcc5d8a60a9c16c0fb0f41003ecf0
SHA256 3dd647c1e6943121c9120ddc44232ca5c9df84008d382483fdd8c018366adf6d
SHA512 229fa4bb34615b0b87ca60325016e3089100bfe9501ccec5074b9085e06dfe77bb3d92442ebcc50970670d9e2ff4bc7a8d77a4fe1c42ee688dcfb1cc34b6e325

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Wallpapers\store\picture-13374541243807900

MD5 9c71dbde6af8a753ba1d0d238b2b9185
SHA1 4d3491fa6b0e26b1924b3c49090f03bdb225d915
SHA256 111f666d5d5c3ffbcb774403df5267d2fd816bdf197212af3ac7981c54721d2e
SHA512 9529a573013038614cd016a885af09a5a06f4d201205258a87a5008676746c4082d1c4a52341d73f7c32c47135763de6d8f86760a3d904336f4661e65934077e

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Wallpapers\store\preview-13374541243807900

MD5 d72d6a270b910e1e983aa29609a18a21
SHA1 f1f8c4a01d0125fea1030e0cf3366e99a3868184
SHA256 031f129cb5bab4909e156202f195a95fa571949faa33e64fe5ff7a6f3ee3c6b3
SHA512 96151c80aac20dbad5021386e23132b5c91159355b49b0235a82ca7d3f75312cfea9a2158479ebc99878728598b7316b413b517b681486105538bbeb7490b9c2

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Extension Rules\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\eafc65be-5944-427f-9962-4d10975a7fe6.tmp

MD5 54497ce2271deb0e673ec048b44da343
SHA1 5f886314234b7aa6a4da5efc937a9d63ed007727
SHA256 3dcf052bb8050fa32f28873bb665f63f457799cb9a92549fb2dbea94014f929b
SHA512 d0d77d763b1b12c1b9d7a9a3f2aee4640ed5fb10d828b7c3c2cb051504c2b7b6438309124b934b346a4152c0aca009883d6bda42dc997188b8ca2736ac3419c9

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Cache\Cache_Data\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Cache\Cache_Data\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\DawnGraphiteCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\web_ntp_cache\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\bc1673f1-d191-41b9-946f-ff681a503d7c\index-dir\todelete_6e628f1616eba703

MD5 d020774004660b7e20fafef896ec3950
SHA1 5cfde7dcc5b330b1d2c417ac8e93003e56d50a62
SHA256 7cc9320d0fe9393a86e6df9d205eb9efe31354a45e9d1a033cd316cae0760627
SHA512 9917f4fc03e26278bd8665b53d98ca71eb647b9e2f965d063f42eea88b9592c07aa6a76ac1c8ea03dd5b3c5fb921c9ce16ae3b7081c76df5bdd771301ba5c96f

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\0543fb90-b2f6-4de9-b7a0-f0410ceba8c5.tmp

MD5 0c5506e61631dbdf22d408df3635c352
SHA1 cd6548938a97be3c0b3ec5747a3fa295825507eb
SHA256 15887dd9821b47666a080f3e1e41ba838bfa3e6be0725f4fbeb48830468d5b0d
SHA512 4f931da12e585d7583daaeb1edddcdfcdc59784463b2b914e8a806e3ccabd9e9d94bfdbddf4cff2de990cec2dd406ec8e7f00b3429c5dfbc35471b6d1288912e

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Service Worker\CacheStorage\a401a5c3e5a6e316d830c597aeb6f7a2ff00e988\index.txt

MD5 a0972af2e2e32dcf1cad45d1080cb70f
SHA1 71dbaaf410e5076e6fc7f2481951bebc377ac418
SHA256 e3d840008742cf9427f599ea588555eb6ef90bd7041ae573e92d3b1df7980ddd
SHA512 e2aa68ca4942bd9ce7ca8f3dfc609dfe3c773ae20ed5f13c530e989bc6bbc7eb940ccb41ee0b98426c678410970a7287034fdd0364a39445c2afecb37db0a014

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

MD5 e728a5ac67ec60ca9bc0650d6abc3550
SHA1 31ecb1ae0c6b3b35078ad0762ee1908d23f890db
SHA256 49fd3b3ffe35dc3863ca75bb6581a8906fb1871b6366287f26b095cca7556d4f
SHA512 cb539ca52aa64c940fe708640f1e29788954d11571597749eb39e35e9c77a945b3725f165bd2a117c815d5faa0fca8665131d4f5a547ab54715da5885b6868cd

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\3edc635a-1543-4234-a780-68f19468dbc0.tmp

MD5 0ae84682c32e3806dd398a6ebc6e7ee1
SHA1 23ade2c2ca9743b2e4212d2ca6e5b3b8bcac645b
SHA256 31f0cc145354bef8e8d04cf0f614fc2a685b50d859681764f237d1e075be44ee
SHA512 add459f296d5c96af8310579ae54f5256cc39ea8e3fb7d2bcfb637bbde06c8fa579e13d9cb844184b255abe363f20b379d0f441c513c0c0fe2ab4e40e3ac6aa5

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 6b0f7de84ccd19765d28c0c7d22cd6ba
SHA1 b0d79fc8bc65ed936be5eea2038049c0ba94d851
SHA256 d4a94a4c7242902bbef55da1c5906ae1ebcda2ad74838205befd6fb9611e8d57
SHA512 7529153e7e80fe30e70ad93b41d5e5259c7ee2de2b9ccbef925c2f70a97337e47affba6c409cf869c66421c7e981ea1564700377e1ff8a4964e8b51404739747

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\ff8e3a73-3a9f-437a-a124-e45c2a1ccb9c.tmp

MD5 ffb6478202581e7a73d004ee2f82ea2f
SHA1 047e06ad9fe2678b425f4781e275cd0bf50e1164
SHA256 4f3c5bcd652144a75cbf33b583f4457aeba6e380ede80e712dbcd5df3b4dae08
SHA512 a09a6a022e5939a3371abc3328c062a1aff94547402264b7082597e4fa681fae3358f8c435eb629eb2ae8effed43eb2ef4bfe30838428d83dc53d81a8aff482a

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Service Worker\CacheStorage\a401a5c3e5a6e316d830c597aeb6f7a2ff00e988\index.txt

MD5 243dbf67f5fdde221f0a83928191eb89
SHA1 b910c88d7e284173409caaa3e2ccfd530352300a
SHA256 c316805f926e4c4e310173a40b72293aaa904375b9bae1671c01e6ab5ee1b042
SHA512 2026c104afd3d3797990e05ed4c9a08f26b168ad82dcf6aa72e6e7a92357dbf0064e9e94a9a496bfd9445ded20320ab276a843c8f438cb628c7b5aeda87217df

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity

MD5 b182f77da77cdce531bd7b69ed8778d5
SHA1 1d61a7c681649702912d9de602947fc2d3dbfa82
SHA256 68936bd8ce479ea2bd29e3877f731f8e036fc786921fc74d6123c3289a9d0e8c
SHA512 215e98205b7ffb509fe6e9ee65cebea349172f15de45715e8100571f2cef3f2ce96eb185a19345926e1d8956e3726408e881c3ea71e9b07dd4af3e622d230962

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-27 22:18

Reported

2024-10-27 22:21

Platform

win10v2004-20241007-en

Max time kernel

149s

Max time network

156s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3f5928c606208c18b770c53e231d7b9444d8d76b032acc2c549cde011cd73b80.exe"

Signatures

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3f5928c606208c18b770c53e231d7b9444d8d76b032acc2c549cde011cd73b80.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\YB_69CB5.tmp\setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Windows\TEMP\sdwra_5464_1711763568\service_update.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\ybC091.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_69CB5.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_69CB5.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_69CB5.tmp\setup.exe N/A
N/A N/A C:\Windows\TEMP\sdwra_5464_1711763568\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\Installer\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\Installer\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\YandexBrowserAutoLaunch_45886AE68CD319C7351FF54A1DBD4B87 = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --shutdown-if-not-closed-by-system-restart" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Checks installed software on the system

discovery

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A yandex.com N/A N/A
N/A yandex.com N/A N/A
N/A yandex.com N/A N/A

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\system32\config\systemprofile\AppData\Roaming\Yandex\ui C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe C:\Windows\TEMP\sdwra_5464_1711763568\service_update.exe N/A
File opened for modification C:\Program Files\yandex_browser_installer.log C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\Installer\setup.exe N/A
File opened for modification C:\Program Files\yandex_browser_installer.log C:\Users\Admin\AppData\Local\Temp\YB_69CB5.tmp\setup.exe N/A
File opened for modification C:\Program Files\yandex_browser_installer.log C:\Users\Admin\AppData\Local\Temp\YB_69CB5.tmp\setup.exe N/A
File created C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe C:\Windows\TEMP\sdwra_5464_1711763568\service_update.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\System update for Yandex Browser.job C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe N/A
File created C:\Windows\Tasks\Update for Yandex Browser.job C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe N/A
File created C:\Windows\Tasks\Repairing Yandex Browser update service.job C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe N/A
File opened for modification C:\Windows\Tasks\Update for Yandex Browser.job C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\3f5928c606208c18b770c53e231d7b9444d8d76b032acc2c549cde011cd73b80.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\3f5928c606208c18b770c53e231d7b9444d8d76b032acc2c549cde011cd73b80.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\AppDataLow C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\AppDataLow\Yandex\UICreated_SYSTEM = "1" C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\AppDataLow\Yandex C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexJS.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\Application\ApplicationCompany = "Yandex" C:\Users\Admin\AppData\Local\Temp\YB_69CB5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexTXT.Z7U7QVUCLRRNYFIB2IBUGKKOQQ C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\.css\OpenWithProgids C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\yabrowser\shell\open\ddeexec\ C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexCRX.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\Application C:\Users\Admin\AppData\Local\Temp\YB_69CB5.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexCSS.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-124" C:\Users\Admin\AppData\Local\Temp\YB_69CB5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexWEBM.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\shell\open\command C:\Users\Admin\AppData\Local\Temp\YB_69CB5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexTXT.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\shell\open C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\.html\OpenWithProgids\YandexHTML.Z7U7QVUCLRRNYFIB2IBUGKKOQQ C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexSWF.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\ = "Yandex Browser SWF Document" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexCRX.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\shell C:\Users\Admin\AppData\Local\Temp\YB_69CB5.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexPDF.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\Application\ApplicationDescription = "Yandex\u00a0Browser is a fast and convenient software for working online and viewing web pages." C:\Users\Admin\AppData\Local\Temp\YB_69CB5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\.epub C:\Users\Admin\AppData\Local\Temp\YB_69CB5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexHTML.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\shell C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexINFE.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\shell\open C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexWEBP.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexXML.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\DefaultIcon C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexXML.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexBrowser.crx\Application\ApplicationDescription = "Yandex\u00a0Browser is a fast and convenient software for working online and viewing web pages." C:\Users\Admin\AppData\Local\Temp\YB_69CB5.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexCRX.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1" C:\Users\Admin\AppData\Local\Temp\YB_69CB5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\.webm\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\YB_69CB5.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\.xml\OpenWithProgids\YandexXML.Z7U7QVUCLRRNYFIB2IBUGKKOQQ C:\Users\Admin\AppData\Local\Temp\YB_69CB5.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexFB2.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-122" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\.tif\OpenWithProgids\YandexTIFF.Z7U7QVUCLRRNYFIB2IBUGKKOQQ C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\.xht\OpenWithProgids C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexGIF.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\Application C:\Users\Admin\AppData\Local\Temp\YB_69CB5.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexTXT.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\ = "Yandex Browser TXT Document" C:\Users\Admin\AppData\Local\Temp\YB_69CB5.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexSVG.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\Application\ApplicationDescription = "Yandex\u00a0Browser is a fast and convenient software for working online and viewing web pages." C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexTXT.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-120" C:\Users\Admin\AppData\Local\Temp\YB_69CB5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexHTML.Z7U7QVUCLRRNYFIB2IBUGKKOQQ C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexPDF.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\ = "Yandex Browser PDF Document" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexTXT.Z7U7QVUCLRRNYFIB2IBUGKKOQQ C:\Users\Admin\AppData\Local\Temp\YB_69CB5.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexCRX.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\Application\ApplicationIcon = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,0" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexEPUB.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\Application\ApplicationCompany = "Yandex" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexCRX.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-104" C:\Users\Admin\AppData\Local\Temp\YB_69CB5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexCSS.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\DefaultIcon C:\Users\Admin\AppData\Local\Temp\YB_69CB5.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexFB2.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-122" C:\Users\Admin\AppData\Local\Temp\YB_69CB5.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexJPEG.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\ = "Yandex Browser JPEG Document" C:\Users\Admin\AppData\Local\Temp\YB_69CB5.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexPNG.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-113" C:\Users\Admin\AppData\Local\Temp\YB_69CB5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexWEBP.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\shell C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\yabrowser\shell\open\command C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexFB2.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\ = "Yandex Browser FB2 Document" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexTIFF.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\shell\open C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\.infected\OpenWithProgids\YandexINFE.Z7U7QVUCLRRNYFIB2IBUGKKOQQ C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\.crx C:\Users\Admin\AppData\Local\Temp\YB_69CB5.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexBrowser.crx\Application\ApplicationIcon = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,0" C:\Users\Admin\AppData\Local\Temp\YB_69CB5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexGIF.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\shell\open\command C:\Users\Admin\AppData\Local\Temp\YB_69CB5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexJPEG.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\DefaultIcon C:\Users\Admin\AppData\Local\Temp\YB_69CB5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexWEBM.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\Application C:\Users\Admin\AppData\Local\Temp\YB_69CB5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\.tif\OpenWithProgids C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\.swf\OpenWithProgids\YandexSWF.Z7U7QVUCLRRNYFIB2IBUGKKOQQ C:\Users\Admin\AppData\Local\Temp\YB_69CB5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexTIFF.Z7U7QVUCLRRNYFIB2IBUGKKOQQ C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexWEBP.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-123" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\yabrowser\URL Protocol C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexEPUB.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\Application\ApplicationName = "Yandex" C:\Users\Admin\AppData\Local\Temp\YB_69CB5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\.png\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\YB_69CB5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\yabrowser\shell\open C:\Users\Admin\AppData\Local\Temp\YB_69CB5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexHTML.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\DefaultIcon C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\.png C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexPNG.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\Application\ApplicationIcon = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,0" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexSVG.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\Application\AppUserModelId = "Yandex.Z7U7QVUCLRRNYFIB2IBUGKKOQQ" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\.js C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexBrowser.crx\DefaultIcon C:\Users\Admin\AppData\Local\Temp\YB_69CB5.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexCSS.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1" C:\Users\Admin\AppData\Local\Temp\YB_69CB5.tmp\setup.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E C:\Users\Admin\AppData\Local\Temp\3f5928c606208c18b770c53e231d7b9444d8d76b032acc2c549cde011cd73b80.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0400000001000000100000001bfe69d191b71933a372a80fe155e5b50f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e190000000100000010000000ea6089055218053dd01e37e1d806eedf2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd C:\Users\Admin\AppData\Local\Temp\3f5928c606208c18b770c53e231d7b9444d8d76b032acc2c549cde011cd73b80.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 5c000000010000000400000000100000190000000100000010000000ea6089055218053dd01e37e1d806eedf0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254830400000001000000100000001bfe69d191b71933a372a80fe155e5b52000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd C:\Users\Admin\AppData\Local\Temp\3f5928c606208c18b770c53e231d7b9444d8d76b032acc2c549cde011cd73b80.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 C:\Users\Admin\AppData\Local\Temp\YB_69CB5.tmp\setup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 040000000100000010000000e94fb54871208c00df70f708ac47085b0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b81900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b4200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 C:\Users\Admin\AppData\Local\Temp\YB_69CB5.tmp\setup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 5c0000000100000004000000001000001900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c040000000100000010000000e94fb54871208c00df70f708ac47085b200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 C:\Users\Admin\AppData\Local\Temp\YB_69CB5.tmp\setup.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f5928c606208c18b770c53e231d7b9444d8d76b032acc2c549cde011cd73b80.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1492 wrote to memory of 368 N/A C:\Users\Admin\AppData\Local\Temp\3f5928c606208c18b770c53e231d7b9444d8d76b032acc2c549cde011cd73b80.exe C:\Users\Admin\AppData\Local\Temp\3f5928c606208c18b770c53e231d7b9444d8d76b032acc2c549cde011cd73b80.exe
PID 1492 wrote to memory of 368 N/A C:\Users\Admin\AppData\Local\Temp\3f5928c606208c18b770c53e231d7b9444d8d76b032acc2c549cde011cd73b80.exe C:\Users\Admin\AppData\Local\Temp\3f5928c606208c18b770c53e231d7b9444d8d76b032acc2c549cde011cd73b80.exe
PID 1492 wrote to memory of 368 N/A C:\Users\Admin\AppData\Local\Temp\3f5928c606208c18b770c53e231d7b9444d8d76b032acc2c549cde011cd73b80.exe C:\Users\Admin\AppData\Local\Temp\3f5928c606208c18b770c53e231d7b9444d8d76b032acc2c549cde011cd73b80.exe
PID 1492 wrote to memory of 1544 N/A C:\Users\Admin\AppData\Local\Temp\3f5928c606208c18b770c53e231d7b9444d8d76b032acc2c549cde011cd73b80.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 1544 N/A C:\Users\Admin\AppData\Local\Temp\3f5928c606208c18b770c53e231d7b9444d8d76b032acc2c549cde011cd73b80.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1544 wrote to memory of 4440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1544 wrote to memory of 4440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1544 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1544 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1544 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1544 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1544 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1544 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1544 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1544 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1544 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1544 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1544 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1544 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1544 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1544 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1544 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1544 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1544 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1544 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1544 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1544 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1544 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1544 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1544 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1544 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1544 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1544 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1544 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1544 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1544 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1544 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1544 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1544 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1544 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1544 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1544 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1544 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1544 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1544 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1544 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1544 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1544 wrote to memory of 4008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1544 wrote to memory of 4008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1544 wrote to memory of 4448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1544 wrote to memory of 4448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1544 wrote to memory of 4448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1544 wrote to memory of 4448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1544 wrote to memory of 4448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1544 wrote to memory of 4448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1544 wrote to memory of 4448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1544 wrote to memory of 4448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1544 wrote to memory of 4448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1544 wrote to memory of 4448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1544 wrote to memory of 4448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1544 wrote to memory of 4448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1544 wrote to memory of 4448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1544 wrote to memory of 4448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1544 wrote to memory of 4448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\3f5928c606208c18b770c53e231d7b9444d8d76b032acc2c549cde011cd73b80.exe

"C:\Users\Admin\AppData\Local\Temp\3f5928c606208c18b770c53e231d7b9444d8d76b032acc2c549cde011cd73b80.exe"

C:\Users\Admin\AppData\Local\Temp\3f5928c606208c18b770c53e231d7b9444d8d76b032acc2c549cde011cd73b80.exe

"C:\Users\Admin\AppData\Local\Temp\3f5928c606208c18b770c53e231d7b9444d8d76b032acc2c549cde011cd73b80.exe" --parent-installer-process-id=1492 --run-as-admin --setup-cmd-line="fake_browser_arc --abt-config-resource-file=\"C:\Users\Admin\AppData\Local\Temp\abt_config_resource\" --abt-update-path=\"C:\Users\Admin\AppData\Local\Temp\c56aa5c5-db22-40ed-9e4c-d1d601bf6697.tmp\" --brand-name=int --browser-present=none --disableyapin --distr-info-file=\"C:\Users\Admin\AppData\Local\Temp\distrib_info\" --installer-brand-id=int --make-browser-default-after-import --ok-button-pressed-time=498265351 --progress-window=524364 --server-config-bundle-path=\"C:\Users\Admin\AppData\Local\Temp\f2307d25-9c73-4bd4-98ef-5c44af1fad0a.tmp\" --variations-update-path=\"C:\Users\Admin\AppData\Local\Temp\6166c5f5-f1e9-45d6-8a15-a88f04ffdb1a.tmp\" --verbose-logging"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://yandex.com/legal/browser_agreement/?lang=en

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd4eac46f8,0x7ffd4eac4708,0x7ffd4eac4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,5104414332642483225,12854698175313285322,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,5104414332642483225,12854698175313285322,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,5104414332642483225,12854698175313285322,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5104414332642483225,12854698175313285322,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5104414332642483225,12854698175313285322,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5104414332642483225,12854698175313285322,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5104414332642483225,12854698175313285322,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5104414332642483225,12854698175313285322,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5104414332642483225,12854698175313285322,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5104414332642483225,12854698175313285322,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\ybC091.tmp

"C:\Users\Admin\AppData\Local\Temp\ybC091.tmp" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\c56aa5c5-db22-40ed-9e4c-d1d601bf6697.tmp" --brand-name=int --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --browser-present=none --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --disableyapin --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=23 --install-start-time-no-uac=500655973 --installer-brand-id=int --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --make-browser-default-after-import --ok-button-pressed-time=498265351 --progress-window=524364 --server-config-bundle-path="C:\Users\Admin\AppData\Local\Temp\f2307d25-9c73-4bd4-98ef-5c44af1fad0a.tmp" --source=lite --variations-update-path="C:\Users\Admin\AppData\Local\Temp\6166c5f5-f1e9-45d6-8a15-a88f04ffdb1a.tmp" --verbose-logging

C:\Users\Admin\AppData\Local\Temp\YB_69CB5.tmp\setup.exe

"C:\Users\Admin\AppData\Local\Temp\YB_69CB5.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_69CB5.tmp\BROWSER.PACKED.7Z" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\c56aa5c5-db22-40ed-9e4c-d1d601bf6697.tmp" --brand-name=int --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --browser-present=none --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --disableyapin --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=23 --install-start-time-no-uac=500655973 --installer-brand-id=int --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --make-browser-default-after-import --ok-button-pressed-time=498265351 --progress-window=524364 --server-config-bundle-path="C:\Users\Admin\AppData\Local\Temp\f2307d25-9c73-4bd4-98ef-5c44af1fad0a.tmp" --source=lite --variations-update-path="C:\Users\Admin\AppData\Local\Temp\6166c5f5-f1e9-45d6-8a15-a88f04ffdb1a.tmp" --verbose-logging

C:\Users\Admin\AppData\Local\Temp\YB_69CB5.tmp\setup.exe

"C:\Users\Admin\AppData\Local\Temp\YB_69CB5.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_69CB5.tmp\BROWSER.PACKED.7Z" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\c56aa5c5-db22-40ed-9e4c-d1d601bf6697.tmp" --brand-name=int --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --browser-present=none --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --disableyapin --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=23 --install-start-time-no-uac=500655973 --installer-brand-id=int --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --make-browser-default-after-import --ok-button-pressed-time=498265351 --progress-window=524364 --server-config-bundle-path="C:\Users\Admin\AppData\Local\Temp\f2307d25-9c73-4bd4-98ef-5c44af1fad0a.tmp" --source=lite --variations-update-path="C:\Users\Admin\AppData\Local\Temp\6166c5f5-f1e9-45d6-8a15-a88f04ffdb1a.tmp" --verbose-logging --verbose-logging --run-as-admin --target-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application" --child-setup-process --restart-as-admin-time=516264201

C:\Users\Admin\AppData\Local\Temp\YB_69CB5.tmp\setup.exe

C:\Users\Admin\AppData\Local\Temp\YB_69CB5.tmp\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=488dca4c15f9a1d330ad312b391a804e --annotation=main_process_pid=5464 --annotation=plat=Win64 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.10.1.598 --initial-client-data=0x294,0x298,0x29c,0x270,0x2a0,0x7ff7ba3304b8,0x7ff7ba3304c4,0x7ff7ba3304d0

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,5104414332642483225,12854698175313285322,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5588 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,5104414332642483225,12854698175313285322,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5588 /prefetch:8

C:\Windows\TEMP\sdwra_5464_1711763568\service_update.exe

"C:\Windows\TEMP\sdwra_5464_1711763568\service_update.exe" --setup

C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe" --install

C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe" --run-as-service

C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=488dca4c15f9a1d330ad312b391a804e --annotation=main_process_pid=3984 --annotation=plat=Win64 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.10.1.598 --initial-client-data=0x20c,0x210,0x214,0x1e8,0x218,0x7ff67e3acaf8,0x7ff67e3acb04,0x7ff67e3acb10

C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe" --update-scheduler

C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\24.10.1.598\service_update.exe" --update-background-scheduler

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Temp\clids.xml"

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\source5464_1169872813\Browser-bin\clids_yandex.xml"

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --progress-window=524364 --ok-button-pressed-time=498265351 --install-start-time-no-uac=500655973

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id= --annotation=main_process_pid=6636 --annotation=metrics_client_id=5ef29a664d8c4fd1ab9a29912dd4314f --annotation=plat=Win64 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.10.1.598 --initial-client-data=0x13c,0x140,0x144,0x118,0x148,0x7ffd4afaef88,0x7ffd4afaef94,0x7ffd4afaefa0

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=48CAA92D-F0BD-4EE8-8129-D92BDA7D3D5C --brand-id=int --gpu-preferences=UAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --gpu-process-kind=sandboxed --field-trial-handle=2292,i,827067449019924999,5882684548723413299,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2288 /prefetch:2

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=48CAA92D-F0BD-4EE8-8129-D92BDA7D3D5C --brand-id=int --gpu-preferences=UAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=disabled --gpu-process-kind=trampoline --field-trial-handle=2156,i,827067449019924999,5882684548723413299,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2324 /prefetch:6

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-id=48CAA92D-F0BD-4EE8-8129-D92BDA7D3D5C --brand-id=int --process-name="Network Service" --field-trial-handle=2688,i,827067449019924999,5882684548723413299,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2708 --brver=24.10.1.598 /prefetch:3

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-id=48CAA92D-F0BD-4EE8-8129-D92BDA7D3D5C --brand-id=int --process-name="Storage Service" --field-trial-handle=2884,i,827067449019924999,5882684548723413299,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3056 --brver=24.10.1.598 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --user-id=48CAA92D-F0BD-4EE8-8129-D92BDA7D3D5C --brand-id=int --process-name="Audio Service" --field-trial-handle=3284,i,827067449019924999,5882684548723413299,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3092 --brver=24.10.1.598 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --user-id=48CAA92D-F0BD-4EE8-8129-D92BDA7D3D5C --brand-id=int --process-name="Video Capture" --field-trial-handle=3580,i,827067449019924999,5882684548723413299,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3668 --brver=24.10.1.598 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=48CAA92D-F0BD-4EE8-8129-D92BDA7D3D5C --brand-id=int --extension-process --help-url=https://api.browser.yandex.com/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --allow-prefetch --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3632,i,827067449019924999,5882684548723413299,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3728 /prefetch:2

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --user-id=48CAA92D-F0BD-4EE8-8129-D92BDA7D3D5C --brand-id=int --process-name="Data Decoder Service" --field-trial-handle=4300,i,827067449019924999,5882684548723413299,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4320 --brver=24.10.1.598 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --user-id=48CAA92D-F0BD-4EE8-8129-D92BDA7D3D5C --brand-id=int --process-name="Profile Importer" --field-trial-handle=4612,i,827067449019924999,5882684548723413299,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4624 --brver=24.10.1.598 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=48CAA92D-F0BD-4EE8-8129-D92BDA7D3D5C --brand-id=int --help-url=https://api.browser.yandex.com/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --allow-prefetch --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4804,i,827067449019924999,5882684548723413299,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4852 /prefetch:1

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\Installer\setup.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\Installer\setup.exe" --set-as-default-browser

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\Installer\setup.exe

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\Installer\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=488dca4c15f9a1d330ad312b391a804e --annotation=main_process_pid=6340 --annotation=plat=Win64 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.10.1.598 --initial-client-data=0x28c,0x290,0x294,0x268,0x298,0x7ff7d85504b8,0x7ff7d85504c4,0x7ff7d85504d0

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=uwp_cookie_provider.mojom.UwpCookieProvider --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --user-id=48CAA92D-F0BD-4EE8-8129-D92BDA7D3D5C --brand-id=int --process-name=uwp_cookie_provider.mojom.UwpCookieProvider --field-trial-handle=5480,i,827067449019924999,5882684548723413299,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5492 --brver=24.10.1.598 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=48CAA92D-F0BD-4EE8-8129-D92BDA7D3D5C --brand-id=int --help-url=https://api.browser.yandex.com/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5520,i,827067449019924999,5882684548723413299,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4472 /prefetch:1

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=48CAA92D-F0BD-4EE8-8129-D92BDA7D3D5C --brand-id=int --help-url=https://api.browser.yandex.com/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5792,i,827067449019924999,5882684548723413299,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5800 /prefetch:1

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=48CAA92D-F0BD-4EE8-8129-D92BDA7D3D5C --brand-id=int --help-url=https://api.browser.yandex.com/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=6288,i,827067449019924999,5882684548723413299,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3688 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,5104414332642483225,12854698175313285322,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1048 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 api.browser.yandex.net udp
US 8.8.8.8:53 api.browser.yandex.ru udp
US 8.8.8.8:53 download.cdn.yandex.net udp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 5.45.205.241:443 download.cdn.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
US 8.8.8.8:53 cachev2-rad-05.cdn.yandex.net udp
FI 5.45.192.12:443 cachev2-rad-05.cdn.yandex.net tcp
US 8.8.8.8:53 241.205.45.5.in-addr.arpa udp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 234.193.180.213.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 12.192.45.5.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 5.45.205.241:443 download.cdn.yandex.net tcp
US 8.8.8.8:53 yandex.com udp
RU 77.88.55.88:443 yandex.com tcp
RU 77.88.55.88:443 yandex.com tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 88.55.88.77.in-addr.arpa udp
US 8.8.8.8:53 cachev2-ams01.cdn.yandex.net udp
NL 5.45.247.51:443 cachev2-ams01.cdn.yandex.net tcp
US 8.8.8.8:53 yastatic.net udp
RU 178.154.131.217:443 yastatic.net tcp
RU 178.154.131.217:443 yastatic.net tcp
RU 178.154.131.217:443 yastatic.net tcp
RU 178.154.131.217:443 yastatic.net tcp
RU 178.154.131.217:443 yastatic.net tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
US 8.8.8.8:53 51.247.45.5.in-addr.arpa udp
US 8.8.8.8:53 217.131.154.178.in-addr.arpa udp
US 8.8.8.8:53 samsara.s3.yandex.net udp
US 8.8.8.8:53 mc.yandex.ru udp
RU 178.154.131.217:443 yastatic.net tcp
RU 93.158.134.158:443 samsara.s3.yandex.net tcp
RU 87.250.250.119:443 mc.yandex.ru tcp
US 8.8.8.8:53 cachev2-rad-04.cdn.yandex.net udp
FI 5.45.192.10:443 cachev2-rad-04.cdn.yandex.net tcp
US 8.8.8.8:53 158.134.158.93.in-addr.arpa udp
US 8.8.8.8:53 119.250.250.87.in-addr.arpa udp
US 8.8.8.8:53 mc.yandex.com udp
US 8.8.8.8:53 cachev2-kiv-05.cdn.yandex.net udp
FI 5.45.192.144:443 cachev2-kiv-05.cdn.yandex.net tcp
US 8.8.8.8:53 10.192.45.5.in-addr.arpa udp
US 8.8.8.8:53 144.192.45.5.in-addr.arpa udp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
US 8.8.8.8:53 cachev2-fra-01.cdn.yandex.net udp
DE 5.45.200.104:443 cachev2-fra-01.cdn.yandex.net tcp
US 8.8.8.8:53 233.38.18.104.in-addr.arpa udp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 cachev2-ams03.cdn.yandex.net udp
NL 5.45.247.53:443 cachev2-ams03.cdn.yandex.net tcp
US 8.8.8.8:53 104.200.45.5.in-addr.arpa udp
US 8.8.8.8:53 cachev2-fra-02.cdn.yandex.net udp
DE 5.45.200.105:443 cachev2-fra-02.cdn.yandex.net tcp
US 8.8.8.8:53 53.247.45.5.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 cachev2-ams21.cdn.yandex.net udp
NL 5.45.247.25:443 cachev2-ams21.cdn.yandex.net tcp
US 8.8.8.8:53 105.200.45.5.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 25.247.45.5.in-addr.arpa udp
US 8.8.8.8:53 uxfeedback-cdn.s3.yandex.net udp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 cachev2-kiv-01.cdn.yandex.net udp
FI 5.45.192.133:443 cachev2-kiv-01.cdn.yandex.net tcp
US 8.8.8.8:53 cachev2-kiv-02.cdn.yandex.net udp
FI 5.45.192.140:443 cachev2-kiv-02.cdn.yandex.net tcp
US 8.8.8.8:53 140.192.45.5.in-addr.arpa udp
US 8.8.8.8:53 cachev2-kiv-03.cdn.yandex.net udp
FI 5.45.192.141:443 cachev2-kiv-03.cdn.yandex.net tcp
US 8.8.8.8:53 141.192.45.5.in-addr.arpa udp
US 8.8.8.8:53 cachev2-ams15.cdn.yandex.net udp
NL 5.45.247.11:443 cachev2-ams15.cdn.yandex.net tcp
US 8.8.8.8:53 69.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 cachev2-rad-02.cdn.yandex.net udp
FI 5.45.192.6:443 cachev2-rad-02.cdn.yandex.net tcp
US 8.8.8.8:53 11.247.45.5.in-addr.arpa udp
US 8.8.8.8:53 6.192.45.5.in-addr.arpa udp
RU 93.158.134.158:443 uxfeedback-cdn.s3.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
US 8.8.8.8:53 api.uxfeedback.yandex.net udp
RU 87.250.250.159:443 api.uxfeedback.yandex.net tcp
RU 87.250.250.159:443 api.uxfeedback.yandex.net tcp
US 8.8.8.8:53 159.250.250.87.in-addr.arpa udp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
US 8.8.8.8:53 api.browser.yandex.com udp
RU 213.180.193.234:443 api.browser.yandex.com tcp
US 8.8.8.8:53 42.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 sba.yandex.net udp
US 8.8.8.8:53 sba.yandex.net udp
US 8.8.8.8:53 api.browser.yandex.com udp
US 8.8.8.8:53 api.browser.yandex.com udp
US 8.8.8.8:53 update.googleapis.com udp
US 8.8.8.8:53 update.googleapis.com udp
GB 142.250.200.35:443 update.googleapis.com tcp
RU 213.180.193.234:443 api.browser.yandex.com tcp
RU 77.88.21.232:443 sba.yandex.net tcp
US 8.8.8.8:53 35.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 232.21.88.77.in-addr.arpa udp
US 8.8.8.8:53 123.35.104.34.in-addr.arpa udp
US 8.8.8.8:53 storage.ape.yandex.net udp
RU 87.250.251.66:443 storage.ape.yandex.net tcp
US 8.8.8.8:53 browser-resources.s3.yandex.net udp
US 8.8.8.8:53 browser-resources.s3.yandex.net udp
US 8.8.8.8:53 browser.yandex.com udp
US 8.8.8.8:53 browser.yandex.com udp
US 8.8.8.8:53 neuro.translate.yandex.ru udp
US 8.8.8.8:53 neuro.translate.yandex.ru udp
US 8.8.8.8:53 300.ya.ru udp
US 8.8.8.8:53 300.ya.ru udp
RU 87.250.251.20:443 neuro.translate.yandex.ru tcp
RU 93.158.134.158:443 browser-resources.s3.yandex.net tcp
RU 93.158.134.158:443 browser-resources.s3.yandex.net tcp
RU 93.158.134.158:443 browser-resources.s3.yandex.net tcp
RU 93.158.134.121:443 300.ya.ru tcp
RU 93.158.134.121:443 300.ya.ru tcp
US 8.8.8.8:53 66.251.250.87.in-addr.arpa udp
US 8.8.8.8:53 121.134.158.93.in-addr.arpa udp
US 8.8.8.8:53 20.251.250.87.in-addr.arpa udp
US 8.8.8.8:53 yastatic.net udp
US 8.8.8.8:53 yastatic.net udp
RU 178.154.131.217:443 yastatic.net tcp
RU 178.154.131.217:443 yastatic.net tcp
US 8.8.8.8:53 yastatic.net udp
US 8.8.8.8:53 yastatic.net udp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.217:443 yastatic.net tcp
US 8.8.8.8:53 215.131.154.178.in-addr.arpa udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google udp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
RU 77.88.55.242:443 tcp
US 8.8.8.8:53 242.55.88.77.in-addr.arpa udp
RU 77.88.21.37:443 tcp
US 8.8.8.8:53 37.21.88.77.in-addr.arpa udp
RU 178.154.131.217:443 yastatic.net tcp
RU 77.88.44.55:443 yandex.com tcp
RU 87.250.247.182:443 tcp
RU 93.158.134.36:443 tcp
US 8.8.8.8:53 55.44.88.77.in-addr.arpa udp
US 8.8.8.8:53 36.134.158.93.in-addr.arpa udp
US 8.8.8.8:53 182.247.250.87.in-addr.arpa udp
RU 93.158.134.121:443 300.ya.ru tcp
RU 178.154.131.215:443 yastatic.net tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 011698f8a9ca56e9d8ead4754ef2b968
SHA1 75408610223570e6c0240e3205236899c3c61f19
SHA256 817d0a8c94e05da1604c0a24a1532d5d846aa530de8e2093ef5e2bfe472fb8fc
SHA512 9dea4c799126fd558dc76c0ddc7bcaf69e3912d5cbde7467aba990661a4479d3a79d642b8e320d2a5dc73edb357d290453b06bb33e49d1ef8a940d133c05c6d6

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 316f05bf3a84774eadaa9f1ca3db8fa5
SHA1 33dbd8b97d185cc06d525e70ecbadb017bda15ec
SHA256 919607b4feb9cb67b1f9c339559ebf0fd665b8f447db37d6f73a65fdcc2fafda
SHA512 9355f6f54e2df660d7d52c897d43700bae82fcd46a4bda9252cc490026ad406722de16861291882518afe31907bd1d4b33d3276d6d13a8c60ee7e0c61f01d531

C:\Users\Admin\AppData\Roaming\Yandex\ui

MD5 8d20e741194bd0470614a0b5d06ebb1a
SHA1 19552f2d2063f55739b7600ce0a46ca540935a45
SHA256 37331424edd48a347bed3a510054415f408efecf51b539d14012f173bceba781
SHA512 ba777779410856cfecec8554015ea5415e89d02f0ef304c75cb597e672ad03d594d4b4e0f1272092fbceb1275677bbc726c23e4a82d42a887f8b5c2775aad6f2

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 be0c5d37afcc97d5e2bcd989bf26b590
SHA1 b8ffad8ce00497337a9f6e3b02a91ed11ef6c062
SHA256 fd5c7c2bf4fb7ed6a82d86ca918ac06530bea54c3b2fe909e48fbc5a2e48c4d5
SHA512 11fb84a44a108e2e6602919e61b2a40ce66bb676d9da4eef163d7d6fda4b8fb2df15fc338150080de6b99f13e93141f2a41d081bec51391dd741d8b709c3f9b8

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 c2d4b076f42687ce9a3d048196e85b54
SHA1 6144a566c1e6f9063b86e9982d56eb794e64891b
SHA256 005f6caa336f8389c24e298d3c2c41f848177d739d7c44f8f28dd6734105a058
SHA512 5dc173e55e19c0f9c98d740f47b527eabcabb208106c64ff115270dda838085fde53c3260783985d1b48329903d5041c3caf254eb6728cb68f2be526c36bc50d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0a9dc42e4013fc47438e96d24beb8eff
SHA1 806ab26d7eae031a58484188a7eb1adab06457fc
SHA256 58d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151
SHA512 868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 baaeb1286b8f511937303398b460b661
SHA1 e2abdfb6606014cc3ea622a70fd001ecfaaeecdd
SHA256 40facf40cf6380aa3a8fe6d78f618019c72836d73f4508704722172100a91bd5
SHA512 713b5e48d98afb29a41f9e7b7e4e0f4625b1b0afbbcb25f78c7d897ca56495aa6a94a1f1cdae9047204783b045f5962227290bf3685d45da7f36c5f368f1454f

\??\pipe\LOCAL\crashpad_1544_MDTQUBORVXXQCSFD

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\66F835E41EC6A985EB9271E4A70169D7_CF44E3C99F7F4AC558EEB35244F7E046

MD5 b3a50f5cdbbc1412bddec5c13362f70c
SHA1 b4de15a110f9d9fbeb485c7cb01d9a7d7acf8357
SHA256 9a56a079e89a16586180a7fbfc7146d69aee8ac6a1e62e9bbb89ac5e603a7774
SHA512 c1513444c63cbafe2d4fdd1e8951c72f21773419004515f2652a5b9ae89e40585327c53da545cb8a53700f34ede0c92dcb9766efb29cdb66bc69b0da0393f525

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\66F835E41EC6A985EB9271E4A70169D7_CF44E3C99F7F4AC558EEB35244F7E046

MD5 e0c0bc3f31e1f003ba6b8bf2adf3beec
SHA1 b5aff9e69cf2abe8303f6c61787fb282a30e7f14
SHA256 34dd936499c1ead41633f78216fcd780284b055ee9adfbf50660c177cc7fc349
SHA512 08eb9bb5ae128f36c11464fb626753f64ae334dba84ff50df02c7438d2bd8297113564e375cd1c61b94efc680dff377d37a51b7921e128da369d08bfd6320a38

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_7DAD5545724AA2C98C55095F428499FB

MD5 92503143624810cb146c058280333015
SHA1 436f428df88da2809f12faf918837cf92f5dbbee
SHA256 2a8099bb289e3fa43bc78d5a55a78b2c4b4d117d86c0ddeffa57bdb651ff5aad
SHA512 c245ce6170880bef6f5972aa4062e021caf637d7e6c769ba7d647ab9cb9119e5783f51c8fb621f7d6b7a6f21f9f6022394781df2b77e4fd6c1754885d6074539

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_7DAD5545724AA2C98C55095F428499FB

MD5 1e51393ad828d2dcf899aee0d7164f76
SHA1 cfdfb364b840c85e63a0cd2e4da21a8e78734f0e
SHA256 e41801245e25395af46f6b26e30e02f5c52a6c28feda3d0d2c36391a8762bf3a
SHA512 3b11559b7be593c3d4e647299808ebcc8ae047db744d47e0bb16c951e610eabc5ce8bcbc8be77fe2a730129bef2de39ac6b9d2a93539ff9db7af12a7b380a343

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3

MD5 706719f21a1381d24f926b0081592f14
SHA1 5297657e4a1d5310cb0157e24c55d4ae7d66dc81
SHA256 8616db10de0d16ef21b4a88ce8f9ef04156427d1f9a6aaa508f0f07ee72c1b7e
SHA512 e2888a0a1b7d3672598ce318d81b0d51d2f77ebec0a191365a0327560fa831d5712174c5aaa609c47c9b1efc6a901616a35cefca05de498bd8f2fa9399c28ba7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3

MD5 2b46c3163669756823ce21574179f1f7
SHA1 401a45826e4105e39238f9487c28ecaddc225fa2
SHA256 f174551d9e5a268cfde35d2606cc7716a2fcb2e499fb00a94107c13b09be68b5
SHA512 aefd7008a4898085f9ac67ba53a7f9e706dca460a92eedeca3d864183f985f8af955fb886c83a0fdc8609614445cf26a36c0d263ddb853bd595085420d1bba5a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B

MD5 3fdad953acb347dead14a0c881ac9f95
SHA1 cb11d9684dd49ccc6723259b877d7d8a9715af7e
SHA256 f4c1b14856d27ac155f4fe0d85fb4d5e7c37441d009359e27b5a52cea8e68078
SHA512 aeaece5c5f60265bbaf8d176f1cc95141c741eb15c08aa8167b4efe6fcdbad9499d2959f24cff4609d562f782c4225e817edf6ba6193d318e8cdc8dab8c7158b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B

MD5 db2147d9a69894434131593bea823606
SHA1 d7dd5c8e7e1fca45dc7627251dea884ffa2a28f9
SHA256 7e8228db08ab2d3f9564d1a0fb657dd665843efb32d520b32b5a12eeaef62400
SHA512 1bf0cf7efe3830227a6613c9d2c604cc3547839541a0a731d8fc42eaaf5cccd82b058db96010c2e917f053784b2e9d7c93262668fdff5b945b40afc9d82d3b91

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\bd99b39a-7b62-4804-ab50-84e1cb51172a.tmp

MD5 a065975460f087e7743dde88d9f330b8
SHA1 f68766a9d0b1e4430f217a675c3f62205d1dcede
SHA256 6fc1b6109bebcb2e94eb6489198bbebe44e0599f2149655539e1dbb8feaa05a7
SHA512 71f2e7fe4841be0fb6828bc1c7c611f95557b43b78f881a14b2e463852ac038fe36baf28aacfdd29968e052a34a519c6943334cb7a411d4fdefb188ff3f63dd2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c25e5f2362a381194cb1b7f388946e03
SHA1 f53c87cb717b29957b3ea668b5ba627fad7cb234
SHA256 bfd79e7e93d50a1156dfb82ad56aeac1d31b5060b2f40dd2208f714a62c21b10
SHA512 26bf09e32672b74bf3f2c8d838a63fffddc9a838f523957ca9c33634a483a0873ecbbac9dc4c7ea0196f6c5ac90b262c057245db5db6570cba6f9374c579aa1c

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 05c3c7eb35ccdef20468540ec6991c08
SHA1 9b0b1dbb0a91db0367ab7e30562ee16b95b1c406
SHA256 0256566cdab05745c83f5093284f04a1325b6c92b7b6dd2c3745e8ea4a75002d
SHA512 f0ac9b0cba40117bedddd4b0552cc92df981e76342a57c6aa311b60f1e3553cc3e677de974bc6e6e71b664280d7c54a24729e3e3f37a5eb1efe97ec3bcc07c25

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 3556ebe6318282f6fcd6271cad8660db
SHA1 2d2f1029869fc67c0831871838e0c3fd4e5afb91
SHA256 8408b7be87d72658213bf6f63552c763d32f2fb8d5432db3fe3f9abb14a22d54
SHA512 9bb184ddba96f110fa7645d3314017db7c5cc097830fb8f45cf987af8f896c028515bfcb658fca3b3368141f1c30e695afaa23c9beaa0e0d69be418011e0ab5d

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 ea511b66c00e7ec6ef58a122fbd2d202
SHA1 3f0da41af0ecb5cf8630c9cb0b77ed9da137305d
SHA256 89200f90f301fb8be16f7dd8d34db8266011667cfae949689a413a0ae6f4660b
SHA512 bb3e8600e16abd80a68783c2f86be322ed3a1221277a35b0589154e9c96486d5b1f822cc342c3719f8aff2789cc67c6ae735d558b56020774b765c601f2c5d3a

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 f5609e851f35602067bbcd70bcdd6cc8
SHA1 b2c1a3e87ca37de50d6d8839575bf8db22ac218a
SHA256 254155a35bd5c1e2e84323354747557502545d9950dd7a4c5cefe4e61afce936
SHA512 15c772e0eaeffbc77556db73889fc5fcdca84c80732e9bd38e54bafd3f8af982e7b83ec20ad1fd4a5212c1bced8bafbd8e92af4f664a726d1aa8cfd5af2ae456

C:\Users\Admin\AppData\Local\Temp\YB_69CB5.tmp\setup.exe

MD5 85d846823c88a1bb8836cfd8907320cf
SHA1 6d9b5bd3edb701f1403f7f65ba83ba493a106192
SHA256 3e9b0d73bec058270f9e233b57f13c276f054e1be5da5a5a6c26a510cf3a15f9
SHA512 6a043c9e594b77d45532244735a334541bfb3ce379159ede9d44e4d40ce2d77e68c632e044b1ab02216eb34801bae99fe1439a9c86c89320d0c3dcb9db65f272

C:\Users\Admin\AppData\Local\Temp\master_preferences

MD5 140d790b876aefd9f1a0812d544bf9ae
SHA1 896a7819f2e8bc36ca92992ffc3febbf7851e161
SHA256 c8fb515b5a762aa96cb702bd098a247ec6a573d9d70f258eff954627f02a0e00
SHA512 193b073994a2acaf87becde3daf0a64bde5cca296ec987945ab0044da43469f01abee7efe21d0f870a6c53d65f50e84b09be871b048fb87b83b0212090c0abe0

C:\Program Files\yandex_browser_installer.log

MD5 db38841dc945d3ee3509f89eb78cbb3f
SHA1 2243c3cf88b3b06a79d9ac136f48048c78afcb85
SHA256 c630bf194fe914763888857bbb6f69fc7484d77a7a6ada5662041180f240b0f0
SHA512 48523bdcae4aec3a99220964d7cd58d5f7c36949b2f4d2a2f8b8e3b73538544519b9354d4af68d4c19826b139fd3b01126150146e20c02141b2f35b251a52453

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Temp\distrib_info

MD5 6e057e23dce650497eef288ee99d525f
SHA1 6b0829f7412265042bc1b12dced488e2ab2af186
SHA256 aa40a3e699555d6533e89de29f42007094c5cdf216e77687150b64213b96abe1
SHA512 c17c0e8daa32692d214abe83036da03a654225c43e95d267c4b518d90071b9ec9475c842a114182ad34d1e7289defd100ca718181971e2ca6181e07415854b9a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\349D186F1CB5682FA0194D4F3754EF36_329286CE101A90C7D927A9DF52224760

MD5 2bdf46be5878816941f3eab4dd59a9ae
SHA1 1e0fc79bc3f2738ce10e024415908b72c85b4f81
SHA256 a6e7072a3edc428503398f72eac0d47fc8d503eda91368b6034b5d92177f58ec
SHA512 f5ee8c28d74c2a37224ce3ca2116b0188a33e36b745721a8034ab1f39e65052757fc0c2fe470c742f19a3abe6cd0a25d5767248d3e6c4fdc81bcf0ade24b257d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\349D186F1CB5682FA0194D4F3754EF36_329286CE101A90C7D927A9DF52224760

MD5 f625e742579dc2f0b02670770d2a9b68
SHA1 c690943db93e8a9400019ec750461a6231bf6963
SHA256 63ab42eae708a64c1156ab2a08169878d8764a34138a766ac500dfedf2e5126c
SHA512 9f9ec011e7d2e295b7776719208a3f6aa45b50dae6dd376f6e8e942b524b9ac7f0e8010c2546bbe278c6adbca4adc99f9b013edf87a4117a3e4f619039df42bb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 14e14e96485afbc5907f6e9c5e5b9390
SHA1 30eec8ec80229d8d69c6ee2ef9b042fc03ece1c4
SHA256 0b4c0c92cc20a0915197653d4ece9c85bf5ffa4cd3527a7916e83ec0f7ac58d7
SHA512 137ade5bb7c489bd6609ae91d1f37aea0bc7dfdb94cdccae047654848610418d837572dff3c5a2fb8912230bc6194458711c8c5be08f6cfdd6f82a335a6023b3

C:\Users\Admin\AppData\Local\Temp\YB_69CB5.tmp\BRAND_COMMON

MD5 9da8a139bf4d5e0776cef62f05bf2407
SHA1 90841e68f3c61d8a54fadd0b2ddfa6e373b2c939
SHA256 f8a69b101323c8a730167620420867e2ad1664904cd4b06ad691db23fc61453f
SHA512 2a0997ce8ba8046e2748b46d1ec3b9da5bd308eeac88558248e3320aa61efcad0745e8cf1edc10fa8303df2cdea11b9f2210261963212148dc881cfc4cbf6f80

C:\Users\Admin\AppData\Local\Temp\YB_69CB5.tmp\brand_int

MD5 8c167f6e79cac9ead27bbf354f6856d9
SHA1 b913e37b79cdc47dc9ea02286532becda4d64d0a
SHA256 bc98136f08488fa26b258de3a6456c0365446219448788353ef5eb204e454d82
SHA512 6c9e7526cfef7aa23c5bffd961814d5b74a0cd025b71e96dbf90077e5739c075ce10b9a3c48115d364f3a9cb16dfd0e7ed0a82ab436277fc593bdd8c9ebda7da

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A334956C3F99BD182BF4859935BADE72_FACA7E02B2152427A5B3C5BC1AC9CE92

MD5 edb0767c39d199858b62776e38406cb5
SHA1 39477cee82e65475030c85119c5804b4d4920d90
SHA256 8330b9abfb58363f7d139d4def2d390cc50c9a0281ce73ede1b2975de27ae5c4
SHA512 7163ea24c472d1ff60636a9e1f7dbb98483cbd0a650bb2bc80584129a378a72ea46f3da8e05b74d071a3b7684a22f3d0934d7b593d51cf94d85d8b81aeec14d4

C:\Windows\TEMP\sdwra_5464_1711763568\service_update.exe

MD5 8cfe6ee4fa6c0d2916de38c4601ef40d
SHA1 1d5f29ea1909489cc552c108f92dfa7e1b9022eb
SHA256 a96b4cc2627b0084412910e9e7f965a99c1e19f65d202308dfcd21e0b831b2a7
SHA512 fd7b1daff2960846a2bb20ae3147a0b6c55bd15e9f35dd6cedd4bc6fd5e6010132b4e6a77eecc89b6248c22e09f749c56a052a2b6ca70de644780f64b26fef5f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A334956C3F99BD182BF4859935BADE72_FACA7E02B2152427A5B3C5BC1AC9CE92

MD5 587ffb0ccf9c7b0e067bdf11dada16b3
SHA1 6689ddd7af116db4ad5b412357b88c88f8c0f559
SHA256 b148f82a20c9509ccebe237595d76caf0033a5ad7b4bcc9abdd589382b969323
SHA512 31b2e0d18f17d752a7acf6c5b3d97ab73f4fd16bb89b65c646652082be6ee755bc177eef313ce109afe1b581b28458081ead2b0cfaf5349692b83e8f98186c93

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9E5AF9A59B2A0198F537F5F6F7EBA776_57ABCF7C80DDF20409A123C0B25EDA1D

MD5 1d5fe659c2d228ad490a3afc0bf39894
SHA1 47a80a2b639c9cca12b3c2b3024fc07e5b24643e
SHA256 d104cff2bc0652165f3c9b39eaca7e123c63a8fe3752e693c188787b07405416
SHA512 95ad6052dcb2ceac39378070f0437c108e05789f32299ee177ed3b01c2b666b956b28de18587240e80b0bbfe2629a462df33bf0d30d2d2b0bc2862e9830b3547

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9E5AF9A59B2A0198F537F5F6F7EBA776_57ABCF7C80DDF20409A123C0B25EDA1D

MD5 2bd1ab696bfd18bf7ea1c98861bc0423
SHA1 ae736df8244868d383462fdc84df46dc17ba4eff
SHA256 8edbf72fbb615ce43e4086f81799f6426ddca5aa15f50373d1007fb2d5a138d4
SHA512 a0dce15f4f2174be1945cda15d300ac0892dc31f363fa8f99c0c09e90a45c44e64090e60c09d55c2ae6fc20f80014897e83ebb5e068753c539055383a78ed9e3

C:\ProgramData\Yandex\YandexBrowser\service_update.log

MD5 40cc9267f0583414f41b007013ce7a5a
SHA1 fe1d50579d498564574bb2bc774bd9fc4b9ea94f
SHA256 141951c1c3eb556cf65c543a0cecb15aa2b08286b91ec4d4f48021ff142bb21a
SHA512 54f1c06a1a4f821a72e0d52a51c8f18d7770fb978f62392f2104ea040066f511fa08880105a03a1accf7d8c546c9962098d2d78af79f5953915d6c78e7c8cf30

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\wallpapers\mountains_preview.jpg

MD5 a3272b575aa5f7c1af8eea19074665d1
SHA1 d4e3def9a37e9408c3a348867169fe573050f943
SHA256 55074794869b59cd5c693dfa6f6615aea068c2cd50cdae6dd69bd0410661ded8
SHA512 c69bf39362658dd6cbd827cf6db0f188a9c4410b3c6b7b532595fd5907974e2141d857942ffb2497282e31eaa33c71240c2c2bd8721046df55e3358e8b76c061

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\configs\all_zip

MD5 1d71aab097bac538c29bfe8cf5a78326
SHA1 65e63399ecd362051bed39b4521e4b6d0d069666
SHA256 bd1e003c3964da816c6e824caaeb5b18c06299f6783dffffc382b94029f4c5f6
SHA512 9450373f3a1d4f0913e13b8c019c2a1dd97211a88dcd3371251ae1e08a9e36b4db9958ef320353fe9bc45725947165f2161fc8e8f00b6eedd806e161f7508315

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

MD5 4eedf5b0592bc1191a681b1fa9a01d04
SHA1 35e16ff9fb343b8b320fd53b82e78427a8b598ea
SHA256 8af21b5c5ce8355cef9dc007c423c0ffd6faae8354ee017322e9936d96a6f852
SHA512 2ce6f622537b966c0d0e07ebcf3c73e996ad8ee1e2fd1cbb2bb8f0fd7e988fac20ce7fb94c790c275c418a2bd8a0c28a1c657d80768d64bff81ec8a4d8a6f629

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\extension\elokbjeafkcggjfjkakpchmcmhkhaofn\brand_settings.json

MD5 909b09582eadd71cdfd92d615ea70a87
SHA1 715f244e8c4b306f26649167a2186a598f65f3df
SHA256 7bbd3e9581b9990cd48933c7b6ed0a22216db7f3544daf510b4acfadcab0426a
SHA512 95a6d43d88b88bacc7ad49ea40b1797f28c2fe835f8c5287b13426581088154d952803c8461d6c311520fa3b92ceae4ee9f9328a9e70ceb9b48be639f948cc4c

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\extension\fcgfaidpicddcilhjhafmmcgfodijhjd\brand_settings.json

MD5 fda6c7f7660e9be254ef3745b8dcc4c0
SHA1 953062beb6ba234633f1de0a6964e7dec3ba2cf0
SHA256 29660aabd512c66468f36862bf0087855e4c18bee937e9d1a403d548f0ce1b8c
SHA512 0b18601b8771071d601c00a8ecb687d807ca4c785c387701f6dff99566fab72227b9af84a17bf9c40a583c2501d3c20cb93681f4a1f6cb0227e4dd5b5a005077

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\extension\gopnelejddjjkamjfblkcijjikkinnec\brand_settings.json

MD5 4c817e4c2d0ed4b5603e7192da413a6a
SHA1 e70fe2b6c5548273bc00b8863e0752c7bf93ad11
SHA256 cbbda477eaadbaf9fc385bff50dfaf9af360dd82fd8b345209456d8da580273b
SHA512 39a4796f25ee166dd8a079b3556b1e50d9e85a1bad8a9229a428a9d160411c7362fdf05db872ff167ce23f7769de582f63155863bd3e06313d49e71841f369ae

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\morphology\stop-words-en-US.list

MD5 202e1cc3e24e0a76bb1fd8779ddae5cb
SHA1 7566a9437663e808740ef75c9a79f414daa6b44d
SHA256 95984aa8caca82fc5c2ac6721e17206e45f12404567bf05bf397131ab83cef58
SHA512 dba1d7714da25c670cef62d22638ba759add34e26e69666973e26b7e7542b7c04d3694bb0f22ec2b7f89a33e48b3546507a108a385ba5945e0d293f501511717

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\morphology\dictionary-en-US.mrf.sig

MD5 197eaa00216af72690c09b8b82211809
SHA1 1e49ba86b771b391b63335fede7614f5ac427f84
SHA256 d5e3a63301977129113a9c0bdc0dd14173768c6f9f5ce2f2036c0cc6a53d706c
SHA512 f57b8e7d481ba5791c6bf454363fca3aad042270b572fb4b2ae1c0429a6e2f70d153b6bf44b139d48c959a1817c4e72ad3b280257b7877746fe93c40c880f514

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\morphology\dictionary-en-US.mrf

MD5 c8a293e130ee93c08592f0f5ba9616a8
SHA1 49e7d245af097bd28af5ffa503858830cd45011e
SHA256 fbd6c8f911927a994db26eac21e4c028d75ea9de593eaa525f331e5c9a911ce3
SHA512 9f4c01c6083ad7063db29b7075e0ac475794dfaa9b6714b119174607aefbf5384cbf17a96256b097de5b2a73669d060d5082cf2aa9244e7968c3d8853d09083b

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\safebrowsing\download.png

MD5 528381b1f5230703b612b68402c1b587
SHA1 c29228966880e1a06df466d437ec90d1cac5bf2e
SHA256 3129d9eaba1c5f31302c2563ebfa85747eda7a6d3f95602de6b01b34e4369f04
SHA512 9eb45b0d4e3480a2d51a27ac5a6f20b9ef4e12bf8ac608043a5f01a372db5ea41a628458f7a0b02aaba94cd6bb8355a583d17666f87c3f29e82a0b899e9700bd

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\wallpapers\abstract\light_preview.jpg

MD5 9f6a43a5a7a5c4c7c7f9768249cbcb63
SHA1 36043c3244d9f76f27d2ff2d4c91c20b35e4452a
SHA256 add61971c87104187ae89e50cec62a196d6f8908315e85e76e16983539fba04b
SHA512 56d7bd72c8a380099309c36912513bcafbe1970830b000a1b89256aae20137c88e1e281f2455bb381ab120d682d6853d1ef05d8c57dd68a81a24b7a2a8d61387

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\wallpapers\abstract\light.jpg

MD5 3bf3da7f6d26223edf5567ee9343cd57
SHA1 50b8deaf89c88e23ef59edbb972c233df53498a2
SHA256 2e6f376222299f8142ff330e457867bad3300b21d96daec53579bf011629b896
SHA512 fef8e951c6cf5cec82dbeafd306de3ad46fd0d90e3f41dcea2a6046c95ab1ae39bf8a6e4a696580246c11330d712d4e6e8757ba24bbf180eec1e98a4aec1583b

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\wallpapers\custogray\wallpaper.json

MD5 662f166f95f39486f7400fdc16625caa
SHA1 6b6081a0d3aa322163034c1d99f1db0566bfc838
SHA256 4cd690fb8ed5cd733a9c84d80d20d173496617e8dde6fca19e8a430517349ed5
SHA512 360a175c5e72ff8d2a01ee4e0f365237bbd725b695139ea54afc905e9e57686c5db8864b5abf31373a9cb475adcbdb3db292daf0a53c6eb643a5d61b868ad39b

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\wallpapers\custogray\preview.png

MD5 0474a1a6ea2aac549523f5b309f62bff
SHA1 cc4acf26a804706abe5500dc8565d8dfda237c91
SHA256 55a236ad63d00d665b86ff7f91f2076226d5ed62b9d9e8f835f7cb998556545f
SHA512 d8e3de4fea62b29fd719376d33a65367a3a2a2a22ed175cc1eeff3e38dfbaac448c97a6fbea55bc6159351d11a6aad97e09cb12548cf297e01bd23bf6074de08

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\wallpapers\custogray\custogray_full.png

MD5 55841c472563c3030e78fcf241df7138
SHA1 69f9a73b0a6aaafa41cecff40b775a50e36adc90
SHA256 a7cd964345c3d15840b88fd9bc88f0d0c34a18edbf1ce39359af4582d1d7da45
SHA512 f7433d17937342d9d44aa86bcc30db9ae90450b84aa745d2c7390ff430449e195b693a8ae6df35d05fee2d97149a58a7d881737d57902d9885c6c55393d25d6f

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\wallpapers\fir_tree\wallpaper.json

MD5 8a2f19a330d46083231ef031eb5a3749
SHA1 81114f2e7bf2e9b13e177f5159129c3303571938
SHA256 2cc83bc391587b7fe5ddd387506c3f51840b806f547d203ccd90487753b782f1
SHA512 635828e7b6044eeede08e3d2bb2e68bc0dbbe9e14691a9fb6e2bc9a2ac96526d8b39c8e22918ff2d944fb07b2531077f8febd43028be8213aa2fad858b6ee116

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\wallpapers\fir_tree\fir_tree_preview.png

MD5 d6305ea5eb41ef548aa560e7c2c5c854
SHA1 4d7d24befe83f892fb28a00cf2c4121aeb2d9c5d
SHA256 4c2b561cf301d9e98383d084a200deb7555ec47a92772a94453d3d8d1de04080
SHA512 9330009997d62c1804f1e4cf575345016cda8d6a1dd6cb7d2501df65ea2021df6b8a5bc26809ddfc84e6ff9450f1e404c135561b1b00b9e4915c69e84f89cfec

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\wallpapers\flowers\wallpaper.json

MD5 4938bc67f6e2d6e8faeb7ba9ca8dbc69
SHA1 7600cfbe9d5e6be6a12642670107857abe36e383
SHA256 3bdb98cfc0379426a56ac7813f4bdd4787bea9ee8a65b7914e62226e584ac977
SHA512 27b680deb837cf7831c2d865f210fa1321fe5a2ee885be1dc058916ae0fa0e6fcf9c9f9de4ee86806dd3ab271c47f79ab621741664b8bdce7be117ff52ef6c85

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\wallpapers\flowers\flowers_preview.png

MD5 ba6e7c6e6cf1d89231ec7ace18e32661
SHA1 b8cba24211f2e3f280e841398ef4dcc48230af66
SHA256 70a7a65aa6e8279a1a45d93750088965b65ea8e900c5b155089ca119425df003
SHA512 1a532c232dd151474fbc25e1b435a5e0d9d3f61372036d97bcaab3c352e7037f1c424b54a8904ef52cf34c13a77b7ab295fb4fd006c3ab86289577f469a6cd4c

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\wallpapers\huangshan\huangshan_preview.jpg

MD5 1edab3f1f952372eb1e3b8b1ea5fd0cf
SHA1 aeb7edc3503585512c9843481362dca079ac7e4a
SHA256 649c55ccc096cc37dfe534f992b1c7bda68da589258611924d3f6172d0680212
SHA512 ecd9609fbf821239ddcbdc18ef69dade6e32efd10c383d79e0db39389fa890a5c2c6db430a01b49a44d5fa185f8197dbbde2e1e946f12a1f97a8c118634c0c34

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\wallpapers\huangshan\huangshan.webm

MD5 b78f2fd03c421aa82b630e86e4619321
SHA1 0d07bfbaa80b9555e6eaa9f301395c5db99dde25
SHA256 05e7170852a344e2f3288fc3b74c84012c3d51fb7ad7d25a15e71b2b574bfd56
SHA512 404fb2b76e5b549cbcba0a8cf744b750068cbd8d0f9f6959c4f883b35bcaa92d46b0df454719ca1cef22f5924d1243ba2a677b2f86a239d20bfad5365dc08650

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\wallpapers\huangshan\huangshan.jpg

MD5 c51eed480a92977f001a459aa554595a
SHA1 0862f95662cff73b8b57738dfaca7c61de579125
SHA256 713c9e03aac760a11e51b833d7e1c9013759990b9b458363a856fd29ea108eec
SHA512 6f896c5f7f05524d05f90dc45914478a2f7509ea79114f240396791f658e2f7070e783fab6ac284327361dc2a48c5918b9f1c969b90795ceacce2c5c5bfa56ca

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\wallpapers\meadow\wallpaper.json

MD5 f3673bcc0e12e88f500ed9a94b61c88c
SHA1 e96e2b2b5c9de451d76742f04cc8a74b5d9a11c0
SHA256 c6581e9f59646e0a51a3194798ec994c7c5c99f28897108838aaf4a4e2bda04a
SHA512 83fb3fe4a3562449a53c13d1c38d5fe9ef1fa55c3006f59b65eace9a6ad4963e768088bc500dbe5266b5979c6ace77874ef11a15a7bd9fabae00ff137e70ecb5

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\wallpapers\meadow\preview.png

MD5 d10bda5b0d078308c50190f4f7a7f457
SHA1 3f51aae42778b8280cd9d5aa12275b9386003665
SHA256 0499c4cc77a64cc89055b3c65d7af8387f5d42399ff2c0a2622eccbd6d481238
SHA512 668e1a70a50a0decf633167ac23cba6916d0e05d0894daae1f7e3d487519f0a126abd4298430b38f52746a5c3b83ccd520b3d9b0ae1a79f893e36821a0458566

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\wallpapers\misty_forest\wallpaper.json

MD5 2b65eb8cc132df37c4e673ff119fb520
SHA1 a59f9abf3db2880593962a3064e61660944fa2de
SHA256 ebe9cadad41bd573f4b5d20e3e251410300b1695dfdf8b1f1f1276d0f0f8fa6d
SHA512 c85fe6895453d0c38a1b393307b52d828bad8fa60d1d65bb83ffa3c5e17b71aa13cab60955489198503839ce5a4a6c1bb353752ab107f5e5b97908116c987e52

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\wallpapers\misty_forest\preview.png

MD5 77aa87c90d28fbbd0a5cd358bd673204
SHA1 5813d5759e4010cc21464fcba232d1ba0285da12
SHA256 ea340a389af6d7ad760dff2016cf4e79488bda1a45d0a415b3cd02a4430c9711
SHA512 759519b8822a6a4b88fc9ba47fa9d5d898b2f5a0f359acfbefc04809e6d7f5df86fb130f191eb6f63322792a18c0e7170aedf3ce7060fd9ad7e1bec2e686c3b2

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\wallpapers\neuro_dark\neuro_dark_static.jpg

MD5 e6f09f71de38ed2262fd859445c97c21
SHA1 486d44dae3e9623273c6aca5777891c2b977406f
SHA256 a274d201df6c2e612b7fa5622327fd1c7ad6363f69a4e5ca376081b8e1346b86
SHA512 f6060b78c02e4028ac6903b820054db784b4e63c255bfbdc2c0db0d5a6abc17ff0cb50c82e589746491e8a0ea34fd076628bbcf0e75fa98b4647335417f6c1b7

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\wallpapers\neuro_dark\neuro_dark_preview.jpg

MD5 29c69a5650cab81375e6a64e3197a1ea
SHA1 5a9d17bd18180ef9145e2f7d4b9a2188262417d1
SHA256 462614d8d683691842bdfb437f50bfdea3c8e05ad0d5dac05b1012462d8b4f66
SHA512 6d287be30edcb553657e68aef0abc7932dc636306afed3d24354f054382852f0064c96bebb7ae12315e84aab1f0fd176672f07b0a6b8901f60141b1042b8d0be

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\wallpapers\neuro_light\neuro_light_static.jpg

MD5 9c71dbde6af8a753ba1d0d238b2b9185
SHA1 4d3491fa6b0e26b1924b3c49090f03bdb225d915
SHA256 111f666d5d5c3ffbcb774403df5267d2fd816bdf197212af3ac7981c54721d2e
SHA512 9529a573013038614cd016a885af09a5a06f4d201205258a87a5008676746c4082d1c4a52341d73f7c32c47135763de6d8f86760a3d904336f4661e65934077e

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\wallpapers\neuro_light\neuro_light_preview.jpg

MD5 d72d6a270b910e1e983aa29609a18a21
SHA1 f1f8c4a01d0125fea1030e0cf3366e99a3868184
SHA256 031f129cb5bab4909e156202f195a95fa571949faa33e64fe5ff7a6f3ee3c6b3
SHA512 96151c80aac20dbad5021386e23132b5c91159355b49b0235a82ca7d3f75312cfea9a2158479ebc99878728598b7316b413b517b681486105538bbeb7490b9c2

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\wallpapers\peak\wallpaper.json

MD5 f0ac84f70f003c4e4aff7cccb902e7c6
SHA1 2d3267ff12a1a823664203ed766d0a833f25ad93
SHA256 e491962b42c3f97649afec56ad4ea78fd49845ceb15f36edddd08d9e43698658
SHA512 75e048c1d1db6618ead9b1285846922c16a46ee138a511e21235342a5a6452c467b906578bdd4a56e7b9e0a26535df6fb6319ae1cae238055887b48963fa6ed6

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\wallpapers\peak\preview.png

MD5 1d62921f4efbcaecd5de492534863828
SHA1 06e10e044e0d46cd6dccbcd4bae6fb9a77f8be45
SHA256 f72ea12f6c972edfe3d5a203e1e42cbbaf4985633de419342c2af31363f33dab
SHA512 eec8171bd3bea92e24066e36801f334ac93905b7e8e50935f360e09fa8c9b9f848c4c62b687299e8297c0693d6dbaf9c6035b471e6345d626510b73e3606ee4d

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\wallpapers\raindrops\wallpaper.json

MD5 5f18d6878646091047fec1e62c4708b7
SHA1 3f906f68b22a291a3b9f7528517d664a65c85cda
SHA256 bcfea0bebf30ee9744821a61fcce6df0222c1a266e0995b9a8cfbb9156eeeefd
SHA512 893b2077a4abaa2fe89676c89f5e428ccd2420177268159395b5568824dd3fe08bea8a8b2f828c6c9297b19e0f8e3a1b7899315c0b07f4b61fc86ce94301518b

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\wallpapers\raindrops\raindrops_preview.png

MD5 28b10d683479dcbf08f30b63e2269510
SHA1 61f35e43425b7411d3fbb93938407365efbd1790
SHA256 1e70fc9965939f6011488f81cd325223f17b07ee158a93c32c124602b506aa6b
SHA512 05e5b5e9c5ef61f33a883b0286c2239cb2a464581d6e8a86d7b179b1887b4cb2cd7304e0821cdd3208501421c44c63c248a5166c790792717a90f8ac528fbf2f

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\wallpapers\sea\wallpaper.json

MD5 92e86315b9949404698d81b2c21c0c96
SHA1 4e3fb8ecf2a5c15141bb324ada92c5c004fb5c93
SHA256 c2bb1e5d842c7e5b1b318f6eb7fe1ce24a8209661ddd5a83ab051217ca7c3f65
SHA512 2834b1ef7bb70b2d24c4fedef87cd32c6e8f401d8ee5f3852808f6a557724ce036c31a71298cd0ed601cde4be59ec4042542351c63c4e0ac3d31419f79240956

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\wallpapers\sea\sea_preview.png

MD5 3c0d06da1b5db81ea2f1871e33730204
SHA1 33a17623183376735d04337857fae74bcb772167
SHA256 02d8e450f03129936a08b67f3a50ea5d2e79f32c4e8f24d34b464f2cb5e0b086
SHA512 ff0e60c94fc3c0c61d356a26667c5170256e1143b29adf23d4e7d27012da72ed8865ef59dc2046314c7335b8d3d331e5fd78f38b9b92f6af48729dae80f85b15

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\wallpapers\stars\wallpaper.json

MD5 9660de31cea1128f4e85a0131b7a2729
SHA1 a09727acb85585a1573db16fa8e056e97264362f
SHA256 d1bef520c71c7222956d25335e3ba2ea367d19e6c821fb96c8112e5871576294
SHA512 4cb80766c8e3c77dfb5ca7af515939e745280aa695eca36e1f0a83fb795b2b3ef406472f990a82c727cea42d1b4ef44a0d34a7f4f23e362f2992dbff2527798b

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\wallpapers\stars\preview.png

MD5 ed9839039b42c2bf8ac33c09f941d698
SHA1 822e8df6bfee8df670b9094f47603cf878b4b3ed
SHA256 4fa185f67eaf3a65b991cea723d11f78de15a6a9a5235848a6456b98a9d7f689
SHA512 85119055ddfc6bc4cca05de034b941b1743cbb787607c053e8c10309572d2ef223786fc454d962fbb5e3cde5320117f9efe99041116db48916bc3d2fcd4ffa25

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\wallpapers\web\web_preview.png

MD5 3f7b54e2363f49defe33016bbd863cc7
SHA1 5d62fbfa06a49647a758511dfcca68d74606232c
SHA256 0bbf72a3c021393192134893777ecb305717ccef81b232961ca97ae4991d9ba8
SHA512 b3b458860701f3bc163b4d437066a58b5d441d8a427a8b03772c9c519c01983e3d3fdb8da20f6a53ad95c88dcdd0298f72822f39bc3672cb6f1d77fcc3f025a9

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\wallpapers\web\wallpaper.json

MD5 e4bd3916c45272db9b4a67a61c10b7c0
SHA1 8bafa0f39ace9da47c59b705de0edb5bca56730c
SHA256 7fdddc908bd2f95411dcc4781b615d5da3b5ab68e8e5a0e2b3d2d25d713f0e01
SHA512 4045e262a0808225c37711b361837070d0aeb5d65a32b5d514cc6f3c86962ba68f7d108bf4d81aa3bf645789d0753029a72c1ce34688a6d7af15f3e854c73f07

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\wallpapers\sea_static.jpg

MD5 5e1d673daa7286af82eb4946047fe465
SHA1 02370e69f2a43562f367aa543e23c2750df3f001
SHA256 1605169330d8052d726500a2605da63b30613ac743a7fbfb04e503a4056c4e8a
SHA512 03f4abc1eb45a66ff3dcbb5618307867a85f7c5d941444c2c1e83163752d4863c5fc06a92831b88c66435e689cdfccdc226472be3fdef6d9cb921871156a0828

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\wallpapers\sea_preview.jpg

MD5 53ba159f3391558f90f88816c34eacc3
SHA1 0669f66168a43f35c2c6a686ce1415508318574d
SHA256 f60c331f1336b891a44aeff7cc3429c5c6014007028ad81cca53441c5c6b293e
SHA512 94c82f78df95061bcfa5a3c7b6b7bf0b9fb90e33ea3e034f4620836309fb915186da929b0c38aa3d835e60ea632fafd683623f44c41e72a879baf19de9561179

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\wallpapers\sea.webm

MD5 00756df0dfaa14e2f246493bd87cb251
SHA1 39ce8b45f484a5e3aa997b8c8f3ad174e482b1b9
SHA256 fa8d0ae53ebdbec47b533239709b7e1514ecb71278907621ca2d288241eb0b13
SHA512 967670863f3c77af26fa1d44cd7b4fe78148d2ba6ea930b7b29b9f35d606554d664c0577068e0c26fa125d54627d7e7543360bce4acee0af17783b07450b5f52

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\wallpapers\1-1x.png

MD5 80121a47bf1bb2f76c9011e28c4f8952
SHA1 a5a814bafe586bc32b7d5d4634cd2e581351f15c
SHA256 a62f9fdf3de1172988e01a989bf7a2344550f2f05a3ac0e6dc0ccd39ed1a697e
SHA512 a04df34e61fd30764cf344b339ba2636b9280a358863f298690f6a8533c5e5dfa9773a14f8d16a5bb709ea17cf75e1da6302335aa9120009892e529bfad30df9

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\tablo_UA_

MD5 1af7c65a09f5b23c8919656a631580db
SHA1 c9dca1523cc25f50bdd8d5ce2d354abb40cf6e5c
SHA256 71f09d4dc7592990580ad74d2f5262c29f98f72e11319daccdbcd1f095cec3f0
SHA512 f39f7490857186663577af939c802757ba35a8b15fd0d7acc9786779f5cd2e179dc41d5b89695abaeaf1b6acc9d20b5754e6201f2ffe55c393e8fedb3ac24eb6

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\tablo_TR_

MD5 9aac83dab47ce1228e8819cdcf1cceb4
SHA1 c3d60af194dc7be089ea62750ecedbb6e5fa16fe
SHA256 199b7586e0d25718342e3657eedbe81d20968759af4a8a63b04eb9ac6ee56d5f
SHA512 3cf47d3c13c752222a34a94896c005db96927c2d5d4c132655bd7a84bfb9607a0feeccefbfae8e98467cd8642c31d843bba4c6293007ef071d91e7dcfc8bf1b3

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\tablo_RU_

MD5 fbd7c40aa538b758a4588a07e88ac57c
SHA1 af30b54822bbd0674cb1ea9a51be19b7a78d43b4
SHA256 4ff2f383821f2e77878e4e624aadda8d4fc942e54803c69747da41c9988919c8
SHA512 bb183fe4b7f197bcf1ef72b5095cf41065f288c1426b006a6b99873969592825b623eeec51642a98fa783f6d7817766747a3f1209c8344559d21614f12c58448

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\tablo_PT_

MD5 0dde45f225a4290e59bfb55c80d4a51c
SHA1 3ebbbbb509d51a7c8e5cf409068644ad5ddbc09e
SHA256 8acb93ee7331e6b12feb81102b435c4bc044c614ef0fb8e69d2a0116bfe33d40
SHA512 d250d3891165505eb1fb7c5d2ccad397428785e8a6bb689dc56b55f2313f4b11bf402132d6f34ab6e9192453c43b74915bd7ddfafaf1716a954ccabd8b4d28c7

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\tablo_KZ_

MD5 7a9698fd54deaf12679dfa246adf5b60
SHA1 e824691b404a9aafe617c9c88e2063aaa08794bb
SHA256 8ff43d0de20a9e37107bd6428d6ac41843fe4f8261b00b8cea5792b72e365122
SHA512 805d72d8ade2e2018e7dba83bfdc292b3cdc4dff9746e717d74f5955466e55f67f8d03076bf1a6c5f8be37e77f8aaf855044b8b28a0e7f39580dad009fea4e8c

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\tablo_JP_

MD5 eb6d55790b6164b73e275c2401ad0550
SHA1 5c47d0c866925eb05a4b59986921ed60f8a612c4
SHA256 61f5b2ef85394c0034cfb05b650d7f4d9d79ffa87f2f6448566929f27a11411f
SHA512 0d4915979764f168b320e5152adfc18b186c5c966a3d42ba02c81bd5041386e08a89c818aa79d1c76304a3c9a3971982d5c97fc0493f19c1f283a64317acf9f3

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\tablo_IT_

MD5 da963f528183e2c335b3523c5b5e667f
SHA1 1b63bc824508cc978916ad6ace199d8058ef53dc
SHA256 bdc01e40b4ac8d262d616d31bef7d8bd2784c918ec9ea76e2be929bfb554585e
SHA512 8e1dca38a869a00bf7eb86b4173850631b1085068da2b49a184ef68029e03b8fe1906d8d0df2f6a5457905570b6dad57191a8175d6581a50092d531bda672e73

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\tablo_ID_

MD5 2271cc49e222c5fd558572fe9d7808b0
SHA1 6dbcf76e96e67434b8b9f294a61d1185afd9cbba
SHA256 8a4d261a6344c0eca555038eab21dd54d68c3cfbbe6eb11e7792c33f12537d03
SHA512 f3c5b9480dda3b8d7d7c36e5b2d4084c776ddd92d3a1e8086b9bb447486060ba07fb3d7ad9c8a15421d19b82b4e61f60057e94da726e5c8a7362438fa8b1961d

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\tablo_GB_

MD5 efda29551136fcc4de2ab4092ff02e21
SHA1 a911fb873c1221efd99e9ca330435788aea01a75
SHA256 c491c7db179d23b53ec7f378f280d971d7b96d738187c1377fed5bc8c89a652c
SHA512 e650b8b567dc658720cf74d8eb5cb6d51b4685f208232b9510a6b8739f8caa7f1d5e5e7b20a98b0b856ee56dce86cdae3eb7cf1b83974cb473011253a0af5c25

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\tablo_ES_

MD5 1c5d71e5a413ad550a08fe785f11d94c
SHA1 6c90db1ac6f5aa58202ee350f4e53ae3971be2bb
SHA256 e60f38def5e81c8784a6e09c61bb9577e3bba62a959d01a1a858f1ac30b61643
SHA512 5a74f8161ee5cbca1d935186b28d3650a6632be8d9b558996043decf0ebe05ab81af5ad8d94aa4632e370e596e9db9912c8e08bfaf0e1ef127c0cfd4d059b3af

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\tablo_DE_

MD5 4757da1b4ddb8085be308d987b150a35
SHA1 ce3492d4efa7f87e29c6b53aa7e3ac6d9ee95152
SHA256 9133f9eca9355387159ecfecc7158796305713c4046445d601eb5ded5fc0d3c3
SHA512 025d1e09494ac470f0cdefea6136d928d47f5f795f105603b43f37e43884e2c73da15757dc24f6793760bcc11501a2a4b3832a31f213c6751da20fc866ce9d72

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\tablo_CN_

MD5 f2826b7f3232265257d6efad0c443d21
SHA1 9da0d12745e199ac3f30f92c672b4dc97f35c75c
SHA256 cfb1791b0a72d00fde5675da5c041fc2de53123b5f5b2b2129237404eb8ba482
SHA512 4a8ac9dda75df8016e9b367b5d76afbab7f4f7f6fdcfe7f36d6273b7709fb992c377d21954a3665c234f84f640342b90161965e5dd09942ff8fbeaa8cccf7b8d

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\tablo_CA_

MD5 f8495a109372348b2f3aa8fd41fac4f7
SHA1 77c42c500e5a0889ad83d7693c6988b091a45012
SHA256 3b5a77e2a5d9bd96d68ae95981d82aab133fca44110622fcf5ee7e12dd667ebd
SHA512 19126463e599d7a41a7b1815ca8176a7aac922ef39807c262ae15671bb49c0244e884094b361a20554c08e0aae028155d6608f080fd0d72ee12d36185ea203a2

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\tablo_BR_

MD5 6a8fa7f8a6893d052627cd428d1e3237
SHA1 81422d8c739a136967a6bf77167bda1afee1280c
SHA256 71e8cdfe763f3479b399ffdb8dacd136e118c52b9d980e75e97a41e592cd258c
SHA512 86bf094a4b2d7d13ac1d9d872458ca88cadca6744a638173e0425f4eba5ff624343de2c9b9ef38502174847e0b4f00ce768c7fafdf8e7f8a9ad1d1c2fb308d42

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\tablo

MD5 b8aca2f09f3c9ecbd1c848007c3fd8b6
SHA1 e81fc8e2512026f9df9a661529a1e7a9ce0b2ba3
SHA256 a3b688dbadf99ba57652809adf074bb6e441895d0035983fae33912128fdb7cc
SHA512 df4eae94ee9eee02ce2fb7ced9968d9f644369638ec1ff392a15a28c89e4ec112aef966260be4072681f87145eee1460db1ced15b61798e3955c10eed3454a38

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\sxs.ico

MD5 592b848cb2b777f2acd889d5e1aae9a1
SHA1 2753e9021579d24b4228f0697ae4cc326aeb1812
SHA256 ad566a3e6f8524c705844e95a402cdeb4d6eed36c241c183147409a44e97ebcd
SHA512 c9552f4db4b6c02707d72b6f67c2a11f1cf110b2c4ac5a1b7ac78291a14bf6eb35a9b4a05bc51ac80135504cd9dcad2d7a883249ee2e20a256cb9e9ceeb0032f

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\import-bg.png

MD5 be2acbae1c7b09125a85c5517a7dd70c
SHA1 091dbd354f830ddf74258b337dc4f7177a860d1b
SHA256 d1f78371b8d86ecd9a1e6c5878ff5da756f8c9ebb6b1a6d5d24ed017ad64c010
SHA512 dfc66f11ab6f79a8726efe47c478664973b04a277a9290cc6703899a12271909c757482be8c0a2cdcdd290e5a2a29d441a8d09c2bfc686a9482f07ceeb33f673

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\about_logo_ru_2x.png

MD5 a6911c85bb22e4e33a66532b0ed1a26c
SHA1 cbd2b98c55315ac6e44fb0352580174ed418db0a
SHA256 5bb0977553ded973c818d43a178e5d9874b24539dacbd7904cd1871e0ba82b23
SHA512 279fb0c1f2871ce41b250e9a4662046bc13c6678a79866eaf317cc93c997a683114122092214ce24f8e7f8a40520fe4ca03f54930148f4f794df0df3ecf74e9d

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\about_logo_ru.png

MD5 ff321ebfe13e569bc61aee173257b3d7
SHA1 93c5951e26d4c0060f618cf57f19d6af67901151
SHA256 1039ea2d254d536410588d30f302e6ab727d633cf08cb409caa5d22718af5e64
SHA512 e98fbfb4ed40c5ac804b9f4d9f0c163508c319ec91f5d1e9deb6a5d3eada9338980f1b5fe11c49e6e88935ecd50119d321ce55ca5bdd0723a6e8c414e1e68e16

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\about_logo_en_2x.png

MD5 900fdf32c590f77d11ad28bf322e3e60
SHA1 310932b2b11f94e0249772d14d74871a1924b19f
SHA256 fe20d86fd62a4d1ab51531b78231749bd5990c9221eab1e7958be6d6aef292d9
SHA512 64ebc4c6a52440b4f9f05de8ffb343c2024c4690fe5c9f336e78cd1dd01ae8225e8bc446f386feb442e76136b20d6b04ee293467b21f5b294ce25e500922f453

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.10.1.598\resources\about_logo_en.png

MD5 1376f5abbe56c563deead63daf51e4e9
SHA1 0c838e0bd129d83e56e072243c796470a6a1088d
SHA256 c56ae312020aef1916a8a01d5a1fc67ed3b41e5da539c0f26632c904a5e49c62
SHA512 a0bab3bae1307ea8c7ccbd558b86c9f40e748cdd6fd8067bb33eeef863191534af367a0058111553a2c3a24e666a99009176a8636c0a5db3bf1aa6226130498f

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.10.1.598\brand_config

MD5 61facde1de4ca1ed571f9edf5f09af09
SHA1 8b0371af8d36a883b2c2af320d3fb0f34dc9dff3
SHA256 0fc8a43e353d856891874f3a8b253d7cd0642643a9836d2ae61361815a3ee2f6
SHA512 5034579d7d743d0f18e4d15fd0914d773ac16b52933ce46a484a204b69430426fe94ff399977cb56421b03426ddba85d3d51db5bcedf88f3b030149cf0c8eb05

C:\ProgramData\Yandex\YandexBrowser\service_update.log

MD5 2dd3329aeb8d221919af26866a7bd393
SHA1 e4229cf0f0dd82a56c6d2036d70e849a9074dbc6
SHA256 096ac02d3fd7566c6821614a49e514ec6be4ce0e7da412358476eb3e5828aea8
SHA512 ff90252a940cb50c364d13c73572d114e74388013a1e902fe4b0ad60a03d72719b8468a7d039166a310ba9cb28bd131052770ac2612eca1bf92c5b706c44c3b9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_D94F4A82266DCEDAC0F3F1BFD0843F4D

MD5 da850a7c75e86b528100bff9fe05116e
SHA1 3bcd22303164c156ba432cd80c5112b42bd6d91e
SHA256 1b28a81f5ced37ba96506e504dd7ddaff136a9e3f24fa00fa48d258979615616
SHA512 3de1f992b18bc69b20d94d4ad04c3849ff251cead324f8093f61105e9c35f70d836a8b29034fa975f8777516d79e72baef33ff6e96ad5f8a49d6cd290831e07f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_D94F4A82266DCEDAC0F3F1BFD0843F4D

MD5 57a825f3fd508dfdc14a806ab7c0ee17
SHA1 d580f06850122ec40f9db1e781bef7d9bd70706b
SHA256 d47a438d5faeca62a46e5fdd23722c3e92278d34d09df053b1bd58f056b18701
SHA512 e6923cac2d192ec169b21ed278d6d64faae7c9b38af0a3351d3ae3ba1ca23bea079876d5f763f2b1e2a186e8be9d2dd77d0d2458fef56cf979ec19f0ba523520

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\357F04AD41BCF5FE18FCB69F60C6680F_394487CAFBCFB8C5917AD7A10924C8A7

MD5 d5723ae38007fec88dba8ca8851dc84d
SHA1 9964a2a170aacd6263783dffefa204e25372b5df
SHA256 8829b56d8d82cc784f849fcbe3d2f4fde45e6c387de70f0eea52b599d4259c7b
SHA512 78cf89138307926c9926308a798f57306af78f5177be40890a86e47c08bf18ea4dbb32e1d59d53d29e20a752fa0e1297c97f0390bfbc94fe49fa25c21fbdd316

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\357F04AD41BCF5FE18FCB69F60C6680F_394487CAFBCFB8C5917AD7A10924C8A7

MD5 e46d86d829d835a9ac58fba6d3359e2e
SHA1 74148116e1b645a81a9c46985e9e716aa9d72de1
SHA256 5827b33fd4727e484f34e524a76d7a88211f330c2c5057e3ef439245844efaff
SHA512 3c306c31bacdb825372be1c30b8e9e7d6f0df29c1c161469686a81c2eda9f500ee0730ace16e194a9c3b4ab9e5918fb04557e44cddc3d5f21328ac9f92bcdc9b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E

MD5 e65f3511102f4f4a359a4a52f380ca50
SHA1 9d5d952d15e7c6fdbd5e35d03b80f299ed293e61
SHA256 20d0c4b098764a1f1de95591e54c80f2d88fc383fac76ac43161a636edb14474
SHA512 8e5679902c558fac58f2794ec8ac94df6d58c7bb091897db4e5513da714d0abb5e9d174b39a5cc08f6ee95d00749cdac9e3210ab7c1b791c7395496091fdd104

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E

MD5 78ba90fbc7f62d292492ac2b6df8343c
SHA1 d5082cde561482b21f3549720d1392e47d5a8fb3
SHA256 2d9af114975e72f299dfd2b428eb2072421b3a773f551ca95f869e9e40b6646a
SHA512 9a0251dcca85c44790c9c0a394a5d725a68b1ba4e78bc8f0cecc1749e2e419613dba59190a92e8fcd5d8f4f254db3f48bac41592bb13ce1ed65ca21b33555d63

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\install_state.json

MD5 b4b2ac5a6b0d4d5dbc5de488fa6e855a
SHA1 3c039e6b3788f838e15970935c6fc7bb30194256
SHA256 d49f23bdda369efe511142892444c202ceb93e3a1693aead9c4412316c8ed839
SHA512 21e0f2d159ba48647c6af32269b40748abf966ac395e48e05441ffe0e45e94ab5d14e0391e9be0a3e0650deef4e180b44cc586684528db48c2ae96e718f3ec0c

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Sync Data\LevelDB\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

MD5 61520f34cde4db140359171d1e2c740a
SHA1 650669b99811df22f700d5133d8be0967bf877b1
SHA256 27e7a8bface34cf68cad47b990b34ad00a4f4e6cdd19b57e1dff46776565f8b8
SHA512 0f399685a869c238b90ba00da664d96f0222c14169a102bb4242c941216c965523ab029f15020d4b6d8bbd2a1a8f24d25e8cbee31b2534dc204e74228d54a00f

memory/4284-1188-0x00007FFD6C990000-0x00007FFD6C991000-memory.dmp

memory/4284-1187-0x00007FFD6CC20000-0x00007FFD6CC21000-memory.dmp

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences~RFe589093.TMP

MD5 387a4bad2b0d1e491f4455b7817ff5a5
SHA1 0ab9631766bd843d651be31cbb5fcea3ee6eaa05
SHA256 3747a7815076008f814d2b91c1e2be48e42b73655ae9122fbd80aad04ddf7586
SHA512 887a724d3932db46e3aa8214c9436779e1325fede96a33e7dbd5597d4250ac08d93766eb094f81e89198fd623c9f7cf9d930dffdb2ebd8d0eb2abede320e3232

memory/1548-1124-0x00007FFD6CE20000-0x00007FFD6CE21000-memory.dmp

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\GrShaderCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\GrShaderCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Local State

MD5 abb795b0ea8239b32e61f3477df70e59
SHA1 a429cbaa7af41262ebcfa05ffdbea3410b93a459
SHA256 cf2db8df4bbe09eab945f5d31e04b238629588ddae0c418a342040a4016d1671
SHA512 9cf329a4f69264d2b13804baa63950a30c5c4318dc8eb6c177f06b24d14fa4818fea8925e9b763855c18fabf6a15ad27da722043d95660a56d4cffbd2de8cf99

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\GrShaderCache\data_1

MD5 d0d388f3865d0523e451d6ba0be34cc4
SHA1 8571c6a52aacc2747c048e3419e5657b74612995
SHA256 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b
SHA512 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\GrShaderCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

MD5 cfca03b59352700904e202d238b94bac
SHA1 3a032058f67ed23d2cb8ddd0ca68397495200aec
SHA256 24e56fbed8e78385460e62b3bc2f19640aed4dc7223322ef1bcdb2b132d815f7
SHA512 4babbd6dada903188b9c15e32f1118a1afe64014416dc9f5a4fb5217392e46ac3fc842f35877811ac3a3a0c5f4194ea2f327ed8023f405513ee211e74740773b

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\27feffb0-3aa3-4447-91f4-d2007b8735a5.tmp

MD5 54497ce2271deb0e673ec048b44da343
SHA1 5f886314234b7aa6a4da5efc937a9d63ed007727
SHA256 3dcf052bb8050fa32f28873bb665f63f457799cb9a92549fb2dbea94014f929b
SHA512 d0d77d763b1b12c1b9d7a9a3f2aee4640ed5fb10d828b7c3c2cb051504c2b7b6438309124b934b346a4152c0aca009883d6bda42dc997188b8ca2736ac3419c9

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Secure Preferences

MD5 5e7b33b28fc2eb37c9affab1068d20e4
SHA1 d111ddb4c330f639d417273073a7746fdc13d7c5
SHA256 a0bda81c6e3f9b2057aa93de8d329801400345b0b3093226acbcbd3c0ee9f5cc
SHA512 9c0affb6d5294707d58025d8ac5cc041d8868a87fbfdc2668c4698afafe84f0a82bdd221b3e2b0dcfe69531008795ff290065ea44b912cb141ba2ec5f243b8c7

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Secure Preferences~RFe5893de.TMP

MD5 38576e4ad016342c9e4fa37f015cf015
SHA1 293f5199224f02e00f1ee073f8942868364f6935
SHA256 6d717a7712b43446ab906b795c49d62d5ba93b35c694a4f9c1449b15a25a4f84
SHA512 922e0b15e4165081f1d6c88f75b854be77bc1105c4e561c5da58fb23ace1db733b68f7a3e6367d545591ef07ab152b64d23cc669b4083925efea4a40848396f4

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\web_ntp_cache\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\turboapp_db.json

MD5 7ed3a466af0d7ebac42dc23139c5a213
SHA1 bf254df8a42598184bda5fe8cb77baa19c062ea0
SHA256 437f47f7435db143ac3110b12279d9aa5a36efc689a8dabc39ea1a8c38fdaeea
SHA512 f943b1c2768e006d583d744e8b562b5bbf83b633db83fd2868b2458d065bc6a9fdf15a2eba4bc9333fef20da6a0481933c4ea74e2d6fe8608fb026792731e3d7

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\turboapp_db.json~RFe589853.TMP

MD5 4191f01e0cc33ec1900863c0ef3a56d9
SHA1 1959b76740c2342f6f5ccc71be3a7884e7b754e8
SHA256 ac456e2efdf22b6632b1c6ceb2777bc70fea8be0271fe064813a7d8837bbb335
SHA512 984b0ad36322f7148bb413e827057216a1220dd98c83e7f643c3c384a6b7909cbe4f0b3707060cbb461ead62232d0d6d1dbfb1c601e3eece7b1fa4586b0bf223

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ab0d4d2459b7f23cc98251e4318a18ca
SHA1 7dd967a2259aa2aed9f1d7697f42e8152e6cf51b
SHA256 b160d385e13964c82f39aa76e736867ff027ea5b1889268987b0454c969b2f35
SHA512 389e57f99cf0ef8c9bf046481b4f87a87e929b2fad5da5289f7b03b9d066152538d913b1cfe5d6b5bddd23f9c7b52dd57eedffd414fabda38b02471934c77a47

memory/6600-1675-0x0000013BA8940000-0x0000013BA8970000-memory.dmp

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Service Worker\CacheStorage\a401a5c3e5a6e316d830c597aeb6f7a2ff00e988\index.txt

MD5 ff6c2db624d83c93f0d1296a875ac389
SHA1 6336c92b7dbdd252638888f6e4cc8fdaca51804e
SHA256 43a69fd354c92e58454533e84f9ea7cf97286db0e8121e7a32c52339c2da1b4c
SHA512 b07de8ebfdba81fb851520dcef9953034752429e7f0eec27fb66bf7d867ba633bd55d7fb3ed812761a7c3d766a0956ccc57dc2ec03779ebc19137f17e44f11aa

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Service Worker\CacheStorage\a401a5c3e5a6e316d830c597aeb6f7a2ff00e988\index.txt~RFe589e7d.TMP

MD5 d7e86fece6d77ca98f915e14eee02e27
SHA1 a15ee8ddd6060cee3e5928493326f0cd98b06879
SHA256 86bc408b8965350d3b13bba888885801f963246ad6b49139aab8a3ba0d102a03
SHA512 a2e5aba1e79c6e6a9c03f7270c552d7966915b8a33e5c40c8d5084eeb73fa30966df5eb9ff0f82dd785c19614aab28dc524a034bb182c0ac1e6e1f6ade300dc8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Service Worker\CacheStorage\a401a5c3e5a6e316d830c597aeb6f7a2ff00e988\index.txt

MD5 cc034b5bec35442004ec6107f106350c
SHA1 f4547f067528a0fe36f28004ef82b252e80f4c41
SHA256 3e980dd60170fbe2b667de8699bacc5863cbb5e853344c60d38fe147df7ec5a2
SHA512 be04cef3547a932b3507ee1956eccb93189c658567a401721c716590dbc5c006d0bfd7215ca7f087e768668a5b475194a3fda3d2e670ded4490fe6cad359480b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ea844459fcea765dfb5dc82917f62dec
SHA1 000ac8fb28c720e11d302e7c8c03582a41fe7592
SHA256 f179685e7ff6aa540d7da3f38cd32c8de78f444d229d27a5e3e7883010beb032
SHA512 2c5a058721a5afdc41801941bda41b711defc2996e99df33b5ae972a6772482a8b6972ad32149533199acfe0fac61bae76c888e65577f6a6be0136552df9ede8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 36962e04ce61d401bd7949dd837e0045
SHA1 ef3aabeb65139ccf6aa95d9621cb196b2573d803
SHA256 3a2708cc0a7cdff659463a8cea2473512e86424ef1dc4df821a927420369e47d
SHA512 975cc852432d8624958fc3cbf7aed063ef975d2ab731e50c09bd9c4b9981950ee7c165eccd49706e6dd0cad3fb1dc923f65b4b03aa65bc76cf344d77f5018623

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58a6ab.TMP

MD5 b5d12e54964ba0216e60d443eb48d05b
SHA1 18caef612a1b6808b86bc27a34e24e80a1bbd686
SHA256 10453cf8e1f8cd4d9ef0e4cb662229015593e8f2a24738aac81a425e35304a28
SHA512 968f5de15c7ab3beb858c71b8decb57277a105ed333a00a07aaabf7244fecff2897683f1a849f7723402613809d81df30ebdb843c98547144e61a6cef2a76e59

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

MD5 4e6ae90f21a7a5de4207644009c58a76
SHA1 2a0d269e322684dae8380eb9e512b3b81114d3b0
SHA256 6ea7b57e5269ec8d9156c94b0ff351d670244d6d444972fc072e00d1146dc05d
SHA512 249a5abe7b63c7cf99e4804952c0a9596140a131a6e061919e63b8236967454ecdcc1fd00061e2bbcbd431b426237a39ca4b43f5f30442f9c8ded1d9d548b93a

memory/5612-1933-0x000002D9D3CB0000-0x000002D9D3CE0000-memory.dmp

memory/1568-1948-0x0000022BF46F0000-0x0000022BF4720000-memory.dmp

memory/5568-1949-0x00000168D46E0000-0x00000168D4710000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f62d71fa8e04e0f133d53eec768598f5
SHA1 65b78fc89f8e4abbb595a96f59aa5e27ec26d186
SHA256 ec686b9e2efb022bf6c96f666adfd988daf8f1d5977be36019f8422391dd0b38
SHA512 2923f6afc336d63259da32581f801ca6c06b0fcaf4f6bffd68f047c0bdbd1acdd5329e728dc61dffec2343e50396c4cf0f07ab8f2f3d41ca18c99d4c53ede641

memory/964-1977-0x000002604ABE0000-0x000002604AC10000-memory.dmp

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 abf60f53149e6c645e61855cf3f1623f
SHA1 d8466e67759b599fe631a6b8b8156b7267cd0fbd
SHA256 c1956617899a922e09b74ead80985dc8728901dfe6ff94cb03b977928dd4afb3
SHA512 1c7b737159784db8c0f4db7f5d952a8b65a163302b81dad832c32eacfb04d5582bde21b9aaa77fba20134791bfb0c4341428e6265b4ccccdc395daf67e5d8856

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe58e1df.TMP

MD5 d3a79d796b6351f20826cea4c652f218
SHA1 50f1be4663f76fa9de1da9483c42db932961925b
SHA256 2a263b9118b5ab808bedfb625ef1ccd784039b398053aac0bd26ede99717e810
SHA512 9c51d5271ebc48257858ddac1e59487f469e47029f66ff2314077b01175176bec5c65f478120ffea9640a092858be3549577b75ae0e3293c183062ee133fdd55

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58eb94.TMP

MD5 edfa259d6fb5ac2e01540e095d429e72
SHA1 1a7707aa8c146fb43d4f85710160e83a8936c450
SHA256 ebc72f0b8410d2d0679637203dd7dda03c7a602722d84171aac09fad8a853a59
SHA512 b25c5b6d18c97455e9347f32a29d4e8a4560e99eaebf6b3c24420e4e12ce13449354e3ef0c0b1ac29aba4a5010d02637349e2bf1e88a2ade67399aefcc5b2517

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 2ef9fa3c09c6290023265cdd04177f5e
SHA1 40098e60571d0f5b7bd2e1f07e5f9240322264e4
SHA256 39a4414229e260f35c9e9b05f7618c5ecb631b7e6e7bcfdd58f24314559332c1
SHA512 7f7a2df7b0e7e0ad19b25e87701d3fb54e0d81529433f052025fa156c4a90ac9b06b64d7a24e8a4a5bed164eccd157b0fe2f8089d57ad1a97e29910eabc3c46e

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Service Worker\CacheStorage\a401a5c3e5a6e316d830c597aeb6f7a2ff00e988\9e5aaaab-cf7e-45df-8d53-c35697897fd0\index-dir\the-real-index

MD5 a611900714f65bda0c45b41f6f4f79d0
SHA1 5bdc1986e09d6789f84771c281cd2edc4805f22b
SHA256 ae6a5de7593aba6859b4c388f427f28756be303a744bc4f79367efa60011070e
SHA512 f0b373eada0644097887f4ad9b4210022561f2347aad9ef22381ee7546f50612a53a82478562c6680d3a7eb11ea2e22e63f9c3d33525a8d00f8d6502cf0e7d14

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Service Worker\CacheStorage\a401a5c3e5a6e316d830c597aeb6f7a2ff00e988\9e5aaaab-cf7e-45df-8d53-c35697897fd0\index-dir\the-real-index

MD5 4d3a9741cba78ee7f47d9c69d92206bd
SHA1 89b395134dcc2dcac45e67d0db7da7b25720f5ec
SHA256 7d2c0a65d55657dfe812dfacbbe9e911c44c896a83f80421f7e43ac72e256f2c
SHA512 e6a36e47df07a5a3643918216960252c944b183162ac6717ee07f339dbeed00fe13e53bb44e08f74231282519b736e05370f42832a1fc7f48d74fd4ef24a6010

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Service Worker\CacheStorage\a401a5c3e5a6e316d830c597aeb6f7a2ff00e988\157be58d-9263-41f9-9f6d-db4c5e443a82\index-dir\the-real-index~RFe58ee33.TMP

MD5 6daa4b186feb0b90d7e6730a1ce17d6a
SHA1 9c38bb03582df8e900550825aa3d368e8adad1c7
SHA256 e22a4ebf8b9b86f38306a4922b7a7f899ac99a7dfa788761f3a980b4fc79e1af
SHA512 80dc0c1121d0a00831bd3b9ddbeaf2215965b8d90b60f3280cc4e6be0ba6767c8888fbc1b18c4a81b1643cdf03ce1cc87364ebedf21e6c997e674a9f594efd8c

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Service Worker\CacheStorage\a401a5c3e5a6e316d830c597aeb6f7a2ff00e988\157be58d-9263-41f9-9f6d-db4c5e443a82\index-dir\the-real-index

MD5 723e9c4efa7a35cf8c7e3b078376a56f
SHA1 32231133e314c68d6e3fb967c960ad6d6678ee7d
SHA256 9e69510f11e7fa3ed8c6ceeae269eee00304467408f04eedf050d78a27e1d38f
SHA512 4d1fd51e951f771fba81f1ba6cc4b2870b620418c9ce57bdc0296fb13deb7ed18521bb13d2ad36df837dade38049c39d76554c81a4eab64411344487819fedd9

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Service Worker\CacheStorage\a401a5c3e5a6e316d830c597aeb6f7a2ff00e988\afb70823-11a7-4f75-ae45-dfa9fa51497c\index-dir\the-real-index~RFe58f076.TMP

MD5 8642cfdb76430881ffe1015bb210571f
SHA1 1551f2c4a382c46fb56687cbd4f4077b4887d97a
SHA256 a1b2d1c0c20fbb15ebcbdb347314461de3f45b0c0ec52c0a863ac3096cd37223
SHA512 89c834b8a9715eef08c51fe0cedcf1516f82eec4eb641a9046aedbe62899e0d84ca8da57b703681d0ac0dc7b82856983243d58eca1ffa0e1ababd7d3fff51cd4

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Service Worker\CacheStorage\a401a5c3e5a6e316d830c597aeb6f7a2ff00e988\afb70823-11a7-4f75-ae45-dfa9fa51497c\index-dir\the-real-index

MD5 8abba74e953c2699a92e5cb767f2bb4c
SHA1 4e768c2ca945cd4f246c7cd24fff03cdfa27cac5
SHA256 a23745a55f310fd185c7c22285f95c497e37e4605f96c4a1ea2a062807ce6c33
SHA512 eccf212ddeb2fa39e4d4f96ef6d053d14f4eab09d731c821890ec691674f0b292c0c8da8761a8dc5173ddd83333c88935633f9f43a597e8ddc6790417c5be0aa

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Service Worker\CacheStorage\a401a5c3e5a6e316d830c597aeb6f7a2ff00e988\index.txt

MD5 d9ca6c8abb2c14d5298878c96c8308dc
SHA1 97bc51d13cb051fddbb9cf3b5c261c42d0993536
SHA256 3558a4c5b2e586f9875deca0baf564db96d8615daeea54bc2e7eb18f1542a9ad
SHA512 1b0341d4db08ad97250d42abd6574ac09094e620cbf1e9b8d81e9e9e18ea4cfa8dea9848951fdb50e83144c2554f04e59127ccb17c794ec37e7e3fd174362316

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

MD5 a36e96adff8988fec938729383d2b345
SHA1 3a1018291557e989a6c98acd9df3e182fe30af23
SHA256 f416d8f4db49c0c2fb3e3fd354678252b72f09f89b5976dd13700b4053392398
SHA512 0fba88494436c6c9db92b937fe5c3902aaafa79a95b2db8cf3a8d7983b783573563d702f96e50705049c1bf892e765d066db4b945ab117108bc12adfe9931f5d

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity

MD5 ad6a41f7cb3beb8a127e1dba63391bd4
SHA1 b47c6d1ed90a5bdcf9545bb9555028625aab3b7e
SHA256 5ce48e25861273e9cfdadf87d08c0e15b20a169696a8bc49265c1d5751b34de7
SHA512 8c5a6bebfc6b74e300bc7cb4f7b295fad1ae8967138f3b05715859dd47e33eca03aa991eb05f4a8b767e805b98a044ac33548d8636891a1a3380609bf27521ed

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity~RFe58f836.TMP

MD5 e80a8724203614b6dca556991ce9b4c3
SHA1 a687b48bc787cda695538b4b84f6c9fa78860781
SHA256 1a4c5204d124ca3b180753fe5e3b3c5950b6fc7d6830b7e73fdacb2b9887749b
SHA512 617600f7ee1f2125e3806aac309c1ee40de053c11f3e845d0ae771afbd29e286c958a4b247b68222814568e87a690c86e8d1f3da2117a701516e540f883a5dcf

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Service Worker\CacheStorage\f0a1ef1ab533153702e0a7f73b8d66e0b7e01d1d\f72255ad-cdd3-4a95-b9d3-00001858609c\index-dir\the-real-index~RFe590267.TMP

MD5 947ee9066093edb33e16445170412bf0
SHA1 ea02a83cbc7fa031f4187e9a02e9507db9b46c1b
SHA256 03b29f5cad26393cf35d2435372d32bd8e74184d2e67ede5047b9d983c81a1a0
SHA512 9ef5bc3c700a7e195f375fd20889e02d574e3c8f70d46fbbedb88d1da1a8ffb35a5eb361766ecd8c3aa3c2c8010369cc3a8c7c2906c59933ef7a316a9e538057

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Service Worker\CacheStorage\f0a1ef1ab533153702e0a7f73b8d66e0b7e01d1d\f72255ad-cdd3-4a95-b9d3-00001858609c\index-dir\the-real-index

MD5 4b23d42e8763db192a58fef336c62a4f
SHA1 30034addb4f6811620af973624bfc49c2e50ce45
SHA256 09d2d5ff24097f4eb48740b0c1859d68ba98a432750fd0cdca7aced372722165
SHA512 b0b012b051bcc18145f42ad15640ad8830c6fa9196c38a0b4bb360cff2ae904fbdce87c359646cbd5e41a76496836dd1d92b5e60bd5943e42686784b19695f80

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Service Worker\CacheStorage\f0a1ef1ab533153702e0a7f73b8d66e0b7e01d1d\index.txt

MD5 dbd44bb43d4d1c022ce960368a0291da
SHA1 241f435562d1307d5c48f57e51859ec77389e9eb
SHA256 df7f19f59cf1198fa347730405e6a1d551b8b56162ddbad7e2bfee724f26a5b8
SHA512 251ea4320b731628b42c5b0df7175af54655cf1f20603ed3c743d1badfbedfe01a7980a2cdf278f5c099094d35cb77eea35ebbef5aec452f42b948f7e97425df

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Service Worker\CacheStorage\f0a1ef1ab533153702e0a7f73b8d66e0b7e01d1d\index.txt~RFe5902a6.TMP

MD5 ecae1ebc22b0b5b4f868bb1a41d04c22
SHA1 040c3d79ca1addf64ac582118643b025d3944588
SHA256 d9e90d8e2487ce7ce2a097d69c58f58a41e1982e61007473b7e6772f54121033
SHA512 43f4dde9afdb1bae8ecdffbf02055974cd689df707b26aae1b5c1cdac7c32d31a2e02e62874c2b6bc3b2978561640f7017e5e77d0674b3c864fd786a707b0d14

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity

MD5 ec8c9928ae4912c9a9d8d21997d8b718
SHA1 8670d9f625d3fec800df34e26f49f51e007850d3
SHA256 b600613812e3186db913df7610264ac490c4d6f410c4d06c7bb2d4bb8a4dea73
SHA512 f3c1706830bd3481c6275daa898db8f610ec9f2f32fe76ea82ccbcf5fc32e4714f459ef525f80ff1d17416f49abb63ed83c3f0145b28506fadf97a5b9d13fe73

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 cdffbe70a8846f4eec5f6fe6eb6d8c11
SHA1 a074d519b276267c47ee8b876048bab0bb352022
SHA256 99ac301bdae727f0bb6fea9cf5579a74aeaa8634654f4b34f388f2544b3b24c3
SHA512 ecbf75233913041d74e1c2b4fafdaae41b6b8b497a755b5c5b9ef6acd6a32435e670f328fc5bf73fcfd6f162708a36cca17ebb8b2f653b64c0c12ed3e4cc9b22

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity

MD5 657c8c85188648bfa163cd09cd20d57b
SHA1 cc91c47e56d66b25876cbaf01faec7340c29eb65
SHA256 19cc6ce51e93630d26b359a3e1039fcf1948c91989c21ff1696cc74a91c413ae
SHA512 74c69afd6e8973664151041d9869501def204f3453eed1e1dc1406ae48b57d1bf4c01aaf03eb146990e9909f8a84d6b092034827fef01411fb3c793def05f8bc

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity

MD5 8df270683e3a1b92de51443b66c5e34e
SHA1 a92bfe525e18fc8e8be6a5f8c283857063600f7c
SHA256 65b7c704d44055924c7fc3298bfb2de77d2dabc0bca89c61a0ab9cb86eb948e0
SHA512 4643c37deb0783ac00a9d8e499bd0ea6c40b78fef81aac140740f557f2b738dcef4e2f5af13844b115a4f511d6a3c76bd25b8c0a092449804b5634ff34569543

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity

MD5 bbddcbdce94e53b21cfc4c6305c0741e
SHA1 e3fd0b45419701966e5eb2e4d13b06a37cbe4eb4
SHA256 1165cafb1c65d19a533070b34478390a34cce67d233f5f8b1598ad14ab88a3a8
SHA512 3dc0a8c651481f9eb3f96221b65db88c1e69d3378c84ac6ecb943ae8f6c3ee24ff6c9853e4ace4eb5b2695ac75775ec72fcbc5702484e864ffcc06f6a8c542e1

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\Network Persistent State

MD5 174f06b02a6b46a0847445f0437dc484
SHA1 00daea99db1cecde1075b16f6e329997c43ebd28
SHA256 89ae32bc18bc94a44cd16adaa8eae6e0b3d9a70adde63c4add90ea2cdcdd3663
SHA512 c19010ad3b1dbcd9e88816694d20fafc2ff889c6a7be08849565f907ed2147d1a70edc74860dd7ac70bfc23042ee105c051011c47e68cbe301f24ef88bae40bf

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\Network Persistent State~RFe59abf6.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity

MD5 3bc3a1d09d8667f1c49b6719946202f4
SHA1 142f4a817de398cd9a3acfcc485f3bbe4f1350cd
SHA256 ab548d403e872813c8225e1ab3b71eea4c0c5eb631fc5e83c1bc066d0a91abb4
SHA512 56a60cea47451249af404f80065e083a855ffc40a0900d7ef6d426644c369629ab043e568fd40b3eaf755592ee17e8d7d9215856e1bcea831f6b1a9562b4476e