Malware Analysis Report

2025-08-11 07:45

Sample ID 241108-qca8csshqk
Target 3d3d3e688ed64e61981a53ed0afb9f8202e4c4b1d41bb4fc4345df23db0b0085
SHA256 3d3d3e688ed64e61981a53ed0afb9f8202e4c4b1d41bb4fc4345df23db0b0085
Tags
discovery persistence spyware stealer
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

3d3d3e688ed64e61981a53ed0afb9f8202e4c4b1d41bb4fc4345df23db0b0085

Threat Level: Likely malicious

The file 3d3d3e688ed64e61981a53ed0afb9f8202e4c4b1d41bb4fc4345df23db0b0085 was found to be: Likely malicious.

Malicious Activity Summary

discovery persistence spyware stealer

Downloads MZ/PE file

Checks computer location settings

Executes dropped EXE

Reads user/profile data of web browsers

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

Checks installed software on the system

Adds Run key to start application

Checks system information in the registry

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

Enumerates physical storage devices

Browser Information Discovery

Suspicious use of SendNotifyMessage

Modifies system certificate store

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies registry class

Modifies data under HKEY_USERS

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Modifies Internet Explorer settings

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-08 13:06

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-08 13:06

Reported

2024-11-08 13:09

Platform

win7-20240903-en

Max time kernel

140s

Max time network

135s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3d3d3e688ed64e61981a53ed0afb9f8202e4c4b1d41bb4fc4345df23db0b0085.exe"

Signatures

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\ybADBD.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe N/A
N/A N/A C:\Windows\TEMP\scoped_dir2644_1155505755\temp\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\3d3d3e688ed64e61981a53ed0afb9f8202e4c4b1d41bb4fc4345df23db0b0085.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3d3d3e688ed64e61981a53ed0afb9f8202e4c4b1d41bb4fc4345df23db0b0085.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3d3d3e688ed64e61981a53ed0afb9f8202e4c4b1d41bb4fc4345df23db0b0085.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3d3d3e688ed64e61981a53ed0afb9f8202e4c4b1d41bb4fc4345df23db0b0085.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ybADBD.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe N/A
N/A N/A C:\Windows\TEMP\scoped_dir2644_1155505755\temp\service_update.exe N/A
N/A N/A C:\Windows\TEMP\scoped_dir2644_1155505755\temp\service_update.exe N/A
N/A N/A C:\Windows\TEMP\scoped_dir2644_1155505755\temp\service_update.exe N/A
N/A N/A C:\Windows\TEMP\scoped_dir2644_1155505755\temp\service_update.exe N/A
N/A N/A C:\Windows\TEMP\scoped_dir2644_1155505755\temp\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\GoogleChromeAutoLaunch_45886AE68CD319C7351FF54A1DBD4B87 = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --shutdown-if-not-closed-by-system-restart" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Checks installed software on the system

discovery

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A yandex.com N/A N/A
N/A yandex.com N/A N/A
N/A yandex.com N/A N/A
N/A yandex.com N/A N/A

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\6EQXPH8L.txt C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\6EQXPH8L.txt C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\4R95TFZJ.txt C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\_[1].js C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3 C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\DMZXYO4Q.txt C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\DMZXYO4Q.txt C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\JCB7JVXI.txt C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\JCB7JVXI.txt C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3 C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\2B46AY4G.txt C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\Q1BVMMFB.txt C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\P0N7GM42.txt C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\P0N7GM42.txt C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\4R95TFZJ.txt C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Yandex\ui C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\349D186F1CB5682FA0194D4F3754EF36_329286CE101A90C7D927A9DF52224760 C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\349D186F1CB5682FA0194D4F3754EF36_329286CE101A90C7D927A9DF52224760 C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\2B46AY4G.txt C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\Q1BVMMFB.txt C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe C:\Windows\TEMP\scoped_dir2644_1155505755\temp\service_update.exe N/A
File opened for modification C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe C:\Windows\TEMP\scoped_dir2644_1155505755\temp\service_update.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\System update for Yandex Browser.job C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File created C:\Windows\Tasks\Update for Yandex Browser.job C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File created C:\Windows\Tasks\Repairing Yandex Browser update service.job C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ybADBD.tmp N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\3d3d3e688ed64e61981a53ed0afb9f8202e4c4b1d41bb4fc4345df23db0b0085.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\TEMP\scoped_dir2644_1155505755\temp\service_update.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\3d3d3e688ed64e61981a53ed0afb9f8202e4c4b1d41bb4fc4345df23db0b0085.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4AC86211-9DD2-11EF-9CB9-62CAC36041A9} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "637" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000303eef0e2cd1a9499efdd285a56ddc50000000000200000000001066000000010000200000001cee9f833fe20fe3a967cb479c231e8e2f22b2253532a3ebf509a71001e3ea62000000000e8000000002000020000000d118c0c1fa2cc138dc5391563df56ba1be29c7f4dc0e6ea7491eed7652ce96fa90000000db0227d574294f131053987ba80db4492eb3a2041859d5108b453a808932e21966fa03b228adb5631c15c8aa73715a76f97f095896374073f3005a310c25b66a8a3d864d606a1eb626d88c08d1185a37a19cbd25d7a20cae6c10cdb26e330fcd3829be8aa18e489417d33aaadebd1136caafb08a2df5e0f343666990af7613eea711c8d81b6c8e7922ba9b08ea0c0e23400000001fd83f9cb744ec2d050e3980af5a96a20fa082e9766f0664d8b4afd72edd66e3e970a19fb1bc545b1c5cf7fb3c9e81c364d3dcd5e4730534878743609131211e C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "9" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "437233067" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\Total = "9" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\Total = "49" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\ = "63" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\ = "12" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\ = "27" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\Total = "90" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "606" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "12" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\ = "606" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\Total = "637" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "27" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\Total = "63" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\Total = "12" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\ = "9" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "49" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "63" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\ = "90" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\ = "49" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\ = "637" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000303eef0e2cd1a9499efdd285a56ddc5000000000020000000000106600000001000020000000734accd8ac75a4dcca86fe3c93b4b7d6fa2226ac8d6c8ddc1dda1e2934234d81000000000e80000000020000200000004778dbad95cdb10b0d030d400c6373e8d0f91ebf7170152ef08416b76660460420000000200298d8b6bedb8c30ce9525485fd3ac620d34f405f0d8ad3cfcb4d359a7119240000000d175662b9dd61d5ad03b534f687723217945032a8e53088c3bd20dd0d87b6d6329ec92c30fe9299aa7408c96385282b0c55e2109a45c328ed355ddce2a53cd55 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40199c2bdf31db01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\Total = "27" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\AppDataLow\Yandex C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\Yandex C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings = 4600000003000000090000000000000000000000000000000400000000000000000000000000000000000000000000000000000001000000020000000a7f0103000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "1" C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\da-d3-6d-ba-98-b8\WpadDecision = "0" C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings = 4600000002000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{4A506038-0EFD-4C38-8C5F-AF5F359B44E3} C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{4A506038-0EFD-4C38-8C5F-AF5F359B44E3}\WpadNetworkName = "Network 3" C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\da-d3-6d-ba-98-b8 C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\Yandex\UICreated_SYSTEM = "1" C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{4A506038-0EFD-4C38-8C5F-AF5F359B44E3}\da-d3-6d-ba-98-b8 C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\da-d3-6d-ba-98-b8\WpadDecisionReason = "1" C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\da-d3-6d-ba-98-b8\WpadDecisionTime = d0422f2adf31db01 C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:" C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable = "0" C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{4A506038-0EFD-4C38-8C5F-AF5F359B44E3}\WpadDecision = "0" C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings = 4600000002000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{4A506038-0EFD-4C38-8C5F-AF5F359B44E3}\WpadDecisionTime = d0422f2adf31db01 C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{4A506038-0EFD-4C38-8C5F-AF5F359B44E3}\WpadDecisionReason = "1" C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "0" C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\.xht C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\YandexGIF.KXJRB5QKF5VHT22RZIEB7EPFHU C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\.shtml\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\YandexTIFF.KXJRB5QKF5VHT22RZIEB7EPFHU\DefaultIcon C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\YandexXML.KXJRB5QKF5VHT22RZIEB7EPFHU\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1" C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\.css\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\YandexEPUB.KXJRB5QKF5VHT22RZIEB7EPFHU\shell\open C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\YandexFB2.KXJRB5QKF5VHT22RZIEB7EPFHU\shell C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\YandexGIF.KXJRB5QKF5VHT22RZIEB7EPFHU\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\.swf\OpenWithProgids C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\YandexEPUB.KXJRB5QKF5VHT22RZIEB7EPFHU\shell C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\ftp\shell\open\ddeexec C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\.infected C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\YandexTXT.KXJRB5QKF5VHT22RZIEB7EPFHU\DefaultIcon C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\YandexWEBP.KXJRB5QKF5VHT22RZIEB7EPFHU\shell\open C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\.png\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\YandexJPEG.KXJRB5QKF5VHT22RZIEB7EPFHU\shell\open C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\YandexPDF.KXJRB5QKF5VHT22RZIEB7EPFHU\shell\open C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\.crx C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\.tiff\OpenWithProgids C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\.gif\ = "YandexGIF.KXJRB5QKF5VHT22RZIEB7EPFHU" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\YandexWEBP.KXJRB5QKF5VHT22RZIEB7EPFHU\DefaultIcon C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\YandexFB2.KXJRB5QKF5VHT22RZIEB7EPFHU C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\.jpg\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\YandexJS.KXJRB5QKF5VHT22RZIEB7EPFHU\shell\open\command C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\YandexCSS.KXJRB5QKF5VHT22RZIEB7EPFHU\DefaultIcon C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\YandexTXT.KXJRB5QKF5VHT22RZIEB7EPFHU\shell C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\YandexCSS.KXJRB5QKF5VHT22RZIEB7EPFHU\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1" C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\YandexTXT.KXJRB5QKF5VHT22RZIEB7EPFHU\DefaultIcon C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\YandexJS.KXJRB5QKF5VHT22RZIEB7EPFHU C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\YandexXML.KXJRB5QKF5VHT22RZIEB7EPFHU\shell\open C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\yabrowser\shell\open\command C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\https\shell\open C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\YandexCRX.KXJRB5QKF5VHT22RZIEB7EPFHU\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-104" C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\.crx\OpenWithProgids\YandexCRX.KXJRB5QKF5VHT22RZIEB7EPFHU C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\.tiff\OpenWithProgids\YandexTIFF.KXJRB5QKF5VHT22RZIEB7EPFHU C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\.js\OpenWithProgids\YandexJS.KXJRB5QKF5VHT22RZIEB7EPFHU C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\YandexSWF.KXJRB5QKF5VHT22RZIEB7EPFHU\shell C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\YandexCRX.KXJRB5QKF5VHT22RZIEB7EPFHU\shell\open\command C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\YandexXML.KXJRB5QKF5VHT22RZIEB7EPFHU\shell\open\command C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\https\shell\open\ddeexec C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\YandexPNG.KXJRB5QKF5VHT22RZIEB7EPFHU\ = "Yandex Browser PNG Document" C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\.xml C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\.htm\OpenWithProgids C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\YandexFB2.KXJRB5QKF5VHT22RZIEB7EPFHU\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1" C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\.fb2\OpenWithProgids C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\.jpg C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\YandexPNG.KXJRB5QKF5VHT22RZIEB7EPFHU\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1" C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\.fb2\OpenWithProgids\YandexFB2.KXJRB5QKF5VHT22RZIEB7EPFHU C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\YandexTIFF.KXJRB5QKF5VHT22RZIEB7EPFHU\ = "Yandex Browser TIFF Document" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\.jpeg C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\YandexHTML.KXJRB5QKF5VHT22RZIEB7EPFHU\DefaultIcon C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\.epub\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\.tiff\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\yabrowser\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,0" C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\YandexINFE.KXJRB5QKF5VHT22RZIEB7EPFHU\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\YandexJPEG.KXJRB5QKF5VHT22RZIEB7EPFHU C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\YandexTIFF.KXJRB5QKF5VHT22RZIEB7EPFHU\shell C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\yabrowser\shell\open C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\http\DefaultIcon C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\.css C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\YandexSWF.KXJRB5QKF5VHT22RZIEB7EPFHU C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\.webp\OpenWithProgids\YandexWEBP.KXJRB5QKF5VHT22RZIEB7EPFHU C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\.pdf\OpenWithProgids C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 C:\Users\Admin\AppData\Local\Temp\3d3d3e688ed64e61981a53ed0afb9f8202e4c4b1d41bb4fc4345df23db0b0085.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 C:\Users\Admin\AppData\Local\Temp\3d3d3e688ed64e61981a53ed0afb9f8202e4c4b1d41bb4fc4345df23db0b0085.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 C:\Users\Admin\AppData\Local\Temp\3d3d3e688ed64e61981a53ed0afb9f8202e4c4b1d41bb4fc4345df23db0b0085.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe N/A
N/A N/A C:\Windows\TEMP\scoped_dir2644_1155505755\temp\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1960 wrote to memory of 1972 N/A C:\Users\Admin\AppData\Local\Temp\3d3d3e688ed64e61981a53ed0afb9f8202e4c4b1d41bb4fc4345df23db0b0085.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1960 wrote to memory of 1972 N/A C:\Users\Admin\AppData\Local\Temp\3d3d3e688ed64e61981a53ed0afb9f8202e4c4b1d41bb4fc4345df23db0b0085.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1960 wrote to memory of 1972 N/A C:\Users\Admin\AppData\Local\Temp\3d3d3e688ed64e61981a53ed0afb9f8202e4c4b1d41bb4fc4345df23db0b0085.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1960 wrote to memory of 1972 N/A C:\Users\Admin\AppData\Local\Temp\3d3d3e688ed64e61981a53ed0afb9f8202e4c4b1d41bb4fc4345df23db0b0085.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1960 wrote to memory of 1204 N/A C:\Users\Admin\AppData\Local\Temp\3d3d3e688ed64e61981a53ed0afb9f8202e4c4b1d41bb4fc4345df23db0b0085.exe C:\Users\Admin\AppData\Local\Temp\3d3d3e688ed64e61981a53ed0afb9f8202e4c4b1d41bb4fc4345df23db0b0085.exe
PID 1960 wrote to memory of 1204 N/A C:\Users\Admin\AppData\Local\Temp\3d3d3e688ed64e61981a53ed0afb9f8202e4c4b1d41bb4fc4345df23db0b0085.exe C:\Users\Admin\AppData\Local\Temp\3d3d3e688ed64e61981a53ed0afb9f8202e4c4b1d41bb4fc4345df23db0b0085.exe
PID 1960 wrote to memory of 1204 N/A C:\Users\Admin\AppData\Local\Temp\3d3d3e688ed64e61981a53ed0afb9f8202e4c4b1d41bb4fc4345df23db0b0085.exe C:\Users\Admin\AppData\Local\Temp\3d3d3e688ed64e61981a53ed0afb9f8202e4c4b1d41bb4fc4345df23db0b0085.exe
PID 1960 wrote to memory of 1204 N/A C:\Users\Admin\AppData\Local\Temp\3d3d3e688ed64e61981a53ed0afb9f8202e4c4b1d41bb4fc4345df23db0b0085.exe C:\Users\Admin\AppData\Local\Temp\3d3d3e688ed64e61981a53ed0afb9f8202e4c4b1d41bb4fc4345df23db0b0085.exe
PID 1960 wrote to memory of 1204 N/A C:\Users\Admin\AppData\Local\Temp\3d3d3e688ed64e61981a53ed0afb9f8202e4c4b1d41bb4fc4345df23db0b0085.exe C:\Users\Admin\AppData\Local\Temp\3d3d3e688ed64e61981a53ed0afb9f8202e4c4b1d41bb4fc4345df23db0b0085.exe
PID 1960 wrote to memory of 1204 N/A C:\Users\Admin\AppData\Local\Temp\3d3d3e688ed64e61981a53ed0afb9f8202e4c4b1d41bb4fc4345df23db0b0085.exe C:\Users\Admin\AppData\Local\Temp\3d3d3e688ed64e61981a53ed0afb9f8202e4c4b1d41bb4fc4345df23db0b0085.exe
PID 1960 wrote to memory of 1204 N/A C:\Users\Admin\AppData\Local\Temp\3d3d3e688ed64e61981a53ed0afb9f8202e4c4b1d41bb4fc4345df23db0b0085.exe C:\Users\Admin\AppData\Local\Temp\3d3d3e688ed64e61981a53ed0afb9f8202e4c4b1d41bb4fc4345df23db0b0085.exe
PID 1972 wrote to memory of 2072 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1972 wrote to memory of 2072 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1972 wrote to memory of 2072 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1972 wrote to memory of 2072 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1204 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\3d3d3e688ed64e61981a53ed0afb9f8202e4c4b1d41bb4fc4345df23db0b0085.exe C:\Users\Admin\AppData\Local\Temp\ybADBD.tmp
PID 1204 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\3d3d3e688ed64e61981a53ed0afb9f8202e4c4b1d41bb4fc4345df23db0b0085.exe C:\Users\Admin\AppData\Local\Temp\ybADBD.tmp
PID 1204 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\3d3d3e688ed64e61981a53ed0afb9f8202e4c4b1d41bb4fc4345df23db0b0085.exe C:\Users\Admin\AppData\Local\Temp\ybADBD.tmp
PID 1204 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\3d3d3e688ed64e61981a53ed0afb9f8202e4c4b1d41bb4fc4345df23db0b0085.exe C:\Users\Admin\AppData\Local\Temp\ybADBD.tmp
PID 1204 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\3d3d3e688ed64e61981a53ed0afb9f8202e4c4b1d41bb4fc4345df23db0b0085.exe C:\Users\Admin\AppData\Local\Temp\ybADBD.tmp
PID 1204 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\3d3d3e688ed64e61981a53ed0afb9f8202e4c4b1d41bb4fc4345df23db0b0085.exe C:\Users\Admin\AppData\Local\Temp\ybADBD.tmp
PID 1204 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\3d3d3e688ed64e61981a53ed0afb9f8202e4c4b1d41bb4fc4345df23db0b0085.exe C:\Users\Admin\AppData\Local\Temp\ybADBD.tmp
PID 2600 wrote to memory of 1772 N/A C:\Users\Admin\AppData\Local\Temp\ybADBD.tmp C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe
PID 2600 wrote to memory of 1772 N/A C:\Users\Admin\AppData\Local\Temp\ybADBD.tmp C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe
PID 2600 wrote to memory of 1772 N/A C:\Users\Admin\AppData\Local\Temp\ybADBD.tmp C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe
PID 2600 wrote to memory of 1772 N/A C:\Users\Admin\AppData\Local\Temp\ybADBD.tmp C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe
PID 2600 wrote to memory of 1772 N/A C:\Users\Admin\AppData\Local\Temp\ybADBD.tmp C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe
PID 2600 wrote to memory of 1772 N/A C:\Users\Admin\AppData\Local\Temp\ybADBD.tmp C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe
PID 2600 wrote to memory of 1772 N/A C:\Users\Admin\AppData\Local\Temp\ybADBD.tmp C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe
PID 1772 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe
PID 1772 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe
PID 1772 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe
PID 1772 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe
PID 1772 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe
PID 1772 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe
PID 1772 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe
PID 2644 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe
PID 2644 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe
PID 2644 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe
PID 2644 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe
PID 2644 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe
PID 2644 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe
PID 2644 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe
PID 2644 wrote to memory of 108 N/A C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe C:\Windows\TEMP\scoped_dir2644_1155505755\temp\service_update.exe
PID 2644 wrote to memory of 108 N/A C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe C:\Windows\TEMP\scoped_dir2644_1155505755\temp\service_update.exe
PID 2644 wrote to memory of 108 N/A C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe C:\Windows\TEMP\scoped_dir2644_1155505755\temp\service_update.exe
PID 2644 wrote to memory of 108 N/A C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe C:\Windows\TEMP\scoped_dir2644_1155505755\temp\service_update.exe
PID 2644 wrote to memory of 108 N/A C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe C:\Windows\TEMP\scoped_dir2644_1155505755\temp\service_update.exe
PID 2644 wrote to memory of 108 N/A C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe C:\Windows\TEMP\scoped_dir2644_1155505755\temp\service_update.exe
PID 2644 wrote to memory of 108 N/A C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe C:\Windows\TEMP\scoped_dir2644_1155505755\temp\service_update.exe
PID 108 wrote to memory of 2864 N/A C:\Windows\TEMP\scoped_dir2644_1155505755\temp\service_update.exe C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe
PID 108 wrote to memory of 2864 N/A C:\Windows\TEMP\scoped_dir2644_1155505755\temp\service_update.exe C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe
PID 108 wrote to memory of 2864 N/A C:\Windows\TEMP\scoped_dir2644_1155505755\temp\service_update.exe C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe
PID 108 wrote to memory of 2864 N/A C:\Windows\TEMP\scoped_dir2644_1155505755\temp\service_update.exe C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe
PID 108 wrote to memory of 2864 N/A C:\Windows\TEMP\scoped_dir2644_1155505755\temp\service_update.exe C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe
PID 108 wrote to memory of 2864 N/A C:\Windows\TEMP\scoped_dir2644_1155505755\temp\service_update.exe C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe
PID 108 wrote to memory of 2864 N/A C:\Windows\TEMP\scoped_dir2644_1155505755\temp\service_update.exe C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe
PID 2968 wrote to memory of 2524 N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe
PID 2968 wrote to memory of 2524 N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe
PID 2968 wrote to memory of 2524 N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe
PID 2968 wrote to memory of 2524 N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe
PID 2968 wrote to memory of 2524 N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe
PID 2968 wrote to memory of 2524 N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe
PID 2968 wrote to memory of 2524 N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe

Processes

C:\Users\Admin\AppData\Local\Temp\3d3d3e688ed64e61981a53ed0afb9f8202e4c4b1d41bb4fc4345df23db0b0085.exe

"C:\Users\Admin\AppData\Local\Temp\3d3d3e688ed64e61981a53ed0afb9f8202e4c4b1d41bb4fc4345df23db0b0085.exe"

C:\Users\Admin\AppData\Local\Temp\3d3d3e688ed64e61981a53ed0afb9f8202e4c4b1d41bb4fc4345df23db0b0085.exe

"C:\Users\Admin\AppData\Local\Temp\3d3d3e688ed64e61981a53ed0afb9f8202e4c4b1d41bb4fc4345df23db0b0085.exe" --parent-installer-process-id=1960 --run-as-admin --setup-cmd-line="fake_browser_arc --abt-config-resource-file=\"C:\Users\Admin\AppData\Local\Temp\abt_config_resource\" --abt-update-path=\"C:\Users\Admin\AppData\Local\Temp\02235e4c-c3fa-4943-9622-6e46fd0f767e.tmp\" --brand-name=int --browser-present=none --disableyapin --distr-info-file=\"C:\Users\Admin\AppData\Local\Temp\distrib_info\" --installer-brand-id=int --make-browser-default-after-import --ok-button-pressed-time=242991200 --progress-window=393648 --server-config-bundle-path=\"C:\Users\Admin\AppData\Local\Temp\fcab78e3-2c5d-409e-9421-740a97ea2fa2.tmp\" --testids=1114347 --variations-update-path=\"C:\Users\Admin\AppData\Local\Temp\16d7a743-d5b3-4fdb-9fef-25d42d8870e3.tmp\" --verbose-logging"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://yandex.com/legal/browser_agreement/?lang=en

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1972 CREDAT:275457 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\ybADBD.tmp

"C:\Users\Admin\AppData\Local\Temp\ybADBD.tmp" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\02235e4c-c3fa-4943-9622-6e46fd0f767e.tmp" --brand-name=int --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --browser-present=none --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --disableyapin --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=40 --install-start-time-no-uac=243116000 --installer-brand-id=int --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --make-browser-default-after-import --ok-button-pressed-time=242991200 --progress-window=393648 --server-config-bundle-path="C:\Users\Admin\AppData\Local\Temp\fcab78e3-2c5d-409e-9421-740a97ea2fa2.tmp" --source=lite --testids=1114347 --variations-update-path="C:\Users\Admin\AppData\Local\Temp\16d7a743-d5b3-4fdb-9fef-25d42d8870e3.tmp" --verbose-logging

C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe

"C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\BROWSER.PACKED.7Z" --searchband-file="C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\SEARCHBAND.EXE" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\02235e4c-c3fa-4943-9622-6e46fd0f767e.tmp" --brand-name=int --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --browser-present=none --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --disableyapin --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=40 --install-start-time-no-uac=243116000 --installer-brand-id=int --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --make-browser-default-after-import --ok-button-pressed-time=242991200 --progress-window=393648 --server-config-bundle-path="C:\Users\Admin\AppData\Local\Temp\fcab78e3-2c5d-409e-9421-740a97ea2fa2.tmp" --source=lite --testids=1114347 --variations-update-path="C:\Users\Admin\AppData\Local\Temp\16d7a743-d5b3-4fdb-9fef-25d42d8870e3.tmp" --verbose-logging

C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe

"C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\BROWSER.PACKED.7Z" --searchband-file="C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\SEARCHBAND.EXE" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\02235e4c-c3fa-4943-9622-6e46fd0f767e.tmp" --brand-name=int --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --browser-present=none --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --disableyapin --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=40 --install-start-time-no-uac=243116000 --installer-brand-id=int --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --make-browser-default-after-import --ok-button-pressed-time=242991200 --progress-window=393648 --server-config-bundle-path="C:\Users\Admin\AppData\Local\Temp\fcab78e3-2c5d-409e-9421-740a97ea2fa2.tmp" --source=lite --testids=1114347 --variations-update-path="C:\Users\Admin\AppData\Local\Temp\16d7a743-d5b3-4fdb-9fef-25d42d8870e3.tmp" --verbose-logging --verbose-logging --run-as-admin --target-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application" --child-setup-process --restart-as-admin-time=278996000

C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe

C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=45323b5b377897c846fc6c473cf984a9 --annotation=main_process_pid=2644 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=22.1.5.812 --initial-client-data=0x1a0,0x1a4,0x1a8,0x174,0x1ac,0xf9ed30,0xf9ed40,0xf9ed4c

C:\Windows\TEMP\scoped_dir2644_1155505755\temp\service_update.exe

"C:\Windows\TEMP\scoped_dir2644_1155505755\temp\service_update.exe" --setup

C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe" --install

C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe" --run-as-service

C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=45323b5b377897c846fc6c473cf984a9 --annotation=main_process_pid=2968 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=22.1.5.812 --initial-client-data=0x12c,0x130,0x134,0x100,0x138,0x313560,0x313570,0x31357c

C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe" --update-scheduler

C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe" --update-background-scheduler

C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe" --statistics=https://api.browser.yandex.ru/installstats/send/dtype=stred/pid=457/cid=72992/path=extended_stat/vars=-action=version_folder_files_check_unused,-brand_id=unknown,-error=FONT_NOT_FOUND,-files_mask=66977119,-installer_type=service_audit,-launched=false,-old_style=0,-old_ver=,-result=0,-stage=error,-target=version_folder_files_check,-ui=394FDD3F_55FB_4BF0_BA7C_F364364D1B05/*

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Temp\clids.xml"

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\source2644_1821607364\Browser-bin\clids_yandex.xml"

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=searchband --vendor-xml-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\source2644_1821607364\Browser-bin\clids_searchband.xml"

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --progress-window=393648 --ok-button-pressed-time=242991200 --install-start-time-no-uac=243116000

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id= --annotation=main_process_pid=2728 --annotation=metrics_client_id=921e320498ab482e9f083fc67bedefa1 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=22.1.5.812 --initial-client-data=0xe4,0xe8,0xec,0xb8,0xf0,0x70c22a08,0x70c22a18,0x70c22a24

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --field-trial-handle=1080,14130162386125411568,15255696731108542924,131072 --user-id=0A6DF112-3658-4C11-BA7A-A35894C3A742 --brand-id=int --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAANAAAAEAAAAAAAAAABAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1088 /prefetch:2

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1080,14130162386125411568,15255696731108542924,131072 --lang=en-US --service-sandbox-type=none --user-id=0A6DF112-3658-4C11-BA7A-A35894C3A742 --brand-id=int --process-name="Network Service" --brver=22.1.5.812 --mojo-platform-channel-handle=1344 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1080,14130162386125411568,15255696731108542924,131072 --lang=en-US --service-sandbox-type=utility --user-id=0A6DF112-3658-4C11-BA7A-A35894C3A742 --brand-id=int --process-name="Storage Service" --brver=22.1.5.812 --mojo-platform-channel-handle=1548 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1080,14130162386125411568,15255696731108542924,131072 --lang=en-US --service-sandbox-type=audio --user-id=0A6DF112-3658-4C11-BA7A-A35894C3A742 --brand-id=int --process-name="Audio Service" --brver=22.1.5.812 --mojo-platform-channel-handle=1960 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=0A6DF112-3658-4C11-BA7A-A35894C3A742 --brand-id=int --extension-process --help-url=https://api.browser.yandex.com/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://yastatic.net --display-capture-permissions-policy-allowed --enable-instaserp --field-trial-handle=1080,14130162386125411568,15255696731108542924,131072 --enable-ignition --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2212 /prefetch:1

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=0A6DF112-3658-4C11-BA7A-A35894C3A742 --brand-id=int --extension-process --help-url=https://api.browser.yandex.com/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://yastatic.net --display-capture-permissions-policy-allowed --enable-instaserp --field-trial-handle=1080,14130162386125411568,15255696731108542924,131072 --enable-ignition --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2336 /prefetch:1

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1080,14130162386125411568,15255696731108542924,131072 --lang=en-US --service-sandbox-type=service --user-id=0A6DF112-3658-4C11-BA7A-A35894C3A742 --brand-id=int --process-name="Data Decoder Service" --brver=22.1.5.812 --mojo-platform-channel-handle=2368 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=speechkit.mojom.Speechkit --field-trial-handle=1080,14130162386125411568,15255696731108542924,131072 --lang=en-US --service-sandbox-type=none --user-id=0A6DF112-3658-4C11-BA7A-A35894C3A742 --brand-id=int --process-name="Speechkit Service" --brver=22.1.5.812 --mojo-platform-channel-handle=2704 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --field-trial-handle=1080,14130162386125411568,15255696731108542924,131072 --lang=en-US --service-sandbox-type=none --user-id=0A6DF112-3658-4C11-BA7A-A35894C3A742 --brand-id=int --process-name="Profile Importer" --brver=22.1.5.812 --mojo-platform-channel-handle=2708 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --field-trial-handle=1080,14130162386125411568,15255696731108542924,131072 --user-id=0A6DF112-3658-4C11-BA7A-A35894C3A742 --brand-id=int --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAANAAAAEAAAAAAAAAABAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1048 /prefetch:2

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --field-trial-handle=1080,14130162386125411568,15255696731108542924,131072 --user-id=0A6DF112-3658-4C11-BA7A-A35894C3A742 --brand-id=int --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAANAAAAEAAAAAAAAAABAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1048 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.browser.yandex.net udp
US 8.8.8.8:53 download.cdn.yandex.net udp
US 8.8.8.8:53 api.browser.yandex.ru udp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 5.45.205.242:443 download.cdn.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
US 8.8.8.8:53 cachev2-ams02.cdn.yandex.net udp
NL 5.45.247.52:443 cachev2-ams02.cdn.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
US 8.8.8.8:53 cachev2-fra-02.cdn.yandex.net udp
US 8.8.8.8:53 yandex.com udp
US 8.8.8.8:53 yandex.com udp
RU 77.88.55.88:443 yandex.com tcp
RU 77.88.55.88:443 yandex.com tcp
DE 5.45.200.105:443 cachev2-fra-02.cdn.yandex.net tcp
RU 5.45.205.242:443 download.cdn.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
US 8.8.8.8:53 cachev2-rad-01.cdn.yandex.net udp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
US 8.8.8.8:53 yastatic.net udp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 5.45.205.242:443 download.cdn.yandex.net tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
FI 5.45.192.4:443 cachev2-rad-01.cdn.yandex.net tcp
US 8.8.8.8:53 cachev2-ams01.cdn.yandex.net udp
NL 5.45.247.51:443 cachev2-ams01.cdn.yandex.net tcp
US 8.8.8.8:53 mc.yandex.ru udp
RU 87.250.251.119:443 mc.yandex.ru tcp
RU 87.250.251.119:443 mc.yandex.ru tcp
US 8.8.8.8:53 samsara.s3.yandex.net udp
RU 93.158.134.158:443 samsara.s3.yandex.net tcp
RU 93.158.134.158:443 samsara.s3.yandex.net tcp
US 8.8.8.8:53 cachev2-kiv-03.cdn.yandex.net udp
FI 5.45.192.141:443 cachev2-kiv-03.cdn.yandex.net tcp
US 8.8.8.8:53 uxfeedback-cdn.s3.yandex.net udp
RU 93.158.134.158:443 uxfeedback-cdn.s3.yandex.net tcp
RU 93.158.134.158:443 uxfeedback-cdn.s3.yandex.net tcp
US 8.8.8.8:53 mc.yandex.com udp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 5.45.205.242:443 download.cdn.yandex.net tcp
FI 5.45.192.141:443 cachev2-kiv-03.cdn.yandex.net tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 crl.globalsign.com udp
US 8.8.8.8:53 cachev2-ams22.cdn.yandex.net udp
NL 5.45.247.27:443 cachev2-ams22.cdn.yandex.net tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 2.19.117.22:80 crl.microsoft.com tcp
RU 87.250.250.119:443 mc.yandex.com tcp
RU 87.250.250.119:443 mc.yandex.com tcp
US 151.101.66.133:80 crl.globalsign.com tcp
US 8.8.8.8:53 cachev2-ams15.cdn.yandex.net udp
NL 5.45.247.11:443 cachev2-ams15.cdn.yandex.net tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
US 8.8.8.8:53 cachev2-rad-05.cdn.yandex.net udp
FI 5.45.192.12:443 cachev2-rad-05.cdn.yandex.net tcp
US 8.8.8.8:53 cachev2-rad-04.cdn.yandex.net udp
FI 5.45.192.10:443 cachev2-rad-04.cdn.yandex.net tcp
US 8.8.8.8:53 cachev2-ams21.cdn.yandex.net udp
NL 5.45.247.25:443 cachev2-ams21.cdn.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
US 151.101.66.133:80 crl.globalsign.com tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
US 8.8.8.8:53 cachev2-rad-03.cdn.yandex.net udp
FI 5.45.192.8:443 cachev2-rad-03.cdn.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
US 8.8.8.8:53 cachev2-rad-02.cdn.yandex.net udp
FI 5.45.192.6:443 cachev2-rad-02.cdn.yandex.net tcp
US 8.8.8.8:53 cachev2-kiv-01.cdn.yandex.net udp
FI 5.45.192.133:443 cachev2-kiv-01.cdn.yandex.net tcp
US 8.8.8.8:53 cachev2-kiv-05.cdn.yandex.net udp
FI 5.45.192.144:443 cachev2-kiv-05.cdn.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
US 8.8.8.8:53 storage.ape.yandex.net udp
RU 87.250.251.66:443 storage.ape.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 87.250.251.66:443 storage.ape.yandex.net tcp
US 8.8.8.8:53 sba.yandex.net udp
RU 213.180.193.232:443 sba.yandex.net tcp
US 8.8.8.8:53 browser.yandex.com udp
US 8.8.8.8:53 browser.yandex.ru udp
RU 213.180.193.232:443 sba.yandex.net tcp
RU 93.158.134.121:443 browser.yandex.ru tcp
US 8.8.8.8:53 storage.ape.yandex.net udp
RU 93.158.134.121:443 browser.yandex.ru tcp
RU 93.158.134.121:443 browser.yandex.ru tcp
RU 87.250.251.66:443 storage.ape.yandex.net tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 e7cee302ff7ada20cc3838f749e94c8b
SHA1 fddfc2d6d14195291219dd3697cd94a317e53b27
SHA256 a1a6d9605f9369fe871a50db32ccdc13d885800ff4df6a4e1666836af7fd4637
SHA512 b6e16fd8706be015029b27fc6ab67476c5ee43db88d377efbd8098b185043408fb9078f6a65ac239d75643aca0a2e62bbc6f608b0d5c653c488c6a0ebf831fe7

C:\Users\Admin\AppData\Roaming\Yandex\ui

MD5 e80d439ca745c12a1e2acad8bb643943
SHA1 9f5ac5fca980a268fdb87f892d5fd0ccc5d04191
SHA256 4b2e822a7ae7aee8772e10b082cb8e2b0a4b154e0ebcecf1e6a7cbe49dccc493
SHA512 99ff07823f04cff3c6da3ba945b57f06c9676783671d8d5597d119ac7651f955c858b39db46827e084c293646c747abf407aab08178bdd96fc8fe3d914301733

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 e20b812a1899c7d7a8b539e3c3bda35b
SHA1 04a711f08fba756ebf782e0e92fd919ed1c6d06c
SHA256 498dd2251958239fb5d0c5fae4844d8aa950c867ab9ff49ecb9d772fdd1013be
SHA512 40eca615b7d8cbe6829f6ae5b31020f4cba4a8d94020d6591116101bfb842422f60327ab7a58bde6e5cb15b0af7ce04afa4a653ab41889f47989c32749f50ec3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\66F835E41EC6A985EB9271E4A70169D7_CF44E3C99F7F4AC558EEB35244F7E046

MD5 0d12c001753e2c502e8a62f123cefe93
SHA1 46d5278042ed4e98c67dc0214e6bc18f300c76d8
SHA256 573d6707a37a8127fe9276c6eedf635407ff8811a83ec92d49d12ba4eb8ca695
SHA512 b003587142ddf85bbac612914fd04deda949922c2b7eb5f3b3200f399207d5550a588eec242a617ac2ef37abb288fc30f012bbd21b4a8237a901c87abb6264c7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\66F835E41EC6A985EB9271E4A70169D7_CF44E3C99F7F4AC558EEB35244F7E046

MD5 2dc65f3f5aee5e8f20438e27eb02bed6
SHA1 1a297cd1319de9c740fc28e62eb0058631e81d59
SHA256 5a13e91d6d814269f7620742bc74c9f3047eda91553a2db1088ef37830eb1a8b
SHA512 c8cc5b2133c0b3270dad0b664e4bfe5e722e5698affd97381b181de3664a630c23d3cb9d9cbd9aeaa0dffa470d547eff7678da1ffbc10bd5b863f3704d9a5cf0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_7DAD5545724AA2C98C55095F428499FB

MD5 48cdfef8a8205110f4cef029eba54f35
SHA1 6936407ff471ee83b1515ffa0058a5f0bbbc48d3
SHA256 ba995644294f9d053eef3b882d8948e33a33e7a1289901f9edb1ffaec4ba20ce
SHA512 f6529a3bb89d323e3fe310b6c1f48cf764217bae6edae2916fd42c89887104713b4fa2e58f36345ca7e761df7f599666d63b029c9ca4babc31352eb4eb16a745

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_7DAD5545724AA2C98C55095F428499FB

MD5 86664d1a4462fa42f1de0fb9bb441d5b
SHA1 d0e19c04cc91345b19063a35d288d80ab6e208e1
SHA256 999d7bc382a5363315e723d0822c42f350c18b66447ba7f6bf1bb97ec07e4ec9
SHA512 d4af96071ff7d371488f7d277d682e0c41a99024b6875b72c543db5d1036608e23bc0dd4f5eee0a536c4ee1dfcb6e6ac62ec8a92552cc6395e9e9527f33c3571

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 52b97928a8440e6d9273464c47126c7e
SHA1 51c6b6b9a44532f36c267bf405eee37da1c2c932
SHA256 ca8dc9807379cc91b4882af86ba34401c32b4b796cacc96c547ea6a3795eada1
SHA512 62b288932bb697037abf538bf6955355dfc7950be547d0dd5dbb4b635cb0705166034334262fcf91a4729ec150bc8535d49d683c3952b4a9cd251f719bba4adf

C:\Users\Admin\AppData\Local\Temp\CabE6F5.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\PFH3AC30.txt

MD5 ae4ad0760df7cd604c381186ce1eb0a4
SHA1 5c5875de8ef0875d44b4f8005cea2c185e7666bd
SHA256 f5bdf187b1dface5cbb97c23c2edb8393dd5b68d90d845d1b99fce3a6936be60
SHA512 0077d16635863d78fb2ef995f3c4480c9b0f05e6de1c49373202ccae8fa41eb47fabe54ce79fd003b6594e7c1881e4fdc13bd9ede54c212d252ba62e11cde3af

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3

MD5 7602fa59f50f67e13125a90ba8005df3
SHA1 c9b8e98c869a7bc9f5e370a8af9bc303b08674d4
SHA256 bec7b6b4260b69db3a5e1d9adf8c8ec6090e6abc0a6964af2ef1279bb9fbc1a4
SHA512 0f61865a6b511237de9cda03d88606eccfdcbf1f9909dc5ed1f0e6cc88fd6f447cae0b756987d443997e50d1f1b2b8f2a22bbed6080daf4a96ee177145193897

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3

MD5 ddb6edc890083213be8cd064f4b88840
SHA1 6cdc6d38c409d422e13482522904647e6a32d989
SHA256 26593df0323c8ce69af6fc69459c1c65a403c47037b5181a1bba582058a827f0
SHA512 c60781da4aff76f7fa5fd1341122fc1eccc35503dde483824b142f5b73721372f0a4b7f1ce500dfe08534fc4c456bb8980049c997aeb0b4a95a8e9d128f4b38b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B

MD5 4541f0b76d1f3b65c14af4b5d58a45cd
SHA1 04cd915863a51b591b916c58bb004f67be354af0
SHA256 0f5c990354b074e4320362bbdf1655362be2ef25928459b1baac618bf2abc5f7
SHA512 fdb7cfb019d77067b349dc7481d42eed193b7c552ede6448088e087e7f7a1b499e027158962d50bbd4a0a7997e1847b82f26f679f4587edcc2b6239560bef059

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B

MD5 f531867ffb3d6ae4159d5dd22adf5368
SHA1 56ec97e945fe302335700fd80da4dc5e88721f95
SHA256 4aed82e23de32be67ed795692978c2f6f31f59a4989fe03fdef9dc6640559f2a
SHA512 55e34c4c1bb0d4d653767991ae4f708429bec12c59cbc1de2cd829720d3a5a374347b1b55df13d625b6ad97ec4f1c034ac2c847f408d4f97d3958d5bf3d426a6

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\P3Q2O8F5\yandex[1].xml

MD5 1d6b7088febc5a5842b287147b65a50e
SHA1 92fcc990b64e20885f3657f875daef92c50de675
SHA256 36777cc06c20addb65f52d815e5c669d7bc3a8a07406f58df874e77489ebc989
SHA512 fc3af98aa5c6d0da2c20fc475f55847d170ae4b05eb237688621dcce0d6cc5bbbc4811b2328f48b56e20fc2a149f239dab82d7d1c3ffe31fd021669a53fe8b3a

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\XIMLC16F.txt

MD5 f78877bfc9834a4f47d71e7f8bdab1a3
SHA1 7c284ff66747c7043ae4b5603e17c943babb0983
SHA256 518321f0f9fdb68a83bae3925dd737b7c05734ba7e7622966e98737db742c5ec
SHA512 e6d251e5ee04bcc22f05978a6396b749d05c492f7d6d6ff4a97f2fe4aa18ce6a0f8ff965c68e028d465b0c9e8ceb292b6dd91bb1aded78b38465d98ad28a1b1f

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D6V88JEY\favicon[1].ico

MD5 5bd286ded38badeda66e9c395b814405
SHA1 49e2213a60c70825b9552505cb8b7334a3a29a40
SHA256 bdd8486f2d838c7d9b0e2dcfe732a52c92f63879525206c2662905a051dd31ea
SHA512 96bfc9211f0f1c1c375e49ebcfec9e85280bba64352a4936b95e15d5128e77e9b4d5ba60cbdd76f8e39ce7bf537e8c77fef218e0b24856f28fc34671fcbecd0f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\njqq61f\imagestore.dat

MD5 9c3fe9818a6172a78ba6baba482d18a3
SHA1 8459c315db35c50b23dda39e733e93b4cd368285
SHA256 c6fff1a58b025a03a2100eb6b846432a7b7cdb4b20a54d7016139b9c365468ef
SHA512 cf6ddab0d43bfcc9786bfb2ee9cde34b81fe9e96e10022a76c6e4043123dbf70f802451119cae35f362c39dd0397ddbcbba7865aa921a12bc89ddb3f15019521

C:\Users\Admin\AppData\Local\Temp\Tar3094.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5c77e057a53b7aa4586c823c15ec7064
SHA1 3360653678197f1c28e7f9e0f7764ff83fb1c77a
SHA256 41fdbceda3cdaf4bfc118e703237836fc5fc916651c165a6249d86d337b90a39
SHA512 5f71c28d004d71b8fad15b2d8d2813953a94dd54556df78a73efef6f038776ae91fbfc5680afdc9b4433cc2ad17cbaab062842b3d499aab39be214d9b7024e56

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b9de6c9c32f05a341f2a043be4dc0c19
SHA1 f4fe3d84e9d366046d31feb216e2e09535c49a70
SHA256 2bede449426300a8cdfe632a0438c3382d4b6c7af873c7d14442acf1d46daf55
SHA512 7f5a26d23c87273dce0be3ba98719579be801d1c6c16a61ed3ec919b60880d9dd6c9e040574d732a6f9cbe8a8a265d0367f5cb9adf55450c25bb4692249357bc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 6ee4299c2a75909c2353ef30adc5727c
SHA1 755c714f284cd501d80d9fe1ed4d9fdc33cdd7f3
SHA256 a81947d518730b3f863aabc8c284ec9c5e02b00a3684e19f38fa14674fa431a9
SHA512 26bc9dfc8183d8b8c97c5e23c350fb3d0579c1ef19ff03ed24bee47c713b8eacee7087ca50e37a44a9163868166711f3c8babea337d18977ecc09a14a3bfd811

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 58c46db128ee1bcb239fd7f7b00306bf
SHA1 58ec22579f265c4e0d4baacb07bf636d54c9112d
SHA256 e3bf16ac6505c819c0478abd6a0398e6eb27fb9a888cde5564721ce622a1f0f4
SHA512 accb5e4d146847220dc020ada90c504c7bd4371d798787937e4955efef6c87ea4e4581bd11477c39e45b44dd3950e5e417328c886f11e82451aa5112da31590f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9b0673df48b1e5e89181506fa54c9748
SHA1 e0a28c2c94ea83d56113fb77448b366fe8dfe30e
SHA256 5cc1431f682785ed251b98315d6f4c900cd252bc402870335a524fcd9d28edfd
SHA512 1ced6775725104462f5293ea323818f273f386df00d2f3c7c3d1dcc1eeba0b40a37c18cb3f0193f99239e7bd4b81a16623eb8aa0cfa95ae85313cdb2fbef6017

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bf53652864bdbe8f4f3580b5022a5231
SHA1 53afd4bf1ccc72e7325763e260782e99b6524fd6
SHA256 f1283719f90250b42040af5774cae4b33e263226eaa1381b50683b13f19dc1ac
SHA512 dd5c9c1b6048e47cdfecd495f87f8afcc602747f7fd60bac4de9cdf6c7f5f75b8eb79b08d3d079c3a43f24c11c5086256ea8a8065ac20d3dfefee5573424303e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7255ba60d81394aab10163180467c54e
SHA1 1e98e64fd3a747eb01bb0815f4d119745d71af17
SHA256 2b04d4a1bb232a7ee2189b2317f0d1d77ac36a9e4cad46273ec6b8c507940e68
SHA512 9755fc205ee66136d2c5f51db3e9fe9a72ce92e96fd5ea4d7c62270978816f55f4780d227a64cc8ba92fe21b0d9c2f9986ecfcd63af9b21ac9814a8b46692134

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cbc27417badf6d74fd89dcfe9844c36d
SHA1 90daa12b0139b1abdbdaa12ee1b9a350b2a7e956
SHA256 9e543a61e013c2e1a37af50677217bdc512fa2107cc89e655bd34fb4343a8a67
SHA512 9db05146908bcd950974a132c2794f0f9c827898693886c493ee8b0ed828afa91252cc5b9a74a4ddd877f72adf4db7f6a8f3e1efe8a4705fbcfe8bf5639bb7f4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 db1284035038533138d1e515ee3598e0
SHA1 a0da14de32509f9dedcdfd13e44801ca1b7b50c8
SHA256 c46e97aa6c4bb219a11c949bbade622f6e79a2c7cff318615256a7e85217a457
SHA512 faab32778b3ea3c607d153079603828e938888b930460925a70899e089fde55a0c7e3242adc285d3fce7cd5fc9d63ca154f186f713b92610fe8e3fb4f126ec4f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 79019807f5e93a5460b90c9d70693a30
SHA1 c4f085c0d9fb199f14bea2196a555f0bce7a4a63
SHA256 d0ec69e3beeb75e585af537f6471e6df42d3a58e936ac46fead51b4efd5546db
SHA512 f73a73f58e74a96c4a77e49f93def1c52841017ea17cc19e560f109f7ac2b38b3150b374316910a209e18c51d350f746cba1d5d97acdf198774c46eff350a654

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 5ca69679a9c67d2f75004931737994dd
SHA1 6b9778587611d2716cefeb1f91c33ca7dd254390
SHA256 bb9a7f06385d29c0fc5f681263a6a0abd558b5c73c44b25050588d87bc4d34a8
SHA512 c0af51c85ecdfcfa8eac6818f2065f72da3b0fee49bb37d072959cca080328bd8ff9b4da12ae160f2df9092b490fe59408ea74be29965e9dfe4cc68d73f2c134

C:\Users\Admin\AppData\Local\Temp\website.ico

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\setup.exe

MD5 5fdeff4b89456b836f351443aa9b3d5b
SHA1 7112f415950c45877265f98aa8388e8093d4abcd
SHA256 7dab48f2004dd9481294d59caccd8573a6e28c1c42b6d7a354dcd3e79f9c7f2a
SHA512 35962b165c4604d3262bdc564e03d791df6175bc4825ab60237c17b7b9f67a4db190ba3f410829c4112a67b6fedf7049e5c5ad3c6f6d41f01a0d3b5c2a0e8346

C:\Users\Admin\AppData\Local\Temp\master_preferences

MD5 9f6befc3ce6dc3ef930cd461f795fd2b
SHA1 445f0f2b0330b16ca3073c18bd0e550b9c1ae657
SHA256 f960a911e0a99d4dfe5e33f734e4b7f5bd1f397cd546dd0f4baa5583453c24b5
SHA512 a47ab3d92918a3348ce69077ecf276368b238a6a8832ac1d05d36e197657dfb7136df97ea4ab26ba4234ba784bdad89c4893ba0b353bbb452cff46f276114fc6

C:\Users\Admin\AppData\Local\Temp\yandex_browser_installer.log

MD5 97f4a41ce3877498a988d62c0ec54362
SHA1 38a7ec10658b196382b9439abb4aeea4a5585ccc
SHA256 1c7905b587d24d3e8278edc39368e216c058de475c3d090af736a06941faaec2
SHA512 9f72b8f2961adff610225b3ddeede37d982102ce7ccd19c65737d3acb03ff15ee15a8484611f5ac3b0ee99960edfe7d4d817c9410c53b7efc9353cad40569bd8

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 15350b3e5993865f22f73e7df2688f08
SHA1 39b9f6c18aadae15af0ddc84e95d11dfd14270bf
SHA256 5318971822ad5faeda4c9d96737103cd1f35e203f12a7b52f8acf8711c61cedc
SHA512 08e1694562414cae938bc3add18d1820053cca338f7d1b952cf139e0cfd010ce0184014111fa85a993584e77dceca8b702fb17425ae71dd9286d833bd4a4ec07

C:\Users\Admin\AppData\Local\Temp\distrib_info

MD5 fa34b8c7225e37c987aa34de0233e8dd
SHA1 5bd86f68e934f28c9707e4ac5d5b6e4ab09d085e
SHA256 7b12ba0879473e6672dd326378d54c149ec6486c3dffaa08ef1b70a43c65f399
SHA512 5b5a6111ee6a9010ce0d13575313236b7757c2bcec9cea7d73da3d662a6c25711ca5b009f5c59113e42572f7a72a0b9b9496682e13176c33efebae87d00ea92b

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad\settings.dat

MD5 e0e26e92343c6b374fec9b0c0ad2736a
SHA1 0fd16ff6d5d58881e61d16e8639bf6c8602100d7
SHA256 bd431b710aefdb705493c86a431a27d5f6c5acdcc58372dde405739a34e99c3d
SHA512 8da1094cda142a8d5b8573176ff7d94465f866af83632663b3fb02ff93e0abeabd6c6b3eea8fe8e74e02fc5499333746c9bef4cbe463acea91d3f4f11ab84f3d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\349D186F1CB5682FA0194D4F3754EF36_329286CE101A90C7D927A9DF52224760

MD5 85d1ce98afce800d3f6e39a54da62616
SHA1 70ddbd9a5460157f7432d861c9c4f243c7a2b919
SHA256 47bdb01a44c086399051456f5583aeccfc2463f2386cd904f17a77a6ff1527ea
SHA512 184d14559b00b2aeb522fe4aea4c6057ff5be88144acb089376a168beb7e23bf5c4ef5607d23be0c49890758f2beeb5eb8b8e84becc5b9835aa1a77950f6044d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\349D186F1CB5682FA0194D4F3754EF36_329286CE101A90C7D927A9DF52224760

MD5 bb4e48ca938918f20b4a4467b4e0e6bf
SHA1 41d13d3d3897481163eac786922fcd702ef27ea6
SHA256 068dabd4969eba501612e943e81ed02aa1e16010644e82450fef30282618ecdf
SHA512 fe1d21d29fa054468256ab0871c5947db66493da3417a728fa06c6b9ec1cdd0e4d2bc8dd4f631a60a01fc2df2bfffa3a22eacf2a9b48caf4fe951c6ed23836ad

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bb9d44458b32733d6de660072a62da6c
SHA1 3ddf57e13b3e8aea77e29c8b6608de5f9ac02f5e
SHA256 525bb25fe3afb74fbf4a4afe87ee622b7e064c022433d16d49af2cda34971660
SHA512 1a6368f8765a297bb28531c203f0ef811e5adfb22f9e0e676069fd9383e2fa33b544f6be6aa20922214f029009e258048c91cc101278938c90f3e2ea3dbaf621

C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\BRAND_COMMON

MD5 8fb3d5252fd262cf808f6f0359998b0a
SHA1 cdb8072dfe898c72c15c2c381349ccf7f2d4d440
SHA256 7ad5104dd8c35ebbc06c56fc6a2cc3f8cf7391ab2e97c8c9d9b3de1d8ab4a5c9
SHA512 57f1b72e210aaa880cdcd04eb1cdadf13dfe373c50a0d98346e64ad93521da43a5b71b068fa3ccadddb03a6e97084b7d25cbb94fcf9c3dea1904bde0c2396bf1

C:\Users\Admin\AppData\Local\Temp\YB_4DA37.tmp\brand_int

MD5 3e499ac6cab5c37d47c0ce7079be9408
SHA1 bc28c35a5feff7ed7061f36addf1b9bb439bf0b3
SHA256 7c69e77970d70ab50c45e70a20b67e4d3c03123b384e723cf2cd515062d22613
SHA512 16e08366a863f3730b880df0f4f34789638a67cfe26e295a8f834594f2ff67bcbdba0cb65b8a316009cd0408c9742c17f13d6a5257e3a7bd5245e5b5549d9fee

\Windows\Temp\scoped_dir2644_1155505755\temp\service_update.exe

MD5 ecc2447cad674a68a24f76772cb51dbe
SHA1 6928b8b96cb7a1fa8dc8a8bacef8ab6163a15af9
SHA256 2d6ea9290d3676dbeb61bfd94aced56025cc2e357626ef58854b8be4ae4abce9
SHA512 3edc14b1efe6fa1b36c77e3e70faeeec7eec58e2f4ba9c6ff0c4ec772d3ebcee26ac1d0be76502416be82638a5ba78b81eec552ffad9be5d1d3ad8a90743fbee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B0B1E3C3B1330A269DBEE4BA6313E7B4

MD5 2ffbdb98df2a2b022a48adeb94a3af50
SHA1 6c86923b5c5832bb102f041cb7d38db397074f12
SHA256 dd12c5733bc4b682e1da6353c8c27650f53d11a8ada8fd8a2d06f23cecae5ebd
SHA512 a5f29661ac78ea205dd945fcc53e015152277426af4bcce688231ca1a564dc49144b2953409651737733fec72e9042468c780917543c007d7de74ed44058dbfb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B0B1E3C3B1330A269DBEE4BA6313E7B4

MD5 112c4a35d7b805b4a3e9ca17250bbd62
SHA1 531fee9da4227b6a944a9eb23fcfe8aff7a1ce87
SHA256 e3b2914fe89c14cc2609782cf13fd1eb9b2b4741d56f51c4b169101e5a5e1996
SHA512 139bdbbe189638880e74b081f235e1052c07d14772174764431a9d9aa3f82a871c51b1b7f655f0cd16b4edf5186cad96c70d22bf0f941e0109c0e7c16718936f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DDA81A73291E20E6ACF6CACA76D5C942_2A2080AC7EEFAA81BA7361978F5743B9

MD5 5bfa51f3a417b98e7443eca90fc94703
SHA1 8c015d80b8a23f780bdd215dc842b0f5551f63bd
SHA256 bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128
SHA512 4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DDA81A73291E20E6ACF6CACA76D5C942_2A2080AC7EEFAA81BA7361978F5743B9

MD5 d4724ee063f97e2fddb2440cc5f8be47
SHA1 fc55710b72c18444b6affaefe3fb2322b86c416c
SHA256 cabaab52b285feea9b3542bfc1a23456fa24ab842ab39a52644de9e8437e7ee1
SHA512 7e65cc6b4dbec1cddff6f08b48de6888f40b0e1eca4a938acfcb96d7b7209c01c4c69e24725b9e8eb5dbf3751dfec509781c044c08f545cec8678dff563b0f02

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_A026C9CD7BA14377D055F4A2325D4501

MD5 8ed4f641eacc88b8dd2dfce65c394db0
SHA1 6f0d6212d165cf9b74d896517f67779f58266bc6
SHA256 f0ef2e64dffdd1cc867f0e6f046e31a26a7ef1625cad3a44a74a3cd0be3972cd
SHA512 9e833b8c925b352232220bf3c74da791bd148749b4914fd2fe6e571f845475b41c067da0388d9446389339f6c503b973f63600096b8976c9f586004f4b8bee86

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_A026C9CD7BA14377D055F4A2325D4501

MD5 53629cc451dab8ab7754d2bcae808acb
SHA1 65ce963e2effa4800fd1395206877eb90ce273d4
SHA256 525198e6595d02bbd94a8f2ae659409199914c8727356c453dddaa4052c816e3
SHA512 7370c2c070d887382859817200d7485f9a08d1d48c4bb8b656c7fdd362a568d1c82d5530f7ecbd4906447188b6d3f9c050a4f34505d140afa46710e3275dc15f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FC68FB72D4FBC7E0F151BC2282D75E47_367FA2447481C3DB640CE44BE2E5A181

MD5 e4544c2aa88cd010ce7d940e0ece33fa
SHA1 3018ae9e88cbd748b0e4a3707f0463661bfebe2c
SHA256 ce385568b2d8d00353d528a1e4a4d7df827c46595aa16329aa2cc52b657c025a
SHA512 89ff99d224c17cdec0bd27471508ae7704c25593f6e3b7d50922c58bdaa287614f1ded2c6923fa20d498e820e03d3b69027d2a6972ac750129735a574c432257

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FC68FB72D4FBC7E0F151BC2282D75E47_367FA2447481C3DB640CE44BE2E5A181

MD5 cfaea7d5d197d57ab91efaf9340d3b51
SHA1 600bde89a6660e486abd314794177a536a415bae
SHA256 557b38349dedd5f5c7ac063c78886baee13f3b768c5dce1bd846696f985b6f5e
SHA512 6320f4670a12f8e2927bc69abfb68d24ed7dae985e6105a9ed466e3cb6a1ecab56e0f1ec679e21deafce2fa3efc8c440f6e825dd432f06eae7bf8d27605a997f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\42B9A473B4DAF01285A36B4D3C7B1662_38924EDF39D8802D6946FB22E5DD0835

MD5 e9dafc45a166cc3e772a7a9772f00e97
SHA1 3be2e17560c6a0159edff4ca31baecfe96cc3ffa
SHA256 808cb87a9d5eb84b23410df1db782b40e67266fdc82d5efdddec03334553aae3
SHA512 09355bd732636f9bb7bc239b0b64a4c911490ed30032666ced06a35cd40d5491dfa25044026107105d9e92c2bc73bb751b955b1f5d662be7317c4d18487c71ee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\42B9A473B4DAF01285A36B4D3C7B1662_38924EDF39D8802D6946FB22E5DD0835

MD5 53b656416d928dd7cbc3e2202e66700c
SHA1 00eaa46f62e3ca2784d67a117a76ca18fd993fa1
SHA256 e0267ca83016809eb2b62684cd074f25ed6e2df1715e5a2175280fd4529a561f
SHA512 38c4cd8565daf61f930ccd0ffa67352a8a971ed44140e5fd23da00c0a9f206e298d393dc15dac3c47b254b932dacc9829719a39ef1081ea908f8ddc74c4c3752

C:\ProgramData\Yandex\YandexBrowser\service_update.log

MD5 30cf3b1641dcd377b9b932d65e64a7f3
SHA1 12f424760d97b4f2d72c0a510697c170ab9efb96
SHA256 babadf80b44376a2e9a18b181af29e7d6472cedff292d8907e818586ee790ab8
SHA512 e9fbcc4265118f634abd8267bb206d5c6d38bf432c44c1a85a8191dd65a2823602d9a817081de694fafc7f75876f108a9640bcfbb378cd035a5b4404a443b0fc

C:\ProgramData\Yandex\YandexBrowser\service_update.log

MD5 d34b18a9318c24eea10b486f7dd2a0a1
SHA1 3c44fe32af5352ed5038b5db765c573cc7eb461f
SHA256 1293a723c2f75181d3bf964f5f1e681a349f3514e13b6c0fa2d995b5eb55b018
SHA512 0fefa6d1b811e6694ba870a8738a19e5ae7c30f85cbf1394202090bed8ca36cce7dfebdc8a95326be120b9d2ab197148bc01cbe89e56268dcd889c3cc17d7917

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\brand_config

MD5 f88326bf75f9377d75dc3b34df88b59d
SHA1 f4eec740fe217e0743dc8b4f478d881550f8e12b
SHA256 778033d4ad9e66340c0bd06770e6d673d76d83d1cc3e9abe52d98ad4276585cf
SHA512 9aeb77c703d3d2e1bf4575c94585109d62c7d51fa07b3192af23b861069b65c28baff67c096b94b1620dfb80777e42cfdf9cae891a7d664fbe895abd7ece4791

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\tablo_ES_

MD5 a2ab187fa748a38db8b6736269f64972
SHA1 5e2e542d1e3fc32b3677b0aab5efa32a245d0311
SHA256 dc67a1ba4e945e0c8188112ce3ecb9c32d39d77d992ce801a2ac9f500191a4be
SHA512 5f295f3f7e61b6f206f70d776faeb78df337d3e2ef79212cd4af163eef31b7479b438749dc594374f5956048239513992c3763b6f3f5ac68bed5412a2f877797

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\tablo_PT_

MD5 cbfc45587ec6c290e2d7382fb125bb06
SHA1 5b02fcc706a9f3a35a5d74927bbfa717ad6836d0
SHA256 320a0b330e0a40d1a5c74221bd3e4b1efdd9a1c353cb07a73d88399c2a991208
SHA512 fb22df834a02a9df01bb479cf28437641455c113d84166672a15a76bcb977bf5deb230cbb21c99730ac883545e7f457cdab048c278cc2802b11568d4fdfaa1a3

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\sea_static.jpg

MD5 5e1d673daa7286af82eb4946047fe465
SHA1 02370e69f2a43562f367aa543e23c2750df3f001
SHA256 1605169330d8052d726500a2605da63b30613ac743a7fbfb04e503a4056c4e8a
SHA512 03f4abc1eb45a66ff3dcbb5618307867a85f7c5d941444c2c1e83163752d4863c5fc06a92831b88c66435e689cdfccdc226472be3fdef6d9cb921871156a0828

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\sea_preview.jpg

MD5 53ba159f3391558f90f88816c34eacc3
SHA1 0669f66168a43f35c2c6a686ce1415508318574d
SHA256 f60c331f1336b891a44aeff7cc3429c5c6014007028ad81cca53441c5c6b293e
SHA512 94c82f78df95061bcfa5a3c7b6b7bf0b9fb90e33ea3e034f4620836309fb915186da929b0c38aa3d835e60ea632fafd683623f44c41e72a879baf19de9561179

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\configs\all_zip

MD5 c9ac75ad5c047a40d4553130b013d891
SHA1 e6239762e63030317343a25368ba1c79a6c16bdf
SHA256 afd8d61655f0411c32e70823f917c10230f2cf4688d6334e72989ab99f72d1b6
SHA512 16a7f6396d9b5a099b6e5b032652d54a87120d87c584cf57d63d203ad1ec85f5199ae85a1589a4f193b456205e3d8b64c320093f3aee3d495b4fe424f0fa5f40

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

MD5 25b5d707792b12afcb8513be382ea6cb
SHA1 edd9c3959cfc870b3df4b4e0e9e7164d1699c430
SHA256 b91574003d8d139ee29c494308f654bf9718f66966c549980d6770955c6a2b1d
SHA512 236fb96e80e3d6f54e204fa75d5772b2892e9d355f0aaddcbffa543dff80ba01d76ea7907ad496ec7754daca7420e4623b68edc8f08d5ceac6ddbc01a7de4c93

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex.lnk

MD5 a2c6e0e537408abdf3f32b4bcdb9ea4a
SHA1 1f213fa594f12fbd97b2459c63d50c7c94fb1515
SHA256 ab41b3de27b1e75049fc5ee1b3c5311e7a07e7c62f213744c629b78b5d076283
SHA512 620f558c7eaddf2a957bd41627719e9c8c02bd0e382df071eb1385fbed1b0e82b3b77cb2bb538a539ad662a4900e1bcd3616c35ebe7fcb2f9176ac1ce9e3d41e

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe

MD5 86b97526f262ecf87ed7ecd6c7eb4218
SHA1 d009c56e5fdadb73975c253a14616098dc8d243d
SHA256 33919f6b6975431c22a06c41c32e5f7092860958c68e453eaff9781bb6ab274a
SHA512 dcfa8730ff4da19ecdf72507f36fac86f47c6133a13499605de9a70e8533da1984ff7f5800dc9a597c27b4649f237203f5400e344e22d3b3eb98e2d63f34f20f

memory/2644-1611-0x0000000000B90000-0x0000000000B92000-memory.dmp

memory/2748-1724-0x00000000001C0000-0x00000000001C1000-memory.dmp

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\4d47369f-e003-4417-af36-4fc7104ba9d7.tmp

MD5 f4d4e7ef96ffcabafb5e42bedd712868
SHA1 cb96eb14520cd5da7428bec970dcb635428eef5a
SHA256 c9b06b8524ac6e225543512a56ddbcb3ef2ef5b65dadd5f4b76462b1ddba8915
SHA512 c67410d25b4da96ac8f7b9d036f6db390416eeb53a6be55cda6db3acb4c84a78ec1ec618a8cca5d0c22edec2383471f5e872cba8f95b352fc2f769ed3c625919

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Wallpapers\store\picture-13375544848886800

MD5 c51eed480a92977f001a459aa554595a
SHA1 0862f95662cff73b8b57738dfaca7c61de579125
SHA256 713c9e03aac760a11e51b833d7e1c9013759990b9b458363a856fd29ea108eec
SHA512 6f896c5f7f05524d05f90dc45914478a2f7509ea79114f240396791f658e2f7070e783fab6ac284327361dc2a48c5918b9f1c969b90795ceacce2c5c5bfa56ca

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Wallpapers\store\preview-13375544848886800

MD5 1edab3f1f952372eb1e3b8b1ea5fd0cf
SHA1 aeb7edc3503585512c9843481362dca079ac7e4a
SHA256 649c55ccc096cc37dfe534f992b1c7bda68da589258611924d3f6172d0680212
SHA512 ecd9609fbf821239ddcbdc18ef69dade6e32efd10c383d79e0db39389fa890a5c2c6db430a01b49a44d5fa185f8197dbbde2e1e946f12a1f97a8c118634c0c34

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Wallpapers\store\video-13375544848886800

MD5 b78f2fd03c421aa82b630e86e4619321
SHA1 0d07bfbaa80b9555e6eaa9f301395c5db99dde25
SHA256 05e7170852a344e2f3288fc3b74c84012c3d51fb7ad7d25a15e71b2b574bfd56
SHA512 404fb2b76e5b549cbcba0a8cf744b750068cbd8d0f9f6959c4f883b35bcaa92d46b0df454719ca1cef22f5924d1243ba2a677b2f86a239d20bfad5365dc08650

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Extension Scripts\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Local Storage\leveldb\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\5af58657-583b-45b5-9eb4-455fb37c3042.tmp

MD5 4d4b657a4d0b9703e41b3e14991c5f6f
SHA1 65858616de1ec60bba42d2afc307cec3d6da232c
SHA256 a0b1ad95ddf3645510625d1f6da088b1d78ad2fd3d19aa1550dcac7e8e4ccf1e
SHA512 10b753ca1898a8c5ca162feb1f58e9c90d17a2cca47b6a70c555d7e7a1188e331e339a2177f83e8211e742a0a2e680b0d86e0f2ee2fb17c8914fb1d6c6b3cd92

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

MD5 67f7905838a6422a11dbecbb8dcf0c42
SHA1 a2ab5522d9001ceaf1e9f3ff383b7bdd79e73cdf
SHA256 7d17504b45aa340c5d2ff4110bf388a095f85f194239eb6f57a1afc0681a04a9
SHA512 ca979fd4c3c78384b11c83cf38099f5fb178dd722aa50c3c3d3b220bd9cbe0f1fe109722d4ef3658b01e194516d60d7aad2d0c810fa8f0b6bf1537ed0ef71f91

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\eb4da5d5-1590-4bf0-85ba-56df1850453e.tmp

MD5 18b9170bb491be7705d0910c5bdec93a
SHA1 43c8f0d696b9d1985f2a97becf53b99ac63884e3
SHA256 afbd84613be01f55653bea78d78b454aec6acf92f00b62c52d9a65f74863a7cf
SHA512 f243910000250e5040e635b1ee4b58ec509c0a3db8c662a3f5c8801b1f62f0d0a0e7655869b8af1f4679a49c5b57f003ef165fde40e01493e5525449785d0601

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\ad5cd252-9a1e-4519-acd5-84b1dcf17086.tmp

MD5 bcac166086eb527e073b21a361f386ad
SHA1 e19f6666b929d8c9498c7d4907042188c19a98a5
SHA256 f1199cff412787afb907fc22fa5459550095dc2e23758ff9c8eb2c0e4eaef988
SHA512 b3336d4400b5612d346645d4ffcb323612e585f432a03fd58a36134de489c70eba039281a3de815cd85826fd4d8d15b009e6eb7455406be0ba3e55786bd0caaa

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\05645811-5a87-4e73-8400-3ace45e808fe.tmp

MD5 fbe63369e5e6162535b61ba9fb61af9d
SHA1 ddd4d12eb6ce44e09da8782fda4224e2bcb526b5
SHA256 8a00caf83fcd949f753523c20813bb422da35abfcf196753a4b029119f9753c2
SHA512 306ab17b30bb681ca34ca6a54777ab1d9989b1a4f9ae0a10e477573df1980677ddce76943fd1973e1146d4c6a47ed824a2b702953ae830197871b9fdae33b00c

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\ShaderCache\GPUCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\ShaderCache\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\ShaderCache\GPUCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\ShaderCache\GPUCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2474a467d26d58b3e2cd7c60f7ac55d0
SHA1 6d06640b367dcdd650cb680cb425eb3d51715256
SHA256 207ceb3627f3870ec5811ab06abb4d09039724e74eb951ec0a51153746257078
SHA512 fe1d59727201da1262182a3ff6d4234b57630fa42a571d28f2256e2aea9dfc62448faccec21de9623ef1588c7b07c3687b016a91745d7f157d1b40145892eb35

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ec512e8c0ce458602bde6327d9118940
SHA1 75d8935750bfd4a77e83d6481a1e239ae34abb52
SHA256 61a6707e11155d79e3a3b34f882c0b6e32899c64f63e475ce2f90ca49b6c45e1
SHA512 06db1f7a9d5b220910a73f7209e7cc8cbb69ab7451ab8937713758db10bcc4c09ccdcbaaa750aa0f9150cd244ccd50d77e77f8c96d28f6db0399a91e5c94c6ec

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 96db04d09a773e359e39b9d5ada8958a
SHA1 8bc3f98f27e7ecd980e427f7f9d88a84e23015c6
SHA256 0157c697a6c43e90fe1f0188d778cf272ae36bb87f087014f392914fe59ae610
SHA512 c91d2f67a21d4ff3fee75021326dda9eca88972ed21425f6d85b0853df0db44b968b99127f6d70e2f0b9c6997c05b8984144c3776f23bf504624698f4c486265

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d3bcadb2ada146fc391d0b4eeff4b847
SHA1 041f93558b119f78313c2949341eb62c3543fac0
SHA256 7f3412c2c3835ea8d7b518dae0870f9f42f8bf9296c668aeb32f03b0b37ffe9b
SHA512 8939febe6ab85e8ac6fb2f4718a0d21a36ef854f5f8b8f197205d7d113f343e29d52b5ae32b039abf9b3d22da12b29b9b5eb19fd1b11f5747b6539113b38980d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bad399b943db18cce9b6e07e2954234b
SHA1 26431b820f98030e803aca9557b4bb7c2ee42505
SHA256 e073cf6dcc3926c9a31a4790344954cea36319e5e1e3b3ba5e39d6de635dbad2
SHA512 3f5e92e8ff2dec18ebc2ab5b6605c2fd4c3c8f4de4a2a2cbfd634b82ae9511878fc13e11e691a5a9ae2069cdfd62ac5166782cb4379b41ae63dee4cf148d173c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 63e45d0c0c08172922f0d3d553e25adc
SHA1 0b3e22a771146538f9246162e04bdbc847917c4e
SHA256 dca33cf29b89828e2432eb8032f2dad94d353ca385069cd31760602abbd11dea
SHA512 f754868c527db562e46ade9b7ffda5324714b6df60a647e3fa51474bafef4e24fe7406b355ed5cc9bd84e505e28f9260969b201269f59344272f91360d95a1d8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 44395811eee03a8022b65f6e2daafee4
SHA1 4b8cf59cddf54bc2426d981963e6fa4a7e58c38e
SHA256 9d1bca59627f132134a22a5983c9580ec4d3d89e0a4109a37940a2fa71b96a46
SHA512 734ce42ca29fb74bc95465c0f0affa8299759fa725c37daba9ecba527ff5466254f1c0d9a0fa77f2cc084e0851f1bd62a8c3566c5f301af354eafc9039d06515

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3495688fa47ad279536efcfc19e55f1d
SHA1 2d16a3bea56de81e3030e9ffafab6289723d4856
SHA256 d00d4eb0fc676638ace4134931eecee696fc02a5b55c58254159cd888ce39a64
SHA512 d04c06103e76d36289d6894d16fa2f665732ca492e555179c15b3cfd8fbcb52102238783163fcc72db85cb452d2fb1d544849f5a18f79ceec24269768451e393

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-08 13:06

Reported

2024-11-08 13:09

Platform

win10v2004-20241007-en

Max time kernel

147s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3d3d3e688ed64e61981a53ed0afb9f8202e4c4b1d41bb4fc4345df23db0b0085.exe"

Signatures

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3d3d3e688ed64e61981a53ed0afb9f8202e4c4b1d41bb4fc4345df23db0b0085.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\YB_7EFE5.tmp\setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation C:\Windows\TEMP\scoped_dir956_297566289\temp\service_update.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\scoped_dir956_1903946841\explorer.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\yb9A8A.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_7EFE5.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_7EFE5.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_7EFE5.tmp\setup.exe N/A
N/A N/A C:\Windows\TEMP\scoped_dir956_297566289\temp\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\scoped_dir956_1903946841\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\scoped_dir956_1903946841\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\GoogleChromeAutoLaunch_45886AE68CD319C7351FF54A1DBD4B87 = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --shutdown-if-not-closed-by-system-restart" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Checks installed software on the system

discovery

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A yandex.com N/A N/A
N/A yandex.com N/A N/A

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Yandex\ui C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3 C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5 C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\349D186F1CB5682FA0194D4F3754EF36_329286CE101A90C7D927A9DF52224760 C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\349D186F1CB5682FA0194D4F3754EF36_329286CE101A90C7D927A9DF52224760 C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\_[1].js C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCookies C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3 C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe C:\Windows\TEMP\scoped_dir956_297566289\temp\service_update.exe N/A
File opened for modification C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe C:\Windows\TEMP\scoped_dir956_297566289\temp\service_update.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\System update for Yandex Browser.job C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File created C:\Windows\Tasks\Update for Yandex Browser.job C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File created C:\Windows\Tasks\Repairing Yandex Browser update service.job C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\Tasks\Update for Yandex Browser.job C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\YB_7EFE5.tmp\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\YB_7EFE5.tmp\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\3d3d3e688ed64e61981a53ed0afb9f8202e4c4b1d41bb4fc4345df23db0b0085.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\scoped_dir956_1903946841\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\3d3d3e688ed64e61981a53ed0afb9f8202e4c4b1d41bb4fc4345df23db0b0085.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\yb9A8A.tmp N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\scoped_dir956_1903946841\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\YB_7EFE5.tmp\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\TEMP\scoped_dir956_297566289\temp\service_update.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\.DEFAULT\Software\AppDataLow\Yandex\UICreated_SYSTEM = "1" C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:" C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\AppDataLow\Yandex C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\AppDataLow C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:" C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\YandexPNG.Q3O5UODMZAUHTDG2ST4U5PSDPQ\shell C:\Users\Admin\AppData\Local\Temp\YB_7EFE5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\YandexJPEG.Q3O5UODMZAUHTDG2ST4U5PSDPQ\shell\open C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\YandexHTML.Q3O5UODMZAUHTDG2ST4U5PSDPQ\Application\ApplicationDescription = "Yandex\u00a0Browser is a fast and user-friendly program for accessing the internet and browsing websites." C:\Users\Admin\AppData\Local\Temp\YB_7EFE5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\YandexFB2.Q3O5UODMZAUHTDG2ST4U5PSDPQ C:\Users\Admin\AppData\Local\Temp\YB_7EFE5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\YandexGIF.Q3O5UODMZAUHTDG2ST4U5PSDPQ\shell\open\command C:\Users\Admin\AppData\Local\Temp\YB_7EFE5.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\YandexPDF.Q3O5UODMZAUHTDG2ST4U5PSDPQ\ = "Yandex Browser PDF Document" C:\Users\Admin\AppData\Local\Temp\YB_7EFE5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\YandexSWF.Q3O5UODMZAUHTDG2ST4U5PSDPQ\DefaultIcon C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\.png\OpenWithProgids\YandexPNG.Q3O5UODMZAUHTDG2ST4U5PSDPQ C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\YandexJS.Q3O5UODMZAUHTDG2ST4U5PSDPQ\shell C:\Users\Admin\AppData\Local\Temp\YB_7EFE5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\.xht\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\YB_7EFE5.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\.txt\OpenWithProgids\YandexTXT.Q3O5UODMZAUHTDG2ST4U5PSDPQ C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\YandexXML.Q3O5UODMZAUHTDG2ST4U5PSDPQ\shell C:\Users\Admin\AppData\Local\Temp\YB_7EFE5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\.js C:\Users\Admin\AppData\Local\Temp\YB_7EFE5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\yabrowser\shell\open\command C:\Users\Admin\AppData\Local\Temp\YB_7EFE5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\.swf\OpenWithProgids C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\YandexTXT.Q3O5UODMZAUHTDG2ST4U5PSDPQ C:\Users\Admin\AppData\Local\Temp\YB_7EFE5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\.xhtml C:\Users\Admin\AppData\Local\Temp\YB_7EFE5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\YandexPDF.Q3O5UODMZAUHTDG2ST4U5PSDPQ\shell\open\command C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\YandexHTML.Q3O5UODMZAUHTDG2ST4U5PSDPQ\ = "Yandex HTML Document" C:\Users\Admin\AppData\Local\Temp\YB_7EFE5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\YandexWEBP.Q3O5UODMZAUHTDG2ST4U5PSDPQ C:\Users\Admin\AppData\Local\Temp\YB_7EFE5.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\yabrowser\shell\open\ddeexec\ C:\Users\Admin\AppData\Local\Temp\YB_7EFE5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\YandexPDF.Q3O5UODMZAUHTDG2ST4U5PSDPQ\DefaultIcon C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\YandexTXT.Q3O5UODMZAUHTDG2ST4U5PSDPQ\DefaultIcon C:\Users\Admin\AppData\Local\Temp\YB_7EFE5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\.gif C:\Users\Admin\AppData\Local\Temp\YB_7EFE5.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\YandexHTML.Q3O5UODMZAUHTDG2ST4U5PSDPQ\Application\AppUserModelId = "Yandex.Q3O5UODMZAUHTDG2ST4U5PSDPQ" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\YandexCRX.Q3O5UODMZAUHTDG2ST4U5PSDPQ\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-104" C:\Users\Admin\AppData\Local\Temp\YB_7EFE5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\.htm\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\YB_7EFE5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\yabrowser\shell\open\ddeexec C:\Users\Admin\AppData\Local\Temp\YB_7EFE5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\.shtml\OpenWithProgids C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\YandexJS.Q3O5UODMZAUHTDG2ST4U5PSDPQ\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-126" C:\Users\Admin\AppData\Local\Temp\YB_7EFE5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\.tif\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\YB_7EFE5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\.gif C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\.swf C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\.crx C:\Users\Admin\AppData\Local\Temp\YB_7EFE5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\YandexINFE.Q3O5UODMZAUHTDG2ST4U5PSDPQ\DefaultIcon C:\Users\Admin\AppData\Local\Temp\YB_7EFE5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\YandexJPEG.Q3O5UODMZAUHTDG2ST4U5PSDPQ\shell\open\command C:\Users\Admin\AppData\Local\Temp\YB_7EFE5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\YandexCSS.Q3O5UODMZAUHTDG2ST4U5PSDPQ C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\YandexSWF.Q3O5UODMZAUHTDG2ST4U5PSDPQ\shell\open C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\.fb2\OpenWithProgids C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\YandexGIF.Q3O5UODMZAUHTDG2ST4U5PSDPQ C:\Users\Admin\AppData\Local\Temp\YB_7EFE5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\YandexFB2.Q3O5UODMZAUHTDG2ST4U5PSDPQ\DefaultIcon C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\.epub C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\YandexJPEG.Q3O5UODMZAUHTDG2ST4U5PSDPQ\shell\open C:\Users\Admin\AppData\Local\Temp\YB_7EFE5.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\.fb2\OpenWithProgids\YandexFB2.Q3O5UODMZAUHTDG2ST4U5PSDPQ C:\Users\Admin\AppData\Local\Temp\YB_7EFE5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\YandexCRX.Q3O5UODMZAUHTDG2ST4U5PSDPQ C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\.html C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\YandexCSS.Q3O5UODMZAUHTDG2ST4U5PSDPQ C:\Users\Admin\AppData\Local\Temp\YB_7EFE5.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\YandexFB2.Q3O5UODMZAUHTDG2ST4U5PSDPQ\ = "Yandex Browser FB2 Document" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\YandexINFE.Q3O5UODMZAUHTDG2ST4U5PSDPQ C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\.tif C:\Users\Admin\AppData\Local\Temp\YB_7EFE5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\YandexEPUB.Q3O5UODMZAUHTDG2ST4U5PSDPQ\shell\open C:\Users\Admin\AppData\Local\Temp\YB_7EFE5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\YandexFB2.Q3O5UODMZAUHTDG2ST4U5PSDPQ\shell\open\command C:\Users\Admin\AppData\Local\Temp\YB_7EFE5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\YandexPNG.Q3O5UODMZAUHTDG2ST4U5PSDPQ C:\Users\Admin\AppData\Local\Temp\YB_7EFE5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\YandexTIFF.Q3O5UODMZAUHTDG2ST4U5PSDPQ\shell\open\command C:\Users\Admin\AppData\Local\Temp\YB_7EFE5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\YandexTXT.Q3O5UODMZAUHTDG2ST4U5PSDPQ C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\YandexBrowser.crx\shell\open C:\Users\Admin\AppData\Local\Temp\YB_7EFE5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\YandexTXT.Q3O5UODMZAUHTDG2ST4U5PSDPQ\shell C:\Users\Admin\AppData\Local\Temp\YB_7EFE5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\.js\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\YB_7EFE5.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\.txt\OpenWithProgids\YandexTXT.Q3O5UODMZAUHTDG2ST4U5PSDPQ C:\Users\Admin\AppData\Local\Temp\YB_7EFE5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\.crx\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\YB_7EFE5.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\YandexHTML.Q3O5UODMZAUHTDG2ST4U5PSDPQ\ = "Yandex Browser HTML Document" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\YandexINFE.Q3O5UODMZAUHTDG2ST4U5PSDPQ\shell\open C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\YandexXML.Q3O5UODMZAUHTDG2ST4U5PSDPQ\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-134" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\YandexCRX.Q3O5UODMZAUHTDG2ST4U5PSDPQ\shell C:\Users\Admin\AppData\Local\Temp\YB_7EFE5.tmp\setup.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD C:\Users\Admin\AppData\Local\Temp\3d3d3e688ed64e61981a53ed0afb9f8202e4c4b1d41bb4fc4345df23db0b0085.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 0f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b1400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba953030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f C:\Users\Admin\AppData\Local\Temp\3d3d3e688ed64e61981a53ed0afb9f8202e4c4b1d41bb4fc4345df23db0b0085.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 190000000100000010000000d0fd3c9c380d7b65e26b9a3fedd39b8f030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba9531400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b0b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f C:\Users\Admin\AppData\Local\Temp\3d3d3e688ed64e61981a53ed0afb9f8202e4c4b1d41bb4fc4345df23db0b0085.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_7EFE5.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_7EFE5.tmp\setup.exe N/A
N/A N/A C:\Windows\TEMP\scoped_dir956_297566289\temp\service_update.exe N/A
N/A N/A C:\Windows\TEMP\scoped_dir956_297566289\temp\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\scoped_dir956_1903946841\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\scoped_dir956_1903946841\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\scoped_dir956_1903946841\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\scoped_dir956_1903946841\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_7EFE5.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_7EFE5.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\3d3d3e688ed64e61981a53ed0afb9f8202e4c4b1d41bb4fc4345df23db0b0085.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\scoped_dir956_1903946841\explorer.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2648 wrote to memory of 3300 N/A C:\Users\Admin\AppData\Local\Temp\3d3d3e688ed64e61981a53ed0afb9f8202e4c4b1d41bb4fc4345df23db0b0085.exe C:\Users\Admin\AppData\Local\Temp\3d3d3e688ed64e61981a53ed0afb9f8202e4c4b1d41bb4fc4345df23db0b0085.exe
PID 2648 wrote to memory of 3300 N/A C:\Users\Admin\AppData\Local\Temp\3d3d3e688ed64e61981a53ed0afb9f8202e4c4b1d41bb4fc4345df23db0b0085.exe C:\Users\Admin\AppData\Local\Temp\3d3d3e688ed64e61981a53ed0afb9f8202e4c4b1d41bb4fc4345df23db0b0085.exe
PID 2648 wrote to memory of 3300 N/A C:\Users\Admin\AppData\Local\Temp\3d3d3e688ed64e61981a53ed0afb9f8202e4c4b1d41bb4fc4345df23db0b0085.exe C:\Users\Admin\AppData\Local\Temp\3d3d3e688ed64e61981a53ed0afb9f8202e4c4b1d41bb4fc4345df23db0b0085.exe
PID 2648 wrote to memory of 5084 N/A C:\Users\Admin\AppData\Local\Temp\3d3d3e688ed64e61981a53ed0afb9f8202e4c4b1d41bb4fc4345df23db0b0085.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2648 wrote to memory of 5084 N/A C:\Users\Admin\AppData\Local\Temp\3d3d3e688ed64e61981a53ed0afb9f8202e4c4b1d41bb4fc4345df23db0b0085.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5084 wrote to memory of 3540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5084 wrote to memory of 3540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5084 wrote to memory of 2020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5084 wrote to memory of 2020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5084 wrote to memory of 2020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5084 wrote to memory of 2020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5084 wrote to memory of 2020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5084 wrote to memory of 2020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5084 wrote to memory of 2020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5084 wrote to memory of 2020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5084 wrote to memory of 2020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5084 wrote to memory of 2020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5084 wrote to memory of 2020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5084 wrote to memory of 2020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5084 wrote to memory of 2020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5084 wrote to memory of 2020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5084 wrote to memory of 2020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5084 wrote to memory of 2020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5084 wrote to memory of 2020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5084 wrote to memory of 2020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5084 wrote to memory of 2020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5084 wrote to memory of 2020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5084 wrote to memory of 2020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5084 wrote to memory of 2020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5084 wrote to memory of 2020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5084 wrote to memory of 2020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5084 wrote to memory of 2020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5084 wrote to memory of 2020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5084 wrote to memory of 2020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5084 wrote to memory of 2020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5084 wrote to memory of 2020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5084 wrote to memory of 2020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5084 wrote to memory of 2020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5084 wrote to memory of 2020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5084 wrote to memory of 2020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5084 wrote to memory of 2020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5084 wrote to memory of 2020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5084 wrote to memory of 2020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5084 wrote to memory of 2020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5084 wrote to memory of 2020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5084 wrote to memory of 2020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5084 wrote to memory of 2020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5084 wrote to memory of 1724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5084 wrote to memory of 1724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5084 wrote to memory of 3984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5084 wrote to memory of 3984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5084 wrote to memory of 3984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5084 wrote to memory of 3984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5084 wrote to memory of 3984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5084 wrote to memory of 3984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5084 wrote to memory of 3984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5084 wrote to memory of 3984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5084 wrote to memory of 3984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5084 wrote to memory of 3984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5084 wrote to memory of 3984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5084 wrote to memory of 3984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5084 wrote to memory of 3984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5084 wrote to memory of 3984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5084 wrote to memory of 3984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\3d3d3e688ed64e61981a53ed0afb9f8202e4c4b1d41bb4fc4345df23db0b0085.exe

"C:\Users\Admin\AppData\Local\Temp\3d3d3e688ed64e61981a53ed0afb9f8202e4c4b1d41bb4fc4345df23db0b0085.exe"

C:\Users\Admin\AppData\Local\Temp\3d3d3e688ed64e61981a53ed0afb9f8202e4c4b1d41bb4fc4345df23db0b0085.exe

"C:\Users\Admin\AppData\Local\Temp\3d3d3e688ed64e61981a53ed0afb9f8202e4c4b1d41bb4fc4345df23db0b0085.exe" --parent-installer-process-id=2648 --run-as-admin --setup-cmd-line="fake_browser_arc --abt-config-resource-file=\"C:\Users\Admin\AppData\Local\Temp\abt_config_resource\" --abt-update-path=\"C:\Users\Admin\AppData\Local\Temp\162ece25-ab67-426f-8627-f60fac12315f.tmp\" --brand-name=int --browser-present=none --disableyapin --distr-info-file=\"C:\Users\Admin\AppData\Local\Temp\distrib_info\" --installer-brand-id=int --make-browser-default-after-import --ok-button-pressed-time=484131405 --progress-window=393908 --server-config-bundle-path=\"C:\Users\Admin\AppData\Local\Temp\cdea6fcc-91ac-411e-9189-1218a55f8dba.tmp\" --testids=1114347 --variations-update-path=\"C:\Users\Admin\AppData\Local\Temp\ed49ae20-3d46-40cd-8ad5-89ae0e9cde19.tmp\" --verbose-logging"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://yandex.com/legal/browser_agreement/?lang=en

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcc60946f8,0x7ffcc6094708,0x7ffcc6094718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,7039382052776547822,14886963652411069895,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,7039382052776547822,14886963652411069895,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,7039382052776547822,14886963652411069895,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7039382052776547822,14886963652411069895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7039382052776547822,14886963652411069895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7039382052776547822,14886963652411069895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,7039382052776547822,14886963652411069895,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5864 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,7039382052776547822,14886963652411069895,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5864 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7039382052776547822,14886963652411069895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7039382052776547822,14886963652411069895,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7039382052776547822,14886963652411069895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4600 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7039382052776547822,14886963652411069895,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\yb9A8A.tmp

"C:\Users\Admin\AppData\Local\Temp\yb9A8A.tmp" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\162ece25-ab67-426f-8627-f60fac12315f.tmp" --brand-name=int --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --browser-present=none --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --disableyapin --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=29 --install-start-time-no-uac=484912660 --installer-brand-id=int --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --make-browser-default-after-import --ok-button-pressed-time=484131405 --progress-window=393908 --server-config-bundle-path="C:\Users\Admin\AppData\Local\Temp\cdea6fcc-91ac-411e-9189-1218a55f8dba.tmp" --source=lite --testids=1114347 --variations-update-path="C:\Users\Admin\AppData\Local\Temp\ed49ae20-3d46-40cd-8ad5-89ae0e9cde19.tmp" --verbose-logging

C:\Users\Admin\AppData\Local\Temp\YB_7EFE5.tmp\setup.exe

"C:\Users\Admin\AppData\Local\Temp\YB_7EFE5.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_7EFE5.tmp\BROWSER.PACKED.7Z" --searchband-file="C:\Users\Admin\AppData\Local\Temp\YB_7EFE5.tmp\SEARCHBAND.EXE" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\162ece25-ab67-426f-8627-f60fac12315f.tmp" --brand-name=int --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --browser-present=none --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --disableyapin --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=29 --install-start-time-no-uac=484912660 --installer-brand-id=int --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --make-browser-default-after-import --ok-button-pressed-time=484131405 --progress-window=393908 --server-config-bundle-path="C:\Users\Admin\AppData\Local\Temp\cdea6fcc-91ac-411e-9189-1218a55f8dba.tmp" --source=lite --testids=1114347 --variations-update-path="C:\Users\Admin\AppData\Local\Temp\ed49ae20-3d46-40cd-8ad5-89ae0e9cde19.tmp" --verbose-logging

C:\Users\Admin\AppData\Local\Temp\YB_7EFE5.tmp\setup.exe

"C:\Users\Admin\AppData\Local\Temp\YB_7EFE5.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_7EFE5.tmp\BROWSER.PACKED.7Z" --searchband-file="C:\Users\Admin\AppData\Local\Temp\YB_7EFE5.tmp\SEARCHBAND.EXE" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\162ece25-ab67-426f-8627-f60fac12315f.tmp" --brand-name=int --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --browser-present=none --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --disableyapin --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=29 --install-start-time-no-uac=484912660 --installer-brand-id=int --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --make-browser-default-after-import --ok-button-pressed-time=484131405 --progress-window=393908 --server-config-bundle-path="C:\Users\Admin\AppData\Local\Temp\cdea6fcc-91ac-411e-9189-1218a55f8dba.tmp" --source=lite --testids=1114347 --variations-update-path="C:\Users\Admin\AppData\Local\Temp\ed49ae20-3d46-40cd-8ad5-89ae0e9cde19.tmp" --verbose-logging --verbose-logging --run-as-admin --target-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application" --child-setup-process --restart-as-admin-time=511671605

C:\Users\Admin\AppData\Local\Temp\YB_7EFE5.tmp\setup.exe

C:\Users\Admin\AppData\Local\Temp\YB_7EFE5.tmp\setup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=488dca4c15f9a1d330ad312b391a804e --annotation=main_process_pid=956 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=22.1.5.812 --initial-client-data=0x338,0x33c,0x340,0x314,0x344,0x96ed30,0x96ed40,0x96ed4c

C:\Windows\TEMP\scoped_dir956_297566289\temp\service_update.exe

"C:\Windows\TEMP\scoped_dir956_297566289\temp\service_update.exe" --setup

C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe" --install

C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe" --run-as-service

C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=488dca4c15f9a1d330ad312b391a804e --annotation=main_process_pid=4796 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=22.1.5.812 --initial-client-data=0x258,0x25c,0x260,0x234,0x264,0xd63560,0xd63570,0xd6357c

C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe" --update-scheduler

C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe" --update-background-scheduler

C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe" --statistics=https://api.browser.yandex.ru/installstats/send/dtype=stred/pid=457/cid=72992/path=extended_stat/vars=-action=version_folder_files_check_unused,-brand_id=unknown,-error=FONT_NOT_FOUND,-files_mask=66977119,-installer_type=service_audit,-launched=false,-old_style=0,-old_ver=,-result=0,-stage=error,-target=version_folder_files_check,-ui=DA4AAA0B_ED6A_4FE4_8D7E_22F5BBDF8079/*

C:\Users\Admin\AppData\Local\Temp\scoped_dir956_1903946841\explorer.exe

"C:\Users\Admin\AppData\Local\Temp\scoped_dir956_1903946841\explorer.exe" --pttw1="C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex.lnk"

C:\Users\Admin\AppData\Local\Temp\scoped_dir956_1903946841\explorer.exe

C:\Users\Admin\AppData\Local\Temp\scoped_dir956_1903946841\explorer.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=488dca4c15f9a1d330ad312b391a804e --annotation=main_process_pid=5580 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=22.1.5.812 --initial-client-data=0x2cc,0x2d0,0x2d4,0x2a8,0x2d8,0xf9ed30,0xf9ed40,0xf9ed4c

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Temp\clids.xml"

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\source956_336458281\Browser-bin\clids_yandex.xml"

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=searchband --vendor-xml-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\source956_336458281\Browser-bin\clids_searchband.xml"

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --progress-window=393908 --ok-button-pressed-time=484131405 --install-start-time-no-uac=484912660

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id= --annotation=main_process_pid=4632 --annotation=metrics_client_id=4701cb00f8b64bab887b00176bbae429 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=22.1.5.812 --initial-client-data=0x188,0x18c,0x190,0x164,0x194,0x71d92a08,0x71d92a18,0x71d92a24

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --field-trial-handle=1688,15172387507224043446,13445174104680559729,131072 --user-id=A2A73275-8E03-4EA4-B705-3F8E876A69F8 --brand-id=int --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAANAAAAEAAAAAAAAAABAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1712 /prefetch:2

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1688,15172387507224043446,13445174104680559729,131072 --lang=en-US --service-sandbox-type=none --user-id=A2A73275-8E03-4EA4-B705-3F8E876A69F8 --brand-id=int --process-name="Network Service" --brver=22.1.5.812 --mojo-platform-channel-handle=2044 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1688,15172387507224043446,13445174104680559729,131072 --lang=en-US --service-sandbox-type=utility --user-id=A2A73275-8E03-4EA4-B705-3F8E876A69F8 --brand-id=int --process-name="Storage Service" --brver=22.1.5.812 --mojo-platform-channel-handle=2224 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1688,15172387507224043446,13445174104680559729,131072 --lang=en-US --service-sandbox-type=audio --user-id=A2A73275-8E03-4EA4-B705-3F8E876A69F8 --brand-id=int --process-name="Audio Service" --brver=22.1.5.812 --mojo-platform-channel-handle=2796 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=A2A73275-8E03-4EA4-B705-3F8E876A69F8 --brand-id=int --extension-process --help-url=https://api.browser.yandex.com/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://yastatic.net --display-capture-permissions-policy-allowed --enable-instaserp --field-trial-handle=1688,15172387507224043446,13445174104680559729,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2220 /prefetch:1

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1688,15172387507224043446,13445174104680559729,131072 --lang=en-US --service-sandbox-type=service --user-id=A2A73275-8E03-4EA4-B705-3F8E876A69F8 --brand-id=int --process-name="Data Decoder Service" --brver=22.1.5.812 --mojo-platform-channel-handle=3220 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1688,15172387507224043446,13445174104680559729,131072 --lang=en-US --service-sandbox-type=none --user-id=A2A73275-8E03-4EA4-B705-3F8E876A69F8 --brand-id=int --process-name="Video Capture" --brver=22.1.5.812 --mojo-platform-channel-handle=3232 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=A2A73275-8E03-4EA4-B705-3F8E876A69F8 --brand-id=int --extension-process --help-url=https://api.browser.yandex.com/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://yastatic.net --display-capture-permissions-policy-allowed --enable-instaserp --field-trial-handle=1688,15172387507224043446,13445174104680559729,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3268 /prefetch:1

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=speechkit.mojom.Speechkit --field-trial-handle=1688,15172387507224043446,13445174104680559729,131072 --lang=en-US --service-sandbox-type=none --user-id=A2A73275-8E03-4EA4-B705-3F8E876A69F8 --brand-id=int --process-name="Speechkit Service" --brver=22.1.5.812 --mojo-platform-channel-handle=3572 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --field-trial-handle=1688,15172387507224043446,13445174104680559729,131072 --lang=en-US --service-sandbox-type=none --user-id=A2A73275-8E03-4EA4-B705-3F8E876A69F8 --brand-id=int --process-name="Profile Importer" --brver=22.1.5.812 --mojo-platform-channel-handle=4048 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=uwp_cookie_provider.mojom.UwpCookieProvider --field-trial-handle=1688,15172387507224043446,13445174104680559729,131072 --lang=en-US --service-sandbox-type=utility --user-id=A2A73275-8E03-4EA4-B705-3F8E876A69F8 --brand-id=int --process-name=uwp_cookie_provider.mojom.UwpCookieProvider --brver=22.1.5.812 --mojo-platform-channel-handle=4612 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe" --set-as-default-browser

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=488dca4c15f9a1d330ad312b391a804e --annotation=main_process_pid=5128 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=22.1.5.812 --initial-client-data=0x338,0x33c,0x340,0x314,0x344,0x9fed30,0x9fed40,0x9fed4c

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=A2A73275-8E03-4EA4-B705-3F8E876A69F8 --brand-id=int --help-url=https://api.browser.yandex.com/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://yastatic.net --display-capture-permissions-policy-allowed --enable-instaserp --field-trial-handle=1688,15172387507224043446,13445174104680559729,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3708 /prefetch:1

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --field-trial-handle=1688,15172387507224043446,13445174104680559729,131072 --lang=en-US --service-sandbox-type=none --user-id=A2A73275-8E03-4EA4-B705-3F8E876A69F8 --brand-id=int --process-name="Profile Importer" --brver=22.1.5.812 --mojo-platform-channel-handle=2968 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --field-trial-handle=1688,15172387507224043446,13445174104680559729,131072 --lang=en-US --service-sandbox-type=none --user-id=A2A73275-8E03-4EA4-B705-3F8E876A69F8 --brand-id=int --process-name="Profile Importer" --brver=22.1.5.812 --mojo-platform-channel-handle=872 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --field-trial-handle=1688,15172387507224043446,13445174104680559729,131072 --lang=en-US --service-sandbox-type=none --user-id=A2A73275-8E03-4EA4-B705-3F8E876A69F8 --brand-id=int --process-name="Profile Importer" --brver=22.1.5.812 --mojo-platform-channel-handle=2244 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --field-trial-handle=1688,15172387507224043446,13445174104680559729,131072 --lang=en-US --service-sandbox-type=none --user-id=A2A73275-8E03-4EA4-B705-3F8E876A69F8 --brand-id=int --process-name="Profile Importer" --brver=22.1.5.812 --mojo-platform-channel-handle=3204 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1688,15172387507224043446,13445174104680559729,131072 --lang=en-US --service-sandbox-type=service --user-id=A2A73275-8E03-4EA4-B705-3F8E876A69F8 --brand-id=int --process-name="Data Decoder Service" --brver=22.1.5.812 --mojo-platform-channel-handle=2320 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,7039382052776547822,14886963652411069895,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 api.browser.yandex.ru udp
US 8.8.8.8:53 api.browser.yandex.net udp
US 8.8.8.8:53 download.cdn.yandex.net udp
RU 5.45.205.244:443 download.cdn.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 244.205.45.5.in-addr.arpa udp
US 8.8.8.8:53 234.193.180.213.in-addr.arpa udp
US 8.8.8.8:53 133.66.101.151.in-addr.arpa udp
US 8.8.8.8:53 cachev2-ams21.cdn.yandex.net udp
NL 5.45.247.25:443 cachev2-ams21.cdn.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 25.247.45.5.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
RU 213.180.193.234:443 api.browser.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp
RU 5.45.205.244:443 download.cdn.yandex.net tcp
US 8.8.8.8:53 yandex.com udp
RU 77.88.55.88:443 yandex.com tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp
US 8.8.8.8:53 88.55.88.77.in-addr.arpa udp
US 8.8.8.8:53 cachev2-fra-02.cdn.yandex.net udp
US 8.8.8.8:53 yastatic.net udp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
DE 5.45.200.105:443 cachev2-fra-02.cdn.yandex.net tcp
RU 178.154.131.215:443 yastatic.net tcp
US 8.8.8.8:53 samsara.s3.yandex.net udp
US 8.8.8.8:53 215.131.154.178.in-addr.arpa udp
US 8.8.8.8:53 105.200.45.5.in-addr.arpa udp
RU 178.154.131.215:443 yastatic.net tcp
US 8.8.8.8:53 mc.yandex.ru udp
RU 93.158.134.119:443 mc.yandex.ru tcp
RU 93.158.134.158:443 samsara.s3.yandex.net tcp
US 8.8.8.8:53 119.134.158.93.in-addr.arpa udp
US 8.8.8.8:53 cachev2-ams22.cdn.yandex.net udp
US 8.8.8.8:53 uxfeedback-cdn.s3.yandex.net udp
US 8.8.8.8:53 mc.yandex.com udp
US 8.8.8.8:53 158.134.158.93.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
NL 5.45.247.27:443 cachev2-ams22.cdn.yandex.net tcp
RU 93.158.134.158:443 uxfeedback-cdn.s3.yandex.net tcp
RU 93.158.134.158:443 uxfeedback-cdn.s3.yandex.net tcp
RU 93.158.134.158:443 uxfeedback-cdn.s3.yandex.net tcp
US 8.8.8.8:53 27.247.45.5.in-addr.arpa udp
US 8.8.8.8:53 api.uxfeedback.yandex.net udp
RU 87.250.250.159:443 api.uxfeedback.yandex.net tcp
RU 87.250.250.159:443 api.uxfeedback.yandex.net tcp
US 8.8.8.8:53 159.250.250.87.in-addr.arpa udp
RU 5.45.205.244:443 download.cdn.yandex.net tcp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 cachev2-kiv-04.cdn.yandex.net udp
FI 5.45.192.142:443 cachev2-kiv-04.cdn.yandex.net tcp
US 8.8.8.8:53 142.192.45.5.in-addr.arpa udp
US 8.8.8.8:53 cachev2-kiv-06.cdn.yandex.net udp
FI 5.45.192.146:443 cachev2-kiv-06.cdn.yandex.net tcp
US 8.8.8.8:53 146.192.45.5.in-addr.arpa udp
US 8.8.8.8:53 cachev2-ams18.cdn.yandex.net udp
NL 5.45.247.18:443 cachev2-ams18.cdn.yandex.net tcp
US 8.8.8.8:53 cachev2-rad-04.cdn.yandex.net udp
FI 5.45.192.10:443 cachev2-rad-04.cdn.yandex.net tcp
US 8.8.8.8:53 18.247.45.5.in-addr.arpa udp
NL 5.45.247.25:443 cachev2-ams21.cdn.yandex.net tcp
US 8.8.8.8:53 10.192.45.5.in-addr.arpa udp
RU 213.180.193.234:443 api.browser.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp
RU 5.45.205.244:443 download.cdn.yandex.net tcp
US 8.8.8.8:53 crl.globalsign.com udp
US 8.8.8.8:53 cachev2-fra-01.cdn.yandex.net udp
US 151.101.66.133:80 crl.globalsign.com tcp
DE 5.45.200.104:443 cachev2-fra-01.cdn.yandex.net tcp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 104.200.45.5.in-addr.arpa udp
US 8.8.8.8:53 cachev2-kiv-01.cdn.yandex.net udp
FI 5.45.192.133:443 cachev2-kiv-01.cdn.yandex.net tcp
US 8.8.8.8:53 cachev2-ams15.cdn.yandex.net udp
NL 5.45.247.11:443 cachev2-ams15.cdn.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp
US 8.8.8.8:53 cachev2-rad-01.cdn.yandex.net udp
FI 5.45.192.4:443 cachev2-rad-01.cdn.yandex.net tcp
US 8.8.8.8:53 11.247.45.5.in-addr.arpa udp
US 8.8.8.8:53 133.192.45.5.in-addr.arpa udp
US 8.8.8.8:53 cachev2-ams17.cdn.yandex.net udp
NL 5.45.247.13:443 cachev2-ams17.cdn.yandex.net tcp
US 8.8.8.8:53 4.192.45.5.in-addr.arpa udp
US 8.8.8.8:53 cachev2-rad-03.cdn.yandex.net udp
FI 5.45.192.8:443 cachev2-rad-03.cdn.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp
US 8.8.8.8:53 13.247.45.5.in-addr.arpa udp
US 8.8.8.8:53 8.192.45.5.in-addr.arpa udp
US 8.8.8.8:53 cachev2-kiv-05.cdn.yandex.net udp
FI 5.45.192.144:443 cachev2-kiv-05.cdn.yandex.net tcp
US 8.8.8.8:53 cachev2-ams02.cdn.yandex.net udp
NL 5.45.247.52:443 cachev2-ams02.cdn.yandex.net tcp
US 8.8.8.8:53 144.192.45.5.in-addr.arpa udp
US 8.8.8.8:53 52.247.45.5.in-addr.arpa udp
US 8.8.8.8:53 crl.globalsign.com udp
US 151.101.2.133:80 crl.globalsign.com tcp
US 8.8.8.8:53 133.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
RU 213.180.193.234:443 api.browser.yandex.net tcp
US 8.8.8.8:53 133.130.101.151.in-addr.arpa udp
RU 213.180.193.234:443 api.browser.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp
US 8.8.8.8:53 storage.ape.yandex.net udp
RU 87.250.251.66:443 storage.ape.yandex.net tcp
US 8.8.8.8:53 sba.yandex.net udp
RU 213.180.193.232:443 sba.yandex.net tcp
US 8.8.8.8:53 browser.yandex.ru udp
US 8.8.8.8:53 browser.yandex.com udp
RU 93.158.134.121:443 browser.yandex.com tcp
RU 93.158.134.121:443 browser.yandex.com tcp
RU 178.154.131.215:443 yastatic.net tcp
US 8.8.8.8:53 66.251.250.87.in-addr.arpa udp
US 8.8.8.8:53 232.193.180.213.in-addr.arpa udp
US 8.8.8.8:53 121.134.158.93.in-addr.arpa udp
US 8.8.8.8:53 storage.ape.yandex.net udp
RU 87.250.251.66:443 storage.ape.yandex.net tcp
US 8.8.8.8:53 75.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 8.8.4.4:443 dns.google udp
RU 77.88.55.88:443 yandex.com tcp
RU 77.88.21.37:443 tcp
US 8.8.8.8:53 37.21.88.77.in-addr.arpa udp
RU 87.250.247.181:443 tcp
RU 213.180.204.36:443 tcp
US 8.8.8.8:53 36.204.180.213.in-addr.arpa udp
US 8.8.8.8:53 181.247.250.87.in-addr.arpa udp
RU 87.250.250.29:443 tcp
US 8.8.8.8:53 29.250.250.87.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.4.4:443 dns.google udp
RU 87.250.251.66:443 storage.ape.yandex.net tcp

Files

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 0376000aa72a15ea7cf4fb7c5509f169
SHA1 a53f4b9b4ef15d523c8791928eef0b1ec2c9624b
SHA256 249cee32a49522047a413b368c696453b755a068d1ce8358a6add88a3c811a1e
SHA512 2bd9ab7c130fa3f4a477d5f16849330551a59de7158c72e8c5c18ff2489b76f5ecc594674a850662987e015de4766eb970857ef0e850a6bf0395b50c6bdbe9f8

C:\Users\Admin\AppData\Roaming\Yandex\ui

MD5 956aa3fa92fca81861b07fb086c5c766
SHA1 b88af323c50efaef00673f79471ae8bb60a3ac5f
SHA256 dcb6b4da01fd513d7479fd49a4bd2975d888a85b0b45b997c1b56e89b48e1500
SHA512 4c2240add515e812e8b053c877cca13b70ce645ef571f11d248edb2587c9b903c6f9376bc42d809911626e680501122bb19fca45f23b2019514ff4e3247672b2

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 5cb5b4ef5928e2dadb10b5616a2a1975
SHA1 724d3769e65052c7f28eb6930e66cfbcbc837ba0
SHA256 2f4ca7eabb1f23582f1e300cf9cdb80ccb4bdbd7fa6ecfd4960ed31958f0dd3e
SHA512 5ab39a8d4a2b5e3d68110750031cfe84adc89e9e4b054d1fab3faff9121bfa9bd4cd3c4ddead7330f80abf1521f5b001e853f1362a5d03542e85b98979e34dba

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 f344348f2a1e73ee038edebe5c8abaa7
SHA1 5b120395d73b9deeb5c2ae8edba045bc0f54806a
SHA256 611cd7522a8bb49365683dbbc401baf05e307bf38f16f590435ab23288676e5d
SHA512 70b89e485848761e4507bc344cc4258b7f6bb7cf4542b71d0c78d604451b2cde1f08aa7b52a1483120854d9789e0307c70ac5c230ef34a093d4ee08bf9e392c9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 36988ca14952e1848e81a959880ea217
SHA1 a0482ef725657760502c2d1a5abe0bb37aebaadb
SHA256 d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6
SHA512 d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

\??\pipe\LOCAL\crashpad_5084_KIHHIJCEAUPKQQZH

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 fab8d8d865e33fe195732aa7dcb91c30
SHA1 2637e832f38acc70af3e511f5eba80fbd7461f2c
SHA256 1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea
SHA512 39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 93080aa8d465943f5b7a34d328e5d074
SHA1 23132b6a1a531e3aed3129e00e542d11eced1feb
SHA256 13e9d8928f470e2b7599857a0e2819b5eda4db6c2b5ff98209abffd8490c0a0f
SHA512 62fba9bc4949ebe33b07acc09460db7c73b0e27b9439dad477ff546d885a3af391a705543f383ef9bf108368c528c6ef17605c16290c5b95e1a4124b5b771ec5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\66F835E41EC6A985EB9271E4A70169D7_CF44E3C99F7F4AC558EEB35244F7E046

MD5 0d12c001753e2c502e8a62f123cefe93
SHA1 46d5278042ed4e98c67dc0214e6bc18f300c76d8
SHA256 573d6707a37a8127fe9276c6eedf635407ff8811a83ec92d49d12ba4eb8ca695
SHA512 b003587142ddf85bbac612914fd04deda949922c2b7eb5f3b3200f399207d5550a588eec242a617ac2ef37abb288fc30f012bbd21b4a8237a901c87abb6264c7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\66F835E41EC6A985EB9271E4A70169D7_CF44E3C99F7F4AC558EEB35244F7E046

MD5 01de2a4228757bb373f57a5f61f1081e
SHA1 93edd70e01c8cb3cbc01ff84c7851e3c3497afa1
SHA256 809c6e7beacc5a744f05a50c65a9b4f807ba9cc6ab1a47bc040086eb62ed9dc6
SHA512 1134a54ec2980bf988043cc504936dcd9521f91d7f35a3ee372fbf1a1a8b4e9c7ab1f7989b325d0abb4ae04a623161c1e505aa921217b5e4a99ec8d1e8025529

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_7DAD5545724AA2C98C55095F428499FB

MD5 48cdfef8a8205110f4cef029eba54f35
SHA1 6936407ff471ee83b1515ffa0058a5f0bbbc48d3
SHA256 ba995644294f9d053eef3b882d8948e33a33e7a1289901f9edb1ffaec4ba20ce
SHA512 f6529a3bb89d323e3fe310b6c1f48cf764217bae6edae2916fd42c89887104713b4fa2e58f36345ca7e761df7f599666d63b029c9ca4babc31352eb4eb16a745

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_7DAD5545724AA2C98C55095F428499FB

MD5 1c440a1c7196ec440741afce41a1db92
SHA1 0678b63775876086a0fd686e1aac82e3f70c1ac1
SHA256 b9402d76b0afb385cc8aaca1ebac486509e083d513f9a9847f08e4d337d5ae06
SHA512 a75cacd83d703df0405a0700dd21eae1e9ce750d5cb165ffbac36b5498f5dbfffb57d02c80213f878f91130ae3df879e443323d7a094cdcb5af1cab5cdbe43f2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3

MD5 7602fa59f50f67e13125a90ba8005df3
SHA1 c9b8e98c869a7bc9f5e370a8af9bc303b08674d4
SHA256 bec7b6b4260b69db3a5e1d9adf8c8ec6090e6abc0a6964af2ef1279bb9fbc1a4
SHA512 0f61865a6b511237de9cda03d88606eccfdcbf1f9909dc5ed1f0e6cc88fd6f447cae0b756987d443997e50d1f1b2b8f2a22bbed6080daf4a96ee177145193897

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3

MD5 265e2135085bb9a42d6f68052f36260e
SHA1 b47f0471dd0a41c80287fd1ef7e92a400bb24cec
SHA256 dbb3965b86242ec4f65049e624587d26792ba280af6536734f5af2866e18e8e7
SHA512 ffbcb7da84e7e972a20ed4f568e3320b13de06b848941c0c9c25e4408a1f77e998ec595c9facb163dc52b711faefa696c90783fac30db56c152200af651e3c92

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B

MD5 4541f0b76d1f3b65c14af4b5d58a45cd
SHA1 04cd915863a51b591b916c58bb004f67be354af0
SHA256 0f5c990354b074e4320362bbdf1655362be2ef25928459b1baac618bf2abc5f7
SHA512 fdb7cfb019d77067b349dc7481d42eed193b7c552ede6448088e087e7f7a1b499e027158962d50bbd4a0a7997e1847b82f26f679f4587edcc2b6239560bef059

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B

MD5 2a257e124dc3a5a132508079770214a5
SHA1 6855f70b00b1c3081c711fba64f765262b2cd381
SHA256 235b4a4daec509a67007dfdfcda6de62ac10fea56ca3045b4894b063626fe109
SHA512 a0293c55a0e40c26638457209fb0b8a4e7c8491b74d2699a3e8d3036868516dab0c612301144f434f556c89d495f505128579a04f3341b6b56e0c58239ba537b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 40f2193d082a6384bc1376ff7d1e6438
SHA1 f405c42c68aa226eb581796162f992babe62ce51
SHA256 d9ba9510d728e9e72e4a7ee9e23aa590860bdb6caa13c8f87d251f7bd59c3cfe
SHA512 d40b62fa26e1d2549dfa895b6ae0571a036fc0a03ebfaf9b52db412047ac51ad301f3837dd3d3e4dc0ea68315b7df79b3907c1f491a39d1b233d18702230c5ac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7d04a18486dbb93cd149817662ee168f
SHA1 dad57445f80e2b4f7ffc8d1aa8965bbd74b9876a
SHA256 dfbdbe1eb63068792006e755ac15f1bd6c1d14e7993ce214bf188e3d7935b4f6
SHA512 17c706074fb0a6fd05ae75972b1acf5c8c68960529986619df600d4af932d517ae00786c8abe3e41b39e2af7ad3e36537467b31aff9250a1bb0d5ebf6ecf5f79

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DF8D319B9741B9E1EBE906AACEA5CBBA_A2E0B287EC2147F84DD8A330B45D3489

MD5 5bfa51f3a417b98e7443eca90fc94703
SHA1 8c015d80b8a23f780bdd215dc842b0f5551f63bd
SHA256 bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128
SHA512 4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 4c85dbbaadea772b4b92bbf27b70cb06
SHA1 1edbed56d0ae8dad0b62fc5981afdbca4101214f
SHA256 e840130dec5513d92a43c6a3bff99b6701fff665f1d60f49de76dc6797cb6142
SHA512 86f1bc573bcbea28b1c02dca7dab21fe495d128cf479c5f87398ed93e7f133de877ab065b1e4ede63e662f4193e90125c50e17b199dba5b444a330051984e2b5

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 b907e580e652b85a4bc835ca6019ba64
SHA1 9a10bf6165472474286c4f23fbe25ab4571bea5d
SHA256 bc86231abba933141fd8ca5f7cb3cd9ca599ee388b831df54f461ba1b4c2c0c6
SHA512 d3d739fc9bd681dfd722b31f5768a9ff194b4f6d07b27ab18ff0a093dc68a9608b5a4008168b7eef06bfd529b11df6a599e511b529c66447b0905fb624d0b81c

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 2d5b3fa6e05e8121e6eb5affeebfad27
SHA1 efd9519e8c12fe5fe7cfec220bc043ebbdf11293
SHA256 6f05157fb1d7c5fa4ac0a624555949795661417bb86a955d61371bdb32ba4986
SHA512 ed01eb449b1c65d77d504c314ea1c8a4269dff26ce99c36b8bc8aef5048eea3cb57f5ac37e6c695b000b3c3d497a988bb8b024d5fe3f388c915458099b109fad

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 da89266eb9d9d663bfddaba8e731e151
SHA1 cc5298c89d2619f5f9f3b5914eaceb5334c81c49
SHA256 007c28b90a3a591c0837fd9ca509728f9dae8bdf25e881cd76a96c33a809e4b8
SHA512 0ea3c045d0c6603d1414c9a1b8e81c91f84581dd7cb8e1ab0ac715ece851702c447c3fb4922b6584d01be99022442805135625d8feb199c8210cd781285562ed

C:\Users\Admin\AppData\Local\Temp\YB_7EFE5.tmp\setup.exe

MD5 5fdeff4b89456b836f351443aa9b3d5b
SHA1 7112f415950c45877265f98aa8388e8093d4abcd
SHA256 7dab48f2004dd9481294d59caccd8573a6e28c1c42b6d7a354dcd3e79f9c7f2a
SHA512 35962b165c4604d3262bdc564e03d791df6175bc4825ab60237c17b7b9f67a4db190ba3f410829c4112a67b6fedf7049e5c5ad3c6f6d41f01a0d3b5c2a0e8346

C:\Users\Admin\AppData\Local\Temp\master_preferences

MD5 9f6befc3ce6dc3ef930cd461f795fd2b
SHA1 445f0f2b0330b16ca3073c18bd0e550b9c1ae657
SHA256 f960a911e0a99d4dfe5e33f734e4b7f5bd1f397cd546dd0f4baa5583453c24b5
SHA512 a47ab3d92918a3348ce69077ecf276368b238a6a8832ac1d05d36e197657dfb7136df97ea4ab26ba4234ba784bdad89c4893ba0b353bbb452cff46f276114fc6

C:\Users\Admin\AppData\Local\Temp\yandex_browser_installer.log

MD5 667a069f13e5267c2c5d11a86f185830
SHA1 a481950074834fc22ffc56514d1281cdf66d7ea6
SHA256 f764b35a9cc442181919601d6a7cf8dc07377eab66783c522d3607f82c0fb6ab
SHA512 1f2260a6fe4010651918e391d1289e99e957ff3025717e2415bf1c3cdeef3f9c303411203b7f9d517778393410e5473029c2ac7c88b1d7e615a61f2a888e7b31

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad\settings.dat

MD5 223cd271ddff4c303d6bc963e2fcb839
SHA1 bb61d1d8bab8af448c71b8e7f5da7ba2bf3aa3ec
SHA256 4849452a9adfdbc9dc6af583c86e676d3755d02d154c9756d02b58662c064eef
SHA512 eaaf869dc951b82e6fc3312c4e3b0b35c452f7b75d5462f47705fa48a935db4c2783d6f7e9cc4a76eca1a12d8fb950ca3b8598943d88f07bdd76cd677f8eede8

C:\Users\Admin\AppData\Local\Temp\distrib_info

MD5 fa34b8c7225e37c987aa34de0233e8dd
SHA1 5bd86f68e934f28c9707e4ac5d5b6e4ab09d085e
SHA256 7b12ba0879473e6672dd326378d54c149ec6486c3dffaa08ef1b70a43c65f399
SHA512 5b5a6111ee6a9010ce0d13575313236b7757c2bcec9cea7d73da3d662a6c25711ca5b009f5c59113e42572f7a72a0b9b9496682e13176c33efebae87d00ea92b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\349D186F1CB5682FA0194D4F3754EF36_329286CE101A90C7D927A9DF52224760

MD5 85d1ce98afce800d3f6e39a54da62616
SHA1 70ddbd9a5460157f7432d861c9c4f243c7a2b919
SHA256 47bdb01a44c086399051456f5583aeccfc2463f2386cd904f17a77a6ff1527ea
SHA512 184d14559b00b2aeb522fe4aea4c6057ff5be88144acb089376a168beb7e23bf5c4ef5607d23be0c49890758f2beeb5eb8b8e84becc5b9835aa1a77950f6044d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\349D186F1CB5682FA0194D4F3754EF36_329286CE101A90C7D927A9DF52224760

MD5 f872eeaa850d8a7e3cc4288f203b3ca2
SHA1 7f4b24fb149ed6d8cfdca94176de068e0002fe55
SHA256 e8024dcf0d6f62f440b45cf3cc596945a73ef9c43f56b0eb53a7fd81b8fe554e
SHA512 8c5235027b769f4ce97a31bcdd986bc37661e80ff20be192794c57b13393e6f9c89455cf10db0892f0a3335733df22063a6b37aa7ef813a7bb8089c935e44cd4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 810e85057b6b73293cbb96ba05b8bb06
SHA1 8ba0fa91400f77f246d7e0e0bd3dbc5f9e39536c
SHA256 7736bc9b3bfbd16a6c654c18d17c0a75b045a6cc46b9c18ebe993a5672f443a1
SHA512 cdadff7717ff1c669b0cc3a4e7ed602e3b4a85103988496429256a1cf281da54e3bd259d8533e013aaa054650503ec1d81fb6258958af4082558091e217369e3

C:\Users\Admin\AppData\Local\Temp\YB_7EFE5.tmp\BRAND_COMMON

MD5 8fb3d5252fd262cf808f6f0359998b0a
SHA1 cdb8072dfe898c72c15c2c381349ccf7f2d4d440
SHA256 7ad5104dd8c35ebbc06c56fc6a2cc3f8cf7391ab2e97c8c9d9b3de1d8ab4a5c9
SHA512 57f1b72e210aaa880cdcd04eb1cdadf13dfe373c50a0d98346e64ad93521da43a5b71b068fa3ccadddb03a6e97084b7d25cbb94fcf9c3dea1904bde0c2396bf1

C:\Users\Admin\AppData\Local\Temp\YB_7EFE5.tmp\brand_int

MD5 3e499ac6cab5c37d47c0ce7079be9408
SHA1 bc28c35a5feff7ed7061f36addf1b9bb439bf0b3
SHA256 7c69e77970d70ab50c45e70a20b67e4d3c03123b384e723cf2cd515062d22613
SHA512 16e08366a863f3730b880df0f4f34789638a67cfe26e295a8f834594f2ff67bcbdba0cb65b8a316009cd0408c9742c17f13d6a5257e3a7bd5245e5b5549d9fee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B0B1E3C3B1330A269DBEE4BA6313E7B4

MD5 2ffbdb98df2a2b022a48adeb94a3af50
SHA1 6c86923b5c5832bb102f041cb7d38db397074f12
SHA256 dd12c5733bc4b682e1da6353c8c27650f53d11a8ada8fd8a2d06f23cecae5ebd
SHA512 a5f29661ac78ea205dd945fcc53e015152277426af4bcce688231ca1a564dc49144b2953409651737733fec72e9042468c780917543c007d7de74ed44058dbfb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B0B1E3C3B1330A269DBEE4BA6313E7B4

MD5 c42129c52c1f76181609363998766d35
SHA1 72be9da8f7d731efaa0431eb2d56097ef0184b84
SHA256 1ba6bc5d57c44bb64d228bab472fa8cfed1ea2313b6b5556e5be02e0d816381e
SHA512 e34e7afdc211d101a5d93e08f5d27740f4defabfbb8241aa063c1726bdcaa30fe9b38788f89553ca7624b828a49a45b669f67429654055b05b26a6dbc2852bd2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DDA81A73291E20E6ACF6CACA76D5C942_2A2080AC7EEFAA81BA7361978F5743B9

MD5 23228a6d12760ca2e0cdb160a4fdf490
SHA1 a85b7412ee0c47a234d1e28214e7adac073984b5
SHA256 6601c41fa606fffe538b6d1d29b0186465fc53899b5ff033c918b4e65ca3cdab
SHA512 3dcc9e873ff8d586d2649cec85baa4117e898e3227b5d83e378d26eee6f6591f7fc53158f9a41ea14197dfd7f82d42a37d3c7adb2f5d1f6321c9ec50399372df

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_A026C9CD7BA14377D055F4A2325D4501

MD5 8ed4f641eacc88b8dd2dfce65c394db0
SHA1 6f0d6212d165cf9b74d896517f67779f58266bc6
SHA256 f0ef2e64dffdd1cc867f0e6f046e31a26a7ef1625cad3a44a74a3cd0be3972cd
SHA512 9e833b8c925b352232220bf3c74da791bd148749b4914fd2fe6e571f845475b41c067da0388d9446389339f6c503b973f63600096b8976c9f586004f4b8bee86

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_A026C9CD7BA14377D055F4A2325D4501

MD5 1752c2bd0ad8c429571b9b8d9db97f8d
SHA1 aee6a02b2ff1b189fad39a5a2d95d8e371228907
SHA256 fefea3c9d5984a3032e35a661fede6805f5e56fc507620b474c4c356b8782453
SHA512 151cefdccbcdcc9a7711c81b634c1f4fcbb6edb20404962316126daaa9c3ed23b07e19ba3867f1a45e466ff3a8a5c024ecd3b9b12445c0c31dd3e5c1c4147725

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\60B3F7207DEB992031C120EB71F562CD

MD5 94bf0bf032ce32469dd74f4f1f5320e6
SHA1 86bff704a2f82816f346a6a374250f35743de3b0
SHA256 54f08bfd73dd3477610059c4a1d92723e698def0efa7ad4661584a51d9aab79b
SHA512 ac62c42bfe02a35739dfed5df012bb3ef1f7bdbde1f4d9dce9448812bb6d25891dbacc2591e859f644c95151bdb7179f4f8e355b81a2a38ca7afce4980a79901

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\60B3F7207DEB992031C120EB71F562CD

MD5 8dd2f64e915163879390b98b9ab11552
SHA1 0bece3fa43e8338dc46ac31bfcb35e38fbcb961f
SHA256 5fca909ee87690b5ecb793087101cc7b27ab51d79817500cb86ee472e975ec87
SHA512 2589a915711a3ce049aedcc31816a5d744166014144d827e50d4a644102c8d48c0f4c52744589aff01a063f0bf32761d503250d272458da0a54d6557f80556d6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DF8D319B9741B9E1EBE906AACEA5CBBA_A2E0B287EC2147F84DD8A330B45D3489

MD5 669af44ce88fddeee8d6105c3e9baff1
SHA1 31cb794ae2b524431823c85c19300d457cc5e2e4
SHA256 af785166c1434f545550cb6ebb3101165acfd2a141155dcb783f78021cf98a17
SHA512 e59a0069b0099402fe5b4bdc96d1910fb9f628aff5578dff82982c8d149f98c4f752b1e617b6f87215d46344db442ec860bd9fd5439a78097282932d7af857ed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_D21903E2722B551F252C717985D24037

MD5 42573201bd85974946db05745d875c75
SHA1 a63dc8837be01e0bc600cd7c498e858a7b3a59d1
SHA256 f121e8cb24504889086bc40b715b2ecf0dd51c7bb80f498513aa38c252400f34
SHA512 533e187c8e0c2d793ea34b826b24d3a5baa9c0b2b84e421c5d6094852083e56c96ee5ee6fbf9fe95fada144e773ccefe44c0244168b40880f0f74cadfd4ad6db

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_D21903E2722B551F252C717985D24037

MD5 8378750b1efe2cd7209be155c899e5e6
SHA1 d15c939d0970057bc75199f11136981b50e45301
SHA256 69658961f13db830c139b9e5f963c87f37e992de19a4c0d9df08ebbb08c17187
SHA512 8c31cc5b110b48d2f605b030ca8fb8a1b80c153fdb6936879b807e15bac737c550cb7f733a52c3ead0451e8bb0add0702915151c999c91b1d4da75ecddcf8152

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FC68FB72D4FBC7E0F151BC2282D75E47_367FA2447481C3DB640CE44BE2E5A181

MD5 e4544c2aa88cd010ce7d940e0ece33fa
SHA1 3018ae9e88cbd748b0e4a3707f0463661bfebe2c
SHA256 ce385568b2d8d00353d528a1e4a4d7df827c46595aa16329aa2cc52b657c025a
SHA512 89ff99d224c17cdec0bd27471508ae7704c25593f6e3b7d50922c58bdaa287614f1ded2c6923fa20d498e820e03d3b69027d2a6972ac750129735a574c432257

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FC68FB72D4FBC7E0F151BC2282D75E47_367FA2447481C3DB640CE44BE2E5A181

MD5 a4458894312c23689225c98a580c930c
SHA1 abf8592a1df4d2cb7f3b6f81038ac89776ace0ad
SHA256 c72e78839ffd3597c47cef9f17a91bbc4f81a376abe6bb72d3cf54177d968054
SHA512 91b2452d7ff640f4a0f807399eb65e2c84e88004ad26accdf0afbad673cd05e931064ca774d8554a55e0fef9ac98a0cab447dae03d92a8bf8a6525f1ec0e8eeb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\42B9A473B4DAF01285A36B4D3C7B1662_38924EDF39D8802D6946FB22E5DD0835

MD5 e9dafc45a166cc3e772a7a9772f00e97
SHA1 3be2e17560c6a0159edff4ca31baecfe96cc3ffa
SHA256 808cb87a9d5eb84b23410df1db782b40e67266fdc82d5efdddec03334553aae3
SHA512 09355bd732636f9bb7bc239b0b64a4c911490ed30032666ced06a35cd40d5491dfa25044026107105d9e92c2bc73bb751b955b1f5d662be7317c4d18487c71ee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\42B9A473B4DAF01285A36B4D3C7B1662_38924EDF39D8802D6946FB22E5DD0835

MD5 8613923b975ee3ff3f4614d3245e23cc
SHA1 9fdbc2d4245d64f85a3a57788781a441334b8673
SHA256 3f40f6c11aaac65aaef7642b1b1e3d0e7af3f962a88546d11fbaee0b059bb3bb
SHA512 773c51adf7463619fcbe4223d0f8307be7b127d9b8d744a536289235b4d78f26f372c48cb97aa42eb95e88dd885d074a00e48f1de176754a315b7cfa7ecc6480

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d2ca0cd7d11488c02e98ed9e6da23fca
SHA1 594e33cd5308c3ddfce1614e8a5572d5cd0f09c6
SHA256 43f061f48e0104f0f91655d271e3b6118d1add9ad033c9e10cea04f0ab65db0e
SHA512 6ac87a781df258aa62ee74ac1bd053433d39dbbff32b2abfebf4c79b54b79f7106c0e99b39b87f656b0a6884cb93ad561246c84649eb3ee735a8ff405bf14938

C:\Windows\Temp\scoped_dir956_297566289\temp\service_update.exe

MD5 ecc2447cad674a68a24f76772cb51dbe
SHA1 6928b8b96cb7a1fa8dc8a8bacef8ab6163a15af9
SHA256 2d6ea9290d3676dbeb61bfd94aced56025cc2e357626ef58854b8be4ae4abce9
SHA512 3edc14b1efe6fa1b36c77e3e70faeeec7eec58e2f4ba9c6ff0c4ec772d3ebcee26ac1d0be76502416be82638a5ba78b81eec552ffad9be5d1d3ad8a90743fbee

C:\ProgramData\Yandex\YandexBrowser\service_update.log

MD5 863e09f296f04efd5aba5c773e3ccb18
SHA1 0e61d5ab1936a7eb1e654c6945d578fd988769b5
SHA256 8564776b35b6693dcffd0a2cdbc5cda52423be736e2f153c9598c5dd2928feb7
SHA512 e37f7b48ce29c2cac6dda63768a02b2662a19fe7394311085adeaaec91cda21416662df47f4dfdd6f3984b37d83c2b5d8190551c8acc33f8318e07e6bad190c3

C:\ProgramData\Yandex\YandexBrowser\service_update.log

MD5 ee333112a0e7b8721b78ea019500c2b6
SHA1 7a3d309bc3eadbf4f886e6f2d7ea378e37b15ccc
SHA256 160ac12cb71f30d8a80dc847fcfdf82b6d1d2bc8a887ff6e191feac42a01f213
SHA512 71d64687442b4a9cf4cb28e47932a084b358f739ff344d513d489cf5b5116e3144045c77f107a1b98a15a7ae95ea88564120a017a4f59349f69f08e3fc5ab0b6

C:\ProgramData\Yandex\YandexBrowser\service_update.log

MD5 0218d8ad4d64fa9b9ad700ba1cde1ba7
SHA1 c5decca57f0c6ebc575a29d2cfa7bf937ff4e1cf
SHA256 b8d00854a10f32680046222416f2197240d1da18801abe79b353ab73788dbe56
SHA512 9fc6c499d47c34e02f0dc61cc98155f896eb38f743eefc8ebf1446ddffd2df8e2c2d958846565a35c9882e9f1faad0a36c0a75863e157f90e61afae0297c80dc

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\brand_config

MD5 f88326bf75f9377d75dc3b34df88b59d
SHA1 f4eec740fe217e0743dc8b4f478d881550f8e12b
SHA256 778033d4ad9e66340c0bd06770e6d673d76d83d1cc3e9abe52d98ad4276585cf
SHA512 9aeb77c703d3d2e1bf4575c94585109d62c7d51fa07b3192af23b861069b65c28baff67c096b94b1620dfb80777e42cfdf9cae891a7d664fbe895abd7ece4791

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\sxs.ico

MD5 592b848cb2b777f2acd889d5e1aae9a1
SHA1 2753e9021579d24b4228f0697ae4cc326aeb1812
SHA256 ad566a3e6f8524c705844e95a402cdeb4d6eed36c241c183147409a44e97ebcd
SHA512 c9552f4db4b6c02707d72b6f67c2a11f1cf110b2c4ac5a1b7ac78291a14bf6eb35a9b4a05bc51ac80135504cd9dcad2d7a883249ee2e20a256cb9e9ceeb0032f

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\import-bg.png

MD5 be2acbae1c7b09125a85c5517a7dd70c
SHA1 091dbd354f830ddf74258b337dc4f7177a860d1b
SHA256 d1f78371b8d86ecd9a1e6c5878ff5da756f8c9ebb6b1a6d5d24ed017ad64c010
SHA512 dfc66f11ab6f79a8726efe47c478664973b04a277a9290cc6703899a12271909c757482be8c0a2cdcdd290e5a2a29d441a8d09c2bfc686a9482f07ceeb33f673

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\about_logo_ru_2x.png

MD5 a6911c85bb22e4e33a66532b0ed1a26c
SHA1 cbd2b98c55315ac6e44fb0352580174ed418db0a
SHA256 5bb0977553ded973c818d43a178e5d9874b24539dacbd7904cd1871e0ba82b23
SHA512 279fb0c1f2871ce41b250e9a4662046bc13c6678a79866eaf317cc93c997a683114122092214ce24f8e7f8a40520fe4ca03f54930148f4f794df0df3ecf74e9d

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\about_logo_ru.png

MD5 ff321ebfe13e569bc61aee173257b3d7
SHA1 93c5951e26d4c0060f618cf57f19d6af67901151
SHA256 1039ea2d254d536410588d30f302e6ab727d633cf08cb409caa5d22718af5e64
SHA512 e98fbfb4ed40c5ac804b9f4d9f0c163508c319ec91f5d1e9deb6a5d3eada9338980f1b5fe11c49e6e88935ecd50119d321ce55ca5bdd0723a6e8c414e1e68e16

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\about_logo_en_2x.png

MD5 900fdf32c590f77d11ad28bf322e3e60
SHA1 310932b2b11f94e0249772d14d74871a1924b19f
SHA256 fe20d86fd62a4d1ab51531b78231749bd5990c9221eab1e7958be6d6aef292d9
SHA512 64ebc4c6a52440b4f9f05de8ffb343c2024c4690fe5c9f336e78cd1dd01ae8225e8bc446f386feb442e76136b20d6b04ee293467b21f5b294ce25e500922f453

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\about_logo_en.png

MD5 1376f5abbe56c563deead63daf51e4e9
SHA1 0c838e0bd129d83e56e072243c796470a6a1088d
SHA256 c56ae312020aef1916a8a01d5a1fc67ed3b41e5da539c0f26632c904a5e49c62
SHA512 a0bab3bae1307ea8c7ccbd558b86c9f40e748cdd6fd8067bb33eeef863191534af367a0058111553a2c3a24e666a99009176a8636c0a5db3bf1aa6226130498f

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\tablo

MD5 0a8228e3d9397b33f203ddf77940b986
SHA1 69249827fefcc7409098756a0dcfcb79bf1955ae
SHA256 ba9cad7508d2e860014f4a7c7bb290034dc7cc4def9142bac3e5ff1120f5135a
SHA512 a9d76de78b02b3651e93a927658945fe0320b395f50ac12055dd9e99cc5516408a1a6778ec281aac2e31e75fcf40ab84ff5665b06ae6892d68c349c9a5791de1

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\1-1x.png

MD5 80121a47bf1bb2f76c9011e28c4f8952
SHA1 a5a814bafe586bc32b7d5d4634cd2e581351f15c
SHA256 a62f9fdf3de1172988e01a989bf7a2344550f2f05a3ac0e6dc0ccd39ed1a697e
SHA512 a04df34e61fd30764cf344b339ba2636b9280a358863f298690f6a8533c5e5dfa9773a14f8d16a5bb709ea17cf75e1da6302335aa9120009892e529bfad30df9

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\tablo_UA_

MD5 61aef3bba55267d45529f487b7e61716
SHA1 c397377caaced67127eab936369f117b5da158f1
SHA256 792f8c1e9de09cec4f4ead577a5fbc15705347266b73a7cbb5c17492d7ad9aa7
SHA512 a37f43bc7d77cade850f0a85e6b3c0a6bb1afe06fd296ce5dcb17abab4d619003cc0f17e7182efb111fb84359475ebcccd5c283cfdee885e8bac95fb39f7fb57

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\sea_static.jpg

MD5 5e1d673daa7286af82eb4946047fe465
SHA1 02370e69f2a43562f367aa543e23c2750df3f001
SHA256 1605169330d8052d726500a2605da63b30613ac743a7fbfb04e503a4056c4e8a
SHA512 03f4abc1eb45a66ff3dcbb5618307867a85f7c5d941444c2c1e83163752d4863c5fc06a92831b88c66435e689cdfccdc226472be3fdef6d9cb921871156a0828

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\sea_preview.jpg

MD5 53ba159f3391558f90f88816c34eacc3
SHA1 0669f66168a43f35c2c6a686ce1415508318574d
SHA256 f60c331f1336b891a44aeff7cc3429c5c6014007028ad81cca53441c5c6b293e
SHA512 94c82f78df95061bcfa5a3c7b6b7bf0b9fb90e33ea3e034f4620836309fb915186da929b0c38aa3d835e60ea632fafd683623f44c41e72a879baf19de9561179

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\huangshan\huangshan.jpg

MD5 c51eed480a92977f001a459aa554595a
SHA1 0862f95662cff73b8b57738dfaca7c61de579125
SHA256 713c9e03aac760a11e51b833d7e1c9013759990b9b458363a856fd29ea108eec
SHA512 6f896c5f7f05524d05f90dc45914478a2f7509ea79114f240396791f658e2f7070e783fab6ac284327361dc2a48c5918b9f1c969b90795ceacce2c5c5bfa56ca

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\configs\all_zip

MD5 c9ac75ad5c047a40d4553130b013d891
SHA1 e6239762e63030317343a25368ba1c79a6c16bdf
SHA256 afd8d61655f0411c32e70823f917c10230f2cf4688d6334e72989ab99f72d1b6
SHA512 16a7f6396d9b5a099b6e5b032652d54a87120d87c584cf57d63d203ad1ec85f5199ae85a1589a4f193b456205e3d8b64c320093f3aee3d495b4fe424f0fa5f40

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

MD5 25b5d707792b12afcb8513be382ea6cb
SHA1 edd9c3959cfc870b3df4b4e0e9e7164d1699c430
SHA256 b91574003d8d139ee29c494308f654bf9718f66966c549980d6770955c6a2b1d
SHA512 236fb96e80e3d6f54e204fa75d5772b2892e9d355f0aaddcbffa543dff80ba01d76ea7907ad496ec7754daca7420e4623b68edc8f08d5ceac6ddbc01a7de4c93

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\extension\elokbjeafkcggjfjkakpchmcmhkhaofn\brand_settings.json

MD5 64fd713b1e1f3252886b77e4e606d53c
SHA1 0f553961541f020d1d9f2d5f16ab0cab72c2383f
SHA256 1c0f05b4eca7127192e94961f30364d22b91f670e71ba46aad7675ce28f1641b
SHA512 da666313aae61b452b711d92633f356639a029825e440dac0c4a3591f293ab990c8751040b27b3329c5d2ff3e77a1ba7657280b1d08a3416a16e576688807529

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\extension\fcgfaidpicddcilhjhafmmcgfodijhjd\brand_settings.json

MD5 94aa453a6cdbd34e69bbe2f4693b4c5a
SHA1 c8c1b8590d2fcb66d9ad8a3706c2a7b15f84e3a3
SHA256 dddb5d56f63059b6429a67fe0ec143e894b8731368e93cc1f46bfe415af86e8a
SHA512 e83abe3d9000cf285ed5404c0d4cb11a2cef31299796d1fae7218301f4558ee84f9e27d22bdf7a4d39650ebd2de85a9a855787212e38962258c8268e83e3e651

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\extension\gopnelejddjjkamjfblkcijjikkinnec\brand_settings.json

MD5 3a1e3d1e0463434cbd8deb421d73b112
SHA1 0750d36567529bd5ef422ffcb7061957bbcf497b
SHA256 f1e7cf1bd64f05a06bdb6e5d2d2a8457bfc0e111ac6b1293840c5ac0952af27a
SHA512 9254fba5a1c409875d82d29e134cc102942a958ab5344e32c10ad86ce8e0e84854a405a273978dc90f2538fe4f5d540931d62b89439a885720c46357b02d2ba7

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\morphology\stop-words-en-US.list

MD5 30c12caa6c35fdaa225f9b476c003aca
SHA1 99822ef9d67eb7a121fc811162af9e815559cc49
SHA256 ae6606ea473ca9a9f8913cb2bd2b1ae2e45905d7ddc9638074656d0ed1c08b42
SHA512 5c38d37fc59032afa7a626f2b4a78195b95234a7a402010602423a645e3acd90ca63b2be82c20e762be20900bef38104efd4af12930e174c423018fe815c7283

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\morphology\dictionary-en-US.mrf.sig

MD5 197eaa00216af72690c09b8b82211809
SHA1 1e49ba86b771b391b63335fede7614f5ac427f84
SHA256 d5e3a63301977129113a9c0bdc0dd14173768c6f9f5ce2f2036c0cc6a53d706c
SHA512 f57b8e7d481ba5791c6bf454363fca3aad042270b572fb4b2ae1c0429a6e2f70d153b6bf44b139d48c959a1817c4e72ad3b280257b7877746fe93c40c880f514

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\morphology\dictionary-en-US.mrf

MD5 c8a293e130ee93c08592f0f5ba9616a8
SHA1 49e7d245af097bd28af5ffa503858830cd45011e
SHA256 fbd6c8f911927a994db26eac21e4c028d75ea9de593eaa525f331e5c9a911ce3
SHA512 9f4c01c6083ad7063db29b7075e0ac475794dfaa9b6714b119174607aefbf5384cbf17a96256b097de5b2a73669d060d5082cf2aa9244e7968c3d8853d09083b

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\safebrowsing\download.png

MD5 528381b1f5230703b612b68402c1b587
SHA1 c29228966880e1a06df466d437ec90d1cac5bf2e
SHA256 3129d9eaba1c5f31302c2563ebfa85747eda7a6d3f95602de6b01b34e4369f04
SHA512 9eb45b0d4e3480a2d51a27ac5a6f20b9ef4e12bf8ac608043a5f01a372db5ea41a628458f7a0b02aaba94cd6bb8355a583d17666f87c3f29e82a0b899e9700bd

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\custogray\wallpaper.json

MD5 19feb60966afbb9d1b797a050278f13e
SHA1 9874bcea4222a8f56d59c91b7abe603687a4f67d
SHA256 94cf5e38c38f78a42d70599c469a3969e4b3feb292da450a947d8463a57bfb9d
SHA512 2abd6fb2bd126ef99a7f0bb79072fdcdea2670d1b296ace2b4f9ebbabb343594b140b6c2728c31af339465619a8ee9faa2e3d64e1847e9557c50a79144d24196

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\custogray\preview.png

MD5 0474a1a6ea2aac549523f5b309f62bff
SHA1 cc4acf26a804706abe5500dc8565d8dfda237c91
SHA256 55a236ad63d00d665b86ff7f91f2076226d5ed62b9d9e8f835f7cb998556545f
SHA512 d8e3de4fea62b29fd719376d33a65367a3a2a2a22ed175cc1eeff3e38dfbaac448c97a6fbea55bc6159351d11a6aad97e09cb12548cf297e01bd23bf6074de08

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\custogray\custogray_full.png

MD5 55841c472563c3030e78fcf241df7138
SHA1 69f9a73b0a6aaafa41cecff40b775a50e36adc90
SHA256 a7cd964345c3d15840b88fd9bc88f0d0c34a18edbf1ce39359af4582d1d7da45
SHA512 f7433d17937342d9d44aa86bcc30db9ae90450b84aa745d2c7390ff430449e195b693a8ae6df35d05fee2d97149a58a7d881737d57902d9885c6c55393d25d6f

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\fir_tree\wallpaper.json

MD5 31b6342128a20e38a224a3c395f1d5d8
SHA1 afea42f96d007c0d02d90a2cf7d3486c73969d9e
SHA256 a135978536ba7409f381fcac3befed527e6d310fd4fb6a9e567adbb22e84ef2d
SHA512 5b53e2a4c66d81f4e3aec91be650c4b151812d7ea8a6ef1ff911dd56933f8153ccf4a9883e406b2a9cf59056037a1e7434ed9c6c102ad446db5b42e1af93ea64

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\fir_tree\fir_tree_preview.png

MD5 d6305ea5eb41ef548aa560e7c2c5c854
SHA1 4d7d24befe83f892fb28a00cf2c4121aeb2d9c5d
SHA256 4c2b561cf301d9e98383d084a200deb7555ec47a92772a94453d3d8d1de04080
SHA512 9330009997d62c1804f1e4cf575345016cda8d6a1dd6cb7d2501df65ea2021df6b8a5bc26809ddfc84e6ff9450f1e404c135561b1b00b9e4915c69e84f89cfec

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\flowers\wallpaper.json

MD5 128fc7ac1e268f9e506c2d945f3c1ac8
SHA1 eb9a7130c1bd710fbdb278cf96664313b3ce7ef5
SHA256 face1c7f9049d15861f636fa1e2103f008fe90b7819228c1405338501ee19a2d
SHA512 ee69306716398fdb6bddc3b6398f39a6de8ac253325431baaeb364ffbaa505c04c3c465769b50f2124b89cebc2e53abd4939fb23842127c018480d4ddad8869d

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\flowers\flowers_preview.png

MD5 ba6e7c6e6cf1d89231ec7ace18e32661
SHA1 b8cba24211f2e3f280e841398ef4dcc48230af66
SHA256 70a7a65aa6e8279a1a45d93750088965b65ea8e900c5b155089ca119425df003
SHA512 1a532c232dd151474fbc25e1b435a5e0d9d3f61372036d97bcaab3c352e7037f1c424b54a8904ef52cf34c13a77b7ab295fb4fd006c3ab86289577f469a6cd4c

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\huangshan\huangshan_preview.jpg

MD5 1edab3f1f952372eb1e3b8b1ea5fd0cf
SHA1 aeb7edc3503585512c9843481362dca079ac7e4a
SHA256 649c55ccc096cc37dfe534f992b1c7bda68da589258611924d3f6172d0680212
SHA512 ecd9609fbf821239ddcbdc18ef69dade6e32efd10c383d79e0db39389fa890a5c2c6db430a01b49a44d5fa185f8197dbbde2e1e946f12a1f97a8c118634c0c34

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\huangshan\huangshan.webm

MD5 b78f2fd03c421aa82b630e86e4619321
SHA1 0d07bfbaa80b9555e6eaa9f301395c5db99dde25
SHA256 05e7170852a344e2f3288fc3b74c84012c3d51fb7ad7d25a15e71b2b574bfd56
SHA512 404fb2b76e5b549cbcba0a8cf744b750068cbd8d0f9f6959c4f883b35bcaa92d46b0df454719ca1cef22f5924d1243ba2a677b2f86a239d20bfad5365dc08650

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\meadow\wallpaper.json

MD5 1a8908826d2efe5fa817ce6bf474700a
SHA1 f25ed2de494bae4ffeca33071e5c2dc034c863f7
SHA256 9c75f591907f6a631ba583bce6ddcaafa6f89a84a4bec8108637f7f471e821cf
SHA512 1b68183bd466d01ec25b1281737ac4e752263cd88b64e16324244812d46f8f985ebdeb35d065c7aabc7abcb93286e92b0f3d5b0b7173f5aa6e33891c417b6fc8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\meadow\preview.png

MD5 d10bda5b0d078308c50190f4f7a7f457
SHA1 3f51aae42778b8280cd9d5aa12275b9386003665
SHA256 0499c4cc77a64cc89055b3c65d7af8387f5d42399ff2c0a2622eccbd6d481238
SHA512 668e1a70a50a0decf633167ac23cba6916d0e05d0894daae1f7e3d487519f0a126abd4298430b38f52746a5c3b83ccd520b3d9b0ae1a79f893e36821a0458566

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\misty_forest\wallpaper.json

MD5 ea6753f7a10f9f92b7790c93f8ea2411
SHA1 0cb570e8ecc34e16017b920fbcf1036cf1508ab4
SHA256 b1f9aebdb9333b4b15c2a9339d18e974205cbd4a61d2a0b4d34a25b384a0de7c
SHA512 f7974e99c58696a4d739c4d590f5f50094082473754e6b1fb8a82c76566cf3b5713b1e013126f8fbef0f0c8af2e08d09b32307958c9ed1a1007c04ce89539ec7

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\misty_forest\preview.png

MD5 77aa87c90d28fbbd0a5cd358bd673204
SHA1 5813d5759e4010cc21464fcba232d1ba0285da12
SHA256 ea340a389af6d7ad760dff2016cf4e79488bda1a45d0a415b3cd02a4430c9711
SHA512 759519b8822a6a4b88fc9ba47fa9d5d898b2f5a0f359acfbefc04809e6d7f5df86fb130f191eb6f63322792a18c0e7170aedf3ce7060fd9ad7e1bec2e686c3b2

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\peak\wallpaper.json

MD5 dabb663536eef90a540783e707a311d6
SHA1 9659fe0463435f3281983ce306ff22fc101f6e57
SHA256 d1c971a197cb79f1df640994465aa7543bada90059f5b2768967d2b57c6afd2d
SHA512 ed6b4090eba519f2814dc51fccb92cdb703656c77be741f07753f9c84d09394d080158e04bba1ca9dee501b0dff2a21020883e538a6c0ced6a12602b7098676b

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\peak\preview.png

MD5 1d62921f4efbcaecd5de492534863828
SHA1 06e10e044e0d46cd6dccbcd4bae6fb9a77f8be45
SHA256 f72ea12f6c972edfe3d5a203e1e42cbbaf4985633de419342c2af31363f33dab
SHA512 eec8171bd3bea92e24066e36801f334ac93905b7e8e50935f360e09fa8c9b9f848c4c62b687299e8297c0693d6dbaf9c6035b471e6345d626510b73e3606ee4d

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\raindrops\wallpaper.json

MD5 69472b2b8eb07ec616a8e94a492c6c5b
SHA1 aec5df4e15d292a360a5dd6125217ef063ebe65e
SHA256 6e9ef0bb0853c6c898ec033d54d9d5cfcb68a5f52cd8f9bfff3528a02c73e06c
SHA512 e355958272292bcd7d767af692fb33941ad469809abb6366b1aff2bd4585de6a18b290258799e943f9a53416c9f5c139ccabc47cb337d0e6e4f5d499f2e27aa4

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\raindrops\raindrops_preview.png

MD5 28b10d683479dcbf08f30b63e2269510
SHA1 61f35e43425b7411d3fbb93938407365efbd1790
SHA256 1e70fc9965939f6011488f81cd325223f17b07ee158a93c32c124602b506aa6b
SHA512 05e5b5e9c5ef61f33a883b0286c2239cb2a464581d6e8a86d7b179b1887b4cb2cd7304e0821cdd3208501421c44c63c248a5166c790792717a90f8ac528fbf2f

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\sea\wallpaper.json

MD5 a79af1c34d9d4fcc609e57fbd387924b
SHA1 6ae1f8730d03cbca17a1c368da8a600157e0ea49
SHA256 8c60b18ca1810a5e75950095cb0dfb4bb9c32a18f99e5505cf40c39840b8a633
SHA512 b95aef743acb3c6890e3ca74fc260a8fdeb134ba399f6e9851d34a47fb2cad9791a64d6214acb956ba4c8b51dd710f8f10fa8c3e88fb1a0f52a7e2214eca16fe

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\sea\sea_preview.png

MD5 3c0d06da1b5db81ea2f1871e33730204
SHA1 33a17623183376735d04337857fae74bcb772167
SHA256 02d8e450f03129936a08b67f3a50ea5d2e79f32c4e8f24d34b464f2cb5e0b086
SHA512 ff0e60c94fc3c0c61d356a26667c5170256e1143b29adf23d4e7d27012da72ed8865ef59dc2046314c7335b8d3d331e5fd78f38b9b92f6af48729dae80f85b15

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\stars\wallpaper.json

MD5 8571306e9021fc89eff3c5ced3e02098
SHA1 49d6a7baa6ab4182c4b38c95be4bef1b243fc594
SHA256 0529c0be39bdcb289bf29e6a9c774d907b444857cfaa47d3942e5dae1b75531c
SHA512 7657c0e48b4cfa3025bc33b0decacc22646bde2cedda7f51b98b19a17a91461ebee57f054b64edc58318ef6caef7227ac21b740527144f3fb0bc0a2e7b9fef19

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\stars\preview.png

MD5 ed9839039b42c2bf8ac33c09f941d698
SHA1 822e8df6bfee8df670b9094f47603cf878b4b3ed
SHA256 4fa185f67eaf3a65b991cea723d11f78de15a6a9a5235848a6456b98a9d7f689
SHA512 85119055ddfc6bc4cca05de034b941b1743cbb787607c053e8c10309572d2ef223786fc454d962fbb5e3cde5320117f9efe99041116db48916bc3d2fcd4ffa25

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\web\web_preview.png

MD5 3f7b54e2363f49defe33016bbd863cc7
SHA1 5d62fbfa06a49647a758511dfcca68d74606232c
SHA256 0bbf72a3c021393192134893777ecb305717ccef81b232961ca97ae4991d9ba8
SHA512 b3b458860701f3bc163b4d437066a58b5d441d8a427a8b03772c9c519c01983e3d3fdb8da20f6a53ad95c88dcdd0298f72822f39bc3672cb6f1d77fcc3f025a9

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\web\wallpaper.json

MD5 7b00cfeccb0f471865d2ef08fa1d1222
SHA1 1881d5a29dfe86d6d19cac14a1a4b95b05494830
SHA256 22557386855643b706808ea9aed33ac22fa26f58d2fc281fb0ba917cf55f990a
SHA512 b7d80dccfa5f051b1ec8987193857aad83c7365e12f12fa68b8edc6ae0dca1d8a4d846e284fb8e15715b5ce7478dae334da5651b97a68189cb43c74e7fdf7177

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\sea.webm

MD5 00756df0dfaa14e2f246493bd87cb251
SHA1 39ce8b45f484a5e3aa997b8c8f3ad174e482b1b9
SHA256 fa8d0ae53ebdbec47b533239709b7e1514ecb71278907621ca2d288241eb0b13
SHA512 967670863f3c77af26fa1d44cd7b4fe78148d2ba6ea930b7b29b9f35d606554d664c0577068e0c26fa125d54627d7e7543360bce4acee0af17783b07450b5f52

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\mountains_preview.jpg

MD5 a3272b575aa5f7c1af8eea19074665d1
SHA1 d4e3def9a37e9408c3a348867169fe573050f943
SHA256 55074794869b59cd5c693dfa6f6615aea068c2cd50cdae6dd69bd0410661ded8
SHA512 c69bf39362658dd6cbd827cf6db0f188a9c4410b3c6b7b532595fd5907974e2141d857942ffb2497282e31eaa33c71240c2c2bd8721046df55e3358e8b76c061

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\tablo_TR_

MD5 50dbdb9aaec42827cc2eb5d04f9c73a8
SHA1 0769ba6c5fe530ced2562107472314ebb2cbd909
SHA256 c0e6fb42389e71e97b21f50c6dd766172cd4ef76392fcb2305ea747c177b3e21
SHA512 7f5e0cc72d3956d7093bef7fc77605294b84fbd58c966b5091aafc5ce1f25788e707c482b40129f28155d8b88660ef6b954f9a682d43be337d84d7dfc175ec99

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\tablo_RU_

MD5 f95a365fc86e04f9b40d07b361907fdd
SHA1 5e399608d0491c04014ffae22c9d2fbc80ba79e3
SHA256 86984ab8b856af9f74c8f19320edf37b0d77cec81c47d904a140630842ce4427
SHA512 3ab98b43da1cd9ab2e26a247f04314c1ea31bcb61bccefdc8f5f458320b8d3b2a9fcf157b52e326e112fca4ded062f50e765ca03d62cfd95ab03a2087fe6ef2a

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\tablo_PT_

MD5 cbfc45587ec6c290e2d7382fb125bb06
SHA1 5b02fcc706a9f3a35a5d74927bbfa717ad6836d0
SHA256 320a0b330e0a40d1a5c74221bd3e4b1efdd9a1c353cb07a73d88399c2a991208
SHA512 fb22df834a02a9df01bb479cf28437641455c113d84166672a15a76bcb977bf5deb230cbb21c99730ac883545e7f457cdab048c278cc2802b11568d4fdfaa1a3

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\tablo_KZ_

MD5 9f63f6736c09a29280c8d3b3183f959d
SHA1 ba172ce3c43996316f4c231ce443f880bedc9e9b
SHA256 d33cb20100bd3f182514171f9d41fa36e74ac32bd30c2c44f0d471449b331618
SHA512 91948d89a0cf9a4519066cd9b6bf2ee9d5e29270a77e57160354f4e33f3ab73934851136563f0d85d10dfc5acee5bed3bcafdeee179aecb85b8765421e1062db

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\tablo_JP_

MD5 afc46500500ca4fbd99209621ba961c0
SHA1 530792f4d2dca8a77a6253d97c2047d221ba4188
SHA256 33e924e65ef2b05e48ada9e95feb4c9c4b4be442f79a04c8d863913f94783574
SHA512 2edd0372618df78803026824196a4841b569c0c3cbf4b5247556854201953d492b42b89eca5deb1ee9d8d1658ddabfd534ab97c3ea61b0ebad3d716aa2a40cda

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\tablo_IT_

MD5 b2354e0b4f3a3a25f9e0637e1848687f
SHA1 85e3cd44b2dfe0be78befcd8eb6c0776e5c06f1d
SHA256 2c9ab87ab9fc5f8f8d2f2c73128148167b3cfc52325a40366924a9997c070f92
SHA512 2e9ec9ec9bd7f98b126a62635bb24ba42f7da202b6760b77ff97c4d17471300e592bbd9beb13256cb5a61378a574424a836ae57eb046ac195a10415c7c1c1810

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\tablo_ID_

MD5 38e1a9f53847518a321c65ab8ca40e75
SHA1 7fb594a3a407744ff45169dfa4a3118a1bd747eb
SHA256 51feb3e49bd80615e19ff9a5c86a5a6630ce0b7b7c85c939f90a9255f9f2c12e
SHA512 2043ccbafdb8740c7cc967618893589c431db722b266c252e0744b031d5b7bc950c804349d7930691fa062537dee9100421f95b8e53c042793f06ef282e5dcbe

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\tablo_GB_

MD5 d05ff01c9126cf5b4fb6930083bcabea
SHA1 01c12d9e6a373f27e76a474c8ad3daa4b8774ae7
SHA256 2060d394c4bd711a83bb9d613c90583fbca220970ee31534415014a9dd42980b
SHA512 bdb27c1bed92e07045087952f78a7e7621d2915bd15672b5fc738d29680de72733e1d6d702be859b4bb0631a18b8a27775abee52e5de5db996b53c5dc6a75767

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\tablo_ES_

MD5 a2ab187fa748a38db8b6736269f64972
SHA1 5e2e542d1e3fc32b3677b0aab5efa32a245d0311
SHA256 dc67a1ba4e945e0c8188112ce3ecb9c32d39d77d992ce801a2ac9f500191a4be
SHA512 5f295f3f7e61b6f206f70d776faeb78df337d3e2ef79212cd4af163eef31b7479b438749dc594374f5956048239513992c3763b6f3f5ac68bed5412a2f877797

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\tablo_DE_

MD5 847356d02a4dfaeb0449153805dc89b3
SHA1 b608ab76c78ca53787191866dccd447be841c61c
SHA256 c5a232993c677b3109542bd974336ad8dd42830319be773dab75c3e147c07317
SHA512 c5b01b532ed42c056db108f6bf227dc3773640dd556278c3af0a7a7229bbdc3963ac0286d4714884265e189440f04a31addd5a36002f22ada5ae8364c7e79a78

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\tablo_CN_

MD5 5fb2a63a8a3cc86330484f6b89d17bea
SHA1 27a01c90bee60fe786888d641170768f76326734
SHA256 0fb259ab08ceb8987ada8b362a48e0bf54c2063a7c374203dcbac8dc6558b056
SHA512 a87165e9a0eb49c04e03a4764505770ae936c8cefa346c41b47e39e90b31b33fdcb9cc0ebf1e706aa8e3ee34d81f5a815d4f9587a022c64a73e374f35c8de4da

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\tablo_CA_

MD5 9644ce7d7022710f9e3d15ca62652130
SHA1 9501c256b77bf4f2d15eeebea872394be64453f7
SHA256 2e9b8194da778435200d9eb756d4356e0741ffaac24e7f8fe064c35c2b572539
SHA512 81e1cb5b76a19e07f9892fbbb016594b0545cff56e3d7b5fc124c9c54746d571061748f0388dd911097c03fc379dc25235db21cf8ce141396c4a712368dc8d1c

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\tablo_BR_

MD5 eff751f0d80c5df86c5edca15aec9a4f
SHA1 49607e819f796d34d1ff7c1c894604f2a5de4b56
SHA256 18b6ae3ebec51fe0a5398a53a3296b2300e75690b2f5d9763e68eca8e938d9c0
SHA512 2e486efe9ec6c65dbef2d98f0f95f87282a210068118c71d3ad33fd6400e01b49060dac926a5632e317b5e3ed04f66638e179956531a299b31dbc249139cf902

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

MD5 3de654254527e859fcf7ce3537ba462e
SHA1 b56f440f2160a160e9cc02beeaf99d0da0a40bac
SHA256 cde938c515a797c938a884e847164b4c9ff5cd4a7fcbe3809050d2bcdeaa4b28
SHA512 ef58b6116487dea1172afabecd2f15ace42ad0f3246c7dbc58c7a33a10e7f68af3b21111cf122871110e2d971cc598624496b6dce829bb60d7ed05ebcb05097d

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences~RFe587a3c.TMP

MD5 6c6ba38b8e12fc37ede595c68456c664
SHA1 722228efbce7aa915dbcb3d86857acef42edd8f9
SHA256 ade476c1ca636b2dc2dd696507b9ee072a6d17f728c59858176f9e38df3e23c1
SHA512 a841e05a21689fcffe1ca1904e5675492fb4b4c84f8cb9d1d87d47f029b6a0af8fc312eec217f48476fb3debbbcc969d8ebdc160c23e1ebdd3691998cf6afa21

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Secure Preferences

MD5 fd36c28b3ab567253024285c7055670d
SHA1 5c0a45917c87510ec091069457bf7b2b86bccbcc
SHA256 5e767f226e7dc4491cf06e42ea8e142cff766ef0ef6912a6eee8e449802e6fbb
SHA512 09611602fa675b624f334c43fa74897b6a877077ef3be116ae1f35df0d40c6898da8a5d217edd3d68b3890f4add20cad576e5d0b4bb96447cc9d4d6f17356c8f

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Secure Preferences~RFe587c40.TMP

MD5 4263acdd42e62d8ec12ff04ee515473c
SHA1 ae619f3ffb8c349411bf9bbcc379faea9004d189
SHA256 e787a21284182a3cde08aca7cc727d051fb7dab5a130222f06b9051ff2dcc6eb
SHA512 22e16bb5f71d07fefcc8f07543b7b301a2245384b101deb3d23b36cefd96728ffb748bb3db04fc2270ec6ed4fc84a7a02e0941fa99a5d6ad649c4549b38ce6a3

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

MD5 a06388a2446176165ea1f33cc8335d84
SHA1 9e5d88dddc9e93764a58cb0e140ee1a4ae5954a8
SHA256 365fc45ae9db4fcf3f8be96d955e9c5ef1a06492744dadb6bdb2a56ee931ae54
SHA512 c14f57e964e9f87c743773b04b0d3f14266354822f6eceb8d421fdd99169097f34bf00a750e31b93645eeecbb4fea1b20f5ebbf7c69df35afed48d50a4bceb68

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\GrShaderCache\GPUCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\GrShaderCache\GPUCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\964490f8-3cab-4484-a3fd-4bad0d0dae14.tmp

MD5 293659d19968aeb75662ec7083b2b6af
SHA1 afe8897be2181151bc3ef02323c2145e6372ce4c
SHA256 67e421e2c32f6c92e220a1f19ae98398eb7984d1841d830b489686749ebb62ff
SHA512 97025249472e14dccd49839ae6b9702ae4dd2ee469a3e79af929c6f121b2801b729cb8f79657a87568fc32eb71ab2b65440afbaee5061694fdb89b3d7bd2fe77

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\d647211d-7313-499d-90fe-2d3234783bd8.tmp

MD5 4d4b657a4d0b9703e41b3e14991c5f6f
SHA1 65858616de1ec60bba42d2afc307cec3d6da232c
SHA256 a0b1ad95ddf3645510625d1f6da088b1d78ad2fd3d19aa1550dcac7e8e4ccf1e
SHA512 10b753ca1898a8c5ca162feb1f58e9c90d17a2cca47b6a70c555d7e7a1188e331e339a2177f83e8211e742a0a2e680b0d86e0f2ee2fb17c8914fb1d6c6b3cd92

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\081adcef-7ea0-4e5f-9bb1-1b938c3db511\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\081adcef-7ea0-4e5f-9bb1-1b938c3db511\index-dir\the-real-index

MD5 388f81493adc0e4e31bbd43d35209754
SHA1 a29abcee688fb655c4eedcc0d174d6fbbe030359
SHA256 9afa21b110da0bf62b3cce2175e6cc0e0dea8b85a33a0769c830c4b2d40cf56e
SHA512 09a21fdea67ce61b094882a1ccad8d9158ef391537eaa40ae4c2875e902affdd99e68148a72ca1474d77a79c01c67e8deb1bc0c57aad736746ba76efe4a8529a

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\turboapp_db.json~RFe587e05.TMP

MD5 f0968085101f78a5781aef95d496b006
SHA1 9db07441cef23b2b27a352e6bd6f61e84a56ef1d
SHA256 a23dd2c46af797c6e43337ccc2df6b5d140dca6f4e8f8a1f83dc4cdda73240a0
SHA512 8200e9c282f807b9b3034046a74a5897dd8707200647d42197f92ffad790c7b604bbe393eacb9799028bceb4f0c08a08ba445712da6c4ad069b2f9c1eb6d3035

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\turboapp_db.json

MD5 d43fb0fe2357873f15fbecc9039161df
SHA1 fbdf9a904d49876e299f209b17c6f8db15c6e8a0
SHA256 7e3676f4186ae9f7177653ec14978202f6a346ed94a9e6a3ddbb3280e5d58515
SHA512 9253338cfd7cfa9c4591ec985f29705329a2c2a1050396f19dbc2d3eb46a70ef95c5b11c0cb773691f0dbfbb0489255ad64e5fe3941c2e6f372bc60f1175ee23

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

MD5 912faed941a5c828531be1fc43077f66
SHA1 e6d11d71de817990bd00f199429ecdfab1051015
SHA256 01ac349e75a1b9b49a592b72162df4352756f5e8aec41396035b30d013cd67fe
SHA512 1a943ce1525f5754b7ee41162cd9378a0f23fb5f1e49d768bba9f2880b9bcf03450bf5ea5af0d98600a4c416a520c176d7c8a5c006e21a52ac7072c3c1da5982

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Local State

MD5 4b020e03ce5f53743b91d4e1af3ee515
SHA1 59695c86ed25e1484aa9edc3e918570f6ab0423b
SHA256 5071028e3e722bd2d569c57a4a83e26d7fac62001d94d7d2d21c70bd85f52231
SHA512 ebddc4321b9e9b5b1da220581ea2560fe5b9a6b6cb201e95fb65fde9105e04f9b2d69c2789901e9e274dc1278da782761da2dc6580d9ffffd9f1543a4db8ca83

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Local State~RFe588037.TMP

MD5 8b0cf166d4adff307c00b6964c831609
SHA1 6fee40cfcc23b6abfe591cfc66132c8ffb38f8b1
SHA256 e456397037049ccfc10cce6a0cb33bd491a0f5d0a71967a630d7ebc80d970086
SHA512 66b826e4c61fabdd6480172fe53f94d8ebd2bf531d627e2cea91b8a359792277abef8558b2599891e9e341ffab8e790e1c2cc7cc5ac2150bbef76bb2396482bb

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

MD5 9b7ec2ceb138dbe72c0cd81ad7043784
SHA1 d288236a5bf5a5a8285e16600587b1eba42eb38c
SHA256 9a6443ea6e3d991980d577211da0919a47c628166629faa8c393edc3594929a7
SHA512 4f91bb0f9f75b5115b461262c6b78f71e62a7f5e6c51a7acd5756847c7eb0310efc0e260195354c9fe49fd1c2af1c04c9851fea5a66313c27f14526f5682b2b8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Local State

MD5 72515b496aeb8a3ea1404e1656e5c6cd
SHA1 666490fa7c845407887c7a91658a826f30d35445
SHA256 1d9e772a2f73f582d825317e744720ab8e10b59fb21e7da15247f2adf03538b8
SHA512 6cfae3299e76fca95c1072c50dcb7d5f24fa9ff4e4ce29f9182685595f6e092a1551967a678bcbc1d50b0fa63784830d28c9e55aabb8d334fec586a8c2f977d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 fd132fb9f1b3439be3c2c93e9668aa91
SHA1 7ef1895210bc1d1a9a6eb1087df6b465489d56bc
SHA256 dcb1ee28f41e187a499fb371c4ddbae44edf035c9134baa678cd087eeda51dcd
SHA512 28b709a8cb8fa2ad3c865051532a222085c1fe1ea1b224126bce05d8a49f689c9036a0d7595ddd372ca3f3b9febf8e32db538adf3fea2ffca0a524ce21c5429d

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\GPUCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 e60f2edc3431c27d033d72d24057102c
SHA1 741dbf4278ea8f9a45a579c87cb195445c4a53fe
SHA256 867056f7ce42dfb8e122403df5bdb49ee4f172d51af4ea06a2b315627319ee2c
SHA512 2fe56f9bfcc838186b27d927feaf0e6eb2b2efd4baac0fec0049e15a8e4110cb8cb8cdb0ff4262bea7160c949dc2cb2d370f53498e088ea603a10b1ee5929739

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Local State

MD5 d0db55a002c4529a2647da02eee67f5a
SHA1 800dafc61433fc873c31c713cf57edea35bf8c4f
SHA256 90609f706d2649391a0bef9bffae76b978f3b4b1f83261f707f5453ba87c60af
SHA512 74a9b594a4ed06b6dd531a7745c62edce495941edd5ba6140d09df95908f56150bc743f1b5489c444b731c84ed361adb32badec15346653c076c46a8b2f03446

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TransportSecurity~RFe58e181.TMP

MD5 4478022cadc58672d008af7c1ce2d586
SHA1 3fc55773f701755aa67d61f043f949c436881961
SHA256 f28d80f5ff7d7142ef4543d06fc5a1effdda19ab5398d380b8c220b32968fd03
SHA512 e6f08a74f19ac91b49709eecfbd819d18bed301ee60a9d068fb478adfe179beeccdf416bb85dc014726c3ffb255d0a976af2b828068b9efca3485bb62c11226e

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TransportSecurity

MD5 b39fc8a98d2b128e03226140320a6f7f
SHA1 40395ec04795b36e0ff97c4e6e828a0899ff936d
SHA256 e55520b3b83fdc6997e60e62f7a7aaebc84c401c9707c1675caaecbc44d8c0fc
SHA512 a9ecb76f609552fd4f109ae17e4c2c266ebd141abab3d189a93930f63032c710959aac80811432e00ab533e81bb87b01b19bd90c65a3abb84facbfca6c668336

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

MD5 cdd34828b338c4a2c383d3fdad28372c
SHA1 d47f35f1bea1b9e6befb101f9815fa132b5cf106
SHA256 e936e3b72d175adeab76783e97d6881ae610afa6478189d2efa900933d2b7947
SHA512 41247be1d653236a4baa3035b981e506e20bfdb069c93e669c260346c790aa1f1933ac82185b3d60f3791f46e6fbf56bf0028d7b086e5184c7031f60f1ed38c4

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TransportSecurity

MD5 cf4b12aea212944c599e0626492c76b2
SHA1 bcb4818ccc6e095ccb691c2d32cb08da8385062b
SHA256 83e4ca56c7b2ca01edd9f610a5ee511c62240972f87f1ddcdd1f2367cd358a85
SHA512 a392fc12258a0eedd8d971cd08180733a913447aa3c4506cb90a85c66e14d4cb08fa30a78cefa4d42f7a0b1ba5f8e9b1dbf6df38a3471bbfc93e6c29d571b4c5

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\002a5eed-b84d-40d5-b180-c424430df8f3.tmp

MD5 5898dcf7e5daa5f954ae1d69f2ffbd06
SHA1 b13e0d328941e38985bb9e52ec0017356541b8f9
SHA256 738568215b63f56ecaeae89e27c4a454f68ab984517d978c19ce374b19de8cba
SHA512 e2234a5b27582305f9be37f59b98e1debcc7784a2776c41f1fcb82665dadf69999fb4c610968001101978ce95c4473cc32fd801785c9177311a1ee74967ac74a

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TransportSecurity

MD5 a1777985f5d2ed219b9e77580f9faeee
SHA1 fd6bf5044c2d39493355375dc418bca8258e90e5
SHA256 0cf9798e8b95c5884e859b1e51587d8f82bfa90ba1f171c6d9e58956a3c33efa
SHA512 d6627f47b4fe29f20f3c1f428784d32858dd4fa8619718f841386f27db3b3da781545901c77e1a5760fd8c6545852f6265a085eb0e24217280c2b08cfb6c997b

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TransportSecurity

MD5 3880963b19ed9a3e0713e3864f3ad7ee
SHA1 ac69f1ea339c67d8ad0318c24f008fd3e86d3898
SHA256 2a431421673914c827c825c2362d73e18ea8f90e3bdd83b033e1ba876dd35b56
SHA512 2a4184ba1c069451e3565cee3c7384ffcbe04e16cef72789032c3d8bfbeccc41b2f963d9f6125a3c43be50e2b26b375244282befab50caed7baacaebd3a9b31d

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Local State

MD5 932bec12ebba59a26b20a47ad2faf925
SHA1 f9ba2aef8012ed0a4535811d4fdf7016d1459882
SHA256 ad4e93b6d792079ff78f66a01df7a4760160b9045772cd7b0817eea7c21a013b
SHA512 d2ebdbd54bdd3ed24338eb8305e3f9662cef842c286879e1c5dbf464b1a2ff5273a47cb98d683e2cd3ecc5b44e61215394488879102ff8ab052b1c9457e7e5b2

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

MD5 7bdc48278eceb560c70b903ca509ed69
SHA1 d8cee2eb9928fe59166590e7836e4dfd28fe4a14
SHA256 ee76bb3f3b9eb37e50e80890a84efaaa91da07ce986c8e87d7f2245c3954fef0
SHA512 f03d0b6d2af11dbcca7fea3dc349fbc4da5537882debb817959a1064acf4cb1512cd11b27d9135bdf600c2ed4158e5704cc29db75bea059247baaf0e8259fa02

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network Persistent State

MD5 807bd278531ca473bebe167928435219
SHA1 fccb160ec62924b6e87d718c2a512c620d1e7471
SHA256 690a597149f498e8f9e7675ec845c16e28054d789da7953b9df283f4a923e91e
SHA512 32e5346879d0051b665b7a6c8bed496c3e260f879956eb8f23b3e4041ec47f68bd723bf5a190fd3b9132f7f048fafba69bbe589ba874daaa2ea68b8f04908bec

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network Persistent State~RFe5992e0.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TransportSecurity

MD5 ed476488f8f6d9e612545c4cffcb80a2
SHA1 c03ed985eb8153c37801826b9dd3708cb428bc8f
SHA256 abe0b9b90ecea26ff7c41d1c29167826c0d36260b5e860d98804ea1dd1031e92
SHA512 56b9e8f91c5e7f8d16ea331be31b57b5c18bb3a16391fa6feac3997bbfbb847eea94b3cda05c9b435b89e7225f6b56214e4c60959b58897b234c44142b97a3a3

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TransportSecurity

MD5 3955b9b2d8376a0c7be5f6a457507a50
SHA1 48bd9cc98a7ed404be389423197f3967ea50ca7d
SHA256 ad14eed383678e3d0185826ce6339d68e92573964ffd9f961aca070862d3e440
SHA512 d88c4a327275b1acd94043ba69af881f24f87ae88f3b625c67d6df1ba9850994fcf1074fbff8be02fcad6d838574f377c13bd5c9d6b3dc2fffe71cf4c1ef26ae

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

MD5 ec021b1deb5c1c6bfc3424ceaedd3ea5
SHA1 2918e8c868c5846d8d53ab575647f2ce11e55c56
SHA256 f2e04a1882bc6009ffa60bb931c00a7896d65d76b9167712a023f152098645d4
SHA512 3844f4afbf784ba00045de58c87a65fd60109f85e540823849d469c014dca1fa1d54f2562b9167f5ab64ad395d1c8bc84fdc2dc73b406d4e41ff4dce15c118ae