Malware Analysis Report

2025-04-03 10:57

Sample ID 241109-2skyaatgjm
Target 8f702bad1aefdc220b8597d3321fa11b61331c10d76416c70505e9ce73fd73ed
SHA256 8f702bad1aefdc220b8597d3321fa11b61331c10d76416c70505e9ce73fd73ed
Tags
discovery persistence spyware stealer
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

8f702bad1aefdc220b8597d3321fa11b61331c10d76416c70505e9ce73fd73ed

Threat Level: Likely malicious

The file 8f702bad1aefdc220b8597d3321fa11b61331c10d76416c70505e9ce73fd73ed was found to be: Likely malicious.

Malicious Activity Summary

discovery persistence spyware stealer

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Checks computer location settings

Adds Run key to start application

Legitimate hosting services abused for malware hosting/C2

Checks installed software on the system

Checks system information in the registry

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Browser Information Discovery

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Unsigned PE

Modifies data under HKEY_USERS

Modifies system certificate store

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Modifies registry class

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies Internet Explorer settings

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-09 22:50

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-09 22:50

Reported

2024-11-09 22:53

Platform

win7-20240903-en

Max time kernel

150s

Max time network

147s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8f702bad1aefdc220b8597d3321fa11b61331c10d76416c70505e9ce73fd73ed.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\yb981B.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe N/A
N/A N/A C:\Windows\TEMP\scoped_dir2436_2045106729\temp\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\8f702bad1aefdc220b8597d3321fa11b61331c10d76416c70505e9ce73fd73ed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8f702bad1aefdc220b8597d3321fa11b61331c10d76416c70505e9ce73fd73ed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8f702bad1aefdc220b8597d3321fa11b61331c10d76416c70505e9ce73fd73ed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8f702bad1aefdc220b8597d3321fa11b61331c10d76416c70505e9ce73fd73ed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\yb981B.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe N/A
N/A N/A C:\Windows\TEMP\scoped_dir2436_2045106729\temp\service_update.exe N/A
N/A N/A C:\Windows\TEMP\scoped_dir2436_2045106729\temp\service_update.exe N/A
N/A N/A C:\Windows\TEMP\scoped_dir2436_2045106729\temp\service_update.exe N/A
N/A N/A C:\Windows\TEMP\scoped_dir2436_2045106729\temp\service_update.exe N/A
N/A N/A C:\Windows\TEMP\scoped_dir2436_2045106729\temp\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Run\GoogleChromeAutoLaunch_45886AE68CD319C7351FF54A1DBD4B87 = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --shutdown-if-not-closed-by-system-restart" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Checks installed software on the system

discovery

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A yandex.com N/A N/A
N/A yandex.com N/A N/A
N/A yandex.com N/A N/A

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\UDYC2PQW.txt C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\7ZXER6TY.txt C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\7ZXER6TY.txt C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\ZRNYNVMQ.txt C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\349D186F1CB5682FA0194D4F3754EF36_329286CE101A90C7D927A9DF52224760 C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\MNECPCS0.txt C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\MNECPCS0.txt C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3 C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\349D186F1CB5682FA0194D4F3754EF36_329286CE101A90C7D927A9DF52224760 C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\UDYC2PQW.txt C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\I8UMTHDT.txt C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\NZJGQ3DZ.txt C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Yandex\ui C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\NZJGQ3DZ.txt C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\ZRNYNVMQ.txt C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\ULUK2JH0.txt C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\ULUK2JH0.txt C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\_[1].js C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3 C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\I8UMTHDT.txt C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe C:\Windows\TEMP\scoped_dir2436_2045106729\temp\service_update.exe N/A
File opened for modification C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe C:\Windows\TEMP\scoped_dir2436_2045106729\temp\service_update.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\System update for Yandex Browser.job C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File created C:\Windows\Tasks\Update for Yandex Browser.job C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File created C:\Windows\Tasks\Repairing Yandex Browser update service.job C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\Tasks\Update for Yandex Browser.job C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\8f702bad1aefdc220b8597d3321fa11b61331c10d76416c70505e9ce73fd73ed.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\8f702bad1aefdc220b8597d3321fa11b61331c10d76416c70505e9ce73fd73ed.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\TEMP\scoped_dir2436_2045106729\temp\service_update.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\yb981B.tmp N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\Total = "606" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "48" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a7e3310a2b0e6e498bd88e48ec67abf600000000020000000000106600000001000020000000edcb924d466247c3eb4bcd4390212b736db47f79730d36dfc95ef548f5494afd000000000e800000000200002000000054cdf50a4dff9cfad9844ff95d5f1fae95b72f255c7f6914a415bebb3ff9bd14200000008c671e93037ce93d0c98f7028d643a7ef8014eae42ee7a27ed991df958d84b2340000000c5a8b98525a24bc6496e6b5d3c9fdcfd5cb3e7b992a6608c9e8c364198096615f4b1334902c4e7b44dbe17219d99b91a4c9f664caf724a3db6d647a158e7ec1f C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a7e3310a2b0e6e498bd88e48ec67abf6000000000200000000001066000000010000200000000c410ecac33748270f6d290308d9395c7ebe30c03a36db6729c762a6644f6e0a000000000e80000000020000200000009acd606c0266ec6e0066e2c25413e9021239c222ffa9fd17610139328b4c4b1290000000a565d173f82047446083e3aed3e18a30e8972bed609dcd3b3bbfd0a64a2b1dbfeb5d0a82f4bc3bd06d0503d8c7564f90644910ee7566e28019fbdf634f17170ab2da8956140eb974f838e6df36202ff7be6a34fa425ea6e31dde2335a41539b53472dbe93e26c9263b1395f107f4bdc0fea99c4fca41d8e67c95429525f996fbe9f36f568c63b901d32d358f146b3bc040000000cbda23bb77a4ec7a1f1b1fa7a3ded004c351d5c7e2712617aa3084fabc30cf139d93e6938364e522b87fc6fc26a108ab8e7feaed66609549d7caa82b36a4dd46 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "637" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\ = "90" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\ = "12" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\Total = "637" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\ = "637" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\Total = "12" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\ = "27" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\Total = "27" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "62" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "27" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "606" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\ = "48" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "437354524" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\Total = "9" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\Total = "90" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\ = "606" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\ = "9" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\ = "62" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "90" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80b47bebf932db01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\Total = "48" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\Total = "62" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{14D99401-9EED-11EF-A160-4A174794FC88} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "9" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable = "0" C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "0" C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\da-87-14-80-e5-b6\WpadDecision = "0" C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\Yandex C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{61FB18F4-1240-4F22-88E7-1947FD9CC3D5}\WpadDecisionTime = 20335af8f932db01 C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:" C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:" C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\da-87-14-80-e5-b6\WpadDecisionTime = 20335af8f932db01 C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings = 4600000003000000090000000000000000000000000000000400000000000000000000000000000000000000000000000000000001000000020000000a7f009f000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings = 4600000002000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\da-87-14-80-e5-b6 C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\Yandex\UICreated_SYSTEM = "1" C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{61FB18F4-1240-4F22-88E7-1947FD9CC3D5}\da-87-14-80-e5-b6 C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{61FB18F4-1240-4F22-88E7-1947FD9CC3D5}\WpadDecisionReason = "1" C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{61FB18F4-1240-4F22-88E7-1947FD9CC3D5}\WpadNetworkName = "Network 3" C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\AppDataLow\Yandex C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "1" C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\da-87-14-80-e5-b6\WpadDecisionReason = "1" C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{61FB18F4-1240-4F22-88E7-1947FD9CC3D5} C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\YandexWEBP.OBQZ742VPV3FSQKUTIFEPYNT6A\shell C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\.crx\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\YandexGIF.OBQZ742VPV3FSQKUTIFEPYNT6A\shell\open C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\YandexWEBM.OBQZ742VPV3FSQKUTIFEPYNT6A\shell C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\.css\OpenWithProgids C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\.fb2\OpenWithProgids C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\.xht\ = "YandexHTML.OBQZ742VPV3FSQKUTIFEPYNT6A" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\YandexINFE.OBQZ742VPV3FSQKUTIFEPYNT6A\shell\open C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\YandexJPEG.OBQZ742VPV3FSQKUTIFEPYNT6A\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-109" C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\YandexSWF.OBQZ742VPV3FSQKUTIFEPYNT6A\shell\open C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\YandexWEBM.OBQZ742VPV3FSQKUTIFEPYNT6A C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\.txt C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\.html\OpenWithProgids\YandexHTML.OBQZ742VPV3FSQKUTIFEPYNT6A C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\.xht\OpenWithProgids\YandexHTML.OBQZ742VPV3FSQKUTIFEPYNT6A C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\.pdf\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\YandexINFE.OBQZ742VPV3FSQKUTIFEPYNT6A\ = "Malware Infected File" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\yabrowser\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\yabrowser\shell\open\ddeexec\ C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\http C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\.jpg C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\.shtml C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\yabrowser\shell\open\command C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\YandexXML.OBQZ742VPV3FSQKUTIFEPYNT6A\ = "Yandex Browser XML Document" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\YandexPDF.OBQZ742VPV3FSQKUTIFEPYNT6A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\https\DefaultIcon C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\YandexJS.OBQZ742VPV3FSQKUTIFEPYNT6A\DefaultIcon C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\http\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,0" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\YandexBrowser.crx\shell C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\YandexHTML.OBQZ742VPV3FSQKUTIFEPYNT6A C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\YandexHTML.OBQZ742VPV3FSQKUTIFEPYNT6A\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-108" C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\YandexPDF.OBQZ742VPV3FSQKUTIFEPYNT6A\shell\open\command C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\YandexFB2.OBQZ742VPV3FSQKUTIFEPYNT6A\shell\open\command C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\.crx\OpenWithProgids\YandexCRX.OBQZ742VPV3FSQKUTIFEPYNT6A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\.crx\ = "YandexCRX.OBQZ742VPV3FSQKUTIFEPYNT6A" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\YandexINFE.OBQZ742VPV3FSQKUTIFEPYNT6A\shell C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\YandexPNG.OBQZ742VPV3FSQKUTIFEPYNT6A\shell\open C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\.htm\OpenWithProgids\YandexHTML.OBQZ742VPV3FSQKUTIFEPYNT6A C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\YandexWEBM.OBQZ742VPV3FSQKUTIFEPYNT6A\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-132" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\.jpeg\OpenWithProgids C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\YandexPDF.OBQZ742VPV3FSQKUTIFEPYNT6A\DefaultIcon C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\YandexCSS.OBQZ742VPV3FSQKUTIFEPYNT6A\DefaultIcon C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\YandexPNG.OBQZ742VPV3FSQKUTIFEPYNT6A\DefaultIcon C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\YandexPDF.OBQZ742VPV3FSQKUTIFEPYNT6A\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\.xml C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\.epub\OpenWithProgids\YandexEPUB.OBQZ742VPV3FSQKUTIFEPYNT6A C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\.htm\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\.html C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\YandexGIF.OBQZ742VPV3FSQKUTIFEPYNT6A\shell\open\command C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\YandexSWF.OBQZ742VPV3FSQKUTIFEPYNT6A\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1" C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\.gif\OpenWithProgids\YandexGIF.OBQZ742VPV3FSQKUTIFEPYNT6A C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\.xml C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\.swf C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\.webp\OpenWithProgids C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\YandexXML.OBQZ742VPV3FSQKUTIFEPYNT6A\ = "Yandex Browser XML Document" C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\YandexINFE.OBQZ742VPV3FSQKUTIFEPYNT6A\shell C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\YandexPDF.OBQZ742VPV3FSQKUTIFEPYNT6A\shell\open\command C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\YandexEPUB.OBQZ742VPV3FSQKUTIFEPYNT6A\shell\open\command C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\YandexFB2.OBQZ742VPV3FSQKUTIFEPYNT6A\shell\open\command C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\YandexBrowser.crx\DefaultIcon C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\http\DefaultIcon C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\YandexFB2.OBQZ742VPV3FSQKUTIFEPYNT6A\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1" C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\.tif\OpenWithProgids\YandexTIFF.OBQZ742VPV3FSQKUTIFEPYNT6A C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\ftp C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\ftp\URL Protocol C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 C:\Users\Admin\AppData\Local\Temp\8f702bad1aefdc220b8597d3321fa11b61331c10d76416c70505e9ce73fd73ed.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 C:\Users\Admin\AppData\Local\Temp\8f702bad1aefdc220b8597d3321fa11b61331c10d76416c70505e9ce73fd73ed.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 C:\Users\Admin\AppData\Local\Temp\8f702bad1aefdc220b8597d3321fa11b61331c10d76416c70505e9ce73fd73ed.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe N/A
N/A N/A C:\Windows\TEMP\scoped_dir2436_2045106729\temp\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2340 wrote to memory of 984 N/A C:\Users\Admin\AppData\Local\Temp\8f702bad1aefdc220b8597d3321fa11b61331c10d76416c70505e9ce73fd73ed.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2340 wrote to memory of 984 N/A C:\Users\Admin\AppData\Local\Temp\8f702bad1aefdc220b8597d3321fa11b61331c10d76416c70505e9ce73fd73ed.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2340 wrote to memory of 984 N/A C:\Users\Admin\AppData\Local\Temp\8f702bad1aefdc220b8597d3321fa11b61331c10d76416c70505e9ce73fd73ed.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2340 wrote to memory of 984 N/A C:\Users\Admin\AppData\Local\Temp\8f702bad1aefdc220b8597d3321fa11b61331c10d76416c70505e9ce73fd73ed.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2340 wrote to memory of 3060 N/A C:\Users\Admin\AppData\Local\Temp\8f702bad1aefdc220b8597d3321fa11b61331c10d76416c70505e9ce73fd73ed.exe C:\Users\Admin\AppData\Local\Temp\8f702bad1aefdc220b8597d3321fa11b61331c10d76416c70505e9ce73fd73ed.exe
PID 2340 wrote to memory of 3060 N/A C:\Users\Admin\AppData\Local\Temp\8f702bad1aefdc220b8597d3321fa11b61331c10d76416c70505e9ce73fd73ed.exe C:\Users\Admin\AppData\Local\Temp\8f702bad1aefdc220b8597d3321fa11b61331c10d76416c70505e9ce73fd73ed.exe
PID 2340 wrote to memory of 3060 N/A C:\Users\Admin\AppData\Local\Temp\8f702bad1aefdc220b8597d3321fa11b61331c10d76416c70505e9ce73fd73ed.exe C:\Users\Admin\AppData\Local\Temp\8f702bad1aefdc220b8597d3321fa11b61331c10d76416c70505e9ce73fd73ed.exe
PID 2340 wrote to memory of 3060 N/A C:\Users\Admin\AppData\Local\Temp\8f702bad1aefdc220b8597d3321fa11b61331c10d76416c70505e9ce73fd73ed.exe C:\Users\Admin\AppData\Local\Temp\8f702bad1aefdc220b8597d3321fa11b61331c10d76416c70505e9ce73fd73ed.exe
PID 2340 wrote to memory of 3060 N/A C:\Users\Admin\AppData\Local\Temp\8f702bad1aefdc220b8597d3321fa11b61331c10d76416c70505e9ce73fd73ed.exe C:\Users\Admin\AppData\Local\Temp\8f702bad1aefdc220b8597d3321fa11b61331c10d76416c70505e9ce73fd73ed.exe
PID 2340 wrote to memory of 3060 N/A C:\Users\Admin\AppData\Local\Temp\8f702bad1aefdc220b8597d3321fa11b61331c10d76416c70505e9ce73fd73ed.exe C:\Users\Admin\AppData\Local\Temp\8f702bad1aefdc220b8597d3321fa11b61331c10d76416c70505e9ce73fd73ed.exe
PID 2340 wrote to memory of 3060 N/A C:\Users\Admin\AppData\Local\Temp\8f702bad1aefdc220b8597d3321fa11b61331c10d76416c70505e9ce73fd73ed.exe C:\Users\Admin\AppData\Local\Temp\8f702bad1aefdc220b8597d3321fa11b61331c10d76416c70505e9ce73fd73ed.exe
PID 984 wrote to memory of 2032 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 984 wrote to memory of 2032 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 984 wrote to memory of 2032 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 984 wrote to memory of 2032 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3060 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\8f702bad1aefdc220b8597d3321fa11b61331c10d76416c70505e9ce73fd73ed.exe C:\Users\Admin\AppData\Local\Temp\yb981B.tmp
PID 3060 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\8f702bad1aefdc220b8597d3321fa11b61331c10d76416c70505e9ce73fd73ed.exe C:\Users\Admin\AppData\Local\Temp\yb981B.tmp
PID 3060 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\8f702bad1aefdc220b8597d3321fa11b61331c10d76416c70505e9ce73fd73ed.exe C:\Users\Admin\AppData\Local\Temp\yb981B.tmp
PID 3060 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\8f702bad1aefdc220b8597d3321fa11b61331c10d76416c70505e9ce73fd73ed.exe C:\Users\Admin\AppData\Local\Temp\yb981B.tmp
PID 3060 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\8f702bad1aefdc220b8597d3321fa11b61331c10d76416c70505e9ce73fd73ed.exe C:\Users\Admin\AppData\Local\Temp\yb981B.tmp
PID 3060 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\8f702bad1aefdc220b8597d3321fa11b61331c10d76416c70505e9ce73fd73ed.exe C:\Users\Admin\AppData\Local\Temp\yb981B.tmp
PID 3060 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\8f702bad1aefdc220b8597d3321fa11b61331c10d76416c70505e9ce73fd73ed.exe C:\Users\Admin\AppData\Local\Temp\yb981B.tmp
PID 2260 wrote to memory of 1764 N/A C:\Users\Admin\AppData\Local\Temp\yb981B.tmp C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe
PID 2260 wrote to memory of 1764 N/A C:\Users\Admin\AppData\Local\Temp\yb981B.tmp C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe
PID 2260 wrote to memory of 1764 N/A C:\Users\Admin\AppData\Local\Temp\yb981B.tmp C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe
PID 2260 wrote to memory of 1764 N/A C:\Users\Admin\AppData\Local\Temp\yb981B.tmp C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe
PID 2260 wrote to memory of 1764 N/A C:\Users\Admin\AppData\Local\Temp\yb981B.tmp C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe
PID 2260 wrote to memory of 1764 N/A C:\Users\Admin\AppData\Local\Temp\yb981B.tmp C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe
PID 2260 wrote to memory of 1764 N/A C:\Users\Admin\AppData\Local\Temp\yb981B.tmp C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe
PID 1764 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe
PID 1764 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe
PID 1764 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe
PID 1764 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe
PID 1764 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe
PID 1764 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe
PID 1764 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe
PID 2436 wrote to memory of 2296 N/A C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe
PID 2436 wrote to memory of 2296 N/A C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe
PID 2436 wrote to memory of 2296 N/A C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe
PID 2436 wrote to memory of 2296 N/A C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe
PID 2436 wrote to memory of 2296 N/A C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe
PID 2436 wrote to memory of 2296 N/A C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe
PID 2436 wrote to memory of 2296 N/A C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe
PID 2436 wrote to memory of 2792 N/A C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe C:\Windows\TEMP\scoped_dir2436_2045106729\temp\service_update.exe
PID 2436 wrote to memory of 2792 N/A C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe C:\Windows\TEMP\scoped_dir2436_2045106729\temp\service_update.exe
PID 2436 wrote to memory of 2792 N/A C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe C:\Windows\TEMP\scoped_dir2436_2045106729\temp\service_update.exe
PID 2436 wrote to memory of 2792 N/A C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe C:\Windows\TEMP\scoped_dir2436_2045106729\temp\service_update.exe
PID 2436 wrote to memory of 2792 N/A C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe C:\Windows\TEMP\scoped_dir2436_2045106729\temp\service_update.exe
PID 2436 wrote to memory of 2792 N/A C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe C:\Windows\TEMP\scoped_dir2436_2045106729\temp\service_update.exe
PID 2436 wrote to memory of 2792 N/A C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe C:\Windows\TEMP\scoped_dir2436_2045106729\temp\service_update.exe
PID 2792 wrote to memory of 1712 N/A C:\Windows\TEMP\scoped_dir2436_2045106729\temp\service_update.exe C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe
PID 2792 wrote to memory of 1712 N/A C:\Windows\TEMP\scoped_dir2436_2045106729\temp\service_update.exe C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe
PID 2792 wrote to memory of 1712 N/A C:\Windows\TEMP\scoped_dir2436_2045106729\temp\service_update.exe C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe
PID 2792 wrote to memory of 1712 N/A C:\Windows\TEMP\scoped_dir2436_2045106729\temp\service_update.exe C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe
PID 2792 wrote to memory of 1712 N/A C:\Windows\TEMP\scoped_dir2436_2045106729\temp\service_update.exe C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe
PID 2792 wrote to memory of 1712 N/A C:\Windows\TEMP\scoped_dir2436_2045106729\temp\service_update.exe C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe
PID 2792 wrote to memory of 1712 N/A C:\Windows\TEMP\scoped_dir2436_2045106729\temp\service_update.exe C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe
PID 1312 wrote to memory of 2092 N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe
PID 1312 wrote to memory of 2092 N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe
PID 1312 wrote to memory of 2092 N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe
PID 1312 wrote to memory of 2092 N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe
PID 1312 wrote to memory of 2092 N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe
PID 1312 wrote to memory of 2092 N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe
PID 1312 wrote to memory of 2092 N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe

Processes

C:\Users\Admin\AppData\Local\Temp\8f702bad1aefdc220b8597d3321fa11b61331c10d76416c70505e9ce73fd73ed.exe

"C:\Users\Admin\AppData\Local\Temp\8f702bad1aefdc220b8597d3321fa11b61331c10d76416c70505e9ce73fd73ed.exe"

C:\Users\Admin\AppData\Local\Temp\8f702bad1aefdc220b8597d3321fa11b61331c10d76416c70505e9ce73fd73ed.exe

"C:\Users\Admin\AppData\Local\Temp\8f702bad1aefdc220b8597d3321fa11b61331c10d76416c70505e9ce73fd73ed.exe" --parent-installer-process-id=2340 --run-as-admin --setup-cmd-line="fake_browser_arc --abt-config-resource-file=\"C:\Users\Admin\AppData\Local\Temp\abt_config_resource\" --abt-update-path=\"C:\Users\Admin\AppData\Local\Temp\1800012f-9048-4a79-be47-c4a08c7dcfea.tmp\" --brand-name=int --browser-present=none --disableyapin --distr-info-file=\"C:\Users\Admin\AppData\Local\Temp\distrib_info\" --installer-brand-id=int --make-browser-default-after-import --ok-button-pressed-time=237233000 --progress-window=131538 --server-config-bundle-path=\"C:\Users\Admin\AppData\Local\Temp\f8a0d886-7ad1-4db3-ad7c-dd0e59212141.tmp\" --testids=1114347 --variations-update-path=\"C:\Users\Admin\AppData\Local\Temp\5bc6e9bf-9fc6-432d-853c-ce206a7465ea.tmp\" --verbose-logging"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://yandex.com/legal/browser_agreement/?lang=en

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:984 CREDAT:275457 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\yb981B.tmp

"C:\Users\Admin\AppData\Local\Temp\yb981B.tmp" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\1800012f-9048-4a79-be47-c4a08c7dcfea.tmp" --brand-name=int --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --browser-present=none --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --disableyapin --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=40 --install-start-time-no-uac=237420200 --installer-brand-id=int --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --make-browser-default-after-import --ok-button-pressed-time=237233000 --progress-window=131538 --server-config-bundle-path="C:\Users\Admin\AppData\Local\Temp\f8a0d886-7ad1-4db3-ad7c-dd0e59212141.tmp" --source=lite --testids=1114347 --variations-update-path="C:\Users\Admin\AppData\Local\Temp\5bc6e9bf-9fc6-432d-853c-ce206a7465ea.tmp" --verbose-logging

C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe

"C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\BROWSER.PACKED.7Z" --searchband-file="C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\SEARCHBAND.EXE" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\1800012f-9048-4a79-be47-c4a08c7dcfea.tmp" --brand-name=int --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --browser-present=none --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --disableyapin --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=40 --install-start-time-no-uac=237420200 --installer-brand-id=int --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --make-browser-default-after-import --ok-button-pressed-time=237233000 --progress-window=131538 --server-config-bundle-path="C:\Users\Admin\AppData\Local\Temp\f8a0d886-7ad1-4db3-ad7c-dd0e59212141.tmp" --source=lite --testids=1114347 --variations-update-path="C:\Users\Admin\AppData\Local\Temp\5bc6e9bf-9fc6-432d-853c-ce206a7465ea.tmp" --verbose-logging

C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe

"C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\BROWSER.PACKED.7Z" --searchband-file="C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\SEARCHBAND.EXE" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\1800012f-9048-4a79-be47-c4a08c7dcfea.tmp" --brand-name=int --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --browser-present=none --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --disableyapin --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=40 --install-start-time-no-uac=237420200 --installer-brand-id=int --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --make-browser-default-after-import --ok-button-pressed-time=237233000 --progress-window=131538 --server-config-bundle-path="C:\Users\Admin\AppData\Local\Temp\f8a0d886-7ad1-4db3-ad7c-dd0e59212141.tmp" --source=lite --testids=1114347 --variations-update-path="C:\Users\Admin\AppData\Local\Temp\5bc6e9bf-9fc6-432d-853c-ce206a7465ea.tmp" --verbose-logging --verbose-logging --run-as-admin --target-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application" --child-setup-process --restart-as-admin-time=274563800

C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe

C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=45323b5b377897c846fc6c473cf984a9 --annotation=main_process_pid=2436 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=22.1.5.812 --initial-client-data=0x1a0,0x1a4,0x1a8,0x174,0x1ac,0x121ed30,0x121ed40,0x121ed4c

C:\Windows\TEMP\scoped_dir2436_2045106729\temp\service_update.exe

"C:\Windows\TEMP\scoped_dir2436_2045106729\temp\service_update.exe" --setup

C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe" --install

C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe" --run-as-service

C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=45323b5b377897c846fc6c473cf984a9 --annotation=main_process_pid=1312 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=22.1.5.812 --initial-client-data=0x12c,0x130,0x134,0x100,0x138,0x473560,0x473570,0x47357c

C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe" --update-scheduler

C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe" --update-background-scheduler

C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe" --statistics=https://api.browser.yandex.ru/installstats/send/dtype=stred/pid=457/cid=72992/path=extended_stat/vars=-action=version_folder_files_check_unused,-brand_id=unknown,-error=FONT_NOT_FOUND,-files_mask=33422687,-installer_type=service_audit,-launched=false,-old_style=0,-old_ver=,-result=0,-stage=error,-target=version_folder_files_check,-ui=D9A8A360_5BD9_4CA1_8E87_3CEAD1FE4B2C/*

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Temp\clids.xml"

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\source2436_1547537189\Browser-bin\clids_yandex.xml"

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=searchband --vendor-xml-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\source2436_1547537189\Browser-bin\clids_searchband.xml"

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --progress-window=131538 --ok-button-pressed-time=237233000 --install-start-time-no-uac=237420200

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id= --annotation=main_process_pid=1068 --annotation=metrics_client_id=7db37f3d2f104a0ab676f492aa6710d4 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=22.1.5.812 --initial-client-data=0xe4,0xe8,0xec,0xb8,0xf0,0x70792a08,0x70792a18,0x70792a24

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --field-trial-handle=1092,10462385068013655802,5079397542862416408,131072 --user-id=FA6EFAB7-C833-43E4-B178-5CE613E821A1 --brand-id=int --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAANAAAAEAAAAAAAAAABAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1104 /prefetch:2

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1092,10462385068013655802,5079397542862416408,131072 --lang=en-US --service-sandbox-type=none --user-id=FA6EFAB7-C833-43E4-B178-5CE613E821A1 --brand-id=int --process-name="Network Service" --brver=22.1.5.812 --mojo-platform-channel-handle=1360 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1092,10462385068013655802,5079397542862416408,131072 --lang=en-US --service-sandbox-type=utility --user-id=FA6EFAB7-C833-43E4-B178-5CE613E821A1 --brand-id=int --process-name="Storage Service" --brver=22.1.5.812 --mojo-platform-channel-handle=1500 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1092,10462385068013655802,5079397542862416408,131072 --lang=en-US --service-sandbox-type=audio --user-id=FA6EFAB7-C833-43E4-B178-5CE613E821A1 --brand-id=int --process-name="Audio Service" --brver=22.1.5.812 --mojo-platform-channel-handle=1992 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=FA6EFAB7-C833-43E4-B178-5CE613E821A1 --brand-id=int --extension-process --help-url=https://api.browser.yandex.com/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://yastatic.net --display-capture-permissions-policy-allowed --enable-instaserp --field-trial-handle=1092,10462385068013655802,5079397542862416408,131072 --enable-ignition --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2016 /prefetch:1

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=FA6EFAB7-C833-43E4-B178-5CE613E821A1 --brand-id=int --extension-process --help-url=https://api.browser.yandex.com/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://yastatic.net --display-capture-permissions-policy-allowed --enable-instaserp --field-trial-handle=1092,10462385068013655802,5079397542862416408,131072 --enable-ignition --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2116 /prefetch:1

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1092,10462385068013655802,5079397542862416408,131072 --lang=en-US --service-sandbox-type=service --user-id=FA6EFAB7-C833-43E4-B178-5CE613E821A1 --brand-id=int --process-name="Data Decoder Service" --brver=22.1.5.812 --mojo-platform-channel-handle=2712 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=speechkit.mojom.Speechkit --field-trial-handle=1092,10462385068013655802,5079397542862416408,131072 --lang=en-US --service-sandbox-type=none --user-id=FA6EFAB7-C833-43E4-B178-5CE613E821A1 --brand-id=int --process-name="Speechkit Service" --brver=22.1.5.812 --mojo-platform-channel-handle=2808 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --field-trial-handle=1092,10462385068013655802,5079397542862416408,131072 --user-id=FA6EFAB7-C833-43E4-B178-5CE613E821A1 --brand-id=int --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAANAAAAEAAAAAAAAAABAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1096 /prefetch:2

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --field-trial-handle=1092,10462385068013655802,5079397542862416408,131072 --lang=en-US --service-sandbox-type=none --user-id=FA6EFAB7-C833-43E4-B178-5CE613E821A1 --brand-id=int --process-name="Profile Importer" --brver=22.1.5.812 --mojo-platform-channel-handle=500 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --field-trial-handle=1092,10462385068013655802,5079397542862416408,131072 --lang=en-US --service-sandbox-type=none --user-id=FA6EFAB7-C833-43E4-B178-5CE613E821A1 --brand-id=int --process-name="Profile Importer" --brver=22.1.5.812 --mojo-platform-channel-handle=1976 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --field-trial-handle=1092,10462385068013655802,5079397542862416408,131072 --lang=en-US --service-sandbox-type=none --user-id=FA6EFAB7-C833-43E4-B178-5CE613E821A1 --brand-id=int --process-name="Profile Importer" --brver=22.1.5.812 --mojo-platform-channel-handle=1884 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1092,10462385068013655802,5079397542862416408,131072 --lang=en-US --service-sandbox-type=service --user-id=FA6EFAB7-C833-43E4-B178-5CE613E821A1 --brand-id=int --process-name="Data Decoder Service" --brver=22.1.5.812 --mojo-platform-channel-handle=552 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 download.cdn.yandex.net udp
US 8.8.8.8:53 api.browser.yandex.net udp
US 8.8.8.8:53 api.browser.yandex.ru udp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 5.45.205.244:443 download.cdn.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
US 8.8.8.8:53 cachev2-ams15.cdn.yandex.net udp
NL 5.45.247.11:443 cachev2-ams15.cdn.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
US 8.8.8.8:53 yandex.com udp
US 8.8.8.8:53 cachev2-fra-01.cdn.yandex.net udp
DE 5.45.200.104:443 cachev2-fra-01.cdn.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 77.88.44.55:443 yandex.com tcp
RU 77.88.44.55:443 yandex.com tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
US 8.8.8.8:53 cachev2-ams21.cdn.yandex.net udp
NL 5.45.247.25:443 cachev2-ams21.cdn.yandex.net tcp
US 8.8.8.8:53 yastatic.net udp
RU 178.154.131.217:443 yastatic.net tcp
RU 178.154.131.217:443 yastatic.net tcp
RU 178.154.131.217:443 yastatic.net tcp
RU 178.154.131.217:443 yastatic.net tcp
RU 178.154.131.217:443 yastatic.net tcp
RU 178.154.131.217:443 yastatic.net tcp
US 8.8.8.8:53 mc.yandex.ru udp
RU 87.250.251.119:443 mc.yandex.ru tcp
RU 87.250.251.119:443 mc.yandex.ru tcp
US 8.8.8.8:53 cachev2-kiv-04.cdn.yandex.net udp
FI 5.45.192.142:443 cachev2-kiv-04.cdn.yandex.net tcp
US 8.8.8.8:53 samsara.s3.yandex.net udp
RU 93.158.134.158:443 samsara.s3.yandex.net tcp
RU 93.158.134.158:443 samsara.s3.yandex.net tcp
US 8.8.8.8:53 uxfeedback-cdn.s3.yandex.net udp
RU 93.158.134.158:443 uxfeedback-cdn.s3.yandex.net tcp
RU 93.158.134.158:443 uxfeedback-cdn.s3.yandex.net tcp
US 8.8.8.8:53 cachev2-rad-05.cdn.yandex.net udp
FI 5.45.192.12:443 cachev2-rad-05.cdn.yandex.net tcp
US 8.8.8.8:53 mc.yandex.com udp
RU 87.250.251.119:443 mc.yandex.com tcp
RU 87.250.251.119:443 mc.yandex.com tcp
US 8.8.8.8:53 cachev2-fra-02.cdn.yandex.net udp
DE 5.45.200.105:443 cachev2-fra-02.cdn.yandex.net tcp
US 8.8.8.8:53 cachev2-rad-02.cdn.yandex.net udp
FI 5.45.192.6:443 cachev2-rad-02.cdn.yandex.net tcp
US 8.8.8.8:53 cachev2-rad-01.cdn.yandex.net udp
FI 5.45.192.4:443 cachev2-rad-01.cdn.yandex.net tcp
US 8.8.8.8:53 cachev2-rad-03.cdn.yandex.net udp
FI 5.45.192.8:443 cachev2-rad-03.cdn.yandex.net tcp
US 8.8.8.8:53 cachev2-kiv-03.cdn.yandex.net udp
FI 5.45.192.141:443 cachev2-kiv-03.cdn.yandex.net tcp
US 8.8.8.8:53 cachev2-ams03.cdn.yandex.net udp
NL 5.45.247.53:443 cachev2-ams03.cdn.yandex.net tcp
US 8.8.8.8:53 cachev2-ams02.cdn.yandex.net udp
NL 5.45.247.52:443 cachev2-ams02.cdn.yandex.net tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 2.19.117.22:80 crl.microsoft.com tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
US 8.8.8.8:53 crl.globalsign.com udp
US 104.18.20.226:80 crl.globalsign.com tcp
US 8.8.8.8:53 www.microsoft.com udp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
US 8.8.8.8:53 storage.ape.yandex.net udp
US 8.8.8.8:53 storage.ape.yandex.net udp
RU 87.250.251.66:443 storage.ape.yandex.net tcp
US 8.8.8.8:53 browser.yandex.ru udp
US 8.8.8.8:53 browser.yandex.com udp
RU 87.250.251.66:443 storage.ape.yandex.net tcp
RU 93.158.134.121:443 browser.yandex.com tcp
RU 93.158.134.121:443 browser.yandex.com tcp
RU 87.250.251.66:443 storage.ape.yandex.net tcp
US 8.8.8.8:53 yastatic.net udp
RU 178.154.131.217:443 yastatic.net tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.4.4:443 dns.google udp
RU 77.88.44.55:443 yandex.com tcp
RU 77.88.21.37:443 tcp
US 8.8.8.8:443 dns.google udp
RU 87.250.251.66:443 storage.ape.yandex.net tcp

Files

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 cdafd294e75df36890ece2acbd0eba76
SHA1 1a2722af6e251a7ae8d7fadd3d3e0a121bf3c0c7
SHA256 69d884e490922375556e9031409ca832a252f074adeeeaf1dcadb0cf2689a273
SHA512 624d08c2b2441ed8b307cd24485abba2bfcedbfbafc68aaebbf79a218edb8b4390a2965b47d23fee8aa6470ab67d3051a6b3c36f48cf2c7cf0023549e995d490

C:\Users\Admin\AppData\Roaming\Yandex\ui

MD5 5d05ff5eae2943d3b38143315ef54543
SHA1 2781fe0850b0eba122e0461b4afc671c6fe4b82e
SHA256 a9be74dc921cd13efdbec4f2188eed10f3b190030657f32a018b6b8d1938e4f4
SHA512 a0ffa62e8cb16a2e3027ddccf823e237490447fc2aace01cc182ac19ce04dd8d1e6808aa188d0c813592d1bf4b273f3c73e40a531426fc1287e4f6143b490376

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 e3c982282ddafddc813a6a3994214576
SHA1 c5ad6c6333efd2c53685de2fc84a5bf115ded67d
SHA256 3e5c7ebd08b4e6cb6c050de52fc8cd5f419d21a04140895f825101b7900ed101
SHA512 cfc41a90ca2160beebc38190d99e696188cfd3e793c6f14985de8789775f7c5ff7c3305e0c3ea6f475e88b48580bb3201b228fcbe0a34beb3d40e81683f18437

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 b1d28ce3c7891bd32a323a7023e386d7
SHA1 1b0c544e52526846e244bd1666c6bdb9b4d4f2a1
SHA256 5138d8fae018c1fdae60fc4d8f56074215cc725e60fbac11b33e9e8b82e50d2e
SHA512 ee3a2274756fddb38c39e24dcaf3c950f1b9e3169acadc0ec06b2b5f83490fb9cb09c38e12ac7c2d8348a4eb7bbbfb80dacd6e7c51e31b07b2416af95486dca6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\66F835E41EC6A985EB9271E4A70169D7_CF44E3C99F7F4AC558EEB35244F7E046

MD5 ccb26be0ac8db7c30985861e39d9ce54
SHA1 c42b3dd24678158c4151bd0c657e38ba0d08ed46
SHA256 ecd2d2b7a8b1b8bdd399965f25e2cd5d35a4554d6f0aaad6b1e6ff0c688827e8
SHA512 ab69718a8b2edaca79f761de65d1618e7409c9319fb48e6fd9968959872e5f9fc2a32ab5a0c17b9b746fabf4088f6211f3e0d72000aeffdb3b383b369e315a2e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\66F835E41EC6A985EB9271E4A70169D7_CF44E3C99F7F4AC558EEB35244F7E046

MD5 6b5cd7066d7682f455a7e52e7027161d
SHA1 ed120b31efe51f63b8345f33e858829244587c59
SHA256 9679ca1b0c3fc8d46a48a931df8cbb2c0291c473b2cbf0820a9612648e2b6a18
SHA512 df4e3c9c75b4f71198ea7e36f350ceac899c42c5408a353bfd387e2c517f0519fc35db523c6d83cf497215e3031b1a041d1e2ddf00ab28e5b580e54186686839

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_7DAD5545724AA2C98C55095F428499FB

MD5 9ca001798d122ae5eb7d0218784e4ce8
SHA1 51c1cea4bdaaf5505ba09d554822143a7cb926da
SHA256 308692cacc05201b200e46f306a8e4f3ecf1d87e989d7a6efc950752e9fa1b8d
SHA512 2c4a0f8e0132467fa7b0c420d93e33e6529d35416e57daccf690acf876b055ea4f325be277a6d292ca9222ecb42d04e609e2cf3f1359508f5ab10116073dec9a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_7DAD5545724AA2C98C55095F428499FB

MD5 cbff32ba3e1e1ef7fe1e391f1dbb36e6
SHA1 d91395b2315c19dbc4e05ab018a0df7e583dd56f
SHA256 fd92deef48ccc95d1cedd910c6cb68479f11b8b73c20a16f851a88b00ec27b9e
SHA512 d8f230348b2b1c4bd775d40e4b59915d758a7020e9f4c3a7ce4e94d7e51507af2e3168497193f86553823f2f400bcf9f20ac9fe0d8df1fc7e24aa0fc0dfafcee

C:\Users\Admin\AppData\Local\Temp\TarB638.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\Local\Temp\CabB636.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\81B9B36F9ABC4DA631A4713EE66FAEC6_6BA9632DDA5E7BEF7185565C8D7852D6

MD5 f4c57b9186b880b16c842bccde751870
SHA1 492c881994a0ee9c622fe19dbe4ada55abc0a079
SHA256 4c119d67161e4d2a458a4b27730794d9046f57f9187bc1b9f5e4846a17e94391
SHA512 7d965eee9730c29ce73967f28791ad03ef30d312d0749c3a9ef1e2f663201ffe8512915260506b625e25af128030b8f3362de89f68a5a6179d345e11bf55bb87

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\81B9B36F9ABC4DA631A4713EE66FAEC6_6BA9632DDA5E7BEF7185565C8D7852D6

MD5 39577690a64c164c2092a7326230c214
SHA1 99b9cb2d60cfe0462cd1a8aad3ffbe39308b5eb0
SHA256 afc937c69c69801c7d99ecbf514f141b332df6957a0bc11923cc371823672264
SHA512 210e5b880af480917596815a09c9f57a20c49158659c1d7b594d0d9312d7eeccd4f5a238c052094989719a737a003890286a9a45794856f5230d0759d9b52c4e

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\VT9H7T7S.txt

MD5 03ca616d8b2bba9c507ff96ede1795f7
SHA1 f4c68df573fded3c42146e1b6bdde16343ad6e52
SHA256 92055fc343db808b6f99f4dd8efe31f8fc4bec0adc31646d8e30f0d95427d557
SHA512 065873907e1543151aec122cc6592e31451ef7b4e019bce605fd0462c71abfe1cbbe94e19c53263095a3b14cabcea6f69df40c848b9a0adafb3ad548d712ea30

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3

MD5 e878e2b4d53d4a2a21120ea2132d05e0
SHA1 22dd9f652105866eaa47669fad49ed23a253fd85
SHA256 64e4e897746883e5eab02082d932833d9a5bbbe12f25cd4a61b690f38b07cd65
SHA512 62db5a6e68e1585b1a61b4e5d3f0e65a73f46d621880c723e2bd8ab2003b52cf295476e6bf2fb8a3f3948508cef9dfce63ce7be9bcb4ac37efb2115681f3c52d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3

MD5 504b008e68e18b4d03fe13bfcdec3c96
SHA1 20d6c529581cb9309941cc826546e41c59924178
SHA256 f6a6bed6ae4d6af60d2deff2898f32d560c77c7ae8159c30b09e7e18ce78bb2e
SHA512 8924cbe3b518ba2bb7f0d7c87a4190c235e6404eb198e0863250dce56eebde3185c10a6b0811029c58f68673e10eacd4230e5c0881266ee01169bd5b2a41c79a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B

MD5 b4592bce553369cd0bca902d4bf1bfc1
SHA1 a9853b0e8ab6e4a4f71268aaffef4ce9dc4fae31
SHA256 12d58ce1329bd6dc8aefae491dfdac8bfc129042a3a5221a83d3436dd30c0708
SHA512 a3535f38af98a075d54695af56f0513811e6b5337b4ccacb982cfced28f7c5dcf2e3dd73c367d598b948386f9fbd61eb2a9cd8cf1079a872e3bfd4d490089e47

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B

MD5 6e8032ba97668d28c62ed2b6157e3a3d
SHA1 829733a489c9cfc2919ab8032009d4af4abe952c
SHA256 49a5d083ea6a5b16708018980ec37d46b39a4a132c26f260bbba00db8dd3106c
SHA512 6bad8eb44098f582129a1e2f7c6860447f3710b8161176b83df5445c526cf7cb5bbf4e07986fc8b5cb69f040a6e2098c6ed5e2074237d447b18382f93fa7aaf2

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\gsz3hkd\imagestore.dat

MD5 3439720dc1fcde0a25b055a55547c398
SHA1 c0967864db3b94f8280005d4545d4635414c3cbe
SHA256 680cebedda5e10247684ff3184520a4fefbfd255666af7c35848dd1bd936ca62
SHA512 9da4a76538853516dfaa393f9e665705878947d5217fab7789e2bdab2577b2b26ae1d5f7fbbf22103b850410833e883bf31b9ae38b31e0d19e07ae05f8a50129

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8452S9S3\favicon[1].ico

MD5 5bd286ded38badeda66e9c395b814405
SHA1 49e2213a60c70825b9552505cb8b7334a3a29a40
SHA256 bdd8486f2d838c7d9b0e2dcfe732a52c92f63879525206c2662905a051dd31ea
SHA512 96bfc9211f0f1c1c375e49ebcfec9e85280bba64352a4936b95e15d5128e77e9b4d5ba60cbdd76f8e39ce7bf537e8c77fef218e0b24856f28fc34671fcbecd0f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8d1f5da157a6637793ea42dce2367ad2
SHA1 66e6f532cf8f07fb87faaa0df9f70f5092d6ca59
SHA256 c43b4926ae70bc5c520442334e2fd03cda0f0befccd9ba6232e81ce57de42334
SHA512 5b0d15bfd6a8690c5d1ca51ad9f14d4656645c397ba4e9b5af22589f18fc9b6c493f697d0b80255c25ae57d21137eb7c6dec9ec2260103c898a8baa4b972a12e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b81394982e89daaa95594ed7ef747f43
SHA1 544e3d7be8fc69bf02a226561bed0c2c12955888
SHA256 11e2c55f7c8a1e30d991c8400f34feeb7f1409d59ded53e0a4fa27080331de96
SHA512 a307a682bec6bb60c74485f8973ba6ea1cfca7c6c8a1a20fd96039fe4eefa910ae1ca19d5b2891c4a75ae59114a3c9ea5d49268b4a99653c6acd1524a3cd5c68

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8622489490cf14ccb8bce418d654012b
SHA1 2b9b50f6da36b6fc1eae649fea4336eb489666bc
SHA256 e9e99c5fc8b62c6d1e21947ea315280c034026c99d4b003edaa82cf6d403ebbf
SHA512 2595a252c1c60f3ddc3425af04d56224c656813d5eca67877b61d023e3b40018c335197b3d4915723be27c791945a36de20163b3452d98c436db6780772476e6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7af53507cda436c39f098c78c62dea8f
SHA1 f770f03b840a4875e5b3b388e8f816a3edfd9624
SHA256 fafbb07032e95dd8c6f89122ae7ade9823eae37d5600c4018646ba5181391896
SHA512 2061e6d765d6acb20883495c0c044852efe7bd7a510fa27f66bd720e94d29be5029d263990246f7c99b490b4c2558a504bfd081ed4eeed19fda5af80df937c2f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 67d8d05a22e10f90c051dbb216058257
SHA1 8e15c7f76a52c65df70eedbee35f840a2a15da69
SHA256 86c85cc38ca646f85010c7ddcf0946208d8540222ab73d55590af90c7626d22e
SHA512 211efc449c0e43f1dcfc3d9fbe996ea5c26e598f4e4c9e07d499fa3e703615ba133c156a6808d9fdb70aface26013c35b5c25efa69a259fb02bc330335bd4202

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 00ae00501a732adf0fec89b4a2f3b5dc
SHA1 5ff5769235ca82d76f42c37c7398c16593becf49
SHA256 526124b642819dfd593749fbbf05a199bae4a03e3eca43815be922e1038936c0
SHA512 cf8e9171f08f59a53ca5ef4c122182e700589d75638cc0fe580a8f1fd511eb416230ff4051b6e562075fae802d1a314ca226874cfd1e5d681263500d11c9c49b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 81f22614a62f0d1a4d508c7625bea837
SHA1 fdcb645bfe190b397864cedb5462f09c9929e372
SHA256 c784d0f07e428f8f258a20f8a6515b6f8dde87d1bffe18293554ddff20a44daa
SHA512 61326e054d9121bd8125a4a55113ffa9c1a144c9af210dea5b93ab0c3476640059e9eb3c44dbc5640d3980134963866b7b96d39b2d282e518b9b9a8c600f2733

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5f2da37448adfddbadecbbfcbfaf459e
SHA1 12e8d3036a45e1d2e5a471ecd8baf1fe56c64694
SHA256 1e192cf85ce14e99ef98ae5c81607929d26ad0a9e654f67f16871220e8f6e1db
SHA512 e3687770aecc708908d835043388ce7242aeaf8c382f06ce9573c79d6e76ce87310e091c3b85beb4a69427a9b4bc488c23a45d6135e2d950c26147412a7d1a06

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\RO6NS35W.txt

MD5 2d1ea7058b74b26f6a67136b4d1583b7
SHA1 949cb849695abb51fa5cd141ea9f2dd81b61181f
SHA256 4d0e60dbe4c7d44b6cec48fd473703af881ac4c5a96f4d626071695543f3e203
SHA512 e87dca726bbb52616d7eabadb7950287fc867e9c2c65fdb61b9a8274cbebc746042f80c295a0559373fa20a4cbf7b9ce7d4f3ffbaf88e1d58a398eb5d9cc0ff3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 11b0e1ad2f8b4fee12b462133b40df8e
SHA1 c8ed6802d6022086c090dc91b9dedc6bf008d453
SHA256 72e0bad71a3f3ae11d390eba14150839f4d585e3bbc9e7a9878cb2beaeeef4f3
SHA512 2f5353d9dc05d87ed7e1d9148f194c20f3482c405ddbc512d9e522ad950625793d9462999d4b61cf0cac7be5dfb38459f1bd37227d0da7793d0899e41588d6bf

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 ef0b07a5e06c31ca3990693378a73ff3
SHA1 7ed8599b2d97dcec5886a97839e59b74f46943c5
SHA256 f20ab50c00f5982fb698d3a1b1029d9bbe239f4e97be13ad61b5a280c2490c67
SHA512 2b96c8ae7116eed6ca1880ddb4ba21985b5fb4956cabd8565829db7a1ea1e7087ac9de605b44e7087daa9f5b5fd5cc2f53befb6c97b52011d15b716ec5d981d6

C:\Users\Admin\AppData\Local\Temp\website.ico

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\setup.exe

MD5 5fdeff4b89456b836f351443aa9b3d5b
SHA1 7112f415950c45877265f98aa8388e8093d4abcd
SHA256 7dab48f2004dd9481294d59caccd8573a6e28c1c42b6d7a354dcd3e79f9c7f2a
SHA512 35962b165c4604d3262bdc564e03d791df6175bc4825ab60237c17b7b9f67a4db190ba3f410829c4112a67b6fedf7049e5c5ad3c6f6d41f01a0d3b5c2a0e8346

C:\Users\Admin\AppData\Local\Temp\master_preferences

MD5 9f6befc3ce6dc3ef930cd461f795fd2b
SHA1 445f0f2b0330b16ca3073c18bd0e550b9c1ae657
SHA256 f960a911e0a99d4dfe5e33f734e4b7f5bd1f397cd546dd0f4baa5583453c24b5
SHA512 a47ab3d92918a3348ce69077ecf276368b238a6a8832ac1d05d36e197657dfb7136df97ea4ab26ba4234ba784bdad89c4893ba0b353bbb452cff46f276114fc6

C:\Users\Admin\AppData\Local\Temp\yandex_browser_installer.log

MD5 a934ffe21e67d70785598dfb71e7eece
SHA1 00fe6d6b8093763ddd4677637b29d0bdadbc1520
SHA256 9c453c98bd8fc91d7f01c1c35ebc0652c73cad5d27a62e8e3f7050530d12c864
SHA512 9e7fc6e532eff3a57de3641b2f72088ab564b4d56b7bf5f6d919a8a152ccf8918048bb5e14d3ef2d829ebba4779e9d1e37c157f3b79893e103c7514a88cad78f

C:\Users\Admin\AppData\Local\Temp\distrib_info

MD5 fb13ff20cd380d5e3855896ca48d041d
SHA1 ffaa56983ca0f8a546072c8d53da581520a2bf49
SHA256 6bfc6704a02b75f7f2456c6c195f18f5af7c18fbe3ee1d2abffa876b6ff3992d
SHA512 7cde555322089eda5b0ef9396faf83a191c7c275f3f756d862b232ce1be8d179d7fa9363c48d0d7a54b781612712175563ddeb4d838eea21be3e2cf3b216c988

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad\settings.dat

MD5 b80108802284e0eec060dbadc460306d
SHA1 545eeed9d0d999d485e58fee28884324e9e043c7
SHA256 b3eb9bc311f7cd41fa65ce8c1953d38295a1674b5620b2639c37d8a3c7519e0a
SHA512 2dc8be6cacb499129bd69092afc7a9017d167ab30760a0aee515101fef45d2a2a82d929f35104d500809427393222b66535f665e0344094ed8903e2b66bca06a

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 31bf76e62e19ec4a2a7d5a9c1ecb3f48
SHA1 310d41dadfbbe034060c0faa3fcaa508cb8e1a18
SHA256 5a2955514e66bd398701ca0b44f1049df92e8cdfff577d48106ac6f23ec95f85
SHA512 f0e3669ae544b61dab258fce5701d5d391a696aa5cd56c4416c46c9ff9ce816b1fbb93d5dd85ac76585db98b78d3b85dacc3793cd3b46c956a391cb0bb70b944

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\349D186F1CB5682FA0194D4F3754EF36_329286CE101A90C7D927A9DF52224760

MD5 95572665db9e46c7551e9a563a133a68
SHA1 dafd4ff19223a6fc223ea193c88a0d5d2206201b
SHA256 97c458d56b503f0a41a5a13e4c5f593a6fcde27e8153edefa2def246aa05d274
SHA512 c688139935bf005b91b8ece6223b8d2eeb7862f1eaa94a828474f82426e8f545996a0c5b7415412a8fa3ca77ebd52466a9ef9aa32e097f6192e12f6216fc0959

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\349D186F1CB5682FA0194D4F3754EF36_329286CE101A90C7D927A9DF52224760

MD5 d443e6fd8e15f2137e5d9053fd8a1c08
SHA1 85b290c82a8b185d1e015c5036e707dab09b2bcd
SHA256 5c07f0f30314267c10ce5a60780f81bff18c5608adec127e14dd3431b7445407
SHA512 4a25898d61485617098140dc2d4c4f70d1e0d9adecdce2be73b268c07face513af720675a8204ecd8ab544be36c9eb8f36c199a4d94a898bcc4633c24bc35434

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 ca97f833c2fad9fa9c6c7bbe5dad2b11
SHA1 df344ee9281d6aaefae5ebef8d287e782bbc6827
SHA256 85a68757a1c61794baea6c22b1601c94a5272c3c6d28cbc603dfc1b6176a1e9d
SHA512 ad0b4a388e971253aed658d7f4bdd2030280934de71a8efabdeb1f090482eb3f8b75d7765c41c39193e650f17621dcf6e267b667011b26e71b00c8abbd7b6c9d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 caa425fe84b20b582890a12c40235547
SHA1 462c264dc2c7363a5429c4f8172fd7f88fa33e51
SHA256 fb04cdf9def0676e5525b2a5ecd93f8281ed9cd061fbaeb64443982b3ee2261d
SHA512 76485b46206eba39a4a08df3a38f916c0ea224d542e5ca8177a9acfb355d80da07c2cd1e589abafdabe8615d69db116a53e748f3c9241c7549f5adef40ecc83c

C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\BRAND_COMMON

MD5 8fb3d5252fd262cf808f6f0359998b0a
SHA1 cdb8072dfe898c72c15c2c381349ccf7f2d4d440
SHA256 7ad5104dd8c35ebbc06c56fc6a2cc3f8cf7391ab2e97c8c9d9b3de1d8ab4a5c9
SHA512 57f1b72e210aaa880cdcd04eb1cdadf13dfe373c50a0d98346e64ad93521da43a5b71b068fa3ccadddb03a6e97084b7d25cbb94fcf9c3dea1904bde0c2396bf1

C:\Users\Admin\AppData\Local\Temp\YB_62B67.tmp\brand_int

MD5 3e499ac6cab5c37d47c0ce7079be9408
SHA1 bc28c35a5feff7ed7061f36addf1b9bb439bf0b3
SHA256 7c69e77970d70ab50c45e70a20b67e4d3c03123b384e723cf2cd515062d22613
SHA512 16e08366a863f3730b880df0f4f34789638a67cfe26e295a8f834594f2ff67bcbdba0cb65b8a316009cd0408c9742c17f13d6a5257e3a7bd5245e5b5549d9fee

\Windows\Temp\scoped_dir2436_2045106729\temp\service_update.exe

MD5 ecc2447cad674a68a24f76772cb51dbe
SHA1 6928b8b96cb7a1fa8dc8a8bacef8ab6163a15af9
SHA256 2d6ea9290d3676dbeb61bfd94aced56025cc2e357626ef58854b8be4ae4abce9
SHA512 3edc14b1efe6fa1b36c77e3e70faeeec7eec58e2f4ba9c6ff0c4ec772d3ebcee26ac1d0be76502416be82638a5ba78b81eec552ffad9be5d1d3ad8a90743fbee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B0B1E3C3B1330A269DBEE4BA6313E7B4

MD5 2ffbdb98df2a2b022a48adeb94a3af50
SHA1 6c86923b5c5832bb102f041cb7d38db397074f12
SHA256 dd12c5733bc4b682e1da6353c8c27650f53d11a8ada8fd8a2d06f23cecae5ebd
SHA512 a5f29661ac78ea205dd945fcc53e015152277426af4bcce688231ca1a564dc49144b2953409651737733fec72e9042468c780917543c007d7de74ed44058dbfb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B0B1E3C3B1330A269DBEE4BA6313E7B4

MD5 39b45c9b4b2a43a68768ec8998173a74
SHA1 7e999557d580fda5511f248b282bc24c253601e7
SHA256 0769cc34c72b5a98313b7f9c0c69700ea3f75c857db405c00d3f45ec336336cb
SHA512 6180a95ebd70ac913b91536d4903fe51d6775d697cde26d09e16f29b82581276726d632b7fc50ae71a8992b94280b0d45c877af0f122c641332ed5717a8d8d17

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DDA81A73291E20E6ACF6CACA76D5C942_2A2080AC7EEFAA81BA7361978F5743B9

MD5 5bfa51f3a417b98e7443eca90fc94703
SHA1 8c015d80b8a23f780bdd215dc842b0f5551f63bd
SHA256 bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128
SHA512 4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DDA81A73291E20E6ACF6CACA76D5C942_2A2080AC7EEFAA81BA7361978F5743B9

MD5 204e48dd2b459309d7f012ce13171977
SHA1 9a53502cbb30954f6cff2427532fe21c9b10e973
SHA256 e36264a3022c2dd287ba509a4d48c602cd748b4d825f6d484fa4a8bc4c93e7e9
SHA512 b63fa3e6186efa3b97da3f205b9e10b9a7c7793db286bcff1c1d3e4663f4e36365906646f2f8ddd361fed634bed06bcf631a00a6cb3da7792dc59130c057d499

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_A026C9CD7BA14377D055F4A2325D4501

MD5 8570b4dd937f7e373bfa5faf5718315e
SHA1 130cb3e2d23712bd63335c86ed39f6c2e0829cbd
SHA256 d3b6c5a3987554397aac1d9e73f6714fa1366925a2d72e0623b2c2c0713f0525
SHA512 bcb1928b049f2fb859b36b65709e9d523ddef133113a9cd99080fe3f02a8fb3f802f5d52c79fd4ca66b9f47d0c1b9df6e1fe3fabb0ea3f41e2a6570765a7eb5c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_A026C9CD7BA14377D055F4A2325D4501

MD5 0088a6d17eb6723783528b26cc46abe9
SHA1 f7b2abefd73735beacdb1511211fc96cd4a7b19f
SHA256 7c0677d3ddb7c4354b5f9f49b936de99b988a1ca1964dbd23d9edc54179ad167
SHA512 98d3bcb7fdfc1d56492ed8167aee4b42c7fb1da10f7ec4f54edceda49df785944adfd7e5dba3474898cfda11d8d6d9019c0d5ed67b10fdeff2603750070a0082

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FC68FB72D4FBC7E0F151BC2282D75E47_367FA2447481C3DB640CE44BE2E5A181

MD5 6e76f4d7c4573d2a3ca66fbaeb121e24
SHA1 a70119a2532f9c6ed61726b03d843922a06dafae
SHA256 fd1b70bd6aea73d343e2eabbc1065717db60fa0e1efc2176b2cf4dae67a03087
SHA512 cb4bcc0eb26d293136e1e9de39f4de4b1b542c7e66ff6ea15415a39268e1a7718abc2e83bb2beac560c8b4ad48e2a0bb96d7d80da6388b0d3654b5f48387c288

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FC68FB72D4FBC7E0F151BC2282D75E47_367FA2447481C3DB640CE44BE2E5A181

MD5 6a40445d6d6a30e9cbb645b4254582e1
SHA1 82fd2634b30d3577f61753c5a9d3124db31d1ad4
SHA256 ef42e4c942b0bb19cdd8f6014bc86134f8b58f7159aee823b39f6a4cf97db355
SHA512 388a012416c43a9dc47eba28087e7436deb53e3ac0d7126ce6b92c981dd5490f6075886d615f9a29853f7f9420ab0c0016f3db996a31689454819c7425b6cfc1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\42B9A473B4DAF01285A36B4D3C7B1662_38924EDF39D8802D6946FB22E5DD0835

MD5 f4ec50ec94a07abf0850cbc7a866200f
SHA1 ebafdfbbbee590f3b8b33089db81b912003b865b
SHA256 d493a5d57d7bbedd7d1e2bead74c02713bfeac7078163ba7059667129da712f4
SHA512 ad578eb6d79a6d2c94cf5dfac213eeef3cecd2e6219b5560e3a18522a3c471c4408a80253fc2f427778d32bafc3c2e016e3383372238caaf36aa490378fe3b46

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\42B9A473B4DAF01285A36B4D3C7B1662_38924EDF39D8802D6946FB22E5DD0835

MD5 cb4ad326d5b72f3e640c8edecc538a61
SHA1 44bfaa6192b79a469268ab4a1789b7f20bf69344
SHA256 0d984f660e3adfeb733456f1b7ba43c5b94d1fa645db7a3c99a804e9439751cf
SHA512 41746b6cf931f19bdbbade277442b18ebc042aa012ac5172f214f7b9bec792f2acc5c232ba675a27397c3bde96267133d31218d586c1822975d3a718ce2dcba5

C:\ProgramData\Yandex\YandexBrowser\service_update.log

MD5 aa1968aee80b693f8de38b32f8d27768
SHA1 caf0c3bebfcf44061f68032d237a9d335be3934a
SHA256 1d6a26715b665a26b9d2ae3901c7ac5b4e65a432887b4c42e331920cb787b226
SHA512 69ba09aa50e8029a375bb308b6a41f4ddef4c8e004aba0bfad49c3a05355cdecb364581fb7ee44059fca7ab2070357cc3a2b20f6b05eae4d3e59a8f153776d71

C:\ProgramData\Yandex\YandexBrowser\service_update.log

MD5 33aa9c9f5cdc5bc2fa69815093462fc0
SHA1 a38e61ea0b4dd8a629bff836cd41685a6c6f5b0f
SHA256 3f02d7fd95d46b18f3004b5bbcf25b84ecb09d312c63a6580c001c830c19072d
SHA512 4a520e062878fc0f4339b1e0479e062fd8a0df3bf780430ea6aa862b0fce945ff2ef90d15c870e7345878d5def513bf5f5e30a8a030e90f310eaa23866829a96

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\brand_config

MD5 f88326bf75f9377d75dc3b34df88b59d
SHA1 f4eec740fe217e0743dc8b4f478d881550f8e12b
SHA256 778033d4ad9e66340c0bd06770e6d673d76d83d1cc3e9abe52d98ad4276585cf
SHA512 9aeb77c703d3d2e1bf4575c94585109d62c7d51fa07b3192af23b861069b65c28baff67c096b94b1620dfb80777e42cfdf9cae891a7d664fbe895abd7ece4791

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\tablo_ES_

MD5 a2ab187fa748a38db8b6736269f64972
SHA1 5e2e542d1e3fc32b3677b0aab5efa32a245d0311
SHA256 dc67a1ba4e945e0c8188112ce3ecb9c32d39d77d992ce801a2ac9f500191a4be
SHA512 5f295f3f7e61b6f206f70d776faeb78df337d3e2ef79212cd4af163eef31b7479b438749dc594374f5956048239513992c3763b6f3f5ac68bed5412a2f877797

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\tablo_PT_

MD5 cbfc45587ec6c290e2d7382fb125bb06
SHA1 5b02fcc706a9f3a35a5d74927bbfa717ad6836d0
SHA256 320a0b330e0a40d1a5c74221bd3e4b1efdd9a1c353cb07a73d88399c2a991208
SHA512 fb22df834a02a9df01bb479cf28437641455c113d84166672a15a76bcb977bf5deb230cbb21c99730ac883545e7f457cdab048c278cc2802b11568d4fdfaa1a3

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\sea_static.jpg

MD5 5e1d673daa7286af82eb4946047fe465
SHA1 02370e69f2a43562f367aa543e23c2750df3f001
SHA256 1605169330d8052d726500a2605da63b30613ac743a7fbfb04e503a4056c4e8a
SHA512 03f4abc1eb45a66ff3dcbb5618307867a85f7c5d941444c2c1e83163752d4863c5fc06a92831b88c66435e689cdfccdc226472be3fdef6d9cb921871156a0828

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\sea_preview.jpg

MD5 53ba159f3391558f90f88816c34eacc3
SHA1 0669f66168a43f35c2c6a686ce1415508318574d
SHA256 f60c331f1336b891a44aeff7cc3429c5c6014007028ad81cca53441c5c6b293e
SHA512 94c82f78df95061bcfa5a3c7b6b7bf0b9fb90e33ea3e034f4620836309fb915186da929b0c38aa3d835e60ea632fafd683623f44c41e72a879baf19de9561179

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\configs\all_zip

MD5 c9ac75ad5c047a40d4553130b013d891
SHA1 e6239762e63030317343a25368ba1c79a6c16bdf
SHA256 afd8d61655f0411c32e70823f917c10230f2cf4688d6334e72989ab99f72d1b6
SHA512 16a7f6396d9b5a099b6e5b032652d54a87120d87c584cf57d63d203ad1ec85f5199ae85a1589a4f193b456205e3d8b64c320093f3aee3d495b4fe424f0fa5f40

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

MD5 25b5d707792b12afcb8513be382ea6cb
SHA1 edd9c3959cfc870b3df4b4e0e9e7164d1699c430
SHA256 b91574003d8d139ee29c494308f654bf9718f66966c549980d6770955c6a2b1d
SHA512 236fb96e80e3d6f54e204fa75d5772b2892e9d355f0aaddcbffa543dff80ba01d76ea7907ad496ec7754daca7420e4623b68edc8f08d5ceac6ddbc01a7de4c93

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex.lnk

MD5 46f71ca6aa30fab6c6d22dc5e6e1ad82
SHA1 76b5e3c67df9c127331a5d7138e06cc9766f0a9c
SHA256 91a201ae40e18022035d1b31f6948770690794b8547d25d91ade84980d3040b0
SHA512 ae6810c228c8d274c66bebdfe6a344e3bbfb445c798eb443de5837f41409c4d5efbc44e65a8d68a410d111e41b1abb4cdefebcc824253954344f4f1e74dd5d1d

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe

MD5 86b97526f262ecf87ed7ecd6c7eb4218
SHA1 d009c56e5fdadb73975c253a14616098dc8d243d
SHA256 33919f6b6975431c22a06c41c32e5f7092860958c68e453eaff9781bb6ab274a
SHA512 dcfa8730ff4da19ecdf72507f36fac86f47c6133a13499605de9a70e8533da1984ff7f5800dc9a597c27b4649f237203f5400e344e22d3b3eb98e2d63f34f20f

memory/2436-1528-0x00000000004F0000-0x00000000004F2000-memory.dmp

memory/2852-1641-0x0000000000080000-0x0000000000081000-memory.dmp

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Wallpapers\store\video-13375666312918800

MD5 b78f2fd03c421aa82b630e86e4619321
SHA1 0d07bfbaa80b9555e6eaa9f301395c5db99dde25
SHA256 05e7170852a344e2f3288fc3b74c84012c3d51fb7ad7d25a15e71b2b574bfd56
SHA512 404fb2b76e5b549cbcba0a8cf744b750068cbd8d0f9f6959c4f883b35bcaa92d46b0df454719ca1cef22f5924d1243ba2a677b2f86a239d20bfad5365dc08650

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Wallpapers\store\picture-13375666312918800

MD5 c51eed480a92977f001a459aa554595a
SHA1 0862f95662cff73b8b57738dfaca7c61de579125
SHA256 713c9e03aac760a11e51b833d7e1c9013759990b9b458363a856fd29ea108eec
SHA512 6f896c5f7f05524d05f90dc45914478a2f7509ea79114f240396791f658e2f7070e783fab6ac284327361dc2a48c5918b9f1c969b90795ceacce2c5c5bfa56ca

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Wallpapers\store\preview-13375666312918800

MD5 1edab3f1f952372eb1e3b8b1ea5fd0cf
SHA1 aeb7edc3503585512c9843481362dca079ac7e4a
SHA256 649c55ccc096cc37dfe534f992b1c7bda68da589258611924d3f6172d0680212
SHA512 ecd9609fbf821239ddcbdc18ef69dade6e32efd10c383d79e0db39389fa890a5c2c6db430a01b49a44d5fa185f8197dbbde2e1e946f12a1f97a8c118634c0c34

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Sync Data\LevelDB\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Extension Scripts\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\07794906-ca8c-4b9c-8687-7740f2003da3.tmp

MD5 e2193e970559351d0156f0bb2e69c5af
SHA1 c4bfad90a8d35574d68ca5bf08ba8e08954f98ca
SHA256 37ce12e1403dd075fdb31ef5e0f353ac889c15590274d291b046eea542c84c0a
SHA512 95405f7c846158c674170b8720ed53326f9f1a216562c8d47aa4e7e0e02e93439db6a5c980a1eeea06344600da34864fd9075efa12010b4245cf04840e540caa

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\56422ab4-9491-4e3d-b928-1e4c4d06512c.tmp

MD5 4d4b657a4d0b9703e41b3e14991c5f6f
SHA1 65858616de1ec60bba42d2afc307cec3d6da232c
SHA256 a0b1ad95ddf3645510625d1f6da088b1d78ad2fd3d19aa1550dcac7e8e4ccf1e
SHA512 10b753ca1898a8c5ca162feb1f58e9c90d17a2cca47b6a70c555d7e7a1188e331e339a2177f83e8211e742a0a2e680b0d86e0f2ee2fb17c8914fb1d6c6b3cd92

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\206b30a8-8b74-4957-9cd4-392b1ff240c0.tmp

MD5 f6d0493762a2714445b8a07bb8cfef18
SHA1 daf9330a42e61fd38b85e1a7e65ae030669134a8
SHA256 0158a98f43b21d3a434d3f3e4db5c44eb9cec39906d5bed368bedba26ce742dc
SHA512 878e2788dc9cd5a6018f8de9695e46b6d91bae01d8e31b024eda1566475e9d3f6318c3e3e4d1ecc8aa089f3af30f73d5caaeba7cf86d3e60a5a24f9a7ba9e8d0

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

MD5 b478a22e1a2a4048be8a5b61bd77ba3e
SHA1 e12dddd5623c51d5f41a11f66f7704b8441a85aa
SHA256 9ccf0c1dfbccd2759dc924f884ade1c6e425a28d27ee169ad5d8e5f1ca73cf75
SHA512 8497ce0d84c37f4facc36f6ff9ef644742f42dc2d1a4fb6f32e172490f63b5557bf1803f522917d6dee589d89f2401bc66f7b3e7f373929ecd75c20137d9256b

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\d130111a-10b4-40e9-a8e2-2503c90e79a3.tmp

MD5 6fc871375a5d1f47ab2508c3109b1ba6
SHA1 0fa3bfb9f7e52895e4f46c49dd6a4d6fe5af4edf
SHA256 e68c4ac8cc7a3e07f2b1c02c6ee67ae0f83a5600fa7fbfe6bd17dfa9edc4b75b
SHA512 b5999a7305c41218374652145566a29d42fe138ab4961562454e10c348c180faf7c0b35810e1f9d31c3684a90e794a08bf5101c2c4bb6bda6ff54a2c99520ae3

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\e2aec08d-52ad-4c4c-9d4e-160200a10b84\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\e2aec08d-52ad-4c4c-9d4e-160200a10b84\index-dir\todelete_82e8a25a394d17ad

MD5 388f81493adc0e4e31bbd43d35209754
SHA1 a29abcee688fb655c4eedcc0d174d6fbbe030359
SHA256 9afa21b110da0bf62b3cce2175e6cc0e0dea8b85a33a0769c830c4b2d40cf56e
SHA512 09a21fdea67ce61b094882a1ccad8d9158ef391537eaa40ae4c2875e902affdd99e68148a72ca1474d77a79c01c67e8deb1bc0c57aad736746ba76efe4a8529a

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\f78bbd38-4967-4bde-bdcb-d8e3108b82d7.tmp

MD5 92492ab66abb667bd041730f60fe61ab
SHA1 4cf218a166f6b03a9aeb3985fce07d077054d05a
SHA256 26ac8ceba3d6d53c0d98db04dfe1a79f0def573ec160909c25d6ae3e99bae84b
SHA512 fd09041b8cddb02dd3909b95e1df6f7ab00637c41e4c50fadb3b510fc0e8f81cf5f5341770ad5e17910cdc136c54968893e9d0620fd35a8b03af83b33332d65a

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\GrShaderCache\GPUCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\GrShaderCache\GPUCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\GrShaderCache\GPUCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6c16581f23a2db9d4b54bec7f81535b5
SHA1 b52b4c6acf385c93a3b9d400489b0a1e3c95bf11
SHA256 1e3ace1fcd9b616dc11c4bc1697981c25e238cfbf4def94fa85a1173f8dd0a81
SHA512 b42a515cfb2aa2837d1f81c5636449c793f6c1a9b88cd225d582afe5b92870f91517c471a0a3800aa5aeeba367866ff576ea11671099a5f9eb2d9b5f9479bc02

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Local State~RFf77b329.TMP

MD5 e0421ebbd5db32417ae486536b78ee10
SHA1 2a1379ebce60c7ff71dcb5afa51248a71cb9f74d
SHA256 41a54a83105fc8a9416339d98fd9d7184d3ec1523806fdfb7fd514cc0423112a
SHA512 968faab230ad4e6a0e86cd4e5406ba9f4165c013944687a0798a39cc709f002b1b8dd6c868f927a6f868a0c53095703dc931a44c73a60a2abd93f8f788ed0af5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 80c7d84752e9223c0f81aed202f75bfd
SHA1 11a070f4320d2b02d287aee5bd2b9c3dc81ffcff
SHA256 06f144006b0647ed2389cd7b963165f9c48f8837c5eb2bd50e40fb7431a478b7
SHA512 8a9ad7fc3278970ba08c6550d67bbe49ab5ccac9e4b4ef67287af40f5638d223aedf7b7a24a4ba0347bdc8880edc1f4abf90158ac43ed8ada7023e41895925fa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 25ec1e967b630b61bc73035287e0fb76
SHA1 a424130d87cf0cfe30d1a52b9e43718791dc8d3c
SHA256 a65e4b1c47bc2865b0328a0bfe0b571a23b5f28c26ba684f04bc016193a0ca28
SHA512 a924c57ffd2e72ed4c6d2a0ca8020dcc0f3868092c486b7be7541180ee609ebba8b047eaf8953531737437dd54f5bd1273670e93cf83e9700120fb6421628cfa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5f263c90bfd49972efef316af45bf5fe
SHA1 10e4afd494c836eac9aaa43bbfe17676b817ccd5
SHA256 6ae8ec83b0eb1e811757a7c190b25b3c4cfd03657d30b8db93b79c9d4e7cb217
SHA512 c7812390e83489d0766421f1cb070e75ab1735d1a1a20179333435091819a3367206b2fbfe308d42534c49acbfb3baaeb6250852bdc54aede71c72a4228443f3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cf2cd1995357c8f75b396280a50fdd92
SHA1 4ad44b5101eb3f178b259804691edaf93e58c4ac
SHA256 2a13db827c00132f88f9c9bcb4908eafa4cee6504894b3a36ec876fdd2e40ec0
SHA512 c854b239f587c50b3ab7fa22e947bf57609eb998ee96b930ec96986311842ecafb0717309f2bcf5776da03762549a29f07d2afad6019841103b6b448c623042f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 dbdd7339aa1ff97ea29e6566b61ff9b9
SHA1 1b6e01822e72343e947ba29ed14d5c73de5a0664
SHA256 90f084c6a6e1e2c50fdd5b710d8059152ae8276172ce343f548d7ba2f308c29b
SHA512 aea022e53664f9fb197d3dca5e9825ca9202a3c07e6b2fe1d55677599f06a7a44c6330200456de279f6e414d91edb8bb8c3dd3c8511211a878d62fd9e510cb6b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 708ef7fc34abbe99aa9b589e16947b5b
SHA1 0a5e32e55ea94c63564c6c3d70403cb2d442f168
SHA256 f85fd1e2d42fb954fee310ad74833d99d96e2a22b2046ac5bcc30131e926cedb
SHA512 12b20400ce0485c066c72c9787b9276173c9e9e1beaf320bb758e95ff784d87cc596a1f931548329fe919b107f1e6704bd33d6b888cf5b61285103b17f7e0acd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3561a6091c11c82ef085b28b2006d929
SHA1 fb1745fca4b5e21aca102185da527969d6a404a4
SHA256 487e0949fa21177e4b1f2f5e35c5259055e9bce540c7078f7d17152d3042b8bd
SHA512 530985437341f02f611bcbb020263fa6d141d91edc2efaa571302e5bfbfaa7a01399446078307cb1fa3ff1ffcacdc39f065b94198879fba6bbf030107c0bbb9c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a4f9f3efa2d51eba1c74f4645cd10a3c
SHA1 dbce6b1532d068ced7061a6f1450020af548896d
SHA256 fcbe294b7e24bc51b036a4e81dbc2d4b65fc962245b559b17cf0ba88361bb5e5
SHA512 bcfc2393491efb310ba3da7cf46a5974e8481b883a5e93ab6d7c25b6449784ebadc8e3f55cebc2ced1af83d9f9e43fea58ec43b7d8720c65df1aef39a6763352

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

MD5 f52a63da25a4778420a02f563ea925d3
SHA1 990b1543da4b0fd4e76c581fe7a216f4f63218ad
SHA256 69c1c8053c78b11de93c3de5438e2493ca79d3d2e039ad8cfa663f58c76e6947
SHA512 19bab6078762c46f56842e2ddf094963723ac7f9dbc1b3b881a245559a29411d990c2886892bcb94ebe8e93a70ec2bbfea91a95963926eb3a3da8a37d6dc70e4

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Local State

MD5 6d426dabf5ac0c5b9e1143074a8a86d5
SHA1 f5624c68ef4c3485341be441e561b924e3d9fa69
SHA256 406506370a73413c09b031d34633e2d7342c29bd81e274f1afd7acbabff47e36
SHA512 a8460f6180d975360515be410ac2d8258c4ea99dba956302369918ceecd6f7a0fafa29b1d4ca7dc83dd9514cae0d267fdf6169813bbda8fad4e38d4a2483212b

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TransportSecurity

MD5 49cfdce6faf0af327fabbab18ecca545
SHA1 89a425315e5b9909fa4a08c28eb0a21ebddb4c95
SHA256 7057eafcdaab17b8a93f1e8a7948ff1333a051a990dde691281ea5bbe032bbf6
SHA512 b7192c02f56d140851fd33556dda546e0302b090452c1612449ba39984712c14b35b1209eb7721eeb159ee2bb67ee0c211db4097f6472cdf19405c745296f4d0

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TransportSecurity

MD5 9218868098cb42651c0d815d51ba6f9b
SHA1 c0e06461898f679c2316e6172c2396e86c341ee3
SHA256 de5509af0c8daf1f5ac71520a9b98c90e49d0d5a196f88af50f2d69e51d576fd
SHA512 5336af7ded9be0d156ef49378677e1a5a693dda2b79fe96690b05114816e75c1f0e631c24673f3b2bf7b99d3bf46044ac2516cf89559cd97c28c4a6410c557a4

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TransportSecurity

MD5 e481583d047f82468b11add694d6cb04
SHA1 00cd6b5f86fba1f12f26db2b537256dbb34ddab8
SHA256 48ee8b6f88ed267ab317795ebe44dbb440b58c142b220a88832561e3de212f00
SHA512 96fa566c896621b0c3436df664c7c6de89de772fea6c1236604071136e44f6e53adb27c2278eb056d601679ab0f4ec40ca426e2c9140d0d8f4bcc962190a9d09

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

MD5 61050e98c509febc646b0586589e56b3
SHA1 a20bb9280f180980614454e6e766f26e2b019cac
SHA256 1b88c9e2af77b789020bf17ddb004c680a425597602649bf3ddcf4b27efd3686
SHA512 d73994b55a500ba36efe970e057a6f18fad1517af066c2f4d0dfbac7a8a29026c05b4565e2db7c90532735c4a8fa48923848a3efbe8b324dde73ce230874d6c7

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Local State

MD5 8f696385d3ca112d2cd05b424a867893
SHA1 b62ac9984a4cc3de078afe009c1de5c7fbccdbfe
SHA256 1631a75a6ab216830872e34ed5fa19d9441e2b1ba40540c2407c96c4da00c43d
SHA512 d871b959e892051ad68096341a03e1aada01b208758de304d7b9414d617a61da91c4fd3ba62df41cca67931399cc635e2c3857efd8c346d11d91f06e0e5d277a

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TransportSecurity

MD5 0ee9d2e08d5226984c3197494e57667f
SHA1 953fd9e261fbd611fc21a829e6fd3170dec67b46
SHA256 ba32ed1250f59beda621182b4542bcfe598aaac1344a153d874667f8e1099747
SHA512 61de3432cbbba70e148ec408b120161409414d22c1313a8aa7e7482b516dca6034113077e696556a86ad6058c5cb2ed832d6696f1145f2d1db3486f8079804d5

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TransportSecurity

MD5 316caf9e980b7b833ff0053ba3769621
SHA1 3a2c43529360b77a52e63482e992ce9c3c7aa1a3
SHA256 c7d6d4ac041e57f34d50f256902eb637d07c9b3718423084a77b718a719c92c3
SHA512 d30f9255634cc67523fb22c12be668dd59f0e4c6c7a731e77f15253806fe1c326569c0c7356ad09a169d098eb11f4056916ac27be218f9a2a869a125006e3545

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\cc7ee67d-1714-490f-a57f-494ab3d76492.tmp

MD5 0b1d4f5347ee9f74d4160767c1469207
SHA1 0f3c9e1da80c126afceb89cae26a47b21483acc0
SHA256 c271d98aae2877e7c5ec3fda3103c06e34cc6f7319e8994c6a6837e99d35a9fb
SHA512 46272989e314573c2d247fc8022966dd5b575c8972fbb79cfe1eff5e6124a8855f6dd5b2639fdfdd3fc37041ecffa459d1e8b9932bbeff4f39d85c7e09e89373

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

MD5 c1d434870ed417d6054a15375854c45c
SHA1 d7dd517bfb24cd8fa00cd5f9a64e9790eb53b21d
SHA256 65dc009759d41db8930d3520c1221fed3944ae74b8f4a756e9b57236eab4cdff
SHA512 491106fb7c3996af968f2132edc32c717ddf1b4a01a3499f44cd4b069b71a20b48ac6d84fbff69139f3329918bee131e097045f1a3610380c9c9ac8abdd46e4e

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-09 22:50

Reported

2024-11-09 22:53

Platform

win10v2004-20241007-en

Max time kernel

147s

Max time network

157s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8f702bad1aefdc220b8597d3321fa11b61331c10d76416c70505e9ce73fd73ed.exe"

Signatures

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation C:\Windows\TEMP\scoped_dir2172_1625947472\temp\service_update.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\scoped_dir2172_1372208555\explorer.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\8f702bad1aefdc220b8597d3321fa11b61331c10d76416c70505e9ce73fd73ed.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\YB_A4F65.tmp\setup.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\ybA807.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_A4F65.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_A4F65.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_A4F65.tmp\setup.exe N/A
N/A N/A C:\Windows\TEMP\scoped_dir2172_1625947472\temp\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\scoped_dir2172_1372208555\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\scoped_dir2172_1372208555\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\GoogleChromeAutoLaunch_45886AE68CD319C7351FF54A1DBD4B87 = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --shutdown-if-not-closed-by-system-restart" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Checks installed software on the system

discovery

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A yandex.com N/A N/A
N/A yandex.com N/A N/A
N/A yandex.com N/A N/A

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3 C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\349D186F1CB5682FA0194D4F3754EF36_329286CE101A90C7D927A9DF52224760 C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3 C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\_[1].js C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Yandex\ui C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\349D186F1CB5682FA0194D4F3754EF36_329286CE101A90C7D927A9DF52224760 C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5 C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCookies C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe C:\Windows\TEMP\scoped_dir2172_1625947472\temp\service_update.exe N/A
File opened for modification C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe C:\Windows\TEMP\scoped_dir2172_1625947472\temp\service_update.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Tasks\Update for Yandex Browser.job C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
File created C:\Windows\Tasks\System update for Yandex Browser.job C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File created C:\Windows\Tasks\Update for Yandex Browser.job C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File created C:\Windows\Tasks\Repairing Yandex Browser update service.job C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\8f702bad1aefdc220b8597d3321fa11b61331c10d76416c70505e9ce73fd73ed.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\YB_A4F65.tmp\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\TEMP\scoped_dir2172_1625947472\temp\service_update.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\YB_A4F65.tmp\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\8f702bad1aefdc220b8597d3321fa11b61331c10d76416c70505e9ce73fd73ed.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ybA807.tmp N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\YB_A4F65.tmp\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\scoped_dir2172_1372208555\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\scoped_dir2172_1372208555\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\AppDataLow\Yandex C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\AppDataLow\Yandex\UICreated_SYSTEM = "1" C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\AppDataLow C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:" C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:" C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\.crx C:\Users\Admin\AppData\Local\Temp\YB_A4F65.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\YandexCRX.V7UCG3NSZVD447JAIOWFWLOG4E\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-104" C:\Users\Admin\AppData\Local\Temp\YB_A4F65.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\.png\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\YB_A4F65.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\.html\OpenWithProgids\YandexHTML.V7UCG3NSZVD447JAIOWFWLOG4E C:\Users\Admin\AppData\Local\Temp\YB_A4F65.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\.fb2\OpenWithProgids C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\YandexHTML.V7UCG3NSZVD447JAIOWFWLOG4E\ = "Yandex Browser HTML Document" C:\Users\Admin\AppData\Local\Temp\YB_A4F65.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\.tif\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\YB_A4F65.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\.html C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\.xhtml\OpenWithProgids C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\.epub\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\YB_A4F65.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\.txt\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\YB_A4F65.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\YandexFB2.V7UCG3NSZVD447JAIOWFWLOG4E\DefaultIcon C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\YandexINFE.V7UCG3NSZVD447JAIOWFWLOG4E\shell C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\YandexWEBM.V7UCG3NSZVD447JAIOWFWLOG4E\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\YandexPNG.V7UCG3NSZVD447JAIOWFWLOG4E\DefaultIcon C:\Users\Admin\AppData\Local\Temp\YB_A4F65.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\YandexHTML.V7UCG3NSZVD447JAIOWFWLOG4E\Application\ApplicationName = "Yandex" C:\Users\Admin\AppData\Local\Temp\YB_A4F65.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\.tif\OpenWithProgids C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\.tiff\OpenWithProgids C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\YandexCRX.V7UCG3NSZVD447JAIOWFWLOG4E\shell\open C:\Users\Admin\AppData\Local\Temp\YB_A4F65.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\.pdf C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\YandexBrowser.crx\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\",0" C:\Users\Admin\AppData\Local\Temp\YB_A4F65.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\YandexBrowser.crx\shell\open C:\Users\Admin\AppData\Local\Temp\YB_A4F65.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\YandexTIFF.V7UCG3NSZVD447JAIOWFWLOG4E\ = "Yandex Browser TIFF Document" C:\Users\Admin\AppData\Local\Temp\YB_A4F65.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\YandexPDF.V7UCG3NSZVD447JAIOWFWLOG4E\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1" C:\Users\Admin\AppData\Local\Temp\YB_A4F65.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\YandexINFE.V7UCG3NSZVD447JAIOWFWLOG4E\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-135" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\.fb2 C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\YandexWEBP.V7UCG3NSZVD447JAIOWFWLOG4E\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1" C:\Users\Admin\AppData\Local\Temp\YB_A4F65.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\.infected\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\YB_A4F65.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\YandexWEBM.V7UCG3NSZVD447JAIOWFWLOG4E\ = "Yandex Browser WEBM Document" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\YandexJPEG.V7UCG3NSZVD447JAIOWFWLOG4E\shell\open\command C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\YandexPDF.V7UCG3NSZVD447JAIOWFWLOG4E\DefaultIcon C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\.shtml\OpenWithProgids\YandexHTML.V7UCG3NSZVD447JAIOWFWLOG4E C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\YandexEPUB.V7UCG3NSZVD447JAIOWFWLOG4E C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\YandexSWF.V7UCG3NSZVD447JAIOWFWLOG4E\DefaultIcon C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\YandexINFE.V7UCG3NSZVD447JAIOWFWLOG4E\shell C:\Users\Admin\AppData\Local\Temp\YB_A4F65.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\YandexPNG.V7UCG3NSZVD447JAIOWFWLOG4E\shell\open C:\Users\Admin\AppData\Local\Temp\YB_A4F65.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\YandexWEBM.V7UCG3NSZVD447JAIOWFWLOG4E C:\Users\Admin\AppData\Local\Temp\YB_A4F65.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\YandexWEBM.V7UCG3NSZVD447JAIOWFWLOG4E\DefaultIcon C:\Users\Admin\AppData\Local\Temp\YB_A4F65.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\.html\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\YB_A4F65.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\scoped_dir2172_1372208555\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\YandexEPUB.V7UCG3NSZVD447JAIOWFWLOG4E\shell\open C:\Users\Admin\AppData\Local\Temp\YB_A4F65.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\YandexGIF.V7UCG3NSZVD447JAIOWFWLOG4E\shell\open C:\Users\Admin\AppData\Local\Temp\YB_A4F65.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\YandexXML.V7UCG3NSZVD447JAIOWFWLOG4E\shell\open C:\Users\Admin\AppData\Local\Temp\YB_A4F65.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\yabrowser C:\Users\Admin\AppData\Local\Temp\YB_A4F65.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\YandexCRX.V7UCG3NSZVD447JAIOWFWLOG4E\ = "Yandex Browser CRX Document" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\YandexINFE.V7UCG3NSZVD447JAIOWFWLOG4E\DefaultIcon C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\YandexBrowser.crx\shell\open\command C:\Users\Admin\AppData\Local\Temp\YB_A4F65.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\YandexHTML.V7UCG3NSZVD447JAIOWFWLOG4E\DefaultIcon C:\Users\Admin\AppData\Local\Temp\YB_A4F65.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\.tiff C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\.webp\OpenWithProgids\YandexWEBP.V7UCG3NSZVD447JAIOWFWLOG4E C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\YandexCSS.V7UCG3NSZVD447JAIOWFWLOG4E\DefaultIcon C:\Users\Admin\AppData\Local\Temp\YB_A4F65.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\YandexCRX.V7UCG3NSZVD447JAIOWFWLOG4E\shell\open\command C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\YandexJS.V7UCG3NSZVD447JAIOWFWLOG4E\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-126" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\YandexJPEG.V7UCG3NSZVD447JAIOWFWLOG4E C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\YandexGIF.V7UCG3NSZVD447JAIOWFWLOG4E\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-107" C:\Users\Admin\AppData\Local\Temp\YB_A4F65.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\YandexWEBP.V7UCG3NSZVD447JAIOWFWLOG4E\DefaultIcon C:\Users\Admin\AppData\Local\Temp\YB_A4F65.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\YandexWEBP.V7UCG3NSZVD447JAIOWFWLOG4E\shell\open\command C:\Users\Admin\AppData\Local\Temp\YB_A4F65.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\YandexJS.V7UCG3NSZVD447JAIOWFWLOG4E\shell\open\command C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\YandexPNG.V7UCG3NSZVD447JAIOWFWLOG4E\shell\open\command C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\YandexTXT.V7UCG3NSZVD447JAIOWFWLOG4E C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\YandexTXT.V7UCG3NSZVD447JAIOWFWLOG4E\shell\open\command C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\.xhtml\OpenWithProgids\YandexHTML.V7UCG3NSZVD447JAIOWFWLOG4E C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\.xml\OpenWithProgids\YandexXML.V7UCG3NSZVD447JAIOWFWLOG4E C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\YandexHTML.V7UCG3NSZVD447JAIOWFWLOG4E\ = "Yandex HTML Document" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_A4F65.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_A4F65.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Windows\TEMP\scoped_dir2172_1625947472\temp\service_update.exe N/A
N/A N/A C:\Windows\TEMP\scoped_dir2172_1625947472\temp\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\scoped_dir2172_1372208555\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\scoped_dir2172_1372208555\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\scoped_dir2172_1372208555\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\scoped_dir2172_1372208555\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_A4F65.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_A4F65.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\8f702bad1aefdc220b8597d3321fa11b61331c10d76416c70505e9ce73fd73ed.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\scoped_dir2172_1372208555\explorer.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2244 wrote to memory of 4984 N/A C:\Users\Admin\AppData\Local\Temp\8f702bad1aefdc220b8597d3321fa11b61331c10d76416c70505e9ce73fd73ed.exe C:\Users\Admin\AppData\Local\Temp\8f702bad1aefdc220b8597d3321fa11b61331c10d76416c70505e9ce73fd73ed.exe
PID 2244 wrote to memory of 4984 N/A C:\Users\Admin\AppData\Local\Temp\8f702bad1aefdc220b8597d3321fa11b61331c10d76416c70505e9ce73fd73ed.exe C:\Users\Admin\AppData\Local\Temp\8f702bad1aefdc220b8597d3321fa11b61331c10d76416c70505e9ce73fd73ed.exe
PID 2244 wrote to memory of 4984 N/A C:\Users\Admin\AppData\Local\Temp\8f702bad1aefdc220b8597d3321fa11b61331c10d76416c70505e9ce73fd73ed.exe C:\Users\Admin\AppData\Local\Temp\8f702bad1aefdc220b8597d3321fa11b61331c10d76416c70505e9ce73fd73ed.exe
PID 2244 wrote to memory of 1056 N/A C:\Users\Admin\AppData\Local\Temp\8f702bad1aefdc220b8597d3321fa11b61331c10d76416c70505e9ce73fd73ed.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2244 wrote to memory of 1056 N/A C:\Users\Admin\AppData\Local\Temp\8f702bad1aefdc220b8597d3321fa11b61331c10d76416c70505e9ce73fd73ed.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1056 wrote to memory of 4300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1056 wrote to memory of 4300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1056 wrote to memory of 3872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1056 wrote to memory of 3872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1056 wrote to memory of 3872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1056 wrote to memory of 3872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1056 wrote to memory of 3872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1056 wrote to memory of 3872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1056 wrote to memory of 3872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1056 wrote to memory of 3872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1056 wrote to memory of 3872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1056 wrote to memory of 3872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1056 wrote to memory of 3872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1056 wrote to memory of 3872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1056 wrote to memory of 3872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1056 wrote to memory of 3872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1056 wrote to memory of 3872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1056 wrote to memory of 3872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1056 wrote to memory of 3872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1056 wrote to memory of 3872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1056 wrote to memory of 3872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1056 wrote to memory of 3872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1056 wrote to memory of 3872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1056 wrote to memory of 3872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1056 wrote to memory of 3872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1056 wrote to memory of 3872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1056 wrote to memory of 3872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1056 wrote to memory of 3872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1056 wrote to memory of 3872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1056 wrote to memory of 3872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1056 wrote to memory of 3872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1056 wrote to memory of 3872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1056 wrote to memory of 3872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1056 wrote to memory of 3872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1056 wrote to memory of 3872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1056 wrote to memory of 3872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1056 wrote to memory of 3872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1056 wrote to memory of 3872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1056 wrote to memory of 3872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1056 wrote to memory of 3872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1056 wrote to memory of 3872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1056 wrote to memory of 3872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1056 wrote to memory of 2056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1056 wrote to memory of 2056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1056 wrote to memory of 1136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1056 wrote to memory of 1136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1056 wrote to memory of 1136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1056 wrote to memory of 1136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1056 wrote to memory of 1136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1056 wrote to memory of 1136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1056 wrote to memory of 1136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1056 wrote to memory of 1136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1056 wrote to memory of 1136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1056 wrote to memory of 1136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1056 wrote to memory of 1136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1056 wrote to memory of 1136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1056 wrote to memory of 1136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1056 wrote to memory of 1136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1056 wrote to memory of 1136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\8f702bad1aefdc220b8597d3321fa11b61331c10d76416c70505e9ce73fd73ed.exe

"C:\Users\Admin\AppData\Local\Temp\8f702bad1aefdc220b8597d3321fa11b61331c10d76416c70505e9ce73fd73ed.exe"

C:\Users\Admin\AppData\Local\Temp\8f702bad1aefdc220b8597d3321fa11b61331c10d76416c70505e9ce73fd73ed.exe

"C:\Users\Admin\AppData\Local\Temp\8f702bad1aefdc220b8597d3321fa11b61331c10d76416c70505e9ce73fd73ed.exe" --parent-installer-process-id=2244 --run-as-admin --setup-cmd-line="fake_browser_arc --abt-config-resource-file=\"C:\Users\Admin\AppData\Local\Temp\abt_config_resource\" --abt-update-path=\"C:\Users\Admin\AppData\Local\Temp\5f44f3db-eb5d-4ce7-b4a0-e131cb424d5e.tmp\" --brand-name=int --browser-present=none --disableyapin --distr-info-file=\"C:\Users\Admin\AppData\Local\Temp\distrib_info\" --installer-brand-id=int --make-browser-default-after-import --ok-button-pressed-time=492741203 --progress-window=328084 --server-config-bundle-path=\"C:\Users\Admin\AppData\Local\Temp\b35fc1f8-4a86-4bdc-8edb-97168c6f3de5.tmp\" --testids=1114347 --variations-update-path=\"C:\Users\Admin\AppData\Local\Temp\e5a829a4-4749-4a9c-a2f0-72c0e8faffac.tmp\" --verbose-logging"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://yandex.com/legal/browser_agreement/?lang=en

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff83c1246f8,0x7ff83c124708,0x7ff83c124718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2256,14883893985356808882,4902844271072677197,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2268 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2256,14883893985356808882,4902844271072677197,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2256,14883893985356808882,4902844271072677197,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2988 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,14883893985356808882,4902844271072677197,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,14883893985356808882,4902844271072677197,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,14883893985356808882,4902844271072677197,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,14883893985356808882,4902844271072677197,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,14883893985356808882,4902844271072677197,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3992 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,14883893985356808882,4902844271072677197,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,14883893985356808882,4902844271072677197,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\ybA807.tmp

"C:\Users\Admin\AppData\Local\Temp\ybA807.tmp" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\5f44f3db-eb5d-4ce7-b4a0-e131cb424d5e.tmp" --brand-name=int --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --browser-present=none --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --disableyapin --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=21 --install-start-time-no-uac=495366263 --installer-brand-id=int --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --make-browser-default-after-import --ok-button-pressed-time=492741203 --progress-window=328084 --server-config-bundle-path="C:\Users\Admin\AppData\Local\Temp\b35fc1f8-4a86-4bdc-8edb-97168c6f3de5.tmp" --source=lite --testids=1114347 --variations-update-path="C:\Users\Admin\AppData\Local\Temp\e5a829a4-4749-4a9c-a2f0-72c0e8faffac.tmp" --verbose-logging

C:\Users\Admin\AppData\Local\Temp\YB_A4F65.tmp\setup.exe

"C:\Users\Admin\AppData\Local\Temp\YB_A4F65.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_A4F65.tmp\BROWSER.PACKED.7Z" --searchband-file="C:\Users\Admin\AppData\Local\Temp\YB_A4F65.tmp\SEARCHBAND.EXE" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\5f44f3db-eb5d-4ce7-b4a0-e131cb424d5e.tmp" --brand-name=int --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --browser-present=none --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --disableyapin --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=21 --install-start-time-no-uac=495366263 --installer-brand-id=int --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --make-browser-default-after-import --ok-button-pressed-time=492741203 --progress-window=328084 --server-config-bundle-path="C:\Users\Admin\AppData\Local\Temp\b35fc1f8-4a86-4bdc-8edb-97168c6f3de5.tmp" --source=lite --testids=1114347 --variations-update-path="C:\Users\Admin\AppData\Local\Temp\e5a829a4-4749-4a9c-a2f0-72c0e8faffac.tmp" --verbose-logging

C:\Users\Admin\AppData\Local\Temp\YB_A4F65.tmp\setup.exe

"C:\Users\Admin\AppData\Local\Temp\YB_A4F65.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_A4F65.tmp\BROWSER.PACKED.7Z" --searchband-file="C:\Users\Admin\AppData\Local\Temp\YB_A4F65.tmp\SEARCHBAND.EXE" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\5f44f3db-eb5d-4ce7-b4a0-e131cb424d5e.tmp" --brand-name=int --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --browser-present=none --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --disableyapin --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=21 --install-start-time-no-uac=495366263 --installer-brand-id=int --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --make-browser-default-after-import --ok-button-pressed-time=492741203 --progress-window=328084 --server-config-bundle-path="C:\Users\Admin\AppData\Local\Temp\b35fc1f8-4a86-4bdc-8edb-97168c6f3de5.tmp" --source=lite --testids=1114347 --variations-update-path="C:\Users\Admin\AppData\Local\Temp\e5a829a4-4749-4a9c-a2f0-72c0e8faffac.tmp" --verbose-logging --verbose-logging --run-as-admin --target-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application" --child-setup-process --restart-as-admin-time=509148873

C:\Users\Admin\AppData\Local\Temp\YB_A4F65.tmp\setup.exe

C:\Users\Admin\AppData\Local\Temp\YB_A4F65.tmp\setup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=488dca4c15f9a1d330ad312b391a804e --annotation=main_process_pid=2172 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=22.1.5.812 --initial-client-data=0x338,0x33c,0x340,0x314,0x344,0xeded30,0xeded40,0xeded4c

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2256,14883893985356808882,4902844271072677197,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2256,14883893985356808882,4902844271072677197,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 /prefetch:8

C:\Windows\TEMP\scoped_dir2172_1625947472\temp\service_update.exe

"C:\Windows\TEMP\scoped_dir2172_1625947472\temp\service_update.exe" --setup

C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe" --install

C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe" --run-as-service

C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=488dca4c15f9a1d330ad312b391a804e --annotation=main_process_pid=6016 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=22.1.5.812 --initial-client-data=0x258,0x25c,0x260,0x234,0x264,0xd53560,0xd53570,0xd5357c

C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe" --update-scheduler

C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe" --update-background-scheduler

C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe" --statistics=https://api.browser.yandex.ru/installstats/send/dtype=stred/pid=457/cid=72992/path=extended_stat/vars=-action=version_folder_files_check_unused,-brand_id=unknown,-error=FONT_NOT_FOUND,-files_mask=66977119,-installer_type=service_audit,-launched=false,-old_style=0,-old_ver=,-result=0,-stage=error,-target=version_folder_files_check,-ui=AEF2DB0A_CF0B_4376_9C36_B5F7B32589CE/*

C:\Users\Admin\AppData\Local\Temp\scoped_dir2172_1372208555\explorer.exe

"C:\Users\Admin\AppData\Local\Temp\scoped_dir2172_1372208555\explorer.exe" --pttw1="C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex.lnk"

C:\Users\Admin\AppData\Local\Temp\scoped_dir2172_1372208555\explorer.exe

C:\Users\Admin\AppData\Local\Temp\scoped_dir2172_1372208555\explorer.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=488dca4c15f9a1d330ad312b391a804e --annotation=main_process_pid=4144 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=22.1.5.812 --initial-client-data=0x2cc,0x2d0,0x2d4,0x2a8,0x2d8,0xb5ed30,0xb5ed40,0xb5ed4c

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Temp\clids.xml"

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\source2172_787146391\Browser-bin\clids_yandex.xml"

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=searchband --vendor-xml-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\source2172_787146391\Browser-bin\clids_searchband.xml"

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --progress-window=328084 --ok-button-pressed-time=492741203 --install-start-time-no-uac=495366263

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id= --annotation=main_process_pid=1320 --annotation=metrics_client_id=649d4b373712447eb622734bfe99ceb5 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=22.1.5.812 --initial-client-data=0x184,0x188,0x18c,0x160,0x190,0x71ac2a08,0x71ac2a18,0x71ac2a24

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --field-trial-handle=1708,12667595698022843951,10579207697635969919,131072 --user-id=5C144FBC-17EB-459C-8393-5DA355B331FD --brand-id=int --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAANAAAAEAAAAAAAAAABAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 /prefetch:2

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1708,12667595698022843951,10579207697635969919,131072 --lang=en-US --service-sandbox-type=none --user-id=5C144FBC-17EB-459C-8393-5DA355B331FD --brand-id=int --process-name="Network Service" --brver=22.1.5.812 --mojo-platform-channel-handle=1856 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1708,12667595698022843951,10579207697635969919,131072 --lang=en-US --service-sandbox-type=utility --user-id=5C144FBC-17EB-459C-8393-5DA355B331FD --brand-id=int --process-name="Storage Service" --brver=22.1.5.812 --mojo-platform-channel-handle=2236 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1708,12667595698022843951,10579207697635969919,131072 --lang=en-US --service-sandbox-type=audio --user-id=5C144FBC-17EB-459C-8393-5DA355B331FD --brand-id=int --process-name="Audio Service" --brver=22.1.5.812 --mojo-platform-channel-handle=2848 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1708,12667595698022843951,10579207697635969919,131072 --lang=en-US --service-sandbox-type=none --user-id=5C144FBC-17EB-459C-8393-5DA355B331FD --brand-id=int --process-name="Video Capture" --brver=22.1.5.812 --mojo-platform-channel-handle=2840 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=5C144FBC-17EB-459C-8393-5DA355B331FD --brand-id=int --extension-process --help-url=https://api.browser.yandex.com/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://yastatic.net --display-capture-permissions-policy-allowed --enable-instaserp --field-trial-handle=1708,12667595698022843951,10579207697635969919,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3096 /prefetch:1

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1708,12667595698022843951,10579207697635969919,131072 --lang=en-US --service-sandbox-type=service --user-id=5C144FBC-17EB-459C-8393-5DA355B331FD --brand-id=int --process-name="Data Decoder Service" --brver=22.1.5.812 --mojo-platform-channel-handle=3464 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=5C144FBC-17EB-459C-8393-5DA355B331FD --brand-id=int --extension-process --help-url=https://api.browser.yandex.com/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://yastatic.net --display-capture-permissions-policy-allowed --enable-instaserp --field-trial-handle=1708,12667595698022843951,10579207697635969919,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3588 /prefetch:1

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=speechkit.mojom.Speechkit --field-trial-handle=1708,12667595698022843951,10579207697635969919,131072 --lang=en-US --service-sandbox-type=none --user-id=5C144FBC-17EB-459C-8393-5DA355B331FD --brand-id=int --process-name="Speechkit Service" --brver=22.1.5.812 --mojo-platform-channel-handle=3712 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --field-trial-handle=1708,12667595698022843951,10579207697635969919,131072 --lang=en-US --service-sandbox-type=none --user-id=5C144FBC-17EB-459C-8393-5DA355B331FD --brand-id=int --process-name="Profile Importer" --brver=22.1.5.812 --mojo-platform-channel-handle=3080 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe" --set-as-default-browser

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=488dca4c15f9a1d330ad312b391a804e --annotation=main_process_pid=6284 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=22.1.5.812 --initial-client-data=0x340,0x344,0x348,0x31c,0x34c,0xa0ed30,0xa0ed40,0xa0ed4c

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=uwp_cookie_provider.mojom.UwpCookieProvider --field-trial-handle=1708,12667595698022843951,10579207697635969919,131072 --lang=en-US --service-sandbox-type=utility --user-id=5C144FBC-17EB-459C-8393-5DA355B331FD --brand-id=int --process-name=uwp_cookie_provider.mojom.UwpCookieProvider --brver=22.1.5.812 --mojo-platform-channel-handle=4628 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=5C144FBC-17EB-459C-8393-5DA355B331FD --brand-id=int --help-url=https://api.browser.yandex.com/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://yastatic.net --display-capture-permissions-policy-allowed --enable-instaserp --field-trial-handle=1708,12667595698022843951,10579207697635969919,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3356 /prefetch:1

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --field-trial-handle=1708,12667595698022843951,10579207697635969919,131072 --lang=en-US --service-sandbox-type=none --user-id=5C144FBC-17EB-459C-8393-5DA355B331FD --brand-id=int --process-name="Profile Importer" --brver=22.1.5.812 --mojo-platform-channel-handle=1600 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --field-trial-handle=1708,12667595698022843951,10579207697635969919,131072 --lang=en-US --service-sandbox-type=none --user-id=5C144FBC-17EB-459C-8393-5DA355B331FD --brand-id=int --process-name="Profile Importer" --brver=22.1.5.812 --mojo-platform-channel-handle=1936 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --field-trial-handle=1708,12667595698022843951,10579207697635969919,131072 --lang=en-US --service-sandbox-type=none --user-id=5C144FBC-17EB-459C-8393-5DA355B331FD --brand-id=int --process-name="Profile Importer" --brver=22.1.5.812 --mojo-platform-channel-handle=2940 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --field-trial-handle=1708,12667595698022843951,10579207697635969919,131072 --lang=en-US --service-sandbox-type=none --user-id=5C144FBC-17EB-459C-8393-5DA355B331FD --brand-id=int --process-name="Profile Importer" --brver=22.1.5.812 --mojo-platform-channel-handle=1808 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1708,12667595698022843951,10579207697635969919,131072 --lang=en-US --service-sandbox-type=service --user-id=5C144FBC-17EB-459C-8393-5DA355B331FD --brand-id=int --process-name="Data Decoder Service" --brver=22.1.5.812 --mojo-platform-channel-handle=1940 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2256,14883893985356808882,4902844271072677197,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.browser.yandex.net udp
US 8.8.8.8:53 download.cdn.yandex.net udp
US 8.8.8.8:53 api.browser.yandex.ru udp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 5.45.205.244:443 download.cdn.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
US 8.8.8.8:53 cachev2-fra-01.cdn.yandex.net udp
DE 5.45.200.104:443 cachev2-fra-01.cdn.yandex.net tcp
US 8.8.8.8:53 234.193.180.213.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 244.205.45.5.in-addr.arpa udp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 104.200.45.5.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 5.45.205.244:443 download.cdn.yandex.net tcp
DE 5.45.200.104:443 cachev2-fra-01.cdn.yandex.net tcp
US 8.8.8.8:53 yandex.com udp
RU 77.88.44.55:443 yandex.com tcp
RU 77.88.44.55:443 yandex.com tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 5.45.205.244:443 download.cdn.yandex.net tcp
US 8.8.8.8:53 cachev2-ams17.cdn.yandex.net udp
US 8.8.8.8:53 55.44.88.77.in-addr.arpa udp
NL 5.45.247.13:443 cachev2-ams17.cdn.yandex.net tcp
US 8.8.8.8:53 yastatic.net udp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
US 8.8.8.8:53 samsara.s3.yandex.net udp
RU 93.158.134.158:443 samsara.s3.yandex.net tcp
US 8.8.8.8:53 13.247.45.5.in-addr.arpa udp
US 8.8.8.8:53 215.131.154.178.in-addr.arpa udp
US 8.8.8.8:53 mc.yandex.ru udp
RU 87.250.250.119:443 mc.yandex.ru tcp
RU 178.154.131.215:443 yastatic.net tcp
US 8.8.8.8:53 uxfeedback-cdn.s3.yandex.net udp
RU 178.154.131.215:443 yastatic.net tcp
N/A 224.0.0.251:5353 udp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
US 8.8.8.8:53 mc.yandex.com udp
US 8.8.8.8:53 cachev2-rad-04.cdn.yandex.net udp
FI 5.45.192.10:443 cachev2-rad-04.cdn.yandex.net tcp
US 8.8.8.8:53 158.134.158.93.in-addr.arpa udp
US 8.8.8.8:53 119.250.250.87.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 crl.globalsign.com udp
US 104.18.20.226:80 crl.globalsign.com tcp
US 8.8.8.8:53 cachev2-kiv-06.cdn.yandex.net udp
FI 5.45.192.146:443 cachev2-kiv-06.cdn.yandex.net tcp
US 8.8.8.8:53 10.192.45.5.in-addr.arpa udp
US 8.8.8.8:53 cachev2-rad-05.cdn.yandex.net udp
FI 5.45.192.12:443 cachev2-rad-05.cdn.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
US 8.8.8.8:53 146.192.45.5.in-addr.arpa udp
US 8.8.8.8:53 12.192.45.5.in-addr.arpa udp
US 8.8.8.8:53 cachev2-ams03.cdn.yandex.net udp
NL 5.45.247.53:443 cachev2-ams03.cdn.yandex.net tcp
US 8.8.8.8:53 53.247.45.5.in-addr.arpa udp
US 8.8.8.8:53 cachev2-fra-02.cdn.yandex.net udp
DE 5.45.200.105:443 cachev2-fra-02.cdn.yandex.net tcp
US 8.8.8.8:53 105.200.45.5.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 cachev2-kiv-04.cdn.yandex.net udp
FI 5.45.192.142:443 cachev2-kiv-04.cdn.yandex.net tcp
RU 93.158.134.158:443 uxfeedback-cdn.s3.yandex.net tcp
RU 93.158.134.158:443 uxfeedback-cdn.s3.yandex.net tcp
RU 93.158.134.158:443 uxfeedback-cdn.s3.yandex.net tcp
US 8.8.8.8:53 142.192.45.5.in-addr.arpa udp
US 8.8.8.8:53 cachev2-ams21.cdn.yandex.net udp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
NL 5.45.247.25:443 cachev2-ams21.cdn.yandex.net tcp
US 8.8.8.8:53 cachev2-ams01.cdn.yandex.net udp
NL 5.45.247.51:443 cachev2-ams01.cdn.yandex.net tcp
US 8.8.8.8:53 25.247.45.5.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 51.247.45.5.in-addr.arpa udp
US 8.8.8.8:53 cachev2-rad-01.cdn.yandex.net udp
FI 5.45.192.4:443 cachev2-rad-01.cdn.yandex.net tcp
US 8.8.8.8:53 cachev2-kiv-02.cdn.yandex.net udp
FI 5.45.192.140:443 cachev2-kiv-02.cdn.yandex.net tcp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 4.192.45.5.in-addr.arpa udp
US 8.8.8.8:53 140.192.45.5.in-addr.arpa udp
US 8.8.8.8:53 105.209.201.84.in-addr.arpa udp
US 104.18.20.226:80 crl.globalsign.com tcp
US 104.18.20.226:80 crl.globalsign.com tcp
US 8.8.8.8:53 api.uxfeedback.yandex.net udp
RU 87.250.250.159:443 api.uxfeedback.yandex.net tcp
RU 87.250.250.159:443 api.uxfeedback.yandex.net tcp
US 8.8.8.8:53 159.250.250.87.in-addr.arpa udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.200.250.142.in-addr.arpa udp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
US 8.8.8.8:53 storage.ape.yandex.net udp
US 8.8.8.8:53 browser.yandex.ru udp
US 8.8.8.8:53 browser.yandex.com udp
RU 87.250.251.66:443 storage.ape.yandex.net tcp
RU 93.158.134.121:443 browser.yandex.com tcp
RU 93.158.134.121:443 browser.yandex.com tcp
US 8.8.8.8:53 sba.yandex.net udp
RU 213.180.204.232:443 sba.yandex.net tcp
US 8.8.8.8:53 66.251.250.87.in-addr.arpa udp
US 8.8.8.8:53 121.134.158.93.in-addr.arpa udp
US 8.8.8.8:53 232.204.180.213.in-addr.arpa udp
RU 178.154.131.215:443 yastatic.net tcp
US 8.8.8.8:53 storage.ape.yandex.net udp
RU 87.250.251.66:443 storage.ape.yandex.net tcp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google udp
RU 77.88.44.55:443 yandex.com tcp
RU 77.88.21.37:443 tcp
US 8.8.8.8:53 37.21.88.77.in-addr.arpa udp
RU 87.250.247.183:443 tcp
RU 213.180.204.36:443 tcp
RU 87.250.250.29:443 tcp
US 8.8.8.8:53 183.247.250.87.in-addr.arpa udp
US 8.8.8.8:53 36.204.180.213.in-addr.arpa udp
US 8.8.8.8:53 29.250.250.87.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:443 dns.google udp
RU 87.250.251.66:443 storage.ape.yandex.net tcp

Files

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 d84f8d5ecbf9ec051897fe517ccbf406
SHA1 e2bdfcf2c544d8d6a66b15f2529425f483cbc389
SHA256 93fc4f5d5c88933549a351615d7889e344d2657190d8926726bdd71bd5661dee
SHA512 5fee10ffbeb431ab66fa7253377e4ca0f8c99e0a2566f10d92bcd06d58d0f104dc4cea8455f829b9501b2c09d6cb7d53bc812ff8286f1e4d5557f6e18a58dcb4

C:\Users\Admin\AppData\Roaming\Yandex\ui

MD5 34370db9f3248f1afe6a4025ea489098
SHA1 464e5733017600105e6ab9b34153e0b696f840d7
SHA256 efa4bd8fa5fd7bd95ed21ba0aa22fa4fbf78367f2fa0c39ed22972dfad2b1bda
SHA512 36809effedba0012bb9f6ce4064db4e1f1cf1fbff3a806bfa685e5af600b1133169b64a0103349e2dcbf85a6375ad64c7536f9bb6b992f376cddfd2cd6d85807

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 d6ccda99d63728ab7c5e704878f69cd0
SHA1 c7a43ffdebab0a1d82bfb9a905b276fd7e1220c0
SHA256 1baa4ab9f88bc71af2d1da4e48d0df80a0109587137f1fe5334b9d029605e03d
SHA512 2aba740d748fd54d933687839d6a469b3b29dc4e33dd1f0378148a2382d3a05b5aa89f68b53d89da7af018f6d24dc2b667506d376b23e2cef5321b5d2cdbd5c2

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 9c8689447086e36a34e733f513420ce9
SHA1 093ff683bb7bc79d9d9fd35ac67e9ff73fbc9c2c
SHA256 0a4f331132d1cd816fbd37bce5612e5d60dacb9a09e07d81b2cd7505434d8cb9
SHA512 03da5df1a8492c86ca5ff3011a01eae92a3a41db2fcedef25b6b387ee1729bb0a2faffd1c340550ff3ade6217e578ed24e6fe66d5f587529a4f2ac4524f1ced2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 7de1bbdc1f9cf1a58ae1de4951ce8cb9
SHA1 010da169e15457c25bd80ef02d76a940c1210301
SHA256 6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e
SHA512 e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 85ba073d7015b6ce7da19235a275f6da
SHA1 a23c8c2125e45a0788bac14423ae1f3eab92cf00
SHA256 5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617
SHA512 eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3

\??\pipe\LOCAL\crashpad_1056_KVFEZILNOHTKUGVE

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3a85c3b1f72829c1745c76323c02fbb6
SHA1 35a9be821c54a94ea92298e5c6c905334c2b45ef
SHA256 c9ab020580a9c97cd276627c1c2f56f75c6e8b9ea71fa0237069fceb4f344dd0
SHA512 b6dc8a694aa7c80ad6cfb362982d415a3cf72c3e74f4a7d4e80c21d63f4072fb242c5df04920783812c5787c8c95bd0ee374114f028e4ec21d302063dbace844

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\66F835E41EC6A985EB9271E4A70169D7_CF44E3C99F7F4AC558EEB35244F7E046

MD5 ccb26be0ac8db7c30985861e39d9ce54
SHA1 c42b3dd24678158c4151bd0c657e38ba0d08ed46
SHA256 ecd2d2b7a8b1b8bdd399965f25e2cd5d35a4554d6f0aaad6b1e6ff0c688827e8
SHA512 ab69718a8b2edaca79f761de65d1618e7409c9319fb48e6fd9968959872e5f9fc2a32ab5a0c17b9b746fabf4088f6211f3e0d72000aeffdb3b383b369e315a2e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\66F835E41EC6A985EB9271E4A70169D7_CF44E3C99F7F4AC558EEB35244F7E046

MD5 e6c37c42f11076ab32a8a108a799abf0
SHA1 e4e6624e16f1ab041e764c45026bc28eed6059ae
SHA256 7b74969f65a7c9dcfa04758bb17cffa006fc08bb791c71264d699ffe6145a45b
SHA512 95d03d7fce205e71f6e8dc949c340026f7c109efb710e52e608b47f8b52747d045e8053e1fa5e05903a33bdbdf4d028eb1a6c8e52310e02b750333cb6c54f7bd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_7DAD5545724AA2C98C55095F428499FB

MD5 9ca001798d122ae5eb7d0218784e4ce8
SHA1 51c1cea4bdaaf5505ba09d554822143a7cb926da
SHA256 308692cacc05201b200e46f306a8e4f3ecf1d87e989d7a6efc950752e9fa1b8d
SHA512 2c4a0f8e0132467fa7b0c420d93e33e6529d35416e57daccf690acf876b055ea4f325be277a6d292ca9222ecb42d04e609e2cf3f1359508f5ab10116073dec9a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_7DAD5545724AA2C98C55095F428499FB

MD5 76322789186cfbe73ce239ebeca2895c
SHA1 1e878aaad363888d1b830c69615f09f62327da67
SHA256 3003ebce85edcf5713c44692b6f0726bd71027cf678e5151164535a58415fb83
SHA512 fa424297a693b41d52063f7c2153c279618a3f3548e3026bbd732d7c880599ad4b8f6ab6f6dcc03456175e5b5f1b10a67f53c30c8173ecd039cf341c823c478f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B

MD5 a28440070bcd10d3713e54ba16b16faf
SHA1 8057d30f5ada5954f2ca14cbe173f4e8b3c4bbe3
SHA256 2eed690158167489879cf554755faec177cd8267af8f796160d35600d37cfac4
SHA512 3c14ddcdb317ef81d5f6b71c94ee3faad32518362fa7cac5cd2fddbe893cea0104eae71b9c6721fa8bee8a30110aa5b9b0ecbdc649d90127a69d25377266f62d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3

MD5 e878e2b4d53d4a2a21120ea2132d05e0
SHA1 22dd9f652105866eaa47669fad49ed23a253fd85
SHA256 64e4e897746883e5eab02082d932833d9a5bbbe12f25cd4a61b690f38b07cd65
SHA512 62db5a6e68e1585b1a61b4e5d3f0e65a73f46d621880c723e2bd8ab2003b52cf295476e6bf2fb8a3f3948508cef9dfce63ce7be9bcb4ac37efb2115681f3c52d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3

MD5 0857fbbd8444f461fa3b52730b18ff46
SHA1 487990577fc101968611ffb4604a02b70fd4fe78
SHA256 30fd73f2ee6b12d5886a57e0daea8f39cd4fb8522c337316f12021556b1f796d
SHA512 629182d07160aa98b0cce01174c722f5cb74b6d801d1de61c22934d01bb04e993b1b8ef11e89675ac68326a48254fc4b97a4e7c1d8e780fe203dd1e47ebfca73

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B

MD5 b4592bce553369cd0bca902d4bf1bfc1
SHA1 a9853b0e8ab6e4a4f71268aaffef4ce9dc4fae31
SHA256 12d58ce1329bd6dc8aefae491dfdac8bfc129042a3a5221a83d3436dd30c0708
SHA512 a3535f38af98a075d54695af56f0513811e6b5337b4ccacb982cfced28f7c5dcf2e3dd73c367d598b948386f9fbd61eb2a9cd8cf1079a872e3bfd4d490089e47

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DF8D319B9741B9E1EBE906AACEA5CBBA_A2E0B287EC2147F84DD8A330B45D3489

MD5 5bfa51f3a417b98e7443eca90fc94703
SHA1 8c015d80b8a23f780bdd215dc842b0f5551f63bd
SHA256 bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128
SHA512 4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 cbee055c5f6d9c20079786d5aceead62
SHA1 74363be6b186b9ef3b360259ee27de07634445da
SHA256 f7363fa0b753c5767cfe971cd983b35e20455bcf791e4ee19eeb6ee68827da51
SHA512 5dde0418871f6c6ba0c221e798eb02adda4e43eb11790a7840af5d56406194f51ea19204749d72d3ebf23af9fc5b50c71441537c2f1d3c965d634db1a4f8b3e8

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 34a27cba09c6f680237fcd267d1a09ed
SHA1 efec9e3546022520483e5462c4049796d0f18b82
SHA256 6a7b3bed2f55ad9d9d3691b3f68a95ba565dde113485a6d8e5235e78b350341e
SHA512 815b5afa468f5c5ca9ffde114ca5fcce474cb4b08cf9e6c82f38152c30cbcd8528382b1274917084f706df34c205051726bc9326751774bd5dedcaa755bcf1e8

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 8f66cc86bc0ad74b26a6847ac054f37f
SHA1 7ce7e3310fef5ac4ba91fb1fc31b790ef700c5c1
SHA256 6bebcbfdd59818a35664061efe801c17ad7a9129bb5f988bc98802a91d0ce192
SHA512 27ce3d81fa5ba31959352044800051cb8c1cb730cf3f17e07e0906e7f84cbd47c560d768f4a2576ddd1e6d6a4cfda78ed902a7e69f3e7976ba5b89f5c3abbcd4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 37aa49e7c8d00577d6eaa8a705a5d5aa
SHA1 86bcc28b516eec49f8dff1a25c38848a2c2a7959
SHA256 13d5aa1b0c16e0ffb044a2a0dbbadc43400ad57f4d7c76d867614ec24d7cccc7
SHA512 328f41cad11e23f3aba6d2affcfcba6c91775bbe9de302abfdbb070661782a018ff7b55799386dac3d851224f76c4ace61db9e91dd6863c5b0ffa4d6a1008609

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 d649224de13aad1f88d992dcba5f69db
SHA1 70a638391cc397e80c5bc5aec55bc729444fb0c1
SHA256 240d98267144899b3f4f4eb4b8efe8b5831c524cb6c25796a68bad5995723649
SHA512 b2a8714fdda4cbdefbaf3b4f012870354c3265d7aff6eeab874f1d3ec15435f9a0613ae62acf413adaac5f158b481958d8f36cb3689c922e59e08d8f54d22de5

C:\Users\Admin\AppData\Local\Temp\YB_A4F65.tmp\setup.exe

MD5 5fdeff4b89456b836f351443aa9b3d5b
SHA1 7112f415950c45877265f98aa8388e8093d4abcd
SHA256 7dab48f2004dd9481294d59caccd8573a6e28c1c42b6d7a354dcd3e79f9c7f2a
SHA512 35962b165c4604d3262bdc564e03d791df6175bc4825ab60237c17b7b9f67a4db190ba3f410829c4112a67b6fedf7049e5c5ad3c6f6d41f01a0d3b5c2a0e8346

C:\Users\Admin\AppData\Local\Temp\master_preferences

MD5 9f6befc3ce6dc3ef930cd461f795fd2b
SHA1 445f0f2b0330b16ca3073c18bd0e550b9c1ae657
SHA256 f960a911e0a99d4dfe5e33f734e4b7f5bd1f397cd546dd0f4baa5583453c24b5
SHA512 a47ab3d92918a3348ce69077ecf276368b238a6a8832ac1d05d36e197657dfb7136df97ea4ab26ba4234ba784bdad89c4893ba0b353bbb452cff46f276114fc6

C:\Users\Admin\AppData\Local\Temp\yandex_browser_installer.log

MD5 1b4e424fb7ebbf48ac5bef004ed34906
SHA1 8746ae452ce9e0620092a255fe79613f6d9943c3
SHA256 a3c7437acd8c1210fd496ad0a11b772aeea7f197cbd88e7a427c4bd351d03eff
SHA512 5df9be210574a30bde960228ea2ed7b01f9fcc97e039771d2180e1cf2f896e1d96d0fd609836a286d48652e380eb55b5eab2faa2088d796e7019b15ce8e10ee0

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad\settings.dat

MD5 861777a6f02d7e8d11e99ab2e2d8169b
SHA1 bd792be2eb009d4999de3a18fb7a8cebe9e28fd9
SHA256 0199eff03de7a9fca45e0e4453b676260ecb07103fae752615c815b972842617
SHA512 6846747a3fcb111fd96f965174b3f68815e48462da9d4543a6aca75aea8ee57b69115bf7b95c23cf0920f8d02def52337244b8cbb2d693910d2098e5ced2c456

C:\Users\Admin\AppData\Local\Temp\distrib_info

MD5 fb13ff20cd380d5e3855896ca48d041d
SHA1 ffaa56983ca0f8a546072c8d53da581520a2bf49
SHA256 6bfc6704a02b75f7f2456c6c195f18f5af7c18fbe3ee1d2abffa876b6ff3992d
SHA512 7cde555322089eda5b0ef9396faf83a191c7c275f3f756d862b232ce1be8d179d7fa9363c48d0d7a54b781612712175563ddeb4d838eea21be3e2cf3b216c988

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\349D186F1CB5682FA0194D4F3754EF36_329286CE101A90C7D927A9DF52224760

MD5 95572665db9e46c7551e9a563a133a68
SHA1 dafd4ff19223a6fc223ea193c88a0d5d2206201b
SHA256 97c458d56b503f0a41a5a13e4c5f593a6fcde27e8153edefa2def246aa05d274
SHA512 c688139935bf005b91b8ece6223b8d2eeb7862f1eaa94a828474f82426e8f545996a0c5b7415412a8fa3ca77ebd52466a9ef9aa32e097f6192e12f6216fc0959

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\349D186F1CB5682FA0194D4F3754EF36_329286CE101A90C7D927A9DF52224760

MD5 0d107380615e3705b5674c0310dd2810
SHA1 75a69e842fc6d22bbbfa01f6be88de2848685454
SHA256 8cf1b26e6537b4d26207832e61f5121ed12a3f5b3e560309bf202c8b2f36e6f4
SHA512 c41c39787b3eec9503a37634dff3c28d7dc1d8095b938123c82a75a50340c99988f575108989cfa634bcc3c54c91f1ec5864d9b7bec5ebc8e0c3dbd8f3a873a2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f2bd621c00af8e9fb8a74b97c88fff7d
SHA1 4f4db96718db9501166672b782a2752835876be4
SHA256 6ae39ccc3a8fe8ccde0a1fadbe8542d01c38555b03cf26ac76b4e5d3f769b0ac
SHA512 c525520dd02fd1f549b37ec0ebf445501c1b27f93e2a486f81170cb03efb50f2b5276ce2425c38db721965162719b8eb8a6bde1a9a1fedf9dc56be1564e3cfc7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 461c65b2e011d8e890e62296a5234e1a
SHA1 e68dc351f87623d96eeda30d4e30fee822d3aaa9
SHA256 a3426e1af64d68b687baaba7cdb19447d7e3fc926fb7819aea0af72e5fd93974
SHA512 d59a97a38d5613db79d6b91f4c01539408d2607aa374b4710f00af263b793fa78541cca80f46e3788b184d57e78b0f5159963d6b0c379fcc2d94920e432a5601

C:\Users\Admin\AppData\Local\Temp\YB_A4F65.tmp\BRAND_COMMON

MD5 8fb3d5252fd262cf808f6f0359998b0a
SHA1 cdb8072dfe898c72c15c2c381349ccf7f2d4d440
SHA256 7ad5104dd8c35ebbc06c56fc6a2cc3f8cf7391ab2e97c8c9d9b3de1d8ab4a5c9
SHA512 57f1b72e210aaa880cdcd04eb1cdadf13dfe373c50a0d98346e64ad93521da43a5b71b068fa3ccadddb03a6e97084b7d25cbb94fcf9c3dea1904bde0c2396bf1

C:\Users\Admin\AppData\Local\Temp\YB_A4F65.tmp\brand_int

MD5 3e499ac6cab5c37d47c0ce7079be9408
SHA1 bc28c35a5feff7ed7061f36addf1b9bb439bf0b3
SHA256 7c69e77970d70ab50c45e70a20b67e4d3c03123b384e723cf2cd515062d22613
SHA512 16e08366a863f3730b880df0f4f34789638a67cfe26e295a8f834594f2ff67bcbdba0cb65b8a316009cd0408c9742c17f13d6a5257e3a7bd5245e5b5549d9fee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B0B1E3C3B1330A269DBEE4BA6313E7B4

MD5 2ffbdb98df2a2b022a48adeb94a3af50
SHA1 6c86923b5c5832bb102f041cb7d38db397074f12
SHA256 dd12c5733bc4b682e1da6353c8c27650f53d11a8ada8fd8a2d06f23cecae5ebd
SHA512 a5f29661ac78ea205dd945fcc53e015152277426af4bcce688231ca1a564dc49144b2953409651737733fec72e9042468c780917543c007d7de74ed44058dbfb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B0B1E3C3B1330A269DBEE4BA6313E7B4

MD5 f500b9b4c7fec8278f60ea51795c6268
SHA1 beb7572c2e67e8fa855022c90cefffa0bf3515b4
SHA256 80f575575dfa22f3ca6851871ccaebd30a3e7bea4a269fcabf6aca5eeb1cf92d
SHA512 7dba479c3a1c6ddf6e97661362049d9d1e79e2f64a6d6f0a3dbc1cf8bbb04958d398f2b3d76c150837ec05473898bc7b56d8e5bdeb6818c3ee1abfd24df791b4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DDA81A73291E20E6ACF6CACA76D5C942_2A2080AC7EEFAA81BA7361978F5743B9

MD5 29d6e6bc5267c7cb729d22df92624b30
SHA1 06a86a84044520840c6b636c423b90aeb1bcf66d
SHA256 549c697f52c6bacd66d7ce5f08e21a1d920ec390b1b41225d4a8e6cff81d73af
SHA512 b01997c7324d4278cc570eadc430334e0bd2c276d3dea0f41092e888adaec9061e4ff4919dd39985ac1346570b84a104445e550c4f31adaef41067018d2d8022

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_A026C9CD7BA14377D055F4A2325D4501

MD5 8570b4dd937f7e373bfa5faf5718315e
SHA1 130cb3e2d23712bd63335c86ed39f6c2e0829cbd
SHA256 d3b6c5a3987554397aac1d9e73f6714fa1366925a2d72e0623b2c2c0713f0525
SHA512 bcb1928b049f2fb859b36b65709e9d523ddef133113a9cd99080fe3f02a8fb3f802f5d52c79fd4ca66b9f47d0c1b9df6e1fe3fabb0ea3f41e2a6570765a7eb5c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_A026C9CD7BA14377D055F4A2325D4501

MD5 3aec2b686e3defb58ab1f86ffe68d691
SHA1 740e9e34d8cec6a4d4fe75ad736312d258c3b7a4
SHA256 dd309bcc8de3de8cc2c440932f418e74fcadd5e72d8de9cd0d62f2d184a7109d
SHA512 cd3a00cdd9a08f552e9e131e015d39094ce71b0bc18b48ea5e0d964d012176278c62bc5a0a4fda56572b55ca49263287b076caddc53096a5b77c1f4786da0cbb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FC68FB72D4FBC7E0F151BC2282D75E47_367FA2447481C3DB640CE44BE2E5A181

MD5 6e76f4d7c4573d2a3ca66fbaeb121e24
SHA1 a70119a2532f9c6ed61726b03d843922a06dafae
SHA256 fd1b70bd6aea73d343e2eabbc1065717db60fa0e1efc2176b2cf4dae67a03087
SHA512 cb4bcc0eb26d293136e1e9de39f4de4b1b542c7e66ff6ea15415a39268e1a7718abc2e83bb2beac560c8b4ad48e2a0bb96d7d80da6388b0d3654b5f48387c288

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\42B9A473B4DAF01285A36B4D3C7B1662_38924EDF39D8802D6946FB22E5DD0835

MD5 f4ec50ec94a07abf0850cbc7a866200f
SHA1 ebafdfbbbee590f3b8b33089db81b912003b865b
SHA256 d493a5d57d7bbedd7d1e2bead74c02713bfeac7078163ba7059667129da712f4
SHA512 ad578eb6d79a6d2c94cf5dfac213eeef3cecd2e6219b5560e3a18522a3c471c4408a80253fc2f427778d32bafc3c2e016e3383372238caaf36aa490378fe3b46

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\60B3F7207DEB992031C120EB71F562CD

MD5 94bf0bf032ce32469dd74f4f1f5320e6
SHA1 86bff704a2f82816f346a6a374250f35743de3b0
SHA256 54f08bfd73dd3477610059c4a1d92723e698def0efa7ad4661584a51d9aab79b
SHA512 ac62c42bfe02a35739dfed5df012bb3ef1f7bdbde1f4d9dce9448812bb6d25891dbacc2591e859f644c95151bdb7179f4f8e355b81a2a38ca7afce4980a79901

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\60B3F7207DEB992031C120EB71F562CD

MD5 97781ec8e3b62a1caaf993ce19294b4e
SHA1 fefb5ac435276c56c9e030c6a66f08acca375e48
SHA256 fd3d4dbb89db92a2cb2388317e24ef7a13b1b5e3940b9ee548fa490cf15a23c9
SHA512 862cf976980b5d93fd4025fbcbf4c70f8e2333b98b0c3257638ca91a618d75946c02585ad3a5bb85eec5eb3a76a90672402941e32fabe87549a79d6083123ef4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DF8D319B9741B9E1EBE906AACEA5CBBA_A2E0B287EC2147F84DD8A330B45D3489

MD5 571da3d8f173970419f383c05262bb10
SHA1 fbb3c5f26b834cda7281f27206d6b84006201e42
SHA256 22bb40bbdb552e5fd2c0918fe0eaef3590ab3f008c02a3c1a7e54efb22074f14
SHA512 b4c484f8cc68dd19fa1161c03753fd0069bf8a197396530764007a4427a979ade9621efb73539ecc81ed89ac5be8b011c16d2dda0e585630aea95fe4f17231e9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_D21903E2722B551F252C717985D24037

MD5 6ce8dc72dcd923848143c859ace50002
SHA1 169e6d2a9bea329bebb3db08416dab80327d6818
SHA256 bddf7eee55b0157bcb4d3aef14228d5bb2ebc08283c376c2ddb46cc96deabdbe
SHA512 b4b493c2c0ed243358da4c3514aa6f3562fda69d24f37bffb0a1d009ac7f20163317b9f8f60ae7fda374e88214d6eaf3295f6f4d83de6916f9833d00113bed45

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_D21903E2722B551F252C717985D24037

MD5 22d2d03eae23fb019f3dc6df1ae3ea1c
SHA1 766de2422a023fb260d9f10c3c3467854f4924de
SHA256 41793e8b6087ab0500ba4a37e79109526287e761641f492ca33cd9ba76ee3295
SHA512 98bb5eeed0b2d8d5818522f25affca38432355f279b22d35d526e63b6ff150a35d94ce5a3f9851c06347c6e0b42bfe0d9bcd90fac3ccdd1e222fa67c40440987

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\42B9A473B4DAF01285A36B4D3C7B1662_38924EDF39D8802D6946FB22E5DD0835

MD5 6fa381d5206aaa4b98d0dd408ae7d5f3
SHA1 7ff599ef1b1da2a06348eb77a0444488cf2f688c
SHA256 35c2f93e5628cf96fef99a1610051e0d97ef924ad6c3da2e3e6fe209eda163c2
SHA512 fb043e6bc6dda193871828b30c5915beb8f98aab75bcb8ba2c466057508d6e58e0e867e6621e6009cbd91f5df8fbb04f77cfa9cd3b1ff390cfaa11d26879561b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FC68FB72D4FBC7E0F151BC2282D75E47_367FA2447481C3DB640CE44BE2E5A181

MD5 1ce65e679187a293e9561a42dd928ef1
SHA1 8347fd036b8ad0aaf77cf11115ad0b3862eac532
SHA256 22e7e67f34bddce8b846e5f8166c7cf92e22aa92505c76d36a73ce664f5d58af
SHA512 781280685a21ac6aa213a584f0bf0177e92d08736da6e5ff0b35444034400b6f13f8c1f34aa14f8cb172e6ae6159e32b221198df79e2a897ed7327b2eddad86c

C:\Windows\Temp\scoped_dir2172_1625947472\temp\service_update.exe

MD5 ecc2447cad674a68a24f76772cb51dbe
SHA1 6928b8b96cb7a1fa8dc8a8bacef8ab6163a15af9
SHA256 2d6ea9290d3676dbeb61bfd94aced56025cc2e357626ef58854b8be4ae4abce9
SHA512 3edc14b1efe6fa1b36c77e3e70faeeec7eec58e2f4ba9c6ff0c4ec772d3ebcee26ac1d0be76502416be82638a5ba78b81eec552ffad9be5d1d3ad8a90743fbee

C:\ProgramData\Yandex\YandexBrowser\service_update.log

MD5 a1e378fff5296730f544aa768d8d62ba
SHA1 b0ad1ffba2d697d3a70f917876993d57d39a3581
SHA256 9757ddeebf6646e54c8e4d67e136ec07b8db6e372f29aa583c6d54961102a0e1
SHA512 321995e3f83236f717993dda43cb3d946fab6d440ee3f8ab642ef95ff41eb22a2723ad4d4945a40b920dc45f40abf196506544ecc3d305d5f3e92274b16ac483

C:\ProgramData\Yandex\YandexBrowser\service_update.log

MD5 b2771a0db94db614983a7070b51b5024
SHA1 957d5d65a8490ae716e9879b6fbeaff3c5910687
SHA256 fdf1960deb6f85465174d312a602ee8f8e4e4f43f17d5f23b9a8d00c47b643bd
SHA512 703a7272c9c99b0e1a9c6eacf0d56995eaebfa58f4505020c1896f88eb761003bf8c46abeaf91030205d49ab2095c90c8434fc21d996463e04da1cd6befc1648

C:\ProgramData\Yandex\YandexBrowser\service_update.log

MD5 d40c6203299eb96b2ebcf0a58a55aa1d
SHA1 c77293430b5483169463014dc6edfa3398b598e9
SHA256 a98e219c5d44d702cf7916a6f8d50d502980772e6c49b7e2599f85c8760e675a
SHA512 1cb2fabc7c8c747a252b68ea0b9274c3755bdbf4d772e0338b5f75bbe3f0efbac7a31cdcc05827dca7f0a90ccac165d0a07aad41f55a55bb274e5db2246fd852

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\about_logo_ru.png

MD5 ff321ebfe13e569bc61aee173257b3d7
SHA1 93c5951e26d4c0060f618cf57f19d6af67901151
SHA256 1039ea2d254d536410588d30f302e6ab727d633cf08cb409caa5d22718af5e64
SHA512 e98fbfb4ed40c5ac804b9f4d9f0c163508c319ec91f5d1e9deb6a5d3eada9338980f1b5fe11c49e6e88935ecd50119d321ce55ca5bdd0723a6e8c414e1e68e16

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\about_logo_en_2x.png

MD5 900fdf32c590f77d11ad28bf322e3e60
SHA1 310932b2b11f94e0249772d14d74871a1924b19f
SHA256 fe20d86fd62a4d1ab51531b78231749bd5990c9221eab1e7958be6d6aef292d9
SHA512 64ebc4c6a52440b4f9f05de8ffb343c2024c4690fe5c9f336e78cd1dd01ae8225e8bc446f386feb442e76136b20d6b04ee293467b21f5b294ce25e500922f453

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\about_logo_en.png

MD5 1376f5abbe56c563deead63daf51e4e9
SHA1 0c838e0bd129d83e56e072243c796470a6a1088d
SHA256 c56ae312020aef1916a8a01d5a1fc67ed3b41e5da539c0f26632c904a5e49c62
SHA512 a0bab3bae1307ea8c7ccbd558b86c9f40e748cdd6fd8067bb33eeef863191534af367a0058111553a2c3a24e666a99009176a8636c0a5db3bf1aa6226130498f

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\about_logo_ru_2x.png

MD5 a6911c85bb22e4e33a66532b0ed1a26c
SHA1 cbd2b98c55315ac6e44fb0352580174ed418db0a
SHA256 5bb0977553ded973c818d43a178e5d9874b24539dacbd7904cd1871e0ba82b23
SHA512 279fb0c1f2871ce41b250e9a4662046bc13c6678a79866eaf317cc93c997a683114122092214ce24f8e7f8a40520fe4ca03f54930148f4f794df0df3ecf74e9d

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\tablo_GB_

MD5 d05ff01c9126cf5b4fb6930083bcabea
SHA1 01c12d9e6a373f27e76a474c8ad3daa4b8774ae7
SHA256 2060d394c4bd711a83bb9d613c90583fbca220970ee31534415014a9dd42980b
SHA512 bdb27c1bed92e07045087952f78a7e7621d2915bd15672b5fc738d29680de72733e1d6d702be859b4bb0631a18b8a27775abee52e5de5db996b53c5dc6a75767

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\tablo_ES_

MD5 a2ab187fa748a38db8b6736269f64972
SHA1 5e2e542d1e3fc32b3677b0aab5efa32a245d0311
SHA256 dc67a1ba4e945e0c8188112ce3ecb9c32d39d77d992ce801a2ac9f500191a4be
SHA512 5f295f3f7e61b6f206f70d776faeb78df337d3e2ef79212cd4af163eef31b7479b438749dc594374f5956048239513992c3763b6f3f5ac68bed5412a2f877797

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\tablo_IT_

MD5 b2354e0b4f3a3a25f9e0637e1848687f
SHA1 85e3cd44b2dfe0be78befcd8eb6c0776e5c06f1d
SHA256 2c9ab87ab9fc5f8f8d2f2c73128148167b3cfc52325a40366924a9997c070f92
SHA512 2e9ec9ec9bd7f98b126a62635bb24ba42f7da202b6760b77ff97c4d17471300e592bbd9beb13256cb5a61378a574424a836ae57eb046ac195a10415c7c1c1810

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\1-1x.png

MD5 80121a47bf1bb2f76c9011e28c4f8952
SHA1 a5a814bafe586bc32b7d5d4634cd2e581351f15c
SHA256 a62f9fdf3de1172988e01a989bf7a2344550f2f05a3ac0e6dc0ccd39ed1a697e
SHA512 a04df34e61fd30764cf344b339ba2636b9280a358863f298690f6a8533c5e5dfa9773a14f8d16a5bb709ea17cf75e1da6302335aa9120009892e529bfad30df9

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\web\web_preview.png

MD5 3f7b54e2363f49defe33016bbd863cc7
SHA1 5d62fbfa06a49647a758511dfcca68d74606232c
SHA256 0bbf72a3c021393192134893777ecb305717ccef81b232961ca97ae4991d9ba8
SHA512 b3b458860701f3bc163b4d437066a58b5d441d8a427a8b03772c9c519c01983e3d3fdb8da20f6a53ad95c88dcdd0298f72822f39bc3672cb6f1d77fcc3f025a9

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\custogray\wallpaper.json

MD5 19feb60966afbb9d1b797a050278f13e
SHA1 9874bcea4222a8f56d59c91b7abe603687a4f67d
SHA256 94cf5e38c38f78a42d70599c469a3969e4b3feb292da450a947d8463a57bfb9d
SHA512 2abd6fb2bd126ef99a7f0bb79072fdcdea2670d1b296ace2b4f9ebbabb343594b140b6c2728c31af339465619a8ee9faa2e3d64e1847e9557c50a79144d24196

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

MD5 25b5d707792b12afcb8513be382ea6cb
SHA1 edd9c3959cfc870b3df4b4e0e9e7164d1699c430
SHA256 b91574003d8d139ee29c494308f654bf9718f66966c549980d6770955c6a2b1d
SHA512 236fb96e80e3d6f54e204fa75d5772b2892e9d355f0aaddcbffa543dff80ba01d76ea7907ad496ec7754daca7420e4623b68edc8f08d5ceac6ddbc01a7de4c93

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\configs\all_zip

MD5 c9ac75ad5c047a40d4553130b013d891
SHA1 e6239762e63030317343a25368ba1c79a6c16bdf
SHA256 afd8d61655f0411c32e70823f917c10230f2cf4688d6334e72989ab99f72d1b6
SHA512 16a7f6396d9b5a099b6e5b032652d54a87120d87c584cf57d63d203ad1ec85f5199ae85a1589a4f193b456205e3d8b64c320093f3aee3d495b4fe424f0fa5f40

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\extension\elokbjeafkcggjfjkakpchmcmhkhaofn\brand_settings.json

MD5 64fd713b1e1f3252886b77e4e606d53c
SHA1 0f553961541f020d1d9f2d5f16ab0cab72c2383f
SHA256 1c0f05b4eca7127192e94961f30364d22b91f670e71ba46aad7675ce28f1641b
SHA512 da666313aae61b452b711d92633f356639a029825e440dac0c4a3591f293ab990c8751040b27b3329c5d2ff3e77a1ba7657280b1d08a3416a16e576688807529

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\extension\fcgfaidpicddcilhjhafmmcgfodijhjd\brand_settings.json

MD5 94aa453a6cdbd34e69bbe2f4693b4c5a
SHA1 c8c1b8590d2fcb66d9ad8a3706c2a7b15f84e3a3
SHA256 dddb5d56f63059b6429a67fe0ec143e894b8731368e93cc1f46bfe415af86e8a
SHA512 e83abe3d9000cf285ed5404c0d4cb11a2cef31299796d1fae7218301f4558ee84f9e27d22bdf7a4d39650ebd2de85a9a855787212e38962258c8268e83e3e651

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\extension\gopnelejddjjkamjfblkcijjikkinnec\brand_settings.json

MD5 3a1e3d1e0463434cbd8deb421d73b112
SHA1 0750d36567529bd5ef422ffcb7061957bbcf497b
SHA256 f1e7cf1bd64f05a06bdb6e5d2d2a8457bfc0e111ac6b1293840c5ac0952af27a
SHA512 9254fba5a1c409875d82d29e134cc102942a958ab5344e32c10ad86ce8e0e84854a405a273978dc90f2538fe4f5d540931d62b89439a885720c46357b02d2ba7

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\morphology\stop-words-en-US.list

MD5 30c12caa6c35fdaa225f9b476c003aca
SHA1 99822ef9d67eb7a121fc811162af9e815559cc49
SHA256 ae6606ea473ca9a9f8913cb2bd2b1ae2e45905d7ddc9638074656d0ed1c08b42
SHA512 5c38d37fc59032afa7a626f2b4a78195b95234a7a402010602423a645e3acd90ca63b2be82c20e762be20900bef38104efd4af12930e174c423018fe815c7283

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\morphology\dictionary-en-US.mrf.sig

MD5 197eaa00216af72690c09b8b82211809
SHA1 1e49ba86b771b391b63335fede7614f5ac427f84
SHA256 d5e3a63301977129113a9c0bdc0dd14173768c6f9f5ce2f2036c0cc6a53d706c
SHA512 f57b8e7d481ba5791c6bf454363fca3aad042270b572fb4b2ae1c0429a6e2f70d153b6bf44b139d48c959a1817c4e72ad3b280257b7877746fe93c40c880f514

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\morphology\dictionary-en-US.mrf

MD5 c8a293e130ee93c08592f0f5ba9616a8
SHA1 49e7d245af097bd28af5ffa503858830cd45011e
SHA256 fbd6c8f911927a994db26eac21e4c028d75ea9de593eaa525f331e5c9a911ce3
SHA512 9f4c01c6083ad7063db29b7075e0ac475794dfaa9b6714b119174607aefbf5384cbf17a96256b097de5b2a73669d060d5082cf2aa9244e7968c3d8853d09083b

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\safebrowsing\download.png

MD5 528381b1f5230703b612b68402c1b587
SHA1 c29228966880e1a06df466d437ec90d1cac5bf2e
SHA256 3129d9eaba1c5f31302c2563ebfa85747eda7a6d3f95602de6b01b34e4369f04
SHA512 9eb45b0d4e3480a2d51a27ac5a6f20b9ef4e12bf8ac608043a5f01a372db5ea41a628458f7a0b02aaba94cd6bb8355a583d17666f87c3f29e82a0b899e9700bd

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\custogray\preview.png

MD5 0474a1a6ea2aac549523f5b309f62bff
SHA1 cc4acf26a804706abe5500dc8565d8dfda237c91
SHA256 55a236ad63d00d665b86ff7f91f2076226d5ed62b9d9e8f835f7cb998556545f
SHA512 d8e3de4fea62b29fd719376d33a65367a3a2a2a22ed175cc1eeff3e38dfbaac448c97a6fbea55bc6159351d11a6aad97e09cb12548cf297e01bd23bf6074de08

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\custogray\custogray_full.png

MD5 55841c472563c3030e78fcf241df7138
SHA1 69f9a73b0a6aaafa41cecff40b775a50e36adc90
SHA256 a7cd964345c3d15840b88fd9bc88f0d0c34a18edbf1ce39359af4582d1d7da45
SHA512 f7433d17937342d9d44aa86bcc30db9ae90450b84aa745d2c7390ff430449e195b693a8ae6df35d05fee2d97149a58a7d881737d57902d9885c6c55393d25d6f

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\fir_tree\wallpaper.json

MD5 31b6342128a20e38a224a3c395f1d5d8
SHA1 afea42f96d007c0d02d90a2cf7d3486c73969d9e
SHA256 a135978536ba7409f381fcac3befed527e6d310fd4fb6a9e567adbb22e84ef2d
SHA512 5b53e2a4c66d81f4e3aec91be650c4b151812d7ea8a6ef1ff911dd56933f8153ccf4a9883e406b2a9cf59056037a1e7434ed9c6c102ad446db5b42e1af93ea64

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\fir_tree\fir_tree_preview.png

MD5 d6305ea5eb41ef548aa560e7c2c5c854
SHA1 4d7d24befe83f892fb28a00cf2c4121aeb2d9c5d
SHA256 4c2b561cf301d9e98383d084a200deb7555ec47a92772a94453d3d8d1de04080
SHA512 9330009997d62c1804f1e4cf575345016cda8d6a1dd6cb7d2501df65ea2021df6b8a5bc26809ddfc84e6ff9450f1e404c135561b1b00b9e4915c69e84f89cfec

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\flowers\wallpaper.json

MD5 128fc7ac1e268f9e506c2d945f3c1ac8
SHA1 eb9a7130c1bd710fbdb278cf96664313b3ce7ef5
SHA256 face1c7f9049d15861f636fa1e2103f008fe90b7819228c1405338501ee19a2d
SHA512 ee69306716398fdb6bddc3b6398f39a6de8ac253325431baaeb364ffbaa505c04c3c465769b50f2124b89cebc2e53abd4939fb23842127c018480d4ddad8869d

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\flowers\flowers_preview.png

MD5 ba6e7c6e6cf1d89231ec7ace18e32661
SHA1 b8cba24211f2e3f280e841398ef4dcc48230af66
SHA256 70a7a65aa6e8279a1a45d93750088965b65ea8e900c5b155089ca119425df003
SHA512 1a532c232dd151474fbc25e1b435a5e0d9d3f61372036d97bcaab3c352e7037f1c424b54a8904ef52cf34c13a77b7ab295fb4fd006c3ab86289577f469a6cd4c

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\huangshan\huangshan_preview.jpg

MD5 1edab3f1f952372eb1e3b8b1ea5fd0cf
SHA1 aeb7edc3503585512c9843481362dca079ac7e4a
SHA256 649c55ccc096cc37dfe534f992b1c7bda68da589258611924d3f6172d0680212
SHA512 ecd9609fbf821239ddcbdc18ef69dade6e32efd10c383d79e0db39389fa890a5c2c6db430a01b49a44d5fa185f8197dbbde2e1e946f12a1f97a8c118634c0c34

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\huangshan\huangshan.webm

MD5 b78f2fd03c421aa82b630e86e4619321
SHA1 0d07bfbaa80b9555e6eaa9f301395c5db99dde25
SHA256 05e7170852a344e2f3288fc3b74c84012c3d51fb7ad7d25a15e71b2b574bfd56
SHA512 404fb2b76e5b549cbcba0a8cf744b750068cbd8d0f9f6959c4f883b35bcaa92d46b0df454719ca1cef22f5924d1243ba2a677b2f86a239d20bfad5365dc08650

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\huangshan\huangshan.jpg

MD5 c51eed480a92977f001a459aa554595a
SHA1 0862f95662cff73b8b57738dfaca7c61de579125
SHA256 713c9e03aac760a11e51b833d7e1c9013759990b9b458363a856fd29ea108eec
SHA512 6f896c5f7f05524d05f90dc45914478a2f7509ea79114f240396791f658e2f7070e783fab6ac284327361dc2a48c5918b9f1c969b90795ceacce2c5c5bfa56ca

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\meadow\wallpaper.json

MD5 1a8908826d2efe5fa817ce6bf474700a
SHA1 f25ed2de494bae4ffeca33071e5c2dc034c863f7
SHA256 9c75f591907f6a631ba583bce6ddcaafa6f89a84a4bec8108637f7f471e821cf
SHA512 1b68183bd466d01ec25b1281737ac4e752263cd88b64e16324244812d46f8f985ebdeb35d065c7aabc7abcb93286e92b0f3d5b0b7173f5aa6e33891c417b6fc8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\meadow\preview.png

MD5 d10bda5b0d078308c50190f4f7a7f457
SHA1 3f51aae42778b8280cd9d5aa12275b9386003665
SHA256 0499c4cc77a64cc89055b3c65d7af8387f5d42399ff2c0a2622eccbd6d481238
SHA512 668e1a70a50a0decf633167ac23cba6916d0e05d0894daae1f7e3d487519f0a126abd4298430b38f52746a5c3b83ccd520b3d9b0ae1a79f893e36821a0458566

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\misty_forest\wallpaper.json

MD5 ea6753f7a10f9f92b7790c93f8ea2411
SHA1 0cb570e8ecc34e16017b920fbcf1036cf1508ab4
SHA256 b1f9aebdb9333b4b15c2a9339d18e974205cbd4a61d2a0b4d34a25b384a0de7c
SHA512 f7974e99c58696a4d739c4d590f5f50094082473754e6b1fb8a82c76566cf3b5713b1e013126f8fbef0f0c8af2e08d09b32307958c9ed1a1007c04ce89539ec7

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\misty_forest\preview.png

MD5 77aa87c90d28fbbd0a5cd358bd673204
SHA1 5813d5759e4010cc21464fcba232d1ba0285da12
SHA256 ea340a389af6d7ad760dff2016cf4e79488bda1a45d0a415b3cd02a4430c9711
SHA512 759519b8822a6a4b88fc9ba47fa9d5d898b2f5a0f359acfbefc04809e6d7f5df86fb130f191eb6f63322792a18c0e7170aedf3ce7060fd9ad7e1bec2e686c3b2

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\peak\wallpaper.json

MD5 dabb663536eef90a540783e707a311d6
SHA1 9659fe0463435f3281983ce306ff22fc101f6e57
SHA256 d1c971a197cb79f1df640994465aa7543bada90059f5b2768967d2b57c6afd2d
SHA512 ed6b4090eba519f2814dc51fccb92cdb703656c77be741f07753f9c84d09394d080158e04bba1ca9dee501b0dff2a21020883e538a6c0ced6a12602b7098676b

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\peak\preview.png

MD5 1d62921f4efbcaecd5de492534863828
SHA1 06e10e044e0d46cd6dccbcd4bae6fb9a77f8be45
SHA256 f72ea12f6c972edfe3d5a203e1e42cbbaf4985633de419342c2af31363f33dab
SHA512 eec8171bd3bea92e24066e36801f334ac93905b7e8e50935f360e09fa8c9b9f848c4c62b687299e8297c0693d6dbaf9c6035b471e6345d626510b73e3606ee4d

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\raindrops\wallpaper.json

MD5 69472b2b8eb07ec616a8e94a492c6c5b
SHA1 aec5df4e15d292a360a5dd6125217ef063ebe65e
SHA256 6e9ef0bb0853c6c898ec033d54d9d5cfcb68a5f52cd8f9bfff3528a02c73e06c
SHA512 e355958272292bcd7d767af692fb33941ad469809abb6366b1aff2bd4585de6a18b290258799e943f9a53416c9f5c139ccabc47cb337d0e6e4f5d499f2e27aa4

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\raindrops\raindrops_preview.png

MD5 28b10d683479dcbf08f30b63e2269510
SHA1 61f35e43425b7411d3fbb93938407365efbd1790
SHA256 1e70fc9965939f6011488f81cd325223f17b07ee158a93c32c124602b506aa6b
SHA512 05e5b5e9c5ef61f33a883b0286c2239cb2a464581d6e8a86d7b179b1887b4cb2cd7304e0821cdd3208501421c44c63c248a5166c790792717a90f8ac528fbf2f

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\sea\wallpaper.json

MD5 a79af1c34d9d4fcc609e57fbd387924b
SHA1 6ae1f8730d03cbca17a1c368da8a600157e0ea49
SHA256 8c60b18ca1810a5e75950095cb0dfb4bb9c32a18f99e5505cf40c39840b8a633
SHA512 b95aef743acb3c6890e3ca74fc260a8fdeb134ba399f6e9851d34a47fb2cad9791a64d6214acb956ba4c8b51dd710f8f10fa8c3e88fb1a0f52a7e2214eca16fe

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\sea\sea_preview.png

MD5 3c0d06da1b5db81ea2f1871e33730204
SHA1 33a17623183376735d04337857fae74bcb772167
SHA256 02d8e450f03129936a08b67f3a50ea5d2e79f32c4e8f24d34b464f2cb5e0b086
SHA512 ff0e60c94fc3c0c61d356a26667c5170256e1143b29adf23d4e7d27012da72ed8865ef59dc2046314c7335b8d3d331e5fd78f38b9b92f6af48729dae80f85b15

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\stars\wallpaper.json

MD5 8571306e9021fc89eff3c5ced3e02098
SHA1 49d6a7baa6ab4182c4b38c95be4bef1b243fc594
SHA256 0529c0be39bdcb289bf29e6a9c774d907b444857cfaa47d3942e5dae1b75531c
SHA512 7657c0e48b4cfa3025bc33b0decacc22646bde2cedda7f51b98b19a17a91461ebee57f054b64edc58318ef6caef7227ac21b740527144f3fb0bc0a2e7b9fef19

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\stars\preview.png

MD5 ed9839039b42c2bf8ac33c09f941d698
SHA1 822e8df6bfee8df670b9094f47603cf878b4b3ed
SHA256 4fa185f67eaf3a65b991cea723d11f78de15a6a9a5235848a6456b98a9d7f689
SHA512 85119055ddfc6bc4cca05de034b941b1743cbb787607c053e8c10309572d2ef223786fc454d962fbb5e3cde5320117f9efe99041116db48916bc3d2fcd4ffa25

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\web\wallpaper.json

MD5 7b00cfeccb0f471865d2ef08fa1d1222
SHA1 1881d5a29dfe86d6d19cac14a1a4b95b05494830
SHA256 22557386855643b706808ea9aed33ac22fa26f58d2fc281fb0ba917cf55f990a
SHA512 b7d80dccfa5f051b1ec8987193857aad83c7365e12f12fa68b8edc6ae0dca1d8a4d846e284fb8e15715b5ce7478dae334da5651b97a68189cb43c74e7fdf7177

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\sea_static.jpg

MD5 5e1d673daa7286af82eb4946047fe465
SHA1 02370e69f2a43562f367aa543e23c2750df3f001
SHA256 1605169330d8052d726500a2605da63b30613ac743a7fbfb04e503a4056c4e8a
SHA512 03f4abc1eb45a66ff3dcbb5618307867a85f7c5d941444c2c1e83163752d4863c5fc06a92831b88c66435e689cdfccdc226472be3fdef6d9cb921871156a0828

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\sea_preview.jpg

MD5 53ba159f3391558f90f88816c34eacc3
SHA1 0669f66168a43f35c2c6a686ce1415508318574d
SHA256 f60c331f1336b891a44aeff7cc3429c5c6014007028ad81cca53441c5c6b293e
SHA512 94c82f78df95061bcfa5a3c7b6b7bf0b9fb90e33ea3e034f4620836309fb915186da929b0c38aa3d835e60ea632fafd683623f44c41e72a879baf19de9561179

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\sea.webm

MD5 00756df0dfaa14e2f246493bd87cb251
SHA1 39ce8b45f484a5e3aa997b8c8f3ad174e482b1b9
SHA256 fa8d0ae53ebdbec47b533239709b7e1514ecb71278907621ca2d288241eb0b13
SHA512 967670863f3c77af26fa1d44cd7b4fe78148d2ba6ea930b7b29b9f35d606554d664c0577068e0c26fa125d54627d7e7543360bce4acee0af17783b07450b5f52

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\mountains_preview.jpg

MD5 a3272b575aa5f7c1af8eea19074665d1
SHA1 d4e3def9a37e9408c3a348867169fe573050f943
SHA256 55074794869b59cd5c693dfa6f6615aea068c2cd50cdae6dd69bd0410661ded8
SHA512 c69bf39362658dd6cbd827cf6db0f188a9c4410b3c6b7b532595fd5907974e2141d857942ffb2497282e31eaa33c71240c2c2bd8721046df55e3358e8b76c061

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\tablo_UA_

MD5 61aef3bba55267d45529f487b7e61716
SHA1 c397377caaced67127eab936369f117b5da158f1
SHA256 792f8c1e9de09cec4f4ead577a5fbc15705347266b73a7cbb5c17492d7ad9aa7
SHA512 a37f43bc7d77cade850f0a85e6b3c0a6bb1afe06fd296ce5dcb17abab4d619003cc0f17e7182efb111fb84359475ebcccd5c283cfdee885e8bac95fb39f7fb57

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\tablo_TR_

MD5 50dbdb9aaec42827cc2eb5d04f9c73a8
SHA1 0769ba6c5fe530ced2562107472314ebb2cbd909
SHA256 c0e6fb42389e71e97b21f50c6dd766172cd4ef76392fcb2305ea747c177b3e21
SHA512 7f5e0cc72d3956d7093bef7fc77605294b84fbd58c966b5091aafc5ce1f25788e707c482b40129f28155d8b88660ef6b954f9a682d43be337d84d7dfc175ec99

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\tablo_RU_

MD5 f95a365fc86e04f9b40d07b361907fdd
SHA1 5e399608d0491c04014ffae22c9d2fbc80ba79e3
SHA256 86984ab8b856af9f74c8f19320edf37b0d77cec81c47d904a140630842ce4427
SHA512 3ab98b43da1cd9ab2e26a247f04314c1ea31bcb61bccefdc8f5f458320b8d3b2a9fcf157b52e326e112fca4ded062f50e765ca03d62cfd95ab03a2087fe6ef2a

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\tablo_PT_

MD5 cbfc45587ec6c290e2d7382fb125bb06
SHA1 5b02fcc706a9f3a35a5d74927bbfa717ad6836d0
SHA256 320a0b330e0a40d1a5c74221bd3e4b1efdd9a1c353cb07a73d88399c2a991208
SHA512 fb22df834a02a9df01bb479cf28437641455c113d84166672a15a76bcb977bf5deb230cbb21c99730ac883545e7f457cdab048c278cc2802b11568d4fdfaa1a3

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\tablo_KZ_

MD5 9f63f6736c09a29280c8d3b3183f959d
SHA1 ba172ce3c43996316f4c231ce443f880bedc9e9b
SHA256 d33cb20100bd3f182514171f9d41fa36e74ac32bd30c2c44f0d471449b331618
SHA512 91948d89a0cf9a4519066cd9b6bf2ee9d5e29270a77e57160354f4e33f3ab73934851136563f0d85d10dfc5acee5bed3bcafdeee179aecb85b8765421e1062db

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\tablo_JP_

MD5 afc46500500ca4fbd99209621ba961c0
SHA1 530792f4d2dca8a77a6253d97c2047d221ba4188
SHA256 33e924e65ef2b05e48ada9e95feb4c9c4b4be442f79a04c8d863913f94783574
SHA512 2edd0372618df78803026824196a4841b569c0c3cbf4b5247556854201953d492b42b89eca5deb1ee9d8d1658ddabfd534ab97c3ea61b0ebad3d716aa2a40cda

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\tablo_ID_

MD5 38e1a9f53847518a321c65ab8ca40e75
SHA1 7fb594a3a407744ff45169dfa4a3118a1bd747eb
SHA256 51feb3e49bd80615e19ff9a5c86a5a6630ce0b7b7c85c939f90a9255f9f2c12e
SHA512 2043ccbafdb8740c7cc967618893589c431db722b266c252e0744b031d5b7bc950c804349d7930691fa062537dee9100421f95b8e53c042793f06ef282e5dcbe

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\tablo_DE_

MD5 847356d02a4dfaeb0449153805dc89b3
SHA1 b608ab76c78ca53787191866dccd447be841c61c
SHA256 c5a232993c677b3109542bd974336ad8dd42830319be773dab75c3e147c07317
SHA512 c5b01b532ed42c056db108f6bf227dc3773640dd556278c3af0a7a7229bbdc3963ac0286d4714884265e189440f04a31addd5a36002f22ada5ae8364c7e79a78

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\tablo_CN_

MD5 5fb2a63a8a3cc86330484f6b89d17bea
SHA1 27a01c90bee60fe786888d641170768f76326734
SHA256 0fb259ab08ceb8987ada8b362a48e0bf54c2063a7c374203dcbac8dc6558b056
SHA512 a87165e9a0eb49c04e03a4764505770ae936c8cefa346c41b47e39e90b31b33fdcb9cc0ebf1e706aa8e3ee34d81f5a815d4f9587a022c64a73e374f35c8de4da

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\tablo_CA_

MD5 9644ce7d7022710f9e3d15ca62652130
SHA1 9501c256b77bf4f2d15eeebea872394be64453f7
SHA256 2e9b8194da778435200d9eb756d4356e0741ffaac24e7f8fe064c35c2b572539
SHA512 81e1cb5b76a19e07f9892fbbb016594b0545cff56e3d7b5fc124c9c54746d571061748f0388dd911097c03fc379dc25235db21cf8ce141396c4a712368dc8d1c

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\tablo_BR_

MD5 eff751f0d80c5df86c5edca15aec9a4f
SHA1 49607e819f796d34d1ff7c1c894604f2a5de4b56
SHA256 18b6ae3ebec51fe0a5398a53a3296b2300e75690b2f5d9763e68eca8e938d9c0
SHA512 2e486efe9ec6c65dbef2d98f0f95f87282a210068118c71d3ad33fd6400e01b49060dac926a5632e317b5e3ed04f66638e179956531a299b31dbc249139cf902

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\tablo

MD5 0a8228e3d9397b33f203ddf77940b986
SHA1 69249827fefcc7409098756a0dcfcb79bf1955ae
SHA256 ba9cad7508d2e860014f4a7c7bb290034dc7cc4def9142bac3e5ff1120f5135a
SHA512 a9d76de78b02b3651e93a927658945fe0320b395f50ac12055dd9e99cc5516408a1a6778ec281aac2e31e75fcf40ab84ff5665b06ae6892d68c349c9a5791de1

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\sxs.ico

MD5 592b848cb2b777f2acd889d5e1aae9a1
SHA1 2753e9021579d24b4228f0697ae4cc326aeb1812
SHA256 ad566a3e6f8524c705844e95a402cdeb4d6eed36c241c183147409a44e97ebcd
SHA512 c9552f4db4b6c02707d72b6f67c2a11f1cf110b2c4ac5a1b7ac78291a14bf6eb35a9b4a05bc51ac80135504cd9dcad2d7a883249ee2e20a256cb9e9ceeb0032f

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\import-bg.png

MD5 be2acbae1c7b09125a85c5517a7dd70c
SHA1 091dbd354f830ddf74258b337dc4f7177a860d1b
SHA256 d1f78371b8d86ecd9a1e6c5878ff5da756f8c9ebb6b1a6d5d24ed017ad64c010
SHA512 dfc66f11ab6f79a8726efe47c478664973b04a277a9290cc6703899a12271909c757482be8c0a2cdcdd290e5a2a29d441a8d09c2bfc686a9482f07ceeb33f673

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\brand_config

MD5 f88326bf75f9377d75dc3b34df88b59d
SHA1 f4eec740fe217e0743dc8b4f478d881550f8e12b
SHA256 778033d4ad9e66340c0bd06770e6d673d76d83d1cc3e9abe52d98ad4276585cf
SHA512 9aeb77c703d3d2e1bf4575c94585109d62c7d51fa07b3192af23b861069b65c28baff67c096b94b1620dfb80777e42cfdf9cae891a7d664fbe895abd7ece4791

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4a4f6cf68b45ae2e9f04268e2caf2426
SHA1 90658f641c28a8ffdaf89fadace771a19cc4ef61
SHA256 530d2a7a234afe050fb1a504cc6a76a118bde88d513e6df2df6974b7ae0fec64
SHA512 ae8f268597fb64bea9bd9905a28aa28ed815bf5c1bbe5713804692d6be561806f51de1eaec49deb2d997b07e662155abcbe2c1e0d8c5488073daa6f3704053f5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe587f0e.TMP

MD5 e7d909c76a491bc871417eabedec96db
SHA1 875a5765cc9715c712f08bfcc2435a6b45b72e69
SHA256 e1a0ca836bbf735c9f0622aad8250b37f5abac60f79330bce227ac5f5d9113d5
SHA512 3867ab3302314326ad26c6335dc9ee72ff6692056f4f113e827e651cc9cea332d3a8f55f2a493cc433646d026fd54893871361417e9aaecad37f2ad0d235136c

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

MD5 70ba17da67e0a4602cb2d13bbcbf09bc
SHA1 23c7dbe5ec29949247309dfbfaf812a81bb98058
SHA256 88f72db9c5fea44fb35156fef66e6fd493acfe0f320685bb199759626e57cd37
SHA512 6f2dd1047d17f394d05848915930ff7b3e523b05a2de9eaed7ff80a189f441c579cba48157900ceb4e8f42ff0be29fa687ebb1c67f8b5fc24ed32f97b6fb3926

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Site Characteristics Database\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences~RFe588fa8.TMP

MD5 9909f7492018b7e8103ee5b6499dd6bc
SHA1 e18e7c56ca6c79635daf2a71cde99a5fd487db66
SHA256 2a239a5e8eae0b07ecfb544c89f2f3479957f4b43b614b2a3dfb69686deefccd
SHA512 e8f1481507540f7ed5d0b6035a744ce72565b1b8ca8554fc062315038d0052d3defb95e7db08ee8ac1deb63c80895ebdc6a29cb3d079715e036e53923b8b0dcc

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

MD5 5ad5a438a1d5fb776f68c202a9d5f97c
SHA1 c44e95b6dbb8af72a85523958cb3e3027861b9da
SHA256 80ab359f6c5b2b7fb7b0e04ebf34561de1afe158517ec365372a760212130255
SHA512 33d7d258d2364737c310244f185f4ded714ff19bb1dfaa5168f76443631ed1e2f3e7211c526d465cd4276c853eeaa37f854fdd03e02c287a3fdfe69ed681d44c

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\593d80a6-1e86-4510-886b-3562cf100658.tmp

MD5 c2c78b6f53525e81d98b42b97fc00e49
SHA1 d6a5bc9ba52970f263a6e1c024f6ee3efed31f19
SHA256 41e946fadbb9b9b9265bd3cda919af57c7e1cda585fcfffdc9a168f4377183f1
SHA512 49e5c8d9cb57ebae1918884f88cd8d3d14d8d9093235f446b2eb1ebe5a816ffdb470793cdbed71ef9fefca4272c985dd08f5642155bf916492675bf94d2ea86e

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Secure Preferences~RFe5890e1.TMP

MD5 531a4b2e30b07985df9c2620cb7693fd
SHA1 4c0317dbecd49a71c87f37e4d17f4197101aae0b
SHA256 f79b22a76fd630f9b02d0f58cb276521fb9aef7051a59ca5f32dd1ba6725f76d
SHA512 72c3e1361848c64402d1723f9de6277db9110777dd1f540b29f7aa49af0df7e5ac60558e3046a805989239148ca9e687ba52b46dee83b5029c534d76899cea4e

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\8fdfe6cb-b722-4933-9af7-2005cea0b403.tmp

MD5 4d4b657a4d0b9703e41b3e14991c5f6f
SHA1 65858616de1ec60bba42d2afc307cec3d6da232c
SHA256 a0b1ad95ddf3645510625d1f6da088b1d78ad2fd3d19aa1550dcac7e8e4ccf1e
SHA512 10b753ca1898a8c5ca162feb1f58e9c90d17a2cca47b6a70c555d7e7a1188e331e339a2177f83e8211e742a0a2e680b0d86e0f2ee2fb17c8914fb1d6c6b3cd92

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

MD5 454be952fc7f319af950f70176d0621c
SHA1 36b9bbd56fd8c38f35496925056d9cece3420c59
SHA256 53f3353cb255a2a8c552d07560d2cba27336c486c307f4fa81b2c9268f233ec6
SHA512 011bf69de080a7b5186611c2ed1c584dc42dc0cf4b1f3c74305907abce41ce11135a54fc9b18b54c3c71d4aa7ca99f7a18fcd3a8c7d30155afeffa9e6621ff2d

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\GrShaderCache\GPUCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\GrShaderCache\GPUCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Local State

MD5 7a2c8ae4f6c10f7e5e74f84d7d3f64c1
SHA1 1a9aa65c19330fb2b1802f97ff4d2df8075a3b24
SHA256 d084fd2b6e208350fbe64832c3078ac41fa90edf935ed82773eae8653f28182d
SHA512 611326ca3e0be30ce5ff8ca12c67153c80de65f5dfcc7055defdc482a81b3862cc78a3006070e28450d72aa3966b4461b23f25437304af7a8b196ec651fd4af9

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Local State~RFe5895b3.TMP

MD5 9bbbe12c06ba7da43bd0e707a632f69f
SHA1 4227530b628d50801d517eb5a2cb06928e3a5750
SHA256 d42409d746a463b89ca332c7a6d82104c98105aad3099e35fdbf90afd14ff6b3
SHA512 df19acb0c374d0481fd894e0689d7c778ea9b1338c5305e15639ae5986b03e58e1b8fbe2f2b11524cfe6c99db750504098763ca2593c6c85c559252c6c124f62

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\turboapp_db.json

MD5 a705561eacbcc6726f498fe498d1924a
SHA1 8e0cdfd1b250596267c668f0cdc57440733cd90f
SHA256 39ed720c217ef1542b0c886fdde24f1916347e57b7a8e7e98c2f1ecdc0d14643
SHA512 4bf63c74d34e668e7293e0f2e6b5b9803a2b5a72c9f8feb351f50faf9e4fb38daa7ceb73336218713a8915909da7bfd52f1ebf3f64622e4b9a89d333640945a0

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

MD5 9aa6d99d3038cd4c4d74fef4196055e7
SHA1 b673cb0a99951f34da9c28702dca44c126e7b8de
SHA256 5a408372f597d3392ccd78bdcea2b6a28039b1d8659fe9fdebea53ea072222ed
SHA512 679a1c3adc1f6e594615648ac98b800039223cd0a0b083e013373d3688566acee45d56e00ee76d9d0de5cc11856f8b7347f90ed05d9c2c3f5e6f5531a8742379

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\turboapp_db.json~RFe58968e.TMP

MD5 e4cbf911329a88c2e24f879e5e82aa18
SHA1 3b61b8454eb66af7f0d9ac6540d222ed56006a0f
SHA256 d4c82e8f144f8816da30980387a6f616511a45e86cf067d4e22bec68cc942691
SHA512 fa64bd9d3f9aa75e8b9874ced4cc0a29165cd85cf94e23cc9b653a1e63ef1ece611a3630e51d1d44c62e4258b72e1018e8d0ecd3f551dd5292a8969d1f4adc30

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e150fb5adf47d60d498d9f9d4b90707b
SHA1 78d2adce44e4ccb6215e8e812eb3c180752500ed
SHA256 4cde5a098edf32229223d7219b605639106f69e3e925a865c8bf252802b17f4d
SHA512 79bbfcc7556182583f402fc8035182b2448ab3a96dd0d8211ed8ad69fbbe9ae0174bc40f515dfa021bd95e4ce93904c8257bb5891f1bba90e2428141c5433c8d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 54191046ba8e6a9478f273102735dbce
SHA1 56702c8e20b81e9de7f443a2e5700207a0f92a09
SHA256 68eaa2adcdb3e1acb41b5bfc048a581b04974a23d86bf5ca44a1c4a65846eb9e
SHA512 87b4ad7ff6596ef1625992927a3308bc58183bc628cb6893f665f124e47cd79d9824684ad0cccb6ceb8d29ac7723e0a87ffeca7b1cfb122aea1ffe7bbba9b501

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Local State

MD5 8bdfcfe2efe057beefb634a653a225e4
SHA1 c7f8e877a605cbecd8196e48f41f2102fd4bad6b
SHA256 dbecf5cc8128c04f99bae7615a3a08a86d0d1934645a6c0b8e0e876d4f4be2af
SHA512 6e96ee88da90f64e1998f63305cdbe18f0228387d6dc5e9517018987da8c42a5cc30a34abaa2fce1d053a34350ebc14d58e7ecdcd483a2cb6c7f832f51b4e9dc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0cd996210a9664fca157b81aa262d88d
SHA1 58d511e771a7df4ea8ab7f3128969d22114581af
SHA256 bc2da9acc6b30814447bc570db655f37905ae6456189963c9eb61eca0f86d837
SHA512 22b40cc4473f512a67631a6b193598a00072ccd44782b6b5dd85af3907c6ad336eb7854d967d7b6325f9b0d209ae5d589aabe5e13516e61c6a1012cb81b0f288

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

MD5 a9414e57101cf9c73772420f3b2ab632
SHA1 fc3b6d9d8596a9135cf0ce3dcfa67c1d29ab08b6
SHA256 a50b20a6545669e4e38a65159b5d4b6a4e1ee27aec85c7fbf5fee195703ffacc
SHA512 0436bf931ed94fd469dfa8ddfebda3bd0004b299b448a7ae19dc110378c2bf35f9a9c1603db530dade20cd1339d7b018ddcee1c1509c3672ef2fa5f55d9a2f69

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\GPUCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Local State

MD5 66888d8c8ca5d14196b2bed68a7babc0
SHA1 07ef8fbeb858ba8982fc44e21038dbbdbde7d876
SHA256 e552d1a501dae14568ba0a0769db3e281b024a4e58b6e1d760053a5c7991ef68
SHA512 ef3c4b4a8fdea995e5c4973148a68822ab592b81f6e1afb9af237e2fb7af838349b7ce4dc13f454b2266518007cdf6a6c484db0efd274b9faf5ec6700ab062bc

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TransportSecurity~RFe58f6fd.TMP

MD5 fb7b26e5ce3da89897dc90209dcb0f83
SHA1 c4890a6053d698a1cc89b85ab4907206ab9e2b39
SHA256 6e43c5d4ee21fc3d947ac90cb57a76be85d45970bfa2d731a2ca5ad64c43dedc
SHA512 bd081dc8ecdbf69d25ce8f1c078ecca6572db335b0af0a9780adf1fe2fb341dbd78c045306bb2dcacf2d458b7f1bd8368f8a9009216355c0df6c6c8d67454efe

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TransportSecurity

MD5 18a98cbe44b053d031a2eb8e4e327f15
SHA1 670867cbc5e69919ec008899781a51e547d6011c
SHA256 3ef26eebde2ec2c40f96e244fb8497073e114af18e17261de3fff1f75f3fb9d4
SHA512 fbc2ae2cda9b28670dd0be667813f0008dd1b26d1b872b4fea0433036de351cecad67010109a5eff22693364f8faa4714970d9b570c011ba1dda8d4031dca3bd

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

MD5 fb99d126a4c0f75dbe973c10b0f3c70f
SHA1 4476f04d4d082ebd368940b4cfc700f5397abaa5
SHA256 8bc92795ab1a5430530dc9890af45f1e07eed7e9833d7f943ac914704719c23e
SHA512 c5e90f952b3a4472c00b38b31c0ed364724901e13aa7ec796c964c47a05da563a6d9ac61f2125e0699e7aca53dcfb63a202ba3d5ec6d9cc9195278a019cb4c12

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 414c1e471e9f55e12eb2a01ad56fda82
SHA1 3fd2caa26f4ef53a25f198a68459356bea89bb55
SHA256 d5e39548b59aebf5cb442bbdd3d5ec83d91f29408bf2532f2f7227475a3f9a46
SHA512 9b667b8f11f1ae5e062787b836a4cd9b29529940f6252533a1c65c8b9f100fa024a5c2417b941f6508336f57a46bd1334c1c57b4d64007345852f56995b94656

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TransportSecurity

MD5 ed15a9a67ff122e788fd3727860e740e
SHA1 f189a263e8c4a994e76df461e6366c66afae4a80
SHA256 12ea84ec7a1634857ec5864f1a67241c069d21b370ab7b65ad82e9d26ce2ae3a
SHA512 12aab9dc16b8366986de5ae425f45378f27f3e2768c3208c42dffb40d701d8e31e5b06d012e332d976e12fd390e42447f6ee1177fcd1111f486ce13f5f78c6a8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TransportSecurity

MD5 2a7e5e00451417e8b6f8989a11e88e87
SHA1 4128b1c079c499dc32ff96b5a55fe0871aed69e0
SHA256 07079c9625d0902ad9a416a69c493a73e275ab7391c91d36a6a99885910316e7
SHA512 1162cd5f09ea0f398a4e6c65497b9456595e26ceebb42b9f6b5bef419eb9bb5bd6d75d4c4fdcb1ac18467293b51df7aa569f59e685d9fb5a112b66efc8d246e3

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TransportSecurity

MD5 cab18f9e910bc43cfcb1db5dc791d9e1
SHA1 48c2090fa6b05b3c772299e742b284afa9cabf8a
SHA256 1468b54db90c3c87e9468b5604ef7bd67e7b2074f34f2f632979660bf7435c1d
SHA512 11accbee1099dd8f9087c722694715808e7abbf2fff30ed00cb0912e454ddec771857d5152340456a4d92119e27999ce3eab4b74c4f0b89b2b5aa4b355ecda92

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TransportSecurity

MD5 70648e9504c7ce1d060b8c931272c93c
SHA1 6ce30bada13a0b61d3879e61bb7b7fdd1ccbb4b4
SHA256 810f19d91f0b58324ee7ba3fa27848870e298ad6d04507e5bb9dee6f07219a10
SHA512 7c367a3d5de1c7888323555e72122b26241c7674f0c1774620c13906ddfc62f226e93d3c7115c727a4da37f0445dd6406ca4161eca8be20087f8af89bc893002

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

MD5 e158e9247938325887b666d342ea4347
SHA1 c2b2fdae19e64c4aa43b95874f0169a0317ff849
SHA256 b3994b5bd42caf7da5a98b8914769b15706ea2d8fa39dd53be67f672748c9c49
SHA512 d70ce920779b9fb58027f0a6b898124297500a28f55b46f7c70aa197b03f9aa862a004458057b70b739371552b1802fcfe4ef7f839dd1908c0cb002ee9ddc0fe

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Local State

MD5 a71894c27b5a9d70576a941eee62aa07
SHA1 3a7a1a0ffe3d4932e12d7d1d67e9b4eac46399e9
SHA256 e39394a61d2a54f12b27f83e2b72d4cc14789cb6ea9d480d9374c846c027d603
SHA512 6a8b9bc3e39b05c0d89907dea342c5cab3dd23a914aa3abe092598ee2aae5f4a29fdd603138a9fda189700ce9f80aac46489f779cc27e8e2d6084113535e4647

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network Persistent State

MD5 e545c22b29732e1abdcd0fc1d3564360
SHA1 bc092752d0cec2f51e80423e93b449d584e1b50a
SHA256 8c29dc6302c58a2f493b424da5e45109add0081eab6b213615541233fd82daf8
SHA512 de11e233a574ce02b14cb60467af95d5d77d2e157f30ca4dde9430f0278c4f80bde2f41d3970046ca24deea22f395e0843ea0ac9d479de9c79c258d36a5d6d07

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network Persistent State~RFe59a985.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TransportSecurity

MD5 13a6fe6b3887d9c39d46efd4d214e388
SHA1 abaaf4946d02c7869d17c904c8e160aa4788358a
SHA256 d06eff268cfded136b15e8416c9d3296cf74c3ca3fe7b4a99f2fc95eddf96428
SHA512 c060c8d0d70b33b934549cf69b66a8282d136bba6a9bf026154d09ce7c4a07d64e821a8179a890170aca0557be053ba13cc2232564cd910ce547e34510ac7915

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

MD5 394ec438a2b38a05b740733ed8753bc4
SHA1 6fbc7347d9a4c151a8ba7fdb480879ef3b8284bd
SHA256 bdccade8efdaacedb9ef9ab2a0c42a2edfc6f375c9314362c7b858fa00ccb46c
SHA512 b5ba47ccfdeb80d1176d192ecfe17b5c9595bde98b91ecab53ad14927e954188359611b06795fa7b1fd22edea455c5a7f451be9d52686755a388f3bce1727069