Malware Analysis Report

2024-12-07 03:10

Sample ID 241113-q769aatbqp
Target 0ef256b6fbfe6fd11f3a781f4b822180bcdb7196c8cac4d4cee4e79d0551e7a7
SHA256 0ef256b6fbfe6fd11f3a781f4b822180bcdb7196c8cac4d4cee4e79d0551e7a7
Tags
discovery persistence spyware stealer
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

0ef256b6fbfe6fd11f3a781f4b822180bcdb7196c8cac4d4cee4e79d0551e7a7

Threat Level: Likely malicious

The file 0ef256b6fbfe6fd11f3a781f4b822180bcdb7196c8cac4d4cee4e79d0551e7a7 was found to be: Likely malicious.

Malicious Activity Summary

discovery persistence spyware stealer

Downloads MZ/PE file

Reads user/profile data of web browsers

Loads dropped DLL

Executes dropped EXE

Checks computer location settings

Checks installed software on the system

Adds Run key to start application

Legitimate hosting services abused for malware hosting/C2

Drops file in System32 directory

Checks system information in the registry

Drops file in Windows directory

Drops file in Program Files directory

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Unsigned PE

Browser Information Discovery

Suspicious use of SendNotifyMessage

Modifies data under HKEY_USERS

Suspicious use of FindShellTrayWindow

Modifies Internet Explorer settings

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: EnumeratesProcesses

Enumerates system info in registry

Suspicious use of SetWindowsHookEx

Modifies system certificate store

Suspicious use of WriteProcessMemory

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-13 13:55

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-13 13:55

Reported

2024-11-13 13:57

Platform

win7-20240903-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\0ef256b6fbfe6fd11f3a781f4b822180bcdb7196c8cac4d4cee4e79d0551e7a7.exe"

Signatures

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\yb9849.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe N/A
N/A N/A C:\Windows\TEMP\scoped_dir1048_303211244\temp\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\0ef256b6fbfe6fd11f3a781f4b822180bcdb7196c8cac4d4cee4e79d0551e7a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0ef256b6fbfe6fd11f3a781f4b822180bcdb7196c8cac4d4cee4e79d0551e7a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0ef256b6fbfe6fd11f3a781f4b822180bcdb7196c8cac4d4cee4e79d0551e7a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0ef256b6fbfe6fd11f3a781f4b822180bcdb7196c8cac4d4cee4e79d0551e7a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\yb9849.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe N/A
N/A N/A C:\Windows\TEMP\scoped_dir1048_303211244\temp\service_update.exe N/A
N/A N/A C:\Windows\TEMP\scoped_dir1048_303211244\temp\service_update.exe N/A
N/A N/A C:\Windows\TEMP\scoped_dir1048_303211244\temp\service_update.exe N/A
N/A N/A C:\Windows\TEMP\scoped_dir1048_303211244\temp\service_update.exe N/A
N/A N/A C:\Windows\TEMP\scoped_dir1048_303211244\temp\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Windows\CurrentVersion\Run\GoogleChromeAutoLaunch_45886AE68CD319C7351FF54A1DBD4B87 = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --shutdown-if-not-closed-by-system-restart" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Checks installed software on the system

discovery

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A yandex.com N/A N/A
N/A yandex.com N/A N/A
N/A yandex.com N/A N/A

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\349D186F1CB5682FA0194D4F3754EF36_329286CE101A90C7D927A9DF52224760 C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\7TSJSPCG.txt C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\MWTSO275.txt C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\SGSYOXO0.txt C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\349D186F1CB5682FA0194D4F3754EF36_329286CE101A90C7D927A9DF52224760 C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\5284C3M6.txt C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\_[1].js C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3 C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\MWTSO275.txt C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\GH4NJ8XM.txt C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\XSQRR4MI.txt C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\7TSJSPCG.txt C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\5284C3M6.txt C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\SGSYOXO0.txt C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Yandex\ui C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3 C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\269KTOGT.txt C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\269KTOGT.txt C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\GH4NJ8XM.txt C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\XSQRR4MI.txt C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe C:\Windows\TEMP\scoped_dir1048_303211244\temp\service_update.exe N/A
File created C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe C:\Windows\TEMP\scoped_dir1048_303211244\temp\service_update.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\Update for Yandex Browser.job C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File created C:\Windows\Tasks\Repairing Yandex Browser update service.job C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\Tasks\Update for Yandex Browser.job C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
File created C:\Windows\Tasks\System update for Yandex Browser.job C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\yb9849.tmp N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\TEMP\scoped_dir1048_303211244\temp\service_update.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0ef256b6fbfe6fd11f3a781f4b822180bcdb7196c8cac4d4cee4e79d0551e7a7.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0ef256b6fbfe6fd11f3a781f4b822180bcdb7196c8cac4d4cee4e79d0551e7a7.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\ = "90" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "47" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\Total = "637" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\Total = "47" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "606" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "437667990" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d793ad506ece624c80bd99362738d9070000000002000000000010660000000100002000000038ae1f2f4f1da8cb242e4ed843b30d60e5a212d86697046df7f8632dc0e33859000000000e8000000002000020000000425fcb0936e5e47a2a486ebfec4e6b0f1369c770e934aee209b959e449117de020000000973f7fa729cf58b4ed9dd291ef529ddcc1d4478fc5806b0690fb9fd211593cee4000000059ab33e974bce35b0cd5cc5786ec3d27e09b30da90538e90c523804de0c5564073a44f77a774294f1ee8452ae9f37f25baa9dec0b313e4c9e43cd42f76db473f C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\ = "637" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\ = "606" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\ = "33" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\Total = "75" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\ = "9" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d793ad506ece624c80bd99362738d90700000000020000000000106600000001000020000000c2be968e5e3fb563b6caae4cad20068dac2ee6ff3a325a28af134413d065e316000000000e80000000020000200000009416b2997f49036a0bd09886e8d6dee48715ad14ddc64619c79e25871fdcf96a900000001f45bf73d38f297a36efbe64ab9a7428954741cac162aba6307621eaf559051d6f4365c7acf6f25c8adc1c9b3b29a8d8aaf3e3fdd19b2727afde25cf0a57e7bfee51b58a8c275fd289f2513d2298fa5b443f78505511f5cacfb1f79d92de6f1566498bc670b11510c4421613255bee3a12be0a1d462636a2f8a94c9a23d0d62514f91fd90ae5b8bf00e68dbbb124abb74000000094642674222f46a314588a62a386a839915bfbb80f7e3e81deed412cd26a0baf3d5836acc8d7f88b60c096c9da0b2f0aa52997b4133bf25bace1239cfcf453c9 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\Total = "33" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0c00accd335db01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "637" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\Total = "12" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\Total = "9" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "12" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "90" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\ = "47" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "75" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\ = "75" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{ED13D071-A1C6-11EF-9C13-E699F793024F} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "9" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "33" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.com\Total = "90" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{FD47664F-AEAF-42DA-8CAD-C940E29454AF}\WpadDecisionReason = "1" C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings = 4600000002000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "0" C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{FD47664F-AEAF-42DA-8CAD-C940E29454AF}\52-2b-da-8f-26-42 C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:" C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-2b-da-8f-26-42 C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-2b-da-8f-26-42\WpadDecision = "0" C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable = "0" C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings = 4600000002000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{FD47664F-AEAF-42DA-8CAD-C940E29454AF}\WpadDecision = "0" C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "1" C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\AppDataLow\Yandex C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-2b-da-8f-26-42\WpadDecisionReason = "1" C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{FD47664F-AEAF-42DA-8CAD-C940E29454AF}\WpadNetworkName = "Network 3" C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings = 4600000003000000090000000000000000000000000000000400000000000000000000000000000000000000000000000000000001000000020000000a7f0170000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{FD47664F-AEAF-42DA-8CAD-C940E29454AF} C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-2b-da-8f-26-42\WpadDecisionTime = 384cbfd0d335db01 C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\Yandex C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{FD47664F-AEAF-42DA-8CAD-C940E29454AF}\WpadDecisionTime = 384cbfd0d335db01 C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\YandexHTML.SA4YK4YBO4DRJ2O6ZS2IWG66WE\ = "Yandex HTML Document" C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\YandexGIF.SA4YK4YBO4DRJ2O6ZS2IWG66WE C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\YandexTXT.SA4YK4YBO4DRJ2O6ZS2IWG66WE\shell\open C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\YandexTXT.SA4YK4YBO4DRJ2O6ZS2IWG66WE\shell\open\command C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\YandexWEBM.SA4YK4YBO4DRJ2O6ZS2IWG66WE C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\.webp\OpenWithProgids C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\YandexXML.SA4YK4YBO4DRJ2O6ZS2IWG66WE\shell\open C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\.html\OpenWithProgids\YandexHTML.SA4YK4YBO4DRJ2O6ZS2IWG66WE C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\yabrowser\shell\open\ddeexec C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\.webp C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\YandexFB2.SA4YK4YBO4DRJ2O6ZS2IWG66WE\shell\open C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\YandexPDF.SA4YK4YBO4DRJ2O6ZS2IWG66WE C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\YandexXML.SA4YK4YBO4DRJ2O6ZS2IWG66WE\shell C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\.txt C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\.shtml C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\YandexPNG.SA4YK4YBO4DRJ2O6ZS2IWG66WE\shell\open C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\YandexTXT.SA4YK4YBO4DRJ2O6ZS2IWG66WE\ = "Yandex Browser TXT Document" C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\.fb2\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\.shtml C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\YandexHTML.SA4YK4YBO4DRJ2O6ZS2IWG66WE\shell C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\YandexGIF.SA4YK4YBO4DRJ2O6ZS2IWG66WE\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-107" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\YandexHTML.SA4YK4YBO4DRJ2O6ZS2IWG66WE\DefaultIcon C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\YandexJS.SA4YK4YBO4DRJ2O6ZS2IWG66WE\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1" C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\.jpeg\OpenWithProgids\YandexJPEG.SA4YK4YBO4DRJ2O6ZS2IWG66WE C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\YandexTIFF.SA4YK4YBO4DRJ2O6ZS2IWG66WE\ = "Yandex Browser TIFF Document" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\YandexHTML.SA4YK4YBO4DRJ2O6ZS2IWG66WE\shell C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\YandexHTML.SA4YK4YBO4DRJ2O6ZS2IWG66WE\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-108" C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\.swf\OpenWithProgids\YandexSWF.SA4YK4YBO4DRJ2O6ZS2IWG66WE C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\YandexJPEG.SA4YK4YBO4DRJ2O6ZS2IWG66WE\ = "Yandex Browser JPEG Document" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\.jpeg\OpenWithProgids\YandexJPEG.SA4YK4YBO4DRJ2O6ZS2IWG66WE C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\YandexGIF.SA4YK4YBO4DRJ2O6ZS2IWG66WE\ = "Yandex Browser GIF Document" C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\YandexWEBM.SA4YK4YBO4DRJ2O6ZS2IWG66WE\shell\open C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\YandexWEBP.SA4YK4YBO4DRJ2O6ZS2IWG66WE\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1" C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\.jpeg\OpenWithProgids C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\.js\OpenWithProgids\YandexJS.SA4YK4YBO4DRJ2O6ZS2IWG66WE C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\.txt\OpenWithProgids C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\http\shell C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\.swf C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\yabrowser\shell\open\command C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\YandexWEBP.SA4YK4YBO4DRJ2O6ZS2IWG66WE\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-123" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\.fb2 C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\.htm C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\.shtml\ = "YandexHTML.SA4YK4YBO4DRJ2O6ZS2IWG66WE" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\YandexFB2.SA4YK4YBO4DRJ2O6ZS2IWG66WE\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-122" C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\.js\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\YandexCRX.SA4YK4YBO4DRJ2O6ZS2IWG66WE\shell C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\YandexPNG.SA4YK4YBO4DRJ2O6ZS2IWG66WE\shell\open\command C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\YandexXML.SA4YK4YBO4DRJ2O6ZS2IWG66WE\shell\open C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\.infected C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\.txt\OpenWithProgids\YandexTXT.SA4YK4YBO4DRJ2O6ZS2IWG66WE C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\YandexCSS.SA4YK4YBO4DRJ2O6ZS2IWG66WE\shell C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\YandexXML.SA4YK4YBO4DRJ2O6ZS2IWG66WE\shell C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\.epub\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\.htm\OpenWithProgids\YandexHTML.SA4YK4YBO4DRJ2O6ZS2IWG66WE C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\.htm\ = "YandexHTML.SA4YK4YBO4DRJ2O6ZS2IWG66WE" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\https\shell\open\ddeexec\ C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\YandexINFE.SA4YK4YBO4DRJ2O6ZS2IWG66WE\shell\open\command C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\.webp C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\YandexINFE.SA4YK4YBO4DRJ2O6ZS2IWG66WE\ = "Malware Infected File" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\.tif\OpenWithProgids C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\.png C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\.pdf\OpenWithProgids\YandexPDF.SA4YK4YBO4DRJ2O6ZS2IWG66WE C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\YandexEPUB.SA4YK4YBO4DRJ2O6ZS2IWG66WE\ = "Yandex Browser EPUB Document" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\.shtml\OpenWithProgids C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 C:\Users\Admin\AppData\Local\Temp\0ef256b6fbfe6fd11f3a781f4b822180bcdb7196c8cac4d4cee4e79d0551e7a7.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 C:\Users\Admin\AppData\Local\Temp\0ef256b6fbfe6fd11f3a781f4b822180bcdb7196c8cac4d4cee4e79d0551e7a7.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 C:\Users\Admin\AppData\Local\Temp\0ef256b6fbfe6fd11f3a781f4b822180bcdb7196c8cac4d4cee4e79d0551e7a7.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe N/A
N/A N/A C:\Windows\TEMP\scoped_dir1048_303211244\temp\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2032 wrote to memory of 688 N/A C:\Users\Admin\AppData\Local\Temp\0ef256b6fbfe6fd11f3a781f4b822180bcdb7196c8cac4d4cee4e79d0551e7a7.exe C:\Users\Admin\AppData\Local\Temp\0ef256b6fbfe6fd11f3a781f4b822180bcdb7196c8cac4d4cee4e79d0551e7a7.exe
PID 2032 wrote to memory of 688 N/A C:\Users\Admin\AppData\Local\Temp\0ef256b6fbfe6fd11f3a781f4b822180bcdb7196c8cac4d4cee4e79d0551e7a7.exe C:\Users\Admin\AppData\Local\Temp\0ef256b6fbfe6fd11f3a781f4b822180bcdb7196c8cac4d4cee4e79d0551e7a7.exe
PID 2032 wrote to memory of 688 N/A C:\Users\Admin\AppData\Local\Temp\0ef256b6fbfe6fd11f3a781f4b822180bcdb7196c8cac4d4cee4e79d0551e7a7.exe C:\Users\Admin\AppData\Local\Temp\0ef256b6fbfe6fd11f3a781f4b822180bcdb7196c8cac4d4cee4e79d0551e7a7.exe
PID 2032 wrote to memory of 688 N/A C:\Users\Admin\AppData\Local\Temp\0ef256b6fbfe6fd11f3a781f4b822180bcdb7196c8cac4d4cee4e79d0551e7a7.exe C:\Users\Admin\AppData\Local\Temp\0ef256b6fbfe6fd11f3a781f4b822180bcdb7196c8cac4d4cee4e79d0551e7a7.exe
PID 2032 wrote to memory of 688 N/A C:\Users\Admin\AppData\Local\Temp\0ef256b6fbfe6fd11f3a781f4b822180bcdb7196c8cac4d4cee4e79d0551e7a7.exe C:\Users\Admin\AppData\Local\Temp\0ef256b6fbfe6fd11f3a781f4b822180bcdb7196c8cac4d4cee4e79d0551e7a7.exe
PID 2032 wrote to memory of 688 N/A C:\Users\Admin\AppData\Local\Temp\0ef256b6fbfe6fd11f3a781f4b822180bcdb7196c8cac4d4cee4e79d0551e7a7.exe C:\Users\Admin\AppData\Local\Temp\0ef256b6fbfe6fd11f3a781f4b822180bcdb7196c8cac4d4cee4e79d0551e7a7.exe
PID 2032 wrote to memory of 688 N/A C:\Users\Admin\AppData\Local\Temp\0ef256b6fbfe6fd11f3a781f4b822180bcdb7196c8cac4d4cee4e79d0551e7a7.exe C:\Users\Admin\AppData\Local\Temp\0ef256b6fbfe6fd11f3a781f4b822180bcdb7196c8cac4d4cee4e79d0551e7a7.exe
PID 2032 wrote to memory of 464 N/A C:\Users\Admin\AppData\Local\Temp\0ef256b6fbfe6fd11f3a781f4b822180bcdb7196c8cac4d4cee4e79d0551e7a7.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2032 wrote to memory of 464 N/A C:\Users\Admin\AppData\Local\Temp\0ef256b6fbfe6fd11f3a781f4b822180bcdb7196c8cac4d4cee4e79d0551e7a7.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2032 wrote to memory of 464 N/A C:\Users\Admin\AppData\Local\Temp\0ef256b6fbfe6fd11f3a781f4b822180bcdb7196c8cac4d4cee4e79d0551e7a7.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2032 wrote to memory of 464 N/A C:\Users\Admin\AppData\Local\Temp\0ef256b6fbfe6fd11f3a781f4b822180bcdb7196c8cac4d4cee4e79d0551e7a7.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 464 wrote to memory of 2456 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 464 wrote to memory of 2456 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 464 wrote to memory of 2456 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 464 wrote to memory of 2456 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 688 wrote to memory of 948 N/A C:\Users\Admin\AppData\Local\Temp\0ef256b6fbfe6fd11f3a781f4b822180bcdb7196c8cac4d4cee4e79d0551e7a7.exe C:\Users\Admin\AppData\Local\Temp\yb9849.tmp
PID 688 wrote to memory of 948 N/A C:\Users\Admin\AppData\Local\Temp\0ef256b6fbfe6fd11f3a781f4b822180bcdb7196c8cac4d4cee4e79d0551e7a7.exe C:\Users\Admin\AppData\Local\Temp\yb9849.tmp
PID 688 wrote to memory of 948 N/A C:\Users\Admin\AppData\Local\Temp\0ef256b6fbfe6fd11f3a781f4b822180bcdb7196c8cac4d4cee4e79d0551e7a7.exe C:\Users\Admin\AppData\Local\Temp\yb9849.tmp
PID 688 wrote to memory of 948 N/A C:\Users\Admin\AppData\Local\Temp\0ef256b6fbfe6fd11f3a781f4b822180bcdb7196c8cac4d4cee4e79d0551e7a7.exe C:\Users\Admin\AppData\Local\Temp\yb9849.tmp
PID 688 wrote to memory of 948 N/A C:\Users\Admin\AppData\Local\Temp\0ef256b6fbfe6fd11f3a781f4b822180bcdb7196c8cac4d4cee4e79d0551e7a7.exe C:\Users\Admin\AppData\Local\Temp\yb9849.tmp
PID 688 wrote to memory of 948 N/A C:\Users\Admin\AppData\Local\Temp\0ef256b6fbfe6fd11f3a781f4b822180bcdb7196c8cac4d4cee4e79d0551e7a7.exe C:\Users\Admin\AppData\Local\Temp\yb9849.tmp
PID 688 wrote to memory of 948 N/A C:\Users\Admin\AppData\Local\Temp\0ef256b6fbfe6fd11f3a781f4b822180bcdb7196c8cac4d4cee4e79d0551e7a7.exe C:\Users\Admin\AppData\Local\Temp\yb9849.tmp
PID 948 wrote to memory of 1656 N/A C:\Users\Admin\AppData\Local\Temp\yb9849.tmp C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe
PID 948 wrote to memory of 1656 N/A C:\Users\Admin\AppData\Local\Temp\yb9849.tmp C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe
PID 948 wrote to memory of 1656 N/A C:\Users\Admin\AppData\Local\Temp\yb9849.tmp C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe
PID 948 wrote to memory of 1656 N/A C:\Users\Admin\AppData\Local\Temp\yb9849.tmp C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe
PID 948 wrote to memory of 1656 N/A C:\Users\Admin\AppData\Local\Temp\yb9849.tmp C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe
PID 948 wrote to memory of 1656 N/A C:\Users\Admin\AppData\Local\Temp\yb9849.tmp C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe
PID 948 wrote to memory of 1656 N/A C:\Users\Admin\AppData\Local\Temp\yb9849.tmp C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe
PID 1656 wrote to memory of 1048 N/A C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe
PID 1656 wrote to memory of 1048 N/A C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe
PID 1656 wrote to memory of 1048 N/A C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe
PID 1656 wrote to memory of 1048 N/A C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe
PID 1656 wrote to memory of 1048 N/A C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe
PID 1656 wrote to memory of 1048 N/A C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe
PID 1656 wrote to memory of 1048 N/A C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe
PID 1048 wrote to memory of 2016 N/A C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe
PID 1048 wrote to memory of 2016 N/A C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe
PID 1048 wrote to memory of 2016 N/A C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe
PID 1048 wrote to memory of 2016 N/A C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe
PID 1048 wrote to memory of 2016 N/A C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe
PID 1048 wrote to memory of 2016 N/A C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe
PID 1048 wrote to memory of 2016 N/A C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe
PID 1048 wrote to memory of 2448 N/A C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe C:\Windows\TEMP\scoped_dir1048_303211244\temp\service_update.exe
PID 1048 wrote to memory of 2448 N/A C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe C:\Windows\TEMP\scoped_dir1048_303211244\temp\service_update.exe
PID 1048 wrote to memory of 2448 N/A C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe C:\Windows\TEMP\scoped_dir1048_303211244\temp\service_update.exe
PID 1048 wrote to memory of 2448 N/A C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe C:\Windows\TEMP\scoped_dir1048_303211244\temp\service_update.exe
PID 1048 wrote to memory of 2448 N/A C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe C:\Windows\TEMP\scoped_dir1048_303211244\temp\service_update.exe
PID 1048 wrote to memory of 2448 N/A C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe C:\Windows\TEMP\scoped_dir1048_303211244\temp\service_update.exe
PID 1048 wrote to memory of 2448 N/A C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe C:\Windows\TEMP\scoped_dir1048_303211244\temp\service_update.exe
PID 2448 wrote to memory of 3008 N/A C:\Windows\TEMP\scoped_dir1048_303211244\temp\service_update.exe C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe
PID 2448 wrote to memory of 3008 N/A C:\Windows\TEMP\scoped_dir1048_303211244\temp\service_update.exe C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe
PID 2448 wrote to memory of 3008 N/A C:\Windows\TEMP\scoped_dir1048_303211244\temp\service_update.exe C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe
PID 2448 wrote to memory of 3008 N/A C:\Windows\TEMP\scoped_dir1048_303211244\temp\service_update.exe C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe
PID 2448 wrote to memory of 3008 N/A C:\Windows\TEMP\scoped_dir1048_303211244\temp\service_update.exe C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe
PID 2448 wrote to memory of 3008 N/A C:\Windows\TEMP\scoped_dir1048_303211244\temp\service_update.exe C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe
PID 2448 wrote to memory of 3008 N/A C:\Windows\TEMP\scoped_dir1048_303211244\temp\service_update.exe C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe
PID 2320 wrote to memory of 2260 N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe
PID 2320 wrote to memory of 2260 N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe
PID 2320 wrote to memory of 2260 N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe
PID 2320 wrote to memory of 2260 N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe
PID 2320 wrote to memory of 2260 N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe
PID 2320 wrote to memory of 2260 N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe
PID 2320 wrote to memory of 2260 N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe

Processes

C:\Users\Admin\AppData\Local\Temp\0ef256b6fbfe6fd11f3a781f4b822180bcdb7196c8cac4d4cee4e79d0551e7a7.exe

"C:\Users\Admin\AppData\Local\Temp\0ef256b6fbfe6fd11f3a781f4b822180bcdb7196c8cac4d4cee4e79d0551e7a7.exe"

C:\Users\Admin\AppData\Local\Temp\0ef256b6fbfe6fd11f3a781f4b822180bcdb7196c8cac4d4cee4e79d0551e7a7.exe

"C:\Users\Admin\AppData\Local\Temp\0ef256b6fbfe6fd11f3a781f4b822180bcdb7196c8cac4d4cee4e79d0551e7a7.exe" --parent-installer-process-id=2032 --run-as-admin --setup-cmd-line="fake_browser_arc --abt-config-resource-file=\"C:\Users\Admin\AppData\Local\Temp\abt_config_resource\" --abt-update-path=\"C:\Users\Admin\AppData\Local\Temp\d6de3b64-1794-4133-bbbe-0f43466af48b.tmp\" --brand-name=int --browser-present=none --disableyapin --distr-info-file=\"C:\Users\Admin\AppData\Local\Temp\distrib_info\" --installer-brand-id=int --make-browser-default-after-import --ok-button-pressed-time=236582000 --progress-window=459164 --send-statistics --server-config-bundle-path=\"C:\Users\Admin\AppData\Local\Temp\9eed07e9-2eb0-4cd3-be6a-410ad2b39312.tmp\" --testids=1114347 --variations-update-path=\"C:\Users\Admin\AppData\Local\Temp\e1e5dbd2-d479-444d-95b3-7f2250aceaa8.tmp\" --verbose-logging"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://yandex.com/legal/browser_agreement/?lang=en

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:464 CREDAT:275457 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\yb9849.tmp

"C:\Users\Admin\AppData\Local\Temp\yb9849.tmp" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\d6de3b64-1794-4133-bbbe-0f43466af48b.tmp" --brand-name=int --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --browser-present=none --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --disableyapin --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=46 --install-start-time-no-uac=236691200 --installer-brand-id=int --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --make-browser-default-after-import --ok-button-pressed-time=236582000 --progress-window=459164 --send-statistics --server-config-bundle-path="C:\Users\Admin\AppData\Local\Temp\9eed07e9-2eb0-4cd3-be6a-410ad2b39312.tmp" --source=lite --testids=1114347 --variations-update-path="C:\Users\Admin\AppData\Local\Temp\e1e5dbd2-d479-444d-95b3-7f2250aceaa8.tmp" --verbose-logging

C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe

"C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\BROWSER.PACKED.7Z" --searchband-file="C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\SEARCHBAND.EXE" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\d6de3b64-1794-4133-bbbe-0f43466af48b.tmp" --brand-name=int --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --browser-present=none --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --disableyapin --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=46 --install-start-time-no-uac=236691200 --installer-brand-id=int --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --make-browser-default-after-import --ok-button-pressed-time=236582000 --progress-window=459164 --send-statistics --server-config-bundle-path="C:\Users\Admin\AppData\Local\Temp\9eed07e9-2eb0-4cd3-be6a-410ad2b39312.tmp" --source=lite --testids=1114347 --variations-update-path="C:\Users\Admin\AppData\Local\Temp\e1e5dbd2-d479-444d-95b3-7f2250aceaa8.tmp" --verbose-logging

C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe

"C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\BROWSER.PACKED.7Z" --searchband-file="C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\SEARCHBAND.EXE" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\d6de3b64-1794-4133-bbbe-0f43466af48b.tmp" --brand-name=int --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --browser-present=none --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --disableyapin --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=46 --install-start-time-no-uac=236691200 --installer-brand-id=int --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --make-browser-default-after-import --ok-button-pressed-time=236582000 --progress-window=459164 --send-statistics --server-config-bundle-path="C:\Users\Admin\AppData\Local\Temp\9eed07e9-2eb0-4cd3-be6a-410ad2b39312.tmp" --source=lite --testids=1114347 --variations-update-path="C:\Users\Admin\AppData\Local\Temp\e1e5dbd2-d479-444d-95b3-7f2250aceaa8.tmp" --verbose-logging --verbose-logging --run-as-admin --target-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application" --child-setup-process --restart-as-admin-time=278249700

C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe

C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=45323b5b377897c846fc6c473cf984a9 --annotation=main_process_pid=1048 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=22.1.5.812 --initial-client-data=0x1a0,0x1a4,0x1a8,0x174,0x1ac,0x11eed30,0x11eed40,0x11eed4c

C:\Windows\TEMP\scoped_dir1048_303211244\temp\service_update.exe

"C:\Windows\TEMP\scoped_dir1048_303211244\temp\service_update.exe" --setup

C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe" --install

C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe" --run-as-service

C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=45323b5b377897c846fc6c473cf984a9 --annotation=main_process_pid=2320 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=22.1.5.812 --initial-client-data=0x12c,0x130,0x134,0x100,0x138,0x1473560,0x1473570,0x147357c

C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe" --update-scheduler

C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe" --update-background-scheduler

C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe" --statistics=https://api.browser.yandex.ru/installstats/send/dtype=stred/pid=457/cid=72992/path=extended_stat/vars=-action=version_folder_files_check_unused,-brand_id=unknown,-error=FONT_NOT_FOUND,-files_mask=66977119,-installer_type=service_audit,-launched=false,-old_style=0,-old_ver=,-result=0,-stage=error,-target=version_folder_files_check,-ui=FBCCE6BB_2FB2_4D4B_9BA4_AE6E5C66E437/*

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Temp\clids.xml"

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\source1048_957463973\Browser-bin\clids_yandex.xml"

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=searchband --vendor-xml-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\source1048_957463973\Browser-bin\clids_searchband.xml"

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --progress-window=459164 --ok-button-pressed-time=236582000 --install-start-time-no-uac=236691200

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id= --annotation=main_process_pid=2204 --annotation=metrics_client_id=fd071756780640a7880accf52d7020cc --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=22.1.5.812 --initial-client-data=0xe4,0xe8,0xec,0xb8,0xf0,0x70912a08,0x70912a18,0x70912a24

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --field-trial-handle=1080,11696471581451282192,10844802852064247943,131072 --user-id=1D1CC114-11C4-4121-87A3-1ED614125B57 --brand-id=int --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAANAAAAEAAAAAAAAAABAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1096 /prefetch:2

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1080,11696471581451282192,10844802852064247943,131072 --lang=en-US --service-sandbox-type=none --user-id=1D1CC114-11C4-4121-87A3-1ED614125B57 --brand-id=int --process-name="Network Service" --brver=22.1.5.812 --mojo-platform-channel-handle=1376 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1080,11696471581451282192,10844802852064247943,131072 --lang=en-US --service-sandbox-type=utility --user-id=1D1CC114-11C4-4121-87A3-1ED614125B57 --brand-id=int --process-name="Storage Service" --brver=22.1.5.812 --mojo-platform-channel-handle=1544 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1080,11696471581451282192,10844802852064247943,131072 --lang=en-US --service-sandbox-type=audio --user-id=1D1CC114-11C4-4121-87A3-1ED614125B57 --brand-id=int --process-name="Audio Service" --brver=22.1.5.812 --mojo-platform-channel-handle=2064 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=1D1CC114-11C4-4121-87A3-1ED614125B57 --brand-id=int --extension-process --help-url=https://api.browser.yandex.com/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://yastatic.net --display-capture-permissions-policy-allowed --enable-instaserp --field-trial-handle=1080,11696471581451282192,10844802852064247943,131072 --enable-ignition --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2084 /prefetch:1

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=1D1CC114-11C4-4121-87A3-1ED614125B57 --brand-id=int --extension-process --help-url=https://api.browser.yandex.com/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://yastatic.net --display-capture-permissions-policy-allowed --enable-instaserp --field-trial-handle=1080,11696471581451282192,10844802852064247943,131072 --enable-ignition --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2432 /prefetch:1

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1080,11696471581451282192,10844802852064247943,131072 --lang=en-US --service-sandbox-type=service --user-id=1D1CC114-11C4-4121-87A3-1ED614125B57 --brand-id=int --process-name="Data Decoder Service" --brver=22.1.5.812 --mojo-platform-channel-handle=2444 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=speechkit.mojom.Speechkit --field-trial-handle=1080,11696471581451282192,10844802852064247943,131072 --lang=en-US --service-sandbox-type=none --user-id=1D1CC114-11C4-4121-87A3-1ED614125B57 --brand-id=int --process-name="Speechkit Service" --brver=22.1.5.812 --mojo-platform-channel-handle=2072 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --field-trial-handle=1080,11696471581451282192,10844802852064247943,131072 --user-id=1D1CC114-11C4-4121-87A3-1ED614125B57 --brand-id=int --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAANAAAAEAAAAAAAAAABAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2720 /prefetch:2

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1080,11696471581451282192,10844802852064247943,131072 --lang=en-US --service-sandbox-type=none --user-id=1D1CC114-11C4-4121-87A3-1ED614125B57 --brand-id=int --process-name="Windows Utilities" --brver=22.1.5.812 --mojo-platform-channel-handle=2528 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1080,11696471581451282192,10844802852064247943,131072 --lang=en-US --service-sandbox-type=none --user-id=1D1CC114-11C4-4121-87A3-1ED614125B57 --brand-id=int --process-name="Windows Utilities" --brver=22.1.5.812 --mojo-platform-channel-handle=2524 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --field-trial-handle=1080,11696471581451282192,10844802852064247943,131072 --lang=en-US --service-sandbox-type=none --user-id=1D1CC114-11C4-4121-87A3-1ED614125B57 --brand-id=int --process-name="Profile Importer" --brver=22.1.5.812 --mojo-platform-channel-handle=500 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --field-trial-handle=1080,11696471581451282192,10844802852064247943,131072 --lang=en-US --service-sandbox-type=none --user-id=1D1CC114-11C4-4121-87A3-1ED614125B57 --brand-id=int --process-name="Profile Importer" --brver=22.1.5.812 --mojo-platform-channel-handle=3204 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --field-trial-handle=1080,11696471581451282192,10844802852064247943,131072 --lang=en-US --service-sandbox-type=none --user-id=1D1CC114-11C4-4121-87A3-1ED614125B57 --brand-id=int --process-name="Profile Importer" --brver=22.1.5.812 --mojo-platform-channel-handle=144 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1080,11696471581451282192,10844802852064247943,131072 --lang=en-US --service-sandbox-type=service --user-id=1D1CC114-11C4-4121-87A3-1ED614125B57 --brand-id=int --process-name="Data Decoder Service" --brver=22.1.5.812 --mojo-platform-channel-handle=1632 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.browser.yandex.net udp
US 8.8.8.8:53 api.browser.yandex.ru udp
US 8.8.8.8:53 download.cdn.yandex.net udp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 5.45.205.241:443 download.cdn.yandex.net tcp
US 8.8.8.8:53 cachev2-ams15.cdn.yandex.net udp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
NL 5.45.247.11:443 cachev2-ams15.cdn.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
US 8.8.8.8:53 cachev2-ams20.cdn.yandex.net udp
US 8.8.8.8:53 yandex.com udp
RU 5.255.255.77:443 yandex.com tcp
RU 5.255.255.77:443 yandex.com tcp
NL 5.45.247.21:443 cachev2-ams20.cdn.yandex.net tcp
US 8.8.8.8:53 yastatic.net udp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
US 8.8.8.8:53 mc.yandex.ru udp
RU 87.250.251.119:443 mc.yandex.ru tcp
RU 87.250.251.119:443 mc.yandex.ru tcp
US 8.8.8.8:53 samsara.s3.yandex.net udp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
US 8.8.8.8:53 mc.yandex.com udp
RU 87.250.251.119:443 mc.yandex.com tcp
RU 87.250.251.119:443 mc.yandex.com tcp
RU 93.158.134.158:443 samsara.s3.yandex.net tcp
RU 93.158.134.158:443 samsara.s3.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 5.45.205.241:443 download.cdn.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
US 8.8.8.8:53 uxfeedback-cdn.s3.yandex.net udp
US 8.8.8.8:53 cachev2-rad-04.cdn.yandex.net udp
FI 5.45.192.10:443 cachev2-rad-04.cdn.yandex.net tcp
RU 93.158.134.158:443 uxfeedback-cdn.s3.yandex.net tcp
RU 93.158.134.158:443 uxfeedback-cdn.s3.yandex.net tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 5.45.205.241:443 download.cdn.yandex.net tcp
US 8.8.8.8:53 cachev2-ams22.cdn.yandex.net udp
NL 5.45.247.27:443 cachev2-ams22.cdn.yandex.net tcp
US 8.8.8.8:53 www.microsoft.com udp
RU 5.45.205.241:443 download.cdn.yandex.net tcp
US 8.8.8.8:53 cachev2-fra-02.cdn.yandex.net udp
DE 5.45.200.105:443 cachev2-fra-02.cdn.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 5.45.205.241:443 download.cdn.yandex.net tcp
US 8.8.8.8:53 crl.globalsign.com udp
US 104.18.20.226:80 crl.globalsign.com tcp
US 8.8.8.8:53 cachev2-rad-03.cdn.yandex.net udp
FI 5.45.192.8:443 cachev2-rad-03.cdn.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
US 8.8.8.8:53 cachev2-kiv-04.cdn.yandex.net udp
FI 5.45.192.142:443 cachev2-kiv-04.cdn.yandex.net tcp
NL 5.45.247.27:443 cachev2-ams22.cdn.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
US 8.8.8.8:53 cachev2-rad-02.cdn.yandex.net udp
FI 5.45.192.6:443 cachev2-rad-02.cdn.yandex.net tcp
US 8.8.8.8:53 cachev2-fra-01.cdn.yandex.net udp
DE 5.45.200.104:443 cachev2-fra-01.cdn.yandex.net tcp
US 8.8.8.8:53 cachev2-ams01.cdn.yandex.net udp
NL 5.45.247.51:443 cachev2-ams01.cdn.yandex.net tcp
US 8.8.8.8:53 cachev2-kiv-06.cdn.yandex.net udp
FI 5.45.192.146:443 cachev2-kiv-06.cdn.yandex.net tcp
US 8.8.8.8:53 cachev2-rad-05.cdn.yandex.net udp
FI 5.45.192.12:443 cachev2-rad-05.cdn.yandex.net tcp
US 8.8.8.8:53 cachev2-kiv-02.cdn.yandex.net udp
FI 5.45.192.140:443 cachev2-kiv-02.cdn.yandex.net tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 2.19.117.18:80 crl.microsoft.com tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
US 8.8.8.8:53 storage.ape.yandex.net udp
RU 87.250.251.66:443 storage.ape.yandex.net tcp
US 8.8.8.8:53 storage.ape.yandex.net udp
RU 87.250.251.66:443 storage.ape.yandex.net tcp
US 8.8.8.8:53 browser.yandex.ru udp
US 8.8.8.8:53 browser.yandex.com udp
RU 93.158.134.121:443 browser.yandex.com tcp
RU 93.158.134.121:443 browser.yandex.com tcp
US 8.8.8.8:53 yastatic.net udp
RU 178.154.131.215:443 yastatic.net tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:443 dns.google udp
RU 5.255.255.77:443 yandex.com tcp
RU 77.88.21.37:443 tcp
US 8.8.4.4:443 dns.google udp
RU 87.250.251.66:443 storage.ape.yandex.net tcp
US 8.8.8.8:443 dns.google udp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 93.158.134.242:443 tcp

Files

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 a59884f6c86858bd25a59799b906bc78
SHA1 e2491832b5f2ee39c9829f64771755efece33413
SHA256 5cbac2a56489e701f72d8972c31bb4664e7484fd057c95161fef79e298b8d685
SHA512 894335f21c5e2d3231eb8efd0ac8ed008d7400425f1d6d8bfab713c6b32f069c0f2802ee4e4a9fab7864cb614c4ee019e547b7d6cbac4839278d6e36eb32ef96

C:\Users\Admin\AppData\Roaming\Yandex\ui

MD5 0300c7d893b8fde04957c4397eb913e2
SHA1 7ee8c5c9ab2f2dce848b0c8578d14c1723c79eed
SHA256 cef9fcf1051a93a073cb526f9e38f2e2011ed8905320e7d8c8893fe2d4450210
SHA512 9720adc91ba5239ef550ee895d34d703c6b4160be71220d97ea3516235c1a7bd0d5e00cb3c06c21b694f8a977a556370b05bbe5e7ac0ca8c0c2f5d3d59c0ce74

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 f59a408e5e63454767f3a5bf6e34be77
SHA1 d0535642a522aedaee665bc14b7f9ee2f888968b
SHA256 1585e470cd03a1eb5688abd46afec55758c80def8784d5bc4cc1a3aa97dc44d5
SHA512 530ccebc262e066438aa52271a62197dd2223370dec350928b18835f8d5607ae84dfcf72d232bbeb011df6101d69c4d5ec013b6d32acb06b32285fb429f68dd1

C:\Users\Admin\AppData\Local\Temp\CabA518.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 42de02b961ffa292f32094f275cf8810
SHA1 dd2cf7d78b56c51bd2a2d2f8ef0259a23acd7538
SHA256 66c9df7d4d3401df6dd1d6211ddfc506c03a9e23bcd1020b6df3ba051acac016
SHA512 c1573b59b7f99dc670d6287fdc3ea1b4faba5fb4c1c9427e52b49e82dbdcd830020f2383fb499cada7de917b93e165b7d531743fadb625e8c3919bf52a9921f7

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 1af0497cb682e5d04496904e2fdec50f
SHA1 f600d8c17c7f5ae140391183e3a78957bded7888
SHA256 3d53a5b31246bfa1a48542f8fc667390b798808d76c46c052bc8c5403c764fa8
SHA512 95004c118a4691c78589e8181f921694ef6b09b2ba8595fd4026fa4dbf369e083733c7d80f9ecb3b8420d0470495c53770431842552d880766f76ec946caf2f5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\66F835E41EC6A985EB9271E4A70169D7_CF44E3C99F7F4AC558EEB35244F7E046

MD5 f885c47b47e185ead9dfb74999c27c9c
SHA1 349430ac8a0245aac8e3e79009a0d98852eb984f
SHA256 d60524a8e7be68be9554dccec28e45d88bc64cc1fb31dbea64e0e5ee64a0b8fd
SHA512 fd9657b92775108eaf45f2a5696a4c49a750e257a2fa13d3c1f7bb5b7375ce0b8fe182bb32b340223a01e10312943dabe485f14fcdc3f9caba4cbf5377cdd8eb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\66F835E41EC6A985EB9271E4A70169D7_CF44E3C99F7F4AC558EEB35244F7E046

MD5 3b30a3713311b69f63822a1e4e5d056b
SHA1 a8029083334fb5a2009a32caa2232dc64637161a
SHA256 60765d34778d03d956082e1fc4c75dd39913d4620acbb1b7a67bd73c2b00dec1
SHA512 29e42653098ed5b624af6d7d5ef16c1928e606b318ff091117e9af156675ab3935c8d8e3de9d01a388c0d55cc18404fc76ce69ac4692d4ef6ff404b70b8eec58

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_7DAD5545724AA2C98C55095F428499FB

MD5 7bfc385dcde24469b399e094604f2e39
SHA1 27fb8149d539f49e8ff9c50596e148cfe35d9625
SHA256 8cf9a606ef8115c36b1ce40a5fbdb23767053fb705c4d2fb0bd2f9cef977ad7c
SHA512 8c5f5a246fe1589a7b10dbd5fc801a2816032973af4842d6a1f679fe6255ea8c2b76217686d37da1b41d3ab126a61f46d48ce03f123e31992a0364c1b8c38ea5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_7DAD5545724AA2C98C55095F428499FB

MD5 855d913e95374ee6d2ce1d4f8d4ee18e
SHA1 c968be25d9b79109af04ae85c684072fa169c4dd
SHA256 b52f9b7e0898c0c4962bf4b83e8701f8444f5447a9191bc819a4ca41ba9c07ad
SHA512 54f752a0752c2447efbc1a57e3c72fcc6083822b1178a12ac82b172b766270d8758f8b3e7e4f53568c1860ab5a3bb0104b521cb6ce5f38dc13b3a3cacd633572

C:\Users\Admin\AppData\Local\Temp\TarB79D.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\81B9B36F9ABC4DA631A4713EE66FAEC6_6BA9632DDA5E7BEF7185565C8D7852D6

MD5 76334bee6023ebe92ab59a3bb7d0e150
SHA1 aba9e669329bf39fbcb94d37c18bf0e71b872bbc
SHA256 8ea8165b6669e76ae7c744e0f0570a436248a385f1319275c3334cbcfacc5e87
SHA512 fa5eb177f3c70bfb3ff8905ae4db04b963eb3b3a08c7f5a2314d0fb77b9245e930034ae4a43814cd4dda388d329a305ec1b6c770dfb62a1b9fdc74c7c8578e00

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\81B9B36F9ABC4DA631A4713EE66FAEC6_6BA9632DDA5E7BEF7185565C8D7852D6

MD5 2597e91e489c270111e32735293b02c3
SHA1 3b2a2c8f8c2f70fecf406c4194db8b630952f552
SHA256 fb6361ab966caa58845fbd7c43ccc4d3f47458da8b29cef176e932221380cd06
SHA512 384012a68c0001695a05d2bde558fc61dd07644d263e29c378e73fcdcbedda0edb087902d6f2cdd49621402fbd4e5ccdb64cd05164759caae624b3018a8cf708

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\H4FW2P3S.txt

MD5 3cf922ac64d01cc723a60cb263bfa5b5
SHA1 8a27ba0266fe162eeed21497ac5fef0f801d5f40
SHA256 5c961a9b9565552210837280424635423606d6f6110ec4e918586d209632a9bf
SHA512 2c0ca9797a25b074ef3b7a4cbcb98a6e1c7a9fb6c57df255a13e3ea9666223ba2244d13a92a4a3c664e4684e1ee49be0e5382197699ac615fa7d9c428fdae8a5

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\W2T073AA\yandex[1].xml

MD5 6898c58c72f67b64d3ad5459910ff380
SHA1 ccfcac896541ddecb2e83795b7d7264942c96b52
SHA256 dfa39e24a3270a58c6d41ef02a3bb2b2fc97b17fc82808bb17361968ad258d25
SHA512 bc7d02503ea1208434685354aabe24736106ad7ecb5ba38058cba9230c7a01ba0e8a0ae2d6dec3a85174b40bbf21feffca1dc6dd89f4a2dc24e0169ac5dcfdfd

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\W2T073AA\yandex[1].xml

MD5 d1d04cbf98f072c8d6fdefcebe8c2dc8
SHA1 445a9afad9b1f790cec618e272f5e6686af51640
SHA256 c5a58cf501215f1c548b97beacc8f897b5d1afb0ec5852a84abb4fca6467fb13
SHA512 c064433bc9aba282da69868961244e93400bc5444539000945b768a5f90b17c1d57bef1371bc36b05146ad0bd95c87ad3597f5d32a5200407c94fce7ad9afd6a

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\UN4M59OM.txt

MD5 d47eb5b83b773c653df7baf40a3c9fc0
SHA1 994ac466b71e634c91cd5dba04c12b9876bcfa33
SHA256 bc70ac6ab32268f303614b553e65228293a08c97c0184d7a015db5548d54b0fd
SHA512 b2ee54e5954a57d5c7e6a298e34b679cb1606423c5b815a24e0246401269f1a3e56bf7d6f4b5c4cc7aee6e9f24de3db62474643bb033904ba71bee8273851335

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3

MD5 7fdd4d28636f52f4225f2257f6a9cc76
SHA1 0b494db737f84ddffc5786bb7a24707f5b8387f2
SHA256 f38900ce5599c6cf831fdbbcfc862f5aed216d69c66470bb44f985819f859558
SHA512 b2cec8762198d5318589ab3247f04e4ab45f70311d140ea0fade8b9fab738bae974ed37addbdd3b0a742f5c3e899f029b98800cd93d1183784beb464705b90c4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3

MD5 11a51799d23bbc8694bd47566bac1874
SHA1 97c0e60613875f8e356b6eccd8ed726ab6e53811
SHA256 20a1fcd49be9daf912da1d0c9a5a10dccd697d3481a0d8e9d391ede2bd7b2a0d
SHA512 b6f0287715ea8181d0d6046c1382686ac303bc335650e7fd546a3dfafb956eaac40474d5a04194a82092b4db65a8838c443de944f2cd8e80b40e1ed353af7206

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B

MD5 fa4fb86ca892001c7874cb9a81300ee9
SHA1 15c19279640ab7ed36f4fc2fd435248501c8fbcb
SHA256 0eaa44f3444e80a462debed03cb92e83b9a3b4ea5eed7452a092c6f43ca5b628
SHA512 a4d162ff795e7f150f87b92fac0ca7a02c377772cdc73e0f45443338abfada685bb98897b85eadff8944a21ae0547f9f26069068586f57499acce3b8f3003986

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B

MD5 a2b96cc8a942aff4e5daf5404699a2f9
SHA1 a160b126fa64493da6331fee3beaa812ead5f059
SHA256 a371eff167068be4a116c10c93d9674e5b16b8a0031f8372c64d0d6e02ad4f65
SHA512 eaf417384cc9885ad83ce71ac715ef268d2cb14a13508f4cbe4e33ebe816fbcf48ea53f831d007edbdbfaa34b873eb472587b89631bf8eff1c85339e3105e4c5

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\9fajjbh\imagestore.dat

MD5 aaccd99c648479172fbb790efd127adf
SHA1 5a6b30576006e0f7b6739d2c531079d502929c8c
SHA256 7b684f4280504910f167ec0f0eafc48a6f10e908063cc80ff4aaa7be86465b2c
SHA512 275bca14519d09fb453cb01d2a429c8dd82d72fdcb2194b8a79f859f48edce59b6fb956ceb0eade039901a8f41027cb16af6ff7aac29d7fc6fe56e372e59c740

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CXRG2YQS\favicon[2].ico

MD5 5bd286ded38badeda66e9c395b814405
SHA1 49e2213a60c70825b9552505cb8b7334a3a29a40
SHA256 bdd8486f2d838c7d9b0e2dcfe732a52c92f63879525206c2662905a051dd31ea
SHA512 96bfc9211f0f1c1c375e49ebcfec9e85280bba64352a4936b95e15d5128e77e9b4d5ba60cbdd76f8e39ce7bf537e8c77fef218e0b24856f28fc34671fcbecd0f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d41733373102e012a25b00dadeb4a99e
SHA1 9dbc89b3ed101b7038851c547b98374d8c18fddc
SHA256 9da8f92cd55b214c8d58a934d411728160ead61f2e26bc38432088c577d0faba
SHA512 9a27d1ea8856313295dc94f0317722dfa56ff48b007730548536f4ac6ae2358ae7f59e509243a5a20cd36073122b5f07b67d54f126eb60ec0215117a4d7e5c00

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0a905ce36734f3ff28b9b2d9c995adc1
SHA1 4e31cabb0430417535a955023668a41390ca7c06
SHA256 3dd34a5dc0fb81fb0afc9b9a4f7859246b3c0f28a0b907697a467d040eb2e906
SHA512 4685b2cce63be46646f32f605266b63b0c53549a85d7723ae350aa7c77b11af957300638923cf8bb8ad4f7578a2aa96d03d2e7aac2794094610967515bc4ad34

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 32bc39ca42f46d4c8bfb220b3cb1effc
SHA1 177e27f4529139dac3af47a1769137d5c609517d
SHA256 0bb7a4aaac48de3c1b097b229a2949fa6a14e97b453ec7afb06c31c3f774a78e
SHA512 deae60f1d8c5c89e9231b7087761ea7a8fb187b44e091295e12148191b7098b265cf46cbf8fe8af781926ac131c20cb36ce6c4f6fd82f5309910417f8704e12a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b20f092914639e1ef25742c7a6daf4e1
SHA1 627cff6286f84ab2ffbec3f9f33dee657603343e
SHA256 f5f67dd8e347947fd0052f062e56b879c9e10917005276f6938eecd5a133d5c6
SHA512 10243ca1ed352db0eb356876fa880205070e7575c3fedcdae096df0569aa36de9124a36d2f61b60a903960fc4e7289e1e26fe840e9d8111e7930ee2b6706089c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 575e82e1e4a4cb0e040e8d2d1e822323
SHA1 8aa65cdc61f344247bbd850eef146e8898248aec
SHA256 720e7a683c4ff740997809d9ccda8af0c0d67c27f1fdcbc0319a585465136b59
SHA512 cd91424f32ddf08afc3cd14b7679dca96e15617fb903b24226c1e9d169d412d9cc3821a5d51cec4c588ef2b286ebd96c08006e5ab7bdd7ace8bfcab86e679bc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ee33a15cc345fd997e2143290dd1ee23
SHA1 ee06131d1b20886cc2855d0c097acb9dbd8219da
SHA256 241e914dfa41ae3e3f48c5fb4c0ba85899aa98a6dbcdb6380efddcf66aec1bc5
SHA512 515c7c951f7c5824f2068bbb0ed063a8a47700ea2cd415dd61920f763e3ca85b877f5f416b46982ec28f6ac5d0b9970457193dbf90f14300dbacd4fb5380fcfd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 118004619a77319fecf86eb1d3101518
SHA1 87ca98cf5f830d8bb59ef0093ffedee1253a5b26
SHA256 c2c0a562eeaa49d8aea14ceec59899cfb8ba8396fbb0ef2493168124b4599889
SHA512 8a5ca9a9b36f88564f7e3c6149fd580f6919b7eac082331f96cdfec0220f423b0d304d69ceed70aa70f5fef91c200af069f251443f1fdd1e00ef8858c5f0ee5f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 be53c3446ec9dd9ecfe89229f79c863b
SHA1 13d6d81be5b378abe7299c4209c53915897ef6b9
SHA256 71dc8a1d60d742afb47c66d79e8b0bc5a00cac37658df4319f092424365c9fc0
SHA512 9d3108b472364b4fd91e0c03922ae9624c4bbd70c47fa3b59b8cf9f9478ed11b10c827b42605df2a57f3ed663325c1a8f23313edb5da0746c0187d2b8e6700c2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4eab106a98fead7e2ff13c9e97b5a062
SHA1 03c109ee6d78181931f8fd39dea456042ffd528b
SHA256 84cb1537b8813a39e0bf7fd61242f8b0009ba505f2bc00e9d766324d34c8a495
SHA512 0f18cf1af05d42137c19bfef2d9953b4c1a1cd12625f2167ac458010bb23d9d9844bbb9d4e6587497c7c2cbbdc3e6e6bc93b5901a6d79ccd8cd2d08be7d3e7fe

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 7173e2b476f1f9da3ed54a9c723cac88
SHA1 54dce0030e71aff4781bfb01da3939b9785273bd
SHA256 393e4cb07866743e64d3bd4b84cb859a3ab26cbdfa2c03d8d1ea6e72800d7b24
SHA512 28164b8db7ee1d3a64e7e4dceeeb868e1475c5551b02e77b3ed5a73b41675b772d7279df6addd5db1303ecb8190eb420631a2d14bc9e9d8f88ca5da2cddece71

C:\Users\Admin\AppData\Local\Temp\website.ico

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\setup.exe

MD5 5fdeff4b89456b836f351443aa9b3d5b
SHA1 7112f415950c45877265f98aa8388e8093d4abcd
SHA256 7dab48f2004dd9481294d59caccd8573a6e28c1c42b6d7a354dcd3e79f9c7f2a
SHA512 35962b165c4604d3262bdc564e03d791df6175bc4825ab60237c17b7b9f67a4db190ba3f410829c4112a67b6fedf7049e5c5ad3c6f6d41f01a0d3b5c2a0e8346

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 c26087f52f2a8a198579353cdc97c7ff
SHA1 cd7d0f5e84bea1b30410727d2ee8770e60d85503
SHA256 187a9a9c02e94a56a996dc1a76ebde97b5c280300730d4410474e4f9faba8c55
SHA512 62c0b3f8994bd1953c36f6468d83704b4fe2e620aa27c6dc5043badcaa0e1603ed2f7aa33f4dee0a3e121e4789191b2e61b4bdf308e26f939ce93dccea2744d7

C:\Users\Admin\AppData\Local\Temp\master_preferences

MD5 8b3752ba74f6044f5df40c28aa2b5987
SHA1 836283a70e7b8e5059c063200d5bb38aa7291af7
SHA256 ccd0f74b6fdc401705bb81bd1fbd870d9c0909b713eb4a0a1fc52855b8a97aa7
SHA512 b94401dc72a8361d51d72b8d009d9ba7f1848c3046889cfc4688e164268905de0996d6c104b4ef479ca01fe2174eb1132e50f89992910bdad866e9764fcd3661

C:\Users\Admin\AppData\Local\Temp\yandex_browser_installer.log

MD5 491b4aa381b22a8a2c5706c2c956369e
SHA1 ac25658cdc7f5f2e2d32f49b3556d685d3203573
SHA256 f4e15599cc443316f5c9105173173f2522a5b7a7f0635547567b0f9af5a25176
SHA512 163c8b04475f91a9638d4ff90e322d9d81541cfc82a72805d76f216458871fedd32661f0261cdb27fc4c11407cf48df37b426571752000159df16f7be3470025

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad\settings.dat

MD5 7c280127c92445063cd51485c7bfb44c
SHA1 56a21463aa10e1013573e444155c3b90695d1160
SHA256 42496ed9d59ba4ea5f47e591140be3a280412908f272af57c4c28c8fcaff9bfa
SHA512 fc3a20c68354e749d40ea22f975d740ddca106f2f80dc44caf20950c22d2eab4ff53d2aa61af4d21fe9dde304941bcc99e1252d9f3fb60a6fb0787a9a276cc5f

C:\Users\Admin\AppData\Local\Temp\distrib_info

MD5 4c118f563825ef62f27c89ff83b826f4
SHA1 5a670853c606b95abf275324c788f30e005fd497
SHA256 2d89dc50787c557086e44f4c934e69a18a0ff56af9031faf5ee72e11d407ce18
SHA512 205b307af58c4e72f70c1e0db5113eb5ad3ce8100441fb837417e1f3978d1c9e71af1576a323bab65deb6b8a39c738df5631c9847a88246b320816def768a331

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\349D186F1CB5682FA0194D4F3754EF36_329286CE101A90C7D927A9DF52224760

MD5 03d4fc02a35331d3286509bd8a933d52
SHA1 dfd3eb5e135498f7efaa9513ce2c6cf7aee2fd13
SHA256 8a0dfce397f86a0489fe65eb80bc0b585de350aa2d1c41b7f7dfe95c5b8fd110
SHA512 e11488f1240cf5692d6a67a27691120ea38359a759bc192c8055cce89b2704881c3b3652dbee6f949345f5d109573906f02bc5a0a3d366fe0eaf83c4da013787

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\349D186F1CB5682FA0194D4F3754EF36_329286CE101A90C7D927A9DF52224760

MD5 acdf9847c25c7c68ff0aa62ee16b4853
SHA1 f58c5fbc3dc24f48fb10779a058c708a889f1a1a
SHA256 5919154b844e77333d946620c4d5a72e308a8fc738ba83ef5c2bb172b9d09928
SHA512 5eac4f9c1f94c856645eb70614d6961c74cf4b613a92cc39e85378a91145cfce4bc78c9f156aa05e0a0a4ce73b5ed8fa5e23cca6d1f71cb6d3c6436dcacae691

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 27aae1737aeee4b9eac2cd3dbbfa03b7
SHA1 476a8c56f73b3d0d04fa0900db5347a1d575fc73
SHA256 c40916e39ac1dc60bf078caf9763c57c65d3400a625a0e7692b324ecccc0bbb3
SHA512 acbd3790cf62b43fc5b63f4dabcff5a034ed370e59180ab5995405b90a3aae3741ad865bd967c9545e45388bab1613d7e77a07300b21a3415330072645ff2ba5

C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\BRAND_COMMON

MD5 8fb3d5252fd262cf808f6f0359998b0a
SHA1 cdb8072dfe898c72c15c2c381349ccf7f2d4d440
SHA256 7ad5104dd8c35ebbc06c56fc6a2cc3f8cf7391ab2e97c8c9d9b3de1d8ab4a5c9
SHA512 57f1b72e210aaa880cdcd04eb1cdadf13dfe373c50a0d98346e64ad93521da43a5b71b068fa3ccadddb03a6e97084b7d25cbb94fcf9c3dea1904bde0c2396bf1

C:\Users\Admin\AppData\Local\Temp\YB_6CA37.tmp\brand_int

MD5 3e499ac6cab5c37d47c0ce7079be9408
SHA1 bc28c35a5feff7ed7061f36addf1b9bb439bf0b3
SHA256 7c69e77970d70ab50c45e70a20b67e4d3c03123b384e723cf2cd515062d22613
SHA512 16e08366a863f3730b880df0f4f34789638a67cfe26e295a8f834594f2ff67bcbdba0cb65b8a316009cd0408c9742c17f13d6a5257e3a7bd5245e5b5549d9fee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B0B1E3C3B1330A269DBEE4BA6313E7B4

MD5 2ffbdb98df2a2b022a48adeb94a3af50
SHA1 6c86923b5c5832bb102f041cb7d38db397074f12
SHA256 dd12c5733bc4b682e1da6353c8c27650f53d11a8ada8fd8a2d06f23cecae5ebd
SHA512 a5f29661ac78ea205dd945fcc53e015152277426af4bcce688231ca1a564dc49144b2953409651737733fec72e9042468c780917543c007d7de74ed44058dbfb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B0B1E3C3B1330A269DBEE4BA6313E7B4

MD5 55706be42e9a4a9cef83900c07771dbb
SHA1 bc6d11896a1650c32fd9727d74eac2ea410146a0
SHA256 41cecafb66019e7c332b4888a5588647921734a3c6b85996a026eb6a2793e1e9
SHA512 c447acb000f6b9ccd3e6a546d1ef62bf9aa10e1164ac47ddde314037f399e51759e466b4477b42a72b84c485d24617af3c368e3cc4671051ff0f329a5280a899

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DDA81A73291E20E6ACF6CACA76D5C942_2A2080AC7EEFAA81BA7361978F5743B9

MD5 5bfa51f3a417b98e7443eca90fc94703
SHA1 8c015d80b8a23f780bdd215dc842b0f5551f63bd
SHA256 bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128
SHA512 4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DDA81A73291E20E6ACF6CACA76D5C942_2A2080AC7EEFAA81BA7361978F5743B9

MD5 ab4008b785b2328b305d1898152b4e20
SHA1 e4d2521563a14482b7ca0d6efdb4d8cbba79fa95
SHA256 90b6acb638b3d9dbb606378e2228321b5284f29ac15b7ad401defd13dcbfbe54
SHA512 22f1a9786285f067d9521727b4f7a88fe8a7ed360da76a3f403731f69827d6e3d93a6f7c25d994430ff62792b5673c6138e633c41c97bf492c5464a083b3c635

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_A026C9CD7BA14377D055F4A2325D4501

MD5 cec3f891e9bd72743d4282346d42b967
SHA1 ce335890aae07592208307b8aaf65e75e0efa145
SHA256 fe91c0e6b6494d80693bda424462cae2359c5bb3ee43ba941c9c2a63afe53abd
SHA512 e942815204ff064d1c45b023dfd754a87cf87b051b0c14efeefd78fbb08b3353dcc13c78556d029fc88d1ef20b7340887494da4528a225024fce3b9042fd0f7b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_A026C9CD7BA14377D055F4A2325D4501

MD5 cffb2752ea2e126c3234812f1492e7d5
SHA1 f5ed3efe0a946a9f13c2087fe7b2f80210ddf5d2
SHA256 18c480e0de68d7a2e6ec5e269306b86e1a506396c4582125d743354888f7573e
SHA512 9eabc71cf72805bcc89c05f38c5a2631c873e908b92d88d70c276f58ad70e1392d4d52fb070af4bc1e9af1cddc70fa116c295bd03357d5a3855caf2f3702722c

\Windows\Temp\scoped_dir1048_303211244\temp\service_update.exe

MD5 ecc2447cad674a68a24f76772cb51dbe
SHA1 6928b8b96cb7a1fa8dc8a8bacef8ab6163a15af9
SHA256 2d6ea9290d3676dbeb61bfd94aced56025cc2e357626ef58854b8be4ae4abce9
SHA512 3edc14b1efe6fa1b36c77e3e70faeeec7eec58e2f4ba9c6ff0c4ec772d3ebcee26ac1d0be76502416be82638a5ba78b81eec552ffad9be5d1d3ad8a90743fbee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FC68FB72D4FBC7E0F151BC2282D75E47_367FA2447481C3DB640CE44BE2E5A181

MD5 3257529248709145b4bc28965c16650c
SHA1 672e92d59dc850f02dace525ba30c022b05a2153
SHA256 cfb773af4ef69b3ab2605e03b438601742efff401f779f70565a32a0c6d8da80
SHA512 32187ec78ac01f438a7e2c8a424f0361967e066a55e450461f0c8d15f58bfd53d22bbc0f270485d74087e6032c134103f104f604932f3da408394d7987c26b72

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FC68FB72D4FBC7E0F151BC2282D75E47_367FA2447481C3DB640CE44BE2E5A181

MD5 c7a68c1f31a1dd38a46c5d2dbb10a2ce
SHA1 a9dad652f69c98ff15bfb709b074530d30c2a1c1
SHA256 8687e5f988cecc211be962474da75513a0f2f7cee991ffcfd819d9f41f777e40
SHA512 c39475c79541a3ab530bbeaef770ef450afb03c67b9adf61f4e95a442a963f5fb9e8365591f1bbee1f3e4a182d9c789d0dd08b064f340a5a7134fd0be3e78166

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\42B9A473B4DAF01285A36B4D3C7B1662_38924EDF39D8802D6946FB22E5DD0835

MD5 516d94e8566bd4731de40d99af56c115
SHA1 01dad51fb331ae51ad954c1f6ecfcf3430559199
SHA256 c8f62db8ca19ebe2f2e7d40e1c0946914c33fa7706d9103b035ae36ae2bf8662
SHA512 b9a2da254b2f7aeef25ee6eaf8bf26079bd30f54e150e9bf6125cdca6db1298605a83f7b6f9c34518947add888194ef149d8b368a34434a02eb8e747480582d6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\42B9A473B4DAF01285A36B4D3C7B1662_38924EDF39D8802D6946FB22E5DD0835

MD5 aad89bab22c8baaff5caa6efcc6822b9
SHA1 73f93dbc60beb646bee1ffc45b20df307103309f
SHA256 0d60de80ae7707110041f8ddb9d28edc4c788047dbd0369bc8f00fdebb5c3a1c
SHA512 33835d166903bb8b8dcf116183053cbdb490f2dbe65775bf918f879bac9d2334c466bd9b75095a6c8b7c087443d72b6cc4dd19615228f0401471e73225e72611

C:\ProgramData\Yandex\YandexBrowser\service_update.log

MD5 ab65ded27328349a03a224a032031735
SHA1 11a4e442d7889a03f4abdf96d46119f94724c3c3
SHA256 830e8920c6e9385ec3ecd432f9a328f94cd095d0e557434557a2d118b9fc20f5
SHA512 b477770f892eb0b99365e8354b88cdce8b9e1632347b04d9d7b5a5ace87b5c9d5ba5e9c121a23c283108ba37435b57ab8186c94c2376e830b5f288a424da7be5

C:\ProgramData\Yandex\YandexBrowser\service_update.log

MD5 57cecc4f764fdc0a7495610a74c96426
SHA1 972ea3fe29a243a680120dd7be4a2c0bdee38aca
SHA256 7253e8de09bfd79dcf878ed7c6206104067c96b7d1bb9ade5b95d002d3d4b540
SHA512 5ccfc91b2d71c6d9de994976e05679fab97d059a8775132d43c9eab3d4d8891b48831cb673185505aca3900f3dbabeb922571428f8624def133f9ea3de28b5f7

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\brand_config

MD5 f88326bf75f9377d75dc3b34df88b59d
SHA1 f4eec740fe217e0743dc8b4f478d881550f8e12b
SHA256 778033d4ad9e66340c0bd06770e6d673d76d83d1cc3e9abe52d98ad4276585cf
SHA512 9aeb77c703d3d2e1bf4575c94585109d62c7d51fa07b3192af23b861069b65c28baff67c096b94b1620dfb80777e42cfdf9cae891a7d664fbe895abd7ece4791

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\tablo_ES_

MD5 a2ab187fa748a38db8b6736269f64972
SHA1 5e2e542d1e3fc32b3677b0aab5efa32a245d0311
SHA256 dc67a1ba4e945e0c8188112ce3ecb9c32d39d77d992ce801a2ac9f500191a4be
SHA512 5f295f3f7e61b6f206f70d776faeb78df337d3e2ef79212cd4af163eef31b7479b438749dc594374f5956048239513992c3763b6f3f5ac68bed5412a2f877797

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\sea_static.jpg

MD5 5e1d673daa7286af82eb4946047fe465
SHA1 02370e69f2a43562f367aa543e23c2750df3f001
SHA256 1605169330d8052d726500a2605da63b30613ac743a7fbfb04e503a4056c4e8a
SHA512 03f4abc1eb45a66ff3dcbb5618307867a85f7c5d941444c2c1e83163752d4863c5fc06a92831b88c66435e689cdfccdc226472be3fdef6d9cb921871156a0828

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\sea_preview.jpg

MD5 53ba159f3391558f90f88816c34eacc3
SHA1 0669f66168a43f35c2c6a686ce1415508318574d
SHA256 f60c331f1336b891a44aeff7cc3429c5c6014007028ad81cca53441c5c6b293e
SHA512 94c82f78df95061bcfa5a3c7b6b7bf0b9fb90e33ea3e034f4620836309fb915186da929b0c38aa3d835e60ea632fafd683623f44c41e72a879baf19de9561179

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\tablo_PT_

MD5 cbfc45587ec6c290e2d7382fb125bb06
SHA1 5b02fcc706a9f3a35a5d74927bbfa717ad6836d0
SHA256 320a0b330e0a40d1a5c74221bd3e4b1efdd9a1c353cb07a73d88399c2a991208
SHA512 fb22df834a02a9df01bb479cf28437641455c113d84166672a15a76bcb977bf5deb230cbb21c99730ac883545e7f457cdab048c278cc2802b11568d4fdfaa1a3

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\configs\all_zip

MD5 c9ac75ad5c047a40d4553130b013d891
SHA1 e6239762e63030317343a25368ba1c79a6c16bdf
SHA256 afd8d61655f0411c32e70823f917c10230f2cf4688d6334e72989ab99f72d1b6
SHA512 16a7f6396d9b5a099b6e5b032652d54a87120d87c584cf57d63d203ad1ec85f5199ae85a1589a4f193b456205e3d8b64c320093f3aee3d495b4fe424f0fa5f40

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

MD5 25b5d707792b12afcb8513be382ea6cb
SHA1 edd9c3959cfc870b3df4b4e0e9e7164d1699c430
SHA256 b91574003d8d139ee29c494308f654bf9718f66966c549980d6770955c6a2b1d
SHA512 236fb96e80e3d6f54e204fa75d5772b2892e9d355f0aaddcbffa543dff80ba01d76ea7907ad496ec7754daca7420e4623b68edc8f08d5ceac6ddbc01a7de4c93

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex.lnk

MD5 6cfdbed172eaaa61d09875f283a193ca
SHA1 520667252cb745a094bcb2392c453fa827229cb0
SHA256 5445807faa2dadd51fe5955bf148ff63dfa412d93cb1c5dfacfeabedb25259ee
SHA512 4aa8b4d657f0ac98738587ff471a1e10b779da6e164e6ceffca947180074e966dd27cf43cbe5f49ff9b8fec133141dfdd1ab6bb974f76d8affcd7cea4b1b651a

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe

MD5 86b97526f262ecf87ed7ecd6c7eb4218
SHA1 d009c56e5fdadb73975c253a14616098dc8d243d
SHA256 33919f6b6975431c22a06c41c32e5f7092860958c68e453eaff9781bb6ab274a
SHA512 dcfa8730ff4da19ecdf72507f36fac86f47c6133a13499605de9a70e8533da1984ff7f5800dc9a597c27b4649f237203f5400e344e22d3b3eb98e2d63f34f20f

memory/1048-1546-0x0000000000B90000-0x0000000000B92000-memory.dmp

memory/1588-1659-0x0000000000500000-0x0000000000501000-memory.dmp

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Site Characteristics Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\422d41c6-ea96-48e5-b41c-d381d609b584.tmp

MD5 4d4b657a4d0b9703e41b3e14991c5f6f
SHA1 65858616de1ec60bba42d2afc307cec3d6da232c
SHA256 a0b1ad95ddf3645510625d1f6da088b1d78ad2fd3d19aa1550dcac7e8e4ccf1e
SHA512 10b753ca1898a8c5ca162feb1f58e9c90d17a2cca47b6a70c555d7e7a1188e331e339a2177f83e8211e742a0a2e680b0d86e0f2ee2fb17c8914fb1d6c6b3cd92

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\5a65bc41-689f-4154-af49-28a1f72e712e.tmp

MD5 241ee4853024a23667f62cad247d5f53
SHA1 af9b4bfacb86b23525767b53be814c8bfad104b6
SHA256 09cc9db656d0360eb65bc49603b7676e4e80e9e463ad5ef71a3091bf66f9e2ce
SHA512 54228d972e123590f055289301d8e683d289527018e7dd6b3afd5b43698d068afb0e849b097a6895906a71cb26d7e459a1f97a4dfffd107c1f92a074eaea22ee

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Platform Notifications\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Wallpapers\store\video-13375979779927500

MD5 b78f2fd03c421aa82b630e86e4619321
SHA1 0d07bfbaa80b9555e6eaa9f301395c5db99dde25
SHA256 05e7170852a344e2f3288fc3b74c84012c3d51fb7ad7d25a15e71b2b574bfd56
SHA512 404fb2b76e5b549cbcba0a8cf744b750068cbd8d0f9f6959c4f883b35bcaa92d46b0df454719ca1cef22f5924d1243ba2a677b2f86a239d20bfad5365dc08650

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Wallpapers\store\picture-13375979779927500

MD5 c51eed480a92977f001a459aa554595a
SHA1 0862f95662cff73b8b57738dfaca7c61de579125
SHA256 713c9e03aac760a11e51b833d7e1c9013759990b9b458363a856fd29ea108eec
SHA512 6f896c5f7f05524d05f90dc45914478a2f7509ea79114f240396791f658e2f7070e783fab6ac284327361dc2a48c5918b9f1c969b90795ceacce2c5c5bfa56ca

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Wallpapers\store\preview-13375979779927500

MD5 1edab3f1f952372eb1e3b8b1ea5fd0cf
SHA1 aeb7edc3503585512c9843481362dca079ac7e4a
SHA256 649c55ccc096cc37dfe534f992b1c7bda68da589258611924d3f6172d0680212
SHA512 ecd9609fbf821239ddcbdc18ef69dade6e32efd10c383d79e0db39389fa890a5c2c6db430a01b49a44d5fa185f8197dbbde2e1e946f12a1f97a8c118634c0c34

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\0ca4be01-7120-4bce-a741-7cda7fc33916.tmp

MD5 fcff10916bd49c69e1a219f1043f5c34
SHA1 21fd74e4a757b7dc631b0e868fb5164a0d7b10f3
SHA256 20b703a579ebacf9a8c184ea88bf72b99917dd901ad7d0253293fe57eb8fe519
SHA512 77d2e7a19e4c8755dd6b427f01920b84a6c5d0f11d023c074297aa54b854226d182cd07e19a774ff5ab24d2568261a1799e2b69d99e2e98d6c46e48518301fb9

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\4bde1eef-a0c5-45fe-b7a8-4e19d778bd51.tmp

MD5 e8677ba75fa0d7fec79815512e9b6b35
SHA1 b77859d6204d45ce4392174ad3ce4be9ad4ebb22
SHA256 3752aa9f5937b9fc489fed3545b9339c4e5a48fd8abaa72600b5b497ed4d7384
SHA512 d3f8a62bec81adaac14eb1b0050630cb503cb0dee50472d5a1998502399406a9adc2fbdc38269075cb1f1674071778be6d7a6e0459b847a823051661c713ae26

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\49dd15a3-6c53-430e-a021-543d38e15e3c.tmp

MD5 fc2f8a86eea80c54769efc273128f063
SHA1 6e8ea7ca62eecd75acedfdf0b6c9dabbd5d582d0
SHA256 41819e854b9350df7811b17847d09b712235494b9365fa45f3052f19ad3ffdd7
SHA512 9001f15114a04b561b9c5790f8207550b398050f6959bd74e39a89709733b2f72d0ce01fb0845be8f4217c31112bde741a9ff1f178c96340c568a7a7d4b67c25

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\GrShaderCache\GPUCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\GrShaderCache\GPUCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\GrShaderCache\GPUCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 021415aa0bb23627e12eb99491e1fa2e
SHA1 010d7aa4ca322a108bb7d067cc2a662b8cb6288c
SHA256 42dbb6dacaad75834c76741e58640ec605ae3471d210d300ae442d012f9610a5
SHA512 b0a27bfbcf3c59fa376dbe81e96140cfa676fdd1999013e6ff5087b38d5eb0a8032e1e62b958d6542971f630f0abee6e03aba132efd7ad7f49620dbf04f0e803

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3bf6b0dc2c33fe0dd3ad90be0afed827
SHA1 75a1970923248d6689d909ffbcec7d3c0c03c7ea
SHA256 8eae4cd0503f8e79a3850d0bfb5014e5f04bc64f546da58a66e5ca958404766e
SHA512 44afa136b74c6e3d75dd171d2491c1d44ef3545f421c60df6c743a2990ec7f0a781eb4d68b4c08ff2064d2415e518490ad311a6ac1ae9c037d6f4560d5da5d7b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e70febe196617edb2d2e3e66f6c70acb
SHA1 1a320ab937ec666ad2f91f23ac87cee79e28eafa
SHA256 aa8c8d7513370df7c46b41736c132ef231c7f066a9113d4c4ecc630b8bfae5af
SHA512 4eae28906d66307950b8126f1e92410669e5ba81aecb45d2968dc22defc51865f9ef46e025fb22f55773ccf1f458a9bda28cdb67b8a9f22068dbaa737f69a399

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6a6c5686772ede1f6e049b178323a91a
SHA1 fa2c131e19649ae389633cf86289f62952feb048
SHA256 4242fecdc5e6089abfa40f4808f456c594c20236735f6e620b64d9ace15bb79f
SHA512 990dc30593a50fe9985c769cf1c2c989e644c07e21028b5187a24e98503779ac81b546d5f613cbb7ae4ae5f22d9ee28c24c21322d9bde1c25030624ecc414ea2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 75e2f7bc7c1a82f8cd52b68fcb54478d
SHA1 3f2d29c5af79f2cb84df5f54377f65b750297cba
SHA256 49f86e931ae1bd178c9db2096973b2c76333c689e625fae3007e99db0231adff
SHA512 940f9c8dc564d4e025b4e6a50c54b774d2076ab022be38f5480b1a59668cf96071655047522b0f7901c11bfcca8447480b0762d6fd9d641c891751bb16de5303

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8cda2999ede7c3919e5d1ad6082bfd7b
SHA1 4bb0eaeddbadcfd4ac2edf13251603eb6362c640
SHA256 6cf81e82b3395154f858cc4d3cb42b1ae0ea4180d49fe5e00ca11dd8b127277c
SHA512 ced481661acfaec708c6a54ad5be2e57a21d870a767d67719c66e36cdd487e4db15794da509e0294204eb7585758bb316434fcc888fbff476f713eab889a6199

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2a03062678e40342f288ca6a7a23f01f
SHA1 42622ca6e4ff4e0ba24cf275bfb259ee81134463
SHA256 a4abeca82e0ded8dc0fc767f0fe2b25879323e679be3da6b3c83e2f7000de313
SHA512 7f8bb72b2ba69a46c72ae116107d72872117f5f9d26a6e35e8049bbace9c19513a16106da63c1f0faaf3ada8e3e954b83f799b425e9f85f7fc6cadd2b4f00c43

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 72b09f4d8f73be897b9f4273472c0e90
SHA1 5dadb10ce88e58f45ae4469c989743e07db29679
SHA256 cd3175c1fbaa4fb43bdc68c9491b1f1d38c1a4828db5b1b76bd7928e019216a3
SHA512 3fc521d3f59bed48660cac88ff63cad0c3b79fdef3e9aaabaf7e47e3d22d6cdc4a5e9fe8104ca62dd67677b14edbcf821ae4fb9bf3ae5f1c274651a9e95eb088

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6c526321d7ae277bac9c7c0b85fcfb36
SHA1 e33209d1748b09786856de83919473ec465f0d3b
SHA256 79f8d5622d3ae5630884dbc3b14f12fffad2cbba879e6beca625d05ac0bd00b3
SHA512 13a570748ca94d54a47153bcf3c8eb569dac90ec15e8ac50a805edcb740f5366c64929dcc98df45b635316d7ffc635b78991e0b5bbbefc0e371ed4c4940ca824

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7a690c3688872bf19ec43adf1e5c4c11
SHA1 7cec3ce478e784e99839566d89424b59bc1aeb24
SHA256 867fcbc44ac5165a9858054a349346c0eca6abbe808b55ace5e214d9a2466b12
SHA512 4dc2f10a6d6525ef08ab68693cadcf996210eee37c3174de59948e7dea164d069218ea76e7ba790f163ee25cf81fd474cdd4612a29fcab1e62e6487e543288af

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Local State

MD5 19d39e4b732ed2878a00468375d4bee3
SHA1 4aa6d51336474cff697fbdc8688884b676d7b390
SHA256 0797dbafe03c1efd332ed1f98b1efd3c09cf96e9919b85a856204d1776c94c7e
SHA512 ca40318afb9f64905389d3b7ca0c840ae5821305b493d64fc348b0d021b4a58f52ff759b5768441f239a1aecad42f1ef24daccebd1a82981ae749702648c9b29

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

MD5 0c90ad9231e41aded4ad8b6970b9b739
SHA1 e61b669e664aba805a67a034d09bd4a6b90b3f0e
SHA256 119331664fc334da80319f78e4c4c27c8155891f9095e52be32535733970224e
SHA512 0b6339c784eb786b595361e83c7c3e64e949e537bc3f4b6696f7cc65ace048b3ac8bb22dea79e906616e20170af260704e0ad18d781ff6a4412d26ccf56a5f57

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Local State

MD5 22598b04990fdbf67e0dc622fa08d514
SHA1 dbb40154476c115c56b55a95540dce9de027191e
SHA256 58e352f0e2300fdb378063fb20c0ef0abb5594ee98732e7e124e97f4c0aa4370
SHA512 7ce0963ce8de3bf7b80d5f0b4c190b43d662af853a1ac1a4d96f98a2809f20960cc63cb41c64605badb2a8ef45d01141caaab784338c7d66982da9104cb04d8f

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TransportSecurity

MD5 da15241b6ca329c00a27384c927a3e6f
SHA1 4695c0d16f76319178ea113d9778c5fb14b6b5aa
SHA256 1076fe3b54ab598534df6cbc0f5d88fea27a4c921c2f173ba94f3811f29ae09d
SHA512 1671108f752814ebf2446deba7f3a7cc915b22d43bf49314453b3e3c444b505f01cd0c1494a0c0e2539dc36b4c09ce44f5f1a82c7d10299eb330ba8495866a34

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TransportSecurity

MD5 ba1fde4a71b8aabeb663c225daf8873e
SHA1 20077f7c6210d08fd517f8b29854b98389b03088
SHA256 8ffff507dd8bd76e581dc9a2c4a4e31ab858971db2bcd46ce002b85e615ee893
SHA512 3e847b2d114b39f8a2aba9f2a9482d606a02bc04476f110f536f92aeb389ac45923e0f0e209f31ccdc47b8b220997f602bf2fb0fb80dccc1231065feabe8ae7b

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\ddfd22a9-9a89-4d5d-b414-d94cc3d26617.tmp

MD5 3a9415d291aeb0599995c09ba878adc1
SHA1 c48d967eab4c2eaa7eef77f7f66430c5c1102816
SHA256 43ccbe4f805facc295e2d2b8e4a577d8294529a60a69acaf97f7c250c2772c3e
SHA512 d1c460652dbf43709efaf6a6eff59d19162c7494f24f43b35e9124914ded82cdc33d153b22ca6b86c6cc15b6a4c7fc223a198cf9b93ae79d985c1c8fd7aaf113

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TransportSecurity

MD5 b06d453235b72481ec2417f17ee8548d
SHA1 b354198834f97df920ebf672858b998f492ab111
SHA256 2f0ef34a6748ea77253cb9eea6e5491df973a0f147abd92863f2a96848c6297a
SHA512 12eaaf031e2184319099d8f7eaea81dd912b990f6465497ce705152f7b8ffd90af5a1fffff55d56057761878129603f7c0b2cbf5ac2e7ae5c2c1a488a437e691

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TransportSecurity

MD5 b6991f897c49803846afb18813e09451
SHA1 729e065f267d056d407e1eae0dad45c492750ece
SHA256 e105d02c03ee16566f340fa9837bcb57c345a71a8c4272667690c4e77e0d0f4b
SHA512 f3517c0e761844b5cbdc859612e369f1251873bc18a1f9bf51694994583eb94e1e8be2311edad1589fd84ae62fe7dc69ed7c9fcff4f3d62e77ed9fd87e992b0c

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

MD5 670c632a887b51b1d9dc56c87e25355a
SHA1 4dde75d1d0e8317146cf4351e75d78e60dd1d46f
SHA256 80129d51b344219dee2062dece84f5d44924bcbcfcf8d9ad8cd5d25d5c72f3d9
SHA512 fb6b7d098f24e2b043b3ff57bc82a34e27501f42e482dceec06c69f8cf391d1bb7391c6a06c3f66bcf73af3359756f34252215e7761e682e17d6cabd19c370d6

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TransportSecurity

MD5 b3fdb179293e2939a1044420366011ed
SHA1 f72f5d96b37d4bde0a0bdf851d0544a64e1826be
SHA256 41077544451e908d9e023a5de864a6ebc05d03449f233de9a406bf2f2405873c
SHA512 221a2b4b90a38551e172815dcbfaffad8e85e6f246053d36032b0dbbdfad2a6bee74f974891a1328be08006ee04bff8e88862f3691ec59f7570f17fb4577238e

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Local State

MD5 63206386197f9cc7cb9e1aca7e7da079
SHA1 84f1a09f6cd517ae91ec1bb837c9b5143fc0d893
SHA256 5cc11c0d9d6e38f75881c13f0b35597573bcd0e0a33244edacd3abd7e82523e4
SHA512 fc16da124a62920286058cad73456dacc722ca9e725e76954e65887ac6d89da24f47f3bed8740a415a5fea81000f38d589baab01340a061b8b9352fbe0fd1671

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-13 13:55

Reported

2024-11-13 13:57

Platform

win10v2004-20241007-en

Max time kernel

149s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\0ef256b6fbfe6fd11f3a781f4b822180bcdb7196c8cac4d4cee4e79d0551e7a7.exe"

Signatures

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Windows\TEMP\scoped_dir2676_211033368\temp\service_update.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\0ef256b6fbfe6fd11f3a781f4b822180bcdb7196c8cac4d4cee4e79d0551e7a7.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\YB_AC3A5.tmp\setup.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\yb9191.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_AC3A5.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_AC3A5.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_AC3A5.tmp\setup.exe N/A
N/A N/A C:\Windows\TEMP\scoped_dir2676_211033368\temp\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\GoogleChromeAutoLaunch_45886AE68CD319C7351FF54A1DBD4B87 = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --shutdown-if-not-closed-by-system-restart" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Checks installed software on the system

discovery

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A yandex.com N/A N/A
N/A yandex.com N/A N/A
N/A yandex.com N/A N/A

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\_[1].js C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3 C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Yandex\ui C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCookies C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\349D186F1CB5682FA0194D4F3754EF36_329286CE101A90C7D927A9DF52224760 C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5 C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3 C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\349D186F1CB5682FA0194D4F3754EF36_329286CE101A90C7D927A9DF52224760 C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe C:\Windows\TEMP\scoped_dir2676_211033368\temp\service_update.exe N/A
File created C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe C:\Windows\TEMP\scoped_dir2676_211033368\temp\service_update.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\System update for Yandex Browser.job C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File created C:\Windows\Tasks\Update for Yandex Browser.job C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File created C:\Windows\Tasks\Repairing Yandex Browser update service.job C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
File opened for modification C:\Windows\Tasks\Update for Yandex Browser.job C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0ef256b6fbfe6fd11f3a781f4b822180bcdb7196c8cac4d4cee4e79d0551e7a7.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\TEMP\scoped_dir2676_211033368\temp\service_update.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\yb9191.tmp N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\YB_AC3A5.tmp\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\YB_AC3A5.tmp\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\YB_AC3A5.tmp\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0ef256b6fbfe6fd11f3a781f4b822180bcdb7196c8cac4d4cee4e79d0551e7a7.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\AppDataLow\Yandex C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\AppDataLow\Yandex\UICreated_SYSTEM = "1" C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:" C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:" C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\AppDataLow C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexCSS.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\ = "Yandex Browser CSS Document" C:\Users\Admin\AppData\Local\Temp\YB_AC3A5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexCSS.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\shell C:\Users\Admin\AppData\Local\Temp\YB_AC3A5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\.crx\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\YB_AC3A5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\.xhtml\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\YB_AC3A5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\yabrowser C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexGIF.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexTIFF.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\ = "Yandex Browser TIFF Document" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexWEBP.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\shell\open C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexGIF.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\shell C:\Users\Admin\AppData\Local\Temp\YB_AC3A5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexPNG.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\shell\open C:\Users\Admin\AppData\Local\Temp\YB_AC3A5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\.js C:\Users\Admin\AppData\Local\Temp\YB_AC3A5.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexWEBM.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-132" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexBrowser.crx\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1" C:\Users\Admin\AppData\Local\Temp\YB_AC3A5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexHTML.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\Application C:\Users\Admin\AppData\Local\Temp\YB_AC3A5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexINFE.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\shell C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexJS.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\shell\open C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexWEBP.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexTXT.Z7U7QVUCLRRNYFIB2IBUGKKOQQ C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexHTML.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\ = "Yandex Browser HTML Document" C:\Users\Admin\AppData\Local\Temp\YB_AC3A5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexJS.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\shell\open\command C:\Users\Admin\AppData\Local\Temp\YB_AC3A5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexWEBP.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\shell\open C:\Users\Admin\AppData\Local\Temp\YB_AC3A5.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\.fb2\OpenWithProgids\YandexFB2.Z7U7QVUCLRRNYFIB2IBUGKKOQQ C:\Users\Admin\AppData\Local\Temp\YB_AC3A5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexTIFF.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\shell\open C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexPNG.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\shell C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\.xhtml\OpenWithProgids C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexJPEG.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1" C:\Users\Admin\AppData\Local\Temp\YB_AC3A5.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexGIF.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\ = "Yandex Browser GIF Document" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexSWF.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-118" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\.infected\OpenWithProgids C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexFB2.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\shell\open C:\Users\Admin\AppData\Local\Temp\YB_AC3A5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexCRX.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\DefaultIcon C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\.jpeg\OpenWithProgids C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\yabrowser\shell\ = "open" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexJS.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1" C:\Users\Admin\AppData\Local\Temp\YB_AC3A5.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexWEBM.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1" C:\Users\Admin\AppData\Local\Temp\YB_AC3A5.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexHTML.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\Application\ApplicationName = "Yandex" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexWEBP.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\DefaultIcon C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexJS.Z7U7QVUCLRRNYFIB2IBUGKKOQQ C:\Users\Admin\AppData\Local\Temp\YB_AC3A5.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexWEBP.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1" C:\Users\Admin\AppData\Local\Temp\YB_AC3A5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\.jpg C:\Users\Admin\AppData\Local\Temp\YB_AC3A5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexHTML.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\shell C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexFB2.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\ = "Yandex Browser FB2 Document" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexPDF.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\DefaultIcon C:\Users\Admin\AppData\Local\Temp\YB_AC3A5.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexHTML.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\Application\ApplicationCompany = "YANDEX" C:\Users\Admin\AppData\Local\Temp\YB_AC3A5.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\.shtml\OpenWithProgids\YandexHTML.Z7U7QVUCLRRNYFIB2IBUGKKOQQ C:\Users\Admin\AppData\Local\Temp\YB_AC3A5.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexPNG.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\ = "Yandex Browser PNG Document" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexEPUB.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\ = "Yandex Browser EPUB Document" C:\Users\Admin\AppData\Local\Temp\YB_AC3A5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexEPUB.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\shell C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexPNG.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\shell\open C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\.html\OpenWithProgids\YandexHTML.Z7U7QVUCLRRNYFIB2IBUGKKOQQ C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexTIFF.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\shell C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\.crx C:\Users\Admin\AppData\Local\Temp\YB_AC3A5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexWEBP.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\DefaultIcon C:\Users\Admin\AppData\Local\Temp\YB_AC3A5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexPDF.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\shell\open C:\Users\Admin\AppData\Local\Temp\YB_AC3A5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\.xht C:\Users\Admin\AppData\Local\Temp\YB_AC3A5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexJPEG.Z7U7QVUCLRRNYFIB2IBUGKKOQQ C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexFB2.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\shell\open\command C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexTXT.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\shell\open\command C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexHTML.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\Application\ApplicationName = "Yandex" C:\Users\Admin\AppData\Local\Temp\YB_AC3A5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\.txt C:\Users\Admin\AppData\Local\Temp\YB_AC3A5.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\.pdf\OpenWithProgids\YandexPDF.Z7U7QVUCLRRNYFIB2IBUGKKOQQ C:\Users\Admin\AppData\Local\Temp\YB_AC3A5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexJPEG.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\shell\open\command C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexTIFF.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\shell\open\command C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\YandexXML.Z7U7QVUCLRRNYFIB2IBUGKKOQQ\shell C:\Users\Admin\AppData\Local\Temp\YB_AC3A5.tmp\setup.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD C:\Users\Admin\AppData\Local\Temp\0ef256b6fbfe6fd11f3a781f4b822180bcdb7196c8cac4d4cee4e79d0551e7a7.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 0f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b1400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba953030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f C:\Users\Admin\AppData\Local\Temp\0ef256b6fbfe6fd11f3a781f4b822180bcdb7196c8cac4d4cee4e79d0551e7a7.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 190000000100000010000000d0fd3c9c380d7b65e26b9a3fedd39b8f030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba9531400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b0b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f C:\Users\Admin\AppData\Local\Temp\0ef256b6fbfe6fd11f3a781f4b822180bcdb7196c8cac4d4cee4e79d0551e7a7.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_AC3A5.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_AC3A5.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Windows\TEMP\scoped_dir2676_211033368\temp\service_update.exe N/A
N/A N/A C:\Windows\TEMP\scoped_dir2676_211033368\temp\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_AC3A5.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_AC3A5.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\0ef256b6fbfe6fd11f3a781f4b822180bcdb7196c8cac4d4cee4e79d0551e7a7.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3840 wrote to memory of 3520 N/A C:\Users\Admin\AppData\Local\Temp\0ef256b6fbfe6fd11f3a781f4b822180bcdb7196c8cac4d4cee4e79d0551e7a7.exe C:\Users\Admin\AppData\Local\Temp\0ef256b6fbfe6fd11f3a781f4b822180bcdb7196c8cac4d4cee4e79d0551e7a7.exe
PID 3840 wrote to memory of 3520 N/A C:\Users\Admin\AppData\Local\Temp\0ef256b6fbfe6fd11f3a781f4b822180bcdb7196c8cac4d4cee4e79d0551e7a7.exe C:\Users\Admin\AppData\Local\Temp\0ef256b6fbfe6fd11f3a781f4b822180bcdb7196c8cac4d4cee4e79d0551e7a7.exe
PID 3840 wrote to memory of 3520 N/A C:\Users\Admin\AppData\Local\Temp\0ef256b6fbfe6fd11f3a781f4b822180bcdb7196c8cac4d4cee4e79d0551e7a7.exe C:\Users\Admin\AppData\Local\Temp\0ef256b6fbfe6fd11f3a781f4b822180bcdb7196c8cac4d4cee4e79d0551e7a7.exe
PID 3840 wrote to memory of 2168 N/A C:\Users\Admin\AppData\Local\Temp\0ef256b6fbfe6fd11f3a781f4b822180bcdb7196c8cac4d4cee4e79d0551e7a7.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 2168 N/A C:\Users\Admin\AppData\Local\Temp\0ef256b6fbfe6fd11f3a781f4b822180bcdb7196c8cac4d4cee4e79d0551e7a7.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 4836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 4836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 3924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 3924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 3924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 3924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 3924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 3924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 3924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 3924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 3924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 3924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 3924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 3924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 3924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 3924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 3924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 3924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 3924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 3924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 3924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 3924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 3924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 3924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 3924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 3924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 3924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 3924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 3924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 3924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 3924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 3924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 3924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 3924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 3924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 3924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 3924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 3924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 3924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 3924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 3924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 3924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 60 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 60 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 2784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 2784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 2784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 2784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 2784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 2784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 2784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 2784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 2784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 2784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 2784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 2784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 2784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 2784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 2784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\0ef256b6fbfe6fd11f3a781f4b822180bcdb7196c8cac4d4cee4e79d0551e7a7.exe

"C:\Users\Admin\AppData\Local\Temp\0ef256b6fbfe6fd11f3a781f4b822180bcdb7196c8cac4d4cee4e79d0551e7a7.exe"

C:\Users\Admin\AppData\Local\Temp\0ef256b6fbfe6fd11f3a781f4b822180bcdb7196c8cac4d4cee4e79d0551e7a7.exe

"C:\Users\Admin\AppData\Local\Temp\0ef256b6fbfe6fd11f3a781f4b822180bcdb7196c8cac4d4cee4e79d0551e7a7.exe" --parent-installer-process-id=3840 --run-as-admin --setup-cmd-line="fake_browser_arc --abt-config-resource-file=\"C:\Users\Admin\AppData\Local\Temp\abt_config_resource\" --abt-update-path=\"C:\Users\Admin\AppData\Local\Temp\5afad1c8-c6fe-44b4-b136-d342306072b0.tmp\" --brand-name=int --browser-present=none --disableyapin --distr-info-file=\"C:\Users\Admin\AppData\Local\Temp\distrib_info\" --installer-brand-id=int --make-browser-default-after-import --ok-button-pressed-time=486686823 --progress-window=458850 --send-statistics --server-config-bundle-path=\"C:\Users\Admin\AppData\Local\Temp\5a317146-2a2a-4850-adc3-34b3e77d90a8.tmp\" --testids=1114347 --variations-update-path=\"C:\Users\Admin\AppData\Local\Temp\3e9125bf-cb6e-4e96-9e4e-ee4039556836.tmp\" --verbose-logging"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://yandex.com/legal/browser_agreement/?lang=en

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc4f0c46f8,0x7ffc4f0c4708,0x7ffc4f0c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,7119508909836242440,5637155303695856428,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2244 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2232,7119508909836242440,5637155303695856428,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2232,7119508909836242440,5637155303695856428,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,7119508909836242440,5637155303695856428,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,7119508909836242440,5637155303695856428,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,7119508909836242440,5637155303695856428,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\yb9191.tmp

"C:\Users\Admin\AppData\Local\Temp\yb9191.tmp" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\5afad1c8-c6fe-44b4-b136-d342306072b0.tmp" --brand-name=int --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --browser-present=none --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --disableyapin --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=14 --install-start-time-no-uac=487186816 --installer-brand-id=int --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --make-browser-default-after-import --ok-button-pressed-time=486686823 --progress-window=458850 --send-statistics --server-config-bundle-path="C:\Users\Admin\AppData\Local\Temp\5a317146-2a2a-4850-adc3-34b3e77d90a8.tmp" --source=lite --testids=1114347 --variations-update-path="C:\Users\Admin\AppData\Local\Temp\3e9125bf-cb6e-4e96-9e4e-ee4039556836.tmp" --verbose-logging

C:\Users\Admin\AppData\Local\Temp\YB_AC3A5.tmp\setup.exe

"C:\Users\Admin\AppData\Local\Temp\YB_AC3A5.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_AC3A5.tmp\BROWSER.PACKED.7Z" --searchband-file="C:\Users\Admin\AppData\Local\Temp\YB_AC3A5.tmp\SEARCHBAND.EXE" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\5afad1c8-c6fe-44b4-b136-d342306072b0.tmp" --brand-name=int --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --browser-present=none --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --disableyapin --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=14 --install-start-time-no-uac=487186816 --installer-brand-id=int --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --make-browser-default-after-import --ok-button-pressed-time=486686823 --progress-window=458850 --send-statistics --server-config-bundle-path="C:\Users\Admin\AppData\Local\Temp\5a317146-2a2a-4850-adc3-34b3e77d90a8.tmp" --source=lite --testids=1114347 --variations-update-path="C:\Users\Admin\AppData\Local\Temp\3e9125bf-cb6e-4e96-9e4e-ee4039556836.tmp" --verbose-logging

C:\Users\Admin\AppData\Local\Temp\YB_AC3A5.tmp\setup.exe

"C:\Users\Admin\AppData\Local\Temp\YB_AC3A5.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_AC3A5.tmp\BROWSER.PACKED.7Z" --searchband-file="C:\Users\Admin\AppData\Local\Temp\YB_AC3A5.tmp\SEARCHBAND.EXE" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\5afad1c8-c6fe-44b4-b136-d342306072b0.tmp" --brand-name=int --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --browser-present=none --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --disableyapin --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=14 --install-start-time-no-uac=487186816 --installer-brand-id=int --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --make-browser-default-after-import --ok-button-pressed-time=486686823 --progress-window=458850 --send-statistics --server-config-bundle-path="C:\Users\Admin\AppData\Local\Temp\5a317146-2a2a-4850-adc3-34b3e77d90a8.tmp" --source=lite --testids=1114347 --variations-update-path="C:\Users\Admin\AppData\Local\Temp\3e9125bf-cb6e-4e96-9e4e-ee4039556836.tmp" --verbose-logging --verbose-logging --run-as-admin --target-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application" --child-setup-process --restart-as-admin-time=495932407

C:\Users\Admin\AppData\Local\Temp\YB_AC3A5.tmp\setup.exe

C:\Users\Admin\AppData\Local\Temp\YB_AC3A5.tmp\setup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=488dca4c15f9a1d330ad312b391a804e --annotation=main_process_pid=2676 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=22.1.5.812 --initial-client-data=0x33c,0x340,0x344,0x318,0x348,0x4bed30,0x4bed40,0x4bed4c

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,7119508909836242440,5637155303695856428,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,7119508909836242440,5637155303695856428,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,7119508909836242440,5637155303695856428,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,7119508909836242440,5637155303695856428,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,7119508909836242440,5637155303695856428,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6428 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,7119508909836242440,5637155303695856428,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6428 /prefetch:8

C:\Windows\TEMP\scoped_dir2676_211033368\temp\service_update.exe

"C:\Windows\TEMP\scoped_dir2676_211033368\temp\service_update.exe" --setup

C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe" --install

C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe" --run-as-service

C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=488dca4c15f9a1d330ad312b391a804e --annotation=main_process_pid=5692 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=22.1.5.812 --initial-client-data=0x258,0x25c,0x260,0x234,0x264,0x9c3560,0x9c3570,0x9c357c

C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe" --update-scheduler

C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe" --update-background-scheduler

C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\22.1.5.812\service_update.exe" --statistics=https://api.browser.yandex.ru/installstats/send/dtype=stred/pid=457/cid=72992/path=extended_stat/vars=-action=version_folder_files_check_unused,-brand_id=unknown,-error=FONT_NOT_FOUND,-files_mask=66977119,-installer_type=service_audit,-launched=false,-old_style=0,-old_ver=,-result=0,-stage=error,-target=version_folder_files_check,-ui=78E33DF7_8F27_4EDD_8AD2_2ED95F52E106/*

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Temp\clids.xml"

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\source2676_245278315\Browser-bin\clids_yandex.xml"

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=searchband --vendor-xml-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\source2676_245278315\Browser-bin\clids_searchband.xml"

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --progress-window=458850 --ok-button-pressed-time=486686823 --install-start-time-no-uac=487186816

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id= --annotation=main_process_pid=1756 --annotation=metrics_client_id=e2d1927b05e7445f93147b29e2290f15 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=22.1.5.812 --initial-client-data=0x188,0x18c,0x190,0x164,0x194,0x71fc2a08,0x71fc2a18,0x71fc2a24

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --field-trial-handle=1612,1538425362741022193,4472952364173127654,131072 --user-id=A53DC019-D15E-47D6-A697-E92CB00F9275 --brand-id=int --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAANAAAAEAAAAAAAAAABAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1624 /prefetch:2

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1612,1538425362741022193,4472952364173127654,131072 --lang=en-US --service-sandbox-type=none --user-id=A53DC019-D15E-47D6-A697-E92CB00F9275 --brand-id=int --process-name="Network Service" --brver=22.1.5.812 --mojo-platform-channel-handle=2044 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1612,1538425362741022193,4472952364173127654,131072 --lang=en-US --service-sandbox-type=utility --user-id=A53DC019-D15E-47D6-A697-E92CB00F9275 --brand-id=int --process-name="Storage Service" --brver=22.1.5.812 --mojo-platform-channel-handle=2180 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1612,1538425362741022193,4472952364173127654,131072 --lang=en-US --service-sandbox-type=audio --user-id=A53DC019-D15E-47D6-A697-E92CB00F9275 --brand-id=int --process-name="Audio Service" --brver=22.1.5.812 --mojo-platform-channel-handle=2652 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1612,1538425362741022193,4472952364173127654,131072 --lang=en-US --service-sandbox-type=none --user-id=A53DC019-D15E-47D6-A697-E92CB00F9275 --brand-id=int --process-name="Video Capture" --brver=22.1.5.812 --mojo-platform-channel-handle=2692 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=A53DC019-D15E-47D6-A697-E92CB00F9275 --brand-id=int --extension-process --help-url=https://api.browser.yandex.com/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://yastatic.net --display-capture-permissions-policy-allowed --enable-instaserp --field-trial-handle=1612,1538425362741022193,4472952364173127654,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2716 /prefetch:1

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=A53DC019-D15E-47D6-A697-E92CB00F9275 --brand-id=int --extension-process --help-url=https://api.browser.yandex.com/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://yastatic.net --display-capture-permissions-policy-allowed --enable-instaserp --field-trial-handle=1612,1538425362741022193,4472952364173127654,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2996 /prefetch:1

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe" --set-as-default-browser

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\Installer\setup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=488dca4c15f9a1d330ad312b391a804e --annotation=main_process_pid=5660 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=22.1.5.812 --initial-client-data=0x338,0x33c,0x340,0x314,0x344,0x124ed30,0x124ed40,0x124ed4c

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1612,1538425362741022193,4472952364173127654,131072 --lang=en-US --service-sandbox-type=service --user-id=A53DC019-D15E-47D6-A697-E92CB00F9275 --brand-id=int --process-name="Data Decoder Service" --brver=22.1.5.812 --mojo-platform-channel-handle=3828 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=speechkit.mojom.Speechkit --field-trial-handle=1612,1538425362741022193,4472952364173127654,131072 --lang=en-US --service-sandbox-type=none --user-id=A53DC019-D15E-47D6-A697-E92CB00F9275 --brand-id=int --process-name="Speechkit Service" --brver=22.1.5.812 --mojo-platform-channel-handle=3988 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=uwp_cookie_provider.mojom.UwpCookieProvider --field-trial-handle=1612,1538425362741022193,4472952364173127654,131072 --lang=en-US --service-sandbox-type=utility --user-id=A53DC019-D15E-47D6-A697-E92CB00F9275 --brand-id=int --process-name=uwp_cookie_provider.mojom.UwpCookieProvider --brver=22.1.5.812 --mojo-platform-channel-handle=4804 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=A53DC019-D15E-47D6-A697-E92CB00F9275 --brand-id=int --help-url=https://api.browser.yandex.com/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://yastatic.net --display-capture-permissions-policy-allowed --enable-instaserp --field-trial-handle=1612,1538425362741022193,4472952364173127654,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3116 /prefetch:1

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1612,1538425362741022193,4472952364173127654,131072 --lang=en-US --service-sandbox-type=none --user-id=A53DC019-D15E-47D6-A697-E92CB00F9275 --brand-id=int --process-name="Windows Utilities" --brver=22.1.5.812 --mojo-platform-channel-handle=3408 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1612,1538425362741022193,4472952364173127654,131072 --lang=en-US --service-sandbox-type=none --user-id=A53DC019-D15E-47D6-A697-E92CB00F9275 --brand-id=int --process-name="Windows Utilities" --brver=22.1.5.812 --mojo-platform-channel-handle=2856 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --field-trial-handle=1612,1538425362741022193,4472952364173127654,131072 --lang=en-US --service-sandbox-type=none --user-id=A53DC019-D15E-47D6-A697-E92CB00F9275 --brand-id=int --process-name="Profile Importer" --brver=22.1.5.812 --mojo-platform-channel-handle=3616 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --field-trial-handle=1612,1538425362741022193,4472952364173127654,131072 --lang=en-US --service-sandbox-type=none --user-id=A53DC019-D15E-47D6-A697-E92CB00F9275 --brand-id=int --process-name="Profile Importer" --brver=22.1.5.812 --mojo-platform-channel-handle=3076 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --field-trial-handle=1612,1538425362741022193,4472952364173127654,131072 --lang=en-US --service-sandbox-type=none --user-id=A53DC019-D15E-47D6-A697-E92CB00F9275 --brand-id=int --process-name="Profile Importer" --brver=22.1.5.812 --mojo-platform-channel-handle=756 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --field-trial-handle=1612,1538425362741022193,4472952364173127654,131072 --lang=en-US --service-sandbox-type=none --user-id=A53DC019-D15E-47D6-A697-E92CB00F9275 --brand-id=int --process-name="Profile Importer" --brver=22.1.5.812 --mojo-platform-channel-handle=816 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1612,1538425362741022193,4472952364173127654,131072 --lang=en-US --service-sandbox-type=service --user-id=A53DC019-D15E-47D6-A697-E92CB00F9275 --brand-id=int --process-name="Data Decoder Service" --brver=22.1.5.812 --mojo-platform-channel-handle=3272 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,7119508909836242440,5637155303695856428,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2328 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 api.browser.yandex.ru udp
US 8.8.8.8:53 api.browser.yandex.net udp
US 8.8.8.8:53 download.cdn.yandex.net udp
RU 5.45.205.241:443 download.cdn.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp
US 8.8.8.8:53 234.193.180.213.in-addr.arpa udp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
US 8.8.8.8:53 241.205.45.5.in-addr.arpa udp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 cachev2-fra-01.cdn.yandex.net udp
DE 5.45.200.104:443 cachev2-fra-01.cdn.yandex.net tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 104.200.45.5.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
RU 213.180.193.234:443 api.browser.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp
RU 5.45.205.241:443 download.cdn.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 yandex.com udp
RU 77.88.44.55:443 yandex.com tcp
RU 77.88.44.55:443 yandex.com tcp
US 8.8.8.8:53 cachev2-kiv-06.cdn.yandex.net udp
FI 5.45.192.146:443 cachev2-kiv-06.cdn.yandex.net tcp
US 8.8.8.8:53 55.44.88.77.in-addr.arpa udp
US 8.8.8.8:53 146.192.45.5.in-addr.arpa udp
RU 213.180.193.234:443 api.browser.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp
US 8.8.8.8:53 yastatic.net udp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
US 8.8.8.8:53 cachev2-fra-02.cdn.yandex.net udp
DE 5.45.200.105:443 cachev2-fra-02.cdn.yandex.net tcp
US 8.8.8.8:53 crl.globalsign.com udp
US 104.18.20.226:80 crl.globalsign.com tcp
US 8.8.8.8:53 samsara.s3.yandex.net udp
RU 93.158.134.158:443 samsara.s3.yandex.net tcp
US 8.8.8.8:53 mc.yandex.ru udp
RU 178.154.131.215:443 yastatic.net tcp
RU 77.88.21.119:443 mc.yandex.ru tcp
US 8.8.8.8:53 215.131.154.178.in-addr.arpa udp
US 8.8.8.8:53 105.200.45.5.in-addr.arpa udp
US 8.8.8.8:53 uxfeedback-cdn.s3.yandex.net udp
US 8.8.8.8:53 cachev2-ams18.cdn.yandex.net udp
US 8.8.8.8:53 158.134.158.93.in-addr.arpa udp
US 8.8.8.8:53 119.21.88.77.in-addr.arpa udp
RU 93.158.134.158:443 uxfeedback-cdn.s3.yandex.net tcp
RU 93.158.134.158:443 uxfeedback-cdn.s3.yandex.net tcp
RU 93.158.134.158:443 uxfeedback-cdn.s3.yandex.net tcp
US 8.8.8.8:53 mc.yandex.com udp
RU 93.158.134.158:443 uxfeedback-cdn.s3.yandex.net tcp
NL 5.45.247.18:443 cachev2-ams18.cdn.yandex.net tcp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 18.247.45.5.in-addr.arpa udp
RU 213.180.193.234:443 api.browser.yandex.net tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 cachev2-ams02.cdn.yandex.net udp
NL 5.45.247.52:443 cachev2-ams02.cdn.yandex.net tcp
US 8.8.8.8:53 52.247.45.5.in-addr.arpa udp
RU 213.180.193.234:443 api.browser.yandex.net tcp
US 8.8.8.8:53 cachev2-ams15.cdn.yandex.net udp
NL 5.45.247.11:443 cachev2-ams15.cdn.yandex.net tcp
US 8.8.8.8:53 api.uxfeedback.yandex.net udp
RU 87.250.250.159:443 api.uxfeedback.yandex.net tcp
RU 87.250.250.159:443 api.uxfeedback.yandex.net tcp
US 8.8.8.8:53 159.250.250.87.in-addr.arpa udp
US 8.8.8.8:53 11.247.45.5.in-addr.arpa udp
US 8.8.8.8:53 cachev2-kiv-01.cdn.yandex.net udp
FI 5.45.192.133:443 cachev2-kiv-01.cdn.yandex.net tcp
US 8.8.8.8:53 cachev2-kiv-02.cdn.yandex.net udp
FI 5.45.192.140:443 cachev2-kiv-02.cdn.yandex.net tcp
US 8.8.8.8:53 133.192.45.5.in-addr.arpa udp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 140.192.45.5.in-addr.arpa udp
US 8.8.8.8:53 cachev2-rad-01.cdn.yandex.net udp
FI 5.45.192.4:443 cachev2-rad-01.cdn.yandex.net tcp
US 104.18.20.226:80 crl.globalsign.com tcp
US 8.8.8.8:53 4.192.45.5.in-addr.arpa udp
US 104.18.20.226:80 crl.globalsign.com tcp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
RU 213.180.193.234:443 api.browser.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
RU 213.180.193.234:443 api.browser.yandex.net tcp
US 8.8.8.8:53 browser.yandex.com udp
US 8.8.8.8:53 browser.yandex.ru udp
RU 93.158.134.121:443 browser.yandex.ru tcp
RU 93.158.134.121:443 browser.yandex.ru tcp
US 8.8.8.8:53 storage.ape.yandex.net udp
RU 87.250.251.66:443 storage.ape.yandex.net tcp
US 8.8.8.8:53 storage.ape.yandex.net udp
US 8.8.8.8:53 121.134.158.93.in-addr.arpa udp
US 8.8.8.8:53 66.251.250.87.in-addr.arpa udp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 87.250.251.66:443 storage.ape.yandex.net tcp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 8.8.4.4:443 dns.google udp
RU 77.88.44.55:443 yandex.com tcp
RU 77.88.21.37:443 tcp
US 8.8.8.8:53 37.21.88.77.in-addr.arpa udp
US 8.8.4.4:443 dns.google udp
RU 87.250.250.232:443 tcp
RU 87.250.250.232:443 tcp
RU 77.88.21.36:443 tcp
RU 87.250.247.181:443 tcp
US 8.8.8.8:53 232.250.250.87.in-addr.arpa udp
RU 87.250.250.29:443 tcp
US 8.8.8.8:53 36.21.88.77.in-addr.arpa udp
US 8.8.8.8:53 181.247.250.87.in-addr.arpa udp
US 8.8.8.8:53 29.250.250.87.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.4.4:443 dns.google udp
RU 87.250.251.66:443 storage.ape.yandex.net tcp
US 8.8.4.4:443 dns.google udp
RU 213.180.193.234:443 api.browser.yandex.net tcp
RU 93.158.134.242:443 tcp
US 8.8.8.8:53 242.134.158.93.in-addr.arpa udp
US 8.8.8.8:53 13.179.89.13.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 f977145a6cccf414dac49204671a676e
SHA1 81ed5349fddcca8c4af47a7da2dd33e817237967
SHA256 50626e94863ecc8a33a4cfc4a0a8a8bf4bb00250a56df54343a8b2cba043f0ff
SHA512 18fcea646b234cf75eb06d0dcb1c06746f496d5b8b7ea490c46c74ad0cc41bc9be03c44804a638ceeafad9112c2a995a7f48c8c0ac6de631b4a697c3adad27d0

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 d82f52d886f9bf5d5a177296325f7cc3
SHA1 ff19299eb8e06e8c705b7114a0d45d41c4e3a5e6
SHA256 cd1e243475cb38667b6023ac1581bcd3c1b3fb2f58e2040c4e4744d636b8a3b1
SHA512 bf99b07f8283ee4a903de55ac78a6dcad418a2f4f1ee1d4fb58272e376ff7c97fe2ef6da9362a918d8b9b72e24997d3deb2b82de1e42f5e580bd948aec1b6309

C:\Users\Admin\AppData\Roaming\Yandex\ui

MD5 f3ce041ebebc0630978769519afe36d5
SHA1 fc9fe4d8e4d3919ed507e606f2c593ed527d546d
SHA256 60bcd1f8539368618533576821cf6879cee9642279a509abff894ed7d757748b
SHA512 c48207ce31b8285db897a7eac5ad3f160948acb0ca17c2d509e62f12f15e60538f60d46f2217d174a11c61cac35ff4403fa8f421056bb362bc44e50954878f56

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 f2765b72a27f5fa7b2cb1a4789b90f00
SHA1 9fe20f3675a98ab34aa336e0cf06e1446f54548f
SHA256 f92f64de8a9120765c3a754fdd68b0e198b3443d71363ad39e9769fca67658b7
SHA512 9d3f621368151c35008a64a06928e0aebc16bc9cff657c1ef6ea7d415498f78bbe8ee4b473a0bf56d73dcc82afcb33edd9f9c5862cb7e1d838f4c54e4e6fca30

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 2760066a072e92e80e0c536d6b922f87
SHA1 4c755206adbe11745eeb6c379a0b433536400228
SHA256 b5add7235397ddaa0d954687772fffe40fef99077601ff66513a6f11579e7273
SHA512 8d47ba12812562a14b4c19cc235dd85ee4044b4e6feed71514f7c78ac1662a25953c84e06b80f77bfd9b4e722c601bc17913f7ac7e28c8844c73fc3aa1d8ff82

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 61cef8e38cd95bf003f5fdd1dc37dae1
SHA1 11f2f79ecb349344c143eea9a0fed41891a3467f
SHA256 ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e
SHA512 6fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d

\??\pipe\LOCAL\crashpad_2168_URYOGVBYFBTAXIXX

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0a9dc42e4013fc47438e96d24beb8eff
SHA1 806ab26d7eae031a58484188a7eb1adab06457fc
SHA256 58d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151
SHA512 868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c4bc291276a242c87c8c70044d76bd1d
SHA1 57b8396a07b1e46cae5f8e9be3e72e636b39ba4f
SHA256 3f5389de91a7dd5e9586703fb959559be3a7b6e7687b2feadc8dbf8b9d090d0a
SHA512 3c0989924ea123edc1fc6ed20b952bb807d41d375df138eb4d912784058abf1c2383e09ce2be6809774be1e870c7c6924e7fda1d9c6ad349bf92b1888f76b764

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\66F835E41EC6A985EB9271E4A70169D7_CF44E3C99F7F4AC558EEB35244F7E046

MD5 f885c47b47e185ead9dfb74999c27c9c
SHA1 349430ac8a0245aac8e3e79009a0d98852eb984f
SHA256 d60524a8e7be68be9554dccec28e45d88bc64cc1fb31dbea64e0e5ee64a0b8fd
SHA512 fd9657b92775108eaf45f2a5696a4c49a750e257a2fa13d3c1f7bb5b7375ce0b8fe182bb32b340223a01e10312943dabe485f14fcdc3f9caba4cbf5377cdd8eb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\66F835E41EC6A985EB9271E4A70169D7_CF44E3C99F7F4AC558EEB35244F7E046

MD5 8a17286d70a7708c084f455f272ccc3e
SHA1 9f24d4cac375784cd70cc1965258206855a29ead
SHA256 353ae3c6a67ca783793132666f3b957825a6748bf5a2f112c2f76ab5857dd39d
SHA512 7eecef942618a8d9783b2111204eb5ef9d2ebda7cf2c149098a98cfff60ad07f439bf79a769cd8a47f30d06309da8958313e945cb09b8f7fe6e5ff9fba9167de

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_7DAD5545724AA2C98C55095F428499FB

MD5 7bfc385dcde24469b399e094604f2e39
SHA1 27fb8149d539f49e8ff9c50596e148cfe35d9625
SHA256 8cf9a606ef8115c36b1ce40a5fbdb23767053fb705c4d2fb0bd2f9cef977ad7c
SHA512 8c5f5a246fe1589a7b10dbd5fc801a2816032973af4842d6a1f679fe6255ea8c2b76217686d37da1b41d3ab126a61f46d48ce03f123e31992a0364c1b8c38ea5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_7DAD5545724AA2C98C55095F428499FB

MD5 93dd6c2fb1eef97c29d4fc061643e295
SHA1 f247030c8f624b5bb61a0abf4f9488e29c3d0444
SHA256 b57186edc2b9b581fad25441c98f7c9df840fce61cfbab598cabb805536798b1
SHA512 feeee0aca7a8697a3f034caf4e84d7b74124dcfb5cc5e2df0c360575a607c1b86da236a027e3cf3cf29a91c36355101813e893e0f80dbd21c6b8a185bc1dbca2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3

MD5 7fdd4d28636f52f4225f2257f6a9cc76
SHA1 0b494db737f84ddffc5786bb7a24707f5b8387f2
SHA256 f38900ce5599c6cf831fdbbcfc862f5aed216d69c66470bb44f985819f859558
SHA512 b2cec8762198d5318589ab3247f04e4ab45f70311d140ea0fade8b9fab738bae974ed37addbdd3b0a742f5c3e899f029b98800cd93d1183784beb464705b90c4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3

MD5 70024b28753af5bb3d6169a29dca67c3
SHA1 e98e9f0d9dea44f71c038523f56174041040f660
SHA256 211a44a7fae62a8d5c3f2dcd385b772e7d9506a105094ddadb11a991ef173f61
SHA512 5694e926970b7982e9cb97f76e56a94cfea2bd67df94accfe7ada7fe3f95001bf1ca37708e62f5c37005d68ce2910e1b864de5f63312290e38375c8fdc8608cb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B

MD5 fa4fb86ca892001c7874cb9a81300ee9
SHA1 15c19279640ab7ed36f4fc2fd435248501c8fbcb
SHA256 0eaa44f3444e80a462debed03cb92e83b9a3b4ea5eed7452a092c6f43ca5b628
SHA512 a4d162ff795e7f150f87b92fac0ca7a02c377772cdc73e0f45443338abfada685bb98897b85eadff8944a21ae0547f9f26069068586f57499acce3b8f3003986

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B

MD5 0462333af2dd742867c2838a17f0f8fa
SHA1 0fbbe949701fdf13b5414a00210ef4228b882c17
SHA256 b90a32f9a1e9a493a18c24362238388fb0f01020ca5d376e1f27703ee38729c1
SHA512 fcb8cbc0fc6fccc785851b7305f68d50dfc382df78baeeb2a08ac81e93fffd72481c9b8e30327aeddda703bd9951fc1af625c89f557d1118ee568e294e9adcf8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DF8D319B9741B9E1EBE906AACEA5CBBA_A2E0B287EC2147F84DD8A330B45D3489

MD5 5bfa51f3a417b98e7443eca90fc94703
SHA1 8c015d80b8a23f780bdd215dc842b0f5551f63bd
SHA256 bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128
SHA512 4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 1f457a68fecf1ee5cf9fa5dcd847c19a
SHA1 5150b023b3bbbc6728f1907467275b9b063376bc
SHA256 c0d1e953237a3702e93b832c6374a50904d93bf36a13f9fe4954caace1b913e8
SHA512 1ce0706087d11c6987c51faf3f565c8ebd50dec78b9d7e019e5f987c456b1cc5c5422ce798c6ff6d40b0433b9038609b645f4430012cda1370714d5921a26263

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 ea902b0ccd0ab0b38b7cfec0f1229d65
SHA1 7f4767389dd48f9370f3d65b91484c900d56aed6
SHA256 6f6ac048734e8a9d19c95847ae5a5d2ed889c5536ef03e18d472a845da24d13b
SHA512 d4bc0cedb0067aa426735f2c5e23584188b86970c0a6b3fa1c2c03284efaf871b56ae618b5e5d57729c16b1c1c29961a0cc0b130cfb8147e7f9ba5abcba333b2

C:\Users\Admin\AppData\Local\Temp\YB_AC3A5.tmp\setup.exe

MD5 5fdeff4b89456b836f351443aa9b3d5b
SHA1 7112f415950c45877265f98aa8388e8093d4abcd
SHA256 7dab48f2004dd9481294d59caccd8573a6e28c1c42b6d7a354dcd3e79f9c7f2a
SHA512 35962b165c4604d3262bdc564e03d791df6175bc4825ab60237c17b7b9f67a4db190ba3f410829c4112a67b6fedf7049e5c5ad3c6f6d41f01a0d3b5c2a0e8346

C:\Users\Admin\AppData\Local\Temp\master_preferences

MD5 8b3752ba74f6044f5df40c28aa2b5987
SHA1 836283a70e7b8e5059c063200d5bb38aa7291af7
SHA256 ccd0f74b6fdc401705bb81bd1fbd870d9c0909b713eb4a0a1fc52855b8a97aa7
SHA512 b94401dc72a8361d51d72b8d009d9ba7f1848c3046889cfc4688e164268905de0996d6c104b4ef479ca01fe2174eb1132e50f89992910bdad866e9764fcd3661

C:\Users\Admin\AppData\Local\Temp\yandex_browser_installer.log

MD5 e3b31b88b0f93ac026a7c6efead12da5
SHA1 f1ab947b1dfe16b3294c1c478d437dd31b7ab713
SHA256 6e94382ca1601926a5fbc6a366fc3db3bc8720927bfbb0bf5a401eaf9fa41af9
SHA512 4f721ebd9e971868d80237a0a52f1b008001b81ad0ebe0336349b79667bd9c132076c453b69672958f4937156ac5dedcf5c09818d5ea0645316d409d40d640e5

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad\settings.dat

MD5 1dab6e8d68f0073a3e2e952d278b0fbc
SHA1 c70d688fa0a65f09c0e52ebbb24124ba9ea69f04
SHA256 5f74551eebd798dd8e72a0797822c2e8ead3414d5e95f6d661038585ae424b3c
SHA512 458f8bd1cb6f012505c61807cf3c3eab82544633cf7dc02941a9a95927bd51191bfe1a17ba49b4a48a7eb843c9a18c715272586fdef897a3142a9725d27a5a50

C:\Users\Admin\AppData\Local\Temp\distrib_info

MD5 4c118f563825ef62f27c89ff83b826f4
SHA1 5a670853c606b95abf275324c788f30e005fd497
SHA256 2d89dc50787c557086e44f4c934e69a18a0ff56af9031faf5ee72e11d407ce18
SHA512 205b307af58c4e72f70c1e0db5113eb5ad3ce8100441fb837417e1f3978d1c9e71af1576a323bab65deb6b8a39c738df5631c9847a88246b320816def768a331

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\349D186F1CB5682FA0194D4F3754EF36_329286CE101A90C7D927A9DF52224760

MD5 03d4fc02a35331d3286509bd8a933d52
SHA1 dfd3eb5e135498f7efaa9513ce2c6cf7aee2fd13
SHA256 8a0dfce397f86a0489fe65eb80bc0b585de350aa2d1c41b7f7dfe95c5b8fd110
SHA512 e11488f1240cf5692d6a67a27691120ea38359a759bc192c8055cce89b2704881c3b3652dbee6f949345f5d109573906f02bc5a0a3d366fe0eaf83c4da013787

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\349D186F1CB5682FA0194D4F3754EF36_329286CE101A90C7D927A9DF52224760

MD5 da78eba86914a580fe9a150d6d06074f
SHA1 458240518e13c97e71abc89403e6ccfb1ae36677
SHA256 c511d8941b82cc2c3025b8752008f4f5fe9d907b36b923faa89488af4ec24a88
SHA512 a3d853d26006a386ae73fb46b39e4344f2e9b4c267cd3a8f741f0429ef65ff7b41c7e62eae30b8c33e9b2369da7a3cced7841f2944ccfc7638ac63e23bcc8bb6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 56bec84fc0a90b15ca0be1de9cdc3f25
SHA1 57ffa9456586b181dd99ef291327b24a87953164
SHA256 5da631b1cd5555a12c475f18a8d3d4b37649ec5391b13bd3559f8366ab2c743a
SHA512 a24a8521829deee28bcd69b8df8eba243e4104e24d6e4751aeded43060b426c58e8de64079fe91e5aa8de5aabccda6d2ac5ff5a32c1589f47be2d7ef77d6de45

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 75042fcd314b4f7dfde6dda99c87023e
SHA1 0e1c4f62afcb5da4ecd261f754841326b13a430f
SHA256 b27579c1ef8a0d2bd12b85cb72167c6c0b82ffbd3bcc17b33f8fe8f40edc77f4
SHA512 82149f05a541e727f88533a6498a5e5b3eab912c0ab750dcd46258820194cf21d4d324a70935ed599f151ddea4076750e61696da337162d5adde4f4f969935a5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Temp\YB_AC3A5.tmp\BRAND_COMMON

MD5 8fb3d5252fd262cf808f6f0359998b0a
SHA1 cdb8072dfe898c72c15c2c381349ccf7f2d4d440
SHA256 7ad5104dd8c35ebbc06c56fc6a2cc3f8cf7391ab2e97c8c9d9b3de1d8ab4a5c9
SHA512 57f1b72e210aaa880cdcd04eb1cdadf13dfe373c50a0d98346e64ad93521da43a5b71b068fa3ccadddb03a6e97084b7d25cbb94fcf9c3dea1904bde0c2396bf1

C:\Users\Admin\AppData\Local\Temp\YB_AC3A5.tmp\brand_int

MD5 3e499ac6cab5c37d47c0ce7079be9408
SHA1 bc28c35a5feff7ed7061f36addf1b9bb439bf0b3
SHA256 7c69e77970d70ab50c45e70a20b67e4d3c03123b384e723cf2cd515062d22613
SHA512 16e08366a863f3730b880df0f4f34789638a67cfe26e295a8f834594f2ff67bcbdba0cb65b8a316009cd0408c9742c17f13d6a5257e3a7bd5245e5b5549d9fee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B0B1E3C3B1330A269DBEE4BA6313E7B4

MD5 2ffbdb98df2a2b022a48adeb94a3af50
SHA1 6c86923b5c5832bb102f041cb7d38db397074f12
SHA256 dd12c5733bc4b682e1da6353c8c27650f53d11a8ada8fd8a2d06f23cecae5ebd
SHA512 a5f29661ac78ea205dd945fcc53e015152277426af4bcce688231ca1a564dc49144b2953409651737733fec72e9042468c780917543c007d7de74ed44058dbfb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B0B1E3C3B1330A269DBEE4BA6313E7B4

MD5 7bf1296f0e1f22253666675d248690c6
SHA1 3a6ad48b9081186fd21824fae05fdc683a927911
SHA256 5200f0685a06b5b361b6aa2533e6e055a52c7381a138bd0b7506a586aaa621cb
SHA512 6ded912ac8cd62c1541334ae9520e736c121db9956e9bf6688a89966450c0e513678f0dd992d01dd8e13a654e42712f0bf0e890565bae7089a2e2f00496719e2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DDA81A73291E20E6ACF6CACA76D5C942_2A2080AC7EEFAA81BA7361978F5743B9

MD5 aed01fd34bfa1369b78ab081e88a7dab
SHA1 dbec9ebb6921f8244f659bea6f331d7f58793dec
SHA256 48fa1751ecf951ef774dfa693947db25ff5bd442155a32136be9c71280574d2b
SHA512 e0cdb4957d77bd870e3f20ba246d8d3563e0adbbb1c1062c937e59b0d77af0dc3bfb90f1cc446f2bc59d32779c01725540132bcb8ce5050b128794616c124906

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_A026C9CD7BA14377D055F4A2325D4501

MD5 cec3f891e9bd72743d4282346d42b967
SHA1 ce335890aae07592208307b8aaf65e75e0efa145
SHA256 fe91c0e6b6494d80693bda424462cae2359c5bb3ee43ba941c9c2a63afe53abd
SHA512 e942815204ff064d1c45b023dfd754a87cf87b051b0c14efeefd78fbb08b3353dcc13c78556d029fc88d1ef20b7340887494da4528a225024fce3b9042fd0f7b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_A026C9CD7BA14377D055F4A2325D4501

MD5 41f754b5f41ef10a5357984e2773b23b
SHA1 f3ee3c612fb2424d8fe44bb63c3139045d09f640
SHA256 31c3500128e5341036ac793842073d072171eee1b9e07726e6aa79474c89e22d
SHA512 53f2285981e06755b014de6dd755767769ab0c652703eb51b4e19197ddcbe091f37fd71a890da215ce7474398d767d114f332c6c63d11fe45141d4e2d2938d99

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FC68FB72D4FBC7E0F151BC2282D75E47_367FA2447481C3DB640CE44BE2E5A181

MD5 3257529248709145b4bc28965c16650c
SHA1 672e92d59dc850f02dace525ba30c022b05a2153
SHA256 cfb773af4ef69b3ab2605e03b438601742efff401f779f70565a32a0c6d8da80
SHA512 32187ec78ac01f438a7e2c8a424f0361967e066a55e450461f0c8d15f58bfd53d22bbc0f270485d74087e6032c134103f104f604932f3da408394d7987c26b72

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\60B3F7207DEB992031C120EB71F562CD

MD5 94bf0bf032ce32469dd74f4f1f5320e6
SHA1 86bff704a2f82816f346a6a374250f35743de3b0
SHA256 54f08bfd73dd3477610059c4a1d92723e698def0efa7ad4661584a51d9aab79b
SHA512 ac62c42bfe02a35739dfed5df012bb3ef1f7bdbde1f4d9dce9448812bb6d25891dbacc2591e859f644c95151bdb7179f4f8e355b81a2a38ca7afce4980a79901

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\60B3F7207DEB992031C120EB71F562CD

MD5 9218ee8df71425cc409256c10ae934c4
SHA1 45b4b04b11b426414c652c558b7d5a5ea5cd84fe
SHA256 22c75d652fc86999abe3f830565e9cbc352f616058dc57d83a86eabbe29f21dc
SHA512 e6db0aa325dbd1e574ebd53ffc9cfa3cff8970906912211864417c37c82cad0ff15e40f2fb1653d2da4077fcde1fef506a9ba45257a5048f84c52bda7941bb5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DF8D319B9741B9E1EBE906AACEA5CBBA_A2E0B287EC2147F84DD8A330B45D3489

MD5 9800059cb930074df236de1a5a099fa5
SHA1 80a2a52adab6c840358d78e897e5af50716bec0e
SHA256 5438ea6c66bd6395b03fcb3278a993bcaec78f2a18b0b65e33edda2e82515215
SHA512 227d58e37a9abb85009c71ab034bd4036fa3d0a54fdc691ed15a0b778999d5fb441cf9702ec8d8cc23d4c73c2098ac67857acb6eb36723778d62ce6d296c8101

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_D21903E2722B551F252C717985D24037

MD5 600cef383ee35c608c89638044d692b8
SHA1 07dd5e6c20a90499d224516f60384db57d863778
SHA256 cf01c760abfdf749cea9db951f5e1bbdc7d9532ab553626de818d1ce40124a63
SHA512 e8e2ac76e4ebf8d7653b75b1d3efe876b24d7b23465431ec398c8a29cdd8ee415a38ea62b552beb69a7ad2811493577bc6a6bdc49f2ce234273f7428dcf131d0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_D21903E2722B551F252C717985D24037

MD5 9b6bdf1ff89e6b5cbc4ffb47999c4230
SHA1 02fc09bc77aa2139ba2127c4c55954bb2f73e960
SHA256 56dce8dbaf864c89d0f9290a90521c20d6ff5fd323608552e1c3b2e820c21334
SHA512 e388c7d300127d804e1d9a4683a647a6fe5beebbba858fe71aca9914b5733f3165f1b6efaf7b196fd3f829ba093f7a787219efca5cb48226137fe26864656f77

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FC68FB72D4FBC7E0F151BC2282D75E47_367FA2447481C3DB640CE44BE2E5A181

MD5 9972ef0e402c3f415811ee9e4ea7fa80
SHA1 8939f390d7a25e01104ad808cbe8936773de9a59
SHA256 751c7ee9711dbeaae689cc0905d6c05a93f5ed84f137d65a8379ce880e2d9d24
SHA512 501b22d81a30eaff3136468f20597fb2b89e21f8b7d69aad7c9a7acbba5397bd52e73f377faac8b3b62855d7964710d6c0025d90b1c5937dfce120967e3b82a0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\42B9A473B4DAF01285A36B4D3C7B1662_38924EDF39D8802D6946FB22E5DD0835

MD5 516d94e8566bd4731de40d99af56c115
SHA1 01dad51fb331ae51ad954c1f6ecfcf3430559199
SHA256 c8f62db8ca19ebe2f2e7d40e1c0946914c33fa7706d9103b035ae36ae2bf8662
SHA512 b9a2da254b2f7aeef25ee6eaf8bf26079bd30f54e150e9bf6125cdca6db1298605a83f7b6f9c34518947add888194ef149d8b368a34434a02eb8e747480582d6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\42B9A473B4DAF01285A36B4D3C7B1662_38924EDF39D8802D6946FB22E5DD0835

MD5 820ba96f6deacd0dc8c98445fca761d1
SHA1 6a8e5583991089a49db7185604d0e4b49ac86b8f
SHA256 3d6537243996f4e6737a6e9e30b9ed5e749007d764747d5f98a4969ad27c35f3
SHA512 790fc9b8fef006529a85db988a5998803283de2588e88add57941128b9cf69115fb2c9659986f7046423358376e44ba8fb8c895191afce6c9a37f878cceb2b8e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 831dea185bd877afe6fee614d23ec9df
SHA1 b6c3741d298a577347fd21f24cd9957aad106f29
SHA256 9fbf9dc0c37568582b360d7360b7ec3a04c439d15edc294caa4279ddf4129d7f
SHA512 bba0b75ed0d7b4e49dc1456ad64d20c2e748de54e2cd096e9438018253642a4f8402855bdc8c9a47561b04b502c462f29666d744fd9ea1dcf0c5ac552edf3968

C:\Windows\Temp\scoped_dir2676_211033368\temp\service_update.exe

MD5 ecc2447cad674a68a24f76772cb51dbe
SHA1 6928b8b96cb7a1fa8dc8a8bacef8ab6163a15af9
SHA256 2d6ea9290d3676dbeb61bfd94aced56025cc2e357626ef58854b8be4ae4abce9
SHA512 3edc14b1efe6fa1b36c77e3e70faeeec7eec58e2f4ba9c6ff0c4ec772d3ebcee26ac1d0be76502416be82638a5ba78b81eec552ffad9be5d1d3ad8a90743fbee

C:\ProgramData\Yandex\YandexBrowser\service_update.log

MD5 81f64f7114ed15a028c5a90874dd6cb6
SHA1 7ceda613959a8ffe281a1be8f74f0dabf7637956
SHA256 98d36c9f06c9051b148bbb43b5eafe02d21f84834a81793206a33d7f37f3ead7
SHA512 97ba16e75c08f50cf9a2f36aa73eb7144ad260533dd9180062812af28fed32bde7f609b79b2d36116113c427205ea2af2cffaadaa776dda4e80264e60287775b

C:\Windows\TEMP\Crashpad\settings.dat

MD5 7adcf8dcdfea010f50d3cc8164092c27
SHA1 ce21d316dc9a3620fc69f515553051e1281ba683
SHA256 aefacba191bd543a5419a6fcc42cad563ab0572ce631046131b90586f352731a
SHA512 b060a27efe130039781ff2bcde78367917db0af08b9a6a1bc9b106934c9d638743ca80e0c86174aafc1ac5a6a8801391b854c877ce862ac03b38294159ce72d6

C:\ProgramData\Yandex\YandexBrowser\service_update.log

MD5 5cd2b187483852aa269d22792135ad76
SHA1 65e4f85c97ac8c2897a0d9397e05087ffa768e8b
SHA256 249ad0d8b3ef68925ef533ecd26356e23a531824f13f16fd95b6371d5ec79eb1
SHA512 758dc49c57d2358a3a616987af5ef5151c496a775f6d5c4beaa6283efade8eaabc3d460118bb3a54f8acb197c1a5a245dae2fa4f9805a4058aa761165b791312

C:\ProgramData\Yandex\YandexBrowser\service_update.log

MD5 77d848922805e789cf8da87fcae24ca5
SHA1 f31822622d5126234bf60eb3d66dbc5bf37d2c76
SHA256 170bef4cc603dc787e81d254cccfa3c325ed0225c7cd7ccd42fcd60c37bbb56a
SHA512 cbb22b4158ac65dba6684097dae39827a55873934929b8143ae890969ccb88fbf3a027b6280a6fe0e3af5bf9d91361e5cef5f25bc5930c086e006d9d092f4ed6

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.1.5.812\brand_config

MD5 f88326bf75f9377d75dc3b34df88b59d
SHA1 f4eec740fe217e0743dc8b4f478d881550f8e12b
SHA256 778033d4ad9e66340c0bd06770e6d673d76d83d1cc3e9abe52d98ad4276585cf
SHA512 9aeb77c703d3d2e1bf4575c94585109d62c7d51fa07b3192af23b861069b65c28baff67c096b94b1620dfb80777e42cfdf9cae891a7d664fbe895abd7ece4791

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\web\web_preview.png

MD5 3f7b54e2363f49defe33016bbd863cc7
SHA1 5d62fbfa06a49647a758511dfcca68d74606232c
SHA256 0bbf72a3c021393192134893777ecb305717ccef81b232961ca97ae4991d9ba8
SHA512 b3b458860701f3bc163b4d437066a58b5d441d8a427a8b03772c9c519c01983e3d3fdb8da20f6a53ad95c88dcdd0298f72822f39bc3672cb6f1d77fcc3f025a9

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\web\wallpaper.json

MD5 7b00cfeccb0f471865d2ef08fa1d1222
SHA1 1881d5a29dfe86d6d19cac14a1a4b95b05494830
SHA256 22557386855643b706808ea9aed33ac22fa26f58d2fc281fb0ba917cf55f990a
SHA512 b7d80dccfa5f051b1ec8987193857aad83c7365e12f12fa68b8edc6ae0dca1d8a4d846e284fb8e15715b5ce7478dae334da5651b97a68189cb43c74e7fdf7177

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\tablo_GB_

MD5 d05ff01c9126cf5b4fb6930083bcabea
SHA1 01c12d9e6a373f27e76a474c8ad3daa4b8774ae7
SHA256 2060d394c4bd711a83bb9d613c90583fbca220970ee31534415014a9dd42980b
SHA512 bdb27c1bed92e07045087952f78a7e7621d2915bd15672b5fc738d29680de72733e1d6d702be859b4bb0631a18b8a27775abee52e5de5db996b53c5dc6a75767

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\tablo_ES_

MD5 a2ab187fa748a38db8b6736269f64972
SHA1 5e2e542d1e3fc32b3677b0aab5efa32a245d0311
SHA256 dc67a1ba4e945e0c8188112ce3ecb9c32d39d77d992ce801a2ac9f500191a4be
SHA512 5f295f3f7e61b6f206f70d776faeb78df337d3e2ef79212cd4af163eef31b7479b438749dc594374f5956048239513992c3763b6f3f5ac68bed5412a2f877797

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\sea_static.jpg

MD5 5e1d673daa7286af82eb4946047fe465
SHA1 02370e69f2a43562f367aa543e23c2750df3f001
SHA256 1605169330d8052d726500a2605da63b30613ac743a7fbfb04e503a4056c4e8a
SHA512 03f4abc1eb45a66ff3dcbb5618307867a85f7c5d941444c2c1e83163752d4863c5fc06a92831b88c66435e689cdfccdc226472be3fdef6d9cb921871156a0828

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\morphology\stop-words-en-US.list

MD5 30c12caa6c35fdaa225f9b476c003aca
SHA1 99822ef9d67eb7a121fc811162af9e815559cc49
SHA256 ae6606ea473ca9a9f8913cb2bd2b1ae2e45905d7ddc9638074656d0ed1c08b42
SHA512 5c38d37fc59032afa7a626f2b4a78195b95234a7a402010602423a645e3acd90ca63b2be82c20e762be20900bef38104efd4af12930e174c423018fe815c7283

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\configs\all_zip

MD5 c9ac75ad5c047a40d4553130b013d891
SHA1 e6239762e63030317343a25368ba1c79a6c16bdf
SHA256 afd8d61655f0411c32e70823f917c10230f2cf4688d6334e72989ab99f72d1b6
SHA512 16a7f6396d9b5a099b6e5b032652d54a87120d87c584cf57d63d203ad1ec85f5199ae85a1589a4f193b456205e3d8b64c320093f3aee3d495b4fe424f0fa5f40

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

MD5 25b5d707792b12afcb8513be382ea6cb
SHA1 edd9c3959cfc870b3df4b4e0e9e7164d1699c430
SHA256 b91574003d8d139ee29c494308f654bf9718f66966c549980d6770955c6a2b1d
SHA512 236fb96e80e3d6f54e204fa75d5772b2892e9d355f0aaddcbffa543dff80ba01d76ea7907ad496ec7754daca7420e4623b68edc8f08d5ceac6ddbc01a7de4c93

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\extension\elokbjeafkcggjfjkakpchmcmhkhaofn\brand_settings.json

MD5 64fd713b1e1f3252886b77e4e606d53c
SHA1 0f553961541f020d1d9f2d5f16ab0cab72c2383f
SHA256 1c0f05b4eca7127192e94961f30364d22b91f670e71ba46aad7675ce28f1641b
SHA512 da666313aae61b452b711d92633f356639a029825e440dac0c4a3591f293ab990c8751040b27b3329c5d2ff3e77a1ba7657280b1d08a3416a16e576688807529

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\extension\fcgfaidpicddcilhjhafmmcgfodijhjd\brand_settings.json

MD5 94aa453a6cdbd34e69bbe2f4693b4c5a
SHA1 c8c1b8590d2fcb66d9ad8a3706c2a7b15f84e3a3
SHA256 dddb5d56f63059b6429a67fe0ec143e894b8731368e93cc1f46bfe415af86e8a
SHA512 e83abe3d9000cf285ed5404c0d4cb11a2cef31299796d1fae7218301f4558ee84f9e27d22bdf7a4d39650ebd2de85a9a855787212e38962258c8268e83e3e651

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\extension\gopnelejddjjkamjfblkcijjikkinnec\brand_settings.json

MD5 3a1e3d1e0463434cbd8deb421d73b112
SHA1 0750d36567529bd5ef422ffcb7061957bbcf497b
SHA256 f1e7cf1bd64f05a06bdb6e5d2d2a8457bfc0e111ac6b1293840c5ac0952af27a
SHA512 9254fba5a1c409875d82d29e134cc102942a958ab5344e32c10ad86ce8e0e84854a405a273978dc90f2538fe4f5d540931d62b89439a885720c46357b02d2ba7

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\morphology\dictionary-en-US.mrf.sig

MD5 197eaa00216af72690c09b8b82211809
SHA1 1e49ba86b771b391b63335fede7614f5ac427f84
SHA256 d5e3a63301977129113a9c0bdc0dd14173768c6f9f5ce2f2036c0cc6a53d706c
SHA512 f57b8e7d481ba5791c6bf454363fca3aad042270b572fb4b2ae1c0429a6e2f70d153b6bf44b139d48c959a1817c4e72ad3b280257b7877746fe93c40c880f514

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\morphology\dictionary-en-US.mrf

MD5 c8a293e130ee93c08592f0f5ba9616a8
SHA1 49e7d245af097bd28af5ffa503858830cd45011e
SHA256 fbd6c8f911927a994db26eac21e4c028d75ea9de593eaa525f331e5c9a911ce3
SHA512 9f4c01c6083ad7063db29b7075e0ac475794dfaa9b6714b119174607aefbf5384cbf17a96256b097de5b2a73669d060d5082cf2aa9244e7968c3d8853d09083b

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\safebrowsing\download.png

MD5 528381b1f5230703b612b68402c1b587
SHA1 c29228966880e1a06df466d437ec90d1cac5bf2e
SHA256 3129d9eaba1c5f31302c2563ebfa85747eda7a6d3f95602de6b01b34e4369f04
SHA512 9eb45b0d4e3480a2d51a27ac5a6f20b9ef4e12bf8ac608043a5f01a372db5ea41a628458f7a0b02aaba94cd6bb8355a583d17666f87c3f29e82a0b899e9700bd

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\custogray\wallpaper.json

MD5 19feb60966afbb9d1b797a050278f13e
SHA1 9874bcea4222a8f56d59c91b7abe603687a4f67d
SHA256 94cf5e38c38f78a42d70599c469a3969e4b3feb292da450a947d8463a57bfb9d
SHA512 2abd6fb2bd126ef99a7f0bb79072fdcdea2670d1b296ace2b4f9ebbabb343594b140b6c2728c31af339465619a8ee9faa2e3d64e1847e9557c50a79144d24196

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\custogray\preview.png

MD5 0474a1a6ea2aac549523f5b309f62bff
SHA1 cc4acf26a804706abe5500dc8565d8dfda237c91
SHA256 55a236ad63d00d665b86ff7f91f2076226d5ed62b9d9e8f835f7cb998556545f
SHA512 d8e3de4fea62b29fd719376d33a65367a3a2a2a22ed175cc1eeff3e38dfbaac448c97a6fbea55bc6159351d11a6aad97e09cb12548cf297e01bd23bf6074de08

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\custogray\custogray_full.png

MD5 55841c472563c3030e78fcf241df7138
SHA1 69f9a73b0a6aaafa41cecff40b775a50e36adc90
SHA256 a7cd964345c3d15840b88fd9bc88f0d0c34a18edbf1ce39359af4582d1d7da45
SHA512 f7433d17937342d9d44aa86bcc30db9ae90450b84aa745d2c7390ff430449e195b693a8ae6df35d05fee2d97149a58a7d881737d57902d9885c6c55393d25d6f

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\fir_tree\wallpaper.json

MD5 31b6342128a20e38a224a3c395f1d5d8
SHA1 afea42f96d007c0d02d90a2cf7d3486c73969d9e
SHA256 a135978536ba7409f381fcac3befed527e6d310fd4fb6a9e567adbb22e84ef2d
SHA512 5b53e2a4c66d81f4e3aec91be650c4b151812d7ea8a6ef1ff911dd56933f8153ccf4a9883e406b2a9cf59056037a1e7434ed9c6c102ad446db5b42e1af93ea64

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\fir_tree\fir_tree_preview.png

MD5 d6305ea5eb41ef548aa560e7c2c5c854
SHA1 4d7d24befe83f892fb28a00cf2c4121aeb2d9c5d
SHA256 4c2b561cf301d9e98383d084a200deb7555ec47a92772a94453d3d8d1de04080
SHA512 9330009997d62c1804f1e4cf575345016cda8d6a1dd6cb7d2501df65ea2021df6b8a5bc26809ddfc84e6ff9450f1e404c135561b1b00b9e4915c69e84f89cfec

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\flowers\wallpaper.json

MD5 128fc7ac1e268f9e506c2d945f3c1ac8
SHA1 eb9a7130c1bd710fbdb278cf96664313b3ce7ef5
SHA256 face1c7f9049d15861f636fa1e2103f008fe90b7819228c1405338501ee19a2d
SHA512 ee69306716398fdb6bddc3b6398f39a6de8ac253325431baaeb364ffbaa505c04c3c465769b50f2124b89cebc2e53abd4939fb23842127c018480d4ddad8869d

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\flowers\flowers_preview.png

MD5 ba6e7c6e6cf1d89231ec7ace18e32661
SHA1 b8cba24211f2e3f280e841398ef4dcc48230af66
SHA256 70a7a65aa6e8279a1a45d93750088965b65ea8e900c5b155089ca119425df003
SHA512 1a532c232dd151474fbc25e1b435a5e0d9d3f61372036d97bcaab3c352e7037f1c424b54a8904ef52cf34c13a77b7ab295fb4fd006c3ab86289577f469a6cd4c

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\huangshan\huangshan_preview.jpg

MD5 1edab3f1f952372eb1e3b8b1ea5fd0cf
SHA1 aeb7edc3503585512c9843481362dca079ac7e4a
SHA256 649c55ccc096cc37dfe534f992b1c7bda68da589258611924d3f6172d0680212
SHA512 ecd9609fbf821239ddcbdc18ef69dade6e32efd10c383d79e0db39389fa890a5c2c6db430a01b49a44d5fa185f8197dbbde2e1e946f12a1f97a8c118634c0c34

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\huangshan\huangshan.webm

MD5 b78f2fd03c421aa82b630e86e4619321
SHA1 0d07bfbaa80b9555e6eaa9f301395c5db99dde25
SHA256 05e7170852a344e2f3288fc3b74c84012c3d51fb7ad7d25a15e71b2b574bfd56
SHA512 404fb2b76e5b549cbcba0a8cf744b750068cbd8d0f9f6959c4f883b35bcaa92d46b0df454719ca1cef22f5924d1243ba2a677b2f86a239d20bfad5365dc08650

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\huangshan\huangshan.jpg

MD5 c51eed480a92977f001a459aa554595a
SHA1 0862f95662cff73b8b57738dfaca7c61de579125
SHA256 713c9e03aac760a11e51b833d7e1c9013759990b9b458363a856fd29ea108eec
SHA512 6f896c5f7f05524d05f90dc45914478a2f7509ea79114f240396791f658e2f7070e783fab6ac284327361dc2a48c5918b9f1c969b90795ceacce2c5c5bfa56ca

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\meadow\wallpaper.json

MD5 1a8908826d2efe5fa817ce6bf474700a
SHA1 f25ed2de494bae4ffeca33071e5c2dc034c863f7
SHA256 9c75f591907f6a631ba583bce6ddcaafa6f89a84a4bec8108637f7f471e821cf
SHA512 1b68183bd466d01ec25b1281737ac4e752263cd88b64e16324244812d46f8f985ebdeb35d065c7aabc7abcb93286e92b0f3d5b0b7173f5aa6e33891c417b6fc8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\meadow\preview.png

MD5 d10bda5b0d078308c50190f4f7a7f457
SHA1 3f51aae42778b8280cd9d5aa12275b9386003665
SHA256 0499c4cc77a64cc89055b3c65d7af8387f5d42399ff2c0a2622eccbd6d481238
SHA512 668e1a70a50a0decf633167ac23cba6916d0e05d0894daae1f7e3d487519f0a126abd4298430b38f52746a5c3b83ccd520b3d9b0ae1a79f893e36821a0458566

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\misty_forest\wallpaper.json

MD5 ea6753f7a10f9f92b7790c93f8ea2411
SHA1 0cb570e8ecc34e16017b920fbcf1036cf1508ab4
SHA256 b1f9aebdb9333b4b15c2a9339d18e974205cbd4a61d2a0b4d34a25b384a0de7c
SHA512 f7974e99c58696a4d739c4d590f5f50094082473754e6b1fb8a82c76566cf3b5713b1e013126f8fbef0f0c8af2e08d09b32307958c9ed1a1007c04ce89539ec7

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\misty_forest\preview.png

MD5 77aa87c90d28fbbd0a5cd358bd673204
SHA1 5813d5759e4010cc21464fcba232d1ba0285da12
SHA256 ea340a389af6d7ad760dff2016cf4e79488bda1a45d0a415b3cd02a4430c9711
SHA512 759519b8822a6a4b88fc9ba47fa9d5d898b2f5a0f359acfbefc04809e6d7f5df86fb130f191eb6f63322792a18c0e7170aedf3ce7060fd9ad7e1bec2e686c3b2

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\peak\wallpaper.json

MD5 dabb663536eef90a540783e707a311d6
SHA1 9659fe0463435f3281983ce306ff22fc101f6e57
SHA256 d1c971a197cb79f1df640994465aa7543bada90059f5b2768967d2b57c6afd2d
SHA512 ed6b4090eba519f2814dc51fccb92cdb703656c77be741f07753f9c84d09394d080158e04bba1ca9dee501b0dff2a21020883e538a6c0ced6a12602b7098676b

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\peak\preview.png

MD5 1d62921f4efbcaecd5de492534863828
SHA1 06e10e044e0d46cd6dccbcd4bae6fb9a77f8be45
SHA256 f72ea12f6c972edfe3d5a203e1e42cbbaf4985633de419342c2af31363f33dab
SHA512 eec8171bd3bea92e24066e36801f334ac93905b7e8e50935f360e09fa8c9b9f848c4c62b687299e8297c0693d6dbaf9c6035b471e6345d626510b73e3606ee4d

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\raindrops\wallpaper.json

MD5 69472b2b8eb07ec616a8e94a492c6c5b
SHA1 aec5df4e15d292a360a5dd6125217ef063ebe65e
SHA256 6e9ef0bb0853c6c898ec033d54d9d5cfcb68a5f52cd8f9bfff3528a02c73e06c
SHA512 e355958272292bcd7d767af692fb33941ad469809abb6366b1aff2bd4585de6a18b290258799e943f9a53416c9f5c139ccabc47cb337d0e6e4f5d499f2e27aa4

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\raindrops\raindrops_preview.png

MD5 28b10d683479dcbf08f30b63e2269510
SHA1 61f35e43425b7411d3fbb93938407365efbd1790
SHA256 1e70fc9965939f6011488f81cd325223f17b07ee158a93c32c124602b506aa6b
SHA512 05e5b5e9c5ef61f33a883b0286c2239cb2a464581d6e8a86d7b179b1887b4cb2cd7304e0821cdd3208501421c44c63c248a5166c790792717a90f8ac528fbf2f

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\sea\wallpaper.json

MD5 a79af1c34d9d4fcc609e57fbd387924b
SHA1 6ae1f8730d03cbca17a1c368da8a600157e0ea49
SHA256 8c60b18ca1810a5e75950095cb0dfb4bb9c32a18f99e5505cf40c39840b8a633
SHA512 b95aef743acb3c6890e3ca74fc260a8fdeb134ba399f6e9851d34a47fb2cad9791a64d6214acb956ba4c8b51dd710f8f10fa8c3e88fb1a0f52a7e2214eca16fe

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\sea\sea_preview.png

MD5 3c0d06da1b5db81ea2f1871e33730204
SHA1 33a17623183376735d04337857fae74bcb772167
SHA256 02d8e450f03129936a08b67f3a50ea5d2e79f32c4e8f24d34b464f2cb5e0b086
SHA512 ff0e60c94fc3c0c61d356a26667c5170256e1143b29adf23d4e7d27012da72ed8865ef59dc2046314c7335b8d3d331e5fd78f38b9b92f6af48729dae80f85b15

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\stars\wallpaper.json

MD5 8571306e9021fc89eff3c5ced3e02098
SHA1 49d6a7baa6ab4182c4b38c95be4bef1b243fc594
SHA256 0529c0be39bdcb289bf29e6a9c774d907b444857cfaa47d3942e5dae1b75531c
SHA512 7657c0e48b4cfa3025bc33b0decacc22646bde2cedda7f51b98b19a17a91461ebee57f054b64edc58318ef6caef7227ac21b740527144f3fb0bc0a2e7b9fef19

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\stars\preview.png

MD5 ed9839039b42c2bf8ac33c09f941d698
SHA1 822e8df6bfee8df670b9094f47603cf878b4b3ed
SHA256 4fa185f67eaf3a65b991cea723d11f78de15a6a9a5235848a6456b98a9d7f689
SHA512 85119055ddfc6bc4cca05de034b941b1743cbb787607c053e8c10309572d2ef223786fc454d962fbb5e3cde5320117f9efe99041116db48916bc3d2fcd4ffa25

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\sea_preview.jpg

MD5 53ba159f3391558f90f88816c34eacc3
SHA1 0669f66168a43f35c2c6a686ce1415508318574d
SHA256 f60c331f1336b891a44aeff7cc3429c5c6014007028ad81cca53441c5c6b293e
SHA512 94c82f78df95061bcfa5a3c7b6b7bf0b9fb90e33ea3e034f4620836309fb915186da929b0c38aa3d835e60ea632fafd683623f44c41e72a879baf19de9561179

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\sea.webm

MD5 00756df0dfaa14e2f246493bd87cb251
SHA1 39ce8b45f484a5e3aa997b8c8f3ad174e482b1b9
SHA256 fa8d0ae53ebdbec47b533239709b7e1514ecb71278907621ca2d288241eb0b13
SHA512 967670863f3c77af26fa1d44cd7b4fe78148d2ba6ea930b7b29b9f35d606554d664c0577068e0c26fa125d54627d7e7543360bce4acee0af17783b07450b5f52

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\mountains_preview.jpg

MD5 a3272b575aa5f7c1af8eea19074665d1
SHA1 d4e3def9a37e9408c3a348867169fe573050f943
SHA256 55074794869b59cd5c693dfa6f6615aea068c2cd50cdae6dd69bd0410661ded8
SHA512 c69bf39362658dd6cbd827cf6db0f188a9c4410b3c6b7b532595fd5907974e2141d857942ffb2497282e31eaa33c71240c2c2bd8721046df55e3358e8b76c061

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\wallpapers\1-1x.png

MD5 80121a47bf1bb2f76c9011e28c4f8952
SHA1 a5a814bafe586bc32b7d5d4634cd2e581351f15c
SHA256 a62f9fdf3de1172988e01a989bf7a2344550f2f05a3ac0e6dc0ccd39ed1a697e
SHA512 a04df34e61fd30764cf344b339ba2636b9280a358863f298690f6a8533c5e5dfa9773a14f8d16a5bb709ea17cf75e1da6302335aa9120009892e529bfad30df9

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\tablo_UA_

MD5 61aef3bba55267d45529f487b7e61716
SHA1 c397377caaced67127eab936369f117b5da158f1
SHA256 792f8c1e9de09cec4f4ead577a5fbc15705347266b73a7cbb5c17492d7ad9aa7
SHA512 a37f43bc7d77cade850f0a85e6b3c0a6bb1afe06fd296ce5dcb17abab4d619003cc0f17e7182efb111fb84359475ebcccd5c283cfdee885e8bac95fb39f7fb57

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\tablo_TR_

MD5 50dbdb9aaec42827cc2eb5d04f9c73a8
SHA1 0769ba6c5fe530ced2562107472314ebb2cbd909
SHA256 c0e6fb42389e71e97b21f50c6dd766172cd4ef76392fcb2305ea747c177b3e21
SHA512 7f5e0cc72d3956d7093bef7fc77605294b84fbd58c966b5091aafc5ce1f25788e707c482b40129f28155d8b88660ef6b954f9a682d43be337d84d7dfc175ec99

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\tablo_RU_

MD5 f95a365fc86e04f9b40d07b361907fdd
SHA1 5e399608d0491c04014ffae22c9d2fbc80ba79e3
SHA256 86984ab8b856af9f74c8f19320edf37b0d77cec81c47d904a140630842ce4427
SHA512 3ab98b43da1cd9ab2e26a247f04314c1ea31bcb61bccefdc8f5f458320b8d3b2a9fcf157b52e326e112fca4ded062f50e765ca03d62cfd95ab03a2087fe6ef2a

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\tablo_PT_

MD5 cbfc45587ec6c290e2d7382fb125bb06
SHA1 5b02fcc706a9f3a35a5d74927bbfa717ad6836d0
SHA256 320a0b330e0a40d1a5c74221bd3e4b1efdd9a1c353cb07a73d88399c2a991208
SHA512 fb22df834a02a9df01bb479cf28437641455c113d84166672a15a76bcb977bf5deb230cbb21c99730ac883545e7f457cdab048c278cc2802b11568d4fdfaa1a3

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\tablo_KZ_

MD5 9f63f6736c09a29280c8d3b3183f959d
SHA1 ba172ce3c43996316f4c231ce443f880bedc9e9b
SHA256 d33cb20100bd3f182514171f9d41fa36e74ac32bd30c2c44f0d471449b331618
SHA512 91948d89a0cf9a4519066cd9b6bf2ee9d5e29270a77e57160354f4e33f3ab73934851136563f0d85d10dfc5acee5bed3bcafdeee179aecb85b8765421e1062db

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\tablo_JP_

MD5 afc46500500ca4fbd99209621ba961c0
SHA1 530792f4d2dca8a77a6253d97c2047d221ba4188
SHA256 33e924e65ef2b05e48ada9e95feb4c9c4b4be442f79a04c8d863913f94783574
SHA512 2edd0372618df78803026824196a4841b569c0c3cbf4b5247556854201953d492b42b89eca5deb1ee9d8d1658ddabfd534ab97c3ea61b0ebad3d716aa2a40cda

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\tablo_IT_

MD5 b2354e0b4f3a3a25f9e0637e1848687f
SHA1 85e3cd44b2dfe0be78befcd8eb6c0776e5c06f1d
SHA256 2c9ab87ab9fc5f8f8d2f2c73128148167b3cfc52325a40366924a9997c070f92
SHA512 2e9ec9ec9bd7f98b126a62635bb24ba42f7da202b6760b77ff97c4d17471300e592bbd9beb13256cb5a61378a574424a836ae57eb046ac195a10415c7c1c1810

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\tablo_ID_

MD5 38e1a9f53847518a321c65ab8ca40e75
SHA1 7fb594a3a407744ff45169dfa4a3118a1bd747eb
SHA256 51feb3e49bd80615e19ff9a5c86a5a6630ce0b7b7c85c939f90a9255f9f2c12e
SHA512 2043ccbafdb8740c7cc967618893589c431db722b266c252e0744b031d5b7bc950c804349d7930691fa062537dee9100421f95b8e53c042793f06ef282e5dcbe

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\tablo_DE_

MD5 847356d02a4dfaeb0449153805dc89b3
SHA1 b608ab76c78ca53787191866dccd447be841c61c
SHA256 c5a232993c677b3109542bd974336ad8dd42830319be773dab75c3e147c07317
SHA512 c5b01b532ed42c056db108f6bf227dc3773640dd556278c3af0a7a7229bbdc3963ac0286d4714884265e189440f04a31addd5a36002f22ada5ae8364c7e79a78

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\tablo_CN_

MD5 5fb2a63a8a3cc86330484f6b89d17bea
SHA1 27a01c90bee60fe786888d641170768f76326734
SHA256 0fb259ab08ceb8987ada8b362a48e0bf54c2063a7c374203dcbac8dc6558b056
SHA512 a87165e9a0eb49c04e03a4764505770ae936c8cefa346c41b47e39e90b31b33fdcb9cc0ebf1e706aa8e3ee34d81f5a815d4f9587a022c64a73e374f35c8de4da

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\tablo_CA_

MD5 9644ce7d7022710f9e3d15ca62652130
SHA1 9501c256b77bf4f2d15eeebea872394be64453f7
SHA256 2e9b8194da778435200d9eb756d4356e0741ffaac24e7f8fe064c35c2b572539
SHA512 81e1cb5b76a19e07f9892fbbb016594b0545cff56e3d7b5fc124c9c54746d571061748f0388dd911097c03fc379dc25235db21cf8ce141396c4a712368dc8d1c

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\tablo_BR_

MD5 eff751f0d80c5df86c5edca15aec9a4f
SHA1 49607e819f796d34d1ff7c1c894604f2a5de4b56
SHA256 18b6ae3ebec51fe0a5398a53a3296b2300e75690b2f5d9763e68eca8e938d9c0
SHA512 2e486efe9ec6c65dbef2d98f0f95f87282a210068118c71d3ad33fd6400e01b49060dac926a5632e317b5e3ed04f66638e179956531a299b31dbc249139cf902

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\tablo

MD5 0a8228e3d9397b33f203ddf77940b986
SHA1 69249827fefcc7409098756a0dcfcb79bf1955ae
SHA256 ba9cad7508d2e860014f4a7c7bb290034dc7cc4def9142bac3e5ff1120f5135a
SHA512 a9d76de78b02b3651e93a927658945fe0320b395f50ac12055dd9e99cc5516408a1a6778ec281aac2e31e75fcf40ab84ff5665b06ae6892d68c349c9a5791de1

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\sxs.ico

MD5 592b848cb2b777f2acd889d5e1aae9a1
SHA1 2753e9021579d24b4228f0697ae4cc326aeb1812
SHA256 ad566a3e6f8524c705844e95a402cdeb4d6eed36c241c183147409a44e97ebcd
SHA512 c9552f4db4b6c02707d72b6f67c2a11f1cf110b2c4ac5a1b7ac78291a14bf6eb35a9b4a05bc51ac80135504cd9dcad2d7a883249ee2e20a256cb9e9ceeb0032f

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\about_logo_ru_2x.png

MD5 a6911c85bb22e4e33a66532b0ed1a26c
SHA1 cbd2b98c55315ac6e44fb0352580174ed418db0a
SHA256 5bb0977553ded973c818d43a178e5d9874b24539dacbd7904cd1871e0ba82b23
SHA512 279fb0c1f2871ce41b250e9a4662046bc13c6678a79866eaf317cc93c997a683114122092214ce24f8e7f8a40520fe4ca03f54930148f4f794df0df3ecf74e9d

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\about_logo_ru.png

MD5 ff321ebfe13e569bc61aee173257b3d7
SHA1 93c5951e26d4c0060f618cf57f19d6af67901151
SHA256 1039ea2d254d536410588d30f302e6ab727d633cf08cb409caa5d22718af5e64
SHA512 e98fbfb4ed40c5ac804b9f4d9f0c163508c319ec91f5d1e9deb6a5d3eada9338980f1b5fe11c49e6e88935ecd50119d321ce55ca5bdd0723a6e8c414e1e68e16

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\about_logo_en_2x.png

MD5 900fdf32c590f77d11ad28bf322e3e60
SHA1 310932b2b11f94e0249772d14d74871a1924b19f
SHA256 fe20d86fd62a4d1ab51531b78231749bd5990c9221eab1e7958be6d6aef292d9
SHA512 64ebc4c6a52440b4f9f05de8ffb343c2024c4690fe5c9f336e78cd1dd01ae8225e8bc446f386feb442e76136b20d6b04ee293467b21f5b294ce25e500922f453

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\about_logo_en.png

MD5 1376f5abbe56c563deead63daf51e4e9
SHA1 0c838e0bd129d83e56e072243c796470a6a1088d
SHA256 c56ae312020aef1916a8a01d5a1fc67ed3b41e5da539c0f26632c904a5e49c62
SHA512 a0bab3bae1307ea8c7ccbd558b86c9f40e748cdd6fd8067bb33eeef863191534af367a0058111553a2c3a24e666a99009176a8636c0a5db3bf1aa6226130498f

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\22.1.5.812\resources\import-bg.png

MD5 be2acbae1c7b09125a85c5517a7dd70c
SHA1 091dbd354f830ddf74258b337dc4f7177a860d1b
SHA256 d1f78371b8d86ecd9a1e6c5878ff5da756f8c9ebb6b1a6d5d24ed017ad64c010
SHA512 dfc66f11ab6f79a8726efe47c478664973b04a277a9290cc6703899a12271909c757482be8c0a2cdcdd290e5a2a29d441a8d09c2bfc686a9482f07ceeb33f673

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Sync Data\LevelDB\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

MD5 258ea1c376583a48d89b2d4bc133c744
SHA1 a8f9f60756f5b89a86bff2fe0203ef890ece5524
SHA256 88d1e156b6b029b852a41ece2f4bccae6754a8c07efc9c592ddfc3b5be2e1bf4
SHA512 11d37e94cf94ed856ca9226e22a8485a037b5db3a80efcad1017099e14d4ebcb53a0c35e35775bf0b58c1c544a04a00bcd63a1a3aac480ce62256d2e05c3e7fe

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences~RFe5826bd.TMP

MD5 393b84963178d403657e3db90765e7c8
SHA1 e8b5ce7e2ee533351d71f58a56c0e6ee1ddfc22d
SHA256 9c084d38e3461c6d251ddf46a7a47c2f09939c5134baa8a5b8fa49ed3297b8d1
SHA512 000090ec7ff7230896ae0a567c7c6c03fffc4cbe3aaab971eb713b79a4de4a65beaa9fcd986cbbaca74e577a71fd8b11d853984fe566d73254ad7b2257a8a972

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\8726ae28-d7ee-401e-887b-559b5d19dfa7.tmp

MD5 4d4b657a4d0b9703e41b3e14991c5f6f
SHA1 65858616de1ec60bba42d2afc307cec3d6da232c
SHA256 a0b1ad95ddf3645510625d1f6da088b1d78ad2fd3d19aa1550dcac7e8e4ccf1e
SHA512 10b753ca1898a8c5ca162feb1f58e9c90d17a2cca47b6a70c555d7e7a1188e331e339a2177f83e8211e742a0a2e680b0d86e0f2ee2fb17c8914fb1d6c6b3cd92

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Secure Preferences

MD5 8c95899cf971c873be710f56cb137813
SHA1 2948c72889cab6ed7b160a174a1461aef03f9857
SHA256 4cb7c9a632436181f20e82a668b8780835b307730727649f47e1e16d10dc26b9
SHA512 19bf663d10759ed164c78487ac0c075362ffce5149b7b3d5a5acb923f0860ef97d8452a73a32827ec6628d296702ca4264e731dfbed66381ebd7cac448fa9be6

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\GrShaderCache\GPUCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\GrShaderCache\GPUCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

MD5 3b3db48e96454f0e71e3d4b6a04dc5f6
SHA1 aff7dbbab10b0729d011dfd862028bafa34e0b08
SHA256 87ef68b20f949eccbf46a2cfafa36f9205ee844d4d4ba22ec25384291e6fa2a3
SHA512 3adc47192e16ab05386446d8864107549ccf6b1d73a840ace1983846d70afe03fae3084c41f5ce0cef2c0df0e5f1a5a43054a7332b68941cdad8317a63b5804e

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Secure Preferences~RFe5828ef.TMP

MD5 faf94bc30bd6ce7957ff5d47b7a368c4
SHA1 79b59f7ccb93cd59a8377917a817f2019a3f83b3
SHA256 61ba6ba2d5807d66b5a948cf3b093aa7ec5fcc5229a7fa22fe8e61f92726b0dd
SHA512 1614e705fe9b1f1f91d4be61f8dc2556a65aeba9e0124c13aef1a07337d6791f72d357022b6627d97155c708aa06d8f4555069d5ed7dfb9180e74f562869f2d4

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

MD5 27d78222dfae3bb0b5291406ca6be857
SHA1 03deeedee23ec8ce3456bcbb192656ddbc01853c
SHA256 618b2cb0640954d07b5f13b706e2e7da0868fdc2e1452150cb817b0bbf2136e8
SHA512 73c25cf699ce0c6d573d76327b313cb4a6942334d381b91e9fd290090e2c4ebc6b25ea5b49b46ff26d14d3c98054ad8f4576a463dc5313fdfa19c9ed5f8c0630

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Local State

MD5 3c4e9663936f49007c99086e9f201784
SHA1 d7f8ab01c83899267c4b2509dee23d26f51ccd96
SHA256 95fcb43972e6e6084651477a4dfbf417a6be3beb508020b073308bf36e1ac399
SHA512 5d1ff541144b20262f1aedb8529e0e2ac5daa34b6ea419d3a88c0d8c3b7604627f3406696aac9f55982fd68b3469234a78b12faaa0df6fcfec325bc6c2d0ea6f

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Local State~RFe5828d0.TMP

MD5 43c07741bd4e636c3205f41f08fb5e00
SHA1 88f65a76d2dfc05830b8da95448c62a4f4b46528
SHA256 da7888f1ff88dd17492150ac8331cc5250b118130ef4bcd38905ced7e943656c
SHA512 75878b37a61e70423caacb9e8a89dd00970d6aa3f4503e5add72f6a6439a25f9078fe2bf4b383706d2744d16fe33af7238e3f7260be50118da17c2dd633c3e1a

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\9fe684ee-d7e1-4e9b-b79f-38d5c645ea3f\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\turboapp_db.json

MD5 da6a3a86a2850d2e67aa8f7cab75d51c
SHA1 7fe2122ac21f25a0e8af1802e9de94c32ab34795
SHA256 052390c9a2243862d68a2d6479f0304193f87ff9068dde0603a87d6e85916af5
SHA512 086cfde246a24113b713887cb9ec4a192e21562078ad29a97bf7f82a0c1d3fcd6195843fc672c0a832059763adcdaa0f07655a847efee1ed34d72112460d23f3

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\turboapp_db.json~RFe582ad4.TMP

MD5 7662f01031805a9bdffc8e03d845e2b8
SHA1 f104a05d3ebd6fcf5733ee6076b70f2b5f52475c
SHA256 f54d50368f1b796529bbda8cece406c71c45275486202ebe40e30dcc965a19e3
SHA512 1e8e4be1dddabfdcfc69304adf0de06ff8962504c2255e0e5c0fe449469970204bf50bb8784b219ad6152a2105613aefb39fd7325a30793ac9d0542bbb8cb246

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\9fe684ee-d7e1-4e9b-b79f-38d5c645ea3f\index-dir\the-real-index

MD5 388f81493adc0e4e31bbd43d35209754
SHA1 a29abcee688fb655c4eedcc0d174d6fbbe030359
SHA256 9afa21b110da0bf62b3cce2175e6cc0e0dea8b85a33a0769c830c4b2d40cf56e
SHA512 09a21fdea67ce61b094882a1ccad8d9158ef391537eaa40ae4c2875e902affdd99e68148a72ca1474d77a79c01c67e8deb1bc0c57aad736746ba76efe4a8529a

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

MD5 f70fe2e0e0df2e9665c41493a3d0a0e2
SHA1 fe066abf22377777c1cd25443af23acd1409f322
SHA256 0759940050cd4fa6289fee2520f294fcf3c21c048c1991a0d3139ce29201bd45
SHA512 03cd339e982757261858f8282e0bf8af66501724e91bac1da2f23f9e015ed7e764138fca0bbc162a04551fb338a3404afb05d142e1777b3c08973d2ae15ea784

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 116749deb1b842cf569acbbb68094c8a
SHA1 e603cb33e690e4db48356c1857c68047bdcefe88
SHA256 0e334629e4ee5a8d1f1c94960d26e43730b7f5a910366f9abcf5d2d99dc01025
SHA512 dea9b8fd4241722451da5b2e7511e2d1141b3d363a15a753915b003a32a250ff655150cb4457fb53d435a3c013896d13c4f0f78feb55e75b37a703eaaa16ea5c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582c89.TMP

MD5 736d671c9f5879bc974949f723eed6bc
SHA1 0c78bbb9974fe692eac96e19147b51e2f24435db
SHA256 061eb4c8627cae94c89e10ace6bdddeedba022f9e4b9af715f1e698b19de9d3b
SHA512 13e48d7b044abeca250e515d074c4574c79eeb0f8d69ecf98305b254757ec3f5063fcce437f414813ff5d658ab51ea5a1e9e71f252abddb75f2865a15a7b4631

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4cfb1772e262cfd3e63b7b531434221b
SHA1 5d557eb353ed24631ba1d84eee963767283cd27b
SHA256 d938fb098279ac394b369fdc85e70ab616d76401cfe756eb58be663b3c14ac57
SHA512 e05762817934566e8fbc52c91f488f525573adf55cea73de6ac405748087850e485dcee74b1440b54a37582ea9a802a3995f623c2e8a0989b134164ab465daed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 06aabdbc2d8cd1f12e04ea42034518e9
SHA1 843a212083a8cfe7c717f27acb07424c2fe8d9bc
SHA256 d870ed899cd39b4e3e3c531dcbceb7b8ca9b2995ae75d34bd3f0cd76d771811b
SHA512 3c6f90d94a89c20a19763ba3e6a835b10a1ec817219a950462099668e2e7b8e97962de669ba9c310a5eeadbf41c7fff7faf52fa62c332613855a568376742336

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Local State

MD5 a0c52427399ec627d72a62512fa13ef1
SHA1 d38464a5e699e1c2d4a59a74d0e42ec550b05f6a
SHA256 35f2968cc8784545b5e4a86610b57bbeb220a11279aaa907455507cb35c20038
SHA512 c289f11845da7a688a6ceec723e1099e38c053f27b554522226819a83b89d460a4f41aeb6c6b8982199e4d4c14a41fab330c543f958e87b7d1172e9f3d687c43

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\GPUCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Local State

MD5 cb08f7a7d22144f65d79e0287e177b17
SHA1 0f21d2465349bf1acbc597e737ab2d5a434d3425
SHA256 b374f33fc115d4df5892623b8ca8dd5fcf0af64a07e5909eec1b798a20caeaff
SHA512 d914d3153895492dad3eda0ad7742a8c42cdb3a120c6601b90ec8bac63f908f67e050abbcd0a24a00c9fffdcc8c4572d63580ba898c7d698c7a9be5bbd0448bf

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\c7454cf6-3cbd-4fcb-bbf0-fe14479b759a.tmp

MD5 4dbed46c80310eac57ad51d9f6a1274d
SHA1 a75c2f2ae915f0fef180acef387e5b3e3ef210f0
SHA256 630c02e7cc92f698bf859b353a626d8f9463bbeb85ca2145dc935b7cc8c280a3
SHA512 6e8ea63a11d762dc5f7440f31b878910bf781988f545f3383cd154127d5378b437719f554d534c019ea889407192a29dba2c46eb11f3e9b8d26189eba5ec74ff

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TransportSecurity

MD5 9a1f0c7843bc890f591017e8935a0137
SHA1 7f03a02e638cd5433b649b20048079a2dd4c303f
SHA256 166748faedb7178fee795023a6afb44477ba97d6b0bdf0deb49af19403689e1a
SHA512 81d2376d1a5fb9ebc1c1b0d245d95ab4ce64890a9028506566b0b622393d5b33e0992a3357e8d442be9c08e32f2ac4e26d611495bc887ee9cd7e3696ee7305aa

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

MD5 467d13608489d92e4ace184e5e6a49ff
SHA1 6b459b4221aa45c18e1c92e9214d6ace527e2ea7
SHA256 ccaf050fa33ff81732e26466ba34705bf340e596aa0ea72cefc90a786b4046c7
SHA512 e1c6b390af6fe66150b734285e0317e3ab794764eee1c7bd0a67577aa7ce7867ccb3e5a113819bc3eeb55c740a32e26d1dd23dfb8c9eeadb3a1539b0a3a14d46

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TransportSecurity

MD5 470a73afac5532347cbd902d41cba13a
SHA1 e0f64040a8ce99e72686130e6072bab052d3cf86
SHA256 f37e6d645e1f156f3e647ecbb76f6f961aae852155e78fbfe2e5fd50f279fe62
SHA512 2d09e0616d83ae294f4cd975247e17efca7c2b5d68925ff6a670dd1e947c2789a4a53159671cb566e3a0ea0b75c015f1ff898deb9d1103b044d7c601cea7f112

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 16d3e1b5f50cbb697057c3b0e183c299
SHA1 8151601f26ec0595f5dd21e7cd00ad61a793af5a
SHA256 abb86a0c033092d67a3c91df3f5ac42f64bf5d840252d97be21d833c5f124c99
SHA512 3370bb5c3b89402746af3afe9df9f1d69a3292434b934a0804fbe17604fac209d85ce6703bb261f70941ef53a17013fd588235136445402d6ab01aa05b93bf22

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TransportSecurity

MD5 48272ae206036f4e7c1f684f58014e41
SHA1 0c800216421c2f90856b61565294537d7ecd8aa5
SHA256 819cee9ba4b6247378cf4509bc5e360d855468b0c6401bdf10e4ce7fcae60a64
SHA512 6a2644fbb3a885ce96866ad2064d75a6eaff9ccbe7cc304a88c04ab24571ecfe5fd5490a7d10fc07916693357477842457d3357f81e618f3a0b9b93d2e118a56

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TransportSecurity

MD5 e6eb37a2b12b1f44d090ded1322bde9d
SHA1 03f7d06e2a2e63c514759bb9218b5d2cc6ed290e
SHA256 2490219da5ecd48ba75d1b70c1064b4df39f1c6af11a35927b1ecaa91f9e5413
SHA512 4bb6fd53df80b17cde4ea89bec4ba0d337795ad18c3f4f876136a4020429e5dfabfebb9a75e3a735218c5e4cd5de0c81d677e999a13c0d9871a497de552f75a8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TransportSecurity

MD5 34cc9506e7476dd61983c8aca7376bde
SHA1 86614b9840797b9d2545103a87a1b84ec71dbd5a
SHA256 8cd4b4bfb5c2d2fbb0164215fad8ee4cde04300d2cbfc9e4792bcddb250ca6f7
SHA512 b6fd281ce2b264652dd98eb296d96b83438da13f16f2551c574de0ab8fd0f8d38b1b4b910389f06cd6d398cb8cb1464f938e3a9603264da16ef390cfe4645f8e

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Local State

MD5 bfc304e46a0584e9fefe3ccb7ab5badd
SHA1 bd4b3f2b1e1a14e4bcb437c11a88eb5bf861f614
SHA256 d5aa37ed2af2671aefbe53218d45a26a463fee9f6e9e031162d956896a86eaa7
SHA512 5dc59188781027616b8342ded82738c8e3eb62858855f7cb1fa1dff1f23eb04dc428fd95054ff5c62f03e0d174c4a01eff6b6ce1eae1549c8d251044ee05eb69

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

MD5 c6052a44a2dfd8389f5e08612efbb5dd
SHA1 191489b96bd376619ac782123cb6ee4aa68a6482
SHA256 bfcb16bee8f69560a1629e2af34ef015eb0d5ab1bb18db2205d06da0038e5a29
SHA512 af066f8db361693f6341e1ad84885366e389df9d60477de33ee2e251230d8f6f57eade68681b02d4ef554a813f9d2db91d0efdfdbd16d7c66fc8f3d9f5e8f4a2

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network Persistent State

MD5 f02bac698bf630dec42e0fd84659c6dc
SHA1 037c005e3df8d8b84454e864883bc74ba32e86c4
SHA256 2f7460a86b9e6ff7ede2dd53ba5ac3698438bfd9d92086db61b1239ffdd7f589
SHA512 6249a1e090032866da1f4b61771f421fe41df46c222fcaaeb2d88ee3f457990bed92a0069e2a4d4fb20aa8d8c5effb109ab44f457df1edd8383f2dc9dc59e381

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network Persistent State~RFe593e09.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TransportSecurity

MD5 8eaeb225f192e1a54035d38df828ab8f
SHA1 d85077a5b678b3d2d4e3b567bbdbb0124aa58562
SHA256 3437289121a8957ccdbd59a52d9e63296f161ef4a3fcc32512545bfa63ae539b
SHA512 70320907792157e36517440df42712d6f553cca4f951cbf4475d9df14778673b0173f16b28020d77f66e59b1ab020f38b61ceac16aaf77269c7e607861df2cf0

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

MD5 748b47a68726c7be919f7dec9334e2b4
SHA1 86c1c856d96a239f561606328e72ac41cd973b9e
SHA256 44bee9c042fea6a17e3aac60a6eb6f2223174985d2e4f7cce2684b0a4cd833fe
SHA512 f0b6ba95d1296d280d8fbcddbd1f71fe6609d0bdc17ac3b2a0f6df01fae0ac146b57e9393fbff0dc96382853422f7b077c370f827a767f087c985ca8202b5847