17df160c29a16532e06178a469ca7d42bb01f4369b6bb2efe1e0ba9b0817831b

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
02/10/2023, 14:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

17df160c29a16532e06178a469ca7d42bb01f4369b6bb2efe1e0ba9b0817831b.exe
Size

4.5MB
MD5

11d65a246eded66388d8930f2ee1ddbf
SHA1

99174d37730731b8af5d074af6b637709659a36b
SHA256

17df160c29a16532e06178a469ca7d42bb01f4369b6bb2efe1e0ba9b0817831b
SHA512

998239b7cb89bc1a4e3dba94ebd03bd39062092fff55db37d510bca3539400910877205f69754a0de930332bcd423a6eb915b1a4fe8c0862691650ebc0124754
SSDEEP

98304:P9xEpja9gwFK2JcwtM8PC1DKdzOJDb4v+:spVQC1WwN0v+

Score

8^/10

discovery persistence spyware stealer

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 16 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Control Panel\International\Geo\Nation	setup.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Control Panel\International\Geo\Nation	service_update.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Control Panel\International\Geo\Nation	Yandex.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Control Panel\International\Geo\Nation	setup.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Control Panel\International\Geo\Nation	17df160c29a16532e06178a469ca7d42bb01f4369b6bb2efe1e0ba9b0817831b.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Control Panel\International\Geo\Nation	explorer.exe

Executes dropped EXE 64 IoCs

pid	Process
1132	ybDDFC.tmp
2728	setup.exe
2036	setup.exe
1792	setup.exe
2756	service_update.exe
2580	service_update.exe
4116	service_update.exe
4856	service_update.exe
4664	service_update.exe
4216	service_update.exe
4192	Yandex.exe
5100	explorer.exe
1000	clidmgr.exe
1868	clidmgr.exe
904	browser.exe
4392	browser.exe
4660	browser.exe
4012	browser.exe
1588	browser.exe
912	browser.exe
1076	browser.exe
2564	browser.exe
2836	browser.exe
1300	browser.exe
4652	browser.exe
6056	browser.exe
5516	setup.exe
5648	setup.exe
5616	browser.exe
5752	browser.exe
5184	browser.exe
2864	browser.exe
5232	browser.exe
5552	browser.exe
5588	browser.exe
4948	browser.exe
2984	browser.exe
1080	browser.exe
5856	browser.exe
5872	browser.exe
5952	browser.exe
5752	browser.exe
6124	browser.exe
6088	browser.exe
2956	browser.exe
2840	browser.exe
116	browser.exe
4700	browser.exe
1180	browser.exe
4148	browser.exe
5396	browser.exe
5448	browser.exe
1600	browser.exe
5352	browser.exe
5492	browser.exe
5656	browser.exe
5980	browser.exe
5484	browser.exe
5012	browser.exe
5060	browser.exe
5280	browser.exe
3268	browser.exe
5440	browser.exe
5456	browser.exe

Loads dropped DLL 64 IoCs

pid	Process
904	browser.exe
4392	browser.exe
904	browser.exe
904	browser.exe
4012	browser.exe
4012	browser.exe
4660	browser.exe
1588	browser.exe
4660	browser.exe
1588	browser.exe
912	browser.exe
912	browser.exe
2564	browser.exe
4660	browser.exe
4660	browser.exe
2564	browser.exe
4660	browser.exe
2836	browser.exe
2836	browser.exe
1076	browser.exe
1076	browser.exe
1300	browser.exe
1300	browser.exe
4660	browser.exe
4652	browser.exe
4652	browser.exe
6056	browser.exe
6056	browser.exe
5616	browser.exe
5616	browser.exe
5752	browser.exe
5752	browser.exe
5184	browser.exe
5184	browser.exe
2864	browser.exe
2864	browser.exe
5232	browser.exe
5232	browser.exe
5552	browser.exe
5552	browser.exe
5588	browser.exe
5588	browser.exe
4948	browser.exe
2984	browser.exe
2984	browser.exe
1080	browser.exe
1080	browser.exe
4948	browser.exe
5856	browser.exe
5856	browser.exe
5872	browser.exe
5872	browser.exe
5952	browser.exe
5952	browser.exe
5752	browser.exe
5752	browser.exe
6124	browser.exe
6088	browser.exe
6088	browser.exe
6124	browser.exe
2956	browser.exe
2956	browser.exe
2840	browser.exe
2840	browser.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\YandexBrowserAutoLaunch_45886AE68CD319C7351FF54A1DBD4B87 = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --shutdown-if-not-closed-by-system-restart"	browser.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Yandex\ui	service_update.exe

Drops file in Program Files directory 21 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Yandex\YandexBrowser\23.7.4.972\debug.log	service_update.exe
File created	C:\Program Files (x86)\scoped_dir4652_2016401777\History	browser.exe
File opened for modification	C:\Program Files (x86)\scoped_dir4652_2016401777\History	browser.exe
File created	C:\Program Files (x86)\chrome_ComponentUnpacker_BeginUnzipping904_180220548\_platform_specific\win_x86\widevinecdm.dll.sig	browser.exe
File created	C:\Program Files (x86)\chrome_ComponentUnpacker_BeginUnzipping904_180220548\manifest.fingerprint	browser.exe
File created	C:\Program Files (x86)\scoped_dir5376_1487765401\Network\Cookies	browser.exe
File created	C:\Program Files (x86)\chrome_url_fetcher_904_1639389033\oimompecagnajdejgnnjijobebaeigek_4.10.2652.2_win32_evormqwqogipeqgm2h4lqldqda.crx3	browser.exe
File created	C:\Program Files (x86)\scoped_dir6024_1250724589\cookies.sqlite	browser.exe
File opened for modification	C:\Program Files (x86)\scoped_dir6024_1250724589\cookies.sqlite-wal	browser.exe
File opened for modification	C:\Program Files (x86)\scoped_dir6024_1250724589\cookies.sqlite-shm	browser.exe
File opened for modification	C:\Program Files (x86)\scoped_dir6024_1250724589\cookies.sqlite-journal	browser.exe
File opened for modification	C:\Program Files (x86)\Yandex\YandexBrowser\23.7.4.972\service_update.exe	service_update.exe
File created	C:\Program Files (x86)\chrome_ComponentUnpacker_BeginUnzipping904_180220548\LICENSE	browser.exe
File created	C:\Program Files (x86)\chrome_ComponentUnpacker_BeginUnzipping904_180220548\manifest.json	browser.exe
File created	C:\Program Files (x86)\scoped_dir4604_1573541689\Cookies	browser.exe
File opened for modification	C:\Program Files (x86)\scoped_dir4604_1573541689\Cookies	browser.exe
File opened for modification	C:\Program Files (x86)\scoped_dir6024_1250724589\cookies.sqlite	browser.exe
File opened for modification	C:\Program Files (x86)\scoped_dir5376_1487765401\Network\Cookies	browser.exe
File created	C:\Program Files (x86)\Yandex\YandexBrowser\23.7.4.972\service_update.exe	service_update.exe
File created	C:\Program Files (x86)\chrome_ComponentUnpacker_BeginUnzipping904_180220548\_platform_specific\win_x86\widevinecdm.dll	browser.exe
File created	C:\Program Files (x86)\chrome_ComponentUnpacker_BeginUnzipping904_180220548\_metadata\verified_contents.json	browser.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\Tasks\Update for Yandex Browser.job	service_update.exe
File created	C:\Windows\Tasks\Repairing Yandex Browser update service.job	service_update.exe
File created	C:\Windows\Tasks\Обновление Браузера Яндекс.job	browser.exe
File created	C:\Windows\Tasks\System update for Yandex Browser.job	service_update.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 11 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	browser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	browser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	browser.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	browser.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	browser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	browser.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	browser.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	browser.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	browser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	browser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	browser.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\Yandex\UICreated_SYSTEM = "1"	service_update.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	browser.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\Yandex	service_update.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	service_update.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\AppDataLow	service_update.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000_Classes\YandexTIFF.GVGVYRFEYP2Q4HTCHD4OT4PLOQ\ = "Yandex Browser TIFF Document"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000_Classes\YandexPDF.GVGVYRFEYP2Q4HTCHD4OT4PLOQ\shell\open	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	Yandex.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000_Classes\.htm\OpenWithProgids\YandexHTML.GVGVYRFEYP2Q4HTCHD4OT4PLOQ	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000_Classes\yabrowser\shell\open\command	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000_Classes\yabrowser\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000_Classes\SystemFileAssociations\.gif\shell\image_search\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --image-search=\"%1\""	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000_Classes\YandexFB2.GVGVYRFEYP2Q4HTCHD4OT4PLOQ\shell\open\command	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000_Classes\YandexHTML.GVGVYRFEYP2Q4HTCHD4OT4PLOQ\Application\ApplicationName = "Yandex"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000_Classes\YandexJPEG.GVGVYRFEYP2Q4HTCHD4OT4PLOQ\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000_Classes\.txt\OpenWithProgids	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000_Classes\YandexWEBP.GVGVYRFEYP2Q4HTCHD4OT4PLOQ	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000_Classes\.swf	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000_Classes\SystemFileAssociations\.webp\shell\image_search\Icon = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,0"	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000_Classes\YandexHTML.GVGVYRFEYP2Q4HTCHD4OT4PLOQ	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000_Classes\YandexCRX.GVGVYRFEYP2Q4HTCHD4OT4PLOQ\shell\open\command	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000_Classes\YandexWEBP.GVGVYRFEYP2Q4HTCHD4OT4PLOQ\shell\open\command	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000_Classes\YandexBrowser.crx\shell\open	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000_Classes\YandexEPUB.GVGVYRFEYP2Q4HTCHD4OT4PLOQ	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000_Classes\YandexWEBP.GVGVYRFEYP2Q4HTCHD4OT4PLOQ\shell	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000_Classes\yabrowser\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,0"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000_Classes\YandexPNG.GVGVYRFEYP2Q4HTCHD4OT4PLOQ\shell\open\command	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000_Classes\YandexHTML.GVGVYRFEYP2Q4HTCHD4OT4PLOQ\AppUserModelId = "Yandex.GVGVYRFEYP2Q4HTCHD4OT4PLOQ"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000_Classes\SystemFileAssociations\.tiff	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000_Classes\YandexCRX.GVGVYRFEYP2Q4HTCHD4OT4PLOQ\shell	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000_Classes\YandexJS.GVGVYRFEYP2Q4HTCHD4OT4PLOQ\shell	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000_Classes\.pdf	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000_Classes\.xhtml\OpenWithProgids\YandexHTML.GVGVYRFEYP2Q4HTCHD4OT4PLOQ	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000_Classes\.infected\OpenWithProgids\YandexINFE.GVGVYRFEYP2Q4HTCHD4OT4PLOQ	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000_Classes\YandexGIF.GVGVYRFEYP2Q4HTCHD4OT4PLOQ\DefaultIcon	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000_Classes\YandexINFE.GVGVYRFEYP2Q4HTCHD4OT4PLOQ	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000_Classes\SystemFileAssociations\.png\shell\image_search\ = "Поиск по картинке"	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000_Classes\YandexTIFF.GVGVYRFEYP2Q4HTCHD4OT4PLOQ\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-119"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000_Classes\.jpg\OpenWithProgids\YandexJPEG.GVGVYRFEYP2Q4HTCHD4OT4PLOQ	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000_Classes\.swf\OpenWithProgids	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000_Classes\YandexWEBM.GVGVYRFEYP2Q4HTCHD4OT4PLOQ\shell	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000_Classes\.png\OpenWithProgids	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000_Classes\YandexINFE.GVGVYRFEYP2Q4HTCHD4OT4PLOQ\shell	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000_Classes\YandexTIFF.GVGVYRFEYP2Q4HTCHD4OT4PLOQ\DefaultIcon	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000_Classes\YandexHTML.GVGVYRFEYP2Q4HTCHD4OT4PLOQ\shell	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000_Classes\YandexCSS.GVGVYRFEYP2Q4HTCHD4OT4PLOQ\ = "Yandex Browser CSS Document"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000_Classes\YandexPNG.GVGVYRFEYP2Q4HTCHD4OT4PLOQ\DefaultIcon	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000_Classes\.fb2\OpenWithProgids	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000_Classes\YandexPNG.GVGVYRFEYP2Q4HTCHD4OT4PLOQ\DefaultIcon	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000_Classes\.fb2\OpenWithProgids\YandexFB2.GVGVYRFEYP2Q4HTCHD4OT4PLOQ	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000_Classes\SystemFileAssociations\.gif\shell\image_search\Icon = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,0"	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000_Classes\YandexCSS.GVGVYRFEYP2Q4HTCHD4OT4PLOQ\shell	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000_Classes\YandexEPUB.GVGVYRFEYP2Q4HTCHD4OT4PLOQ\ = "Yandex Browser EPUB Document"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000_Classes\.crx\OpenWithProgids	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000_Classes\YandexGIF.GVGVYRFEYP2Q4HTCHD4OT4PLOQ\shell	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000_Classes\YandexJS.GVGVYRFEYP2Q4HTCHD4OT4PLOQ\DefaultIcon	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000_Classes\YandexPDF.GVGVYRFEYP2Q4HTCHD4OT4PLOQ\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-112"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000_Classes\YandexFB2.GVGVYRFEYP2Q4HTCHD4OT4PLOQ\shell\open	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000_Classes\YandexJS.GVGVYRFEYP2Q4HTCHD4OT4PLOQ\shell\open	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000_Classes\YandexXML.GVGVYRFEYP2Q4HTCHD4OT4PLOQ\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-134"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000_Classes\SystemFileAssociations\.bmp\shell\image_search\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --image-search=\"%1\""	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000_Classes\YandexINFE.GVGVYRFEYP2Q4HTCHD4OT4PLOQ\shell\open	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000_Classes\.webm	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000_Classes\YandexGIF.GVGVYRFEYP2Q4HTCHD4OT4PLOQ	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000_Classes\YandexSWF.GVGVYRFEYP2Q4HTCHD4OT4PLOQ\shell	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000_Classes\YandexCRX.GVGVYRFEYP2Q4HTCHD4OT4PLOQ\shell\open\command	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000_Classes\.gif\OpenWithProgids	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000_Classes\.tiff\OpenWithProgids\YandexTIFF.GVGVYRFEYP2Q4HTCHD4OT4PLOQ	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000_Classes\YandexSWF.GVGVYRFEYP2Q4HTCHD4OT4PLOQ\shell\open\command	setup.exe

Modifies system certificate store 2 TTPs 9 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 040000000100000010000000e94fb54871208c00df70f708ac47085b0300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c1900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b4200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 5c0000000100000004000000001000001900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b8040000000100000010000000e94fb54871208c00df70f708ac47085b200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 5c000000010000000400000000080000190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa604000000010000001000000087ce0b7b2a0e4900e158719b37a893722000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8	17df160c29a16532e06178a469ca7d42bb01f4369b6bb2efe1e0ba9b0817831b.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b8200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82	17df160c29a16532e06178a469ca7d42bb01f4369b6bb2efe1e0ba9b0817831b.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 1900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b8200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82	17df160c29a16532e06178a469ca7d42bb01f4369b6bb2efe1e0ba9b0817831b.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8	setup.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
2756	service_update.exe
2756	service_update.exe
2580	service_update.exe
2580	service_update.exe
4116	service_update.exe
4116	service_update.exe
4664	service_update.exe
4664	service_update.exe
4216	service_update.exe
4216	service_update.exe
2036	setup.exe
2036	setup.exe
2036	setup.exe
2036	setup.exe
904	browser.exe
904	browser.exe
904	browser.exe
904	browser.exe
904	browser.exe
904	browser.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	904	browser.exe
Token: SeCreatePagefilePrivilege	904	browser.exe
Token: SeShutdownPrivilege	904	browser.exe
Token: SeCreatePagefilePrivilege	904	browser.exe
Token: SeShutdownPrivilege	904	browser.exe
Token: SeCreatePagefilePrivilege	904	browser.exe
Token: SeShutdownPrivilege	904	browser.exe
Token: SeCreatePagefilePrivilege	904	browser.exe
Token: SeShutdownPrivilege	904	browser.exe
Token: SeCreatePagefilePrivilege	904	browser.exe
Token: SeShutdownPrivilege	904	browser.exe
Token: SeCreatePagefilePrivilege	904	browser.exe
Token: SeShutdownPrivilege	904	browser.exe
Token: SeCreatePagefilePrivilege	904	browser.exe
Token: SeShutdownPrivilege	904	browser.exe
Token: SeCreatePagefilePrivilege	904	browser.exe
Token: SeShutdownPrivilege	904	browser.exe
Token: SeCreatePagefilePrivilege	904	browser.exe
Token: SeShutdownPrivilege	904	browser.exe
Token: SeCreatePagefilePrivilege	904	browser.exe
Token: SeShutdownPrivilege	904	browser.exe
Token: SeCreatePagefilePrivilege	904	browser.exe
Token: SeShutdownPrivilege	904	browser.exe
Token: SeCreatePagefilePrivilege	904	browser.exe
Token: SeShutdownPrivilege	904	browser.exe
Token: SeCreatePagefilePrivilege	904	browser.exe
Token: SeShutdownPrivilege	904	browser.exe
Token: SeCreatePagefilePrivilege	904	browser.exe
Token: SeShutdownPrivilege	904	browser.exe
Token: SeCreatePagefilePrivilege	904	browser.exe
Token: SeShutdownPrivilege	904	browser.exe
Token: SeCreatePagefilePrivilege	904	browser.exe
Token: SeShutdownPrivilege	904	browser.exe
Token: SeCreatePagefilePrivilege	904	browser.exe
Token: SeShutdownPrivilege	904	browser.exe
Token: SeCreatePagefilePrivilege	904	browser.exe
Token: SeShutdownPrivilege	904	browser.exe
Token: SeCreatePagefilePrivilege	904	browser.exe
Token: SeShutdownPrivilege	904	browser.exe
Token: SeCreatePagefilePrivilege	904	browser.exe
Token: SeShutdownPrivilege	904	browser.exe
Token: SeCreatePagefilePrivilege	904	browser.exe
Token: SeShutdownPrivilege	904	browser.exe
Token: SeCreatePagefilePrivilege	904	browser.exe
Token: SeShutdownPrivilege	904	browser.exe
Token: SeCreatePagefilePrivilege	904	browser.exe
Token: SeShutdownPrivilege	904	browser.exe
Token: SeCreatePagefilePrivilege	904	browser.exe
Token: SeShutdownPrivilege	904	browser.exe
Token: SeCreatePagefilePrivilege	904	browser.exe
Token: SeShutdownPrivilege	904	browser.exe
Token: SeCreatePagefilePrivilege	904	browser.exe
Token: SeShutdownPrivilege	904	browser.exe
Token: SeCreatePagefilePrivilege	904	browser.exe
Token: SeShutdownPrivilege	904	browser.exe
Token: SeCreatePagefilePrivilege	904	browser.exe
Token: SeShutdownPrivilege	904	browser.exe
Token: SeCreatePagefilePrivilege	904	browser.exe
Token: SeShutdownPrivilege	904	browser.exe
Token: SeCreatePagefilePrivilege	904	browser.exe
Token: SeShutdownPrivilege	904	browser.exe
Token: SeCreatePagefilePrivilege	904	browser.exe
Token: SeShutdownPrivilege	904	browser.exe
Token: SeCreatePagefilePrivilege	904	browser.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
1904	17df160c29a16532e06178a469ca7d42bb01f4369b6bb2efe1e0ba9b0817831b.exe
5100	explorer.exe
904	browser.exe
904	browser.exe
904	browser.exe
904	browser.exe
904	browser.exe
904	browser.exe
904	browser.exe
904	browser.exe
904	browser.exe
904	browser.exe
904	browser.exe
904	browser.exe
904	browser.exe
904	browser.exe
904	browser.exe
904	browser.exe
904	browser.exe
904	browser.exe
904	browser.exe
904	browser.exe
904	browser.exe
904	browser.exe
904	browser.exe
904	browser.exe
904	browser.exe
904	browser.exe
904	browser.exe
904	browser.exe
904	browser.exe
904	browser.exe
904	browser.exe
904	browser.exe
904	browser.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
904	browser.exe
904	browser.exe
904	browser.exe
904	browser.exe
904	browser.exe
904	browser.exe
904	browser.exe
904	browser.exe
904	browser.exe
904	browser.exe
904	browser.exe
904	browser.exe
904	browser.exe
904	browser.exe
904	browser.exe
904	browser.exe
904	browser.exe
904	browser.exe
904	browser.exe
904	browser.exe
904	browser.exe
904	browser.exe
904	browser.exe
904	browser.exe
904	browser.exe
904	browser.exe
904	browser.exe
904	browser.exe
904	browser.exe
904	browser.exe
904	browser.exe
904	browser.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1904	17df160c29a16532e06178a469ca7d42bb01f4369b6bb2efe1e0ba9b0817831b.exe
904	browser.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1904 wrote to memory of 3344	1904	17df160c29a16532e06178a469ca7d42bb01f4369b6bb2efe1e0ba9b0817831b.exe	88
PID 1904 wrote to memory of 3344	1904	17df160c29a16532e06178a469ca7d42bb01f4369b6bb2efe1e0ba9b0817831b.exe	88
PID 1904 wrote to memory of 3344	1904	17df160c29a16532e06178a469ca7d42bb01f4369b6bb2efe1e0ba9b0817831b.exe	88
PID 3344 wrote to memory of 1132	3344	17df160c29a16532e06178a469ca7d42bb01f4369b6bb2efe1e0ba9b0817831b.exe	100
PID 3344 wrote to memory of 1132	3344	17df160c29a16532e06178a469ca7d42bb01f4369b6bb2efe1e0ba9b0817831b.exe	100
PID 3344 wrote to memory of 1132	3344	17df160c29a16532e06178a469ca7d42bb01f4369b6bb2efe1e0ba9b0817831b.exe	100
PID 1132 wrote to memory of 2728	1132	ybDDFC.tmp	102
PID 1132 wrote to memory of 2728	1132	ybDDFC.tmp	102
PID 1132 wrote to memory of 2728	1132	ybDDFC.tmp	102
PID 2728 wrote to memory of 2036	2728	setup.exe	103
PID 2728 wrote to memory of 2036	2728	setup.exe	103
PID 2728 wrote to memory of 2036	2728	setup.exe	103
PID 2036 wrote to memory of 1792	2036	setup.exe	104
PID 2036 wrote to memory of 1792	2036	setup.exe	104
PID 2036 wrote to memory of 1792	2036	setup.exe	104
PID 2036 wrote to memory of 2756	2036	setup.exe	109
PID 2036 wrote to memory of 2756	2036	setup.exe	109
PID 2036 wrote to memory of 2756	2036	setup.exe	109
PID 2756 wrote to memory of 2580	2756	service_update.exe	110
PID 2756 wrote to memory of 2580	2756	service_update.exe	110
PID 2756 wrote to memory of 2580	2756	service_update.exe	110
PID 4116 wrote to memory of 4856	4116	service_update.exe	112
PID 4116 wrote to memory of 4856	4116	service_update.exe	112
PID 4116 wrote to memory of 4856	4116	service_update.exe	112
PID 4116 wrote to memory of 4664	4116	service_update.exe	113
PID 4116 wrote to memory of 4664	4116	service_update.exe	113
PID 4116 wrote to memory of 4664	4116	service_update.exe	113
PID 4664 wrote to memory of 4216	4664	service_update.exe	114
PID 4664 wrote to memory of 4216	4664	service_update.exe	114
PID 4664 wrote to memory of 4216	4664	service_update.exe	114
PID 2036 wrote to memory of 4192	2036	setup.exe	116
PID 2036 wrote to memory of 4192	2036	setup.exe	116
PID 2036 wrote to memory of 4192	2036	setup.exe	116
PID 4192 wrote to memory of 5100	4192	Yandex.exe	117
PID 4192 wrote to memory of 5100	4192	Yandex.exe	117
PID 4192 wrote to memory of 5100	4192	Yandex.exe	117
PID 2036 wrote to memory of 1000	2036	setup.exe	118
PID 2036 wrote to memory of 1000	2036	setup.exe	118
PID 2036 wrote to memory of 1000	2036	setup.exe	118
PID 2036 wrote to memory of 1868	2036	setup.exe	120
PID 2036 wrote to memory of 1868	2036	setup.exe	120
PID 2036 wrote to memory of 1868	2036	setup.exe	120
PID 904 wrote to memory of 4392	904	browser.exe	123
PID 904 wrote to memory of 4392	904	browser.exe	123
PID 904 wrote to memory of 4392	904	browser.exe	123
PID 904 wrote to memory of 4660	904	browser.exe	124
PID 904 wrote to memory of 4660	904	browser.exe	124
PID 904 wrote to memory of 4660	904	browser.exe	124
PID 904 wrote to memory of 4660	904	browser.exe	124
PID 904 wrote to memory of 4660	904	browser.exe	124
PID 904 wrote to memory of 4660	904	browser.exe	124
PID 904 wrote to memory of 4660	904	browser.exe	124
PID 904 wrote to memory of 4660	904	browser.exe	124
PID 904 wrote to memory of 4660	904	browser.exe	124
PID 904 wrote to memory of 4660	904	browser.exe	124
PID 904 wrote to memory of 4660	904	browser.exe	124
PID 904 wrote to memory of 4660	904	browser.exe	124
PID 904 wrote to memory of 4660	904	browser.exe	124
PID 904 wrote to memory of 4660	904	browser.exe	124
PID 904 wrote to memory of 4660	904	browser.exe	124
PID 904 wrote to memory of 4660	904	browser.exe	124
PID 904 wrote to memory of 4660	904	browser.exe	124
PID 904 wrote to memory of 4660	904	browser.exe	124
PID 904 wrote to memory of 4660	904	browser.exe	124

C:\Users\Admin\AppData\Local\Temp\17df160c29a16532e06178a469ca7d42bb01f4369b6bb2efe1e0ba9b0817831b.exe
"C:\Users\Admin\AppData\Local\Temp\17df160c29a16532e06178a469ca7d42bb01f4369b6bb2efe1e0ba9b0817831b.exe"
1⤵
- Checks computer location settings
- Modifies system certificate store
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1904
- C:\Users\Admin\AppData\Local\Temp\17df160c29a16532e06178a469ca7d42bb01f4369b6bb2efe1e0ba9b0817831b.exe
  "C:\Users\Admin\AppData\Local\Temp\17df160c29a16532e06178a469ca7d42bb01f4369b6bb2efe1e0ba9b0817831b.exe" --parent-installer-process-id=1904 --run-as-admin --setup-cmd-line="fake_browser_arc --abt-config-resource-file=\"C:\Users\Admin\AppData\Local\Temp\abt_config_resource\" --abt-update-path=\"C:\Users\Admin\AppData\Local\Temp\8b76a38e-0c3e-49da-aac8-0510762907b7.tmp\" --brand-name=yandex --distr-info-file=\"C:\Users\Admin\AppData\Local\Temp\distrib_info\" --make-browser-default-after-import --progress-window=852050 --send-statistics --the-interface-availability=190411288 --variations-update-path=\"C:\Users\Admin\AppData\Local\Temp\0ef30723-521d-4289-b44f-321e4ce26217.tmp\" --verbose-logging"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3344
- - C:\Users\Admin\AppData\Local\Temp\ybDDFC.tmp
    "C:\Users\Admin\AppData\Local\Temp\ybDDFC.tmp" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\8b76a38e-0c3e-49da-aac8-0510762907b7.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=13 --install-start-time-no-uac=495364145 --install-start-time-no-uac-with-suspension=240640452000 --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --make-browser-default-after-import --partner-package="C:\Users\Admin\AppData\Local\Temp\PartnerFile" --progress-window=852050 --send-statistics --source=lite --the-interface-availability=190411288 --variations-update-path="C:\Users\Admin\AppData\Local\Temp\0ef30723-521d-4289-b44f-321e4ce26217.tmp" --verbose-logging
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:1132
  - - C:\Users\Admin\AppData\Local\Temp\YB_27CF5.tmp\setup.exe
      "C:\Users\Admin\AppData\Local\Temp\YB_27CF5.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_27CF5.tmp\BROWSER.PACKED.7Z" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\8b76a38e-0c3e-49da-aac8-0510762907b7.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=13 --install-start-time-no-uac=495364145 --install-start-time-no-uac-with-suspension=240640452000 --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --make-browser-default-after-import --partner-package="C:\Users\Admin\AppData\Local\Temp\PartnerFile" --progress-window=852050 --send-statistics --source=lite --the-interface-availability=190411288 --variations-update-path="C:\Users\Admin\AppData\Local\Temp\0ef30723-521d-4289-b44f-321e4ce26217.tmp" --verbose-logging
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:2728
    - - C:\Users\Admin\AppData\Local\Temp\YB_27CF5.tmp\setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\YB_27CF5.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_27CF5.tmp\BROWSER.PACKED.7Z" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\8b76a38e-0c3e-49da-aac8-0510762907b7.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=13 --install-start-time-no-uac=495364145 --install-start-time-no-uac-with-suspension=240640452000 --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --make-browser-default-after-import --partner-package="C:\Users\Admin\AppData\Local\Temp\PartnerFile" --progress-window=852050 --send-statistics --source=lite --the-interface-availability=190411288 --variations-update-path="C:\Users\Admin\AppData\Local\Temp\0ef30723-521d-4289-b44f-321e4ce26217.tmp" --verbose-logging --verbose-logging --run-as-admin --target-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application" --child-setup-process --restart-as-admin-time=516207870
        5⤵
        Executes dropped EXE
        Modifies registry class
        Modifies system certificate store
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2036
      - C:\Users\Admin\AppData\Local\Temp\YB_27CF5.tmp\setup.exe
        
        C:\Users\Admin\AppData\Local\Temp\YB_27CF5.tmp\setup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=f5ea51da667ecd6b5f2b9d06e4a3fc52 --annotation=main_process_pid=2036 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=23.7.4.972 --initial-client-data=0x338,0x33c,0x340,0x314,0x344,0x639d38,0x639d48,0x639d54
        6⤵
        Executes dropped EXE
        
        PID:1792
      - C:\Windows\TEMP\sdwra_2036_1384775950\service_update.exe
        
        "C:\Windows\TEMP\sdwra_2036_1384775950\service_update.exe" --setup
        6⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in Program Files directory
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2756
        
        C:\Program Files (x86)\Yandex\YandexBrowser\23.7.4.972\service_update.exe
        
        "C:\Program Files (x86)\Yandex\YandexBrowser\23.7.4.972\service_update.exe" --install
        7⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:2580
      - C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe
        
        C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe --silent
        6⤵
        Checks computer location settings
        Executes dropped EXE
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\pin\explorer.exe
        
        C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe --silent /pin-path="C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.lnk" --is-pinning
        7⤵
        Checks computer location settings
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        
        PID:5100
      - C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
        
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Temp\clids.xml"
        6⤵
        Executes dropped EXE
        
        PID:1000
      - C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
        
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\source2036_260384152\Browser-bin\clids_yandex.xml"
        6⤵
        Executes dropped EXE
        
        PID:1868

C:\Program Files (x86)\Yandex\YandexBrowser\23.7.4.972\service_update.exe
"C:\Program Files (x86)\Yandex\YandexBrowser\23.7.4.972\service_update.exe" --run-as-service
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4116
- C:\Program Files (x86)\Yandex\YandexBrowser\23.7.4.972\service_update.exe
  "C:\Program Files (x86)\Yandex\YandexBrowser\23.7.4.972\service_update.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=f5ea51da667ecd6b5f2b9d06e4a3fc52 --annotation=main_process_pid=4116 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=23.7.4.972 --initial-client-data=0x258,0x25c,0x260,0x234,0x264,0x11196e0,0x11196f0,0x11196fc
  2⤵
  - Executes dropped EXE
  PID:4856
- C:\Program Files (x86)\Yandex\YandexBrowser\23.7.4.972\service_update.exe
  "C:\Program Files (x86)\Yandex\YandexBrowser\23.7.4.972\service_update.exe" --update-scheduler
  2⤵
  - Executes dropped EXE
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4664
- - C:\Program Files (x86)\Yandex\YandexBrowser\23.7.4.972\service_update.exe
    "C:\Program Files (x86)\Yandex\YandexBrowser\23.7.4.972\service_update.exe" --update-background-scheduler
    3⤵
    - Executes dropped EXE
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    PID:4216

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --progress-window=852050 --install-start-time-no-uac=495364145 --install-start-time-no-uac-with-suspension=240640452000
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Program Files directory
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:904
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id= --annotation=main_process_pid=904 --annotation=metrics_client_id=ccff2033171744daa16ee30a3fb473ed --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=23.7.4.972 --initial-client-data=0x184,0x188,0x18c,0x160,0x190,0x72b8aa38,0x72b8aa48,0x72b8aa54
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4392
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=9FC0F440-D033-4110-877B-28F4C90B18F7 --brand-id=yandex --partner-id=switch-browser --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2208 --field-trial-handle=2212,i,3684080215236086059,18423352130743724684,262144 --disable-features=WebGalleryRotation /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4660
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=ru --service-sandbox-type=service --user-id=9FC0F440-D033-4110-877B-28F4C90B18F7 --brand-id=yandex --partner-id=switch-browser --process-name="Storage Service" --mojo-platform-channel-handle=2728 --field-trial-handle=2212,i,3684080215236086059,18423352130743724684,262144 --disable-features=WebGalleryRotation --brver=23.7.4.972 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1588
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=9FC0F440-D033-4110-877B-28F4C90B18F7 --brand-id=yandex --partner-id=switch-browser --process-name="Network Service" --mojo-platform-channel-handle=2560 --field-trial-handle=2212,i,3684080215236086059,18423352130743724684,262144 --disable-features=WebGalleryRotation --brver=23.7.4.972 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4012
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=9FC0F440-D033-4110-877B-28F4C90B18F7 --brand-id=yandex --partner-id=switch-browser --extension-process --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --first-renderer-process --allow-prefetch --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3476 --field-trial-handle=2212,i,3684080215236086059,18423352130743724684,262144 --disable-features=WebGalleryRotation /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:912
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=ru --service-sandbox-type=audio --user-id=9FC0F440-D033-4110-877B-28F4C90B18F7 --brand-id=yandex --partner-id=switch-browser --process-name="Audio Service" --mojo-platform-channel-handle=3948 --field-trial-handle=2212,i,3684080215236086059,18423352130743724684,262144 --disable-features=WebGalleryRotation --brver=23.7.4.972 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1076
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=9FC0F440-D033-4110-877B-28F4C90B18F7 --brand-id=yandex --partner-id=switch-browser --process-name="Data Decoder Service" --mojo-platform-channel-handle=4164 --field-trial-handle=2212,i,3684080215236086059,18423352130743724684,262144 --disable-features=WebGalleryRotation --brver=23.7.4.972 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2836
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=9FC0F440-D033-4110-877B-28F4C90B18F7 --brand-id=yandex --partner-id=switch-browser --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --allow-prefetch --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4404 --field-trial-handle=2212,i,3684080215236086059,18423352130743724684,262144 --disable-features=WebGalleryRotation /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1300
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=ru --service-sandbox-type=none --user-id=9FC0F440-D033-4110-877B-28F4C90B18F7 --brand-id=yandex --partner-id=switch-browser --process-name="Video Capture" --mojo-platform-channel-handle=4160 --field-trial-handle=2212,i,3684080215236086059,18423352130743724684,262144 --disable-features=WebGalleryRotation --brver=23.7.4.972 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2564
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=ru --service-sandbox-type=none --user-id=9FC0F440-D033-4110-877B-28F4C90B18F7 --brand-id=yandex --partner-id=switch-browser --process-name="Импорт профилей" --mojo-platform-channel-handle=4312 --field-trial-handle=2212,i,3684080215236086059,18423352130743724684,262144 --disable-features=WebGalleryRotation --brver=23.7.4.972 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  PID:4652
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=uwp_cookie_provider.mojom.UwpCookieProvider --lang=ru --service-sandbox-type=utility --user-id=9FC0F440-D033-4110-877B-28F4C90B18F7 --brand-id=yandex --partner-id=switch-browser --process-name=uwp_cookie_provider.mojom.UwpCookieProvider --mojo-platform-channel-handle=4756 --field-trial-handle=2212,i,3684080215236086059,18423352130743724684,262144 --disable-features=WebGalleryRotation --brver=23.7.4.972 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:6056
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\23.7.4.972\Installer\setup.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\23.7.4.972\Installer\setup.exe" --set-as-default-browser
  2⤵
  - Executes dropped EXE
  - Modifies registry class
  PID:5516
- - C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\23.7.4.972\Installer\setup.exe
    C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\23.7.4.972\Installer\setup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=f5ea51da667ecd6b5f2b9d06e4a3fc52 --annotation=main_process_pid=5516 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=23.7.4.972 --initial-client-data=0x338,0x33c,0x340,0x314,0x344,0x12c9d38,0x12c9d48,0x12c9d54
    3⤵
    - Executes dropped EXE
    PID:5648
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=9FC0F440-D033-4110-877B-28F4C90B18F7 --brand-id=yandex --partner-id=switch-browser --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5324 --field-trial-handle=2212,i,3684080215236086059,18423352130743724684,262144 --disable-features=WebGalleryRotation /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5616
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=9FC0F440-D033-4110-877B-28F4C90B18F7 --brand-id=yandex --partner-id=switch-browser --process-name="Data Decoder Service" --mojo-platform-channel-handle=5684 --field-trial-handle=2212,i,3684080215236086059,18423352130743724684,262144 --disable-features=WebGalleryRotation --brver=23.7.4.972 /prefetch:8
  2⤵
  PID:5752
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=9FC0F440-D033-4110-877B-28F4C90B18F7 --brand-id=yandex --partner-id=switch-browser --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --ya-custo-process --enable-instaserp --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4420 --field-trial-handle=2212,i,3684080215236086059,18423352130743724684,262144 --disable-features=WebGalleryRotation /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5184
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=9FC0F440-D033-4110-877B-28F4C90B18F7 --brand-id=yandex --partner-id=switch-browser --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --ya-custo-process --enable-instaserp --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5728 --field-trial-handle=2212,i,3684080215236086059,18423352130743724684,262144 --disable-features=WebGalleryRotation /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2864
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=9FC0F440-D033-4110-877B-28F4C90B18F7 --brand-id=yandex --partner-id=switch-browser --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5492 --field-trial-handle=2212,i,3684080215236086059,18423352130743724684,262144 --disable-features=WebGalleryRotation /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5232
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=ru --service-sandbox-type=none --user-id=9FC0F440-D033-4110-877B-28F4C90B18F7 --brand-id=yandex --partner-id=switch-browser --process-name="Утилиты Windows" --mojo-platform-channel-handle=5424 --field-trial-handle=2212,i,3684080215236086059,18423352130743724684,262144 --disable-features=WebGalleryRotation --brver=23.7.4.972 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5552
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=9FC0F440-D033-4110-877B-28F4C90B18F7 --brand-id=yandex --partner-id=switch-browser --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6388 --field-trial-handle=2212,i,3684080215236086059,18423352130743724684,262144 --disable-features=WebGalleryRotation /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5588
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=9FC0F440-D033-4110-877B-28F4C90B18F7 --brand-id=yandex --partner-id=switch-browser --process-name="Data Decoder Service" --mojo-platform-channel-handle=5928 --field-trial-handle=2212,i,3684080215236086059,18423352130743724684,262144 --disable-features=WebGalleryRotation --brver=23.7.4.972 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4948
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=9FC0F440-D033-4110-877B-28F4C90B18F7 --brand-id=yandex --partner-id=switch-browser --process-name="Data Decoder Service" --mojo-platform-channel-handle=6700 --field-trial-handle=2212,i,3684080215236086059,18423352130743724684,262144 --disable-features=WebGalleryRotation --brver=23.7.4.972 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2984
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=9FC0F440-D033-4110-877B-28F4C90B18F7 --brand-id=yandex --partner-id=switch-browser --process-name="Data Decoder Service" --mojo-platform-channel-handle=6724 --field-trial-handle=2212,i,3684080215236086059,18423352130743724684,262144 --disable-features=WebGalleryRotation --brver=23.7.4.972 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1080
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=service --user-id=9FC0F440-D033-4110-877B-28F4C90B18F7 --brand-id=yandex --partner-id=switch-browser --process-name="Распаковщик файлов" --mojo-platform-channel-handle=6880 --field-trial-handle=2212,i,3684080215236086059,18423352130743724684,262144 --disable-features=WebGalleryRotation --brver=23.7.4.972 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5856
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=9FC0F440-D033-4110-877B-28F4C90B18F7 --brand-id=yandex --partner-id=switch-browser --process-name="Data Decoder Service" --mojo-platform-channel-handle=7008 --field-trial-handle=2212,i,3684080215236086059,18423352130743724684,262144 --disable-features=WebGalleryRotation --brver=23.7.4.972 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5872
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=9FC0F440-D033-4110-877B-28F4C90B18F7 --brand-id=yandex --partner-id=switch-browser --process-name="Data Decoder Service" --mojo-platform-channel-handle=7300 --field-trial-handle=2212,i,3684080215236086059,18423352130743724684,262144 --disable-features=WebGalleryRotation --brver=23.7.4.972 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5952
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=9FC0F440-D033-4110-877B-28F4C90B18F7 --brand-id=yandex --partner-id=switch-browser --process-name="Data Decoder Service" --mojo-platform-channel-handle=7436 --field-trial-handle=2212,i,3684080215236086059,18423352130743724684,262144 --disable-features=WebGalleryRotation --brver=23.7.4.972 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5752
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=9FC0F440-D033-4110-877B-28F4C90B18F7 --brand-id=yandex --partner-id=switch-browser --process-name="Data Decoder Service" --mojo-platform-channel-handle=7508 --field-trial-handle=2212,i,3684080215236086059,18423352130743724684,262144 --disable-features=WebGalleryRotation --brver=23.7.4.972 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:6124
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=9FC0F440-D033-4110-877B-28F4C90B18F7 --brand-id=yandex --partner-id=switch-browser --process-name="Data Decoder Service" --mojo-platform-channel-handle=7752 --field-trial-handle=2212,i,3684080215236086059,18423352130743724684,262144 --disable-features=WebGalleryRotation --brver=23.7.4.972 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:6088
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=9FC0F440-D033-4110-877B-28F4C90B18F7 --brand-id=yandex --partner-id=switch-browser --process-name="Data Decoder Service" --mojo-platform-channel-handle=7776 --field-trial-handle=2212,i,3684080215236086059,18423352130743724684,262144 --disable-features=WebGalleryRotation --brver=23.7.4.972 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2956
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=9FC0F440-D033-4110-877B-28F4C90B18F7 --brand-id=yandex --partner-id=switch-browser --process-name="Data Decoder Service" --mojo-platform-channel-handle=7996 --field-trial-handle=2212,i,3684080215236086059,18423352130743724684,262144 --disable-features=WebGalleryRotation --brver=23.7.4.972 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2840
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=9FC0F440-D033-4110-877B-28F4C90B18F7 --brand-id=yandex --partner-id=switch-browser --process-name="Data Decoder Service" --mojo-platform-channel-handle=8124 --field-trial-handle=2212,i,3684080215236086059,18423352130743724684,262144 --disable-features=WebGalleryRotation --brver=23.7.4.972 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:116
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=9FC0F440-D033-4110-877B-28F4C90B18F7 --brand-id=yandex --partner-id=switch-browser --process-name="Data Decoder Service" --mojo-platform-channel-handle=8268 --field-trial-handle=2212,i,3684080215236086059,18423352130743724684,262144 --disable-features=WebGalleryRotation --brver=23.7.4.972 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:4700
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=9FC0F440-D033-4110-877B-28F4C90B18F7 --brand-id=yandex --partner-id=switch-browser --process-name="Data Decoder Service" --mojo-platform-channel-handle=8292 --field-trial-handle=2212,i,3684080215236086059,18423352130743724684,262144 --disable-features=WebGalleryRotation --brver=23.7.4.972 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:1180
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=9FC0F440-D033-4110-877B-28F4C90B18F7 --brand-id=yandex --partner-id=switch-browser --process-name="Data Decoder Service" --mojo-platform-channel-handle=8536 --field-trial-handle=2212,i,3684080215236086059,18423352130743724684,262144 --disable-features=WebGalleryRotation --brver=23.7.4.972 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:4148
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=9FC0F440-D033-4110-877B-28F4C90B18F7 --brand-id=yandex --partner-id=switch-browser --process-name="Data Decoder Service" --mojo-platform-channel-handle=8560 --field-trial-handle=2212,i,3684080215236086059,18423352130743724684,262144 --disable-features=WebGalleryRotation --brver=23.7.4.972 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:5396
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=9FC0F440-D033-4110-877B-28F4C90B18F7 --brand-id=yandex --partner-id=switch-browser --process-name="Data Decoder Service" --mojo-platform-channel-handle=8796 --field-trial-handle=2212,i,3684080215236086059,18423352130743724684,262144 --disable-features=WebGalleryRotation --brver=23.7.4.972 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:5448
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=9FC0F440-D033-4110-877B-28F4C90B18F7 --brand-id=yandex --partner-id=switch-browser --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=3868 --field-trial-handle=2212,i,3684080215236086059,18423352130743724684,262144 --disable-features=WebGalleryRotation /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  PID:1600
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=ru --service-sandbox-type=none --user-id=9FC0F440-D033-4110-877B-28F4C90B18F7 --brand-id=yandex --partner-id=switch-browser --process-name="Утилиты Windows" --mojo-platform-channel-handle=8808 --field-trial-handle=2212,i,3684080215236086059,18423352130743724684,262144 --disable-features=WebGalleryRotation --brver=23.7.4.972 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:5484
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=ru --service-sandbox-type=none --user-id=9FC0F440-D033-4110-877B-28F4C90B18F7 --brand-id=yandex --partner-id=switch-browser --process-name="Утилиты Windows" --mojo-platform-channel-handle=7508 --field-trial-handle=2212,i,3684080215236086059,18423352130743724684,262144 --disable-features=WebGalleryRotation --brver=23.7.4.972 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:5012
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=ru --service-sandbox-type=none --user-id=9FC0F440-D033-4110-877B-28F4C90B18F7 --brand-id=yandex --partner-id=switch-browser --process-name="Импорт профилей" --mojo-platform-channel-handle=6508 --field-trial-handle=2212,i,3684080215236086059,18423352130743724684,262144 --disable-features=WebGalleryRotation --brver=23.7.4.972 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:5456
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=ru --service-sandbox-type=none --user-id=9FC0F440-D033-4110-877B-28F4C90B18F7 --brand-id=yandex --partner-id=switch-browser --process-name="Импорт профилей" --mojo-platform-channel-handle=812 --field-trial-handle=2212,i,3684080215236086059,18423352130743724684,262144 --disable-features=WebGalleryRotation --brver=23.7.4.972 /prefetch:8
  2⤵
  - Drops file in Program Files directory
  PID:4604
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=ru --service-sandbox-type=none --user-id=9FC0F440-D033-4110-877B-28F4C90B18F7 --brand-id=yandex --partner-id=switch-browser --process-name="Импорт профилей" --mojo-platform-channel-handle=6512 --field-trial-handle=2212,i,3684080215236086059,18423352130743724684,262144 --disable-features=WebGalleryRotation --brver=23.7.4.972 /prefetch:8
  2⤵
  - Drops file in Program Files directory
  PID:6024
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=ru --service-sandbox-type=none --user-id=9FC0F440-D033-4110-877B-28F4C90B18F7 --brand-id=yandex --partner-id=switch-browser --process-name="Импорт профилей" --mojo-platform-channel-handle=8800 --field-trial-handle=2212,i,3684080215236086059,18423352130743724684,262144 --disable-features=WebGalleryRotation --brver=23.7.4.972 /prefetch:8
  2⤵
  - Drops file in Program Files directory
  PID:5376
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=9FC0F440-D033-4110-877B-28F4C90B18F7 --brand-id=yandex --partner-id=switch-browser --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=3872 --field-trial-handle=2212,i,3684080215236086059,18423352130743724684,262144 --disable-features=WebGalleryRotation /prefetch:1
  2⤵
  - Checks computer location settings
  PID:5332
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=deep_links_provider.mojom.DeepLinksProvider --lang=ru --service-sandbox-type=none --user-id=9FC0F440-D033-4110-877B-28F4C90B18F7 --brand-id=yandex --partner-id=switch-browser --process-name="DeepLinks service" --mojo-platform-channel-handle=6500 --field-trial-handle=2212,i,3684080215236086059,18423352130743724684,262144 --disable-features=WebGalleryRotation --brver=23.7.4.972 /prefetch:8
  2⤵
  PID:4932

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --broupdater --broupdater-origin=auto --bits_job_guid={BF03E6A9-23CA-4218-8584-F4B70120E4CD}
1⤵
- Executes dropped EXE
- Enumerates system info in registry
PID:5352
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" --url=https://crash-reports.browser.yandex.net/submit --annotation=install_date=1694760963 --annotation=last_update_date=1694760963 --annotation=launches_after_update=1 --annotation=machine_id=f5ea51da667ecd6b5f2b9d06e4a3fc52 --annotation=main_process_pid=5352 --annotation=metrics_client_id=ccff2033171744daa16ee30a3fb473ed --annotation=micromode=broupdater --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=23.7.4.972 --initial-client-data=0x16c,0x170,0x174,0x148,0x178,0x72b8aa38,0x72b8aa48,0x72b8aa54
  2⤵
  - Executes dropped EXE
  PID:5492
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=9FC0F440-D033-4110-877B-28F4C90B18F7 --brand-id=yandex --partner-id=switch-browser --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2268 --field-trial-handle=2272,i,9105293071834880416,1671436374309980164,262144 --disable-features=WebGalleryRotation /prefetch:2
  2⤵
  - Executes dropped EXE
  PID:5656
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=9FC0F440-D033-4110-877B-28F4C90B18F7 --brand-id=yandex --partner-id=switch-browser --process-name="Network Service" --mojo-platform-channel-handle=2336 --field-trial-handle=2272,i,9105293071834880416,1671436374309980164,262144 --disable-features=WebGalleryRotation --brver=23.7.4.972 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:5980

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --broupdater-stat-bits --broupdater-stat-name=install --bits_job_guid={54635D30-F2C3-484A-A566-631DA3441F67}
1⤵
- Executes dropped EXE
- Enumerates system info in registry
PID:5060
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" --url=https://crash-reports.browser.yandex.net/submit --annotation=install_date=1694760963 --annotation=last_update_date=1694760963 --annotation=launches_after_update=2 --annotation=machine_id=f5ea51da667ecd6b5f2b9d06e4a3fc52 --annotation=main_process_pid=5060 --annotation=metrics_client_id=ccff2033171744daa16ee30a3fb473ed --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=23.7.4.972 --initial-client-data=0x16c,0x170,0x174,0x148,0x178,0x72b8aa38,0x72b8aa48,0x72b8aa54
  2⤵
  - Executes dropped EXE
  PID:5280
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=9FC0F440-D033-4110-877B-28F4C90B18F7 --brand-id=yandex --partner-id=switch-browser --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2252 --field-trial-handle=2256,i,3984181140976551452,5788043259009238183,262144 --disable-features=WebGalleryRotation /prefetch:2
  2⤵
  - Executes dropped EXE
  PID:3268
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=9FC0F440-D033-4110-877B-28F4C90B18F7 --brand-id=yandex --partner-id=switch-browser --process-name="Network Service" --mojo-platform-channel-handle=2288 --field-trial-handle=2256,i,3984181140976551452,5788043259009238183,262144 --disable-features=WebGalleryRotation --brver=23.7.4.972 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:5440

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --broupdater --path-to-rss="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\update_info.rss" --broupdater-origin=auto --bits_job_guid={245AC35D-C478-4B24-978D-35EB347B1D99}
1⤵
- Enumerates system info in registry
PID:5308
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" --url=https://crash-reports.browser.yandex.net/submit --annotation=install_date=1694760963 --annotation=last_update_date=1694760963 --annotation=launches_after_update=2 --annotation=machine_id=f5ea51da667ecd6b5f2b9d06e4a3fc52 --annotation=main_process_pid=5308 --annotation=metrics_client_id=ccff2033171744daa16ee30a3fb473ed --annotation=micromode=broupdater --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=23.7.4.972 --initial-client-data=0x16c,0x170,0x174,0x148,0x178,0x72b8aa38,0x72b8aa48,0x72b8aa54
  2⤵
  PID:436
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=9FC0F440-D033-4110-877B-28F4C90B18F7 --brand-id=yandex --partner-id=switch-browser --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2264 --field-trial-handle=2272,i,18112323248310610291,9083158663494285914,262144 --disable-features=WebGalleryRotation /prefetch:2
  2⤵
  PID:5864
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=9FC0F440-D033-4110-877B-28F4C90B18F7 --brand-id=yandex --partner-id=switch-browser --process-name="Network Service" --mojo-platform-channel-handle=2492 --field-trial-handle=2272,i,18112323248310610291,9083158663494285914,262144 --disable-features=WebGalleryRotation --brver=23.7.4.972 /prefetch:8
  2⤵
  PID:5848
- C:\Users\Admin\AppData\Local\Temp\yabroupdater.tmp
  "C:\Users\Admin\AppData\Local\Temp\yabroupdater.tmp" --do-not-launch-browser --silent --broupdater-using --broupdater-origin=auto
  2⤵
  PID:3112
- - C:\Users\Admin\AppData\Local\Temp\CR_70014.tmp\setup.exe
    "C:\Users\Admin\AppData\Local\Temp\CR_70014.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\CR_70014.tmp\BROWSER.PACKED.7Z" --brand-package="C:\Users\Admin\AppData\Local\Temp\CR_70014.tmp\BRAND" --partner-package="C:\Users\Admin\AppData\Local\Temp\CR_70014.tmp\PARTNER" --update --do-not-launch-browser --silent --broupdater-using --broupdater-origin=auto
    3⤵
    - Checks computer location settings
    PID:3000
  - - C:\Users\Admin\AppData\Local\Temp\CR_70014.tmp\setup.exe
      "C:\Users\Admin\AppData\Local\Temp\CR_70014.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\CR_70014.tmp\BROWSER.PACKED.7Z" --brand-package="C:\Users\Admin\AppData\Local\Temp\CR_70014.tmp\BRAND" --partner-package="C:\Users\Admin\AppData\Local\Temp\CR_70014.tmp\PARTNER" --update --do-not-launch-browser --silent --broupdater-using --broupdater-origin=auto --verbose-logging --run-as-admin --target-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application" --child-setup-process --restart-as-admin-time=640565079
      4⤵
      PID:6056
    - - C:\Users\Admin\AppData\Local\Temp\CR_70014.tmp\setup.exe
        
        C:\Users\Admin\AppData\Local\Temp\CR_70014.tmp\setup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=f5ea51da667ecd6b5f2b9d06e4a3fc52 --annotation=main_process_pid=6056 --annotation=plat=Win64 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=23.9.0.2271 --initial-client-data=0x288,0x28c,0x290,0x264,0x294,0x7ff7bfb059e8,0x7ff7bfb059f8,0x7ff7bfb05a08
        5⤵
        
        PID:2252

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --broupdater-stat-bits --broupdater-stat-name=dayuse --bits_job_guid={7F1A8B92-2C17-44B1-92D4-1834798CBEC9}
1⤵
- Enumerates system info in registry
PID:2984
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=install_date=1694760963 --annotation=last_update_date=1694760963 --annotation=launches_after_update=2 --annotation=machine_id=f5ea51da667ecd6b5f2b9d06e4a3fc52 --annotation=main_process_pid=2984 --annotation=metrics_client_id=ccff2033171744daa16ee30a3fb473ed --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=23.7.4.972 --initial-client-data=0x16c,0x170,0x174,0x148,0x178,0x72b8aa38,0x72b8aa48,0x72b8aa54
  2⤵
  PID:5748
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=9FC0F440-D033-4110-877B-28F4C90B18F7 --brand-id=yandex --partner-id=switch-browser --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2276 --field-trial-handle=2280,i,17826372558989343853,11043046100588840244,262144 --disable-features=WebGalleryRotation /prefetch:2
  2⤵
  PID:5960
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=9FC0F440-D033-4110-877B-28F4C90B18F7 --brand-id=yandex --partner-id=switch-browser --process-name="Network Service" --mojo-platform-channel-handle=2312 --field-trial-handle=2280,i,17826372558989343853,11043046100588840244,262144 --disable-features=WebGalleryRotation --brver=23.7.4.972 /prefetch:8
  2⤵
  PID:5964

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Yandex\YandexBrowser\23.7.4.972\service_update.exe

Filesize
2.4MB

MD5
418664fbb12eba5f4b53cee48b6f0b1e

SHA1
d58327c2cc990bf52ee67c2ab83c9b48d706e95f

SHA256
c28b5665299579fb095dd8a6d21fa096a5848f86b826061cc7e517759f624a25

SHA512
13c0b0c9aea8d3987e362be450f1bfdc1d236179d0f0ccdbfa514e0b2204dd8d078fc3fd719bd27a41e75d034397263de29eb18942f64e62606a0cffc65382f0

Download Submit
C:\Program Files (x86)\Yandex\YandexBrowser\23.7.4.972\service_update.exe

Filesize
2.4MB

MD5
418664fbb12eba5f4b53cee48b6f0b1e

SHA1
d58327c2cc990bf52ee67c2ab83c9b48d706e95f

SHA256
c28b5665299579fb095dd8a6d21fa096a5848f86b826061cc7e517759f624a25

SHA512
13c0b0c9aea8d3987e362be450f1bfdc1d236179d0f0ccdbfa514e0b2204dd8d078fc3fd719bd27a41e75d034397263de29eb18942f64e62606a0cffc65382f0

Download Submit
C:\Program Files (x86)\Yandex\YandexBrowser\23.7.4.972\service_update.exe

Filesize
2.4MB

MD5
418664fbb12eba5f4b53cee48b6f0b1e

SHA1
d58327c2cc990bf52ee67c2ab83c9b48d706e95f

SHA256
c28b5665299579fb095dd8a6d21fa096a5848f86b826061cc7e517759f624a25

SHA512
13c0b0c9aea8d3987e362be450f1bfdc1d236179d0f0ccdbfa514e0b2204dd8d078fc3fd719bd27a41e75d034397263de29eb18942f64e62606a0cffc65382f0

Download Submit
C:\Program Files (x86)\Yandex\YandexBrowser\23.7.4.972\service_update.exe

Filesize
2.4MB

MD5
418664fbb12eba5f4b53cee48b6f0b1e

SHA1
d58327c2cc990bf52ee67c2ab83c9b48d706e95f

SHA256
c28b5665299579fb095dd8a6d21fa096a5848f86b826061cc7e517759f624a25

SHA512
13c0b0c9aea8d3987e362be450f1bfdc1d236179d0f0ccdbfa514e0b2204dd8d078fc3fd719bd27a41e75d034397263de29eb18942f64e62606a0cffc65382f0

Download Submit
C:\Program Files (x86)\Yandex\YandexBrowser\23.7.4.972\service_update.exe

Filesize
2.4MB

MD5
418664fbb12eba5f4b53cee48b6f0b1e

SHA1
d58327c2cc990bf52ee67c2ab83c9b48d706e95f

SHA256
c28b5665299579fb095dd8a6d21fa096a5848f86b826061cc7e517759f624a25

SHA512
13c0b0c9aea8d3987e362be450f1bfdc1d236179d0f0ccdbfa514e0b2204dd8d078fc3fd719bd27a41e75d034397263de29eb18942f64e62606a0cffc65382f0

Download Submit
C:\Program Files (x86)\Yandex\YandexBrowser\23.7.4.972\service_update.exe

Filesize
2.4MB

MD5
418664fbb12eba5f4b53cee48b6f0b1e

SHA1
d58327c2cc990bf52ee67c2ab83c9b48d706e95f

SHA256
c28b5665299579fb095dd8a6d21fa096a5848f86b826061cc7e517759f624a25

SHA512
13c0b0c9aea8d3987e362be450f1bfdc1d236179d0f0ccdbfa514e0b2204dd8d078fc3fd719bd27a41e75d034397263de29eb18942f64e62606a0cffc65382f0

Download Submit
C:\Program Files (x86)\Yandex\YandexBrowser\23.7.4.972\service_update.exe

Filesize
2.4MB

MD5
418664fbb12eba5f4b53cee48b6f0b1e

SHA1
d58327c2cc990bf52ee67c2ab83c9b48d706e95f

SHA256
c28b5665299579fb095dd8a6d21fa096a5848f86b826061cc7e517759f624a25

SHA512
13c0b0c9aea8d3987e362be450f1bfdc1d236179d0f0ccdbfa514e0b2204dd8d078fc3fd719bd27a41e75d034397263de29eb18942f64e62606a0cffc65382f0

Download Submit
C:\Program Files (x86)\chrome_ComponentUnpacker_BeginUnzipping904_180220548\manifest.json

Filesize
984B

MD5
41144103de3d8249d7d3845f5adcaca6

SHA1
c1ce8cea74ab01640d57e3eec9ebb037405852dc

SHA256
ee335ab3ddb8045c7a31165fed6c66ef26e88bdd1012adbc2c1ee0562f7bbc37

SHA512
e73bc8a614ea379a0489f85fdc220485a6b2d5b71cf935ad5d6465cd0a17e5b000ad2b52a99965c1a5a97b85eb91823ea85dd686f20a356c8d4f98b9bb28379a

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
537B

MD5
990f3f28329336530d0d1773a8a81e83

SHA1
522237cfee8765ba0219bf3e1705dd1f510359ca

SHA256
bf89cfb16237a347a5cb34637bc4463b38bb76f8aa40b412b5eea375d94f2f14

SHA512
e5fe9bf6946d75081187ded201ce6df8d60b57cf44393c2a5547e633265ff62bc05bd9c35547cc2661204d01b18a46b2489fa35a4baa7d365ce0131fb1585e57

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
1KB

MD5
fdf295afb1fa95473d68e5f398871975

SHA1
6d17d32961b8dfb162927cc85ecfeb1722fe1a5b

SHA256
ea323e30a3fdbc98cf43ce3f3a4966d7e0dc79368ad9f559e8cbd1496e0ec212

SHA512
59020daab1bd99780c7d4bd22ee8a083acc936644438ea0713f1eecbad33191b06a9df9c54257a8bc48357f3929184dcb2a310ac4339bbc5d439e23b388dae27

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
1KB

MD5
91ac3d6ab4834b1c72ef0a94e3c40fe1

SHA1
9c8c7f80d171e31f9130b464a86ce56eda115f5a

SHA256
3d1e685b0d42d0928225092e10316c90a428f9f0a4666d28a39ed0cb9f11d331

SHA512
249758b4fec8bc676f62ee10af5746fbd29f28071269c91f8369248f1c16a72321f330e435e071bde1d4cfe2f1ca50be45384c9053f14b4b2ca8256e7ea769e5

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
1KB

MD5
1f99f2f8a8001b87da165484fcd6a839

SHA1
e43765a01b9bf13776e58a2e16d03d635ba20561

SHA256
c7f93884e7654768503a0749295a1d87d4853735936d622f04eb95c764bbc999

SHA512
6327e6de52066254098dc4f83947f6b37bb399ba4de5a382777f2af647226684d538e468711c3abe60467e94766d57eee936169a0fc000a3f31dc6cb9b644732

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
2KB

MD5
f57e047274bffe287eff97b6ceb91328

SHA1
9f6d5b6b98af9c6c96bda5a407d3104a9b59b5bd

SHA256
0602db7dcfaddb678550f9158c49e42d7ec4208c058869c2fc3ebe3b50db79f6

SHA512
67a66cc6be0d1d245123d6d9047d0e9a0c39d170a6bdc22a0b91a425a84b1bf1c2a7bc73a5c4065d44b1524b395e611b41f462c41772ca32f8a68cfd6353235c

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
2KB

MD5
f57e047274bffe287eff97b6ceb91328

SHA1
9f6d5b6b98af9c6c96bda5a407d3104a9b59b5bd

SHA256
0602db7dcfaddb678550f9158c49e42d7ec4208c058869c2fc3ebe3b50db79f6

SHA512
67a66cc6be0d1d245123d6d9047d0e9a0c39d170a6bdc22a0b91a425a84b1bf1c2a7bc73a5c4065d44b1524b395e611b41f462c41772ca32f8a68cfd6353235c

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
3KB

MD5
e3379f35387ef53f51236760bd5f2db4

SHA1
633aa5ccc937e9b742cb9019825bf68f65c9a0bd

SHA256
ce6b936c37b34aa1e6326e175ac09b3c55a642cf6cdf88b56222b4fd513f74df

SHA512
284d12dda9678a8461588491b0dd5e4a69ab0002fd34fcd920eb3651ed4c4299bffdbdc9dcb16914e8c3b42249237aeb7c19ec1e1844ad35e8c76c723cdf6778

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
4KB

MD5
4273c93a82d9827cc90fd2b1b0d9ad46

SHA1
7f59ceec2adf3bc66c2a32ecccaa89da686462d8

SHA256
22529b8ab2d0812fb109d0c8efea4e7654e733041487a634cb611db2c4f81dc2

SHA512
393c41c552b4e2324a8215c4135d075a5f1ad75345c139cb7d85bed91fadcb749db6a02e60f7e0ccaac41377272cc25857ec65fc29324bd5e152112e428bfc37

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
4KB

MD5
912560cf34faff0de6bf0daa144c9f0b

SHA1
90998d8fb91dd4a3aae9ffee01a483593723352a

SHA256
5ac3ec29570037a434a1d15ea4263c12f276a0ff341b9b1787134b5d1ba045bb

SHA512
6f1633e965dfe5336499033980a37eab063c4aa9d76c63ba7fe17bb508ec4f3876a3643c2ed36d3e5e64401008c16e33c2198513cd69e6ed2e73d7fb2444a587

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
5KB

MD5
ca9f5b239e3c5b56db642e13e346388e

SHA1
d1b11d8f14946d6c31cb2380a80967421c6bad8b

SHA256
cb24ab9d85d7614c5059ced67fab3eaea669c789c0a85d0fd3631d6428171103

SHA512
4af8bb64e8d08fa57f2c9c4d167f27ae4223bd57aadbb7617d2e6cc8c027573d69232e68af69f4022db6f187360532defa8e062968368f14b857723c046b20d7

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
5KB

MD5
ca9f5b239e3c5b56db642e13e346388e

SHA1
d1b11d8f14946d6c31cb2380a80967421c6bad8b

SHA256
cb24ab9d85d7614c5059ced67fab3eaea669c789c0a85d0fd3631d6428171103

SHA512
4af8bb64e8d08fa57f2c9c4d167f27ae4223bd57aadbb7617d2e6cc8c027573d69232e68af69f4022db6f187360532defa8e062968368f14b857723c046b20d7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B

Filesize
1KB

MD5
394b1d351cca05e314110eb0ed4de6be

SHA1
a7f4b732f43ed018b3fbc15a8c2b90459ad8d2e7

SHA256
80ee588823bc9a0095e0586c220a7196955800a39797f0b6682140babfdb3d65

SHA512
93c8c8be4039c52a26e93bce174a34f7e399b36ce59b8c1175dc2a8edaa3103add81ea64b75c5893dd703e1c2a822d2bef3c9ebb89b5b864bdcf61e06ef8eea6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\349D186F1CB5682FA0194D4F3754EF36_AC1EA69C1A4D607F0EBBD26E5ED61054

Filesize
1KB

MD5
8e8bbffbba8381fb0a7f249e4332551e

SHA1
d8e4352f0c4a55f23ff3a7907e8ae3d3e84d775b

SHA256
d0f3959d479e06cedf7d24ab900c7b6a7b53d96e1b93de15a864cdebfb3e1569

SHA512
668f2510d89019b053ff9147b3c11fb09cbb1cb7641a9549c0f5cc8b84293031bc8ab21b571dced73bc672ffa18e839c7250577f593a71487033d72ddc8cbdbb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\357F04AD41BCF5FE18FCB69F60C6680F_EBD7B8AF3A6D56C51CDE1B85E8C855A8

Filesize
1KB

MD5
66f23ccff76c56ba5a29bd7224b7f987

SHA1
5000252219ae0684d77370b4be26afa110b058c9

SHA256
5661195bfa9a9560e899094fc55a630eb061a1bc61efa2fd3b2ea933a4cc987f

SHA512
ec23241b60a2ff554b0be3a7431c4a3fd2bec926548559dd8bb2411f0aaca36a9888c4c2cca81313e0e8d937c6e9ffc076566786146bca6dad42adab19e01303

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3E3E9689537B6B136ECF210088069D55_EF6C9357BB54DDB629FD2D79F1594F95

Filesize
727B

MD5
d9bf30e83b6025f423951c1b1a2aa57a

SHA1
6a164f76ef02c8db7e14a24d282a9a6827956c9c

SHA256
e74ae7ac5a4e359fd52bcb28504aa33c76f8a29e3cb60d42a0d81bfeebca286c

SHA512
bacb1e34ce530ef2e8ed23fa897ed5a40cec60cffcb0529d0517de5398cdef73005b6628cc9d3c69bd9724a7f6bc61d4fd2f0646b0cb8f9cc19797c85d131117

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

Filesize
471B

MD5
35fae156a276091c0cd4c7d62d73b90c

SHA1
aefcda860e86985ceb57bfac8c278491c584812b

SHA256
b246384db907a7e9c9a2f1ba65fe4a28f8336f72cf3e6868e008203904fa38ec

SHA512
248192bdfbbe4f7bb684f5501dee1aff2b926017d6c91750e271a634ba9a53f30281bfdc9da729c1ef545990a8a8e7c8397e3a7672b450fd06813f9cf50aea92

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E

Filesize
1KB

MD5
ef2363083a92709f311f304ca3e20b04

SHA1
920931e53ad7fe6c7a78ede37967d47b6e1eca95

SHA256
4aba5211be361c531ba417c17d6aa8fe3f4d2f715920f32f9f83b6b8a88aa501

SHA512
7d73c67ac7856907782f5205b124ac7de4187025bc848808894229e05e84358afee951666f20eb317496fba44b22a54fffd61c7f1ebd8101b73f66bf1fce1fe7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3

Filesize
1KB

MD5
908fd0b3f8cb702ee13a44110d79a183

SHA1
d24ef691b77d10350f8e0e8a43cd978ce0fc8d85

SHA256
379b2382abfd67c722d93a5e65d1047d70d51c6b25f1cfe2a528e1a4861b666b

SHA512
97dcc2e6dfff8bb7ce6ca7cb0f288462f6bc2d5d9c51829325832afed541a0eb06014a9a8936bd90147df952c76e106448a0c502cb91d82ec2e7a3885ff2385f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_56DB209C155B5A05FCBF555DF7E6D1BB

Filesize
727B

MD5
326f5c7ab364209fc01802221316a33a

SHA1
bd9a798ea96247d80d807b7266924af505214f98

SHA256
e36f697c6f2eb210b88d65059d6804acd64c97e0153f34962bc7e1ca6f1778a4

SHA512
a4dfe2abe19491b87cc33db2f5516de84188b74a2c7e0d43bbbf660350487a9ab4fe0c40a22e294e152b5bc9515b4da2ab811a0606ede590db079e70ce96db80

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B

Filesize
508B

MD5
976e6665a5892d8f579f02624880cc77

SHA1
70ba1b08d6cc597833e193b064e2424abd6f93ca

SHA256
3cda8e633259557db38c32e9934b30b08fe3b8e206915fc63a7ea353c1905be3

SHA512
0a2d363a23fb0f8d7b361675664a21b0c354a0039e76a47670a475a4ed26ee5ee36fade8e272dc0274db9f54a5ab843c79a436cf150365e810f05465939b6bf7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\349D186F1CB5682FA0194D4F3754EF36_AC1EA69C1A4D607F0EBBD26E5ED61054

Filesize
532B

MD5
0cafabeb65a9df71a0a1fe9e5fdf757e

SHA1
c67d5cc4fc618a8655c90b30cbbe4b3f1b48ea78

SHA256
8100b29ab043bf8cae7409c66c7f45a027aec3e73937e1b738d31e5d4ba269e1

SHA512
053529d3a51ad8763a32a496a6458b408691726f8aee5b834633cf29e377d3fdd1f8fc11d9bf1eb0b317381c75bd416584e4542b36f30f60a7363a6e86ebe3ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\357F04AD41BCF5FE18FCB69F60C6680F_EBD7B8AF3A6D56C51CDE1B85E8C855A8

Filesize
540B

MD5
38b65d8a7403031c8e8d684c096db86b

SHA1
3f8fd15e95bab93f1958ea2831cf39e783425cca

SHA256
4504910fd750f1186a419530227e07beb22182403c64df1ee0113591938a96d7

SHA512
3be74221a2b31eee4b9e553f2475ea05208e632e2734261d194b5c616b2a79796307b5a791e5f6c1658fc0bdc675be8b47449ab78bc92ace87d2002a57d1f170

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3E3E9689537B6B136ECF210088069D55_EF6C9357BB54DDB629FD2D79F1594F95

Filesize
416B

MD5
3044fe478ca3b378c2145463e0791fc2

SHA1
f6da5debd90e6bc79c7544a73bdd51d0bbd53d83

SHA256
e988b0ea59a4d1a9907f34edf93dbbb7b53bf5ec45a18c5de7623d06b7d99667

SHA512
08eb10a107cecc8f7ea5f77a1061437faf62923da0c15a69dedde0de9229bef3d2c14e88ac292f70a18cb2e42251edaba31961375b783827c8013341cc940463

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

Filesize
400B

MD5
65ecf612e97af18e0a278dae5999f0c9

SHA1
d842a5001faa821693b15706574c3bce1b7f040e

SHA256
779b326fcc87290dc0126d4740eb33bad9b32c1a2db00b7cff96f7c22a0dbb91

SHA512
1b066bb4ab4630f22c0eda33241495ac79b808c69951afb4d6e52c5de58a9c4a51d6e0a086fc07522f170f6ff7c066183a0e9c1811802e60cc658fb9021a73a3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E

Filesize
536B

MD5
5e6c48194268453839d2b6f39ca0229c

SHA1
c1addc59337b0f730e0f7f5569700278d40c16d5

SHA256
b5f5c70e5add8bdca34ac4ffc3aaafeea1148b222eaa4f51008ddb35875c9092

SHA512
2503e21f88a2619e10daedde8b73ea1958e4cac9bba0029fefdcb625ed0ac94c536624c05b26bda3512939a989228465121ab761753f5a33c3ecc703f5fc5ba9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3

Filesize
506B

MD5
d05e277270cb2c7b75b4f8b9540c2a8b

SHA1
31516678636050f81664032a92c249ed89250da1

SHA256
32c33ab43a63b6e20ad5832d7ffd366f29fd10db414ad32a7023286e93d6e571

SHA512
01bb5d495ee7f5fe1f1bf479fbc14d858cd08de29b8a7e9e951efb9feb4e9c7ad83e6c75a7a4ee6505430c8c4e208e7c0f261bbe49d9a27ca52c8bf74f5cb370

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_56DB209C155B5A05FCBF555DF7E6D1BB

Filesize
412B

MD5
9c5967afec7e4e4860cdf307693463b1

SHA1
d33107b429dff3b5f0d7c5ac7d4e7765f627b2c2

SHA256
f1491d2c6a3e4cb2c18c7205b8cf4ea212656b14ba5021fb71e0462eb4f566cc

SHA512
3a37893256f5c10948d9aee136c4937f8d0962904adbea99a36ef4fd431a1803bb1fc79b983d1184a12399488747135d69d00286ba85634c125dba2d72cd3ab7

Download Submit
C:\Users\Admin\AppData\Local\Temp\PartnerFile

Filesize
822KB

MD5
3c8d54d1ea507d9c79108aa96a5b3c42

SHA1
bf8625a608be122127189d77030fbab1ff16d81b

SHA256
132f66442164c0a0a884d4047bd0fca8c2e593699c9f93cb8f91824dc35a4709

SHA512
d4bdb7712f6a056251c77dc4d6ea1db2ebd7d8fcac12c6151c51e2bd857230e5e3bd35b22c5918c03fc2b0feef225ce91430f4e309a211e8ae54cb995a4cb662

Download Submit
C:\Users\Admin\AppData\Local\Temp\YB_27CF5.tmp\BRAND_COMMON

Filesize
22.8MB

MD5
87e8a110acda0c07875f0b76115a0996

SHA1
93158463aded6f0b5910581a264349d18814ac26

SHA256
04cb6d2776e1bf23f155ce7199285efde2488d5e06d7f14994098c5e2c17c731

SHA512
e9f3a36794fc032e2758ec1d829c7c05db82b728852411d6c24a177b90670ece595e4bd1078942e70dde87e50de8f5f306a9d4eb3388caf42416aaee6cac4047

Download Submit
C:\Users\Admin\AppData\Local\Temp\YB_27CF5.tmp\BROWSER.PACKED.7Z

Filesize
92.3MB

MD5
99eaae0d8ddd7aa0d448d421d7d2e508

SHA1
b97e0ca8b617b96b733718681da1c900b0bc67f5

SHA256
5fdd5e6bc027555693b1ddb570ec61ea964bb48f31bbf0bee8bbf5f278e87167

SHA512
d58a335276264fd7959922ea9fa4e04034ad4b2e732da5cfc883f4951959402812a847491a9d4573030f0b063ad6db2736fe52abf7e301e8b323bf0345c58e8c

Download Submit
C:\Users\Admin\AppData\Local\Temp\YB_27CF5.tmp\brand_yandex

Filesize
1.6MB

MD5
f83bf711152f723c9f322c3d66d75c04

SHA1
79186a7cc99beacb542896166864c6c58cb1ed2d

SHA256
d0bb44f3edce1ec33b7c135704a8d3db326c272e58644d38efdfb0e62edf66fe

SHA512
9d56b2355ce59dc7870aa32c2d001a2f60420492e597503dc4af667e5b44ba6c956c28643b7514642f7a7ad729bfc18473b0422a2b37438fc838735a9103210a

Download Submit
C:\Users\Admin\AppData\Local\Temp\YB_27CF5.tmp\setup.exe

Filesize
3.8MB

MD5
e2237cd17408468eedef3b6964140846

SHA1
0228f5e3ac19f8bb71cbdb9878f9415e0c797eb8

SHA256
123b3caab92cce6ad5d781f7789e17c49f58c445db72cfc5b24436f9ea688105

SHA512
a5a020ad9c14e04f38a23c3643c9a95693d6686eb7c354898b9c2c797dec9f1e5c74fc3be639dab92bfd37ee851ed44c74a3987026b483f0b28b0f8eff42dd62

Download Submit
C:\Users\Admin\AppData\Local\Temp\YB_27CF5.tmp\setup.exe

Filesize
3.8MB

MD5
e2237cd17408468eedef3b6964140846

SHA1
0228f5e3ac19f8bb71cbdb9878f9415e0c797eb8

SHA256
123b3caab92cce6ad5d781f7789e17c49f58c445db72cfc5b24436f9ea688105

SHA512
a5a020ad9c14e04f38a23c3643c9a95693d6686eb7c354898b9c2c797dec9f1e5c74fc3be639dab92bfd37ee851ed44c74a3987026b483f0b28b0f8eff42dd62

Download Submit
C:\Users\Admin\AppData\Local\Temp\YB_27CF5.tmp\setup.exe

Filesize
3.8MB

MD5
e2237cd17408468eedef3b6964140846

SHA1
0228f5e3ac19f8bb71cbdb9878f9415e0c797eb8

SHA256
123b3caab92cce6ad5d781f7789e17c49f58c445db72cfc5b24436f9ea688105

SHA512
a5a020ad9c14e04f38a23c3643c9a95693d6686eb7c354898b9c2c797dec9f1e5c74fc3be639dab92bfd37ee851ed44c74a3987026b483f0b28b0f8eff42dd62

Download Submit
C:\Users\Admin\AppData\Local\Temp\YB_27CF5.tmp\setup.exe

Filesize
3.8MB

MD5
e2237cd17408468eedef3b6964140846

SHA1
0228f5e3ac19f8bb71cbdb9878f9415e0c797eb8

SHA256
123b3caab92cce6ad5d781f7789e17c49f58c445db72cfc5b24436f9ea688105

SHA512
a5a020ad9c14e04f38a23c3643c9a95693d6686eb7c354898b9c2c797dec9f1e5c74fc3be639dab92bfd37ee851ed44c74a3987026b483f0b28b0f8eff42dd62

Download Submit
C:\Users\Admin\AppData\Local\Temp\clids.xml

Filesize
606B

MD5
6114476799216a04b18987cb8d4b777e

SHA1
9d1d65b8cee5d8ce2cbc9aee321259ff3f1b90c7

SHA256
e2c329938240d4870d167ebad9582ba480cdb03499974718fb06f23d834f4f9d

SHA512
3961154c80c2c805ea66fb072d43b1dd9ccf7878bf8047adf1df16d6d3e3eeec2d277f1091a18ecc5a402d86a6afbb438d02b56650fa1a907c48e200e3f053b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\distrib_info

Filesize
297B

MD5
b7b034323e369afb4e9973bc5b12b0db

SHA1
e3965fad02a64948ecf0b89972bc20b586c29151

SHA256
f0c5acbc46e492621d3f930ad1846132ba512b82314ed69f2935225a5a64b90c

SHA512
299ae216b40c7b939dbce52caf40b427682de572a283eae7e5ebb4d2cda531fb13e63914daf17251cc4315e85f1db7827aa6eb5f55bd93aff39452b586fc2f89

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
12KB

MD5
5fa98c3e26e0aa1b2397d8d357703d93

SHA1
ff89c2bc67c265193afc70eb98e61b29527cef14

SHA256
fbc9e8d4b2455a7fa9894ef490bb5c6e2c1c51cd79340f599c202ebd0a726f0e

SHA512
ee6441a1cc2f111157726347ef296e8ef23cbf034a86caad878a8c237ca6ece028b2d8302aee3f1c4c76c08e04ac0cdc38725eb60fce07688e83699a125725a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
3KB

MD5
1d72e784092c86ac51d73ac4aa4c5b0f

SHA1
8c12fcd9b28f3bb8d30319eb6673fe6ee0a5d04c

SHA256
0c1c348eff26c8fd70a7b39a0a0205e8025513042dfc8a937cabcf02b58945fc

SHA512
568e6c7e35202f36a02083225c527b2726907ef920845f2b680303a349497904ea618e2068ae13bc558687bede097952c095b909a04616020fd3cd509d074bc2

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
12KB

MD5
182946169176664423cd6855d5243de2

SHA1
9d5580be462c866214f778dd8fd7f669fdd0744d

SHA256
441a2210c2aabe1a7afd610344db300ab53936472c045eb4cf4b9375bdfca200

SHA512
b6c4df952baf031391b2b2cf6f6a211864176fe4f1b9c44e317e4e257c583c765983f27d9f1ff88c11a40b8c949d28eac87bc53a8039f7ec4972bc04f0b61d28

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
4KB

MD5
f3783c18f57af6a6ba69fa574ac144b7

SHA1
433eb99ba5fe944524cf8c291114fa9c85743f44

SHA256
66d999794608b313318f305ff5f5433c42750cc845d03869a48fb7fe38bac9ed

SHA512
5f5ea8f59fba078a4357fe2b2a39c68b0cb90846d94fa8f146869225a60242069169f4eadd004bbafdff5e9c37165dfc4dcb21ac5bcee8606109ceb4355d044c

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
23KB

MD5
47a133744aa6bc6e320f41df4fa0fe86

SHA1
dc30551418275c53482cf5d60c1ee0b2b446fcfe

SHA256
39e710e00867c57daed83da253bad1a37dc73d47c636ef955ef22fda0e5ef370

SHA512
3c5fb82cd2a459501e5c8cdfe625cc721c7efcf65db31460e24132b712b0f436455d7239dfa5d1e4b3cbfc53e22276b76752c8febe7c4dc52dc9585d74c1eb22

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
24KB

MD5
3f7e32639d04389c77dd90419f043b3b

SHA1
ef8b5280474390840000de85dfb65bbf0e3feb8a

SHA256
bfe06ff234b0b29565eabf82ed808d1cde0d3166f64eabf453143b6291860ae1

SHA512
98085b425fa4427dc8343eb9bfa36beec379ae04820ee0e0fad4b70bd8bf17da189b5db3a718bc54c53cdea402dbec63f4bd291b767611ef454681768c905f6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
5KB

MD5
9dab2046e0ee0679b075ece047cab321

SHA1
818758ad1fbd38623f95a61ea5b5e2c39b2ef2a3

SHA256
8d94043539dd9a51fd525f72ba7f8d6054419ba8ecf02d0894dc182c2504ca89

SHA512
3738911068a8c53420988b24d6ed223be698f92fefedcb5618e853b45ae28fcc57fe0860f2923d8c7d0c32061b2f1c7630ac70617bdd631069d8c207fe47ba9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\master_preferences

Filesize
138KB

MD5
5f4eab5f5ce84cb2b2d5f4278c2d9722

SHA1
f80b19632880375db9dc24e08c0431a15c6b1bec

SHA256
bcbd74443053c7c63d05f2b1deb0e5eddc036d7f876596fdef0cc6f7aecb26d2

SHA512
2bab4a88e8773c60342e0695361b88f5eb06e36ebbf39c047eebc1a6ba46b6098ea5c882e952355991eb64cc792227b1a0c54e49a3dedeb2b0e8c668eb4d8367

Download Submit
C:\Users\Admin\AppData\Local\Temp\master_preferences

Filesize
138KB

MD5
5f4eab5f5ce84cb2b2d5f4278c2d9722

SHA1
f80b19632880375db9dc24e08c0431a15c6b1bec

SHA256
bcbd74443053c7c63d05f2b1deb0e5eddc036d7f876596fdef0cc6f7aecb26d2

SHA512
2bab4a88e8773c60342e0695361b88f5eb06e36ebbf39c047eebc1a6ba46b6098ea5c882e952355991eb64cc792227b1a0c54e49a3dedeb2b0e8c668eb4d8367

Download Submit
C:\Users\Admin\AppData\Local\Temp\master_preferences

Filesize
138KB

MD5
5f4eab5f5ce84cb2b2d5f4278c2d9722

SHA1
f80b19632880375db9dc24e08c0431a15c6b1bec

SHA256
bcbd74443053c7c63d05f2b1deb0e5eddc036d7f876596fdef0cc6f7aecb26d2

SHA512
2bab4a88e8773c60342e0695361b88f5eb06e36ebbf39c047eebc1a6ba46b6098ea5c882e952355991eb64cc792227b1a0c54e49a3dedeb2b0e8c668eb4d8367

Download Submit
C:\Users\Admin\AppData\Local\Temp\pin\explorer.exe

Filesize
618KB

MD5
3a9cc3b6492f73b535010d24dae3a7fc

SHA1
4b78f1a4d2b45b2150394776d0c648ad3dd16fdc

SHA256
bc015f6ad83691c85653f8397022b1b8d436d95a907cd5e699e55120083fa8b9

SHA512
58fc7ea7418ea19c6e53f85149f5350e8c7d1211334c52d538cfa73c4abc6167ec1ac1ba687b64754ec2a6349aae1a3773ff8baa6c0d2fd8a4573be657112f84

Download Submit
C:\Users\Admin\AppData\Local\Temp\pin\explorer.exe

Filesize
618KB

MD5
3a9cc3b6492f73b535010d24dae3a7fc

SHA1
4b78f1a4d2b45b2150394776d0c648ad3dd16fdc

SHA256
bc015f6ad83691c85653f8397022b1b8d436d95a907cd5e699e55120083fa8b9

SHA512
58fc7ea7418ea19c6e53f85149f5350e8c7d1211334c52d538cfa73c4abc6167ec1ac1ba687b64754ec2a6349aae1a3773ff8baa6c0d2fd8a4573be657112f84

Download Submit
C:\Users\Admin\AppData\Local\Temp\yandex_browser_installer.log

Filesize
5KB

MD5
96d6a207823c47fc325197e0acfcda42

SHA1
499777b130df1360879e9c57411566cf94cc5c6f

SHA256
30987cf8c25cb382f16bef95ab1e196d2316ad08dcb26566a06b2de36cc8a7c4

SHA512
f8c1c4117650f4dbe96ee16865c9f216f2333b86d4615aeb30c6865a7361a059631c6f6ddced844cd3d89a77dcf045f7b4c830eee5aabc7dd0f9dcd2d07559d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\yandex_browser_updater.log

Filesize
5KB

MD5
0c3e8a920b5d0d65eaa8e649c24af4c3

SHA1
fd4e63d328830ec65c34d7651a8551ef8faa468f

SHA256
5fc6ded02fcbdc67518a5fc4a9b7f5ac612b408e499e7dbb312006683f4633b1

SHA512
2ce2156ca36cec795220ff8e2393e52d15933223c2886e75f4470ee21885e28107e4ed29c7554f616634e6d121990dc6e0099da9e53e9cce9b98b1d00f90ebce

Download Submit
C:\Users\Admin\AppData\Local\Temp\ybDDFC.tmp

Filesize
129.0MB

MD5
db579794312316aa1138d010287a5dd2

SHA1
29aa232b671ea24c281ae1e8e3f4e7620f7c2a22

SHA256
e5104fa04845b01df203c4fd295a2183cce1f688154ef23ed73fd7b000edcfb3

SHA512
d67ae84449d74b5d2426943c4debd381bbb9234f7854b55d64f05472f8de5f7933bece0084bad92ef700d87b902670d5794fcec697135b6d5c22604e6a8e687b

Download Submit
C:\Users\Admin\AppData\Local\Temp\ybDDFC.tmp

Filesize
129.0MB

MD5
db579794312316aa1138d010287a5dd2

SHA1
29aa232b671ea24c281ae1e8e3f4e7620f7c2a22

SHA256
e5104fa04845b01df203c4fd295a2183cce1f688154ef23ed73fd7b000edcfb3

SHA512
d67ae84449d74b5d2426943c4debd381bbb9234f7854b55d64f05472f8de5f7933bece0084bad92ef700d87b902670d5794fcec697135b6d5c22604e6a8e687b

Download Submit
C:\Users\Admin\AppData\Local\Temp\ybDDFC.tmp

Filesize
129.0MB

MD5
db579794312316aa1138d010287a5dd2

SHA1
29aa232b671ea24c281ae1e8e3f4e7620f7c2a22

SHA256
e5104fa04845b01df203c4fd295a2183cce1f688154ef23ed73fd7b000edcfb3

SHA512
d67ae84449d74b5d2426943c4debd381bbb9234f7854b55d64f05472f8de5f7933bece0084bad92ef700d87b902670d5794fcec697135b6d5c22604e6a8e687b

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe

Filesize
618KB

MD5
3a9cc3b6492f73b535010d24dae3a7fc

SHA1
4b78f1a4d2b45b2150394776d0c648ad3dd16fdc

SHA256
bc015f6ad83691c85653f8397022b1b8d436d95a907cd5e699e55120083fa8b9

SHA512
58fc7ea7418ea19c6e53f85149f5350e8c7d1211334c52d538cfa73c4abc6167ec1ac1ba687b64754ec2a6349aae1a3773ff8baa6c0d2fd8a4573be657112f84

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe

Filesize
618KB

MD5
3a9cc3b6492f73b535010d24dae3a7fc

SHA1
4b78f1a4d2b45b2150394776d0c648ad3dd16fdc

SHA256
bc015f6ad83691c85653f8397022b1b8d436d95a907cd5e699e55120083fa8b9

SHA512
58fc7ea7418ea19c6e53f85149f5350e8c7d1211334c52d538cfa73c4abc6167ec1ac1ba687b64754ec2a6349aae1a3773ff8baa6c0d2fd8a4573be657112f84

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.lnk

Filesize
2KB

MD5
8cf085b39270e827a81b943c0523af5c

SHA1
0b3468774fc6708883fa981ca605d699728edbad

SHA256
da8792a97782803f2d7fcd12cfdc53ec1ce94a77c904ae02f60cb41bb6021411

SHA512
c2fe0abf79d4900bb812e9b52e427207e9cde926d42bfbc1bbf33dc3a8ca552521779ac177b96642401eb63cfdcf11b98e6b2a820628165f4c755333a5f5a20f

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.lnk

Filesize
2KB

MD5
8cf085b39270e827a81b943c0523af5c

SHA1
0b3468774fc6708883fa981ca605d699728edbad

SHA256
da8792a97782803f2d7fcd12cfdc53ec1ce94a77c904ae02f60cb41bb6021411

SHA512
c2fe0abf79d4900bb812e9b52e427207e9cde926d42bfbc1bbf33dc3a8ca552521779ac177b96642401eb63cfdcf11b98e6b2a820628165f4c755333a5f5a20f

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YaPin\YandexWorking.exe

Filesize
618KB

MD5
3a9cc3b6492f73b535010d24dae3a7fc

SHA1
4b78f1a4d2b45b2150394776d0c648ad3dd16fdc

SHA256
bc015f6ad83691c85653f8397022b1b8d436d95a907cd5e699e55120083fa8b9

SHA512
58fc7ea7418ea19c6e53f85149f5350e8c7d1211334c52d538cfa73c4abc6167ec1ac1ba687b64754ec2a6349aae1a3773ff8baa6c0d2fd8a4573be657112f84

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YaPin\yandex.website

Filesize
488B

MD5
2baf611b1b6876e6c393054aa8c46a0a

SHA1
3d26e532d5b37939b51884bfb53732070c4dca9a

SHA256
5f7570144541408b41c15373bb8870e7bde53ad3c5413e2f6000e6f0e449b853

SHA512
1a0dc02bdd53e1bd49b2a72b10828463f5c8bed8a17b8498eb4ae939a40dfd8bcaeba1feac1190f5595b4da245a7aa0e4507724ef9fb74172b29581e885cd563

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\23.7.4.972\Installer\setup.exe

Filesize
3.8MB

MD5
e2237cd17408468eedef3b6964140846

SHA1
0228f5e3ac19f8bb71cbdb9878f9415e0c797eb8

SHA256
123b3caab92cce6ad5d781f7789e17c49f58c445db72cfc5b24436f9ea688105

SHA512
a5a020ad9c14e04f38a23c3643c9a95693d6686eb7c354898b9c2c797dec9f1e5c74fc3be639dab92bfd37ee851ed44c74a3987026b483f0b28b0f8eff42dd62

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\23.7.4.972\brand_config

Filesize
7KB

MD5
58ff02594657e64b54fd0592a58e6655

SHA1
6ec75b1338ad4d9c32ac358f9d3fe4efff1f346d

SHA256
74fb15e8ebc060137f8b1f7be9b6a1357c4b61ad4f2ccc5a80b7a88790bb6948

SHA512
1b48f17cf519dabe4160610d44be28d6b9c79e09b32a934a2cb7aee359446553e77d96de1f1a2fca051ab841119a04f137b34e32717f482b590758f496ed0525

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\23.7.4.972\partner_config

Filesize
597B

MD5
c76115476a14612a58c93aa9d3b3e2ea

SHA1
7edf22c46580399fe67ca901275fbf9fec9c3fe9

SHA256
cdc0090a1978c9dbf32a96de9b8473e8b057b71c391e6340f52565c9a3c7a1e0

SHA512
866c5ba8b57c1d223ce952c0a638fca466d81a9b64223863d0ec943b205071c818e966c5362fab26ec9270ffeecef2d2a62c25a83b607644ecc25869b686d795

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\YandexDictionaries\ru.bdic

Filesize
4.5MB

MD5
ac3768f0462853d08df284e67c7c4ebd

SHA1
732581ac6f2e02246696817adc53d2e2e5d0dcb5

SHA256
af2bcc135f974aad505a8f55296117dbf4cbc095931e22f424698b181d273656

SHA512
27d558deffeeefe1198aebdf65a3fef0b0f3d6b6c4177d03ff32b0363f0a2fb1b7ff6454f45dd3254427cec9174b03181c50bc51dba212e6ab0114a6e72bcf96

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

Filesize
3.8MB

MD5
17d9366abe2a25096697f13e683d8927

SHA1
3e1d9fccd45aed7b19369ca7bc8bd6b6c6753daf

SHA256
19daa9d8b1f8ef799d37dfe4d5c5d64499f5ce547b5c6f40c2ef8dcf667f4cfb

SHA512
48a315960c0761381fd8725cc52ebaddf3e85283f238a440851b4d8935c9d4d49000a9b9040ce497fcdf0a55924ead409421acb2ddbd0323e31b8283226fd3fe

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe

Filesize
147KB

MD5
86b97526f262ecf87ed7ecd6c7eb4218

SHA1
d009c56e5fdadb73975c253a14616098dc8d243d

SHA256
33919f6b6975431c22a06c41c32e5f7092860958c68e453eaff9781bb6ab274a

SHA512
dcfa8730ff4da19ecdf72507f36fac86f47c6133a13499605de9a70e8533da1984ff7f5800dc9a597c27b4649f237203f5400e344e22d3b3eb98e2d63f34f20f

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe

Filesize
147KB

MD5
86b97526f262ecf87ed7ecd6c7eb4218

SHA1
d009c56e5fdadb73975c253a14616098dc8d243d

SHA256
33919f6b6975431c22a06c41c32e5f7092860958c68e453eaff9781bb6ab274a

SHA512
dcfa8730ff4da19ecdf72507f36fac86f47c6133a13499605de9a70e8533da1984ff7f5800dc9a597c27b4649f237203f5400e344e22d3b3eb98e2d63f34f20f

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe

Filesize
147KB

MD5
86b97526f262ecf87ed7ecd6c7eb4218

SHA1
d009c56e5fdadb73975c253a14616098dc8d243d

SHA256
33919f6b6975431c22a06c41c32e5f7092860958c68e453eaff9781bb6ab274a

SHA512
dcfa8730ff4da19ecdf72507f36fac86f47c6133a13499605de9a70e8533da1984ff7f5800dc9a597c27b4649f237203f5400e344e22d3b3eb98e2d63f34f20f

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\install_state.json

Filesize
1KB

MD5
4f8297a1e34c5bb8cd2561b0cdb02a24

SHA1
9e5a5dafa3ade064a1390325be13c70a43bc8924

SHA256
8b87e337c68ad263eb633278140587cc5b842e7d5974f8ffafa30ce9f9023dd3

SHA512
72afde152ce0f48b3fe4ef473db46d39857cb3a4b71a538a2f7de6a1283e3c23eca134df9ad883e55b233ca367ace35d93c471964b24d667f3942e56a2f43f8c

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.7.4.972\Extensions\ghjgbemlcjioaaejhnnmgfpiplgalgcl.json

Filesize
122B

MD5
8f1ef981951ada25c4b739f4654e73d4

SHA1
cc03a958ce4fa86a76d10f343a4e236e2d4a0c8f

SHA256
a1d9c5c34ae669a1cfc64ed674a1202e2659567c2092a5b16ae0b9bd56ede5e6

SHA512
0687aaec870e30d759804f53a47814ad56a74063c23a5068f013f70fec1296bba0d69b8e002d66cc865f01aba437fdd46c5289454b978f3bb9d840b80e380962

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.7.4.972\resources\about_logo_en.png

Filesize
1KB

MD5
1376f5abbe56c563deead63daf51e4e9

SHA1
0c838e0bd129d83e56e072243c796470a6a1088d

SHA256
c56ae312020aef1916a8a01d5a1fc67ed3b41e5da539c0f26632c904a5e49c62

SHA512
a0bab3bae1307ea8c7ccbd558b86c9f40e748cdd6fd8067bb33eeef863191534af367a0058111553a2c3a24e666a99009176a8636c0a5db3bf1aa6226130498f

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.7.4.972\resources\about_logo_en_2x.png

Filesize
3KB

MD5
900fdf32c590f77d11ad28bf322e3e60

SHA1
310932b2b11f94e0249772d14d74871a1924b19f

SHA256
fe20d86fd62a4d1ab51531b78231749bd5990c9221eab1e7958be6d6aef292d9

SHA512
64ebc4c6a52440b4f9f05de8ffb343c2024c4690fe5c9f336e78cd1dd01ae8225e8bc446f386feb442e76136b20d6b04ee293467b21f5b294ce25e500922f453

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.7.4.972\resources\about_logo_ru.png

Filesize
1KB

MD5
ff321ebfe13e569bc61aee173257b3d7

SHA1
93c5951e26d4c0060f618cf57f19d6af67901151

SHA256
1039ea2d254d536410588d30f302e6ab727d633cf08cb409caa5d22718af5e64

SHA512
e98fbfb4ed40c5ac804b9f4d9f0c163508c319ec91f5d1e9deb6a5d3eada9338980f1b5fe11c49e6e88935ecd50119d321ce55ca5bdd0723a6e8c414e1e68e16

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.7.4.972\resources\about_logo_ru_2x.png

Filesize
3KB

MD5
a6911c85bb22e4e33a66532b0ed1a26c

SHA1
cbd2b98c55315ac6e44fb0352580174ed418db0a

SHA256
5bb0977553ded973c818d43a178e5d9874b24539dacbd7904cd1871e0ba82b23

SHA512
279fb0c1f2871ce41b250e9a4662046bc13c6678a79866eaf317cc93c997a683114122092214ce24f8e7f8a40520fe4ca03f54930148f4f794df0df3ecf74e9d

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.7.4.972\resources\configs\all_zip

Filesize
588KB

MD5
7b52a6cebfa35a3fc98c7e7742cf7a0e

SHA1
ea6616712701fd881f7b8c403824b410edb5e491

SHA256
7e92b82ab108261c2fb4a94af5bd3d3a0e33f8b2ef55056a409ddc1f4f0b9333

SHA512
ef16447e36b636711a66cb5ec24b8d06a5bc4096bb8b2a07ac611506c365b4e0f42764bd01d7539c1dc7f994285cf3c278e968a4aafda7bc4da2e1b7e825edf6

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.7.4.972\resources\easylist\easylist.txt

Filesize
620KB

MD5
8e4bcad511334a0d363fc9f0ece75993

SHA1
62d4b56e340464e1dc4344ae6cb596d258b8b5de

SHA256
2f317fee439877eaadb1264bd3d1e153c963ef98596a4ccf227592aea12ae76f

SHA512
65077bd249c51be198234ff927040ef849cd79adcd611ed2afae511bc2a257a21f13171bf01cb06fce788c1cff88c8ad39cf768c5900d77cd15453a35e7f0721

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.7.4.972\resources\easylist\manifest.json

Filesize
68B

MD5
15bcd6d3b8895b8e1934ef224c947df8

SHA1
e4a7499779a256475d8748f6a00fb4580ac5d80d

SHA256
77334f6256abddcc254f31854d1b00aa6743e20aadbb9e69187144847099a66b

SHA512
c2d3778a99af8d8598e653593d5e2d1d0b3b2ace11addd2d3eeb2bf3b57d51bf938ddaf2d2743322e0ce02e291b81f61c319daf34c1cd604ffce1f6407a30b34

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.7.4.972\resources\extension\elokbjeafkcggjfjkakpchmcmhkhaofn\brand_settings.json

Filesize
384B

MD5
4bd2ffe5e645a04d6a7047ac47969fa5

SHA1
73b988a08b3b1e72a38e4ee0e9813cc09946e555

SHA256
a9cf92fb5076df30264c75da6f1b6e41bf592567d5e7bf170c21beba628aafe2

SHA512
0125141dc02b40cefa34280311653c1fe0815ecf005d93814f06ceb7f2e2d1789ca7d5907a5cf069880a742db19fc74289467a0538fe329670d9c0397135e1f8

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.7.4.972\resources\extension\fcgfaidpicddcilhjhafmmcgfodijhjd\brand_settings.json

Filesize
319B

MD5
94e409c4948755c18ed015a9ea88194d

SHA1
9725a6622664ab4332f07e04c4f8a23c86daf695

SHA256
ce1e2092945df5b00797e81185cc4db54070583ed92af19dd5d104e1aa4343a9

SHA512
e59d6730078b06dcd51a68c1a729244f3af76d97083b75a4fa05ac323d6f6e61c882b41a821c15595c3483b75995bfbdcdbc55bc3609f0d470b8e96ca1c4a196

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.7.4.972\resources\extension\gopnelejddjjkamjfblkcijjikkinnec\brand_settings.json

Filesize
250B

MD5
338199392c0ee2d8530b8d0516f6d2eb

SHA1
2ce5daca88f6296335dcd3167a5f54d87687f85a

SHA256
c9c85c1fad9bd1e26e42d3b35e7e5ba5d6af4b87e13846b3d71518274896a9cb

SHA512
6a89b757abb2e51c46214bf6b111e7ae085ebdef43ce656695e1d7eec91c2f33bfb95868b2cc3749e5e7f3c435bb65d830c96fdd01abee4f9106d1b11ecaf2c1

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.7.4.972\resources\import-bg.png

Filesize
9KB

MD5
85756c1b6811c5c527b16c9868d3b777

SHA1
b473844783d4b5a694b71f44ffb6f66a43f49a45

SHA256
7573af31ed2bfcfff97ed2132237db65f05aff36637cd4bdeccdf8ca02cd9038

SHA512
1709222e696c392ca7bcd360f9a2b301896898eb83ddfb6a9db0d0c226a03f50671633b8bed4d060d8f70df7282ffc2cd7ab1d1449acf2e07a7b6c251aa3a19e

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.7.4.972\resources\morphology\dictionary-ru-RU.mrf

Filesize
1.1MB

MD5
0be7417225caaa3c7c3fe03c6e9c2447

SHA1
ff3a8156e955c96cce6f87c89a282034787ef812

SHA256
1585b1599418d790da830ef11e8eeceee0cbb038876fe3959cc41858bd501dbc

SHA512
dfc0de77b717029a8c365146522580ab9d94e4b2327cef24db8f6535479790505c337852d0e924fbfa26e756b3aec911f27f5f17eba824496365c9a526464072

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.7.4.972\resources\morphology\dictionary-ru-RU.mrf.sig

Filesize
256B

MD5
d704b5744ddc826c0429dc7f39bc6208

SHA1
92a7ace56fb726bf7ea06232debe10e0f022bd57

SHA256
151739137bbbdf5f9608a82ec648bdf5d7454a81b86631b53dfc5ad602b207d6

SHA512
1c01217e3480872a6d0f595ceb1b2242ffe3e1ff8b3fdd76eea13a7541606b94d3ccd69492a88220e0e40c17da5d785e4dba1d7501e6be749b9c46f72572ef6f

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.7.4.972\resources\morphology\stop-words-ru-RU.list

Filesize
53B

MD5
b255d75a7ee1052a3648bfffd2b31f6b

SHA1
57a388c0a6f44bacf8576a4d54ae520f649e9990

SHA256
0f45d855adcb5517b3e8d747ac385cbd7d493bc0529a7c567c750ba765772040

SHA512
9a4cc4a1e6d9c188c24f628ccc109f447a2ebc8b42e5e6daccee0617dcdd3f1cc79206e6278154583c29dd8d1180072c463ed88ac56e87a6de1449f40494c292

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.7.4.972\resources\safebrowsing\download.png

Filesize
437B

MD5
528381b1f5230703b612b68402c1b587

SHA1
c29228966880e1a06df466d437ec90d1cac5bf2e

SHA256
3129d9eaba1c5f31302c2563ebfa85747eda7a6d3f95602de6b01b34e4369f04

SHA512
9eb45b0d4e3480a2d51a27ac5a6f20b9ef4e12bf8ac608043a5f01a372db5ea41a628458f7a0b02aaba94cd6bb8355a583d17666f87c3f29e82a0b899e9700bd

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.7.4.972\resources\sxs.ico

Filesize
43KB

MD5
592b848cb2b777f2acd889d5e1aae9a1

SHA1
2753e9021579d24b4228f0697ae4cc326aeb1812

SHA256
ad566a3e6f8524c705844e95a402cdeb4d6eed36c241c183147409a44e97ebcd

SHA512
c9552f4db4b6c02707d72b6f67c2a11f1cf110b2c4ac5a1b7ac78291a14bf6eb35a9b4a05bc51ac80135504cd9dcad2d7a883249ee2e20a256cb9e9ceeb0032f

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.7.4.972\resources\tablo

Filesize
739KB

MD5
95a7ef9c825fc581fe51b098e36b250a

SHA1
983d5bb2165f9e0ca8499c5745b320cf1b69c1fd

SHA256
f523b8634e374261e556d14e0d4fd87f3618d9bebd905d7e9cf844d928690d9e

SHA512
86e6a54f8e80afb00f070b855068b5fa0a484791c3b8f7d588f78f323e4b046d36775f2b9e02ec86bf56d619a9452c40486df08643abc038de915acfcfea0c64

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.7.4.972\resources\wallpapers\1-1x.png

Filesize
18KB

MD5
80121a47bf1bb2f76c9011e28c4f8952

SHA1
a5a814bafe586bc32b7d5d4634cd2e581351f15c

SHA256
a62f9fdf3de1172988e01a989bf7a2344550f2f05a3ac0e6dc0ccd39ed1a697e

SHA512
a04df34e61fd30764cf344b339ba2636b9280a358863f298690f6a8533c5e5dfa9773a14f8d16a5bb709ea17cf75e1da6302335aa9120009892e529bfad30df9

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.7.4.972\resources\wallpapers\custogray\custogray_full.png

Filesize
313B

MD5
55841c472563c3030e78fcf241df7138

SHA1
69f9a73b0a6aaafa41cecff40b775a50e36adc90

SHA256
a7cd964345c3d15840b88fd9bc88f0d0c34a18edbf1ce39359af4582d1d7da45

SHA512
f7433d17937342d9d44aa86bcc30db9ae90450b84aa745d2c7390ff430449e195b693a8ae6df35d05fee2d97149a58a7d881737d57902d9885c6c55393d25d6f

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.7.4.972\resources\wallpapers\custogray\preview.png

Filesize
136B

MD5
0474a1a6ea2aac549523f5b309f62bff

SHA1
cc4acf26a804706abe5500dc8565d8dfda237c91

SHA256
55a236ad63d00d665b86ff7f91f2076226d5ed62b9d9e8f835f7cb998556545f

SHA512
d8e3de4fea62b29fd719376d33a65367a3a2a2a22ed175cc1eeff3e38dfbaac448c97a6fbea55bc6159351d11a6aad97e09cb12548cf297e01bd23bf6074de08

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.7.4.972\resources\wallpapers\custogray\wallpaper.json

Filesize
244B

MD5
19feb60966afbb9d1b797a050278f13e

SHA1
9874bcea4222a8f56d59c91b7abe603687a4f67d

SHA256
94cf5e38c38f78a42d70599c469a3969e4b3feb292da450a947d8463a57bfb9d

SHA512
2abd6fb2bd126ef99a7f0bb79072fdcdea2670d1b296ace2b4f9ebbabb343594b140b6c2728c31af339465619a8ee9faa2e3d64e1847e9557c50a79144d24196

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.7.4.972\resources\wallpapers\fir_tree\fir_tree_preview.png

Filesize
8KB

MD5
d6305ea5eb41ef548aa560e7c2c5c854

SHA1
4d7d24befe83f892fb28a00cf2c4121aeb2d9c5d

SHA256
4c2b561cf301d9e98383d084a200deb7555ec47a92772a94453d3d8d1de04080

SHA512
9330009997d62c1804f1e4cf575345016cda8d6a1dd6cb7d2501df65ea2021df6b8a5bc26809ddfc84e6ff9450f1e404c135561b1b00b9e4915c69e84f89cfec

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.7.4.972\resources\wallpapers\fir_tree\wallpaper.json

Filesize
396B

MD5
31b6342128a20e38a224a3c395f1d5d8

SHA1
afea42f96d007c0d02d90a2cf7d3486c73969d9e

SHA256
a135978536ba7409f381fcac3befed527e6d310fd4fb6a9e567adbb22e84ef2d

SHA512
5b53e2a4c66d81f4e3aec91be650c4b151812d7ea8a6ef1ff911dd56933f8153ccf4a9883e406b2a9cf59056037a1e7434ed9c6c102ad446db5b42e1af93ea64

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.7.4.972\resources\wallpapers\flowers\flowers_preview.png

Filesize
9KB

MD5
ba6e7c6e6cf1d89231ec7ace18e32661

SHA1
b8cba24211f2e3f280e841398ef4dcc48230af66

SHA256
70a7a65aa6e8279a1a45d93750088965b65ea8e900c5b155089ca119425df003

SHA512
1a532c232dd151474fbc25e1b435a5e0d9d3f61372036d97bcaab3c352e7037f1c424b54a8904ef52cf34c13a77b7ab295fb4fd006c3ab86289577f469a6cd4c

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.7.4.972\resources\wallpapers\flowers\wallpaper.json

Filesize
399B

MD5
db5d85343264fe69c9452cf6bbddb10c

SHA1
82d97c05c2ee2374a9343f10db78e0ad232ac2aa

SHA256
c15d588d418a5bfc7caa62b62a3e4df7f67990f6912aeda133e616ab0738401d

SHA512
3aa27652f9decf1315630ef83302355065e8c43297c0d8c891295a855499e81d9cfef2767490c2992b3103e44d7f16825e65e9bf2d994d17811f49be9eb37307

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.7.4.972\resources\wallpapers\huangshan\huangshan.jpg

Filesize
211KB

MD5
c51eed480a92977f001a459aa554595a

SHA1
0862f95662cff73b8b57738dfaca7c61de579125

SHA256
713c9e03aac760a11e51b833d7e1c9013759990b9b458363a856fd29ea108eec

SHA512
6f896c5f7f05524d05f90dc45914478a2f7509ea79114f240396791f658e2f7070e783fab6ac284327361dc2a48c5918b9f1c969b90795ceacce2c5c5bfa56ca

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.7.4.972\resources\wallpapers\huangshan\huangshan.webm

Filesize
9.6MB

MD5
b78f2fd03c421aa82b630e86e4619321

SHA1
0d07bfbaa80b9555e6eaa9f301395c5db99dde25

SHA256
05e7170852a344e2f3288fc3b74c84012c3d51fb7ad7d25a15e71b2b574bfd56

SHA512
404fb2b76e5b549cbcba0a8cf744b750068cbd8d0f9f6959c4f883b35bcaa92d46b0df454719ca1cef22f5924d1243ba2a677b2f86a239d20bfad5365dc08650

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.7.4.972\resources\wallpapers\huangshan\huangshan_preview.jpg

Filesize
26KB

MD5
1edab3f1f952372eb1e3b8b1ea5fd0cf

SHA1
aeb7edc3503585512c9843481362dca079ac7e4a

SHA256
649c55ccc096cc37dfe534f992b1c7bda68da589258611924d3f6172d0680212

SHA512
ecd9609fbf821239ddcbdc18ef69dade6e32efd10c383d79e0db39389fa890a5c2c6db430a01b49a44d5fa185f8197dbbde2e1e946f12a1f97a8c118634c0c34

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.7.4.972\resources\wallpapers\meadow\preview.png

Filesize
5KB

MD5
d10bda5b0d078308c50190f4f7a7f457

SHA1
3f51aae42778b8280cd9d5aa12275b9386003665

SHA256
0499c4cc77a64cc89055b3c65d7af8387f5d42399ff2c0a2622eccbd6d481238

SHA512
668e1a70a50a0decf633167ac23cba6916d0e05d0894daae1f7e3d487519f0a126abd4298430b38f52746a5c3b83ccd520b3d9b0ae1a79f893e36821a0458566

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.7.4.972\resources\wallpapers\meadow\wallpaper.json

Filesize
451B

MD5
1a8908826d2efe5fa817ce6bf474700a

SHA1
f25ed2de494bae4ffeca33071e5c2dc034c863f7

SHA256
9c75f591907f6a631ba583bce6ddcaafa6f89a84a4bec8108637f7f471e821cf

SHA512
1b68183bd466d01ec25b1281737ac4e752263cd88b64e16324244812d46f8f985ebdeb35d065c7aabc7abcb93286e92b0f3d5b0b7173f5aa6e33891c417b6fc8

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.7.4.972\resources\wallpapers\misty_forest\preview.png

Filesize
5KB

MD5
77aa87c90d28fbbd0a5cd358bd673204

SHA1
5813d5759e4010cc21464fcba232d1ba0285da12

SHA256
ea340a389af6d7ad760dff2016cf4e79488bda1a45d0a415b3cd02a4430c9711

SHA512
759519b8822a6a4b88fc9ba47fa9d5d898b2f5a0f359acfbefc04809e6d7f5df86fb130f191eb6f63322792a18c0e7170aedf3ce7060fd9ad7e1bec2e686c3b2

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.7.4.972\resources\wallpapers\misty_forest\wallpaper.json

Filesize
435B

MD5
ea6753f7a10f9f92b7790c93f8ea2411

SHA1
0cb570e8ecc34e16017b920fbcf1036cf1508ab4

SHA256
b1f9aebdb9333b4b15c2a9339d18e974205cbd4a61d2a0b4d34a25b384a0de7c

SHA512
f7974e99c58696a4d739c4d590f5f50094082473754e6b1fb8a82c76566cf3b5713b1e013126f8fbef0f0c8af2e08d09b32307958c9ed1a1007c04ce89539ec7

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.7.4.972\resources\wallpapers\mountains_preview.jpg

Filesize
35KB

MD5
a3272b575aa5f7c1af8eea19074665d1

SHA1
d4e3def9a37e9408c3a348867169fe573050f943

SHA256
55074794869b59cd5c693dfa6f6615aea068c2cd50cdae6dd69bd0410661ded8

SHA512
c69bf39362658dd6cbd827cf6db0f188a9c4410b3c6b7b532595fd5907974e2141d857942ffb2497282e31eaa33c71240c2c2bd8721046df55e3358e8b76c061

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.7.4.972\resources\wallpapers\peak\preview.png

Filesize
5KB

MD5
1d62921f4efbcaecd5de492534863828

SHA1
06e10e044e0d46cd6dccbcd4bae6fb9a77f8be45

SHA256
f72ea12f6c972edfe3d5a203e1e42cbbaf4985633de419342c2af31363f33dab

SHA512
eec8171bd3bea92e24066e36801f334ac93905b7e8e50935f360e09fa8c9b9f848c4c62b687299e8297c0693d6dbaf9c6035b471e6345d626510b73e3606ee4d

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.7.4.972\resources\wallpapers\peak\wallpaper.json

Filesize
452B

MD5
dabb663536eef90a540783e707a311d6

SHA1
9659fe0463435f3281983ce306ff22fc101f6e57

SHA256
d1c971a197cb79f1df640994465aa7543bada90059f5b2768967d2b57c6afd2d

SHA512
ed6b4090eba519f2814dc51fccb92cdb703656c77be741f07753f9c84d09394d080158e04bba1ca9dee501b0dff2a21020883e538a6c0ced6a12602b7098676b

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.7.4.972\resources\wallpapers\raindrops\raindrops_preview.png

Filesize
7KB

MD5
28b10d683479dcbf08f30b63e2269510

SHA1
61f35e43425b7411d3fbb93938407365efbd1790

SHA256
1e70fc9965939f6011488f81cd325223f17b07ee158a93c32c124602b506aa6b

SHA512
05e5b5e9c5ef61f33a883b0286c2239cb2a464581d6e8a86d7b179b1887b4cb2cd7304e0821cdd3208501421c44c63c248a5166c790792717a90f8ac528fbf2f

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.7.4.972\resources\wallpapers\raindrops\wallpaper.json

Filesize
397B

MD5
69472b2b8eb07ec616a8e94a492c6c5b

SHA1
aec5df4e15d292a360a5dd6125217ef063ebe65e

SHA256
6e9ef0bb0853c6c898ec033d54d9d5cfcb68a5f52cd8f9bfff3528a02c73e06c

SHA512
e355958272292bcd7d767af692fb33941ad469809abb6366b1aff2bd4585de6a18b290258799e943f9a53416c9f5c139ccabc47cb337d0e6e4f5d499f2e27aa4

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.7.4.972\resources\wallpapers\sea.webm

Filesize
12.5MB

MD5
00756df0dfaa14e2f246493bd87cb251

SHA1
39ce8b45f484a5e3aa997b8c8f3ad174e482b1b9

SHA256
fa8d0ae53ebdbec47b533239709b7e1514ecb71278907621ca2d288241eb0b13

SHA512
967670863f3c77af26fa1d44cd7b4fe78148d2ba6ea930b7b29b9f35d606554d664c0577068e0c26fa125d54627d7e7543360bce4acee0af17783b07450b5f52

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.7.4.972\resources\wallpapers\sea\sea_preview.png

Filesize
3KB

MD5
3c0d06da1b5db81ea2f1871e33730204

SHA1
33a17623183376735d04337857fae74bcb772167

SHA256
02d8e450f03129936a08b67f3a50ea5d2e79f32c4e8f24d34b464f2cb5e0b086

SHA512
ff0e60c94fc3c0c61d356a26667c5170256e1143b29adf23d4e7d27012da72ed8865ef59dc2046314c7335b8d3d331e5fd78f38b9b92f6af48729dae80f85b15

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.7.4.972\resources\wallpapers\sea\wallpaper.json

Filesize
391B

MD5
a79af1c34d9d4fcc609e57fbd387924b

SHA1
6ae1f8730d03cbca17a1c368da8a600157e0ea49

SHA256
8c60b18ca1810a5e75950095cb0dfb4bb9c32a18f99e5505cf40c39840b8a633

SHA512
b95aef743acb3c6890e3ca74fc260a8fdeb134ba399f6e9851d34a47fb2cad9791a64d6214acb956ba4c8b51dd710f8f10fa8c3e88fb1a0f52a7e2214eca16fe

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.7.4.972\resources\wallpapers\sea_preview.jpg

Filesize
59KB

MD5
53ba159f3391558f90f88816c34eacc3

SHA1
0669f66168a43f35c2c6a686ce1415508318574d

SHA256
f60c331f1336b891a44aeff7cc3429c5c6014007028ad81cca53441c5c6b293e

SHA512
94c82f78df95061bcfa5a3c7b6b7bf0b9fb90e33ea3e034f4620836309fb915186da929b0c38aa3d835e60ea632fafd683623f44c41e72a879baf19de9561179

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.7.4.972\resources\wallpapers\sea_static.jpg

Filesize
300KB

MD5
5e1d673daa7286af82eb4946047fe465

SHA1
02370e69f2a43562f367aa543e23c2750df3f001

SHA256
1605169330d8052d726500a2605da63b30613ac743a7fbfb04e503a4056c4e8a

SHA512
03f4abc1eb45a66ff3dcbb5618307867a85f7c5d941444c2c1e83163752d4863c5fc06a92831b88c66435e689cdfccdc226472be3fdef6d9cb921871156a0828

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.7.4.972\resources\wallpapers\stars\preview.png

Filesize
6KB

MD5
ed9839039b42c2bf8ac33c09f941d698

SHA1
822e8df6bfee8df670b9094f47603cf878b4b3ed

SHA256
4fa185f67eaf3a65b991cea723d11f78de15a6a9a5235848a6456b98a9d7f689

SHA512
85119055ddfc6bc4cca05de034b941b1743cbb787607c053e8c10309572d2ef223786fc454d962fbb5e3cde5320117f9efe99041116db48916bc3d2fcd4ffa25

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.7.4.972\resources\wallpapers\stars\wallpaper.json

Filesize
550B

MD5
8571306e9021fc89eff3c5ced3e02098

SHA1
49d6a7baa6ab4182c4b38c95be4bef1b243fc594

SHA256
0529c0be39bdcb289bf29e6a9c774d907b444857cfaa47d3942e5dae1b75531c

SHA512
7657c0e48b4cfa3025bc33b0decacc22646bde2cedda7f51b98b19a17a91461ebee57f054b64edc58318ef6caef7227ac21b740527144f3fb0bc0a2e7b9fef19

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.7.4.972\resources\wallpapers\web\wallpaper.json

Filesize
391B

MD5
7b00cfeccb0f471865d2ef08fa1d1222

SHA1
1881d5a29dfe86d6d19cac14a1a4b95b05494830

SHA256
22557386855643b706808ea9aed33ac22fa26f58d2fc281fb0ba917cf55f990a

SHA512
b7d80dccfa5f051b1ec8987193857aad83c7365e12f12fa68b8edc6ae0dca1d8a4d846e284fb8e15715b5ce7478dae334da5651b97a68189cb43c74e7fdf7177

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.7.4.972\resources\wallpapers\web\web_preview.png

Filesize
8KB

MD5
3f7b54e2363f49defe33016bbd863cc7

SHA1
5d62fbfa06a49647a758511dfcca68d74606232c

SHA256
0bbf72a3c021393192134893777ecb305717ccef81b232961ca97ae4991d9ba8

SHA512
b3b458860701f3bc163b4d437066a58b5d441d8a427a8b03772c9c519c01983e3d3fdb8da20f6a53ad95c88dcdd0298f72822f39bc3672cb6f1d77fcc3f025a9

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad\settings.dat

Filesize
48B

MD5
69cb41247314f500bf0c1d5d7c6172fd

SHA1
15a2ec8d8263ca638dcf5e41193e157f38331c57

SHA256
8df3d5f5c96e8ee31f857302384f73e39a849d070337af2360e77693840f4275

SHA512
4fe5c834a2cb8b63f6e5f6b424d31511139ca38690f013db095cf7ff257bb70a53e6a0b23788d41c2b83e1c98999ebfdcb037e269f0b5222567fdd6baedef25a

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\0c29cd5b-113f-4fed-869a-cbf9eb185694.tmp

Filesize
167KB

MD5
4d4b657a4d0b9703e41b3e14991c5f6f

SHA1
65858616de1ec60bba42d2afc307cec3d6da232c

SHA256
a0b1ad95ddf3645510625d1f6da088b1d78ad2fd3d19aa1550dcac7e8e4ccf1e

SHA512
10b753ca1898a8c5ca162feb1f58e9c90d17a2cca47b6a70c555d7e7a1188e331e339a2177f83e8211e742a0a2e680b0d86e0f2ee2fb17c8914fb1d6c6b3cd92

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Cache\Cache_Data\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Cache\Cache_Data\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Cache\Cache_Data\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
336B

MD5
0776eec8744a54e0969cf7658f244d7b

SHA1
60e0787d884ca08cef427ab522384b9486eb2e5a

SHA256
ca8b6ea7aaff2ffda127967da9bd4055457713d9bcf7fe94d58c58564a5be028

SHA512
5328c20c8a950f0855746e3f4374c010b2bec25e186a9d77aafdbcfb1833b2c510ab396ced14f97fe39306369649e51ffc3e1670c0735eab617aa0dc5bfaaf7e

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe5976eb.TMP

Filesize
48B

MD5
c0ee6fcaff1727cce201e0fc0577e0e8

SHA1
16d1e316e4c57aee5f21ec4750aaca51889ab541

SHA256
9506ae5f0a8a3b4ec9406dd7e32fa2e6b1ef0d6cc16b74585c30b74ff3ca7bb5

SHA512
3dbe3691ba45bed0b2ccae046a933c3383e9261a45b5b8c99baf1d1d914cb6c86eacc3640cfcb87d451298badbcb2b574e0fc565b2c55b7e2ac98bd053747160

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Extension Rules\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
47edfcb1b100d32fc07b32949a491203

SHA1
56ad1f8836e3b67fcb096ac745eb5b3988d63406

SHA256
3fc33ab06fd43d2b0d6bc33360a5dc5edfe221a02a96d74a9d62c82c5ddb1f8d

SHA512
ee69b243fcfa9d1ef62918a9a6d7ea991dc8735f5d2b0e6df5f4fa8d0618c08a3920e1d1c7c4a184ea7b49ad32a114173026263756f89eee89385b7cd996b101

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\Network Persistent State~RFe5a1df9.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9ee4ba95d84df5fe67289dfcdafc68ba

SHA1
31db82151d58a09b1073b9e57178876bfff9ddf7

SHA256
847863419b0b6b92848af72eb853d4910d2b4eb42ecaf74fad0a4b1cf9e9ba92

SHA512
d42f42b29c2a8bfce0790b03e23d5d32776a617e8ce886144827b353c6d52db14070fe8c993b07e864eef2928ed2f21db6804b4e0560b185465ac73de2f77e4c

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d81f395f5a7b322fd29da0b0cb310f42

SHA1
baaa3974b4aece08247c262b79f291dbd13fc29c

SHA256
ef01834da1b39b49ffb17ede5f693a374a5021d61fbdad29780904788a3f2776

SHA512
937b5b8cdfc3eb270a6074c7ca28f5788ddcf56d0b35b554d71a5c275d355ba2f8a8645277065ce14e90d8c7a1a341a18ffa264b52cf1d7f66cc85cce55f5637

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c82b9623863c601e9dd5c8a7cea7e144

SHA1
24520647381bf35dd56beeef19aacd68d68823fa

SHA256
9080b8fd6c9a77200bf61769af5d0ee8cdcba9b1d878d2cd4b7d030e15717503

SHA512
b75b9abb692430a2e24341cdbc35386c43a6007557c2ac047bb2fa8f45e3f8bb3cf6b903cf63e47ce30004915595158599f39f6121002dc2e23ed4343fccbb84

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
342746b2eab0b6011bddbf944dd22a25

SHA1
666ebf0a6f543a644426a295f67ef573ac16c8c1

SHA256
c51724867e1b8e27e2d114cff5862e6274d827b022c75e45167c0f3a7b2a12e7

SHA512
3f3e61b0f5c52eaed5fd62caeabc4c99a6261a1c7d1e6ccfe4925973e3f72134b9b01baea39560df3433c091564f1344f31aab645e0f6e1ed2c0c7e14538fc8b

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8465d2e8a81494348ba2fd144b450824

SHA1
85b0a6b091c812ef200edbbe6a18096dcd62e58f

SHA256
199989654a2dcf84f67752d8a1db175a2f5ce42f765ccad1a0303ecedec9105b

SHA512
d9659708ef8a10eb289228942f0f72db3267a4542aca4bb65d5465bf7952156b954d5861874fb273ba710c5db23c9c364a66201810314813d685ce7e62f8edc4

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity~RFe59673c.TMP

Filesize
1KB

MD5
1290cc403c751def0bdf4b0a5d62a203

SHA1
4a0f6b3f4d7d932eaeaba82853b0dfc32c427a87

SHA256
d705d8ef20a6ac56385b633e8c778dd87ad3c49fc3c6e3ce72b8087a831a9186

SHA512
5ca51d0b40f498585fc03daa3c8b8927be3cca7fbd38d5111f4268a55b3ac8c35d580ae7b6df98b9a686a7b5956e7ea9b5fdcc59cc9dbefb15b14caef5429e07

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

Filesize
12KB

MD5
87dcf5418fb6e608764486b66f467563

SHA1
2364026c1298b58e2bb87a11e40dea4170e5483f

SHA256
76328a77298631624f947cb1b83a7640ee7d4269687dd0e2f41ee8a619b697e5

SHA512
aae10fd5dee10f3b2a9a0c01110283dc0c75bf06d7a3ab23ffb201e442bdb69c38080fc5f456cfaa41e9942518fce23f529b4377b3e3222243ac859e57517fe2

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

Filesize
14KB

MD5
98e7ffcf7b89b6db647190a6f22c2749

SHA1
3352cd090eb4beb7199579eefed400a227a23115

SHA256
e329bae204d97a98f4dd53e85d9f2ddbb58dd80070363f4e798e356afbeaf26c

SHA512
2b536407431cf086907586a06219a961b0b1936c1bfa9a17cfe6228b1aac3731189bd9aa59616b631fa168d32d64acb93cb7dfc06d1923ac4785cd7ce455aac6

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

Filesize
7KB

MD5
bf62b60b809dcc795ef5c9b3b89ee2a9

SHA1
5eccb2399997268d954ceb1681e681272c780031

SHA256
fc6086dc7d1110b98d7d04a8bf5e271d67fa04216cfe9f014112166c874953a1

SHA512
f0bfd7c6f324cc7a6866034a487f5a5a0caff29b48ec6fe0db451b181a8321f816688eadd79550bd2ad11f7fe7c515866db9fcb3a04faafb9adb451649dc1a5b

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

Filesize
9KB

MD5
4574e5469dfb2075b04d47f5370037ed

SHA1
17150a23ba4cfd6d83c57a672a7e9ee6669965ed

SHA256
873b8bdabb9b12781ab8bbe392dd950f847680e72df1ee144d57ca592fd7d7f1

SHA512
287c2f8a251ae8c0ac8588cc32622f2a8d110338f83f3889f13993b9901653d685f9bd2e73779a1b5fb0757608f4b570bd9099ac8e40c862440f7acbf3cc03d9

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

Filesize
15KB

MD5
fa2fdf5f3d2ce277eb8c461ffe1e6342

SHA1
f344cf6555553d0ae30e1ef4aeea544c5a770ab2

SHA256
854e681915fe0a52ac34d5f31fa3a51af6e7d0d433618d0368d7b4c5dd118dce

SHA512
83eb21050edce26e683000013f94f0d86f3ca546bef3c0b6c5d662d107ed405821edda98fe2584273d219d1b26312f2a2a0b6e31139e7cc7618d266d58d80664

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences~RFe590258.TMP

Filesize
4KB

MD5
9911108779a463add2676768f731c172

SHA1
5eecc433c5bf4a5cd8b45054eaf38cea36f94a31

SHA256
412760330b9c9c9b057cbade0433aa1b6ed27788db5acb5f6f6876406d91a317

SHA512
2db6004bb026093c4217f78fdd0f94319e6359dcc9099351077760f5bf58e785882a68172f653dd909103f3f0c8e07e1a86c23e50e5d099c938f3c01f86a7b55

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Secure Preferences

Filesize
10KB

MD5
aae3ca50195963b9ddf95d16bc328e7d

SHA1
2377f60f188fbed8dc61d7af4b809d60d363a9bf

SHA256
96c1f38537a2763a87f29207e37b021d48b839a77a15388da336aa54c36db469

SHA512
75ad08baa63601b355d90fc383d5dfaee5c62fdb8676e294057726e5be17b75e0cd542af04b2f88c6fafb77bfe0397eaa3d3bd4bb2b6da9ebd62349ddc1059a3

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Secure Preferences~RFe59066f.TMP

Filesize
1KB

MD5
65fa1f14564f839d76e2124012c291cf

SHA1
11fd55d54256270b73f68bc6b73b9cc6daae6521

SHA256
b8c33d5b0c6a9af8e20bb00740483474c69da235e076bc1d99e30db1c8e0c0d1

SHA512
60d318ba512c3befcbbf8d4c7e2f811cac560f5557f0a569e0323b949e0c19f172692580e96e1305e4ab8bd4e34be45e90e1fd43dfe44fbe4aca84c7a2cb5e3e

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Site Characteristics Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\77bca5c7-b73d-4131-bb6f-e8d5266ccd41\0ebf00cb9001c7a5_0

Filesize
38KB

MD5
bf5a455c0bfbcb0504e1fff29691919e

SHA1
2360620d040f61393111259a8d61af890b98d752

SHA256
08e51961b142d41808b42905371f2da8fd8e6bb66ec4d2089e9bc5ff538760f6

SHA512
b8b86e77249cbd85c88d6f6d3aa7540dc84028247a60852d0a82c649790a9846f351fd02b9e0174990039b73c33b8c9585a1d8f5136c93996bba3e9476f1a10f

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\77bca5c7-b73d-4131-bb6f-e8d5266ccd41\15c18f294cfefbad_0

Filesize
14KB

MD5
4036e791f46e6ed3682e315249253180

SHA1
4147d77367396e1400e3a57643d82d13dceb91ba

SHA256
4abbc71d25449952873927ecbfc0d880f05ef1757015dfb2e762f5e7660e3e14

SHA512
f335bd27ca0cc3c57bf328209a2b68319bdf191544630531cff418a5375a7a30af2911b35cb1f4f113b66748845f2cd82335cf5adbde1da0668db0fddff9149e

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\77bca5c7-b73d-4131-bb6f-e8d5266ccd41\1ad10c4bb9e37138_0

Filesize
44KB

MD5
e57ebaa421abb69c998b1c801b8a213e

SHA1
386a3166fd447d1ec8bf1f8daf51d81b4f9020d6

SHA256
fe43fa74b6a6c370af142d7ab14d8d89e610923ff0a00a5a777920e4c9d6fcff

SHA512
5ffbfee9970bfa19ff9242b08870ad1b4d3690363f05d7af792cabced98cb27fdafba3f1161f4fc1544ca34da1fa3ac418131f5210e3452e376456ed57377cb4

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\77bca5c7-b73d-4131-bb6f-e8d5266ccd41\2a9877b782e7616c_0

Filesize
42KB

MD5
39846803ac3f83839365ce751d1870e7

SHA1
1eac7e342ae8a1cbb09e01c2f2e658b06f45458d

SHA256
35a82e2e896ab0129a3a01aba72f20af0a5d09dc351c6d0250cd849c15dc090c

SHA512
063dd219c835a58206254301a7ac896580efdb6f762e0f1d81a9ebb56a19eb1bb842f87d1e233ca42d712f30881d9657c98edc3a1b0cb351ac986cb29444647d

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\77bca5c7-b73d-4131-bb6f-e8d5266ccd41\33a08d9c0e9bd13e_0

Filesize
15KB

MD5
0f81a4b9316721ab1f011d5df0fcff29

SHA1
0608841e9036c76d08ad919a5bb8f1b3867eb45e

SHA256
ab568a3c4190ed398275a1596447c96212549ef305560b7a4c3cc27540f20bc3

SHA512
89188ad3039fd508d5d1ea3f24907b1b1c3185a70212fa258ed661cec8a99872af9d8564c371f71fe8387b79181cb9dadc55e9e4ec5f976e3344829fcb3db83f

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\77bca5c7-b73d-4131-bb6f-e8d5266ccd41\3d81c9c62510783c_0

Filesize
468KB

MD5
cdc1ceb70cf63eb98b6b77d5980d24a2

SHA1
f850d3243071e3909b91f1e50374e9332c34a11d

SHA256
7c795a642a68f7a8e701a752ac882490d8cd69ab433e41295435c0f6e5c99617

SHA512
5701b29975297a4331b69f144d4e59dfefed6707b3a8c7e600171b199963fd07fe1a5fe3a823aec54ed38016aa064f97d8d0f804e19ffb5bc5f88db94b1d8726

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\77bca5c7-b73d-4131-bb6f-e8d5266ccd41\497a287e769ade1a_0

Filesize
27KB

MD5
b2484ea53fc3b6fd19dbbbb5dcb093bd

SHA1
ee1aa819eec0bce255994baece520b60d080e6d2

SHA256
8c2d81b401faba86f33c6fa693e8fee4e714f21f57172c865bc2fb333f5bf269

SHA512
2b48bc72e9b83389dc2730fccc0d34bf9d1d7a51d6d7b19e0958bb1baa7e0c3e9f548ba540d0255896d6557ad803e66c6e2c0b4e8fd5cf52ae25507a030613a7

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\77bca5c7-b73d-4131-bb6f-e8d5266ccd41\88a052183f2a4b12_0

Filesize
480B

MD5
a24ec308005470ad8ebf021f60f34c4e

SHA1
73d84ddf6a6dcf42cde5ca155efd7c2495aaee58

SHA256
a9500fc6c51d69be22f6c594dbe92c0eac32a505737120663cdad7096fc6b721

SHA512
3fb3d6187fd1cb40997b1124c0d3d9d6e64f77a465a439bd49d47c0556c28c35e226049f48d1dd46ff9bee810ab788f6131d522c86c7a31c1a6dfb97ff8a7998

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\77bca5c7-b73d-4131-bb6f-e8d5266ccd41\949e08f78bb99d8e_0

Filesize
585B

MD5
9bd6b2273ad55fd9f16c28280663a000

SHA1
10a5c75f646d46003ba710f7ac73df469c480aa7

SHA256
704cad91db2b9acc4f18cafd10218a6351a9c5596b9a81d8cc235a89bf31ec27

SHA512
1f89b3a5eaff7b670f275d7fc47955613e758a5f3adcc918e3f1e65ab2b4ae6d3fe0363dec8166152649dda1ba1bc4cadeb4bdc2f20df81b2a0fda8ba1aafa15

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\77bca5c7-b73d-4131-bb6f-e8d5266ccd41\b3f0dc54e2b61fc9_0

Filesize
1KB

MD5
2c9e5c17e8da365a920813e3e79e5732

SHA1
0edd768f4b90b790776df99f6d0edf9bb9fa90fe

SHA256
1cbf3baf81aa3d5daed696229ade9a5f634d11db656cebf63f3f919784bd22f6

SHA512
be2cc72cc27754921314d24431c6b4b1c9af4cfa414ab36a24c19636cf68aaec9e3f258e3df1c21a1047279d0518aaa9332e75b6c389bbf969eb5c853e312acc

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\77bca5c7-b73d-4131-bb6f-e8d5266ccd41\ba8ac102e76b6706_0

Filesize
323B

MD5
e7de0b794e2088d3cd0dee206f3f47f1

SHA1
16353c6e0a50af9761041b0a4aec1d3790777fcf

SHA256
4fb1ddc7dea6274b26ca93fd05b93282f8eebc31f605eed305a232022b0a207d

SHA512
fea82c9956482f473dc63a7aad490e1ee340b00b4bc60d1e50c5a30c654168a019bf86a33cdbab05cfe5bfd1de46a90ce2fbdca55d3e0e269efd37af36c7d570

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\77bca5c7-b73d-4131-bb6f-e8d5266ccd41\c0bda676d50722ea_0

Filesize
540B

MD5
9c4e16c5b885abcdb66e56540a87b4af

SHA1
fd877510ebf13720a91a3493f0f44519a172278b

SHA256
3d1870b097594711ed03eab81f97d961f8afdd1769fed4ac7e70b78cb2f64fc4

SHA512
57312d80ed9b0520b2c616b8ea097a3859288fcc6f257995491cf980d40e4fa8aa83f91b65a4823b3080d71aeafcd03170acd8bc3b13bbaf5bdf64a6bfd955d7

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\77bca5c7-b73d-4131-bb6f-e8d5266ccd41\caa492a5b9d0f04c_0

Filesize
1KB

MD5
a62dde782e01efb4d1bcee534a036952

SHA1
3dfb3f9f41cf3549b5e591c008b997b645cc841d

SHA256
91a8c7dcf6f1b358df457da03c01129dfa7fa158b4fb0deb414ab3b7d825f1c1

SHA512
4cb32d56b6cf34cda91e644e118fb145cf0d78d196b52327facbf8f4426a65ec9507dab6e004fcc139fed61f72eed836906379364d02adb3ff2c87f41d9158a1

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\77bca5c7-b73d-4131-bb6f-e8d5266ccd41\d6763430ddd08f93_0

Filesize
3KB

MD5
188a1810f82a5664bce1be0199a3045c

SHA1
cc8afaed17615fac29a9d7703ba573a89cfc36aa

SHA256
5b755c4d03bead7b31a0e891be0aba52d81d062fe80f28ba72343affe4859994

SHA512
9145414ab8968050c848801fca0dfd7e5849ec63c2d70efcb7e9f07bec7e4fd4b99b1af70d87c9165c99148cedd0582a4465b8e1260156a5c831bac37b62b3cc

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\77bca5c7-b73d-4131-bb6f-e8d5266ccd41\dcd100f566d000a0_0

Filesize
11KB

MD5
aa44ff5d3fc20a45b973649d2804ef6c

SHA1
dbf61de0d2a646df9c9cf4307c23f867d5f45648

SHA256
8c44591d4861f4a2377b41396d7219201bcecb733678889213fa57ab89042cdf

SHA512
7e1d16fbdf5c39b4968cdf74ecc797c3db3bf1d6a0629fbacf51e7333570e0980792bddace388b964a3494afc001f02d97620bdfb2c2c20a368fbade29a487b1

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\77bca5c7-b73d-4131-bb6f-e8d5266ccd41\de3b030126695833_0

Filesize
436B

MD5
45d06d56086c9b67cfb8b52c8d806ba7

SHA1
a86a2333ec99715ca6352e423a74a84d13b13036

SHA256
8aaefaa38fa069c69851f3261fbd6234352c358baefc9c0c1427d1483e2ef667

SHA512
8c263d46a5384923f5b71e73da8fdd34814b59fbd22f48c60867a68951161af24be6283bab67b68c86ee0ad725ad7e8c30c79b5449de3a7071c9538925b54283

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\77bca5c7-b73d-4131-bb6f-e8d5266ccd41\dfdecca111550ea8_0

Filesize
532B

MD5
dd7324b37754ddaf5c993a5160ea30f3

SHA1
98f3dc264a31de4f6e3b3524653780b5162b6c8e

SHA256
a67a9c9d0c0d47171c3ee60f36ee08bcb355f164640448acadddf167888e9bc1

SHA512
7600499cd5e8cf546d589a846fbb9a290404bb34ec8d75fd305b5fbdacbe5f29faa24119bf481053c0ee4450dc05af01997887043e11916eba29743591ac07c9

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\77bca5c7-b73d-4131-bb6f-e8d5266ccd41\fef132170d47887d_0

Filesize
2KB

MD5
3525886947ce6d53defce81dde775d09

SHA1
5f3be62b69151b64d87fcd9cb9ceebc6961f3e30

SHA256
2be8ebf927758a6390e5f585f09cc83d624744f8916ee08bb39f37f219a76a1a

SHA512
d4f0feac876cddc2ce163144f025e7a0ede9f56def1907a760d8afe13a9a84e7977dfe91fad3998884a438a98048f4e985eb6d6843572b42917ee99d11b42372

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\77bca5c7-b73d-4131-bb6f-e8d5266ccd41\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\77bca5c7-b73d-4131-bb6f-e8d5266ccd41\index-dir\the-real-index

Filesize
2KB

MD5
29523487cd4a38f8b9a099949c0331a8

SHA1
4d47eff328cb8234958bfea78574fc8b40ebba12

SHA256
1fa69409319450bf6885b5c5876496dd4fbb7475d3a3a5b52c9abac8ea83f57f

SHA512
7d35c8b1acb18a1262ec74e71ab7b079a663e1c326fd3cdfec1e32271e2f98c75149d02960e5ad1fb745001be42eabdbe3a10351fd9b30e58fe7301370572153

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\77bca5c7-b73d-4131-bb6f-e8d5266ccd41\index-dir\the-real-index

Filesize
2KB

MD5
56d3e32871d3d7b5fe20c25550070cb6

SHA1
d2c821e0ec35e98fdd4fe3d56dce07f24911b965

SHA256
3da3052aded7bc56ee753e34bba201526fd9e7f80a3b5fa277987284402da926

SHA512
a273ff84cfd392af3a68d67361c65d679c61101ebb4577fde3afae164ece9abc348e2f9bc1d8f13da7ccaadcc1dc8619bc4e617f3a625f0b2daa4684ae5556ff

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\77bca5c7-b73d-4131-bb6f-e8d5266ccd41\index-dir\the-real-index~RFe5976fb.TMP

Filesize
2KB

MD5
a8336664a50818b4ca2f6a239ccdf6dc

SHA1
8b49518ec6ed70500fda77b3835c3b28042b6fd4

SHA256
2d2233751e6421f0b1dd982b1345d316856609e699323f13209b60ded735ea7a

SHA512
8e77254a74cc020be7fb9f4a04c8af4c91785b1e7ce5c46efc03d0576b3f5f852039c5a19a32778da29efa43d8f049b36d46e21e7ffe314d60352a9e0003af74

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\bcadigmkecmhhknameopgaidphameinh\Icons\128.png

Filesize
11KB

MD5
29a4ced9ee2da49df739d8e8b8742785

SHA1
9c4bf2dc4ce1c8356f36d232323b0719cddc8030

SHA256
c5ec914409f3715140921fd325b0733922592a72aec407e97684c90bb8eb31a2

SHA512
2cb35ae0d074e109fb7d49da1dbc7a1a50fe6093ec8bb0d352c3199042e223cd4393633d5ea8296df91dd6a84e87004fffac0a7267efa9d5fa937caaa24b047d

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\bcadigmkecmhhknameopgaidphameinh\Icons\16.png

Filesize
699B

MD5
238b0e7dc06028db4b6aba8078740ffb

SHA1
5fd2309587993b371beabb7a9d039e0dba3006ba

SHA256
d159e510392f6da58c4d15cc098171d45c7b02a1362cbf7be7a2d47a1a10e7fc

SHA512
1dda4de21be647067c04dfc47174df39d0c6c1eeee3e9005211f908351b69d6a27ed268b5ec7480285fb203a95136a3a205f7bafb7eb5223a3dcbab0dadc0e5d

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\bcadigmkecmhhknameopgaidphameinh\Icons\256.png

Filesize
24KB

MD5
9fff9a4a16a4c81676bb1f7022b293b6

SHA1
9785c2441d239dbd1dd2129a7215f582a8789364

SHA256
9752c75825edfde46c3042cd8d35e62a8138bb4e1e41c6bda030a6377a27354b

SHA512
fc24bc0f2e3333f9a8ac710779471351ac9282764bca2f77254cef6171b8a011237a624afd1748987a899e1489c3c1cfdcb12fd000bdd451419ea5f38c553c3b

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\bcadigmkecmhhknameopgaidphameinh\Icons\32.png

Filesize
1KB

MD5
1e463e81df8fad43ee4dfc5e8333d7c0

SHA1
b42fbb6d7e0f057a28d6f9bd3e69cb584a7324d6

SHA256
af25c38fc2b7d8dda1ef6e92210297c8ac4a91a33e947e3b0fd5e20ee6911140

SHA512
fef52f229fd06d38d68b35b78b9cef5a6cf8cd2bb1fe0f2750b0644c2cfc58c919149a49356f86f2c4b738c33388b5cef89fd33e66419f4c9697530993145546

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\bcadigmkecmhhknameopgaidphameinh\Icons\48.png

Filesize
2KB

MD5
70631278798db3d6048b24301d081266

SHA1
cb58f8b254f35bf6ce230837c2a3c856fd31a388

SHA256
cc1a0bd4b060cbb97a0388531cf4c8dbe68835eda3939dc6e9028b72bec93759

SHA512
bf0181ecc4a1dbc4bef642a408f8c13c94103b13043ba8b0aaae424242ec4b38295a0c52c6182feee3d67771580679e570780595fa072d6957627ceb8708fe13

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\bcadigmkecmhhknameopgaidphameinh\Icons\64.png

Filesize
4KB

MD5
49ab6c63e7a8d7c12ab49d0d18483b25

SHA1
c5b09d595a28c3010a50962170fd69386f8a0187

SHA256
4f29a528e89d0c7b2e47ae8fd4850b5df64798d8a8be29dbf12a58b4da34f93d

SHA512
dda7cd13549f4db4e5f507667ed67280601935ea0425c354193c865cfb8070b7979a890c3b52986fe6b3f717a2cef8d966488b2c44d919f721beb21810d211fa

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\bcadigmkecmhhknameopgaidphameinh\Icons\96.png

Filesize
7KB

MD5
8c2e882e0a573591b34b4c4ad6d3487f

SHA1
d9648c47ddec800aec286bac9e8622e9170a9656

SHA256
bd0b1d80d628ea5ed9ac3aa1ffe912e0a9cbdf67fd1f162c71f14a040e24bcbb

SHA512
580de0c51eccaa8cb8cc30b4630d2c216136a3bfc727d328e247560e6d4a2c95a210b7cf778d0d7065a9e0a4784b48c9944eed9216483f66a10aba81100de095

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\turboapp_db.json

Filesize
22KB

MD5
5f6341e7afaaaa5f77c01e74c9ed62cf

SHA1
0f2ff6fb4bf9d5feb069875bdcee7814a42f1092

SHA256
94555dc9f0d0da024b09ad8cd70c4baf9c9ec0318a58cbb788d22a510f02c1c6

SHA512
daba3816f84769472fa54f435f54cffc0750b87e5f77505af9713d8b13431f3d40902b99ac126474e326640afbcc7e516b5b3125c263f038a284a0159b390d3b

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\turboapp_db.json

Filesize
22KB

MD5
7620ef78128102cf9ab667d3c712213e

SHA1
5cfe6b4484db5a00a0373f396a1e0e8392721a73

SHA256
3c63f3bf9191e537a7048bd754d4fdfacf4ed1b3c4de65ffe57fdff1ba04036f

SHA512
4d77176451b2e7e3d4cf1981d89a0e1cb4f8ffd6cbebdbe32373e5dd7fac6cec30b9c2e4d542384560b120a6042a65f6aff77b533d81281a36bcf34425588c30

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\turboapp_db.json~RFe590b70.TMP

Filesize
13KB

MD5
ead5a22c70acb95f89e535d83de63cc9

SHA1
bca9b81d611b5a12b29db859e8820bb757e9c3b1

SHA256
3b19e98fdf5bc7e17c0eb920b5060e931415a084df78d98aa7865ace23337d72

SHA512
810e7b9c018de1ee1d2e4d625580459adb1a6d676fc91034a2c3ab1156710187758d8718ed40f6a156617fbbf059c003a3159f811e5d5f54a8b48def00c766ea

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\GrShaderCache\f_000008

Filesize
16KB

MD5
b7f4847e750e3ffcda6815cc084742be

SHA1
32973a6bacd5f7aac2e7f6f1188f40f66f218887

SHA256
dbd555de6c07d0e0593d072e6a937efeaf0c947251392816d75f93aa2d5aac99

SHA512
14553f87dc0384b9fbaea71f3a5763eb00d391918b1cbbc312b4fd89e13b4b8d8443c81dea63a65de83dacf914c152bb606dc7bf2082677d2e46658e8dd6836e

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Local State

Filesize
169KB

MD5
0518e5f2acdbc6ec517a0891699181ff

SHA1
9c811383f15376c08c2562f8d3fa56f7a17fcf37

SHA256
db249c4790dbf83efaedc5136612764e711e6cf73fff92be94a6d85f9dfde3e2

SHA512
976cfa96ebb158108615ac38119db5bfa7d594f7843f445d676e89b51ef073db767213034235b3acfe1b7e5398ca8595bf7cf0faac447b636697e1923b902e55

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\afa32d9e-888a-414d-91d0-ff7a79810b5a.tmp

Filesize
162KB

MD5
2422b77892f99cff6fe40529b4625bf8

SHA1
9986a91499f13e4ef55b944a58be0ce63d002352

SHA256
8bb069c30b4ab5a5ca055940cf4f5a53e31c29cd55757f1893670addb73e3e35

SHA512
5c1756cbaea92cab31b7932e017a9ac5ac8ddc6bfd1fdc46cb0a49a835d3aafb2fb948907b4a05b3e8df8914f1449f2904c6ee6e2d1c601497c9b5c0f8c77220

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Yandex.lnk

Filesize
2KB

MD5
8cf085b39270e827a81b943c0523af5c

SHA1
0b3468774fc6708883fa981ca605d699728edbad

SHA256
da8792a97782803f2d7fcd12cfdc53ec1ce94a77c904ae02f60cb41bb6021411

SHA512
c2fe0abf79d4900bb812e9b52e427207e9cde926d42bfbc1bbf33dc3a8ca552521779ac177b96642401eb63cfdcf11b98e6b2a820628165f4c755333a5f5a20f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\yandex.website

Filesize
488B

MD5
2baf611b1b6876e6c393054aa8c46a0a

SHA1
3d26e532d5b37939b51884bfb53732070c4dca9a

SHA256
5f7570144541408b41c15373bb8870e7bde53ad3c5413e2f6000e6f0e449b853

SHA512
1a0dc02bdd53e1bd49b2a72b10828463f5c8bed8a17b8498eb4ae939a40dfd8bcaeba1feac1190f5595b4da245a7aa0e4507724ef9fb74172b29581e885cd563

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
2bd1ae1135145655d89754dbcc8f1740

SHA1
3770abb721081967f307d7185770d79b1559b4ce

SHA256
dc758532a20b308131d490365723c2ed2c09c9eca642881fee4679948a7b33fc

SHA512
308e075ac8121f6014e52bc7127b5a46a96f92b8400aa21b81f6ee4fe37d63299aca72364f1a78a6cb906e95957f8b9433fdf52437ec723e6f2249fb3424310a

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
2bd1ae1135145655d89754dbcc8f1740

SHA1
3770abb721081967f307d7185770d79b1559b4ce

SHA256
dc758532a20b308131d490365723c2ed2c09c9eca642881fee4679948a7b33fc

SHA512
308e075ac8121f6014e52bc7127b5a46a96f92b8400aa21b81f6ee4fe37d63299aca72364f1a78a6cb906e95957f8b9433fdf52437ec723e6f2249fb3424310a

Download Submit
C:\Windows\TEMP\sdwra_2036_1384775950\service_update.exe

Filesize
2.4MB

MD5
418664fbb12eba5f4b53cee48b6f0b1e

SHA1
d58327c2cc990bf52ee67c2ab83c9b48d706e95f

SHA256
c28b5665299579fb095dd8a6d21fa096a5848f86b826061cc7e517759f624a25

SHA512
13c0b0c9aea8d3987e362be450f1bfdc1d236179d0f0ccdbfa514e0b2204dd8d078fc3fd719bd27a41e75d034397263de29eb18942f64e62606a0cffc65382f0

Download Submit
C:\Windows\Temp\sdwra_2036_1384775950\service_update.exe

Filesize
2.4MB

MD5
418664fbb12eba5f4b53cee48b6f0b1e

SHA1
d58327c2cc990bf52ee67c2ab83c9b48d706e95f

SHA256
c28b5665299579fb095dd8a6d21fa096a5848f86b826061cc7e517759f624a25

SHA512
13c0b0c9aea8d3987e362be450f1bfdc1d236179d0f0ccdbfa514e0b2204dd8d078fc3fd719bd27a41e75d034397263de29eb18942f64e62606a0cffc65382f0

Download Submit