6ba168e3412bb85a107dbb5896c5a7b0a46a4e0b7f108007f3c98d5754601fb5

Analysis

max time kernel
150s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
02/10/2023, 14:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6ba168e3412bb85a107dbb5896c5a7b0a46a4e0b7f108007f3c98d5754601fb5.exe
Size

4.9MB
MD5

c8f09f820d67c2f1b5559c23c0e0ee70
SHA1

6f10207b2f225b15d07c30ad2dea3b7ea42632db
SHA256

6ba168e3412bb85a107dbb5896c5a7b0a46a4e0b7f108007f3c98d5754601fb5
SHA512

7bc6a422f65581900c011f19f2c96ad1c3a859692789dd12236f9603180c626da1185f324cc4b0ae574d86cfdd51ef99731984fa8e300953f0e91cf46ae61cc1
SSDEEP

98304:VwdXBZ2/5fbjORDglCwMPoe+AKdzOJDb4v++h:wkDbe2wN0v+

Score

8^/10

discovery persistence spyware stealer

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 15 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Control Panel\International\Geo\Nation	6ba168e3412bb85a107dbb5896c5a7b0a46a4e0b7f108007f3c98d5754601fb5.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Control Panel\International\Geo\Nation	setup.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Control Panel\International\Geo\Nation	service_update.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Control Panel\International\Geo\Nation	Yandex.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Control Panel\International\Geo\Nation	explorer.exe

Executes dropped EXE 64 IoCs

pid	Process
3504	yb9E34.tmp
2560	setup.exe
1764	setup.exe
3532	setup.exe
4092	service_update.exe
2004	service_update.exe
1532	service_update.exe
4608	service_update.exe
5020	service_update.exe
2980	service_update.exe
2284	Yandex.exe
1348	explorer.exe
4644	clidmgr.exe
3672	clidmgr.exe
3552	browser.exe
1716	browser.exe
900	browser.exe
2124	browser.exe
2136	browser.exe
2036	browser.exe
1708	browser.exe
852	browser.exe
4752	browser.exe
2224	browser.exe
5636	browser.exe
5824	browser.exe
6028	setup.exe
6060	setup.exe
5388	browser.exe
5332	browser.exe
5712	browser.exe
5920	browser.exe
4780	browser.exe
320	browser.exe
5616	browser.exe
5768	browser.exe
5772	browser.exe
116	browser.exe
5908	browser.exe
5928	browser.exe
5332	browser.exe
4372	browser.exe
4788	browser.exe
5144	browser.exe
6140	browser.exe
5308	browser.exe
5368	browser.exe
5572	browser.exe
3596	browser.exe
5592	browser.exe
5760	browser.exe
5988	browser.exe
1420	browser.exe
368	browser.exe
5624	browser.exe
3664	browser.exe
6056	browser.exe
5628	browser.exe
3220	browser.exe
4196	browser.exe
6068	browser.exe
6056	browser.exe
5504	browser.exe
1380	browser.exe

Loads dropped DLL 64 IoCs

pid	Process
3552	browser.exe
1716	browser.exe
3552	browser.exe
900	browser.exe
900	browser.exe
900	browser.exe
900	browser.exe
900	browser.exe
2124	browser.exe
2124	browser.exe
2136	browser.exe
2136	browser.exe
2036	browser.exe
1708	browser.exe
2036	browser.exe
1708	browser.exe
900	browser.exe
852	browser.exe
4752	browser.exe
4752	browser.exe
852	browser.exe
2224	browser.exe
2224	browser.exe
5636	browser.exe
5636	browser.exe
5824	browser.exe
5824	browser.exe
5388	browser.exe
5388	browser.exe
5332	browser.exe
5332	browser.exe
5712	browser.exe
5712	browser.exe
5920	browser.exe
5920	browser.exe
4780	browser.exe
4780	browser.exe
320	browser.exe
320	browser.exe
5616	browser.exe
5616	browser.exe
5768	browser.exe
5768	browser.exe
5772	browser.exe
5772	browser.exe
116	browser.exe
116	browser.exe
5908	browser.exe
5908	browser.exe
5928	browser.exe
5928	browser.exe
5332	browser.exe
5332	browser.exe
4372	browser.exe
4372	browser.exe
4788	browser.exe
4788	browser.exe
5144	browser.exe
5144	browser.exe
6140	browser.exe
6140	browser.exe
5308	browser.exe
5308	browser.exe
5368	browser.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\YandexBrowserAutoLaunch_45886AE68CD319C7351FF54A1DBD4B87 = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --shutdown-if-not-closed-by-system-restart"	browser.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Yandex\ui	service_update.exe

Drops file in Program Files directory 34 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping3552_555121504\manifest.json	browser.exe
File opened for modification	C:\Program Files (x86)\scoped_dir5904_1435528002\Cookies	browser.exe
File opened for modification	C:\Program Files (x86)\scoped_dir6036_1013725044\Network\Cookies	browser.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping3552_1817453646\safety_tips.pb	browser.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping3552_2075940937\crs.pb	browser.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping3552_555121504\LICENSE	browser.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping3552_555121504\manifest.fingerprint	browser.exe
File created	C:\Program Files (x86)\scoped_dir5420_689915325\cookies.sqlite	browser.exe
File opened for modification	C:\Program Files (x86)\scoped_dir5420_689915325\cookies.sqlite-shm	browser.exe
File created	C:\Program Files (x86)\Yandex\YandexBrowser\23.9.0.2273\service_update.exe	service_update.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping3552_1817453646\manifest.fingerprint	browser.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping3552_2075940937\ct_config.pb	browser.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping3552_2075940937\_metadata\verified_contents.json	browser.exe
File created	C:\Program Files (x86)\scoped_dir5904_1435528002\Cookies	browser.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping3552_1817453646\_metadata\verified_contents.json	browser.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping3552_2075940937\kp_pinslist.pb	browser.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping3552_2075940937\manifest.json	browser.exe
File opened for modification	C:\Program Files (x86)\Yandex\YandexBrowser\23.9.0.2273\service_update.exe	service_update.exe
File opened for modification	C:\Program Files (x86)\Yandex\YandexBrowser\23.9.0.2273\debug.log	service_update.exe
File opened for modification	C:\Program Files (x86)\scoped_dir5824_687640355\places.sqlite-journal	browser.exe
File opened for modification	C:\Program Files (x86)\scoped_dir5420_689915325\cookies.sqlite	browser.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping3552_555121504\_platform_specific\win_x86\widevinecdm.dll	browser.exe
File created	C:\Program Files (x86)\scoped_dir5824_687640355\places.sqlite	browser.exe
File opened for modification	C:\Program Files (x86)\scoped_dir5824_687640355\places.sqlite	browser.exe
File opened for modification	C:\Program Files (x86)\scoped_dir5824_687640355\places.sqlite-shm	browser.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping3552_555121504\_platform_specific\win_x86\widevinecdm.dll.sig	browser.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping3552_1817453646\manifest.json	browser.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping3552_2075940937\manifest.fingerprint	browser.exe
File opened for modification	C:\Program Files (x86)\scoped_dir5824_687640355\places.sqlite-wal	browser.exe
File created	C:\Program Files (x86)\chrome_url_fetcher_3552_946047504\oimompecagnajdejgnnjijobebaeigek_4.10.2662.3_win32_acpd42llfpscbx2xl2llb3jaq4aq.crx3	browser.exe
File opened for modification	C:\Program Files (x86)\scoped_dir5420_689915325\cookies.sqlite-journal	browser.exe
File created	C:\Program Files (x86)\scoped_dir6036_1013725044\Network\Cookies	browser.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping3552_555121504\_metadata\verified_contents.json	browser.exe
File opened for modification	C:\Program Files (x86)\scoped_dir5420_689915325\cookies.sqlite-wal	browser.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\Tasks\System update for Yandex Browser.job	service_update.exe
File created	C:\Windows\Tasks\Update for Yandex Browser.job	service_update.exe
File created	C:\Windows\Tasks\Repairing Yandex Browser update service.job	service_update.exe
File created	C:\Windows\Tasks\Обновление Браузера Яндекс.job	browser.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	browser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	browser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	browser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	browser.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	browser.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	browser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	browser.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	browser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	browser.exe

Modifies data under HKEY_USERS 6 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software	service_update.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\AppDataLow	service_update.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\Yandex\UICreated_SYSTEM = "1"	service_update.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	browser.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133407302833507232"	browser.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\Yandex	service_update.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\YandexTIFF.2SBFOJ3HLWCBJZ3V6UJ4EZG3D4\shell	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\YandexTXT.2SBFOJ3HLWCBJZ3V6UJ4EZG3D4\shell	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\.pdf\OpenWithProgids	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\YandexHTML.2SBFOJ3HLWCBJZ3V6UJ4EZG3D4\shell\open	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\YandexINFE.2SBFOJ3HLWCBJZ3V6UJ4EZG3D4\shell\open\command	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\YandexSWF.2SBFOJ3HLWCBJZ3V6UJ4EZG3D4\shell	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\YandexWEBM.2SBFOJ3HLWCBJZ3V6UJ4EZG3D4\ = "Yandex Browser WEBM Document"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\.tiff\OpenWithProgids	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\YandexSWF.2SBFOJ3HLWCBJZ3V6UJ4EZG3D4\shell\open	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\YandexGIF.2SBFOJ3HLWCBJZ3V6UJ4EZG3D4\shell	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\YandexTIFF.2SBFOJ3HLWCBJZ3V6UJ4EZG3D4\shell\open\command	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\YandexPDF.2SBFOJ3HLWCBJZ3V6UJ4EZG3D4\shell	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\YandexSWF.2SBFOJ3HLWCBJZ3V6UJ4EZG3D4\shell\open\command	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\YandexWEBM.2SBFOJ3HLWCBJZ3V6UJ4EZG3D4\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-132"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\YandexXML.2SBFOJ3HLWCBJZ3V6UJ4EZG3D4\DefaultIcon	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\SystemFileAssociations\.jpeg\shell\image_search\Icon = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,0"	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\SystemFileAssociations\.jpg\shell\image_search	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\YandexFB2.2SBFOJ3HLWCBJZ3V6UJ4EZG3D4\DefaultIcon	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\YandexFB2.2SBFOJ3HLWCBJZ3V6UJ4EZG3D4\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-122"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\YandexFB2.2SBFOJ3HLWCBJZ3V6UJ4EZG3D4\shell	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\SystemFileAssociations\.png\shell\image_search\Icon = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,0"	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\YandexGIF.2SBFOJ3HLWCBJZ3V6UJ4EZG3D4	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\YandexWEBM.2SBFOJ3HLWCBJZ3V6UJ4EZG3D4\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\.pdf	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\YandexWEBM.2SBFOJ3HLWCBJZ3V6UJ4EZG3D4\shell\open\command	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\YandexFB2.2SBFOJ3HLWCBJZ3V6UJ4EZG3D4	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\YandexEPUB.2SBFOJ3HLWCBJZ3V6UJ4EZG3D4	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\YandexTXT.2SBFOJ3HLWCBJZ3V6UJ4EZG3D4\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-120"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\YandexHTML.2SBFOJ3HLWCBJZ3V6UJ4EZG3D4\Application	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\.jpeg\OpenWithProgids	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\YandexJS.2SBFOJ3HLWCBJZ3V6UJ4EZG3D4\shell	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\YandexJPEG.2SBFOJ3HLWCBJZ3V6UJ4EZG3D4\shell	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\YandexWEBM.2SBFOJ3HLWCBJZ3V6UJ4EZG3D4\DefaultIcon	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\YandexTIFF.2SBFOJ3HLWCBJZ3V6UJ4EZG3D4\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\YandexEPUB.2SBFOJ3HLWCBJZ3V6UJ4EZG3D4\ = "Yandex Browser EPUB Document"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\YandexHTML.2SBFOJ3HLWCBJZ3V6UJ4EZG3D4\DefaultIcon	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\YandexPNG.2SBFOJ3HLWCBJZ3V6UJ4EZG3D4\ = "Yandex Browser PNG Document"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\SystemFileAssociations\.tiff\shell	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\SystemFileAssociations\.tif	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\YandexJS.2SBFOJ3HLWCBJZ3V6UJ4EZG3D4\shell\open	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\YandexJPEG.2SBFOJ3HLWCBJZ3V6UJ4EZG3D4	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\.fb2\OpenWithProgids	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\.infected\OpenWithProgids	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\YandexPNG.2SBFOJ3HLWCBJZ3V6UJ4EZG3D4\DefaultIcon	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\.css\OpenWithProgids\YandexCSS.2SBFOJ3HLWCBJZ3V6UJ4EZG3D4	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\YandexFB2.2SBFOJ3HLWCBJZ3V6UJ4EZG3D4\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-122"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\YandexPDF.2SBFOJ3HLWCBJZ3V6UJ4EZG3D4\DefaultIcon	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\YandexPDF.2SBFOJ3HLWCBJZ3V6UJ4EZG3D4\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-112"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\.css\OpenWithProgids	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\.shtml\OpenWithProgids\YandexHTML.2SBFOJ3HLWCBJZ3V6UJ4EZG3D4	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\YandexFB2.2SBFOJ3HLWCBJZ3V6UJ4EZG3D4\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\YandexGIF.2SBFOJ3HLWCBJZ3V6UJ4EZG3D4	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\YandexWEBP.2SBFOJ3HLWCBJZ3V6UJ4EZG3D4\DefaultIcon	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\YandexWEBM.2SBFOJ3HLWCBJZ3V6UJ4EZG3D4\shell\open	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\YandexCSS.2SBFOJ3HLWCBJZ3V6UJ4EZG3D4\shell\open	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\.js	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\YandexTIFF.2SBFOJ3HLWCBJZ3V6UJ4EZG3D4\shell\open\command	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\YandexPDF.2SBFOJ3HLWCBJZ3V6UJ4EZG3D4\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\YandexCRX.2SBFOJ3HLWCBJZ3V6UJ4EZG3D4\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\.epub\OpenWithProgids\YandexEPUB.2SBFOJ3HLWCBJZ3V6UJ4EZG3D4	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\.txt\OpenWithProgids\YandexTXT.2SBFOJ3HLWCBJZ3V6UJ4EZG3D4	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\SystemFileAssociations\.gif\shell\image_search\ = "Поиск по картинке"	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\YandexTXT.2SBFOJ3HLWCBJZ3V6UJ4EZG3D4\shell\open\command	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\.gif	setup.exe

Modifies system certificate store 2 TTPs 9 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8	6ba168e3412bb85a107dbb5896c5a7b0a46a4e0b7f108007f3c98d5754601fb5.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b8200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82	6ba168e3412bb85a107dbb5896c5a7b0a46a4e0b7f108007f3c98d5754601fb5.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 1900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b8200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82	6ba168e3412bb85a107dbb5896c5a7b0a46a4e0b7f108007f3c98d5754601fb5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 5c000000010000000400000000080000190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa604000000010000001000000087ce0b7b2a0e4900e158719b37a893722000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 040000000100000010000000e94fb54871208c00df70f708ac47085b0300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c1900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b4200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 5c0000000100000004000000001000001900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b8040000000100000010000000e94fb54871208c00df70f708ac47085b200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	setup.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
4092	service_update.exe
4092	service_update.exe
2004	service_update.exe
2004	service_update.exe
1532	service_update.exe
1532	service_update.exe
5020	service_update.exe
5020	service_update.exe
2980	service_update.exe
2980	service_update.exe
1764	setup.exe
1764	setup.exe
1764	setup.exe
1764	setup.exe
3552	browser.exe
3552	browser.exe
3552	browser.exe
3552	browser.exe
3552	browser.exe
3552	browser.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3552	browser.exe
Token: SeCreatePagefilePrivilege	3552	browser.exe
Token: SeShutdownPrivilege	3552	browser.exe
Token: SeCreatePagefilePrivilege	3552	browser.exe
Token: SeShutdownPrivilege	3552	browser.exe
Token: SeCreatePagefilePrivilege	3552	browser.exe
Token: SeShutdownPrivilege	3552	browser.exe
Token: SeCreatePagefilePrivilege	3552	browser.exe
Token: SeShutdownPrivilege	3552	browser.exe
Token: SeCreatePagefilePrivilege	3552	browser.exe
Token: SeShutdownPrivilege	3552	browser.exe
Token: SeCreatePagefilePrivilege	3552	browser.exe
Token: SeShutdownPrivilege	3552	browser.exe
Token: SeCreatePagefilePrivilege	3552	browser.exe
Token: SeShutdownPrivilege	3552	browser.exe
Token: SeCreatePagefilePrivilege	3552	browser.exe
Token: SeShutdownPrivilege	3552	browser.exe
Token: SeCreatePagefilePrivilege	3552	browser.exe
Token: SeShutdownPrivilege	3552	browser.exe
Token: SeCreatePagefilePrivilege	3552	browser.exe
Token: SeShutdownPrivilege	3552	browser.exe
Token: SeCreatePagefilePrivilege	3552	browser.exe
Token: SeShutdownPrivilege	3552	browser.exe
Token: SeCreatePagefilePrivilege	3552	browser.exe
Token: SeShutdownPrivilege	3552	browser.exe
Token: SeCreatePagefilePrivilege	3552	browser.exe
Token: SeShutdownPrivilege	3552	browser.exe
Token: SeCreatePagefilePrivilege	3552	browser.exe
Token: SeShutdownPrivilege	3552	browser.exe
Token: SeCreatePagefilePrivilege	3552	browser.exe
Token: SeShutdownPrivilege	3552	browser.exe
Token: SeCreatePagefilePrivilege	3552	browser.exe
Token: SeShutdownPrivilege	3552	browser.exe
Token: SeCreatePagefilePrivilege	3552	browser.exe
Token: SeShutdownPrivilege	3552	browser.exe
Token: SeCreatePagefilePrivilege	3552	browser.exe
Token: SeShutdownPrivilege	3552	browser.exe
Token: SeCreatePagefilePrivilege	3552	browser.exe
Token: SeShutdownPrivilege	3552	browser.exe
Token: SeCreatePagefilePrivilege	3552	browser.exe
Token: SeShutdownPrivilege	3552	browser.exe
Token: SeCreatePagefilePrivilege	3552	browser.exe
Token: SeShutdownPrivilege	3552	browser.exe
Token: SeCreatePagefilePrivilege	3552	browser.exe
Token: SeShutdownPrivilege	3552	browser.exe
Token: SeCreatePagefilePrivilege	3552	browser.exe
Token: SeShutdownPrivilege	3552	browser.exe
Token: SeCreatePagefilePrivilege	3552	browser.exe
Token: SeShutdownPrivilege	3552	browser.exe
Token: SeCreatePagefilePrivilege	3552	browser.exe
Token: SeShutdownPrivilege	3552	browser.exe
Token: SeCreatePagefilePrivilege	3552	browser.exe
Token: SeShutdownPrivilege	368	browser.exe
Token: SeCreatePagefilePrivilege	368	browser.exe
Token: SeShutdownPrivilege	3552	browser.exe
Token: SeCreatePagefilePrivilege	3552	browser.exe
Token: SeShutdownPrivilege	3552	browser.exe
Token: SeCreatePagefilePrivilege	3552	browser.exe
Token: SeShutdownPrivilege	3552	browser.exe
Token: SeCreatePagefilePrivilege	3552	browser.exe
Token: SeShutdownPrivilege	3552	browser.exe
Token: SeCreatePagefilePrivilege	3552	browser.exe
Token: SeShutdownPrivilege	3552	browser.exe
Token: SeCreatePagefilePrivilege	3552	browser.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
2320	6ba168e3412bb85a107dbb5896c5a7b0a46a4e0b7f108007f3c98d5754601fb5.exe
1348	explorer.exe
3552	browser.exe
3552	browser.exe
3552	browser.exe
3552	browser.exe
3552	browser.exe
3552	browser.exe
3552	browser.exe
3552	browser.exe
3552	browser.exe
3552	browser.exe
3552	browser.exe
3552	browser.exe
3552	browser.exe
3552	browser.exe
3552	browser.exe
3552	browser.exe
3552	browser.exe
3552	browser.exe
3552	browser.exe
3552	browser.exe
3552	browser.exe
3552	browser.exe
3552	browser.exe
3552	browser.exe
3552	browser.exe
3552	browser.exe
3552	browser.exe
3552	browser.exe
3552	browser.exe
3552	browser.exe
3552	browser.exe
3552	browser.exe
3552	browser.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
3552	browser.exe
3552	browser.exe
3552	browser.exe
3552	browser.exe
3552	browser.exe
3552	browser.exe
3552	browser.exe
3552	browser.exe
3552	browser.exe
3552	browser.exe
3552	browser.exe
3552	browser.exe
3552	browser.exe
3552	browser.exe
3552	browser.exe
3552	browser.exe
3552	browser.exe
3552	browser.exe
3552	browser.exe
3552	browser.exe
3552	browser.exe
3552	browser.exe
3552	browser.exe
3552	browser.exe
3552	browser.exe
3552	browser.exe
3552	browser.exe
3552	browser.exe
3552	browser.exe
3552	browser.exe
3552	browser.exe
3552	browser.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2320	6ba168e3412bb85a107dbb5896c5a7b0a46a4e0b7f108007f3c98d5754601fb5.exe
3552	browser.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2320 wrote to memory of 4560	2320	6ba168e3412bb85a107dbb5896c5a7b0a46a4e0b7f108007f3c98d5754601fb5.exe	86
PID 2320 wrote to memory of 4560	2320	6ba168e3412bb85a107dbb5896c5a7b0a46a4e0b7f108007f3c98d5754601fb5.exe	86
PID 2320 wrote to memory of 4560	2320	6ba168e3412bb85a107dbb5896c5a7b0a46a4e0b7f108007f3c98d5754601fb5.exe	86
PID 4560 wrote to memory of 3504	4560	6ba168e3412bb85a107dbb5896c5a7b0a46a4e0b7f108007f3c98d5754601fb5.exe	95
PID 4560 wrote to memory of 3504	4560	6ba168e3412bb85a107dbb5896c5a7b0a46a4e0b7f108007f3c98d5754601fb5.exe	95
PID 4560 wrote to memory of 3504	4560	6ba168e3412bb85a107dbb5896c5a7b0a46a4e0b7f108007f3c98d5754601fb5.exe	95
PID 3504 wrote to memory of 2560	3504	yb9E34.tmp	96
PID 3504 wrote to memory of 2560	3504	yb9E34.tmp	96
PID 3504 wrote to memory of 2560	3504	yb9E34.tmp	96
PID 2560 wrote to memory of 1764	2560	setup.exe	97
PID 2560 wrote to memory of 1764	2560	setup.exe	97
PID 2560 wrote to memory of 1764	2560	setup.exe	97
PID 1764 wrote to memory of 3532	1764	setup.exe	98
PID 1764 wrote to memory of 3532	1764	setup.exe	98
PID 1764 wrote to memory of 3532	1764	setup.exe	98
PID 1764 wrote to memory of 4092	1764	setup.exe	109
PID 1764 wrote to memory of 4092	1764	setup.exe	109
PID 1764 wrote to memory of 4092	1764	setup.exe	109
PID 4092 wrote to memory of 2004	4092	service_update.exe	110
PID 4092 wrote to memory of 2004	4092	service_update.exe	110
PID 4092 wrote to memory of 2004	4092	service_update.exe	110
PID 1532 wrote to memory of 4608	1532	service_update.exe	113
PID 1532 wrote to memory of 4608	1532	service_update.exe	113
PID 1532 wrote to memory of 4608	1532	service_update.exe	113
PID 1532 wrote to memory of 5020	1532	service_update.exe	112
PID 1532 wrote to memory of 5020	1532	service_update.exe	112
PID 1532 wrote to memory of 5020	1532	service_update.exe	112
PID 5020 wrote to memory of 2980	5020	service_update.exe	114
PID 5020 wrote to memory of 2980	5020	service_update.exe	114
PID 5020 wrote to memory of 2980	5020	service_update.exe	114
PID 1764 wrote to memory of 2284	1764	setup.exe	116
PID 1764 wrote to memory of 2284	1764	setup.exe	116
PID 1764 wrote to memory of 2284	1764	setup.exe	116
PID 2284 wrote to memory of 1348	2284	Yandex.exe	117
PID 2284 wrote to memory of 1348	2284	Yandex.exe	117
PID 2284 wrote to memory of 1348	2284	Yandex.exe	117
PID 1764 wrote to memory of 4644	1764	setup.exe	118
PID 1764 wrote to memory of 4644	1764	setup.exe	118
PID 1764 wrote to memory of 4644	1764	setup.exe	118
PID 1764 wrote to memory of 3672	1764	setup.exe	120
PID 1764 wrote to memory of 3672	1764	setup.exe	120
PID 1764 wrote to memory of 3672	1764	setup.exe	120
PID 3552 wrote to memory of 1716	3552	browser.exe	123
PID 3552 wrote to memory of 1716	3552	browser.exe	123
PID 3552 wrote to memory of 1716	3552	browser.exe	123
PID 3552 wrote to memory of 900	3552	browser.exe	124
PID 3552 wrote to memory of 900	3552	browser.exe	124
PID 3552 wrote to memory of 900	3552	browser.exe	124
PID 3552 wrote to memory of 900	3552	browser.exe	124
PID 3552 wrote to memory of 900	3552	browser.exe	124
PID 3552 wrote to memory of 900	3552	browser.exe	124
PID 3552 wrote to memory of 900	3552	browser.exe	124
PID 3552 wrote to memory of 900	3552	browser.exe	124
PID 3552 wrote to memory of 900	3552	browser.exe	124
PID 3552 wrote to memory of 900	3552	browser.exe	124
PID 3552 wrote to memory of 900	3552	browser.exe	124
PID 3552 wrote to memory of 900	3552	browser.exe	124
PID 3552 wrote to memory of 900	3552	browser.exe	124
PID 3552 wrote to memory of 900	3552	browser.exe	124
PID 3552 wrote to memory of 900	3552	browser.exe	124
PID 3552 wrote to memory of 900	3552	browser.exe	124
PID 3552 wrote to memory of 900	3552	browser.exe	124
PID 3552 wrote to memory of 900	3552	browser.exe	124
PID 3552 wrote to memory of 900	3552	browser.exe	124

C:\Users\Admin\AppData\Local\Temp\6ba168e3412bb85a107dbb5896c5a7b0a46a4e0b7f108007f3c98d5754601fb5.exe
"C:\Users\Admin\AppData\Local\Temp\6ba168e3412bb85a107dbb5896c5a7b0a46a4e0b7f108007f3c98d5754601fb5.exe"
1⤵
- Checks computer location settings
- Modifies system certificate store
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2320
- C:\Users\Admin\AppData\Local\Temp\6ba168e3412bb85a107dbb5896c5a7b0a46a4e0b7f108007f3c98d5754601fb5.exe
  "C:\Users\Admin\AppData\Local\Temp\6ba168e3412bb85a107dbb5896c5a7b0a46a4e0b7f108007f3c98d5754601fb5.exe" --parent-installer-process-id=2320 --run-as-admin --setup-cmd-line="fake_browser_arc --abt-config-resource-file=\"C:\Users\Admin\AppData\Local\Temp\abt_config_resource\" --abt-update-path=\"C:\Users\Admin\AppData\Local\Temp\b9fb088e-87d3-4a7a-9290-cb9c06edc2df.tmp\" --brand-name=yandex --distr-info-file=\"C:\Users\Admin\AppData\Local\Temp\distrib_info\" --make-browser-default-after-import --progress-window=524826 --send-statistics --the-interface-availability=190411288 --variations-update-path=\"C:\Users\Admin\AppData\Local\Temp\75c253bc-9432-4d53-a541-14de932aa93f.tmp\" --verbose-logging"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4560
- - C:\Users\Admin\AppData\Local\Temp\yb9E34.tmp
    "C:\Users\Admin\AppData\Local\Temp\yb9E34.tmp" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\b9fb088e-87d3-4a7a-9290-cb9c06edc2df.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=12 --install-start-time-no-uac=479153265 --install-start-time-no-uac-with-suspension=240624092000 --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --make-browser-default-after-import --partner-package="C:\Users\Admin\AppData\Local\Temp\PartnerFile" --progress-window=524826 --send-statistics --source=lite --the-interface-availability=190411288 --variations-update-path="C:\Users\Admin\AppData\Local\Temp\75c253bc-9432-4d53-a541-14de932aa93f.tmp" --verbose-logging
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:3504
  - - C:\Users\Admin\AppData\Local\Temp\YB_1E0F5.tmp\setup.exe
      "C:\Users\Admin\AppData\Local\Temp\YB_1E0F5.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_1E0F5.tmp\BROWSER.PACKED.7Z" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\b9fb088e-87d3-4a7a-9290-cb9c06edc2df.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=12 --install-start-time-no-uac=479153265 --install-start-time-no-uac-with-suspension=240624092000 --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --make-browser-default-after-import --partner-package="C:\Users\Admin\AppData\Local\Temp\PartnerFile" --progress-window=524826 --send-statistics --source=lite --the-interface-availability=190411288 --variations-update-path="C:\Users\Admin\AppData\Local\Temp\75c253bc-9432-4d53-a541-14de932aa93f.tmp" --verbose-logging
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:2560
    - - C:\Users\Admin\AppData\Local\Temp\YB_1E0F5.tmp\setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\YB_1E0F5.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_1E0F5.tmp\BROWSER.PACKED.7Z" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\b9fb088e-87d3-4a7a-9290-cb9c06edc2df.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=12 --install-start-time-no-uac=479153265 --install-start-time-no-uac-with-suspension=240624092000 --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --make-browser-default-after-import --partner-package="C:\Users\Admin\AppData\Local\Temp\PartnerFile" --progress-window=524826 --send-statistics --source=lite --the-interface-availability=190411288 --variations-update-path="C:\Users\Admin\AppData\Local\Temp\75c253bc-9432-4d53-a541-14de932aa93f.tmp" --verbose-logging --verbose-logging --run-as-admin --target-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application" --child-setup-process --restart-as-admin-time=501325187
        5⤵
        Executes dropped EXE
        Modifies registry class
        Modifies system certificate store
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:1764
      - C:\Users\Admin\AppData\Local\Temp\YB_1E0F5.tmp\setup.exe
        
        C:\Users\Admin\AppData\Local\Temp\YB_1E0F5.tmp\setup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=f5ea51da667ecd6b5f2b9d06e4a3fc52 --annotation=main_process_pid=1764 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=23.9.0.2273 --initial-client-data=0x338,0x33c,0x340,0x314,0x344,0xf2aff0,0xf2b000,0xf2b00c
        6⤵
        Executes dropped EXE
        
        PID:3532
      - C:\Windows\TEMP\sdwra_1764_1641273693\service_update.exe
        
        "C:\Windows\TEMP\sdwra_1764_1641273693\service_update.exe" --setup
        6⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in Program Files directory
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:4092
        
        C:\Program Files (x86)\Yandex\YandexBrowser\23.9.0.2273\service_update.exe
        
        "C:\Program Files (x86)\Yandex\YandexBrowser\23.9.0.2273\service_update.exe" --install
        7⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:2004
      - C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe
        
        C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe --silent
        6⤵
        Checks computer location settings
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\pin\explorer.exe
        
        C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe --silent /pin-path="C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.lnk" --is-pinning
        7⤵
        Checks computer location settings
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        
        PID:1348
      - C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
        
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Temp\clids.xml"
        6⤵
        Executes dropped EXE
        
        PID:4644
      - C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
        
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\source1764_2080670773\Browser-bin\clids_yandex.xml"
        6⤵
        Executes dropped EXE
        
        PID:3672

C:\Program Files (x86)\Yandex\YandexBrowser\23.9.0.2273\service_update.exe
"C:\Program Files (x86)\Yandex\YandexBrowser\23.9.0.2273\service_update.exe" --run-as-service
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1532
- C:\Program Files (x86)\Yandex\YandexBrowser\23.9.0.2273\service_update.exe
  "C:\Program Files (x86)\Yandex\YandexBrowser\23.9.0.2273\service_update.exe" --update-scheduler
  2⤵
  - Executes dropped EXE
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:5020
- - C:\Program Files (x86)\Yandex\YandexBrowser\23.9.0.2273\service_update.exe
    "C:\Program Files (x86)\Yandex\YandexBrowser\23.9.0.2273\service_update.exe" --update-background-scheduler
    3⤵
    - Executes dropped EXE
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    PID:2980
- C:\Program Files (x86)\Yandex\YandexBrowser\23.9.0.2273\service_update.exe
  "C:\Program Files (x86)\Yandex\YandexBrowser\23.9.0.2273\service_update.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=f5ea51da667ecd6b5f2b9d06e4a3fc52 --annotation=main_process_pid=1532 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=23.9.0.2273 --initial-client-data=0x258,0x25c,0x260,0x234,0x264,0xb79940,0xb79950,0xb7995c
  2⤵
  - Executes dropped EXE
  PID:4608

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --progress-window=524826 --install-start-time-no-uac=479153265 --install-start-time-no-uac-with-suspension=240624092000
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Program Files directory
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3552
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id= --annotation=main_process_pid=3552 --annotation=metrics_client_id=d73ae7f7745e4dd191dd420244b3d101 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=23.9.0.2273 --initial-client-data=0x184,0x188,0x18c,0x160,0x190,0x71f49c60,0x71f49c70,0x71f49c7c
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1716
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=6ACFFA4B-6D7E-4370-A356-22EB452570AC --brand-id=yandex --partner-id=switch-browser --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2188 --field-trial-handle=2248,i,3676678324094337113,8868568161141936440,262144 --disable-features=WebGalleryRotation /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:900
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=ru --service-sandbox-type=service --user-id=6ACFFA4B-6D7E-4370-A356-22EB452570AC --brand-id=yandex --partner-id=switch-browser --process-name="Storage Service" --mojo-platform-channel-handle=2872 --field-trial-handle=2248,i,3676678324094337113,8868568161141936440,262144 --disable-features=WebGalleryRotation --brver=23.9.0.2273 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2136
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=6ACFFA4B-6D7E-4370-A356-22EB452570AC --brand-id=yandex --partner-id=switch-browser --process-name="Network Service" --mojo-platform-channel-handle=2608 --field-trial-handle=2248,i,3676678324094337113,8868568161141936440,262144 --disable-features=WebGalleryRotation --brver=23.9.0.2273 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2124
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=ru --service-sandbox-type=audio --user-id=6ACFFA4B-6D7E-4370-A356-22EB452570AC --brand-id=yandex --partner-id=switch-browser --process-name="Audio Service" --mojo-platform-channel-handle=2936 --field-trial-handle=2248,i,3676678324094337113,8868568161141936440,262144 --disable-features=WebGalleryRotation --brver=23.9.0.2273 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2036
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=6ACFFA4B-6D7E-4370-A356-22EB452570AC --brand-id=yandex --partner-id=switch-browser --extension-process --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --first-renderer-process --allow-prefetch --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3900 --field-trial-handle=2248,i,3676678324094337113,8868568161141936440,262144 --disable-features=WebGalleryRotation /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:852
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=ru --service-sandbox-type=none --user-id=6ACFFA4B-6D7E-4370-A356-22EB452570AC --brand-id=yandex --partner-id=switch-browser --process-name="Video Capture" --mojo-platform-channel-handle=3872 --field-trial-handle=2248,i,3676678324094337113,8868568161141936440,262144 --disable-features=WebGalleryRotation --brver=23.9.0.2273 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1708
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=6ACFFA4B-6D7E-4370-A356-22EB452570AC --brand-id=yandex --partner-id=switch-browser --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --allow-prefetch --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4404 --field-trial-handle=2248,i,3676678324094337113,8868568161141936440,262144 --disable-features=WebGalleryRotation /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2224
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=6ACFFA4B-6D7E-4370-A356-22EB452570AC --brand-id=yandex --partner-id=switch-browser --process-name="Data Decoder Service" --mojo-platform-channel-handle=4000 --field-trial-handle=2248,i,3676678324094337113,8868568161141936440,262144 --disable-features=WebGalleryRotation --brver=23.9.0.2273 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4752
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=uwp_cookie_provider.mojom.UwpCookieProvider --lang=ru --service-sandbox-type=utility --user-id=6ACFFA4B-6D7E-4370-A356-22EB452570AC --brand-id=yandex --partner-id=switch-browser --process-name=uwp_cookie_provider.mojom.UwpCookieProvider --mojo-platform-channel-handle=4892 --field-trial-handle=2248,i,3676678324094337113,8868568161141936440,262144 --disable-features=WebGalleryRotation --brver=23.9.0.2273 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5636
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=ru --service-sandbox-type=none --user-id=6ACFFA4B-6D7E-4370-A356-22EB452570AC --brand-id=yandex --partner-id=switch-browser --process-name="Импорт профилей" --mojo-platform-channel-handle=4872 --field-trial-handle=2248,i,3676678324094337113,8868568161141936440,262144 --disable-features=WebGalleryRotation --brver=23.9.0.2273 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  PID:5824
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\23.9.0.2273\Installer\setup.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\23.9.0.2273\Installer\setup.exe" --set-as-default-browser
  2⤵
  - Executes dropped EXE
  - Modifies registry class
  PID:6028
- - C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\23.9.0.2273\Installer\setup.exe
    C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\23.9.0.2273\Installer\setup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=f5ea51da667ecd6b5f2b9d06e4a3fc52 --annotation=main_process_pid=6028 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=23.9.0.2273 --initial-client-data=0x338,0x33c,0x340,0x314,0x344,0x80aff0,0x80b000,0x80b00c
    3⤵
    - Executes dropped EXE
    PID:6060
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=6ACFFA4B-6D7E-4370-A356-22EB452570AC --brand-id=yandex --partner-id=switch-browser --process-name="Data Decoder Service" --mojo-platform-channel-handle=5624 --field-trial-handle=2248,i,3676678324094337113,8868568161141936440,262144 --disable-features=WebGalleryRotation --brver=23.9.0.2273 /prefetch:8
  2⤵
  PID:5332
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=6ACFFA4B-6D7E-4370-A356-22EB452570AC --brand-id=yandex --partner-id=switch-browser --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4320 --field-trial-handle=2248,i,3676678324094337113,8868568161141936440,262144 --disable-features=WebGalleryRotation /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5388
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=6ACFFA4B-6D7E-4370-A356-22EB452570AC --brand-id=yandex --partner-id=switch-browser --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --ya-custo-process --enable-instaserp --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5776 --field-trial-handle=2248,i,3676678324094337113,8868568161141936440,262144 --disable-features=WebGalleryRotation /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5712
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=6ACFFA4B-6D7E-4370-A356-22EB452570AC --brand-id=yandex --partner-id=switch-browser --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --ya-custo-process --enable-instaserp --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5628 --field-trial-handle=2248,i,3676678324094337113,8868568161141936440,262144 --disable-features=WebGalleryRotation /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5920
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=6ACFFA4B-6D7E-4370-A356-22EB452570AC --brand-id=yandex --partner-id=switch-browser --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4500 --field-trial-handle=2248,i,3676678324094337113,8868568161141936440,262144 --disable-features=WebGalleryRotation /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4780
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=6ACFFA4B-6D7E-4370-A356-22EB452570AC --brand-id=yandex --partner-id=switch-browser --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6428 --field-trial-handle=2248,i,3676678324094337113,8868568161141936440,262144 --disable-features=WebGalleryRotation /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:320
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=ru --service-sandbox-type=none --user-id=6ACFFA4B-6D7E-4370-A356-22EB452570AC --brand-id=yandex --partner-id=switch-browser --process-name="Утилиты Windows" --mojo-platform-channel-handle=6492 --field-trial-handle=2248,i,3676678324094337113,8868568161141936440,262144 --disable-features=WebGalleryRotation --brver=23.9.0.2273 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5616
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=service --user-id=6ACFFA4B-6D7E-4370-A356-22EB452570AC --brand-id=yandex --partner-id=switch-browser --process-name="Распаковщик файлов" --mojo-platform-channel-handle=6496 --field-trial-handle=2248,i,3676678324094337113,8868568161141936440,262144 --disable-features=WebGalleryRotation --brver=23.9.0.2273 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5768
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=6ACFFA4B-6D7E-4370-A356-22EB452570AC --brand-id=yandex --partner-id=switch-browser --process-name="Data Decoder Service" --mojo-platform-channel-handle=6736 --field-trial-handle=2248,i,3676678324094337113,8868568161141936440,262144 --disable-features=WebGalleryRotation --brver=23.9.0.2273 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5772
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=6ACFFA4B-6D7E-4370-A356-22EB452570AC --brand-id=yandex --partner-id=switch-browser --process-name="Data Decoder Service" --mojo-platform-channel-handle=6924 --field-trial-handle=2248,i,3676678324094337113,8868568161141936440,262144 --disable-features=WebGalleryRotation --brver=23.9.0.2273 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:116
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=6ACFFA4B-6D7E-4370-A356-22EB452570AC --brand-id=yandex --partner-id=switch-browser --process-name="Data Decoder Service" --mojo-platform-channel-handle=7084 --field-trial-handle=2248,i,3676678324094337113,8868568161141936440,262144 --disable-features=WebGalleryRotation --brver=23.9.0.2273 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5908
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=6ACFFA4B-6D7E-4370-A356-22EB452570AC --brand-id=yandex --partner-id=switch-browser --process-name="Data Decoder Service" --mojo-platform-channel-handle=7216 --field-trial-handle=2248,i,3676678324094337113,8868568161141936440,262144 --disable-features=WebGalleryRotation --brver=23.9.0.2273 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5928
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=6ACFFA4B-6D7E-4370-A356-22EB452570AC --brand-id=yandex --partner-id=switch-browser --process-name="Data Decoder Service" --mojo-platform-channel-handle=7356 --field-trial-handle=2248,i,3676678324094337113,8868568161141936440,262144 --disable-features=WebGalleryRotation --brver=23.9.0.2273 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5332
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=6ACFFA4B-6D7E-4370-A356-22EB452570AC --brand-id=yandex --partner-id=switch-browser --process-name="Data Decoder Service" --mojo-platform-channel-handle=7388 --field-trial-handle=2248,i,3676678324094337113,8868568161141936440,262144 --disable-features=WebGalleryRotation --brver=23.9.0.2273 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4372
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=6ACFFA4B-6D7E-4370-A356-22EB452570AC --brand-id=yandex --partner-id=switch-browser --process-name="Data Decoder Service" --mojo-platform-channel-handle=7644 --field-trial-handle=2248,i,3676678324094337113,8868568161141936440,262144 --disable-features=WebGalleryRotation --brver=23.9.0.2273 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4788
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=6ACFFA4B-6D7E-4370-A356-22EB452570AC --brand-id=yandex --partner-id=switch-browser --process-name="Data Decoder Service" --mojo-platform-channel-handle=7764 --field-trial-handle=2248,i,3676678324094337113,8868568161141936440,262144 --disable-features=WebGalleryRotation --brver=23.9.0.2273 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5144
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=6ACFFA4B-6D7E-4370-A356-22EB452570AC --brand-id=yandex --partner-id=switch-browser --process-name="Data Decoder Service" --mojo-platform-channel-handle=7896 --field-trial-handle=2248,i,3676678324094337113,8868568161141936440,262144 --disable-features=WebGalleryRotation --brver=23.9.0.2273 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:6140
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=6ACFFA4B-6D7E-4370-A356-22EB452570AC --brand-id=yandex --partner-id=switch-browser --process-name="Data Decoder Service" --mojo-platform-channel-handle=8024 --field-trial-handle=2248,i,3676678324094337113,8868568161141936440,262144 --disable-features=WebGalleryRotation --brver=23.9.0.2273 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5308
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=6ACFFA4B-6D7E-4370-A356-22EB452570AC --brand-id=yandex --partner-id=switch-browser --process-name="Data Decoder Service" --mojo-platform-channel-handle=8164 --field-trial-handle=2248,i,3676678324094337113,8868568161141936440,262144 --disable-features=WebGalleryRotation --brver=23.9.0.2273 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5368
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=6ACFFA4B-6D7E-4370-A356-22EB452570AC --brand-id=yandex --partner-id=switch-browser --process-name="Data Decoder Service" --mojo-platform-channel-handle=8316 --field-trial-handle=2248,i,3676678324094337113,8868568161141936440,262144 --disable-features=WebGalleryRotation --brver=23.9.0.2273 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:5572
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=6ACFFA4B-6D7E-4370-A356-22EB452570AC --brand-id=yandex --partner-id=switch-browser --process-name="Data Decoder Service" --mojo-platform-channel-handle=8452 --field-trial-handle=2248,i,3676678324094337113,8868568161141936440,262144 --disable-features=WebGalleryRotation --brver=23.9.0.2273 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:3596
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=6ACFFA4B-6D7E-4370-A356-22EB452570AC --brand-id=yandex --partner-id=switch-browser --process-name="Data Decoder Service" --mojo-platform-channel-handle=8476 --field-trial-handle=2248,i,3676678324094337113,8868568161141936440,262144 --disable-features=WebGalleryRotation --brver=23.9.0.2273 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:5592
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=6ACFFA4B-6D7E-4370-A356-22EB452570AC --brand-id=yandex --partner-id=switch-browser --process-name="Data Decoder Service" --mojo-platform-channel-handle=8736 --field-trial-handle=2248,i,3676678324094337113,8868568161141936440,262144 --disable-features=WebGalleryRotation --brver=23.9.0.2273 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:5760
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=6ACFFA4B-6D7E-4370-A356-22EB452570AC --brand-id=yandex --partner-id=switch-browser --process-name="Data Decoder Service" --mojo-platform-channel-handle=8760 --field-trial-handle=2248,i,3676678324094337113,8868568161141936440,262144 --disable-features=WebGalleryRotation --brver=23.9.0.2273 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:5988
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=6ACFFA4B-6D7E-4370-A356-22EB452570AC --brand-id=yandex --partner-id=switch-browser --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=3920 --field-trial-handle=2248,i,3676678324094337113,8868568161141936440,262144 --disable-features=WebGalleryRotation /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  PID:1420
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=ru --service-sandbox-type=none --user-id=6ACFFA4B-6D7E-4370-A356-22EB452570AC --brand-id=yandex --partner-id=switch-browser --process-name="Утилиты Windows" --mojo-platform-channel-handle=6748 --field-trial-handle=2248,i,3676678324094337113,8868568161141936440,262144 --disable-features=WebGalleryRotation --brver=23.9.0.2273 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:3220
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=ru --service-sandbox-type=none --user-id=6ACFFA4B-6D7E-4370-A356-22EB452570AC --brand-id=yandex --partner-id=switch-browser --process-name="Утилиты Windows" --mojo-platform-channel-handle=4520 --field-trial-handle=2248,i,3676678324094337113,8868568161141936440,262144 --disable-features=WebGalleryRotation --brver=23.9.0.2273 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:5628
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=ru --service-sandbox-type=none --user-id=6ACFFA4B-6D7E-4370-A356-22EB452570AC --brand-id=yandex --partner-id=switch-browser --process-name="Импорт профилей" --mojo-platform-channel-handle=1108 --field-trial-handle=2248,i,3676678324094337113,8868568161141936440,262144 --disable-features=WebGalleryRotation --brver=23.9.0.2273 /prefetch:8
  2⤵
  - Drops file in Program Files directory
  PID:5420
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=ru --service-sandbox-type=none --user-id=6ACFFA4B-6D7E-4370-A356-22EB452570AC --brand-id=yandex --partner-id=switch-browser --process-name="Импорт профилей" --mojo-platform-channel-handle=1140 --field-trial-handle=2248,i,3676678324094337113,8868568161141936440,262144 --disable-features=WebGalleryRotation --brver=23.9.0.2273 /prefetch:8
  2⤵
  PID:5984
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=ru --service-sandbox-type=none --user-id=6ACFFA4B-6D7E-4370-A356-22EB452570AC --brand-id=yandex --partner-id=switch-browser --process-name="Импорт профилей" --mojo-platform-channel-handle=6428 --field-trial-handle=2248,i,3676678324094337113,8868568161141936440,262144 --disable-features=WebGalleryRotation --brver=23.9.0.2273 /prefetch:8
  2⤵
  - Drops file in Program Files directory
  PID:5904
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=ru --service-sandbox-type=none --user-id=6ACFFA4B-6D7E-4370-A356-22EB452570AC --brand-id=yandex --partner-id=switch-browser --process-name="Импорт профилей" --mojo-platform-channel-handle=1156 --field-trial-handle=2248,i,3676678324094337113,8868568161141936440,262144 --disable-features=WebGalleryRotation --brver=23.9.0.2273 /prefetch:8
  2⤵
  - Drops file in Program Files directory
  PID:6036
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=6ACFFA4B-6D7E-4370-A356-22EB452570AC --brand-id=yandex --partner-id=switch-browser --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=1156 --field-trial-handle=2248,i,3676678324094337113,8868568161141936440,262144 --disable-features=WebGalleryRotation /prefetch:1
  2⤵
  - Checks computer location settings
  PID:5896
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=service --user-id=6ACFFA4B-6D7E-4370-A356-22EB452570AC --brand-id=yandex --partner-id=switch-browser --process-name="Распаковщик файлов" --mojo-platform-channel-handle=4132 --field-trial-handle=2248,i,3676678324094337113,8868568161141936440,262144 --disable-features=WebGalleryRotation --brver=23.9.0.2273 /prefetch:8
  2⤵
  PID:3176
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=service --user-id=6ACFFA4B-6D7E-4370-A356-22EB452570AC --brand-id=yandex --partner-id=switch-browser --process-name="Распаковщик файлов" --mojo-platform-channel-handle=3896 --field-trial-handle=2248,i,3676678324094337113,8868568161141936440,262144 --disable-features=WebGalleryRotation --brver=23.9.0.2273 /prefetch:8
  2⤵
  PID:1020

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --broupdater --broupdater-origin=auto --bits_job_guid={1AE81BFC-2A98-4E05-928E-77321C10CF1C}
1⤵
- Executes dropped EXE
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
PID:368
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" --url=https://crash-reports.browser.yandex.net/submit --annotation=install_date=1696256670 --annotation=last_update_date=1696256670 --annotation=launches_after_update=1 --annotation=machine_id=f5ea51da667ecd6b5f2b9d06e4a3fc52 --annotation=main_process_pid=368 --annotation=metrics_client_id=d73ae7f7745e4dd191dd420244b3d101 --annotation=micromode=broupdater --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=23.9.0.2273 --initial-client-data=0x16c,0x170,0x174,0x148,0x178,0x71f49c60,0x71f49c70,0x71f49c7c
  2⤵
  - Executes dropped EXE
  PID:5624
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=6ACFFA4B-6D7E-4370-A356-22EB452570AC --brand-id=yandex --partner-id=switch-browser --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2396 --field-trial-handle=2400,i,5584496653839647497,14946395874051297027,262144 --disable-features=WebGalleryRotation /prefetch:2
  2⤵
  - Executes dropped EXE
  PID:3664
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=6ACFFA4B-6D7E-4370-A356-22EB452570AC --brand-id=yandex --partner-id=switch-browser --process-name="Network Service" --mojo-platform-channel-handle=2432 --field-trial-handle=2400,i,5584496653839647497,14946395874051297027,262144 --disable-features=WebGalleryRotation --brver=23.9.0.2273 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:6056

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --broupdater-stat-bits --broupdater-stat-name=install --bits_job_guid={5CD9C135-DC7F-49D6-B67D-E932566FFC75}
1⤵
- Executes dropped EXE
- Enumerates system info in registry
PID:4196
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" --url=https://crash-reports.browser.yandex.net/submit --annotation=install_date=1696256670 --annotation=last_update_date=1696256670 --annotation=launches_after_update=2 --annotation=machine_id=f5ea51da667ecd6b5f2b9d06e4a3fc52 --annotation=main_process_pid=4196 --annotation=metrics_client_id=d73ae7f7745e4dd191dd420244b3d101 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=23.9.0.2273 --initial-client-data=0x16c,0x170,0x174,0x148,0x178,0x71f49c60,0x71f49c70,0x71f49c7c
  2⤵
  - Executes dropped EXE
  PID:6068
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=6ACFFA4B-6D7E-4370-A356-22EB452570AC --brand-id=yandex --partner-id=switch-browser --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2360 --field-trial-handle=2364,i,17496559529052911096,1138040969637045088,262144 --disable-features=WebGalleryRotation /prefetch:2
  2⤵
  - Executes dropped EXE
  PID:6056
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=6ACFFA4B-6D7E-4370-A356-22EB452570AC --brand-id=yandex --partner-id=switch-browser --process-name="Network Service" --mojo-platform-channel-handle=2396 --field-trial-handle=2364,i,17496559529052911096,1138040969637045088,262144 --disable-features=WebGalleryRotation --brver=23.9.0.2273 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:5504

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --broupdater-stat-bits --broupdater-stat-name=dayuse --bits_job_guid={593E80F7-398B-4222-B5BC-1A079731D8A7}
1⤵
- Executes dropped EXE
- Enumerates system info in registry
PID:1380
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" --url=https://crash-reports.browser.yandex.net/submit --annotation=install_date=1696256670 --annotation=last_update_date=1696256670 --annotation=launches_after_update=2 --annotation=machine_id=f5ea51da667ecd6b5f2b9d06e4a3fc52 --annotation=main_process_pid=1380 --annotation=metrics_client_id=d73ae7f7745e4dd191dd420244b3d101 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=23.9.0.2273 --initial-client-data=0x16c,0x170,0x174,0x148,0x178,0x71f49c60,0x71f49c70,0x71f49c7c
  2⤵
  PID:6076
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=6ACFFA4B-6D7E-4370-A356-22EB452570AC --brand-id=yandex --partner-id=switch-browser --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2356 --field-trial-handle=2360,i,8552232162818955882,13195912437251480700,262144 --disable-features=WebGalleryRotation /prefetch:2
  2⤵
  PID:3088
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=6ACFFA4B-6D7E-4370-A356-22EB452570AC --brand-id=yandex --partner-id=switch-browser --process-name="Network Service" --mojo-platform-channel-handle=2408 --field-trial-handle=2360,i,8552232162818955882,13195912437251480700,262144 --disable-features=WebGalleryRotation --brver=23.9.0.2273 /prefetch:8
  2⤵
  PID:5804

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:5348

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
PID:5856

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Yandex\YandexBrowser\23.9.0.2273\service_update.exe

Filesize
2.6MB

MD5
1fd25427b858b2818ea73d2d5c29a009

SHA1
da2d090cf9172ab9c0445100f8c9415c55be15a3

SHA256
e58f5d9c9195a123d99853565274cc121223d9fe5b4aff589662bdc5375711aa

SHA512
4e2b92cf43e2791be34a8e5be64dcf38b87afec9db5e3a82749e8e6e9091a34388e8e03d403c2c031dd7d42d35ed9bf7cd49dcc95e7586aa74c58a484bb2bad9

Download Submit
C:\Program Files (x86)\Yandex\YandexBrowser\23.9.0.2273\service_update.exe

Filesize
2.6MB

MD5
1fd25427b858b2818ea73d2d5c29a009

SHA1
da2d090cf9172ab9c0445100f8c9415c55be15a3

SHA256
e58f5d9c9195a123d99853565274cc121223d9fe5b4aff589662bdc5375711aa

SHA512
4e2b92cf43e2791be34a8e5be64dcf38b87afec9db5e3a82749e8e6e9091a34388e8e03d403c2c031dd7d42d35ed9bf7cd49dcc95e7586aa74c58a484bb2bad9

Download Submit
C:\Program Files (x86)\Yandex\YandexBrowser\23.9.0.2273\service_update.exe

Filesize
2.6MB

MD5
1fd25427b858b2818ea73d2d5c29a009

SHA1
da2d090cf9172ab9c0445100f8c9415c55be15a3

SHA256
e58f5d9c9195a123d99853565274cc121223d9fe5b4aff589662bdc5375711aa

SHA512
4e2b92cf43e2791be34a8e5be64dcf38b87afec9db5e3a82749e8e6e9091a34388e8e03d403c2c031dd7d42d35ed9bf7cd49dcc95e7586aa74c58a484bb2bad9

Download Submit
C:\Program Files (x86)\Yandex\YandexBrowser\23.9.0.2273\service_update.exe

Filesize
2.6MB

MD5
1fd25427b858b2818ea73d2d5c29a009

SHA1
da2d090cf9172ab9c0445100f8c9415c55be15a3

SHA256
e58f5d9c9195a123d99853565274cc121223d9fe5b4aff589662bdc5375711aa

SHA512
4e2b92cf43e2791be34a8e5be64dcf38b87afec9db5e3a82749e8e6e9091a34388e8e03d403c2c031dd7d42d35ed9bf7cd49dcc95e7586aa74c58a484bb2bad9

Download Submit
C:\Program Files (x86)\Yandex\YandexBrowser\23.9.0.2273\service_update.exe

Filesize
2.6MB

MD5
1fd25427b858b2818ea73d2d5c29a009

SHA1
da2d090cf9172ab9c0445100f8c9415c55be15a3

SHA256
e58f5d9c9195a123d99853565274cc121223d9fe5b4aff589662bdc5375711aa

SHA512
4e2b92cf43e2791be34a8e5be64dcf38b87afec9db5e3a82749e8e6e9091a34388e8e03d403c2c031dd7d42d35ed9bf7cd49dcc95e7586aa74c58a484bb2bad9

Download Submit
C:\Program Files (x86)\Yandex\YandexBrowser\23.9.0.2273\service_update.exe

Filesize
2.6MB

MD5
1fd25427b858b2818ea73d2d5c29a009

SHA1
da2d090cf9172ab9c0445100f8c9415c55be15a3

SHA256
e58f5d9c9195a123d99853565274cc121223d9fe5b4aff589662bdc5375711aa

SHA512
4e2b92cf43e2791be34a8e5be64dcf38b87afec9db5e3a82749e8e6e9091a34388e8e03d403c2c031dd7d42d35ed9bf7cd49dcc95e7586aa74c58a484bb2bad9

Download Submit
C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping3552_2075940937\manifest.json

Filesize
72B

MD5
f4f4e6222bcea1fd344e7230e3700743

SHA1
dbe14f2e312453db1365e3e3fcb140c5fe1d1d90

SHA256
ea6a688d9fed769b0bc54e83f208ee7797f8235dbdc848ff9247d46cc16b9be2

SHA512
ef402227cdfa08cd925b9e4bd9228976de7a6422350148001781aeb996bab128542727f0abde3424bc92617a45f8a58fa2a4bb41df77bcb27ba913616fbeb59d

Download Submit
C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping3552_555121504\manifest.json

Filesize
984B

MD5
a76bcd90636d5876f989cad5e8321778

SHA1
15994ed69850a5ae9968431c4dd7f7ba985336e9

SHA256
fa0262bac1d29921ce80666927740c5ff78bc0e46b7f2c4de1879244bf674d32

SHA512
e9251922a617a6ce442a871f99fb9a8b56282f982e0366b6f32cdc22c636199dbf97e4a090de9362ad4c8ececf6c1ab0fae75f15a1d5ac154757c2e0035e5336

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
1KB

MD5
33e7e9bd9264a30b1b0bd33ff5b6ee15

SHA1
dac76fb4beba00a472765335477162b55d2d1670

SHA256
ac1d14da468ebff39cced61b1fa023515fd29fac1ed75e53ff17ae7098e02581

SHA512
36823fc8fea6c74674d5c23600af83f4d0c36eb807d38bc83c0ceb657f9ffec76f96e9cb126b37521d29f9f4c61b3f2977d7a57dfda98dee17b8ac07a1ee6a9f

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
2KB

MD5
3acb231c0e6ee34489ae8090b0f75ed0

SHA1
9e92f42f1291850ddfe833c3dc4f64c890a0b3fb

SHA256
e47ef3184639b8ced652b571d98046b1f840388f24528676e41250aaf5f1e99c

SHA512
5be5a3972763fc915bd6ccf0fa137aa3e739b83d0a99a74e06d675a90491cbf258ef062454256d87f2d40625c3ee6dc9a0f03d61f8de991818c9cea55290bb93

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
2KB

MD5
3acb231c0e6ee34489ae8090b0f75ed0

SHA1
9e92f42f1291850ddfe833c3dc4f64c890a0b3fb

SHA256
e47ef3184639b8ced652b571d98046b1f840388f24528676e41250aaf5f1e99c

SHA512
5be5a3972763fc915bd6ccf0fa137aa3e739b83d0a99a74e06d675a90491cbf258ef062454256d87f2d40625c3ee6dc9a0f03d61f8de991818c9cea55290bb93

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
2KB

MD5
3acb231c0e6ee34489ae8090b0f75ed0

SHA1
9e92f42f1291850ddfe833c3dc4f64c890a0b3fb

SHA256
e47ef3184639b8ced652b571d98046b1f840388f24528676e41250aaf5f1e99c

SHA512
5be5a3972763fc915bd6ccf0fa137aa3e739b83d0a99a74e06d675a90491cbf258ef062454256d87f2d40625c3ee6dc9a0f03d61f8de991818c9cea55290bb93

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
2KB

MD5
3acb231c0e6ee34489ae8090b0f75ed0

SHA1
9e92f42f1291850ddfe833c3dc4f64c890a0b3fb

SHA256
e47ef3184639b8ced652b571d98046b1f840388f24528676e41250aaf5f1e99c

SHA512
5be5a3972763fc915bd6ccf0fa137aa3e739b83d0a99a74e06d675a90491cbf258ef062454256d87f2d40625c3ee6dc9a0f03d61f8de991818c9cea55290bb93

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
2KB

MD5
3acb231c0e6ee34489ae8090b0f75ed0

SHA1
9e92f42f1291850ddfe833c3dc4f64c890a0b3fb

SHA256
e47ef3184639b8ced652b571d98046b1f840388f24528676e41250aaf5f1e99c

SHA512
5be5a3972763fc915bd6ccf0fa137aa3e739b83d0a99a74e06d675a90491cbf258ef062454256d87f2d40625c3ee6dc9a0f03d61f8de991818c9cea55290bb93

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
4KB

MD5
7554f8008900caf8bcca278cca1bea46

SHA1
18258a1c15095da8bb122baaa3beb1e79f866528

SHA256
8d3e42a824e1bf0f5c25e420b1040a93b2689c1ba5b3bbd52426aa6a6b490103

SHA512
14c92275da5ce7e0dc07ec0d1a0f026b02feca63fa2e697ef5afc9499d36721f1634707ca56d4e8f672cd71df8440e61659504e1be10d3a101d8e1a618300f1e

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
4KB

MD5
7554f8008900caf8bcca278cca1bea46

SHA1
18258a1c15095da8bb122baaa3beb1e79f866528

SHA256
8d3e42a824e1bf0f5c25e420b1040a93b2689c1ba5b3bbd52426aa6a6b490103

SHA512
14c92275da5ce7e0dc07ec0d1a0f026b02feca63fa2e697ef5afc9499d36721f1634707ca56d4e8f672cd71df8440e61659504e1be10d3a101d8e1a618300f1e

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
4KB

MD5
7554f8008900caf8bcca278cca1bea46

SHA1
18258a1c15095da8bb122baaa3beb1e79f866528

SHA256
8d3e42a824e1bf0f5c25e420b1040a93b2689c1ba5b3bbd52426aa6a6b490103

SHA512
14c92275da5ce7e0dc07ec0d1a0f026b02feca63fa2e697ef5afc9499d36721f1634707ca56d4e8f672cd71df8440e61659504e1be10d3a101d8e1a618300f1e

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
5KB

MD5
db0be5447e0750c4019c382193eaae73

SHA1
f6f2d9cb961c40c2a082b5420554d0bd1bc78c2a

SHA256
ef2deb0e572bcf07815f87081c7e9e2c0549cf7c67d7f8acc7c0b376f4f36ea1

SHA512
ffd97488cab0fb09b4ad6e26bbe1edb6e421e989e2d2dac6995a4c10db583c4837ed0d061114c44838c2881d1960feb8b8b61f925e2bb7c2e247b4ec17237e0f

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
5KB

MD5
db0be5447e0750c4019c382193eaae73

SHA1
f6f2d9cb961c40c2a082b5420554d0bd1bc78c2a

SHA256
ef2deb0e572bcf07815f87081c7e9e2c0549cf7c67d7f8acc7c0b376f4f36ea1

SHA512
ffd97488cab0fb09b4ad6e26bbe1edb6e421e989e2d2dac6995a4c10db583c4837ed0d061114c44838c2881d1960feb8b8b61f925e2bb7c2e247b4ec17237e0f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B

Filesize
1KB

MD5
394b1d351cca05e314110eb0ed4de6be

SHA1
a7f4b732f43ed018b3fbc15a8c2b90459ad8d2e7

SHA256
80ee588823bc9a0095e0586c220a7196955800a39797f0b6682140babfdb3d65

SHA512
93c8c8be4039c52a26e93bce174a34f7e399b36ce59b8c1175dc2a8edaa3103add81ea64b75c5893dd703e1c2a822d2bef3c9ebb89b5b864bdcf61e06ef8eea6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\349D186F1CB5682FA0194D4F3754EF36_AC1EA69C1A4D607F0EBBD26E5ED61054

Filesize
1KB

MD5
8e8bbffbba8381fb0a7f249e4332551e

SHA1
d8e4352f0c4a55f23ff3a7907e8ae3d3e84d775b

SHA256
d0f3959d479e06cedf7d24ab900c7b6a7b53d96e1b93de15a864cdebfb3e1569

SHA512
668f2510d89019b053ff9147b3c11fb09cbb1cb7641a9549c0f5cc8b84293031bc8ab21b571dced73bc672ffa18e839c7250577f593a71487033d72ddc8cbdbb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\357F04AD41BCF5FE18FCB69F60C6680F_EBD7B8AF3A6D56C51CDE1B85E8C855A8

Filesize
1KB

MD5
66f23ccff76c56ba5a29bd7224b7f987

SHA1
5000252219ae0684d77370b4be26afa110b058c9

SHA256
5661195bfa9a9560e899094fc55a630eb061a1bc61efa2fd3b2ea933a4cc987f

SHA512
ec23241b60a2ff554b0be3a7431c4a3fd2bec926548559dd8bb2411f0aaca36a9888c4c2cca81313e0e8d937c6e9ffc076566786146bca6dad42adab19e01303

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3E3E9689537B6B136ECF210088069D55_EF6C9357BB54DDB629FD2D79F1594F95

Filesize
727B

MD5
d9bf30e83b6025f423951c1b1a2aa57a

SHA1
6a164f76ef02c8db7e14a24d282a9a6827956c9c

SHA256
e74ae7ac5a4e359fd52bcb28504aa33c76f8a29e3cb60d42a0d81bfeebca286c

SHA512
bacb1e34ce530ef2e8ed23fa897ed5a40cec60cffcb0529d0517de5398cdef73005b6628cc9d3c69bd9724a7f6bc61d4fd2f0646b0cb8f9cc19797c85d131117

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

Filesize
471B

MD5
35fae156a276091c0cd4c7d62d73b90c

SHA1
aefcda860e86985ceb57bfac8c278491c584812b

SHA256
b246384db907a7e9c9a2f1ba65fe4a28f8336f72cf3e6868e008203904fa38ec

SHA512
248192bdfbbe4f7bb684f5501dee1aff2b926017d6c91750e271a634ba9a53f30281bfdc9da729c1ef545990a8a8e7c8397e3a7672b450fd06813f9cf50aea92

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E

Filesize
1KB

MD5
2ad8e1fcd178d3429806ea2d1a707581

SHA1
98c4eab25cfd827765fbf44a39e80c859d9a7bda

SHA256
23096f8111d96db2ae96bd269469e7930c30d71de1412d0eb05dce485612a1f6

SHA512
cc65c62c325be44cf7cc346f13f70f66d20e61826235734e1b3bc552fc0baeaf3e47e20cbf38480ecd9901a45f5bd1874360152a0190f8cee1258ebee66150e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3

Filesize
1KB

MD5
908fd0b3f8cb702ee13a44110d79a183

SHA1
d24ef691b77d10350f8e0e8a43cd978ce0fc8d85

SHA256
379b2382abfd67c722d93a5e65d1047d70d51c6b25f1cfe2a528e1a4861b666b

SHA512
97dcc2e6dfff8bb7ce6ca7cb0f288462f6bc2d5d9c51829325832afed541a0eb06014a9a8936bd90147df952c76e106448a0c502cb91d82ec2e7a3885ff2385f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_56DB209C155B5A05FCBF555DF7E6D1BB

Filesize
727B

MD5
326f5c7ab364209fc01802221316a33a

SHA1
bd9a798ea96247d80d807b7266924af505214f98

SHA256
e36f697c6f2eb210b88d65059d6804acd64c97e0153f34962bc7e1ca6f1778a4

SHA512
a4dfe2abe19491b87cc33db2f5516de84188b74a2c7e0d43bbbf660350487a9ab4fe0c40a22e294e152b5bc9515b4da2ab811a0606ede590db079e70ce96db80

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B

Filesize
508B

MD5
c765134c53e41816e087034925d95692

SHA1
39d53c5d47609713d8ad13163c6002c5b651c6a6

SHA256
3f32e1f04d8b9322c13bc1ddefc14856e2c091cafcf9333fb715eef2114ababe

SHA512
6daf1962b2569c7e2a1816fedffed0c0f7ec14c308bbccc6716e34a663f69c3ed2966ff73a61ca2ef6c9781e2e6eca1185bd069300a0c87bbb01125b3e6b3efc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\349D186F1CB5682FA0194D4F3754EF36_AC1EA69C1A4D607F0EBBD26E5ED61054

Filesize
532B

MD5
d6b8d8cece9311d41744ab53f577f25a

SHA1
9f6c79eb9ba826b962bd5982e61d632633201e31

SHA256
62b08aba5a722d94ea23825c10a41f0b0d9d20fd9d5d6594ec1e8ab46d71746f

SHA512
705effc7b1732b5d03fb716bce1dd2a37bc483a34c068f2be698c7f31bddcde7f1b28c4628851835e4230a46b32b4ad5228a3ffd91f58910dd1d833d7e267fdb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\357F04AD41BCF5FE18FCB69F60C6680F_EBD7B8AF3A6D56C51CDE1B85E8C855A8

Filesize
540B

MD5
dd53dedf3f3aab32b12002691c51f339

SHA1
8238e11dc6ce9b22aff452307fdbc44f01a468e8

SHA256
3e224e42f643b511631385598c37b16593bff54338cf913d90c6234fff45c701

SHA512
7180e71b0ea4e61d217d99cab431e2ab18c2ec2d0c3a89ea218170647dcd0a4c7f2f5373d3dc787a499e926dc943d57684091e622f50fb57e21827dff662ef8f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3E3E9689537B6B136ECF210088069D55_EF6C9357BB54DDB629FD2D79F1594F95

Filesize
416B

MD5
bbaab7276bf0a984a5672500cd412fa5

SHA1
94b77051b2745313e23a502b75c1245b6b628b16

SHA256
194bda98f63ac5de510e5e90ec9c8389efbd5f37fefbb37fa058fef36054f955

SHA512
6cb300f4d52b1c34447c8ec7b1ee84eb4f47e4d4ccf6a71d7782716c4c916683c98612eeef5e2b12136f8ba5b945b3b1ee21348ce3f089a10527eef9eda3098b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

Filesize
400B

MD5
8f3e1d3db4a4ef0a43773f4f2995123c

SHA1
49637662f9f136dccba957b1106b68a64ef4cb50

SHA256
3cbaadee6a86310f701d54cb3f21015a8d5c757a74ebad2c27ca52230fd4d9f6

SHA512
1e59a4d455a5ca29606eca3769904a2402fa271135d4f947edb9cc72393d581a70fae6d7304fb725a5c4d8879a2d1260fdadf64bc3c4298b8a7a18d1a593a01e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E

Filesize
536B

MD5
1b49c44427b8d3ec5923b5f8b6e3a188

SHA1
f0ca0a06e72919f4bade473c64ba953d5457583f

SHA256
117cac6889eccd9cbcf8aabd8c92a4dafdbd024e7df143e8358dac40b571b3da

SHA512
76a982aa327a35e7511f6e58cf94f97899e6baa96f3d3dc490b3c5091f57aa74cbf47d10adc40fb3e84836b43aad5dc00566474748c171bce3d8b4cf7e3f88b3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3

Filesize
506B

MD5
2cee9060588804c2797c8998ee77d6f4

SHA1
cffbeaf630a57ab33c8689f700be82a4b153f744

SHA256
4aae00ee68601345c4e16113f6f773a4e7a4715618bb2d166d306673242d84af

SHA512
5c9109aeba0ad585400100cf86741704e54b5bf3cd32d75c0559909f4c05233497512ff8a003f127403b4cd78abeeff52f870007159886c024414f638859ffdc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_56DB209C155B5A05FCBF555DF7E6D1BB

Filesize
412B

MD5
3575c25dc0a7b58bed204b251b6fd867

SHA1
7b59d685587328b249de666a2e8ead0e68e49b69

SHA256
620a88c17e3f7151ff7a0fc1899f29393873a4c59e6a0e3fd400d20a74f7b7b2

SHA512
fd74c97ffffd688f6eb17bf64ffe46d3f5de5b5a1ff2478ec0abfda24ebc141b351c1be1875885ffbcbc3fe908ad73d2d3821fbd35db0c73337043d5caa14625

Download Submit
C:\Users\Admin\AppData\Local\Temp\PartnerFile

Filesize
830KB

MD5
15d572025b5dabaf5646e08e7ee569f2

SHA1
a0a9616f89a5244cffc10dd7781167f2cc9240c1

SHA256
2b7155d49fc78900c1c61c417dfafade9926a825342eb0c95c18ffcc0e718fcb

SHA512
2a14e491cc7629b65b855608a74b5307dd147195098df2b9839de921ddcfd8ca84c3417e4e2189d0bafa3695ca490805fc685b77c51ba5dcd9c2a638d07825d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\YB_1E0F5.tmp\BRAND_COMMON

Filesize
22.8MB

MD5
21d02b441a27fb5c333cf5236c6b69ef

SHA1
f308f2d44415c7b31d5afa45326b7c1282254578

SHA256
bf10a23c4a22e7327722d3b7ab72ab2c484c40726fd97f620a3dd6b505e4109f

SHA512
d32de83de2fa27ed9250f8bd8b787858d459b9f39dcedca79555ca8acf3252b55e68eaab12d920ec8174204659ee4d77b8a98a11511815179eab7efc4aa6eddc

Download Submit
C:\Users\Admin\AppData\Local\Temp\YB_1E0F5.tmp\BROWSER.PACKED.7Z

Filesize
99.8MB

MD5
5286980d7f77274bba7366349b8e88cb

SHA1
fc8a749e69ac40cce1dcaee91e5d2f911cfb38a1

SHA256
df4bd62def76dc6e233d68152bd50a8239aae4501c58e983b7b8f64e3d328a49

SHA512
28a47a2802c6ebacf3ec549b9f264840f862be5cc49b91be5032b06ecf0c645f54df4c28c93cdae574ec8824de0886f218a890acd304b14c94392aed782530f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\YB_1E0F5.tmp\brand_yandex

Filesize
1.6MB

MD5
e764aa13aff6e0dc54286b79b76f34bb

SHA1
e4cfa61680f2ac23ce713ec9ada800182d893c17

SHA256
0c43bc54ab3d9e9a48171e7f61f82fc8f89bc6528868a3ecd9806acca0102d10

SHA512
99259120fd8fccf16b6b1ac5d0f97533cc8613791cddc0e4790353d93ba3fae4f7ba16b1f8749ef5ee504528f25c919bb0217ad0444f84c232caade7eb1eb6a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\YB_1E0F5.tmp\setup.exe

Filesize
3.9MB

MD5
84ddf4856cce0840fb8c5fb24411065b

SHA1
cd8b77972c165df14a5afa4f04d0a66d7d5c4b6e

SHA256
1f7f70124035c3700c41c4706e61dcb9e87e7df25fbdbe39d56b544a2e6a4a58

SHA512
50f5f62ad9e20ab82c64874c27b1a372939cef254c9fdadd46ffbe49377353b82b9e56ea1315ef3ca63021db43f89ff0239c2a291c7eca8f782c37dc01072fae

Download Submit
C:\Users\Admin\AppData\Local\Temp\YB_1E0F5.tmp\setup.exe

Filesize
3.9MB

MD5
84ddf4856cce0840fb8c5fb24411065b

SHA1
cd8b77972c165df14a5afa4f04d0a66d7d5c4b6e

SHA256
1f7f70124035c3700c41c4706e61dcb9e87e7df25fbdbe39d56b544a2e6a4a58

SHA512
50f5f62ad9e20ab82c64874c27b1a372939cef254c9fdadd46ffbe49377353b82b9e56ea1315ef3ca63021db43f89ff0239c2a291c7eca8f782c37dc01072fae

Download Submit
C:\Users\Admin\AppData\Local\Temp\YB_1E0F5.tmp\setup.exe

Filesize
3.9MB

MD5
84ddf4856cce0840fb8c5fb24411065b

SHA1
cd8b77972c165df14a5afa4f04d0a66d7d5c4b6e

SHA256
1f7f70124035c3700c41c4706e61dcb9e87e7df25fbdbe39d56b544a2e6a4a58

SHA512
50f5f62ad9e20ab82c64874c27b1a372939cef254c9fdadd46ffbe49377353b82b9e56ea1315ef3ca63021db43f89ff0239c2a291c7eca8f782c37dc01072fae

Download Submit
C:\Users\Admin\AppData\Local\Temp\YB_1E0F5.tmp\setup.exe

Filesize
3.9MB

MD5
84ddf4856cce0840fb8c5fb24411065b

SHA1
cd8b77972c165df14a5afa4f04d0a66d7d5c4b6e

SHA256
1f7f70124035c3700c41c4706e61dcb9e87e7df25fbdbe39d56b544a2e6a4a58

SHA512
50f5f62ad9e20ab82c64874c27b1a372939cef254c9fdadd46ffbe49377353b82b9e56ea1315ef3ca63021db43f89ff0239c2a291c7eca8f782c37dc01072fae

Download Submit
C:\Users\Admin\AppData\Local\Temp\clids.xml

Filesize
606B

MD5
6114476799216a04b18987cb8d4b777e

SHA1
9d1d65b8cee5d8ce2cbc9aee321259ff3f1b90c7

SHA256
e2c329938240d4870d167ebad9582ba480cdb03499974718fb06f23d834f4f9d

SHA512
3961154c80c2c805ea66fb072d43b1dd9ccf7878bf8047adf1df16d6d3e3eeec2d277f1091a18ecc5a402d86a6afbb438d02b56650fa1a907c48e200e3f053b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\distrib_info

Filesize
569B

MD5
ea8cb5dbd79eea5f8458aead0294c813

SHA1
7989ae96e9396fe31de05e4c4184eec3b4d5563a

SHA256
57ef7f7f9970174f70de731a4b93bae5a3ef2401ef6791a07bf370e5f0574fe0

SHA512
d998eaa93f5d4fc74f1858c78d85173fc7fadfdb00babb3ca702ddf54f73a743c2f62a01fee40180f94563f2a33f82f785eb45340742254119aaccd287a8e5bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
12KB

MD5
14cf275dfc0237d19043cc0bff53d7cb

SHA1
82cb700dcdb7b02d83fef9b576ee3dec88cfa8f8

SHA256
ed2d511cd01d7e0eaac33a194e7a90798c0290cd3499d74021ffe1848204f3ab

SHA512
44c73a0d74a9ca7dd228f095c833a73c68da924bf531d6754fd2f980309ae6e0f6f279ecb61f9bd72d3f3f7f19ce2210bc2f7891019f8fe98f1d3b2a2180e6f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
12KB

MD5
189433ec0190fc1f440f7529f29d71aa

SHA1
d0d7f5e0a0b710f42b0f75c86f7c34a4d4063fe8

SHA256
84c0098b1ffae3a5c128d81f87867579d2058b7dc04379d11e9ab10149787662

SHA512
3e06664d6e387a69a738d36720ddd66fd5aef8b88f18b25dcbbd3b644ddb750869bd101c148ad1a2b156e8505a8ff4697cdbdad83d72891a096007a884a66e47

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
24KB

MD5
01a3b01bc62a53399eb617aa4954ee5c

SHA1
e25675336cb6aa2ecadc07affc9e127a60b39717

SHA256
9a16aacb5cd68398c07a15d02d0ca2ae4c0eb003c4faacdebcf0765d06b28695

SHA512
abf7e0de8699170c08c9bf20500f5f8be2faeda426a5ca37f3e0765ce5ab0d3a54a4f34421f05bcbaec87c4a3139be754ccf0f12dcb5467353a93e07f6e4ae4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
24KB

MD5
ddc10bed079365c134d16c2fc2184ab7

SHA1
58f9395037e6a7278493d5fd93f5b765feb3de31

SHA256
1440718d24cbd4f6ac8a14a256d06da98ed66af3eca2af503659332e147960d9

SHA512
c5bec0a6c1be7746c68ced63857accaa94f140fc8433ac69815a9a30ca05d66d4dc06b09dbf6d2de6e0fbf3d745753fb6cbe39fee512f1a538e81a7e363ce303

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
4KB

MD5
627f6b5e37e3f4afec9db309811ce78a

SHA1
19e8d16a22810a2eb4674cf9400b28479b3e3021

SHA256
c042e2d5ad418bdffa41424ccd75df602bef446c208b98f6be8329ab6fb6f8d9

SHA512
b39d14a8ef4cdfa9e5102129b91d449fa2971083ae77604b05d4259450dfd6e982bc7e09681c68ab3fe00fea077e03834491ca5759e2883d944dff03c0d3f29b

Download Submit
C:\Users\Admin\AppData\Local\Temp\master_preferences

Filesize
142KB

MD5
dfa2b4a99aece89aabe74d1424105747

SHA1
b89d77cfc171592e9c34111035c660b25b33223d

SHA256
12128dcbdfda963857158955fe810de786db810b80535831e92d8f20fe23319d

SHA512
963ae0d2a58af8f69efc45cc24164e56137b5305b37566a0a1b09dd3f31fd075063163a529443dfcf2e577b1e711ce81f73a5cd831fab89f2a25e94258b48219

Download Submit
C:\Users\Admin\AppData\Local\Temp\master_preferences

Filesize
142KB

MD5
dfa2b4a99aece89aabe74d1424105747

SHA1
b89d77cfc171592e9c34111035c660b25b33223d

SHA256
12128dcbdfda963857158955fe810de786db810b80535831e92d8f20fe23319d

SHA512
963ae0d2a58af8f69efc45cc24164e56137b5305b37566a0a1b09dd3f31fd075063163a529443dfcf2e577b1e711ce81f73a5cd831fab89f2a25e94258b48219

Download Submit
C:\Users\Admin\AppData\Local\Temp\master_preferences

Filesize
142KB

MD5
dfa2b4a99aece89aabe74d1424105747

SHA1
b89d77cfc171592e9c34111035c660b25b33223d

SHA256
12128dcbdfda963857158955fe810de786db810b80535831e92d8f20fe23319d

SHA512
963ae0d2a58af8f69efc45cc24164e56137b5305b37566a0a1b09dd3f31fd075063163a529443dfcf2e577b1e711ce81f73a5cd831fab89f2a25e94258b48219

Download Submit
C:\Users\Admin\AppData\Local\Temp\pin\explorer.exe

Filesize
619KB

MD5
9964d5a8d19f6afc3b440bf9335c0fd4

SHA1
25816b80216f4bb2c46f54506fcca53d0706086d

SHA256
91aa822e5d1ce136f6987020994ccbaff37be0ddaba92c2d5414574a21fecda5

SHA512
5bd111a043c996f308691de2f035c75547b56a850d8ff47f94b6bdf759d253a7914091c94e84c195380ac8c71c1f3a2966704e7a333ae89a2d72d8076f6ef0e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\pin\explorer.exe

Filesize
619KB

MD5
9964d5a8d19f6afc3b440bf9335c0fd4

SHA1
25816b80216f4bb2c46f54506fcca53d0706086d

SHA256
91aa822e5d1ce136f6987020994ccbaff37be0ddaba92c2d5414574a21fecda5

SHA512
5bd111a043c996f308691de2f035c75547b56a850d8ff47f94b6bdf759d253a7914091c94e84c195380ac8c71c1f3a2966704e7a333ae89a2d72d8076f6ef0e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\yandex_browser_installer.log

Filesize
5KB

MD5
f4c8efcb10c60ddc7fd83bb572927a5c

SHA1
125e62284463cb2160898909d3ddf6f691096177

SHA256
0f799311c101dc717b15c0838e97a6c18aee34a647c0e703d5cb4b5115edc806

SHA512
be7f93760b86787db64694307868bd37609eb82593bc84e82fde80c2c7a60bdf6c0bb97d465d414bf3cab3ba04f57902d8bad6ebdfd85e552592cba270653ba8

Download Submit
C:\Users\Admin\AppData\Local\Temp\yandex_browser_updater.log

Filesize
4KB

MD5
3a50c32ecfa811150b01618691bd23f8

SHA1
275a51d4caaf8b6d3c14efecdc4e12ccf91060ca

SHA256
22eadf139b7c10787d804e0cea7c1035e306bf862161ab8e818aed1b09bbbca7

SHA512
e9ec66c10de209e55e13bff09d936beee48f026c1c056ad4b1b71cfc61fc0e09ece0f6cf60a322e834a2a906eb249415e8975245c8331574449dc9d2c4cf164d

Download Submit
C:\Users\Admin\AppData\Local\Temp\yb9E34.tmp

Filesize
135.0MB

MD5
91d01c95177580fbca03bc0ac47b892b

SHA1
15c4743cce8c2129be2ffed1cfa54e574e130480

SHA256
4171029a1d31f531d9197dfefe4bdcea8773d6d6f553be6c44e6158d56546ccb

SHA512
51ef49b8c76e0483a4349afea25396c7ae4c61ab2be356036e6252a96bbb9dfeaa931c23203a629ca1e0fc9a93645e6316d1c5f5be632b5e13c46c8c2ecb3303

Download Submit
C:\Users\Admin\AppData\Local\Temp\yb9E34.tmp

Filesize
135.0MB

MD5
91d01c95177580fbca03bc0ac47b892b

SHA1
15c4743cce8c2129be2ffed1cfa54e574e130480

SHA256
4171029a1d31f531d9197dfefe4bdcea8773d6d6f553be6c44e6158d56546ccb

SHA512
51ef49b8c76e0483a4349afea25396c7ae4c61ab2be356036e6252a96bbb9dfeaa931c23203a629ca1e0fc9a93645e6316d1c5f5be632b5e13c46c8c2ecb3303

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe

Filesize
619KB

MD5
9964d5a8d19f6afc3b440bf9335c0fd4

SHA1
25816b80216f4bb2c46f54506fcca53d0706086d

SHA256
91aa822e5d1ce136f6987020994ccbaff37be0ddaba92c2d5414574a21fecda5

SHA512
5bd111a043c996f308691de2f035c75547b56a850d8ff47f94b6bdf759d253a7914091c94e84c195380ac8c71c1f3a2966704e7a333ae89a2d72d8076f6ef0e8

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe

Filesize
619KB

MD5
9964d5a8d19f6afc3b440bf9335c0fd4

SHA1
25816b80216f4bb2c46f54506fcca53d0706086d

SHA256
91aa822e5d1ce136f6987020994ccbaff37be0ddaba92c2d5414574a21fecda5

SHA512
5bd111a043c996f308691de2f035c75547b56a850d8ff47f94b6bdf759d253a7914091c94e84c195380ac8c71c1f3a2966704e7a333ae89a2d72d8076f6ef0e8

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.lnk

Filesize
2KB

MD5
5538650f3b2d370ecda01d763f439b14

SHA1
5a5c388b2d334182221c78058fe946367f86ad7a

SHA256
ffe24e5ad24332496b5f8d63f4988779017c404a7c72ed675d9060802774d532

SHA512
a78f41b21faa3641a36fbdb1ee7ead34fd08f92234d20c6e4ed50732e924c9cdf1add94a2ed78d033ccdc62674b1e32017f0869615fc6576d16349d156db7fdc

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.lnk

Filesize
2KB

MD5
5538650f3b2d370ecda01d763f439b14

SHA1
5a5c388b2d334182221c78058fe946367f86ad7a

SHA256
ffe24e5ad24332496b5f8d63f4988779017c404a7c72ed675d9060802774d532

SHA512
a78f41b21faa3641a36fbdb1ee7ead34fd08f92234d20c6e4ed50732e924c9cdf1add94a2ed78d033ccdc62674b1e32017f0869615fc6576d16349d156db7fdc

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YaPin\YandexWorking.exe

Filesize
619KB

MD5
9964d5a8d19f6afc3b440bf9335c0fd4

SHA1
25816b80216f4bb2c46f54506fcca53d0706086d

SHA256
91aa822e5d1ce136f6987020994ccbaff37be0ddaba92c2d5414574a21fecda5

SHA512
5bd111a043c996f308691de2f035c75547b56a850d8ff47f94b6bdf759d253a7914091c94e84c195380ac8c71c1f3a2966704e7a333ae89a2d72d8076f6ef0e8

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YaPin\yandex.website

Filesize
488B

MD5
2baf611b1b6876e6c393054aa8c46a0a

SHA1
3d26e532d5b37939b51884bfb53732070c4dca9a

SHA256
5f7570144541408b41c15373bb8870e7bde53ad3c5413e2f6000e6f0e449b853

SHA512
1a0dc02bdd53e1bd49b2a72b10828463f5c8bed8a17b8498eb4ae939a40dfd8bcaeba1feac1190f5595b4da245a7aa0e4507724ef9fb74172b29581e885cd563

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\23.9.0.2273\Installer\setup.exe

Filesize
3.9MB

MD5
84ddf4856cce0840fb8c5fb24411065b

SHA1
cd8b77972c165df14a5afa4f04d0a66d7d5c4b6e

SHA256
1f7f70124035c3700c41c4706e61dcb9e87e7df25fbdbe39d56b544a2e6a4a58

SHA512
50f5f62ad9e20ab82c64874c27b1a372939cef254c9fdadd46ffbe49377353b82b9e56ea1315ef3ca63021db43f89ff0239c2a291c7eca8f782c37dc01072fae

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\23.9.0.2273\brand_config

Filesize
7KB

MD5
f28612ce0c288dbe8d1bca092a8b351c

SHA1
377f6007720a38968200327c185a0b45c5ff4f54

SHA256
5fe7286b41339536afab657caef58190a7beeb96725939d67c35e3589e9bc659

SHA512
bbc2b76ee4e2feb612387f7063b2e8191efb62f9047d59b72cec4d936f7517fecc5d01656a08468843524d7982315f6bc0d4a9a6971ff94d37a2b62b872165d3

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\23.9.0.2273\partner_config

Filesize
598B

MD5
ffd534f8a08f405e19b4afed7567ba83

SHA1
e5cf710114ee6c176759d2f93a390826123f6cb4

SHA256
a473641fa21d20dadb7270954de7ab81ac2e4ba7d4c6c1411f652166d7de2c79

SHA512
24917610e152173c83d634c133ba1815839adc1b223bc48ea46e8effdfd4edb61dbd1bd7281e289e2d055a960cd266a6c6446a05b9881d9ca956775ca660f39d

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\YandexDictionaries\ru.bdic

Filesize
4.5MB

MD5
ac3768f0462853d08df284e67c7c4ebd

SHA1
732581ac6f2e02246696817adc53d2e2e5d0dcb5

SHA256
af2bcc135f974aad505a8f55296117dbf4cbc095931e22f424698b181d273656

SHA512
27d558deffeeefe1198aebdf65a3fef0b0f3d6b6c4177d03ff32b0363f0a2fb1b7ff6454f45dd3254427cec9174b03181c50bc51dba212e6ab0114a6e72bcf96

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

Filesize
4.0MB

MD5
df5b37284a38dca4341c818eb1ac808b

SHA1
3bc9c5db2a073bfe080acaa41d0e28d11e82402b

SHA256
283c6eaac39340c59a883270e84e7d5a2d413167b332944268ecc2e2963f871a

SHA512
e965dcc4852a178f56cfb28620eaf7bb1dc9dca65faf060e654442cf60f8683860770cb9e9f5e76834640e571ad547b94a4a13ec4119ee36c0f5924a5c478b63

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe

Filesize
147KB

MD5
86b97526f262ecf87ed7ecd6c7eb4218

SHA1
d009c56e5fdadb73975c253a14616098dc8d243d

SHA256
33919f6b6975431c22a06c41c32e5f7092860958c68e453eaff9781bb6ab274a

SHA512
dcfa8730ff4da19ecdf72507f36fac86f47c6133a13499605de9a70e8533da1984ff7f5800dc9a597c27b4649f237203f5400e344e22d3b3eb98e2d63f34f20f

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe

Filesize
147KB

MD5
86b97526f262ecf87ed7ecd6c7eb4218

SHA1
d009c56e5fdadb73975c253a14616098dc8d243d

SHA256
33919f6b6975431c22a06c41c32e5f7092860958c68e453eaff9781bb6ab274a

SHA512
dcfa8730ff4da19ecdf72507f36fac86f47c6133a13499605de9a70e8533da1984ff7f5800dc9a597c27b4649f237203f5400e344e22d3b3eb98e2d63f34f20f

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe

Filesize
147KB

MD5
86b97526f262ecf87ed7ecd6c7eb4218

SHA1
d009c56e5fdadb73975c253a14616098dc8d243d

SHA256
33919f6b6975431c22a06c41c32e5f7092860958c68e453eaff9781bb6ab274a

SHA512
dcfa8730ff4da19ecdf72507f36fac86f47c6133a13499605de9a70e8533da1984ff7f5800dc9a597c27b4649f237203f5400e344e22d3b3eb98e2d63f34f20f

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\install_state.json

Filesize
1KB

MD5
e8f06767d4179a4beee8933055d6954a

SHA1
a7a3eaff7bbc41eb42b8f7084a295f3d21e0ec4b

SHA256
58b8f49cb56f985b708eef78817b8aef29b1a67754872f3612d01cccf3a9d1db

SHA512
a932b74514502b058c70cbbe732f43ee3da3f56333ae991e4e575c72c0e6fe0fb515164d3f095ac11d84f1a46b5b5a52a2fc3af0102d33d87b79bed165407c16

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.0.2273\Extensions\ghjgbemlcjioaaejhnnmgfpiplgalgcl.json

Filesize
122B

MD5
8f1ef981951ada25c4b739f4654e73d4

SHA1
cc03a958ce4fa86a76d10f343a4e236e2d4a0c8f

SHA256
a1d9c5c34ae669a1cfc64ed674a1202e2659567c2092a5b16ae0b9bd56ede5e6

SHA512
0687aaec870e30d759804f53a47814ad56a74063c23a5068f013f70fec1296bba0d69b8e002d66cc865f01aba437fdd46c5289454b978f3bb9d840b80e380962

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.0.2273\resources\about_logo_en.png

Filesize
1KB

MD5
1376f5abbe56c563deead63daf51e4e9

SHA1
0c838e0bd129d83e56e072243c796470a6a1088d

SHA256
c56ae312020aef1916a8a01d5a1fc67ed3b41e5da539c0f26632c904a5e49c62

SHA512
a0bab3bae1307ea8c7ccbd558b86c9f40e748cdd6fd8067bb33eeef863191534af367a0058111553a2c3a24e666a99009176a8636c0a5db3bf1aa6226130498f

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.0.2273\resources\about_logo_en_2x.png

Filesize
3KB

MD5
900fdf32c590f77d11ad28bf322e3e60

SHA1
310932b2b11f94e0249772d14d74871a1924b19f

SHA256
fe20d86fd62a4d1ab51531b78231749bd5990c9221eab1e7958be6d6aef292d9

SHA512
64ebc4c6a52440b4f9f05de8ffb343c2024c4690fe5c9f336e78cd1dd01ae8225e8bc446f386feb442e76136b20d6b04ee293467b21f5b294ce25e500922f453

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.0.2273\resources\about_logo_ru.png

Filesize
1KB

MD5
ff321ebfe13e569bc61aee173257b3d7

SHA1
93c5951e26d4c0060f618cf57f19d6af67901151

SHA256
1039ea2d254d536410588d30f302e6ab727d633cf08cb409caa5d22718af5e64

SHA512
e98fbfb4ed40c5ac804b9f4d9f0c163508c319ec91f5d1e9deb6a5d3eada9338980f1b5fe11c49e6e88935ecd50119d321ce55ca5bdd0723a6e8c414e1e68e16

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.0.2273\resources\about_logo_ru_2x.png

Filesize
3KB

MD5
a6911c85bb22e4e33a66532b0ed1a26c

SHA1
cbd2b98c55315ac6e44fb0352580174ed418db0a

SHA256
5bb0977553ded973c818d43a178e5d9874b24539dacbd7904cd1871e0ba82b23

SHA512
279fb0c1f2871ce41b250e9a4662046bc13c6678a79866eaf317cc93c997a683114122092214ce24f8e7f8a40520fe4ca03f54930148f4f794df0df3ecf74e9d

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.0.2273\resources\configs\all_zip

Filesize
596KB

MD5
d8cf0a5bb51354f5fc4c3099676e1fec

SHA1
a46dcd9acc20ffb6be5fa322e07c2b946e4cc201

SHA256
662c84ed6d5bb28b7969728551056dec4f6173a7005ce64c677883c7dc39264b

SHA512
b3c2f25b329f7f6dedf477aa359205a667bcffc97fc40436dd71bf093bb31b448c60efb747defe6dd247690409ace25de2b573dbc6dd9acf976be8447b9a455d

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.0.2273\resources\easylist\easylist.txt

Filesize
620KB

MD5
8e4bcad511334a0d363fc9f0ece75993

SHA1
62d4b56e340464e1dc4344ae6cb596d258b8b5de

SHA256
2f317fee439877eaadb1264bd3d1e153c963ef98596a4ccf227592aea12ae76f

SHA512
65077bd249c51be198234ff927040ef849cd79adcd611ed2afae511bc2a257a21f13171bf01cb06fce788c1cff88c8ad39cf768c5900d77cd15453a35e7f0721

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.0.2273\resources\easylist\manifest.json

Filesize
68B

MD5
15bcd6d3b8895b8e1934ef224c947df8

SHA1
e4a7499779a256475d8748f6a00fb4580ac5d80d

SHA256
77334f6256abddcc254f31854d1b00aa6743e20aadbb9e69187144847099a66b

SHA512
c2d3778a99af8d8598e653593d5e2d1d0b3b2ace11addd2d3eeb2bf3b57d51bf938ddaf2d2743322e0ce02e291b81f61c319daf34c1cd604ffce1f6407a30b34

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.0.2273\resources\extension\elokbjeafkcggjfjkakpchmcmhkhaofn\brand_settings.json

Filesize
384B

MD5
4bd2ffe5e645a04d6a7047ac47969fa5

SHA1
73b988a08b3b1e72a38e4ee0e9813cc09946e555

SHA256
a9cf92fb5076df30264c75da6f1b6e41bf592567d5e7bf170c21beba628aafe2

SHA512
0125141dc02b40cefa34280311653c1fe0815ecf005d93814f06ceb7f2e2d1789ca7d5907a5cf069880a742db19fc74289467a0538fe329670d9c0397135e1f8

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.0.2273\resources\extension\fcgfaidpicddcilhjhafmmcgfodijhjd\brand_settings.json

Filesize
319B

MD5
94e409c4948755c18ed015a9ea88194d

SHA1
9725a6622664ab4332f07e04c4f8a23c86daf695

SHA256
ce1e2092945df5b00797e81185cc4db54070583ed92af19dd5d104e1aa4343a9

SHA512
e59d6730078b06dcd51a68c1a729244f3af76d97083b75a4fa05ac323d6f6e61c882b41a821c15595c3483b75995bfbdcdbc55bc3609f0d470b8e96ca1c4a196

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.0.2273\resources\extension\gopnelejddjjkamjfblkcijjikkinnec\brand_settings.json

Filesize
250B

MD5
338199392c0ee2d8530b8d0516f6d2eb

SHA1
2ce5daca88f6296335dcd3167a5f54d87687f85a

SHA256
c9c85c1fad9bd1e26e42d3b35e7e5ba5d6af4b87e13846b3d71518274896a9cb

SHA512
6a89b757abb2e51c46214bf6b111e7ae085ebdef43ce656695e1d7eec91c2f33bfb95868b2cc3749e5e7f3c435bb65d830c96fdd01abee4f9106d1b11ecaf2c1

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.0.2273\resources\import-bg.png

Filesize
9KB

MD5
85756c1b6811c5c527b16c9868d3b777

SHA1
b473844783d4b5a694b71f44ffb6f66a43f49a45

SHA256
7573af31ed2bfcfff97ed2132237db65f05aff36637cd4bdeccdf8ca02cd9038

SHA512
1709222e696c392ca7bcd360f9a2b301896898eb83ddfb6a9db0d0c226a03f50671633b8bed4d060d8f70df7282ffc2cd7ab1d1449acf2e07a7b6c251aa3a19e

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.0.2273\resources\morphology\dictionary-ru-RU.mrf

Filesize
1.1MB

MD5
0be7417225caaa3c7c3fe03c6e9c2447

SHA1
ff3a8156e955c96cce6f87c89a282034787ef812

SHA256
1585b1599418d790da830ef11e8eeceee0cbb038876fe3959cc41858bd501dbc

SHA512
dfc0de77b717029a8c365146522580ab9d94e4b2327cef24db8f6535479790505c337852d0e924fbfa26e756b3aec911f27f5f17eba824496365c9a526464072

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.0.2273\resources\morphology\dictionary-ru-RU.mrf.sig

Filesize
256B

MD5
d704b5744ddc826c0429dc7f39bc6208

SHA1
92a7ace56fb726bf7ea06232debe10e0f022bd57

SHA256
151739137bbbdf5f9608a82ec648bdf5d7454a81b86631b53dfc5ad602b207d6

SHA512
1c01217e3480872a6d0f595ceb1b2242ffe3e1ff8b3fdd76eea13a7541606b94d3ccd69492a88220e0e40c17da5d785e4dba1d7501e6be749b9c46f72572ef6f

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.0.2273\resources\morphology\stop-words-ru-RU.list

Filesize
53B

MD5
b255d75a7ee1052a3648bfffd2b31f6b

SHA1
57a388c0a6f44bacf8576a4d54ae520f649e9990

SHA256
0f45d855adcb5517b3e8d747ac385cbd7d493bc0529a7c567c750ba765772040

SHA512
9a4cc4a1e6d9c188c24f628ccc109f447a2ebc8b42e5e6daccee0617dcdd3f1cc79206e6278154583c29dd8d1180072c463ed88ac56e87a6de1449f40494c292

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.0.2273\resources\safebrowsing\download.png

Filesize
437B

MD5
528381b1f5230703b612b68402c1b587

SHA1
c29228966880e1a06df466d437ec90d1cac5bf2e

SHA256
3129d9eaba1c5f31302c2563ebfa85747eda7a6d3f95602de6b01b34e4369f04

SHA512
9eb45b0d4e3480a2d51a27ac5a6f20b9ef4e12bf8ac608043a5f01a372db5ea41a628458f7a0b02aaba94cd6bb8355a583d17666f87c3f29e82a0b899e9700bd

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.0.2273\resources\sxs.ico

Filesize
43KB

MD5
592b848cb2b777f2acd889d5e1aae9a1

SHA1
2753e9021579d24b4228f0697ae4cc326aeb1812

SHA256
ad566a3e6f8524c705844e95a402cdeb4d6eed36c241c183147409a44e97ebcd

SHA512
c9552f4db4b6c02707d72b6f67c2a11f1cf110b2c4ac5a1b7ac78291a14bf6eb35a9b4a05bc51ac80135504cd9dcad2d7a883249ee2e20a256cb9e9ceeb0032f

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.0.2273\resources\tablo

Filesize
744KB

MD5
d4b7cfcd824e7f03f3b8a8d29dba1ddf

SHA1
45410cf2d456d9d3d187d196f4b8374d6b5a4021

SHA256
871f762fb46f9e3edc714d7494904fffbe5dd11cae5eeb56588e7640656c8497

SHA512
a61ca1ff502bd57eb370ec2045d718a15d9bd1555ba9c0653930aef9de179f1ac9f5346e594045fc0bb2694bafae0f2e2a2ae090b92cdc19e08306a03b275210

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.0.2273\resources\wallpapers\1-1x.png

Filesize
18KB

MD5
80121a47bf1bb2f76c9011e28c4f8952

SHA1
a5a814bafe586bc32b7d5d4634cd2e581351f15c

SHA256
a62f9fdf3de1172988e01a989bf7a2344550f2f05a3ac0e6dc0ccd39ed1a697e

SHA512
a04df34e61fd30764cf344b339ba2636b9280a358863f298690f6a8533c5e5dfa9773a14f8d16a5bb709ea17cf75e1da6302335aa9120009892e529bfad30df9

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.0.2273\resources\wallpapers\custogray\custogray_full.png

Filesize
313B

MD5
55841c472563c3030e78fcf241df7138

SHA1
69f9a73b0a6aaafa41cecff40b775a50e36adc90

SHA256
a7cd964345c3d15840b88fd9bc88f0d0c34a18edbf1ce39359af4582d1d7da45

SHA512
f7433d17937342d9d44aa86bcc30db9ae90450b84aa745d2c7390ff430449e195b693a8ae6df35d05fee2d97149a58a7d881737d57902d9885c6c55393d25d6f

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.0.2273\resources\wallpapers\custogray\preview.png

Filesize
136B

MD5
0474a1a6ea2aac549523f5b309f62bff

SHA1
cc4acf26a804706abe5500dc8565d8dfda237c91

SHA256
55a236ad63d00d665b86ff7f91f2076226d5ed62b9d9e8f835f7cb998556545f

SHA512
d8e3de4fea62b29fd719376d33a65367a3a2a2a22ed175cc1eeff3e38dfbaac448c97a6fbea55bc6159351d11a6aad97e09cb12548cf297e01bd23bf6074de08

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.0.2273\resources\wallpapers\custogray\wallpaper.json

Filesize
244B

MD5
19feb60966afbb9d1b797a050278f13e

SHA1
9874bcea4222a8f56d59c91b7abe603687a4f67d

SHA256
94cf5e38c38f78a42d70599c469a3969e4b3feb292da450a947d8463a57bfb9d

SHA512
2abd6fb2bd126ef99a7f0bb79072fdcdea2670d1b296ace2b4f9ebbabb343594b140b6c2728c31af339465619a8ee9faa2e3d64e1847e9557c50a79144d24196

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.0.2273\resources\wallpapers\fir_tree\fir_tree_preview.png

Filesize
8KB

MD5
d6305ea5eb41ef548aa560e7c2c5c854

SHA1
4d7d24befe83f892fb28a00cf2c4121aeb2d9c5d

SHA256
4c2b561cf301d9e98383d084a200deb7555ec47a92772a94453d3d8d1de04080

SHA512
9330009997d62c1804f1e4cf575345016cda8d6a1dd6cb7d2501df65ea2021df6b8a5bc26809ddfc84e6ff9450f1e404c135561b1b00b9e4915c69e84f89cfec

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.0.2273\resources\wallpapers\fir_tree\wallpaper.json

Filesize
396B

MD5
31b6342128a20e38a224a3c395f1d5d8

SHA1
afea42f96d007c0d02d90a2cf7d3486c73969d9e

SHA256
a135978536ba7409f381fcac3befed527e6d310fd4fb6a9e567adbb22e84ef2d

SHA512
5b53e2a4c66d81f4e3aec91be650c4b151812d7ea8a6ef1ff911dd56933f8153ccf4a9883e406b2a9cf59056037a1e7434ed9c6c102ad446db5b42e1af93ea64

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.0.2273\resources\wallpapers\flowers\flowers_preview.png

Filesize
9KB

MD5
ba6e7c6e6cf1d89231ec7ace18e32661

SHA1
b8cba24211f2e3f280e841398ef4dcc48230af66

SHA256
70a7a65aa6e8279a1a45d93750088965b65ea8e900c5b155089ca119425df003

SHA512
1a532c232dd151474fbc25e1b435a5e0d9d3f61372036d97bcaab3c352e7037f1c424b54a8904ef52cf34c13a77b7ab295fb4fd006c3ab86289577f469a6cd4c

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.0.2273\resources\wallpapers\flowers\wallpaper.json

Filesize
399B

MD5
db5d85343264fe69c9452cf6bbddb10c

SHA1
82d97c05c2ee2374a9343f10db78e0ad232ac2aa

SHA256
c15d588d418a5bfc7caa62b62a3e4df7f67990f6912aeda133e616ab0738401d

SHA512
3aa27652f9decf1315630ef83302355065e8c43297c0d8c891295a855499e81d9cfef2767490c2992b3103e44d7f16825e65e9bf2d994d17811f49be9eb37307

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.0.2273\resources\wallpapers\huangshan\huangshan.jpg

Filesize
211KB

MD5
c51eed480a92977f001a459aa554595a

SHA1
0862f95662cff73b8b57738dfaca7c61de579125

SHA256
713c9e03aac760a11e51b833d7e1c9013759990b9b458363a856fd29ea108eec

SHA512
6f896c5f7f05524d05f90dc45914478a2f7509ea79114f240396791f658e2f7070e783fab6ac284327361dc2a48c5918b9f1c969b90795ceacce2c5c5bfa56ca

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.0.2273\resources\wallpapers\huangshan\huangshan.webm

Filesize
9.6MB

MD5
b78f2fd03c421aa82b630e86e4619321

SHA1
0d07bfbaa80b9555e6eaa9f301395c5db99dde25

SHA256
05e7170852a344e2f3288fc3b74c84012c3d51fb7ad7d25a15e71b2b574bfd56

SHA512
404fb2b76e5b549cbcba0a8cf744b750068cbd8d0f9f6959c4f883b35bcaa92d46b0df454719ca1cef22f5924d1243ba2a677b2f86a239d20bfad5365dc08650

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.0.2273\resources\wallpapers\huangshan\huangshan_preview.jpg

Filesize
26KB

MD5
1edab3f1f952372eb1e3b8b1ea5fd0cf

SHA1
aeb7edc3503585512c9843481362dca079ac7e4a

SHA256
649c55ccc096cc37dfe534f992b1c7bda68da589258611924d3f6172d0680212

SHA512
ecd9609fbf821239ddcbdc18ef69dade6e32efd10c383d79e0db39389fa890a5c2c6db430a01b49a44d5fa185f8197dbbde2e1e946f12a1f97a8c118634c0c34

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.0.2273\resources\wallpapers\meadow\preview.png

Filesize
5KB

MD5
d10bda5b0d078308c50190f4f7a7f457

SHA1
3f51aae42778b8280cd9d5aa12275b9386003665

SHA256
0499c4cc77a64cc89055b3c65d7af8387f5d42399ff2c0a2622eccbd6d481238

SHA512
668e1a70a50a0decf633167ac23cba6916d0e05d0894daae1f7e3d487519f0a126abd4298430b38f52746a5c3b83ccd520b3d9b0ae1a79f893e36821a0458566

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.0.2273\resources\wallpapers\meadow\wallpaper.json

Filesize
451B

MD5
1a8908826d2efe5fa817ce6bf474700a

SHA1
f25ed2de494bae4ffeca33071e5c2dc034c863f7

SHA256
9c75f591907f6a631ba583bce6ddcaafa6f89a84a4bec8108637f7f471e821cf

SHA512
1b68183bd466d01ec25b1281737ac4e752263cd88b64e16324244812d46f8f985ebdeb35d065c7aabc7abcb93286e92b0f3d5b0b7173f5aa6e33891c417b6fc8

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.0.2273\resources\wallpapers\misty_forest\preview.png

Filesize
5KB

MD5
77aa87c90d28fbbd0a5cd358bd673204

SHA1
5813d5759e4010cc21464fcba232d1ba0285da12

SHA256
ea340a389af6d7ad760dff2016cf4e79488bda1a45d0a415b3cd02a4430c9711

SHA512
759519b8822a6a4b88fc9ba47fa9d5d898b2f5a0f359acfbefc04809e6d7f5df86fb130f191eb6f63322792a18c0e7170aedf3ce7060fd9ad7e1bec2e686c3b2

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.0.2273\resources\wallpapers\misty_forest\wallpaper.json

Filesize
435B

MD5
ea6753f7a10f9f92b7790c93f8ea2411

SHA1
0cb570e8ecc34e16017b920fbcf1036cf1508ab4

SHA256
b1f9aebdb9333b4b15c2a9339d18e974205cbd4a61d2a0b4d34a25b384a0de7c

SHA512
f7974e99c58696a4d739c4d590f5f50094082473754e6b1fb8a82c76566cf3b5713b1e013126f8fbef0f0c8af2e08d09b32307958c9ed1a1007c04ce89539ec7

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.0.2273\resources\wallpapers\mountains_preview.jpg

Filesize
35KB

MD5
a3272b575aa5f7c1af8eea19074665d1

SHA1
d4e3def9a37e9408c3a348867169fe573050f943

SHA256
55074794869b59cd5c693dfa6f6615aea068c2cd50cdae6dd69bd0410661ded8

SHA512
c69bf39362658dd6cbd827cf6db0f188a9c4410b3c6b7b532595fd5907974e2141d857942ffb2497282e31eaa33c71240c2c2bd8721046df55e3358e8b76c061

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.0.2273\resources\wallpapers\peak\preview.png

Filesize
5KB

MD5
1d62921f4efbcaecd5de492534863828

SHA1
06e10e044e0d46cd6dccbcd4bae6fb9a77f8be45

SHA256
f72ea12f6c972edfe3d5a203e1e42cbbaf4985633de419342c2af31363f33dab

SHA512
eec8171bd3bea92e24066e36801f334ac93905b7e8e50935f360e09fa8c9b9f848c4c62b687299e8297c0693d6dbaf9c6035b471e6345d626510b73e3606ee4d

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.0.2273\resources\wallpapers\peak\wallpaper.json

Filesize
452B

MD5
dabb663536eef90a540783e707a311d6

SHA1
9659fe0463435f3281983ce306ff22fc101f6e57

SHA256
d1c971a197cb79f1df640994465aa7543bada90059f5b2768967d2b57c6afd2d

SHA512
ed6b4090eba519f2814dc51fccb92cdb703656c77be741f07753f9c84d09394d080158e04bba1ca9dee501b0dff2a21020883e538a6c0ced6a12602b7098676b

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.0.2273\resources\wallpapers\raindrops\raindrops_preview.png

Filesize
7KB

MD5
28b10d683479dcbf08f30b63e2269510

SHA1
61f35e43425b7411d3fbb93938407365efbd1790

SHA256
1e70fc9965939f6011488f81cd325223f17b07ee158a93c32c124602b506aa6b

SHA512
05e5b5e9c5ef61f33a883b0286c2239cb2a464581d6e8a86d7b179b1887b4cb2cd7304e0821cdd3208501421c44c63c248a5166c790792717a90f8ac528fbf2f

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.0.2273\resources\wallpapers\raindrops\wallpaper.json

Filesize
397B

MD5
69472b2b8eb07ec616a8e94a492c6c5b

SHA1
aec5df4e15d292a360a5dd6125217ef063ebe65e

SHA256
6e9ef0bb0853c6c898ec033d54d9d5cfcb68a5f52cd8f9bfff3528a02c73e06c

SHA512
e355958272292bcd7d767af692fb33941ad469809abb6366b1aff2bd4585de6a18b290258799e943f9a53416c9f5c139ccabc47cb337d0e6e4f5d499f2e27aa4

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.0.2273\resources\wallpapers\sea.webm

Filesize
12.5MB

MD5
00756df0dfaa14e2f246493bd87cb251

SHA1
39ce8b45f484a5e3aa997b8c8f3ad174e482b1b9

SHA256
fa8d0ae53ebdbec47b533239709b7e1514ecb71278907621ca2d288241eb0b13

SHA512
967670863f3c77af26fa1d44cd7b4fe78148d2ba6ea930b7b29b9f35d606554d664c0577068e0c26fa125d54627d7e7543360bce4acee0af17783b07450b5f52

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.0.2273\resources\wallpapers\sea\sea_preview.png

Filesize
3KB

MD5
3c0d06da1b5db81ea2f1871e33730204

SHA1
33a17623183376735d04337857fae74bcb772167

SHA256
02d8e450f03129936a08b67f3a50ea5d2e79f32c4e8f24d34b464f2cb5e0b086

SHA512
ff0e60c94fc3c0c61d356a26667c5170256e1143b29adf23d4e7d27012da72ed8865ef59dc2046314c7335b8d3d331e5fd78f38b9b92f6af48729dae80f85b15

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.0.2273\resources\wallpapers\sea\wallpaper.json

Filesize
391B

MD5
a79af1c34d9d4fcc609e57fbd387924b

SHA1
6ae1f8730d03cbca17a1c368da8a600157e0ea49

SHA256
8c60b18ca1810a5e75950095cb0dfb4bb9c32a18f99e5505cf40c39840b8a633

SHA512
b95aef743acb3c6890e3ca74fc260a8fdeb134ba399f6e9851d34a47fb2cad9791a64d6214acb956ba4c8b51dd710f8f10fa8c3e88fb1a0f52a7e2214eca16fe

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.0.2273\resources\wallpapers\sea_preview.jpg

Filesize
59KB

MD5
53ba159f3391558f90f88816c34eacc3

SHA1
0669f66168a43f35c2c6a686ce1415508318574d

SHA256
f60c331f1336b891a44aeff7cc3429c5c6014007028ad81cca53441c5c6b293e

SHA512
94c82f78df95061bcfa5a3c7b6b7bf0b9fb90e33ea3e034f4620836309fb915186da929b0c38aa3d835e60ea632fafd683623f44c41e72a879baf19de9561179

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.0.2273\resources\wallpapers\sea_static.jpg

Filesize
300KB

MD5
5e1d673daa7286af82eb4946047fe465

SHA1
02370e69f2a43562f367aa543e23c2750df3f001

SHA256
1605169330d8052d726500a2605da63b30613ac743a7fbfb04e503a4056c4e8a

SHA512
03f4abc1eb45a66ff3dcbb5618307867a85f7c5d941444c2c1e83163752d4863c5fc06a92831b88c66435e689cdfccdc226472be3fdef6d9cb921871156a0828

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.0.2273\resources\wallpapers\stars\preview.png

Filesize
6KB

MD5
ed9839039b42c2bf8ac33c09f941d698

SHA1
822e8df6bfee8df670b9094f47603cf878b4b3ed

SHA256
4fa185f67eaf3a65b991cea723d11f78de15a6a9a5235848a6456b98a9d7f689

SHA512
85119055ddfc6bc4cca05de034b941b1743cbb787607c053e8c10309572d2ef223786fc454d962fbb5e3cde5320117f9efe99041116db48916bc3d2fcd4ffa25

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.0.2273\resources\wallpapers\stars\wallpaper.json

Filesize
550B

MD5
8571306e9021fc89eff3c5ced3e02098

SHA1
49d6a7baa6ab4182c4b38c95be4bef1b243fc594

SHA256
0529c0be39bdcb289bf29e6a9c774d907b444857cfaa47d3942e5dae1b75531c

SHA512
7657c0e48b4cfa3025bc33b0decacc22646bde2cedda7f51b98b19a17a91461ebee57f054b64edc58318ef6caef7227ac21b740527144f3fb0bc0a2e7b9fef19

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.0.2273\resources\wallpapers\web\wallpaper.json

Filesize
391B

MD5
7b00cfeccb0f471865d2ef08fa1d1222

SHA1
1881d5a29dfe86d6d19cac14a1a4b95b05494830

SHA256
22557386855643b706808ea9aed33ac22fa26f58d2fc281fb0ba917cf55f990a

SHA512
b7d80dccfa5f051b1ec8987193857aad83c7365e12f12fa68b8edc6ae0dca1d8a4d846e284fb8e15715b5ce7478dae334da5651b97a68189cb43c74e7fdf7177

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.0.2273\resources\wallpapers\web\web_preview.png

Filesize
8KB

MD5
3f7b54e2363f49defe33016bbd863cc7

SHA1
5d62fbfa06a49647a758511dfcca68d74606232c

SHA256
0bbf72a3c021393192134893777ecb305717ccef81b232961ca97ae4991d9ba8

SHA512
b3b458860701f3bc163b4d437066a58b5d441d8a427a8b03772c9c519c01983e3d3fdb8da20f6a53ad95c88dcdd0298f72822f39bc3672cb6f1d77fcc3f025a9

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\9c0ffab0-2557-4c42-9dbc-49638532f3b8.tmp

Filesize
157KB

MD5
6c3072a490a08986b3bcf7a152212789

SHA1
5b671651edc2d0f23b0acb08d860037123bb804c

SHA256
27ba32077a815f1ce9fc2c89f8039150af918710a2cd8a0606ea177169416338

SHA512
fd159465a167a87cb51da28e565b5db0e7667ab4c12f909b260327a383fc90225785d9985a775bac0368b24c0cb0f290124123fa91f7a14b6fc9639a846d28b5

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad\settings.dat

Filesize
48B

MD5
4d133478cdadc0c6ffac5e86fd519b9f

SHA1
8a7d5db5be1f0f4e9d67cb6a315f6af9ef08bd08

SHA256
2b32da6f63555d6a2c8c5edd02e5fbe35314f1adb5d33e3272184d77b9d9947b

SHA512
4aa47f9e8259d476af57395abaef992e36f1e17a4ab9f324c8fab1b19f5e05d495e5769cf3c3fac2f74870eabee6214a9622c06d21c7b82722ee5a0e71784610

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\75da78c4-3518-4560-aeed-c2dccad3e41c.tmp

Filesize
167KB

MD5
4d4b657a4d0b9703e41b3e14991c5f6f

SHA1
65858616de1ec60bba42d2afc307cec3d6da232c

SHA256
a0b1ad95ddf3645510625d1f6da088b1d78ad2fd3d19aa1550dcac7e8e4ccf1e

SHA512
10b753ca1898a8c5ca162feb1f58e9c90d17a2cca47b6a70c555d7e7a1188e331e339a2177f83e8211e742a0a2e680b0d86e0f2ee2fb17c8914fb1d6c6b3cd92

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
9390691d00f301629579bf618119424a

SHA1
139daad49ecaf1d45894ccfabd06bc9469220e42

SHA256
c1b6e905ec5c8459ac6bbaa3bd6bf7ff1387c8da48ce1e4e72c3641aa625ecb3

SHA512
3f892bbddfc2bf8f28683c69437fc110b292df5df5c6a9bec5f86f6aee4d3bf934f9a7acc9fc62e78a9d04c6793866c3764fcf9714eee57f7e6fe00795a57b0c

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe591459.TMP

Filesize
48B

MD5
aa2a0f76a79fcde51e6df130ee5f7abc

SHA1
abf69a9711b1d0a45d2960cd1b36d2180a7f8701

SHA256
47c252dafb4ee4b7283c300fbc1b6a8f98cfa4356ed7a8a089c2bcb54a64a7be

SHA512
8eb54491c442a641e37a9a90aa7d682b131e08503a4a9bc07068ec1d3a3095628b48b953faee1591ef2b537e2d48c900997b4809580a5213d978463882db0d3e

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\Network Persistent State~RFe59bc61.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
64d69bd89d8beaddd02b226fca81532e

SHA1
c613fdcc8841c7cad8e727e4ccdd2c0b4957c85e

SHA256
9777327f9277218748c488451d445d397717c3c62a2ba559d2278aa774404100

SHA512
80d5bc12385db46f33ea983b1877a458e94ef443b7ce76740cebe8018f4b9a7e90086a306aae4ced2e462efef80560bda2d92b582a24a4f07e722611626dd486

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7554d8460bec731a97851da65cde25ce

SHA1
402a3c0121ed5122a3fd1a7ca032e7efcd934955

SHA256
3a454a61bb7ceb4cecc555527c3e333bfb878acffb1e7117bfbd00ece2d6394c

SHA512
8b06f63655e3f1e80c0b48bedb7ae026992d8168baa08f0f32cd0c37977bc50b755d69f3f417da259f036ebc420270a37ca85808a32fda85b4984cf17b700c68

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c39848b30a6395e3be8ba4c666e84ede

SHA1
4cbccdb8d0b8533ec6c7c2fca8433e364a71522a

SHA256
9344c89f4b72ccfe9bc7cecb4a0de59c250b9b5bca7c74914beef203f7c47c0e

SHA512
d05307e6bad767722c33ca687a5c996f8ef350b6d98d754ddbb37e0e0e0153dec6bbf0b6ff2688a442522b7d2e0ce1bdcce86a38c6025623a7db3b682dc694bc

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e273e67373f797e8b3fecca800d306a3

SHA1
691b7fdabeaf43aca55abb2e75527c40990e5812

SHA256
99ed09c6b4f8693a379300762fc674692699e517f3d3b228af5bdbf20f0bcc2c

SHA512
02a7a99b4f0bb919275cb41d62ca61e55776afa88d02e43f9aa5ae3627fe931ab79534b42fd58eaf0cf177657530f7bdaa0fc9f08be6c0a6f556ab82b22ea563

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
01a7acd2fcf9cf2943a4afd754a5b207

SHA1
6a210a4124f63e717531e602826036663f18d6e7

SHA256
2dc1c53c52d1f55e58d05e9088f72f36e549491186dc5c5a7d58dabecce0c397

SHA512
bde96a5a017969ce8c3f860078627a49592b9149b7be15bf24951bd6a9d09d06fee7429b4cd02a87b0e898ccbf4e3c57a987cbcb1ad0473c886aa2eea00f739f

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1e53b9493eec20e94e80f5cafa1b6f5a

SHA1
04bfcc24c069c45400ce4ed190648d77e3240fa1

SHA256
9319755d00e9ddedec558de37f381effc80ffaa5205682304d577d63f108ab7e

SHA512
75a2ed8d315207716f82bd1e48b4d999186cc1fe6a3f59ee4404f9ca74fd48b5678fbf51bb0ed604b7d0bbdad2efc24fa5b049d43349775f2a7481484b26d0d6

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity~RFe590565.TMP

Filesize
1KB

MD5
c782a0868507a97614c033646fa2ec4d

SHA1
3b7a3a61118de895aab823e29f7f1da3441c0e35

SHA256
2bf696562c8224522142f30114f1f772b00301cbd12fb459fe2afad99c84180f

SHA512
0b9f681b5fc247a410a47b6f133e64093ccb11f021e73a4e1294ed319cef10e6ed3e8901bbb7eba499b6ab7468ea9ff40eaeac685aa898c0e3c1c6ed02ddd254

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\cb758d5a-b684-4e3d-a70f-1802f4055812.tmp

Filesize
1KB

MD5
200fafe6e1b454bbe00c1c796dee8a40

SHA1
859cf621a17cb37eabd35716c1bef89a4c4912c4

SHA256
c2cd57e280d9c9fad84b54e28faa0917daf51902eb5279d539b125592f477444

SHA512
6e0cd7f22a48a5ad572c0cd97e5e2b2a9ed1826352d1275c5b8fc1074b76835b08ddc0679981d6a2b79a659f57b2d456831fb641ea6aa91ae6ce57d5abaf172a

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Platform Notifications\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Platform Notifications\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

Filesize
13KB

MD5
4a75453dd3938c0a6bed718e1f0d9f9f

SHA1
8a21a9e8483968ef1080f46cd7dd0d668486e086

SHA256
8915607fc25471472173db0d4261a2a556131fef20b770b8242f32681664234c

SHA512
99af3b5633cfe23113af5718179196e9ebaa6308c4aef677c9274e6424731af9488a35ffa236cacac33d71cc71ba9c814882d0b27108546a819227f2a88c1d3d

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

Filesize
14KB

MD5
612b7772c3662843042ec63de62505ee

SHA1
b53fe68e76f62db357dbfb387e60e68402720579

SHA256
6fd39e6d2d5654bedecaa7f31d3db867f1b83065a6620d1e4f54cdd6d86864a4

SHA512
a7fa4aa9785e3628623b82d12bd1166a7543dbda6807a72e17e2f8c51c548c09eeb72cfa2971f1b3335178f2cdc9b7316890efce7339d099c169f4edf41ca8c8

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

Filesize
7KB

MD5
12e5757352495d1f7609a7e7b63329d2

SHA1
ca8b7dd853a68aa5f2b1978f1a9af81de325259a

SHA256
9b0be06df5e6931a6dca1c3a5cf275f8f671cd04d41cddd4220d878fa66b8cf7

SHA512
4f8cbd7bf9e8d00f34d32685c7a77aeb0070087ddf2d60f15f646cc1e904d711562d031dcd85cfa7243731ed90570e77d41d7a06100bf674a9f2faf22f163f9b

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

Filesize
9KB

MD5
e60b082163c1681a2cbc44bbe103239e

SHA1
4560fbcf757376706098b385ad441d7628d4c7d7

SHA256
9b58e51cbfbe9d96d525cd97273ef6eea2e0287292e5437bb7ee068073c8841a

SHA512
445a311b414ee72dc34c55bb68dddab09267dde72c70f9caa8e31cf48c4af163fe958018cb6e9fd5e8fb9d7042b50aa324fd65dd80a5daba1d6217e1a6068d40

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

Filesize
15KB

MD5
21df72bedb5ac7d3d43613bb7c3fff02

SHA1
57b6f9a0bfa73ded36c14c0b5b93adfac8f7953a

SHA256
571310c3941b1ec261f4415e839bab048d2bba41012cbe8769a6a9cdda76aef3

SHA512
9a51f210d81e61ea2c9cec6f5e2cda04d992db06c38a082240d42db9bb0870a05cf900b312e2efe71050ee564e7fae2429b010bd6644a30c01511dc1abb323c5

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences~RFe58a207.TMP

Filesize
4KB

MD5
4a059844f53bd07162917dee8d8f796c

SHA1
8aa0ca6a4cea80052173b497866c5912c626baba

SHA256
3ed5869d1e6723e3e16fbf996d5afb725c0abecbca8116e59caa0bdfdde6a532

SHA512
c746a3a0c8a281646d5078ce032660a182b50ff7d1a80eddcce6909bb1b801f78d21fa9f588c86c0b5efd626056b9942b5308bdebe109d415e0b8fddd103c6df

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Secure Preferences

Filesize
10KB

MD5
e81b0eed8a11a1da69b7aedf6062a8f1

SHA1
eacb728893629aadf0b7f3d1a7503ec17e5cdf9f

SHA256
cf163a9f036667b2a41b0cbf43d4986592d20db2bdbb4687b72fbab0168302e7

SHA512
5d3e46b14ad6ff4c9906ed3cee1b989ed4871038966e13a1fceba8e051461c007ce1fca269396ede574522ee63bc016b64dd67f755eedf8cb6939c5f2a762af9

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Secure Preferences~RFe58a275.TMP

Filesize
1KB

MD5
146ecfdbd5fee7c8387a3d85f9979824

SHA1
b5c28ab508be7c3f14e971cfed4be16df05c3ff7

SHA256
fcc9b031b6509badcecb2394e67583daf522e2c2e7997e022de32058d3c9f9b2

SHA512
3791298ff79954c50624c1d2cecd3f69d5e0e9023da7961e39c6bdf3cafd8217ee6f894fb332a47d4a7044e92bccf2918278dcf2e46771f4f7f1d3ada871bf4c

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Tablo Cache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\563d9c09-bef7-4d31-9a3a-24dd682d7c4b\index-dir\the-real-index

Filesize
2KB

MD5
59814212079415cf8144c0b53969b2a4

SHA1
55e4a22a73ee231cc651714ffadf206c79469d12

SHA256
17feae3158d6915ef10110253da3332965f1466b68cc0fcfc18102304acb3297

SHA512
fec46848ba991cc3cab64a1f5aa6e485d13599cf4552f1f21ea7a197a948c16d7dccdf81443e1a48f0ca7ec03d1bfcbe3774c9fe1c0f5370a6268e79311cf0b0

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\563d9c09-bef7-4d31-9a3a-24dd682d7c4b\index-dir\the-real-index~RFe5915ef.TMP

Filesize
2KB

MD5
8555a7b666029b881e439d6006971757

SHA1
d50337bae889c2a2c63c3c14ffd73548ea3e67fe

SHA256
0662df8fca41bf357fd9806664ebe0a0f5d3d241053a4258d49196b70fa6905e

SHA512
6812aef2be5e4aec445ce2148c113fa3018ae579877ff382fe7f1e40a636d02b714c0df73dffb4701dc7e7869f5a7039a999577458755990e28ab6d57ffcfe0d

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\bcadigmkecmhhknameopgaidphameinh\Icons\16.png

Filesize
699B

MD5
238b0e7dc06028db4b6aba8078740ffb

SHA1
5fd2309587993b371beabb7a9d039e0dba3006ba

SHA256
d159e510392f6da58c4d15cc098171d45c7b02a1362cbf7be7a2d47a1a10e7fc

SHA512
1dda4de21be647067c04dfc47174df39d0c6c1eeee3e9005211f908351b69d6a27ed268b5ec7480285fb203a95136a3a205f7bafb7eb5223a3dcbab0dadc0e5d

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\turboapp_db.json

Filesize
23KB

MD5
bba3b6427e6f01503955463647e2acce

SHA1
f26df0364e3f058aed4422b6a0d65370d2e8ac6b

SHA256
8d336e4b14170cd9a4a72caf8a4e57128f2c771430224ad1b181f29da641a653

SHA512
92227ec44ee137d04e5b5a9dae64b10d6ed9243711375b2d5883706ff40160f33f3e774266b5be0f896d61d5274649023ddb262bb7f84f0d39db475ef6522939

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\turboapp_db.json

Filesize
23KB

MD5
0ccb77bb4ff03ebe29d6e44782c5a831

SHA1
751b7d63b55ba42ce7b69c466fd9c5a0ec0d452e

SHA256
7b073c960e949a901d3aa3f00d7679c5e7f686cf1626669914481353d23af0e6

SHA512
fbb866d554d792e7b496bb77d6e3caa788b981ecf056a7c42099afcb1f638bc5aa4c0b4aebe1556b6742b437590e755a7d8e595f30d4e80c3de8e7be62183d62

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\turboapp_db.json~RFe58ab3f.TMP

Filesize
14KB

MD5
30a56c08d12a07b56f813fb1194e70c8

SHA1
069e082f6154ab0a7358f6626ceae3b06f1c5f89

SHA256
0c1089652928d2e6ef82885063b7384889738af58cb7eaebb1110f7001495f95

SHA512
69ff587a6b7ffc132a8b95a295aeb175c1ac8e45c69002957b5396478db33b1a430e86fb9a8154aa877afe9395a6dc773601e4eb123e564dcdf00086d4c02881

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\GraphiteDawnCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\GraphiteDawnCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\GraphiteDawnCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Local State

Filesize
165KB

MD5
e0230132407570de0d7c94df7bbc8213

SHA1
929ca8733e9e2d76dee218ffcc13820dd4e6044c

SHA256
d8f15a9f3c4ff85a8c50f4692535b0ddb8829931935534c9e70789fd0e053b67

SHA512
9737d10ac4134e84e847451342c3ea69941808348eaa74f0d4537004449b0457567f6450b774a1bdc929eefc87049823da99c2d115d1679ac6790d2800657d24

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Local State

Filesize
165KB

MD5
741149834c482c1715b3af48d92e4e8d

SHA1
75107d1009f46906da7f00b51adb59b8d700c9ac

SHA256
4d7f88f788bd3e409aebd7eac9baf3c1e31da69cda354ce0a3a74e8e03f8901f

SHA512
465a0dd2ca3f131f00963b90419d9161f7affaa2a2bc8fd784e49440d8dff96c2e13d7d4cb7d03085ca5db9040853040489a27d81bba06beec788700058c7921

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Local State

Filesize
165KB

MD5
4d43c6a040195a9121a6f646ff0a7b04

SHA1
cde807423fa19934f0405aa25048b3028f0e0228

SHA256
a57b7937fba5d9283c06c526e9f9c5f5bcbc92d92418537eacbbf2d66eb18320

SHA512
fe76f16e5ad091545cee433af40cf279032e5f4db49b6e588658524fa8cc7fedcffdf1e911828376d4268c3d3101552c72c8382207ac1b3b69d2ede01f2bf64a

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Local State

Filesize
165KB

MD5
41a75bdf10092c26d2cae32391026648

SHA1
7eb6963e22c10e7e35787bbdd5781477a4f3297e

SHA256
1bac96351da9f64090eaa8122de11bdfb036f3bae41e7bb5f7791c444ad8b560

SHA512
82db6d0397713c46f46ce97dd89afc238b79a2b0ea9fb7cccd43268748d97b255e1ca6d96afc773e8ad0acc49387cb48d3614c8c96be62cb10d3b9e22ae3d14e

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\PKIMetadata\725\crs.pb

Filesize
140KB

MD5
a6d40ae583f1eafdbeee35ddcae8506f

SHA1
bd0364bffa76570e608fc9e1c8b7559df42044a4

SHA256
760b2c3d16b445d27a85cba18bfe13aef5f71068e46234f82efc0647d74934d5

SHA512
cc583d9dd0aa94bb24b92829596b732a38e0604d385f782229f86d2e26da28332fe0f1f1cc8e2cbddbc55ad29e29449379899b5ba3f73bd4cbee204e5b3f5f79

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\PKIMetadata\725\ct_config.pb

Filesize
45KB

MD5
5ec3b90ca4b1cca431b0606597d09d4f

SHA1
957a49ba612ced3a37eeca0c9081e56439b80146

SHA256
d12b25a603d50b64e08296f7612877493cf3bd6d421f57b4079fd65dbbff6968

SHA512
754302e0678b6b52726d54c23e5709ed26dc6d63db4104534e2384fa3d1b8e1840a03a4dfd293c8ea2ad19e1dbbe7b6781c3bfac08c246cd3455f1c0ffd70689

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\PKIMetadata\725\kp_pinslist.pb

Filesize
14KB

MD5
0a677beaa56a1cb00e34080803be6bae

SHA1
fcb89e08cfb5c41be5ee17a25e65eba864e3842f

SHA256
080d2044385995a64f47d85cbff0b1e508277b7a8a2b2c87e185ec746ee4bb46

SHA512
06326b6a94f738b4432438cc23761ff5e9ff0f851852a7a7cecdce283378bb3325bfa5381650d26f0c152e269b4870fec76f0360b43ead33488246be0a8b8eb9

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\component_crx_cache\oimompecagnajdejgnnjijobebaeigek_1.8bf95287ce9aaa0612afea2bb6c2865a7f63e8616125968233565f6b3f6504ad

Filesize
8.2MB

MD5
fc96635a2f88fe54cc957f0f457cf592

SHA1
4bf05c61f7d4fd09547e8077590d20b76f365b05

SHA256
8bf95287ce9aaa0612afea2bb6c2865a7f63e8616125968233565f6b3f6504ad

SHA512
c577e47aa6ff3b86f92d31825142e9c82ad59eccfaac41a6a8cceadb8bb7350914e139c2ffe23e73d268526ee75768b71df7fca244e123ef9fed4fd209d7efff

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Yandex.lnk

Filesize
2KB

MD5
5538650f3b2d370ecda01d763f439b14

SHA1
5a5c388b2d334182221c78058fe946367f86ad7a

SHA256
ffe24e5ad24332496b5f8d63f4988779017c404a7c72ed675d9060802774d532

SHA512
a78f41b21faa3641a36fbdb1ee7ead34fd08f92234d20c6e4ed50732e924c9cdf1add94a2ed78d033ccdc62674b1e32017f0869615fc6576d16349d156db7fdc

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\yandex.website

Filesize
488B

MD5
2baf611b1b6876e6c393054aa8c46a0a

SHA1
3d26e532d5b37939b51884bfb53732070c4dca9a

SHA256
5f7570144541408b41c15373bb8870e7bde53ad3c5413e2f6000e6f0e449b853

SHA512
1a0dc02bdd53e1bd49b2a72b10828463f5c8bed8a17b8498eb4ae939a40dfd8bcaeba1feac1190f5595b4da245a7aa0e4507724ef9fb74172b29581e885cd563

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\clids-yabrowser.xml

Filesize
535B

MD5
59929f8b0b2bcb7f01431918bb4348a5

SHA1
db9f11fc50fa7c54913dbbaf9625f876df2d950f

SHA256
57ab6dad5edb9cb9183313bbd94679ac17db8d8a98d4b6cf2f7b008eace522d0

SHA512
47d86e54f8628e82c88cafb4ab37ba0e7ddf0de19ddcaffbc0d1e9c3fe9811d4e988f6f07267df1aa3b62f25c535ca8fe971daf8b1e73bf1ce8891312a809b64

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\clids-yabrowser.xml

Filesize
535B

MD5
59929f8b0b2bcb7f01431918bb4348a5

SHA1
db9f11fc50fa7c54913dbbaf9625f876df2d950f

SHA256
57ab6dad5edb9cb9183313bbd94679ac17db8d8a98d4b6cf2f7b008eace522d0

SHA512
47d86e54f8628e82c88cafb4ab37ba0e7ddf0de19ddcaffbc0d1e9c3fe9811d4e988f6f07267df1aa3b62f25c535ca8fe971daf8b1e73bf1ce8891312a809b64

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
540a671d26082d81707228033667b449

SHA1
d8dcaf9b563db623fe15718ba7c99374a634855a

SHA256
755d2beb1e1fbf4a076cc2dace2df10282fe92cbd8851ec6bff2e6b032789593

SHA512
16c18dd58c1d38dc9be21301886e0b74277141215869a18fdcfd10e17076035d463daa9bcf537eaaeabbd4a45a5124bd758de042b7a3c63ab2ffeb6d45878a35

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
540a671d26082d81707228033667b449

SHA1
d8dcaf9b563db623fe15718ba7c99374a634855a

SHA256
755d2beb1e1fbf4a076cc2dace2df10282fe92cbd8851ec6bff2e6b032789593

SHA512
16c18dd58c1d38dc9be21301886e0b74277141215869a18fdcfd10e17076035d463daa9bcf537eaaeabbd4a45a5124bd758de042b7a3c63ab2ffeb6d45878a35

Download Submit
C:\Windows\TEMP\sdwra_1764_1641273693\service_update.exe

Filesize
2.6MB

MD5
1fd25427b858b2818ea73d2d5c29a009

SHA1
da2d090cf9172ab9c0445100f8c9415c55be15a3

SHA256
e58f5d9c9195a123d99853565274cc121223d9fe5b4aff589662bdc5375711aa

SHA512
4e2b92cf43e2791be34a8e5be64dcf38b87afec9db5e3a82749e8e6e9091a34388e8e03d403c2c031dd7d42d35ed9bf7cd49dcc95e7586aa74c58a484bb2bad9

Download Submit
C:\Windows\Temp\sdwra_1764_1641273693\service_update.exe

Filesize
2.6MB

MD5
1fd25427b858b2818ea73d2d5c29a009

SHA1
da2d090cf9172ab9c0445100f8c9415c55be15a3

SHA256
e58f5d9c9195a123d99853565274cc121223d9fe5b4aff589662bdc5375711aa

SHA512
4e2b92cf43e2791be34a8e5be64dcf38b87afec9db5e3a82749e8e6e9091a34388e8e03d403c2c031dd7d42d35ed9bf7cd49dcc95e7586aa74c58a484bb2bad9

Download Submit
memory/5856-1833-0x0000024095140000-0x0000024095150000-memory.dmp

Filesize
64KB

Download
memory/5856-1869-0x000002409D6F0000-0x000002409D6F1000-memory.dmp

Filesize
4KB

Download
memory/5856-1868-0x000002409D5E0000-0x000002409D5E1000-memory.dmp

Filesize
4KB

Download
memory/5856-1867-0x000002409D5E0000-0x000002409D5E1000-memory.dmp

Filesize
4KB

Download
memory/5856-1865-0x000002409D5B0000-0x000002409D5B1000-memory.dmp

Filesize
4KB

Download
memory/5856-1849-0x0000024095240000-0x0000024095250000-memory.dmp

Filesize
64KB

Download