8998d42f25e3dda756ac63be5ec804810f767fffbdfe4d2d24e482bcd8c7c134

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
14-11-2023 15:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8998d42f25e3dda756ac63be5ec804810f767fffbdfe4d2d24e482bcd8c7c134.exe
Size

4.9MB
MD5

dd6a007a09103a87209d26ce84891d92
SHA1

edce5e3ee1b200dcd30f8a414a9cc3a3f98aa887
SHA256

8998d42f25e3dda756ac63be5ec804810f767fffbdfe4d2d24e482bcd8c7c134
SHA512

48d999fced731c9f3e1a52c9f7a561ba9e894ef46a3caeb0dd145d4e5e10e629a6b91a3755272aed92de49c32035c31b3ba41fe7973946a2dfe74044fe87438c
SSDEEP

98304:2rS2H6ei5ncznMqTUwSaWDRKdzOJDb4v+:rYzMCWD8wN0v+

Score

8^/10

discovery persistence spyware stealer

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 16 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation	service_update.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation	8998d42f25e3dda756ac63be5ec804810f767fffbdfe4d2d24e482bcd8c7c134.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation	setup.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation	explorer.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation	Yandex.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation	explorer.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation	browser.exe

Executes dropped EXE 64 IoCs

pid	Process
4740	yb8220.tmp
4296	setup.exe
3556	setup.exe
3324	setup.exe
3724	service_update.exe
2108	service_update.exe
4072	service_update.exe
4608	service_update.exe
872	service_update.exe
1424	service_update.exe
5264	explorer.exe
5288	explorer.exe
6124	Yandex.exe
1264	explorer.exe
1444	clidmgr.exe
1536	clidmgr.exe
4980	browser.exe
5188	browser.exe
5756	browser.exe
6076	browser.exe
6088	browser.exe
6100	browser.exe
6120	browser.exe
4868	browser.exe
4368	browser.exe
1356	browser.exe
876	browser.exe
3476	browser.exe
5416	setup.exe
3500	setup.exe
5400	browser.exe
3568	browser.exe
3128	browser.exe
4136	browser.exe
5660	browser.exe
4220	browser.exe
6064	browser.exe
5296	browser.exe
212	browser.exe
5344	browser.exe
4488	browser.exe
4132	browser.exe
4500	browser.exe
3792	browser.exe
4576	browser.exe
5476	browser.exe
3012	browser.exe
5460	browser.exe
5540	browser.exe
6044	browser.exe
3232	browser.exe
4528	browser.exe
5456	browser.exe
2192	browser.exe
3656	browser.exe
4168	browser.exe
4452	browser.exe
1820	browser.exe
6016	browser.exe
5972	browser.exe
6028	browser.exe
1768	browser.exe
5944	browser.exe
4724	browser.exe

Loads dropped DLL 64 IoCs

pid	Process
4980	browser.exe
5188	browser.exe
4980	browser.exe
5756	browser.exe
5756	browser.exe
6088	browser.exe
5756	browser.exe
5756	browser.exe
5756	browser.exe
6088	browser.exe
6100	browser.exe
6076	browser.exe
6076	browser.exe
6076	browser.exe
6120	browser.exe
6100	browser.exe
4868	browser.exe
4868	browser.exe
5756	browser.exe
6120	browser.exe
1356	browser.exe
1356	browser.exe
876	browser.exe
4368	browser.exe
876	browser.exe
4368	browser.exe
3476	browser.exe
3476	browser.exe
5400	browser.exe
5400	browser.exe
3568	browser.exe
3568	browser.exe
3128	browser.exe
3128	browser.exe
4136	browser.exe
5660	browser.exe
4136	browser.exe
5660	browser.exe
4220	browser.exe
4220	browser.exe
6064	browser.exe
6064	browser.exe
5296	browser.exe
5296	browser.exe
212	browser.exe
212	browser.exe
5344	browser.exe
5344	browser.exe
4488	browser.exe
4488	browser.exe
4132	browser.exe
4132	browser.exe
4500	browser.exe
4500	browser.exe
3792	browser.exe
3792	browser.exe
4576	browser.exe
4576	browser.exe
5476	browser.exe
5476	browser.exe
3012	browser.exe
5460	browser.exe
5460	browser.exe
3012	browser.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\YandexBrowserAutoLaunch_45886AE68CD319C7351FF54A1DBD4B87 = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --shutdown-if-not-closed-by-system-restart"	browser.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Yandex\ui	service_update.exe

Drops file in Program Files directory 28 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\scoped_dir5376_1632813189\Network\Cookies	browser.exe
File created	C:\Program Files (x86)\scoped_dir3476_1126015979\Cookies	browser.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping4980_777732957\_platform_specific\win_x86\widevinecdm.dll.sig	browser.exe
File created	C:\Program Files (x86)\chrome_url_fetcher_4980_1222290835\oimompecagnajdejgnnjijobebaeigek_4.10.2710.0_win32_ad2kbvs6jks3au5dsxn7cqflsiiq.crx3	browser.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping4980_340587800\crs.pb	browser.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping4980_340587800\_metadata\verified_contents.json	browser.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping4980_340587800\manifest.fingerprint	browser.exe
File opened for modification	C:\Program Files (x86)\Yandex\YandexBrowser\23.9.4.838\service_update.exe	service_update.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping4980_777732957\manifest.json	browser.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping4980_777732957\_metadata\verified_contents.json	browser.exe
File created	C:\Program Files (x86)\scoped_dir2504_1455425507\cookies.sqlite	browser.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping4980_340587800\manifest.json	browser.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping4980_777732957\LICENSE	browser.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping4980_340587800\kp_pinslist.pb	browser.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping4980_340587800\ct_config.pb	browser.exe
File created	C:\Program Files (x86)\scoped_dir5376_1632813189\Network\Cookies	browser.exe
File opened for modification	C:\Program Files (x86)\scoped_dir2504_1455425507\cookies.sqlite-journal	browser.exe
File created	C:\Program Files (x86)\scoped_dir3476_1637225281\History	browser.exe
File created	C:\Program Files (x86)\scoped_dir3556_1997182706\explorer.exe	setup.exe
File opened for modification	C:\Program Files (x86)\Yandex\YandexBrowser\23.9.4.838\debug.log	service_update.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping4980_777732957\_platform_specific\win_x86\widevinecdm.dll	browser.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping4980_777732957\manifest.fingerprint	browser.exe
File opened for modification	C:\Program Files (x86)\scoped_dir3476_1126015979\Cookies	browser.exe
File opened for modification	C:\Program Files (x86)\scoped_dir2504_1455425507\cookies.sqlite	browser.exe
File created	C:\Program Files (x86)\Yandex\YandexBrowser\23.9.4.838\service_update.exe	service_update.exe
File opened for modification	C:\Program Files (x86)\scoped_dir2504_1455425507\cookies.sqlite-wal	browser.exe
File opened for modification	C:\Program Files (x86)\scoped_dir2504_1455425507\cookies.sqlite-shm	browser.exe
File opened for modification	C:\Program Files (x86)\scoped_dir3476_1637225281\History	browser.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\Tasks\Repairing Yandex Browser update service.job	service_update.exe
File created	C:\Windows\Tasks\Обновление Браузера Яндекс.job	browser.exe
File created	C:\Windows\Tasks\System update for Yandex Browser.job	service_update.exe
File created	C:\Windows\Tasks\Update for Yandex Browser.job	service_update.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	browser.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	browser.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	browser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	browser.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	browser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	browser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	browser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	browser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	browser.exe

Modifies data under HKEY_USERS 6 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\Yandex\UICreated_SYSTEM = "1"	service_update.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	browser.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133444504591192709"	browser.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\Yandex	service_update.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	service_update.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\AppDataLow	service_update.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\YandexCRX.PWO4K4TD7T6DEWX2HH5JMYCE54	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\.infected	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\YandexHTML.PWO4K4TD7T6DEWX2HH5JMYCE54\ = "Yandex HTML Document"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\YandexFB2.PWO4K4TD7T6DEWX2HH5JMYCE54\shell\open\command	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\YandexTIFF.PWO4K4TD7T6DEWX2HH5JMYCE54\shell	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\.tif	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\yabrowser\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\.fb2\OpenWithProgids\YandexFB2.PWO4K4TD7T6DEWX2HH5JMYCE54	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\.tif\OpenWithProgids\YandexTIFF.PWO4K4TD7T6DEWX2HH5JMYCE54	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\YandexWEBM.PWO4K4TD7T6DEWX2HH5JMYCE54\ = "Yandex Browser WEBM Document"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\SystemFileAssociations\.gif\shell\image_search\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --image-search=\"%1\""	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\YandexBrowser.crx\DefaultIcon	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\YandexEPUB.PWO4K4TD7T6DEWX2HH5JMYCE54\shell	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\YandexJS.PWO4K4TD7T6DEWX2HH5JMYCE54	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\.swf\OpenWithProgids\YandexSWF.PWO4K4TD7T6DEWX2HH5JMYCE54	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\.xml\OpenWithProgids\YandexXML.PWO4K4TD7T6DEWX2HH5JMYCE54	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\.fb2	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\YandexPNG.PWO4K4TD7T6DEWX2HH5JMYCE54\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-113"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\.epub\OpenWithProgids	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\.mhtml	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\YandexTIFF.PWO4K4TD7T6DEWX2HH5JMYCE54\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\YandexHTML.PWO4K4TD7T6DEWX2HH5JMYCE54\AppUserModelId = "Yandex.PWO4K4TD7T6DEWX2HH5JMYCE54"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\yabrowser\shell\open\command	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\.mhtml\OpenWithProgids	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\.mhtml\OpenWithProgids\YandexHTML.PWO4K4TD7T6DEWX2HH5JMYCE54	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\YandexJS.PWO4K4TD7T6DEWX2HH5JMYCE54\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\YandexPNG.PWO4K4TD7T6DEWX2HH5JMYCE54\shell\open	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\YandexPDF.PWO4K4TD7T6DEWX2HH5JMYCE54\ = "Yandex Browser PDF Document"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\yabrowser\URL Protocol	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\YandexJS.PWO4K4TD7T6DEWX2HH5JMYCE54\shell\open	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\YandexSVG.PWO4K4TD7T6DEWX2HH5JMYCE54\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\YandexGIF.PWO4K4TD7T6DEWX2HH5JMYCE54\shell\open\command	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\.svg	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\.jpg\OpenWithProgids\YandexJPEG.PWO4K4TD7T6DEWX2HH5JMYCE54	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\.htm\OpenWithProgids	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\YandexXML.PWO4K4TD7T6DEWX2HH5JMYCE54\ = "Yandex Browser XML Document"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\YandexHTML.PWO4K4TD7T6DEWX2HH5JMYCE54\shell\open	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\YandexGIF.PWO4K4TD7T6DEWX2HH5JMYCE54\shell\open\command	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\YandexSVG.PWO4K4TD7T6DEWX2HH5JMYCE54\ = "Yandex Browser SVG Document"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\YandexWEBP.PWO4K4TD7T6DEWX2HH5JMYCE54\shell\open\command	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\.infected\OpenWithProgids	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\YandexPDF.PWO4K4TD7T6DEWX2HH5JMYCE54\shell	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\SystemFileAssociations\.webp\shell\image_search\Icon = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,0"	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\YandexSWF.PWO4K4TD7T6DEWX2HH5JMYCE54\DefaultIcon	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\YandexSWF.PWO4K4TD7T6DEWX2HH5JMYCE54\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-118"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\SystemFileAssociations\.jpg\shell\image_search	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\YandexEPUB.PWO4K4TD7T6DEWX2HH5JMYCE54	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\SystemFileAssociations\.png\shell\image_search\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --image-search=\"%1\""	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\.xht	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\YandexBrowser.crx	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\YandexGIF.PWO4K4TD7T6DEWX2HH5JMYCE54\shell\open	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\YandexGIF.PWO4K4TD7T6DEWX2HH5JMYCE54\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\YandexTXT.PWO4K4TD7T6DEWX2HH5JMYCE54\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\.gif\OpenWithProgids\YandexGIF.PWO4K4TD7T6DEWX2HH5JMYCE54	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\.jpg\OpenWithProgids	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\.js	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\.html\OpenWithProgids	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\YandexHTML.PWO4K4TD7T6DEWX2HH5JMYCE54\ = "Yandex Browser HTML Document"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\YandexJS.PWO4K4TD7T6DEWX2HH5JMYCE54\ = "Yandex Browser JS Document"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\.jpeg\OpenWithProgids\YandexJPEG.PWO4K4TD7T6DEWX2HH5JMYCE54	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\yabrowser\shell\open\ddeexec	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\.infected\OpenWithProgids	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\SystemFileAssociations\.tiff	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\YandexCSS.PWO4K4TD7T6DEWX2HH5JMYCE54	setup.exe

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b8200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82	8998d42f25e3dda756ac63be5ec804810f767fffbdfe4d2d24e482bcd8c7c134.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 1900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82	8998d42f25e3dda756ac63be5ec804810f767fffbdfe4d2d24e482bcd8c7c134.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 040000000100000010000000e94fb54871208c00df70f708ac47085b0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b81900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b4200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 5c0000000100000004000000001000001900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c040000000100000010000000e94fb54871208c00df70f708ac47085b200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8	8998d42f25e3dda756ac63be5ec804810f767fffbdfe4d2d24e482bcd8c7c134.exe

Suspicious behavior: EnumeratesProcesses 22 IoCs

pid	Process
3724	service_update.exe
3724	service_update.exe
2108	service_update.exe
2108	service_update.exe
4072	service_update.exe
4072	service_update.exe
872	service_update.exe
872	service_update.exe
1424	service_update.exe
1424	service_update.exe
5264	explorer.exe
5264	explorer.exe
3556	setup.exe
3556	setup.exe
3556	setup.exe
3556	setup.exe
4980	browser.exe
4980	browser.exe
4980	browser.exe
4980	browser.exe
4980	browser.exe
4980	browser.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4980	browser.exe
Token: SeCreatePagefilePrivilege	4980	browser.exe
Token: SeShutdownPrivilege	4980	browser.exe
Token: SeCreatePagefilePrivilege	4980	browser.exe
Token: SeShutdownPrivilege	4980	browser.exe
Token: SeCreatePagefilePrivilege	4980	browser.exe
Token: SeShutdownPrivilege	4980	browser.exe
Token: SeCreatePagefilePrivilege	4980	browser.exe
Token: SeShutdownPrivilege	4980	browser.exe
Token: SeCreatePagefilePrivilege	4980	browser.exe
Token: SeShutdownPrivilege	4980	browser.exe
Token: SeCreatePagefilePrivilege	4980	browser.exe
Token: SeShutdownPrivilege	4980	browser.exe
Token: SeCreatePagefilePrivilege	4980	browser.exe
Token: SeShutdownPrivilege	4980	browser.exe
Token: SeCreatePagefilePrivilege	4980	browser.exe
Token: SeShutdownPrivilege	4980	browser.exe
Token: SeCreatePagefilePrivilege	4980	browser.exe
Token: SeShutdownPrivilege	4980	browser.exe
Token: SeCreatePagefilePrivilege	4980	browser.exe
Token: SeShutdownPrivilege	4980	browser.exe
Token: SeCreatePagefilePrivilege	4980	browser.exe
Token: SeShutdownPrivilege	4980	browser.exe
Token: SeCreatePagefilePrivilege	4980	browser.exe
Token: SeShutdownPrivilege	4980	browser.exe
Token: SeCreatePagefilePrivilege	4980	browser.exe
Token: SeShutdownPrivilege	4980	browser.exe
Token: SeCreatePagefilePrivilege	4980	browser.exe
Token: SeShutdownPrivilege	4980	browser.exe
Token: SeCreatePagefilePrivilege	4980	browser.exe
Token: SeShutdownPrivilege	4980	browser.exe
Token: SeCreatePagefilePrivilege	4980	browser.exe
Token: SeShutdownPrivilege	4980	browser.exe
Token: SeCreatePagefilePrivilege	4980	browser.exe
Token: SeShutdownPrivilege	4980	browser.exe
Token: SeCreatePagefilePrivilege	4980	browser.exe
Token: SeShutdownPrivilege	4980	browser.exe
Token: SeCreatePagefilePrivilege	4980	browser.exe
Token: SeShutdownPrivilege	4980	browser.exe
Token: SeCreatePagefilePrivilege	4980	browser.exe
Token: SeShutdownPrivilege	4980	browser.exe
Token: SeCreatePagefilePrivilege	4980	browser.exe
Token: SeShutdownPrivilege	4980	browser.exe
Token: SeCreatePagefilePrivilege	4980	browser.exe
Token: SeShutdownPrivilege	4980	browser.exe
Token: SeCreatePagefilePrivilege	4980	browser.exe
Token: SeShutdownPrivilege	4980	browser.exe
Token: SeCreatePagefilePrivilege	4980	browser.exe
Token: SeShutdownPrivilege	4980	browser.exe
Token: SeCreatePagefilePrivilege	4980	browser.exe
Token: SeShutdownPrivilege	4980	browser.exe
Token: SeCreatePagefilePrivilege	4980	browser.exe
Token: SeShutdownPrivilege	4980	browser.exe
Token: SeCreatePagefilePrivilege	4980	browser.exe
Token: SeShutdownPrivilege	4980	browser.exe
Token: SeCreatePagefilePrivilege	4980	browser.exe
Token: SeShutdownPrivilege	4980	browser.exe
Token: SeCreatePagefilePrivilege	4980	browser.exe
Token: SeShutdownPrivilege	4980	browser.exe
Token: SeCreatePagefilePrivilege	4980	browser.exe
Token: SeShutdownPrivilege	4980	browser.exe
Token: SeCreatePagefilePrivilege	4980	browser.exe
Token: SeShutdownPrivilege	4980	browser.exe
Token: SeCreatePagefilePrivilege	4980	browser.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
3868	8998d42f25e3dda756ac63be5ec804810f767fffbdfe4d2d24e482bcd8c7c134.exe
5264	explorer.exe
1264	explorer.exe
4980	browser.exe
4980	browser.exe
4980	browser.exe
4980	browser.exe
4980	browser.exe
4980	browser.exe
4980	browser.exe
4980	browser.exe
4980	browser.exe
4980	browser.exe
4980	browser.exe
4980	browser.exe
4980	browser.exe
4980	browser.exe
4980	browser.exe
4980	browser.exe
4980	browser.exe
4980	browser.exe
4980	browser.exe
4980	browser.exe
4980	browser.exe
4980	browser.exe
4980	browser.exe
4980	browser.exe
4980	browser.exe
4980	browser.exe
4980	browser.exe
4980	browser.exe
4980	browser.exe
4980	browser.exe
4980	browser.exe
4980	browser.exe
4980	browser.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
4980	browser.exe
4980	browser.exe
4980	browser.exe
4980	browser.exe
4980	browser.exe
4980	browser.exe
4980	browser.exe
4980	browser.exe
4980	browser.exe
4980	browser.exe
4980	browser.exe
4980	browser.exe
4980	browser.exe
4980	browser.exe
4980	browser.exe
4980	browser.exe
4980	browser.exe
4980	browser.exe
4980	browser.exe
4980	browser.exe
4980	browser.exe
4980	browser.exe
4980	browser.exe
4980	browser.exe
4980	browser.exe
4980	browser.exe
4980	browser.exe
4980	browser.exe
4980	browser.exe
4980	browser.exe
4980	browser.exe
4980	browser.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3868	8998d42f25e3dda756ac63be5ec804810f767fffbdfe4d2d24e482bcd8c7c134.exe
4980	browser.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3868 wrote to memory of 3520	3868	8998d42f25e3dda756ac63be5ec804810f767fffbdfe4d2d24e482bcd8c7c134.exe	89
PID 3868 wrote to memory of 3520	3868	8998d42f25e3dda756ac63be5ec804810f767fffbdfe4d2d24e482bcd8c7c134.exe	89
PID 3868 wrote to memory of 3520	3868	8998d42f25e3dda756ac63be5ec804810f767fffbdfe4d2d24e482bcd8c7c134.exe	89
PID 3520 wrote to memory of 4740	3520	8998d42f25e3dda756ac63be5ec804810f767fffbdfe4d2d24e482bcd8c7c134.exe	101
PID 3520 wrote to memory of 4740	3520	8998d42f25e3dda756ac63be5ec804810f767fffbdfe4d2d24e482bcd8c7c134.exe	101
PID 3520 wrote to memory of 4740	3520	8998d42f25e3dda756ac63be5ec804810f767fffbdfe4d2d24e482bcd8c7c134.exe	101
PID 4740 wrote to memory of 4296	4740	yb8220.tmp	102
PID 4740 wrote to memory of 4296	4740	yb8220.tmp	102
PID 4740 wrote to memory of 4296	4740	yb8220.tmp	102
PID 4296 wrote to memory of 3556	4296	setup.exe	103
PID 4296 wrote to memory of 3556	4296	setup.exe	103
PID 4296 wrote to memory of 3556	4296	setup.exe	103
PID 3556 wrote to memory of 3324	3556	setup.exe	104
PID 3556 wrote to memory of 3324	3556	setup.exe	104
PID 3556 wrote to memory of 3324	3556	setup.exe	104
PID 3556 wrote to memory of 3724	3556	setup.exe	109
PID 3556 wrote to memory of 3724	3556	setup.exe	109
PID 3556 wrote to memory of 3724	3556	setup.exe	109
PID 3724 wrote to memory of 2108	3724	service_update.exe	110
PID 3724 wrote to memory of 2108	3724	service_update.exe	110
PID 3724 wrote to memory of 2108	3724	service_update.exe	110
PID 4072 wrote to memory of 4608	4072	service_update.exe	112
PID 4072 wrote to memory of 4608	4072	service_update.exe	112
PID 4072 wrote to memory of 4608	4072	service_update.exe	112
PID 4072 wrote to memory of 872	4072	service_update.exe	113
PID 4072 wrote to memory of 872	4072	service_update.exe	113
PID 4072 wrote to memory of 872	4072	service_update.exe	113
PID 872 wrote to memory of 1424	872	service_update.exe	114
PID 872 wrote to memory of 1424	872	service_update.exe	114
PID 872 wrote to memory of 1424	872	service_update.exe	114
PID 3556 wrote to memory of 5264	3556	setup.exe	116
PID 3556 wrote to memory of 5264	3556	setup.exe	116
PID 3556 wrote to memory of 5264	3556	setup.exe	116
PID 5264 wrote to memory of 5288	5264	explorer.exe	117
PID 5264 wrote to memory of 5288	5264	explorer.exe	117
PID 5264 wrote to memory of 5288	5264	explorer.exe	117
PID 3556 wrote to memory of 6124	3556	setup.exe	118
PID 3556 wrote to memory of 6124	3556	setup.exe	118
PID 3556 wrote to memory of 6124	3556	setup.exe	118
PID 6124 wrote to memory of 1264	6124	Yandex.exe	119
PID 6124 wrote to memory of 1264	6124	Yandex.exe	119
PID 6124 wrote to memory of 1264	6124	Yandex.exe	119
PID 3556 wrote to memory of 1444	3556	setup.exe	121
PID 3556 wrote to memory of 1444	3556	setup.exe	121
PID 3556 wrote to memory of 1444	3556	setup.exe	121
PID 3556 wrote to memory of 1536	3556	setup.exe	123
PID 3556 wrote to memory of 1536	3556	setup.exe	123
PID 3556 wrote to memory of 1536	3556	setup.exe	123
PID 4980 wrote to memory of 5188	4980	browser.exe	126
PID 4980 wrote to memory of 5188	4980	browser.exe	126
PID 4980 wrote to memory of 5188	4980	browser.exe	126
PID 4980 wrote to memory of 5756	4980	browser.exe	127
PID 4980 wrote to memory of 5756	4980	browser.exe	127
PID 4980 wrote to memory of 5756	4980	browser.exe	127
PID 4980 wrote to memory of 5756	4980	browser.exe	127
PID 4980 wrote to memory of 5756	4980	browser.exe	127
PID 4980 wrote to memory of 5756	4980	browser.exe	127
PID 4980 wrote to memory of 5756	4980	browser.exe	127
PID 4980 wrote to memory of 5756	4980	browser.exe	127
PID 4980 wrote to memory of 5756	4980	browser.exe	127
PID 4980 wrote to memory of 5756	4980	browser.exe	127
PID 4980 wrote to memory of 5756	4980	browser.exe	127
PID 4980 wrote to memory of 5756	4980	browser.exe	127
PID 4980 wrote to memory of 5756	4980	browser.exe	127

C:\Users\Admin\AppData\Local\Temp\8998d42f25e3dda756ac63be5ec804810f767fffbdfe4d2d24e482bcd8c7c134.exe
"C:\Users\Admin\AppData\Local\Temp\8998d42f25e3dda756ac63be5ec804810f767fffbdfe4d2d24e482bcd8c7c134.exe"
1⤵
- Checks computer location settings
- Modifies system certificate store
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3868
- C:\Users\Admin\AppData\Local\Temp\8998d42f25e3dda756ac63be5ec804810f767fffbdfe4d2d24e482bcd8c7c134.exe
  "C:\Users\Admin\AppData\Local\Temp\8998d42f25e3dda756ac63be5ec804810f767fffbdfe4d2d24e482bcd8c7c134.exe" --parent-installer-process-id=3868 --run-as-admin --setup-cmd-line="fake_browser_arc --abt-config-resource-file=\"C:\Users\Admin\AppData\Local\Temp\abt_config_resource\" --abt-update-path=\"C:\Users\Admin\AppData\Local\Temp\b86a96d7-3a45-46a6-b18b-511aa686dbb8.tmp\" --brand-name=yandex --distr-info-file=\"C:\Users\Admin\AppData\Local\Temp\distrib_info\" --make-browser-default-after-import --progress-window=393452 --send-statistics --the-interface-availability=190411288 --variations-update-path=\"C:\Users\Admin\AppData\Local\Temp\f7a4f2cf-d086-496e-b178-1cf7a793b587.tmp\" --verbose-logging"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3520
- - C:\Users\Admin\AppData\Local\Temp\yb8220.tmp
    "C:\Users\Admin\AppData\Local\Temp\yb8220.tmp" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\b86a96d7-3a45-46a6-b18b-511aa686dbb8.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=14 --install-start-time-no-uac=471599834 --install-start-time-no-uac-with-suspension=240616874000 --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --make-browser-default-after-import --partner-package="C:\Users\Admin\AppData\Local\Temp\PartnerFile" --progress-window=393452 --send-statistics --source=lite --the-interface-availability=190411288 --variations-update-path="C:\Users\Admin\AppData\Local\Temp\f7a4f2cf-d086-496e-b178-1cf7a793b587.tmp" --verbose-logging
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:4740
  - - C:\Users\Admin\AppData\Local\Temp\YB_56345.tmp\setup.exe
      "C:\Users\Admin\AppData\Local\Temp\YB_56345.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_56345.tmp\BROWSER.PACKED.7Z" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\b86a96d7-3a45-46a6-b18b-511aa686dbb8.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=14 --install-start-time-no-uac=471599834 --install-start-time-no-uac-with-suspension=240616874000 --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --make-browser-default-after-import --partner-package="C:\Users\Admin\AppData\Local\Temp\PartnerFile" --progress-window=393452 --send-statistics --source=lite --the-interface-availability=190411288 --variations-update-path="C:\Users\Admin\AppData\Local\Temp\f7a4f2cf-d086-496e-b178-1cf7a793b587.tmp" --verbose-logging
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:4296
    - - C:\Users\Admin\AppData\Local\Temp\YB_56345.tmp\setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\YB_56345.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_56345.tmp\BROWSER.PACKED.7Z" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\b86a96d7-3a45-46a6-b18b-511aa686dbb8.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=14 --install-start-time-no-uac=471599834 --install-start-time-no-uac-with-suspension=240616874000 --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --make-browser-default-after-import --partner-package="C:\Users\Admin\AppData\Local\Temp\PartnerFile" --progress-window=393452 --send-statistics --source=lite --the-interface-availability=190411288 --variations-update-path="C:\Users\Admin\AppData\Local\Temp\f7a4f2cf-d086-496e-b178-1cf7a793b587.tmp" --verbose-logging --verbose-logging --run-as-admin --target-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application" --child-setup-process --restart-as-admin-time=492990473
        5⤵
        Executes dropped EXE
        Drops file in Program Files directory
        Modifies registry class
        Modifies system certificate store
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:3556
      - C:\Users\Admin\AppData\Local\Temp\YB_56345.tmp\setup.exe
        
        C:\Users\Admin\AppData\Local\Temp\YB_56345.tmp\setup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=f5ea51da667ecd6b5f2b9d06e4a3fc52 --annotation=main_process_pid=3556 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=23.9.4.838 --initial-client-data=0x334,0x338,0x33c,0x310,0x340,0xd2cf88,0xd2cf98,0xd2cfa4
        6⤵
        Executes dropped EXE
        
        PID:3324
      - C:\Windows\TEMP\sdwra_3556_309310129\service_update.exe
        
        "C:\Windows\TEMP\sdwra_3556_309310129\service_update.exe" --setup
        6⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in Program Files directory
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:3724
        
        C:\Program Files (x86)\Yandex\YandexBrowser\23.9.4.838\service_update.exe
        
        "C:\Program Files (x86)\Yandex\YandexBrowser\23.9.4.838\service_update.exe" --install
        7⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:2108
      - C:\Program Files (x86)\scoped_dir3556_1997182706\explorer.exe
        
        "C:\Program Files (x86)\scoped_dir3556_1997182706\explorer.exe" --pttw1="C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex.lnk"
        6⤵
        Checks computer location settings
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of FindShellTrayWindow
        Suspicious use of WriteProcessMemory
        
        PID:5264
        
        C:\Program Files (x86)\scoped_dir3556_1997182706\explorer.exe
        
        "C:\Program Files (x86)\scoped_dir3556_1997182706\explorer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=f5ea51da667ecd6b5f2b9d06e4a3fc52 --annotation=main_process_pid=5264 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=23.9.4.838 --initial-client-data=0x2b0,0x2b4,0x2b8,0x28c,0x2bc,0x129cf88,0x129cf98,0x129cfa4
        7⤵
        Executes dropped EXE
        
        PID:5288
      - C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe
        
        C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe --silent
        6⤵
        Checks computer location settings
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\pin\explorer.exe
        
        C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe --silent /pin-path="C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.lnk" --is-pinning
        7⤵
        Checks computer location settings
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        
        PID:1264
      - C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
        
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Temp\clids.xml"
        6⤵
        Executes dropped EXE
        
        PID:1444
      - C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
        
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\source3556_192971091\Browser-bin\clids_yandex.xml"
        6⤵
        Executes dropped EXE
        
        PID:1536

C:\Program Files (x86)\Yandex\YandexBrowser\23.9.4.838\service_update.exe
"C:\Program Files (x86)\Yandex\YandexBrowser\23.9.4.838\service_update.exe" --run-as-service
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4072
- C:\Program Files (x86)\Yandex\YandexBrowser\23.9.4.838\service_update.exe
  "C:\Program Files (x86)\Yandex\YandexBrowser\23.9.4.838\service_update.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=f5ea51da667ecd6b5f2b9d06e4a3fc52 --annotation=main_process_pid=4072 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=23.9.4.838 --initial-client-data=0x26c,0x270,0x274,0x248,0x278,0x124a940,0x124a950,0x124a95c
  2⤵
  - Executes dropped EXE
  PID:4608
- C:\Program Files (x86)\Yandex\YandexBrowser\23.9.4.838\service_update.exe
  "C:\Program Files (x86)\Yandex\YandexBrowser\23.9.4.838\service_update.exe" --update-scheduler
  2⤵
  - Executes dropped EXE
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:872
- - C:\Program Files (x86)\Yandex\YandexBrowser\23.9.4.838\service_update.exe
    "C:\Program Files (x86)\Yandex\YandexBrowser\23.9.4.838\service_update.exe" --update-background-scheduler
    3⤵
    - Executes dropped EXE
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    PID:1424

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --progress-window=393452 --install-start-time-no-uac=471599834 --install-start-time-no-uac-with-suspension=240616874000
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Program Files directory
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4980
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id= --annotation=main_process_pid=4980 --annotation=metrics_client_id=3371ed0ec57845e087d366b5e832e282 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=23.9.4.838 --initial-client-data=0x184,0x188,0x18c,0x128,0x190,0x72569c60,0x72569c70,0x72569c7c
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5188
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=07F3949E-4969-4D1D-8144-2B2A06718B29 --brand-id=yandex --partner-id=switch-browser --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2520 --field-trial-handle=2524,i,15365412667056142464,3681803618825104289,262144 --disable-features=WebGalleryRotation /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5756
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=07F3949E-4969-4D1D-8144-2B2A06718B29 --brand-id=yandex --partner-id=switch-browser --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=disabled --mojo-platform-channel-handle=2720 --field-trial-handle=2524,i,15365412667056142464,3681803618825104289,262144 --disable-features=WebGalleryRotation /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:6076
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=ru --service-sandbox-type=audio --user-id=07F3949E-4969-4D1D-8144-2B2A06718B29 --brand-id=yandex --partner-id=switch-browser --process-name="Audio Service" --mojo-platform-channel-handle=3928 --field-trial-handle=2524,i,15365412667056142464,3681803618825104289,262144 --disable-features=WebGalleryRotation --brver=23.9.4.838 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:6120
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=ru --service-sandbox-type=service --user-id=07F3949E-4969-4D1D-8144-2B2A06718B29 --brand-id=yandex --partner-id=switch-browser --process-name="Storage Service" --mojo-platform-channel-handle=3720 --field-trial-handle=2524,i,15365412667056142464,3681803618825104289,262144 --disable-features=WebGalleryRotation --brver=23.9.4.838 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:6100
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=07F3949E-4969-4D1D-8144-2B2A06718B29 --brand-id=yandex --partner-id=switch-browser --process-name="Network Service" --mojo-platform-channel-handle=3712 --field-trial-handle=2524,i,15365412667056142464,3681803618825104289,262144 --disable-features=WebGalleryRotation --brver=23.9.4.838 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:6088
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=07F3949E-4969-4D1D-8144-2B2A06718B29 --brand-id=yandex --partner-id=switch-browser --extension-process --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --first-renderer-process --allow-prefetch --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4120 --field-trial-handle=2524,i,15365412667056142464,3681803618825104289,262144 --disable-features=WebGalleryRotation /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4368
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=ru --service-sandbox-type=none --user-id=07F3949E-4969-4D1D-8144-2B2A06718B29 --brand-id=yandex --partner-id=switch-browser --process-name="Video Capture" --mojo-platform-channel-handle=4080 --field-trial-handle=2524,i,15365412667056142464,3681803618825104289,262144 --disable-features=WebGalleryRotation --brver=23.9.4.838 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4868
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=07F3949E-4969-4D1D-8144-2B2A06718B29 --brand-id=yandex --partner-id=switch-browser --process-name="Data Decoder Service" --mojo-platform-channel-handle=4312 --field-trial-handle=2524,i,15365412667056142464,3681803618825104289,262144 --disable-features=WebGalleryRotation --brver=23.9.4.838 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1356
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=07F3949E-4969-4D1D-8144-2B2A06718B29 --brand-id=yandex --partner-id=switch-browser --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --allow-prefetch --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4472 --field-trial-handle=2524,i,15365412667056142464,3681803618825104289,262144 --disable-features=WebGalleryRotation /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:876
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=ru --service-sandbox-type=none --user-id=07F3949E-4969-4D1D-8144-2B2A06718B29 --brand-id=yandex --partner-id=switch-browser --process-name="Импорт профилей" --mojo-platform-channel-handle=5056 --field-trial-handle=2524,i,15365412667056142464,3681803618825104289,262144 --disable-features=WebGalleryRotation --brver=23.9.4.838 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  PID:3476
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\23.9.4.838\Installer\setup.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\23.9.4.838\Installer\setup.exe" --set-as-default-browser
  2⤵
  - Executes dropped EXE
  - Modifies registry class
  PID:5416
- - C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\23.9.4.838\Installer\setup.exe
    C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\23.9.4.838\Installer\setup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=f5ea51da667ecd6b5f2b9d06e4a3fc52 --annotation=main_process_pid=5416 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=23.9.4.838 --initial-client-data=0x338,0x33c,0x340,0x314,0x344,0x117cf88,0x117cf98,0x117cfa4
    3⤵
    - Executes dropped EXE
    PID:3500
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=07F3949E-4969-4D1D-8144-2B2A06718B29 --brand-id=yandex --partner-id=switch-browser --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5284 --field-trial-handle=2524,i,15365412667056142464,3681803618825104289,262144 --disable-features=WebGalleryRotation /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5400
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=uwp_cookie_provider.mojom.UwpCookieProvider --lang=ru --service-sandbox-type=utility --user-id=07F3949E-4969-4D1D-8144-2B2A06718B29 --brand-id=yandex --partner-id=switch-browser --process-name=uwp_cookie_provider.mojom.UwpCookieProvider --mojo-platform-channel-handle=5564 --field-trial-handle=2524,i,15365412667056142464,3681803618825104289,262144 --disable-features=WebGalleryRotation --brver=23.9.4.838 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3568
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=07F3949E-4969-4D1D-8144-2B2A06718B29 --brand-id=yandex --partner-id=switch-browser --process-name="Data Decoder Service" --mojo-platform-channel-handle=5600 --field-trial-handle=2524,i,15365412667056142464,3681803618825104289,262144 --disable-features=WebGalleryRotation --brver=23.9.4.838 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3128
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=07F3949E-4969-4D1D-8144-2B2A06718B29 --brand-id=yandex --partner-id=switch-browser --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --ya-custo-process --enable-instaserp --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=6420 --field-trial-handle=2524,i,15365412667056142464,3681803618825104289,262144 --disable-features=WebGalleryRotation /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5660
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=07F3949E-4969-4D1D-8144-2B2A06718B29 --brand-id=yandex --partner-id=switch-browser --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4956 --field-trial-handle=2524,i,15365412667056142464,3681803618825104289,262144 --disable-features=WebGalleryRotation /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4136
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=07F3949E-4969-4D1D-8144-2B2A06718B29 --brand-id=yandex --partner-id=switch-browser --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --ya-custo-process --enable-instaserp --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5092 --field-trial-handle=2524,i,15365412667056142464,3681803618825104289,262144 --disable-features=WebGalleryRotation /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4220
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=ru --service-sandbox-type=none --user-id=07F3949E-4969-4D1D-8144-2B2A06718B29 --brand-id=yandex --partner-id=switch-browser --process-name="Утилиты Windows" --mojo-platform-channel-handle=6360 --field-trial-handle=2524,i,15365412667056142464,3681803618825104289,262144 --disable-features=WebGalleryRotation --brver=23.9.4.838 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:6064
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=07F3949E-4969-4D1D-8144-2B2A06718B29 --brand-id=yandex --partner-id=switch-browser --process-name="Data Decoder Service" --mojo-platform-channel-handle=6732 --field-trial-handle=2524,i,15365412667056142464,3681803618825104289,262144 --disable-features=WebGalleryRotation --brver=23.9.4.838 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5296
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=07F3949E-4969-4D1D-8144-2B2A06718B29 --brand-id=yandex --partner-id=switch-browser --process-name="Data Decoder Service" --mojo-platform-channel-handle=6640 --field-trial-handle=2524,i,15365412667056142464,3681803618825104289,262144 --disable-features=WebGalleryRotation --brver=23.9.4.838 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:212
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=07F3949E-4969-4D1D-8144-2B2A06718B29 --brand-id=yandex --partner-id=switch-browser --process-name="Data Decoder Service" --mojo-platform-channel-handle=4092 --field-trial-handle=2524,i,15365412667056142464,3681803618825104289,262144 --disable-features=WebGalleryRotation --brver=23.9.4.838 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5344
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=07F3949E-4969-4D1D-8144-2B2A06718B29 --brand-id=yandex --partner-id=switch-browser --process-name="Data Decoder Service" --mojo-platform-channel-handle=7136 --field-trial-handle=2524,i,15365412667056142464,3681803618825104289,262144 --disable-features=WebGalleryRotation --brver=23.9.4.838 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4488
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=07F3949E-4969-4D1D-8144-2B2A06718B29 --brand-id=yandex --partner-id=switch-browser --process-name="Data Decoder Service" --mojo-platform-channel-handle=7292 --field-trial-handle=2524,i,15365412667056142464,3681803618825104289,262144 --disable-features=WebGalleryRotation --brver=23.9.4.838 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4132
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=07F3949E-4969-4D1D-8144-2B2A06718B29 --brand-id=yandex --partner-id=switch-browser --process-name="Data Decoder Service" --mojo-platform-channel-handle=7316 --field-trial-handle=2524,i,15365412667056142464,3681803618825104289,262144 --disable-features=WebGalleryRotation --brver=23.9.4.838 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4500
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=07F3949E-4969-4D1D-8144-2B2A06718B29 --brand-id=yandex --partner-id=switch-browser --process-name="Data Decoder Service" --mojo-platform-channel-handle=7556 --field-trial-handle=2524,i,15365412667056142464,3681803618825104289,262144 --disable-features=WebGalleryRotation --brver=23.9.4.838 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3792
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=07F3949E-4969-4D1D-8144-2B2A06718B29 --brand-id=yandex --partner-id=switch-browser --process-name="Data Decoder Service" --mojo-platform-channel-handle=7692 --field-trial-handle=2524,i,15365412667056142464,3681803618825104289,262144 --disable-features=WebGalleryRotation --brver=23.9.4.838 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4576
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=07F3949E-4969-4D1D-8144-2B2A06718B29 --brand-id=yandex --partner-id=switch-browser --process-name="Data Decoder Service" --mojo-platform-channel-handle=7836 --field-trial-handle=2524,i,15365412667056142464,3681803618825104289,262144 --disable-features=WebGalleryRotation --brver=23.9.4.838 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5476
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=07F3949E-4969-4D1D-8144-2B2A06718B29 --brand-id=yandex --partner-id=switch-browser --process-name="Data Decoder Service" --mojo-platform-channel-handle=7976 --field-trial-handle=2524,i,15365412667056142464,3681803618825104289,262144 --disable-features=WebGalleryRotation --brver=23.9.4.838 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3012
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=07F3949E-4969-4D1D-8144-2B2A06718B29 --brand-id=yandex --partner-id=switch-browser --process-name="Data Decoder Service" --mojo-platform-channel-handle=8000 --field-trial-handle=2524,i,15365412667056142464,3681803618825104289,262144 --disable-features=WebGalleryRotation --brver=23.9.4.838 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5460
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=07F3949E-4969-4D1D-8144-2B2A06718B29 --brand-id=yandex --partner-id=switch-browser --process-name="Data Decoder Service" --mojo-platform-channel-handle=8244 --field-trial-handle=2524,i,15365412667056142464,3681803618825104289,262144 --disable-features=WebGalleryRotation --brver=23.9.4.838 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:5540
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=07F3949E-4969-4D1D-8144-2B2A06718B29 --brand-id=yandex --partner-id=switch-browser --process-name="Data Decoder Service" --mojo-platform-channel-handle=7172 --field-trial-handle=2524,i,15365412667056142464,3681803618825104289,262144 --disable-features=WebGalleryRotation --brver=23.9.4.838 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:6044
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=07F3949E-4969-4D1D-8144-2B2A06718B29 --brand-id=yandex --partner-id=switch-browser --process-name="Data Decoder Service" --mojo-platform-channel-handle=8412 --field-trial-handle=2524,i,15365412667056142464,3681803618825104289,262144 --disable-features=WebGalleryRotation --brver=23.9.4.838 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:3232
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=07F3949E-4969-4D1D-8144-2B2A06718B29 --brand-id=yandex --partner-id=switch-browser --process-name="Data Decoder Service" --mojo-platform-channel-handle=8640 --field-trial-handle=2524,i,15365412667056142464,3681803618825104289,262144 --disable-features=WebGalleryRotation --brver=23.9.4.838 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:4528
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=07F3949E-4969-4D1D-8144-2B2A06718B29 --brand-id=yandex --partner-id=switch-browser --process-name="Data Decoder Service" --mojo-platform-channel-handle=8664 --field-trial-handle=2524,i,15365412667056142464,3681803618825104289,262144 --disable-features=WebGalleryRotation --brver=23.9.4.838 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:5456
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=07F3949E-4969-4D1D-8144-2B2A06718B29 --brand-id=yandex --partner-id=switch-browser --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=8940 --field-trial-handle=2524,i,15365412667056142464,3681803618825104289,262144 --disable-features=WebGalleryRotation /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  PID:2192
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=service --user-id=07F3949E-4969-4D1D-8144-2B2A06718B29 --brand-id=yandex --partner-id=switch-browser --process-name="Распаковщик файлов" --mojo-platform-channel-handle=7024 --field-trial-handle=2524,i,15365412667056142464,3681803618825104289,262144 --disable-features=WebGalleryRotation --brver=23.9.4.838 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:3656
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=07F3949E-4969-4D1D-8144-2B2A06718B29 --brand-id=yandex --partner-id=switch-browser --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=4120 --field-trial-handle=2524,i,15365412667056142464,3681803618825104289,262144 --disable-features=WebGalleryRotation /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  PID:1768
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=ru --service-sandbox-type=none --user-id=07F3949E-4969-4D1D-8144-2B2A06718B29 --brand-id=yandex --partner-id=switch-browser --process-name="Утилиты Windows" --mojo-platform-channel-handle=6728 --field-trial-handle=2524,i,15365412667056142464,3681803618825104289,262144 --disable-features=WebGalleryRotation --brver=23.9.4.838 /prefetch:8
  2⤵
  PID:4260
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=ru --service-sandbox-type=none --user-id=07F3949E-4969-4D1D-8144-2B2A06718B29 --brand-id=yandex --partner-id=switch-browser --process-name="Утилиты Windows" --mojo-platform-channel-handle=4928 --field-trial-handle=2524,i,15365412667056142464,3681803618825104289,262144 --disable-features=WebGalleryRotation --brver=23.9.4.838 /prefetch:8
  2⤵
  PID:5284
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=ru --service-sandbox-type=none --user-id=07F3949E-4969-4D1D-8144-2B2A06718B29 --brand-id=yandex --partner-id=switch-browser --process-name="Импорт профилей" --mojo-platform-channel-handle=3612 --field-trial-handle=2524,i,15365412667056142464,3681803618825104289,262144 --disable-features=WebGalleryRotation --brver=23.9.4.838 /prefetch:8
  2⤵
  - Drops file in Program Files directory
  PID:5376
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=ru --service-sandbox-type=none --user-id=07F3949E-4969-4D1D-8144-2B2A06718B29 --brand-id=yandex --partner-id=switch-browser --process-name="Импорт профилей" --mojo-platform-channel-handle=1336 --field-trial-handle=2524,i,15365412667056142464,3681803618825104289,262144 --disable-features=WebGalleryRotation --brver=23.9.4.838 /prefetch:8
  2⤵
  PID:2612
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=ru --service-sandbox-type=none --user-id=07F3949E-4969-4D1D-8144-2B2A06718B29 --brand-id=yandex --partner-id=switch-browser --process-name="Импорт профилей" --mojo-platform-channel-handle=9064 --field-trial-handle=2524,i,15365412667056142464,3681803618825104289,262144 --disable-features=WebGalleryRotation --brver=23.9.4.838 /prefetch:8
  2⤵
  - Drops file in Program Files directory
  PID:3476
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=ru --service-sandbox-type=none --user-id=07F3949E-4969-4D1D-8144-2B2A06718B29 --brand-id=yandex --partner-id=switch-browser --process-name="Импорт профилей" --mojo-platform-channel-handle=5584 --field-trial-handle=2524,i,15365412667056142464,3681803618825104289,262144 --disable-features=WebGalleryRotation --brver=23.9.4.838 /prefetch:8
  2⤵
  - Drops file in Program Files directory
  PID:2504
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=07F3949E-4969-4D1D-8144-2B2A06718B29 --brand-id=yandex --partner-id=switch-browser --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=9064 --field-trial-handle=2524,i,15365412667056142464,3681803618825104289,262144 --disable-features=WebGalleryRotation /prefetch:1
  2⤵
  - Checks computer location settings
  PID:5952
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=service --user-id=07F3949E-4969-4D1D-8144-2B2A06718B29 --brand-id=yandex --partner-id=switch-browser --process-name="Распаковщик файлов" --mojo-platform-channel-handle=9036 --field-trial-handle=2524,i,15365412667056142464,3681803618825104289,262144 --disable-features=WebGalleryRotation --brver=23.9.4.838 /prefetch:8
  2⤵
  PID:5956

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --broupdater --broupdater-origin=auto --bits_job_guid={339FE9D0-937D-4607-B57E-FAE5605CD87A}
1⤵
- Executes dropped EXE
- Enumerates system info in registry
PID:4168
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" --url=https://crash-reports.browser.yandex.net/submit --annotation=install_date=1699976847 --annotation=last_update_date=1699976847 --annotation=launches_after_update=1 --annotation=machine_id=f5ea51da667ecd6b5f2b9d06e4a3fc52 --annotation=main_process_pid=4168 --annotation=metrics_client_id=3371ed0ec57845e087d366b5e832e282 --annotation=micromode=broupdater --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=23.9.4.838 --initial-client-data=0x16c,0x170,0x174,0x148,0x178,0x72569c60,0x72569c70,0x72569c7c
  2⤵
  - Executes dropped EXE
  PID:4452
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=07F3949E-4969-4D1D-8144-2B2A06718B29 --brand-id=yandex --partner-id=switch-browser --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2396 --field-trial-handle=2400,i,1883074597018876168,14850498663746543744,262144 --disable-features=WebGalleryRotation /prefetch:2
  2⤵
  - Executes dropped EXE
  PID:6016
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=07F3949E-4969-4D1D-8144-2B2A06718B29 --brand-id=yandex --partner-id=switch-browser --process-name="Network Service" --mojo-platform-channel-handle=2484 --field-trial-handle=2400,i,1883074597018876168,14850498663746543744,262144 --disable-features=WebGalleryRotation --brver=23.9.4.838 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:1820

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --broupdater-stat-bits --broupdater-stat-name=install --bits_job_guid={969926EE-8D46-45FE-9DA2-6A57C67FE27C}
1⤵
- Executes dropped EXE
- Enumerates system info in registry
PID:5972
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" --url=https://crash-reports.browser.yandex.net/submit --annotation=install_date=1699976847 --annotation=last_update_date=1699976847 --annotation=launches_after_update=2 --annotation=machine_id=f5ea51da667ecd6b5f2b9d06e4a3fc52 --annotation=main_process_pid=5972 --annotation=metrics_client_id=3371ed0ec57845e087d366b5e832e282 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=23.9.4.838 --initial-client-data=0x16c,0x170,0x174,0x148,0x178,0x72569c60,0x72569c70,0x72569c7c
  2⤵
  - Executes dropped EXE
  PID:6028
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=07F3949E-4969-4D1D-8144-2B2A06718B29 --brand-id=yandex --partner-id=switch-browser --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2344 --field-trial-handle=2356,i,8982055696717186740,15074887049584858061,262144 --disable-features=WebGalleryRotation /prefetch:2
  2⤵
  - Executes dropped EXE
  PID:5944
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=07F3949E-4969-4D1D-8144-2B2A06718B29 --brand-id=yandex --partner-id=switch-browser --process-name="Network Service" --mojo-platform-channel-handle=2416 --field-trial-handle=2356,i,8982055696717186740,15074887049584858061,262144 --disable-features=WebGalleryRotation --brver=23.9.4.838 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:4724

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --broupdater-stat-bits --broupdater-stat-name=dayuse --bits_job_guid={43D0C526-B27B-4045-932A-6FBB4F2D9BF7}
1⤵
- Enumerates system info in registry
PID:5452
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" --url=https://crash-reports.browser.yandex.net/submit --annotation=install_date=1699976847 --annotation=last_update_date=1699976847 --annotation=launches_after_update=3 --annotation=machine_id=f5ea51da667ecd6b5f2b9d06e4a3fc52 --annotation=main_process_pid=5452 --annotation=metrics_client_id=3371ed0ec57845e087d366b5e832e282 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=23.9.4.838 --initial-client-data=0x16c,0x170,0x174,0x148,0x178,0x72569c60,0x72569c70,0x72569c7c
  2⤵
  PID:4056
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=07F3949E-4969-4D1D-8144-2B2A06718B29 --brand-id=yandex --partner-id=switch-browser --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2360 --field-trial-handle=2372,i,13453271275712496066,690291401030752155,262144 --disable-features=WebGalleryRotation /prefetch:2
  2⤵
  PID:5248
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=07F3949E-4969-4D1D-8144-2B2A06718B29 --brand-id=yandex --partner-id=switch-browser --process-name="Network Service" --mojo-platform-channel-handle=2560 --field-trial-handle=2372,i,13453271275712496066,690291401030752155,262144 --disable-features=WebGalleryRotation --brver=23.9.4.838 /prefetch:8
  2⤵
  PID:5236

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:3064

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
PID:5456

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Yandex\YandexBrowser\23.9.4.838\service_update.exe

Filesize
2.6MB

MD5
59aad4eb7e5762093e6ebf9195148dbb

SHA1
77a3e4ce5c273f773df68198584df5652a7ee9a2

SHA256
eb99f103de7d43a08fcba2264a3882706a7d8a6e6dd45df1442170f222595b79

SHA512
dd6c4317ee91cfb684f434520102f735796f369bb0097b83ac7049b1dd77a14e754f729df991d2aab1b1b538abd6efd965d8d5bd7a0c35131f867d09dcb4f1e0

Download Submit
C:\Program Files (x86)\Yandex\YandexBrowser\23.9.4.838\service_update.exe

Filesize
2.6MB

MD5
59aad4eb7e5762093e6ebf9195148dbb

SHA1
77a3e4ce5c273f773df68198584df5652a7ee9a2

SHA256
eb99f103de7d43a08fcba2264a3882706a7d8a6e6dd45df1442170f222595b79

SHA512
dd6c4317ee91cfb684f434520102f735796f369bb0097b83ac7049b1dd77a14e754f729df991d2aab1b1b538abd6efd965d8d5bd7a0c35131f867d09dcb4f1e0

Download Submit
C:\Program Files (x86)\Yandex\YandexBrowser\23.9.4.838\service_update.exe

Filesize
2.6MB

MD5
59aad4eb7e5762093e6ebf9195148dbb

SHA1
77a3e4ce5c273f773df68198584df5652a7ee9a2

SHA256
eb99f103de7d43a08fcba2264a3882706a7d8a6e6dd45df1442170f222595b79

SHA512
dd6c4317ee91cfb684f434520102f735796f369bb0097b83ac7049b1dd77a14e754f729df991d2aab1b1b538abd6efd965d8d5bd7a0c35131f867d09dcb4f1e0

Download Submit
C:\Program Files (x86)\Yandex\YandexBrowser\23.9.4.838\service_update.exe

Filesize
2.6MB

MD5
59aad4eb7e5762093e6ebf9195148dbb

SHA1
77a3e4ce5c273f773df68198584df5652a7ee9a2

SHA256
eb99f103de7d43a08fcba2264a3882706a7d8a6e6dd45df1442170f222595b79

SHA512
dd6c4317ee91cfb684f434520102f735796f369bb0097b83ac7049b1dd77a14e754f729df991d2aab1b1b538abd6efd965d8d5bd7a0c35131f867d09dcb4f1e0

Download Submit
C:\Program Files (x86)\Yandex\YandexBrowser\23.9.4.838\service_update.exe

Filesize
2.6MB

MD5
59aad4eb7e5762093e6ebf9195148dbb

SHA1
77a3e4ce5c273f773df68198584df5652a7ee9a2

SHA256
eb99f103de7d43a08fcba2264a3882706a7d8a6e6dd45df1442170f222595b79

SHA512
dd6c4317ee91cfb684f434520102f735796f369bb0097b83ac7049b1dd77a14e754f729df991d2aab1b1b538abd6efd965d8d5bd7a0c35131f867d09dcb4f1e0

Download Submit
C:\Program Files (x86)\Yandex\YandexBrowser\23.9.4.838\service_update.exe

Filesize
2.6MB

MD5
59aad4eb7e5762093e6ebf9195148dbb

SHA1
77a3e4ce5c273f773df68198584df5652a7ee9a2

SHA256
eb99f103de7d43a08fcba2264a3882706a7d8a6e6dd45df1442170f222595b79

SHA512
dd6c4317ee91cfb684f434520102f735796f369bb0097b83ac7049b1dd77a14e754f729df991d2aab1b1b538abd6efd965d8d5bd7a0c35131f867d09dcb4f1e0

Download Submit
C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping4980_340587800\manifest.json

Filesize
72B

MD5
b3303a499918677fb263ea1cbf20822c

SHA1
9f57857cf20ca98cc46cf9996330571b1f261843

SHA256
870b72f9ac59c0f599bbb3c11777ced957d65a8531321e39313e2bf8b0828221

SHA512
e69c660aababc4ec5d2f6a4e1729fee982d9eeb76558c1e6f397cd472350c364519c8222a6222cb65bf136e1097bd2c5c23850251c92d85f8776528b3e1cd67a

Download Submit
C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping4980_777732957\manifest.json

Filesize
984B

MD5
0359d5b66d73a97ce5dc9f89ed84c458

SHA1
ce17e52eaac909dd63d16d93410de675d3e6ec0d

SHA256
beeab2f8d3833839399dde15ce9085c17b304445577d21333e883d6db6d0b755

SHA512
8fd94a098a4ab5c0fcd48c2cef2bb03328dd4d25c899bf5ed1ca561347d74a8aab8a214ba2d3180a86df72c52eb26987a44631d0ecd9edc84976c28d6c9dc16a

Download Submit
C:\Program Files (x86)\scoped_dir3556_1997182706\explorer.exe

Filesize
3.9MB

MD5
594e680de2d113ede3b5637b37d14da9

SHA1
2b37b75ba2cbd0cf36b340f72908ff2d3f090578

SHA256
8b291f47c4e05cee5cae06d9beca70e1ca991bc0729f55664fc6457e2a604438

SHA512
fe105aad6d2154606f0e6841478710a025f97d15d095f5ca4109588a919a2693502c0a238fe0a518ae80936136918052ad77ab356490d0d588ee0f2243f1b976

Download Submit
C:\Program Files (x86)\scoped_dir3556_1997182706\explorer.exe

Filesize
3.9MB

MD5
594e680de2d113ede3b5637b37d14da9

SHA1
2b37b75ba2cbd0cf36b340f72908ff2d3f090578

SHA256
8b291f47c4e05cee5cae06d9beca70e1ca991bc0729f55664fc6457e2a604438

SHA512
fe105aad6d2154606f0e6841478710a025f97d15d095f5ca4109588a919a2693502c0a238fe0a518ae80936136918052ad77ab356490d0d588ee0f2243f1b976

Download Submit
C:\Program Files (x86)\scoped_dir3556_1997182706\explorer.exe

Filesize
3.9MB

MD5
594e680de2d113ede3b5637b37d14da9

SHA1
2b37b75ba2cbd0cf36b340f72908ff2d3f090578

SHA256
8b291f47c4e05cee5cae06d9beca70e1ca991bc0729f55664fc6457e2a604438

SHA512
fe105aad6d2154606f0e6841478710a025f97d15d095f5ca4109588a919a2693502c0a238fe0a518ae80936136918052ad77ab356490d0d588ee0f2243f1b976

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
1KB

MD5
701a76ee1bba181c321e86301680e0d4

SHA1
7d727cbadcb057c4937992d8743b2d67eb0237b9

SHA256
8c34ca214e1f08c32b92c4d2a8fa73eb6621908c3f3985d0b4869cac1778bb42

SHA512
344511e6d6f134b6b0b0e77f187255183c85dfae4e474e3a98fc2a482f0b49300905b9c54d658d12ddb902ccb70e2e0c5ad51fc63442f8435d9bfc81a5eccb6f

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
2KB

MD5
696ac0e4f805b71572a2db01d3218734

SHA1
8eca799b97fb78f395a13491bd57e65a6d03d21c

SHA256
1cf585b71baf6704dc0ae5529b1d5fce24d9fa50204fc12bb3d5e65cb0af1a33

SHA512
33a45b6a0562200efc3d766936d775d455713d2a3e2f986aff8b7d1e4c35361a6215b52aa8d423c4809f6fdef1dc91ae402d5711906f49666c001feaa5da3357

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
2KB

MD5
696ac0e4f805b71572a2db01d3218734

SHA1
8eca799b97fb78f395a13491bd57e65a6d03d21c

SHA256
1cf585b71baf6704dc0ae5529b1d5fce24d9fa50204fc12bb3d5e65cb0af1a33

SHA512
33a45b6a0562200efc3d766936d775d455713d2a3e2f986aff8b7d1e4c35361a6215b52aa8d423c4809f6fdef1dc91ae402d5711906f49666c001feaa5da3357

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
2KB

MD5
696ac0e4f805b71572a2db01d3218734

SHA1
8eca799b97fb78f395a13491bd57e65a6d03d21c

SHA256
1cf585b71baf6704dc0ae5529b1d5fce24d9fa50204fc12bb3d5e65cb0af1a33

SHA512
33a45b6a0562200efc3d766936d775d455713d2a3e2f986aff8b7d1e4c35361a6215b52aa8d423c4809f6fdef1dc91ae402d5711906f49666c001feaa5da3357

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
2KB

MD5
696ac0e4f805b71572a2db01d3218734

SHA1
8eca799b97fb78f395a13491bd57e65a6d03d21c

SHA256
1cf585b71baf6704dc0ae5529b1d5fce24d9fa50204fc12bb3d5e65cb0af1a33

SHA512
33a45b6a0562200efc3d766936d775d455713d2a3e2f986aff8b7d1e4c35361a6215b52aa8d423c4809f6fdef1dc91ae402d5711906f49666c001feaa5da3357

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
2KB

MD5
696ac0e4f805b71572a2db01d3218734

SHA1
8eca799b97fb78f395a13491bd57e65a6d03d21c

SHA256
1cf585b71baf6704dc0ae5529b1d5fce24d9fa50204fc12bb3d5e65cb0af1a33

SHA512
33a45b6a0562200efc3d766936d775d455713d2a3e2f986aff8b7d1e4c35361a6215b52aa8d423c4809f6fdef1dc91ae402d5711906f49666c001feaa5da3357

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
3KB

MD5
735dda80793c0d9e36c390a1ab185ea3

SHA1
9e0f597cfc7b105cd7612b48d66f21bc33f58183

SHA256
038176134286177ee865ebbe82c8209393187cb999f9329ffa6e802f740295d6

SHA512
c0441fd7e23d602cfcd4d673191245b4f0fb163b270a04b397bc0671d2bf7150057f94227296d6e5e61bc06cc764bedbb0b5319701fb7932b69198fc6f5b9401

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
4KB

MD5
c5d35eaff514c26d88a6a3c32b2ff340

SHA1
d8f05f59a65255b90eecf6c4af516370c8dad2fd

SHA256
ef9a27f25611ce64597c019ea3395bb66fa0b7cd0b80a403d460039835fd2969

SHA512
1e4ec5b934830d1d7a2457053b9d2fd881655d64bdc8c3c653f2ab4162425ab5eaf4ed9dd18334186f32b84b964cebb33aeb6e778de210e067297392a90779b3

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
5KB

MD5
9788792cad5fb77fa7d15033ddae73b5

SHA1
cd49bda6c91a8b7c42ecdbf7f382c3abc025147f

SHA256
6def9acf68d900b3f5a8417ba34ba841a757e2193b725fd777a8fecc9370a684

SHA512
9ee4a0ddaf809c2535a156919708cc8bd4242215ba0d9a4d44148d3613599d9039f8e8051a5dea00f732c12aa562d5f2722809f991cf21205db5de3542df9b01

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
5KB

MD5
66a01f081096adb0c5058a666ca4fcd0

SHA1
3236cbbf5848f527efe84924b2b957944a1cce1e

SHA256
3e0695cf4d09703ee310e79dd2d671189f7de60b0ded8073670f5d074360d480

SHA512
8f71043b1804c5edcdea70509733169f27847ab66263fb9604a840d4a656328a06a89ed2237b8d501ba868c2a6845b5a9650eb2fe6d4ec8f3a9863bdf163bba0

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
5KB

MD5
06685abdc0016a4d00dac7bda8757907

SHA1
eb1090c6192811bef9237d65044337e6e1f05a65

SHA256
15a4070354fac186d978b7900cb513de3dd3ec56cdf3b5684c6cb0f020454e21

SHA512
219ec6383c3277d909cf0cb71cd21e3109fa83255a8f4a6ec097363b48530ddd876dfcef0955937bb7328bd0154716a2fd885cf63f48fde52b146590136738b1

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
5KB

MD5
06685abdc0016a4d00dac7bda8757907

SHA1
eb1090c6192811bef9237d65044337e6e1f05a65

SHA256
15a4070354fac186d978b7900cb513de3dd3ec56cdf3b5684c6cb0f020454e21

SHA512
219ec6383c3277d909cf0cb71cd21e3109fa83255a8f4a6ec097363b48530ddd876dfcef0955937bb7328bd0154716a2fd885cf63f48fde52b146590136738b1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B

Filesize
1KB

MD5
7a39a8f33cc73daf2f889807220c69cc

SHA1
e6eebe4b190da6d008ef0b1c4ba02783f509e4bb

SHA256
03d31153812b354a988d78b0689b4907484b5e804aff1f6fd77bffcec9c267db

SHA512
051d41e27513aae701c10a7330a8ba9c4d8d0e2f3eadf438a3dd24502922495548844b44efbd7369e8548e650f737a3af29837cfce81fcd4f3b655c575832724

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\349D186F1CB5682FA0194D4F3754EF36_AC1EA69C1A4D607F0EBBD26E5ED61054

Filesize
1KB

MD5
01e084d7e99826f844a7c2c7475bc994

SHA1
38d69326a09e8858afee12c0788e720ad228c498

SHA256
3fb5c86feb35c231486ebc92d982e12061b9a367f843ac653dfccc66d6f20f8b

SHA512
9ac368d8bdbcd036294fa5bab40fb520f78e649f70d2dac64fedd58459da296eaa8cfaaba732b88681fd009d15a7418b8e7f2f974ad96cc19f84b87649a586fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\357F04AD41BCF5FE18FCB69F60C6680F_EBD7B8AF3A6D56C51CDE1B85E8C855A8

Filesize
1KB

MD5
317c4412b62138c11f0b5444bbace85a

SHA1
0be196777554a863c308a149ba4c2d30265d2812

SHA256
aa1367bb1b69be55573d7050791166b5706a178acd18400f2c2272c8352a5560

SHA512
2eb3abe217a94470a9a9bdf2a6e7a5a225eff7c0be5bbe39fa15ee504c6f29fcfc288dc98d5b9c9bd835bf9b25690601c307c8445a1d91a6cd3476b806263cf1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3E3E9689537B6B136ECF210088069D55_EF6C9357BB54DDB629FD2D79F1594F95

Filesize
727B

MD5
68bdb1b2be2942f16cb31f749a190520

SHA1
aef20acecd1d042398b1700d650772239f8724a4

SHA256
edbf3c351f4e2dd7300d7b30f0bdd627ddba92530692f4d41a5f636458a97b6c

SHA512
865f712cb4d547619ec073d05a6e80dafe6b55d3f3f51c15db5b9b9ce6b14836fcfc53df132fa2c621b89bcabb99cc5c42d4e1c537c94f4df5023b6d9587bd88

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

Filesize
471B

MD5
870b8cae3e32ca02f6c23695c4345612

SHA1
cdc2c4271fe7bedfe1f4c39aeec62019603ac77b

SHA256
fc7e535fc023c872a8323d97bffbb22c4dc6b14ac150a3d947e6af29534b388b

SHA512
f1029e31d50ff00d318f2795dfc2d92fe5e03d888cafdb0ded8ea413094b61c0ddee5d8a7bcdff3c81a9f9e24cd476b308bbacd4cea1a9c1170e2004faa8a726

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E

Filesize
1KB

MD5
51e1f4523687844c44e466770a0c119d

SHA1
5f7c6d83c93870817a0a22c629ebe7ab3b309fe8

SHA256
5770c9ba1923db9c6336c68d4328861df85d044c592ed1c54d78983828e1116f

SHA512
48a42107e2568f734ebdf6d7bdbd4ef30eac523f593eab6c7aab8bef5dd01cb7d52058d7202b99cea73f88c624a3c68a9b13e33b8d1ddaa91436613ef061589f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3

Filesize
1KB

MD5
54d3608f4bf30c2665a3fe9d2a936dd1

SHA1
d89c69e65ff05266df9d98b441114769731154fb

SHA256
704fe26f45a3369e7a3bea5cf227905c1c27d1b45fb4028ec987ee224f4d3511

SHA512
151e02cc7eeb80e0d2e0ae533c4a8d27407699004a30620b239a8135b6d41d93b8fd201a64fd7538ad75e437014f08083f904bf1852ba67850f68d7f9a172dea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_56DB209C155B5A05FCBF555DF7E6D1BB

Filesize
727B

MD5
cd656f3e92a11e45092d720c34c9b101

SHA1
e12b7c60b6d920057887a6b6b8db9292f52cc1b4

SHA256
69b9bb52860918c21faa7d8d5b8b8df1c2cd7bf900eb8f1670417d3bb83933a6

SHA512
fb07a910ac663aff2d80e4e3b1ce2906245986480eabfa7832678cbfc87fd4d6fd9eca7d4165d545dbf567b7a91593240031832c91947aca8da06121e3dd9fb1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B

Filesize
508B

MD5
33c6414cc59f0e4fb0e9bc5043f95285

SHA1
2b9ef034f98f152a53e6fbf9f8aa6a81e2b1f8a8

SHA256
3b9c82ed10a8cfdbdda3d37da61fb31a1ecb1fcbd0db65a5526547dcdd9ee832

SHA512
46710bb958c5b9407d4696ec3c511255e014f2c931abb24075569cf744f163c4647d7e9de30304a82ef5b0dd15d7795298cf4ee0ae7df3bf806f62aa49109903

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\349D186F1CB5682FA0194D4F3754EF36_AC1EA69C1A4D607F0EBBD26E5ED61054

Filesize
532B

MD5
c27547030d04af9bea226ad36b4f0f09

SHA1
24e74e116eabebf7e1ef3e82b9fbe4a15b31296a

SHA256
bd7506284c70b50a2410de3e0665e39394527c1cae0709af7f8a5e0f7ef5423e

SHA512
0e1a19ee8c9285063591f1e5b8acb601a0f12294c97872f67e5f1c611f93a6c466417e4151276f453f4e9376c7918612777b5569a173a3d63e210459e999cbd3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\357F04AD41BCF5FE18FCB69F60C6680F_EBD7B8AF3A6D56C51CDE1B85E8C855A8

Filesize
540B

MD5
8d8add40e3491579675b20ef50483980

SHA1
8d2572f99c5840e5693025030af978aa26d87806

SHA256
fe119a65b9613ec0d63c6baf84998f37a9696bd463b5e2f820cd6c3ae75d8665

SHA512
defdfdcf435008953d81ae7edcbcc17cb701db840165c62a71f69e53f2d2db987882f80502de96fc84a95fe8a127c624e3ddedef33f241d16e4d0288a089b3f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3E3E9689537B6B136ECF210088069D55_EF6C9357BB54DDB629FD2D79F1594F95

Filesize
416B

MD5
8e3e4584ca9efb1682622d6e9ee083c5

SHA1
0eedeb0a5814981eedc9b9d182331ddf5b43e17c

SHA256
1b4490afc63ef1b2b4327c87ca13cc9525a934ba59250f310222eba2eee48eb3

SHA512
d539c60ebb65ee439ecbd5d3c637c8d0f39f630e890795c6a8f1eb2514fe10bff993d78f3561c88e390cb494691193320cb7db743d9c50c8b06ec87c9b1f1433

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

Filesize
400B

MD5
0fec14b408bbf604e775a5519f0c4c24

SHA1
ce2784858c8d0791223e52336c65e12c097a8435

SHA256
5f861d70bc0ce106c35a5b4a5b5be3feafa55217c94904bd16b2a6e9d8a9fad6

SHA512
988b7ec23237398f60887eb12731560534c3d30aea0430ff6247f9e9867f7cb8fd0e7e9fabd9f81d9fac3a75919c05e513ed8850696bc5cd552b9dcf653f8469

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E

Filesize
536B

MD5
ba9b6297223222734f1b58c50a63a157

SHA1
6e3104aebc222e0fb0b876cc7a5e8488d6383f39

SHA256
1b167f40b232d5a948f3c323bfc93db206707d034a07ffe0155b4cb35160931e

SHA512
23912801c33c6305336075ef0838cdd9fa3cbbc96967c3a3696899fccf674516bc698035b2a6dc65d8146ba3725c5d5bf32b1622c132f2caecddef14ac9e1915

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3

Filesize
506B

MD5
83e79c81affab036014facbb816246be

SHA1
239b970bec76c85eb7885341036c9602bab1508e

SHA256
486e84feebe6370db906e3ea41d83eaf323ea3c76415db5390e12aa7aebcab2f

SHA512
9266f336359033c0a906d52064275c6f0a6eeb9d93048c4b0790af0a4d4a364e558d8ff47b85bc126c8580f66c35ee15e137f87b28774f15a16b17ff3051af30

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_56DB209C155B5A05FCBF555DF7E6D1BB

Filesize
412B

MD5
6fd459d2357a910321cf115638e69786

SHA1
836f650e9322d07a3a754b3a3426351aff97355e

SHA256
3d5dae3e29fc3194e49f3c8c3db2c60199934c4eb6cc4c9d43376889bd63e206

SHA512
a25a7044a814a9619c48819b1b4a1f3433c14445b7e1f3ed1e26b179af5106b02fbdddf4fdf4a85ed23fe410afdcff0daa204f6535b62844f9ebd44166f1a3ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\PartnerFile

Filesize
831KB

MD5
f6a695c034ab5d0b36f05dbe767cc281

SHA1
eefb7d95a2dee25787d78fbad44fcc43ca398881

SHA256
90fa44451a1c3b83bc0bd964b8680b19fa827067dd8f82ccb68aa19325d8bf75

SHA512
8f0d8dcc558c0e1d586f70698bd5afd3a69c94c162f244230e199f9af1676aefa03cf2343e628dd3e5dca9f173d43eddd07f854503c082a05616aa32580f3b58

Download Submit
C:\Users\Admin\AppData\Local\Temp\YB_56345.tmp\BRAND_COMMON

Filesize
22.9MB

MD5
7eae98ec0432aea21085891e20fb23d8

SHA1
c8d01d5391fa0960e78683abec91a6411b013e76

SHA256
241da9e50f9bf181a7c8bdaad310e31244770b052c7ab8e8f1bdfaad3dc73f8e

SHA512
a005e5deaca99e5656b587e690c5cdcf16f4a1bfb21b206ecb764de1e3467f5ed473177dbf5f5247b7d63005d342bc7377f14436fcf03be86a1a5c95ea505052

Download Submit
C:\Users\Admin\AppData\Local\Temp\YB_56345.tmp\BROWSER.PACKED.7Z

Filesize
105.5MB

MD5
effb26138bf04cc9fea5461554283759

SHA1
62606a7b1aeaa7ca9c463719a2bf31f0dbe4da66

SHA256
630a9c6c0c9ab6849e2ed189a9a4d2f2f9814a2eb194782f064a3d03a99a58f7

SHA512
2de915ae64b8b554a4024e3f228885f2113fb819ee98561bc18ae268d2f41c1fe80e5224d43f01724d736ff4a6289d7547070d741d1b6fca00fc7a571267fe26

Download Submit
C:\Users\Admin\AppData\Local\Temp\YB_56345.tmp\brand_yandex

Filesize
1.6MB

MD5
79f131dad6ccbc8d4df4a7156c5d68f1

SHA1
ba21b5d5092f8af4849b007f2f1e7ca2b7a45502

SHA256
501745c9b303315f47f5ad056429a0a422eab8b205a0c7c700e2046eabb305c2

SHA512
2c2b2ceb263b180c91826d99facd1cf195cd567575222594eb94f6c7cb00892e82d33ab813f49416213ad0d33641af22bd58164adad12bcd19a8566fbedde018

Download Submit
C:\Users\Admin\AppData\Local\Temp\YB_56345.tmp\setup.exe

Filesize
3.9MB

MD5
594e680de2d113ede3b5637b37d14da9

SHA1
2b37b75ba2cbd0cf36b340f72908ff2d3f090578

SHA256
8b291f47c4e05cee5cae06d9beca70e1ca991bc0729f55664fc6457e2a604438

SHA512
fe105aad6d2154606f0e6841478710a025f97d15d095f5ca4109588a919a2693502c0a238fe0a518ae80936136918052ad77ab356490d0d588ee0f2243f1b976

Download Submit
C:\Users\Admin\AppData\Local\Temp\YB_56345.tmp\setup.exe

Filesize
3.9MB

MD5
594e680de2d113ede3b5637b37d14da9

SHA1
2b37b75ba2cbd0cf36b340f72908ff2d3f090578

SHA256
8b291f47c4e05cee5cae06d9beca70e1ca991bc0729f55664fc6457e2a604438

SHA512
fe105aad6d2154606f0e6841478710a025f97d15d095f5ca4109588a919a2693502c0a238fe0a518ae80936136918052ad77ab356490d0d588ee0f2243f1b976

Download Submit
C:\Users\Admin\AppData\Local\Temp\YB_56345.tmp\setup.exe

Filesize
3.9MB

MD5
594e680de2d113ede3b5637b37d14da9

SHA1
2b37b75ba2cbd0cf36b340f72908ff2d3f090578

SHA256
8b291f47c4e05cee5cae06d9beca70e1ca991bc0729f55664fc6457e2a604438

SHA512
fe105aad6d2154606f0e6841478710a025f97d15d095f5ca4109588a919a2693502c0a238fe0a518ae80936136918052ad77ab356490d0d588ee0f2243f1b976

Download Submit
C:\Users\Admin\AppData\Local\Temp\YB_56345.tmp\setup.exe

Filesize
3.9MB

MD5
594e680de2d113ede3b5637b37d14da9

SHA1
2b37b75ba2cbd0cf36b340f72908ff2d3f090578

SHA256
8b291f47c4e05cee5cae06d9beca70e1ca991bc0729f55664fc6457e2a604438

SHA512
fe105aad6d2154606f0e6841478710a025f97d15d095f5ca4109588a919a2693502c0a238fe0a518ae80936136918052ad77ab356490d0d588ee0f2243f1b976

Download Submit
C:\Users\Admin\AppData\Local\Temp\clids.xml

Filesize
606B

MD5
6114476799216a04b18987cb8d4b777e

SHA1
9d1d65b8cee5d8ce2cbc9aee321259ff3f1b90c7

SHA256
e2c329938240d4870d167ebad9582ba480cdb03499974718fb06f23d834f4f9d

SHA512
3961154c80c2c805ea66fb072d43b1dd9ccf7878bf8047adf1df16d6d3e3eeec2d277f1091a18ecc5a402d86a6afbb438d02b56650fa1a907c48e200e3f053b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\distrib_info

Filesize
550B

MD5
1ee5dbc85a36089e418e79c6ae9976fc

SHA1
748060e341c301a72e08f3f99d0fe94675487319

SHA256
44891bb6e63775c7554a90ce193ec0399a6a1258a48c4dffb5d40dc5bf4d4bcc

SHA512
3973e85f3ee2133d790b6d802b1060e882d395cf891e1f49b484717535402abc62e373ebca152f88baedda3fb0d2dfb886cea1988324bf216b9725a37dd51938

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
1KB

MD5
7b40d836ccd4b642be5cf3536fe045bf

SHA1
63ad488655743e1e83941405703c1643770ef4a3

SHA256
6cf21fbab6e149b4007df03e686aebafa53a9af214dec7992d0b04101f0ac2ba

SHA512
faa932af05f4acd1c2ed3bf2bf262750a937dfef6bc21df26c944b4579130eb65a515080975fbc3575cc91d3b0422f6432784db9c3c24ee5ddc7646189ddf67f

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
12KB

MD5
510f36506aabb968e2ee9c8dbe89f923

SHA1
2074debe0560c1b76ccf0601b1b0334235a5765e

SHA256
c4ead86a454476d4ca3746325d437e9ea2b24255ad3d0765d060a691b2ca6d3f

SHA512
5ad62cea78bc7d0566d577ee45f49501b6b273577721028d1d7b5a6aab71e9f579c8c2bb0bfdf7e12a09d67ca765d930b4ad1dd10af29d3c68bbb53aaa8b1c1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
12KB

MD5
ed099050de7b2255ecd6cd245630e129

SHA1
6fca5f2c445dc2434cb939a656d5dc18cfc824b3

SHA256
eac864fca32ce44b9befac4820e7dfcf2adf2a11e47393f4bac4f64e9529401f

SHA512
9e331ee0cb5672fed41062912b3a24aa8a4371e80757f891fdcca87cf4ae228cabc39ec55ba3b67166a4de949a806f824e5fa5829b8cf342055d427af4e68174

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
7KB

MD5
78b0205e52ca6059edadc81af8e38aab

SHA1
edbbe12c081afdc4c5f26e66f750b8c208713e1c

SHA256
346e526003fa93750c9c7f92328121671ed55c3a3ee0ea5cb95450181765bb41

SHA512
d86d77a47be6977ac9031231063a4c586c0edabb2c14b407ac49bb8eaeafdf91441e785447084df648b0f6eaff182430d6d1134ff897524eec28a2d13de48c5d

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
24KB

MD5
97aa9ab31b99268b6f42817d5941ffad

SHA1
1b45291f99184a907a26272e9600a025de8597b8

SHA256
34d705f1e0809a64a994553a42a567a5c1241339ffe3ebfb88ca8b887a7443bf

SHA512
5c10ce9377184512e62f5736c075b4148bdad712f854a84b6148aa712ae0995f5a22947ca98c1f0ccd8d3a39a7f3c906752f3f7b5e2bdbbcce9e5aaf96163e3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
24KB

MD5
0446280f10a6a6e200229e5625d335bd

SHA1
ce50ba0b864333ad99a66a43297d69bff62fc3bd

SHA256
bd2d88e970c086d7e7c36f48e465008a23b8206d1db2e18b2c19eb7e0d757e6f

SHA512
57f0ab4aae0f89d5f199660219554deceb5924e49cc4589a92422122f49b8aa9d7ef6e84b60ebdeead40ef2b8ecc2f31c51414ca4fa06d71a27626d4518be05f

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
7KB

MD5
78b0205e52ca6059edadc81af8e38aab

SHA1
edbbe12c081afdc4c5f26e66f750b8c208713e1c

SHA256
346e526003fa93750c9c7f92328121671ed55c3a3ee0ea5cb95450181765bb41

SHA512
d86d77a47be6977ac9031231063a4c586c0edabb2c14b407ac49bb8eaeafdf91441e785447084df648b0f6eaff182430d6d1134ff897524eec28a2d13de48c5d

Download Submit
C:\Users\Admin\AppData\Local\Temp\master_preferences

Filesize
143KB

MD5
401da367c16d35121dd096096412fbae

SHA1
700cce25caf599612e7fd9d6f39cd81ee2b9b2ba

SHA256
252671d9aed011923d9ef2f22415a578522952462f12219125b9f01c4c178211

SHA512
a8ded85286d72281a69bb9f6ca43522ea02645cb387dd44944f13736bffcdde8fb7ecbd8b869573b507194f155f276af502e0f9c82b74ea0683e4a66aec6b2a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\master_preferences

Filesize
143KB

MD5
401da367c16d35121dd096096412fbae

SHA1
700cce25caf599612e7fd9d6f39cd81ee2b9b2ba

SHA256
252671d9aed011923d9ef2f22415a578522952462f12219125b9f01c4c178211

SHA512
a8ded85286d72281a69bb9f6ca43522ea02645cb387dd44944f13736bffcdde8fb7ecbd8b869573b507194f155f276af502e0f9c82b74ea0683e4a66aec6b2a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\master_preferences

Filesize
143KB

MD5
401da367c16d35121dd096096412fbae

SHA1
700cce25caf599612e7fd9d6f39cd81ee2b9b2ba

SHA256
252671d9aed011923d9ef2f22415a578522952462f12219125b9f01c4c178211

SHA512
a8ded85286d72281a69bb9f6ca43522ea02645cb387dd44944f13736bffcdde8fb7ecbd8b869573b507194f155f276af502e0f9c82b74ea0683e4a66aec6b2a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\pin\explorer.exe

Filesize
619KB

MD5
f28a259537ea0031ed050ce885e9f585

SHA1
b9c9ad6a88cfa019c9912546e24d9f362d1c4e1b

SHA256
e30d3b9d7a6588b183fa367a76d025e4677ee32ef84cda073c8b18b3df3e4afc

SHA512
9f4eec63a5f7409f0a0964ba37aa7d5c19ff67fd06a8bbb9a5e66c0bc6736180b5276571d91ce9d064a00cdd4f9bd7a6ecded217035acb86486d6152c23390ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\yandex_browser_installer.log

Filesize
7KB

MD5
cc668dec0681e28c05956541bd6414da

SHA1
4d8dcbca981065c2c39ff319b05c75c5752ebc83

SHA256
5e0f9acce7365895568debf9cfb8ee3939b25927d2d19378da6d5f3b6e316f9d

SHA512
84e989954ff738c6d193601ed012174d855ccf6e399c1737b11f2fd9654c4632ee7dc064cb367a3c8255f044e9279fc113ebb89c0b43822f9db46cdedbdd3f0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\yandex_browser_installer.log

Filesize
23KB

MD5
a358524b03fd45dbd5f0c710b7bbc999

SHA1
a026378b5299fe6a6e63b699b44b335fb758ac00

SHA256
190051fba9b1939b7b920da6546e94a5d924a62e5624b5bb9e3ecfa5bc3771ef

SHA512
4bc41203986afc55083602b4df938b34ffacf8ad569e1e6d51ae9acd91f1e05da2db1b20ce02e0a3437c1b612bc9ed79081699a807c4f785ab3bea7a48dc8496

Download Submit
C:\Users\Admin\AppData\Local\Temp\yandex_browser_updater.log

Filesize
4KB

MD5
36937bf8b7f1c971bfe943ca84274773

SHA1
0b998a453dd1e4f354c6418f8a2542d64d4a7b72

SHA256
15688ba2c46a1409945a8d6d4fa7411b583ccd6bbf1bf52ba47333bc0772c0b0

SHA512
230d410225560fda11fb212bbd6660864c127e6c6807247444fcc04a3e5b565b5f47bcbf67978c68ac892c21d131e11516bff1dc0c1f4375d3135e5e54f0abcf

Download Submit
C:\Users\Admin\AppData\Local\Temp\yb8220.tmp

Filesize
140.7MB

MD5
8c64c4d22282f23112d1cd6665ddd291

SHA1
d5a4ca6f0261ae2c7d0c882e952d3aab6de93894

SHA256
56252150c84539780d8c3c34e9f840c8cd2eecc4e701e7d7536b9a7bb68d8c49

SHA512
1c39f382770d76edc30ef1202ad40db1cffc892d0e993ef4ffffb1d924e111f812b47d4ba767e136a48be4309bc2048c21fdb620876ba35e2447601fc46c3ab0

Download Submit
C:\Users\Admin\AppData\Local\Temp\yb8220.tmp

Filesize
140.7MB

MD5
8c64c4d22282f23112d1cd6665ddd291

SHA1
d5a4ca6f0261ae2c7d0c882e952d3aab6de93894

SHA256
56252150c84539780d8c3c34e9f840c8cd2eecc4e701e7d7536b9a7bb68d8c49

SHA512
1c39f382770d76edc30ef1202ad40db1cffc892d0e993ef4ffffb1d924e111f812b47d4ba767e136a48be4309bc2048c21fdb620876ba35e2447601fc46c3ab0

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe

Filesize
619KB

MD5
f28a259537ea0031ed050ce885e9f585

SHA1
b9c9ad6a88cfa019c9912546e24d9f362d1c4e1b

SHA256
e30d3b9d7a6588b183fa367a76d025e4677ee32ef84cda073c8b18b3df3e4afc

SHA512
9f4eec63a5f7409f0a0964ba37aa7d5c19ff67fd06a8bbb9a5e66c0bc6736180b5276571d91ce9d064a00cdd4f9bd7a6ecded217035acb86486d6152c23390ea

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe

Filesize
619KB

MD5
f28a259537ea0031ed050ce885e9f585

SHA1
b9c9ad6a88cfa019c9912546e24d9f362d1c4e1b

SHA256
e30d3b9d7a6588b183fa367a76d025e4677ee32ef84cda073c8b18b3df3e4afc

SHA512
9f4eec63a5f7409f0a0964ba37aa7d5c19ff67fd06a8bbb9a5e66c0bc6736180b5276571d91ce9d064a00cdd4f9bd7a6ecded217035acb86486d6152c23390ea

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.lnk

Filesize
2KB

MD5
bbc4c216104a3c90f351da969593c6e7

SHA1
57d02cde18b72b5f7f1e912c42dd115a49e91c9b

SHA256
4bc52df61f15817ede4d1ec339bca95355946735d3e23abf765253e9a4b49ae6

SHA512
db59826c73ce042f2d6eb4a57285ba139e37aec28306b0fad3b03108eed5da9dfa30efa791d6354bc083f64058a7c4feec52a29a5b7580c977e3595049340eb9

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YaPin\YandexWorking.exe

Filesize
619KB

MD5
f28a259537ea0031ed050ce885e9f585

SHA1
b9c9ad6a88cfa019c9912546e24d9f362d1c4e1b

SHA256
e30d3b9d7a6588b183fa367a76d025e4677ee32ef84cda073c8b18b3df3e4afc

SHA512
9f4eec63a5f7409f0a0964ba37aa7d5c19ff67fd06a8bbb9a5e66c0bc6736180b5276571d91ce9d064a00cdd4f9bd7a6ecded217035acb86486d6152c23390ea

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YaPin\yandex.website

Filesize
488B

MD5
2baf611b1b6876e6c393054aa8c46a0a

SHA1
3d26e532d5b37939b51884bfb53732070c4dca9a

SHA256
5f7570144541408b41c15373bb8870e7bde53ad3c5413e2f6000e6f0e449b853

SHA512
1a0dc02bdd53e1bd49b2a72b10828463f5c8bed8a17b8498eb4ae939a40dfd8bcaeba1feac1190f5595b4da245a7aa0e4507724ef9fb74172b29581e885cd563

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\23.9.4.838\brand_config

Filesize
7KB

MD5
5f26aa740f787b8b936d2a615db4f88e

SHA1
a18e518363ca0cd5931327f9b9a7c8c8129af2d2

SHA256
9d0f362c0db7320dc49d4a8622c510c1db50f8458cb2ce6eae19244a76315de8

SHA512
6b4d11d5ef5cb230f412b54fcd7ae3f6a3f2b0315e983042be7c56614edf79ddee61c4fdfe2f45ce6e675122a7888c3c2b13d4a57346628c784f9e2af031d81b

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\23.9.4.838\partner_config

Filesize
597B

MD5
33512c8b0fbb29fabfff3c5d87b112b3

SHA1
695af1191d0286421ff3a1ff9e2e23e88d08345a

SHA256
8fc73c825c81804d0bb96298ae63f94c7f1ea719b538ac4806b346d3c74023b1

SHA512
b25784e32bb54dd115c0d4e2ff1d4a2ba5cbbfaebf4028bf1006708bb8ed4361387d941c47232f9a3d7ff032187dec271581261d9538d0b2268b3db9e05629b6

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\YandexDictionaries\ru.bdic

Filesize
4.5MB

MD5
ac3768f0462853d08df284e67c7c4ebd

SHA1
732581ac6f2e02246696817adc53d2e2e5d0dcb5

SHA256
af2bcc135f974aad505a8f55296117dbf4cbc095931e22f424698b181d273656

SHA512
27d558deffeeefe1198aebdf65a3fef0b0f3d6b6c4177d03ff32b0363f0a2fb1b7ff6454f45dd3254427cec9174b03181c50bc51dba212e6ab0114a6e72bcf96

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

Filesize
4.0MB

MD5
1ad48e1eeb2919bffd46cb1a90718187

SHA1
8f7d8b21cb6658c783ef48fd271f73d97125b20a

SHA256
ba38a8ea2345dd6ae2e49426850c9f129527148034c9f38a4d8bf3dfcc25be99

SHA512
8b2e2aad136225aad85e441de2f773e3c5f6f4ad6884d10709b651e13bf1335f1c9b4694326c5e3fe14cc8e1bbf3ea489ace9594678d034ac555fa2fe2e9c1ee

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

Filesize
4.0MB

MD5
1ad48e1eeb2919bffd46cb1a90718187

SHA1
8f7d8b21cb6658c783ef48fd271f73d97125b20a

SHA256
ba38a8ea2345dd6ae2e49426850c9f129527148034c9f38a4d8bf3dfcc25be99

SHA512
8b2e2aad136225aad85e441de2f773e3c5f6f4ad6884d10709b651e13bf1335f1c9b4694326c5e3fe14cc8e1bbf3ea489ace9594678d034ac555fa2fe2e9c1ee

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\install_state.json

Filesize
1KB

MD5
b9a3b09108638c2de2b8475dd2c3358a

SHA1
5eb772e664cde23621910857a702899992cd20ab

SHA256
98889ec42a6501a43e40ae6166c35d44ebbfd8efd30877f62508f5bff01983cd

SHA512
a56dda72cc33ac094d5d67fc6b5885a0e9eba209ad02ede28061f95b276f91680c5a608b2e1fcf476c0e61fe653e722b562e994bd9c7d87ad0d530b7e62331b3

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.4.838\Extensions\ghjgbemlcjioaaejhnnmgfpiplgalgcl.json

Filesize
122B

MD5
8f1ef981951ada25c4b739f4654e73d4

SHA1
cc03a958ce4fa86a76d10f343a4e236e2d4a0c8f

SHA256
a1d9c5c34ae669a1cfc64ed674a1202e2659567c2092a5b16ae0b9bd56ede5e6

SHA512
0687aaec870e30d759804f53a47814ad56a74063c23a5068f013f70fec1296bba0d69b8e002d66cc865f01aba437fdd46c5289454b978f3bb9d840b80e380962

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.4.838\resources\about_logo_en.png

Filesize
1KB

MD5
1376f5abbe56c563deead63daf51e4e9

SHA1
0c838e0bd129d83e56e072243c796470a6a1088d

SHA256
c56ae312020aef1916a8a01d5a1fc67ed3b41e5da539c0f26632c904a5e49c62

SHA512
a0bab3bae1307ea8c7ccbd558b86c9f40e748cdd6fd8067bb33eeef863191534af367a0058111553a2c3a24e666a99009176a8636c0a5db3bf1aa6226130498f

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.4.838\resources\about_logo_en_2x.png

Filesize
3KB

MD5
900fdf32c590f77d11ad28bf322e3e60

SHA1
310932b2b11f94e0249772d14d74871a1924b19f

SHA256
fe20d86fd62a4d1ab51531b78231749bd5990c9221eab1e7958be6d6aef292d9

SHA512
64ebc4c6a52440b4f9f05de8ffb343c2024c4690fe5c9f336e78cd1dd01ae8225e8bc446f386feb442e76136b20d6b04ee293467b21f5b294ce25e500922f453

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.4.838\resources\about_logo_ru.png

Filesize
1KB

MD5
ff321ebfe13e569bc61aee173257b3d7

SHA1
93c5951e26d4c0060f618cf57f19d6af67901151

SHA256
1039ea2d254d536410588d30f302e6ab727d633cf08cb409caa5d22718af5e64

SHA512
e98fbfb4ed40c5ac804b9f4d9f0c163508c319ec91f5d1e9deb6a5d3eada9338980f1b5fe11c49e6e88935ecd50119d321ce55ca5bdd0723a6e8c414e1e68e16

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.4.838\resources\about_logo_ru_2x.png

Filesize
3KB

MD5
a6911c85bb22e4e33a66532b0ed1a26c

SHA1
cbd2b98c55315ac6e44fb0352580174ed418db0a

SHA256
5bb0977553ded973c818d43a178e5d9874b24539dacbd7904cd1871e0ba82b23

SHA512
279fb0c1f2871ce41b250e9a4662046bc13c6678a79866eaf317cc93c997a683114122092214ce24f8e7f8a40520fe4ca03f54930148f4f794df0df3ecf74e9d

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.4.838\resources\configs\all_zip

Filesize
597KB

MD5
185759a177200c0fd7c1f041775efb62

SHA1
4e33ff6030a23899ae22cb90a1866adffdafc25f

SHA256
8eba2dcd0a4c8f918774ab59a15b86e50aaf819f03c4abef150801cc84cbc861

SHA512
8b48ca764bcb62ad7c7d816ad9a2445200acf5e54950a7c0bb4fe75e2a602bbe98eadd2d16e2cf0ae17361ffc0e251e663ab1f9a6b9e778ce1ce3b9cabd05d7d

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.4.838\resources\easylist\easylist.txt

Filesize
620KB

MD5
8e4bcad511334a0d363fc9f0ece75993

SHA1
62d4b56e340464e1dc4344ae6cb596d258b8b5de

SHA256
2f317fee439877eaadb1264bd3d1e153c963ef98596a4ccf227592aea12ae76f

SHA512
65077bd249c51be198234ff927040ef849cd79adcd611ed2afae511bc2a257a21f13171bf01cb06fce788c1cff88c8ad39cf768c5900d77cd15453a35e7f0721

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.4.838\resources\easylist\manifest.json

Filesize
68B

MD5
15bcd6d3b8895b8e1934ef224c947df8

SHA1
e4a7499779a256475d8748f6a00fb4580ac5d80d

SHA256
77334f6256abddcc254f31854d1b00aa6743e20aadbb9e69187144847099a66b

SHA512
c2d3778a99af8d8598e653593d5e2d1d0b3b2ace11addd2d3eeb2bf3b57d51bf938ddaf2d2743322e0ce02e291b81f61c319daf34c1cd604ffce1f6407a30b34

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.4.838\resources\extension\elokbjeafkcggjfjkakpchmcmhkhaofn\brand_settings.json

Filesize
384B

MD5
4bd2ffe5e645a04d6a7047ac47969fa5

SHA1
73b988a08b3b1e72a38e4ee0e9813cc09946e555

SHA256
a9cf92fb5076df30264c75da6f1b6e41bf592567d5e7bf170c21beba628aafe2

SHA512
0125141dc02b40cefa34280311653c1fe0815ecf005d93814f06ceb7f2e2d1789ca7d5907a5cf069880a742db19fc74289467a0538fe329670d9c0397135e1f8

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.4.838\resources\extension\fcgfaidpicddcilhjhafmmcgfodijhjd\brand_settings.json

Filesize
319B

MD5
94e409c4948755c18ed015a9ea88194d

SHA1
9725a6622664ab4332f07e04c4f8a23c86daf695

SHA256
ce1e2092945df5b00797e81185cc4db54070583ed92af19dd5d104e1aa4343a9

SHA512
e59d6730078b06dcd51a68c1a729244f3af76d97083b75a4fa05ac323d6f6e61c882b41a821c15595c3483b75995bfbdcdbc55bc3609f0d470b8e96ca1c4a196

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.4.838\resources\extension\gopnelejddjjkamjfblkcijjikkinnec\brand_settings.json

Filesize
250B

MD5
338199392c0ee2d8530b8d0516f6d2eb

SHA1
2ce5daca88f6296335dcd3167a5f54d87687f85a

SHA256
c9c85c1fad9bd1e26e42d3b35e7e5ba5d6af4b87e13846b3d71518274896a9cb

SHA512
6a89b757abb2e51c46214bf6b111e7ae085ebdef43ce656695e1d7eec91c2f33bfb95868b2cc3749e5e7f3c435bb65d830c96fdd01abee4f9106d1b11ecaf2c1

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.4.838\resources\import-bg.png

Filesize
9KB

MD5
85756c1b6811c5c527b16c9868d3b777

SHA1
b473844783d4b5a694b71f44ffb6f66a43f49a45

SHA256
7573af31ed2bfcfff97ed2132237db65f05aff36637cd4bdeccdf8ca02cd9038

SHA512
1709222e696c392ca7bcd360f9a2b301896898eb83ddfb6a9db0d0c226a03f50671633b8bed4d060d8f70df7282ffc2cd7ab1d1449acf2e07a7b6c251aa3a19e

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.4.838\resources\morphology\dictionary-ru-RU.mrf

Filesize
1.1MB

MD5
0be7417225caaa3c7c3fe03c6e9c2447

SHA1
ff3a8156e955c96cce6f87c89a282034787ef812

SHA256
1585b1599418d790da830ef11e8eeceee0cbb038876fe3959cc41858bd501dbc

SHA512
dfc0de77b717029a8c365146522580ab9d94e4b2327cef24db8f6535479790505c337852d0e924fbfa26e756b3aec911f27f5f17eba824496365c9a526464072

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.4.838\resources\morphology\dictionary-ru-RU.mrf.sig

Filesize
256B

MD5
d704b5744ddc826c0429dc7f39bc6208

SHA1
92a7ace56fb726bf7ea06232debe10e0f022bd57

SHA256
151739137bbbdf5f9608a82ec648bdf5d7454a81b86631b53dfc5ad602b207d6

SHA512
1c01217e3480872a6d0f595ceb1b2242ffe3e1ff8b3fdd76eea13a7541606b94d3ccd69492a88220e0e40c17da5d785e4dba1d7501e6be749b9c46f72572ef6f

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.4.838\resources\morphology\stop-words-ru-RU.list

Filesize
53B

MD5
b255d75a7ee1052a3648bfffd2b31f6b

SHA1
57a388c0a6f44bacf8576a4d54ae520f649e9990

SHA256
0f45d855adcb5517b3e8d747ac385cbd7d493bc0529a7c567c750ba765772040

SHA512
9a4cc4a1e6d9c188c24f628ccc109f447a2ebc8b42e5e6daccee0617dcdd3f1cc79206e6278154583c29dd8d1180072c463ed88ac56e87a6de1449f40494c292

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.4.838\resources\safebrowsing\download.png

Filesize
437B

MD5
528381b1f5230703b612b68402c1b587

SHA1
c29228966880e1a06df466d437ec90d1cac5bf2e

SHA256
3129d9eaba1c5f31302c2563ebfa85747eda7a6d3f95602de6b01b34e4369f04

SHA512
9eb45b0d4e3480a2d51a27ac5a6f20b9ef4e12bf8ac608043a5f01a372db5ea41a628458f7a0b02aaba94cd6bb8355a583d17666f87c3f29e82a0b899e9700bd

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.4.838\resources\sxs.ico

Filesize
43KB

MD5
592b848cb2b777f2acd889d5e1aae9a1

SHA1
2753e9021579d24b4228f0697ae4cc326aeb1812

SHA256
ad566a3e6f8524c705844e95a402cdeb4d6eed36c241c183147409a44e97ebcd

SHA512
c9552f4db4b6c02707d72b6f67c2a11f1cf110b2c4ac5a1b7ac78291a14bf6eb35a9b4a05bc51ac80135504cd9dcad2d7a883249ee2e20a256cb9e9ceeb0032f

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.4.838\resources\tablo

Filesize
744KB

MD5
d4b7cfcd824e7f03f3b8a8d29dba1ddf

SHA1
45410cf2d456d9d3d187d196f4b8374d6b5a4021

SHA256
871f762fb46f9e3edc714d7494904fffbe5dd11cae5eeb56588e7640656c8497

SHA512
a61ca1ff502bd57eb370ec2045d718a15d9bd1555ba9c0653930aef9de179f1ac9f5346e594045fc0bb2694bafae0f2e2a2ae090b92cdc19e08306a03b275210

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.4.838\resources\wallpapers\1-1x.png

Filesize
18KB

MD5
80121a47bf1bb2f76c9011e28c4f8952

SHA1
a5a814bafe586bc32b7d5d4634cd2e581351f15c

SHA256
a62f9fdf3de1172988e01a989bf7a2344550f2f05a3ac0e6dc0ccd39ed1a697e

SHA512
a04df34e61fd30764cf344b339ba2636b9280a358863f298690f6a8533c5e5dfa9773a14f8d16a5bb709ea17cf75e1da6302335aa9120009892e529bfad30df9

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.4.838\resources\wallpapers\custogray\custogray_full.png

Filesize
313B

MD5
55841c472563c3030e78fcf241df7138

SHA1
69f9a73b0a6aaafa41cecff40b775a50e36adc90

SHA256
a7cd964345c3d15840b88fd9bc88f0d0c34a18edbf1ce39359af4582d1d7da45

SHA512
f7433d17937342d9d44aa86bcc30db9ae90450b84aa745d2c7390ff430449e195b693a8ae6df35d05fee2d97149a58a7d881737d57902d9885c6c55393d25d6f

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.4.838\resources\wallpapers\custogray\preview.png

Filesize
136B

MD5
0474a1a6ea2aac549523f5b309f62bff

SHA1
cc4acf26a804706abe5500dc8565d8dfda237c91

SHA256
55a236ad63d00d665b86ff7f91f2076226d5ed62b9d9e8f835f7cb998556545f

SHA512
d8e3de4fea62b29fd719376d33a65367a3a2a2a22ed175cc1eeff3e38dfbaac448c97a6fbea55bc6159351d11a6aad97e09cb12548cf297e01bd23bf6074de08

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.4.838\resources\wallpapers\custogray\wallpaper.json

Filesize
244B

MD5
19feb60966afbb9d1b797a050278f13e

SHA1
9874bcea4222a8f56d59c91b7abe603687a4f67d

SHA256
94cf5e38c38f78a42d70599c469a3969e4b3feb292da450a947d8463a57bfb9d

SHA512
2abd6fb2bd126ef99a7f0bb79072fdcdea2670d1b296ace2b4f9ebbabb343594b140b6c2728c31af339465619a8ee9faa2e3d64e1847e9557c50a79144d24196

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.4.838\resources\wallpapers\fir_tree\fir_tree_preview.png

Filesize
8KB

MD5
d6305ea5eb41ef548aa560e7c2c5c854

SHA1
4d7d24befe83f892fb28a00cf2c4121aeb2d9c5d

SHA256
4c2b561cf301d9e98383d084a200deb7555ec47a92772a94453d3d8d1de04080

SHA512
9330009997d62c1804f1e4cf575345016cda8d6a1dd6cb7d2501df65ea2021df6b8a5bc26809ddfc84e6ff9450f1e404c135561b1b00b9e4915c69e84f89cfec

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.4.838\resources\wallpapers\fir_tree\wallpaper.json

Filesize
396B

MD5
31b6342128a20e38a224a3c395f1d5d8

SHA1
afea42f96d007c0d02d90a2cf7d3486c73969d9e

SHA256
a135978536ba7409f381fcac3befed527e6d310fd4fb6a9e567adbb22e84ef2d

SHA512
5b53e2a4c66d81f4e3aec91be650c4b151812d7ea8a6ef1ff911dd56933f8153ccf4a9883e406b2a9cf59056037a1e7434ed9c6c102ad446db5b42e1af93ea64

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.4.838\resources\wallpapers\flowers\flowers_preview.png

Filesize
9KB

MD5
ba6e7c6e6cf1d89231ec7ace18e32661

SHA1
b8cba24211f2e3f280e841398ef4dcc48230af66

SHA256
70a7a65aa6e8279a1a45d93750088965b65ea8e900c5b155089ca119425df003

SHA512
1a532c232dd151474fbc25e1b435a5e0d9d3f61372036d97bcaab3c352e7037f1c424b54a8904ef52cf34c13a77b7ab295fb4fd006c3ab86289577f469a6cd4c

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.4.838\resources\wallpapers\flowers\wallpaper.json

Filesize
399B

MD5
db5d85343264fe69c9452cf6bbddb10c

SHA1
82d97c05c2ee2374a9343f10db78e0ad232ac2aa

SHA256
c15d588d418a5bfc7caa62b62a3e4df7f67990f6912aeda133e616ab0738401d

SHA512
3aa27652f9decf1315630ef83302355065e8c43297c0d8c891295a855499e81d9cfef2767490c2992b3103e44d7f16825e65e9bf2d994d17811f49be9eb37307

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.4.838\resources\wallpapers\huangshan\huangshan.jpg

Filesize
211KB

MD5
c51eed480a92977f001a459aa554595a

SHA1
0862f95662cff73b8b57738dfaca7c61de579125

SHA256
713c9e03aac760a11e51b833d7e1c9013759990b9b458363a856fd29ea108eec

SHA512
6f896c5f7f05524d05f90dc45914478a2f7509ea79114f240396791f658e2f7070e783fab6ac284327361dc2a48c5918b9f1c969b90795ceacce2c5c5bfa56ca

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.4.838\resources\wallpapers\huangshan\huangshan.webm

Filesize
9.6MB

MD5
b78f2fd03c421aa82b630e86e4619321

SHA1
0d07bfbaa80b9555e6eaa9f301395c5db99dde25

SHA256
05e7170852a344e2f3288fc3b74c84012c3d51fb7ad7d25a15e71b2b574bfd56

SHA512
404fb2b76e5b549cbcba0a8cf744b750068cbd8d0f9f6959c4f883b35bcaa92d46b0df454719ca1cef22f5924d1243ba2a677b2f86a239d20bfad5365dc08650

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.4.838\resources\wallpapers\huangshan\huangshan_preview.jpg

Filesize
26KB

MD5
1edab3f1f952372eb1e3b8b1ea5fd0cf

SHA1
aeb7edc3503585512c9843481362dca079ac7e4a

SHA256
649c55ccc096cc37dfe534f992b1c7bda68da589258611924d3f6172d0680212

SHA512
ecd9609fbf821239ddcbdc18ef69dade6e32efd10c383d79e0db39389fa890a5c2c6db430a01b49a44d5fa185f8197dbbde2e1e946f12a1f97a8c118634c0c34

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.4.838\resources\wallpapers\meadow\preview.png

Filesize
5KB

MD5
d10bda5b0d078308c50190f4f7a7f457

SHA1
3f51aae42778b8280cd9d5aa12275b9386003665

SHA256
0499c4cc77a64cc89055b3c65d7af8387f5d42399ff2c0a2622eccbd6d481238

SHA512
668e1a70a50a0decf633167ac23cba6916d0e05d0894daae1f7e3d487519f0a126abd4298430b38f52746a5c3b83ccd520b3d9b0ae1a79f893e36821a0458566

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.4.838\resources\wallpapers\meadow\wallpaper.json

Filesize
451B

MD5
1a8908826d2efe5fa817ce6bf474700a

SHA1
f25ed2de494bae4ffeca33071e5c2dc034c863f7

SHA256
9c75f591907f6a631ba583bce6ddcaafa6f89a84a4bec8108637f7f471e821cf

SHA512
1b68183bd466d01ec25b1281737ac4e752263cd88b64e16324244812d46f8f985ebdeb35d065c7aabc7abcb93286e92b0f3d5b0b7173f5aa6e33891c417b6fc8

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.4.838\resources\wallpapers\misty_forest\preview.png

Filesize
5KB

MD5
77aa87c90d28fbbd0a5cd358bd673204

SHA1
5813d5759e4010cc21464fcba232d1ba0285da12

SHA256
ea340a389af6d7ad760dff2016cf4e79488bda1a45d0a415b3cd02a4430c9711

SHA512
759519b8822a6a4b88fc9ba47fa9d5d898b2f5a0f359acfbefc04809e6d7f5df86fb130f191eb6f63322792a18c0e7170aedf3ce7060fd9ad7e1bec2e686c3b2

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.4.838\resources\wallpapers\misty_forest\wallpaper.json

Filesize
435B

MD5
ea6753f7a10f9f92b7790c93f8ea2411

SHA1
0cb570e8ecc34e16017b920fbcf1036cf1508ab4

SHA256
b1f9aebdb9333b4b15c2a9339d18e974205cbd4a61d2a0b4d34a25b384a0de7c

SHA512
f7974e99c58696a4d739c4d590f5f50094082473754e6b1fb8a82c76566cf3b5713b1e013126f8fbef0f0c8af2e08d09b32307958c9ed1a1007c04ce89539ec7

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.4.838\resources\wallpapers\mountains_preview.jpg

Filesize
35KB

MD5
a3272b575aa5f7c1af8eea19074665d1

SHA1
d4e3def9a37e9408c3a348867169fe573050f943

SHA256
55074794869b59cd5c693dfa6f6615aea068c2cd50cdae6dd69bd0410661ded8

SHA512
c69bf39362658dd6cbd827cf6db0f188a9c4410b3c6b7b532595fd5907974e2141d857942ffb2497282e31eaa33c71240c2c2bd8721046df55e3358e8b76c061

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.4.838\resources\wallpapers\peak\preview.png

Filesize
5KB

MD5
1d62921f4efbcaecd5de492534863828

SHA1
06e10e044e0d46cd6dccbcd4bae6fb9a77f8be45

SHA256
f72ea12f6c972edfe3d5a203e1e42cbbaf4985633de419342c2af31363f33dab

SHA512
eec8171bd3bea92e24066e36801f334ac93905b7e8e50935f360e09fa8c9b9f848c4c62b687299e8297c0693d6dbaf9c6035b471e6345d626510b73e3606ee4d

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.4.838\resources\wallpapers\peak\wallpaper.json

Filesize
452B

MD5
dabb663536eef90a540783e707a311d6

SHA1
9659fe0463435f3281983ce306ff22fc101f6e57

SHA256
d1c971a197cb79f1df640994465aa7543bada90059f5b2768967d2b57c6afd2d

SHA512
ed6b4090eba519f2814dc51fccb92cdb703656c77be741f07753f9c84d09394d080158e04bba1ca9dee501b0dff2a21020883e538a6c0ced6a12602b7098676b

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.4.838\resources\wallpapers\raindrops\raindrops_preview.png

Filesize
7KB

MD5
28b10d683479dcbf08f30b63e2269510

SHA1
61f35e43425b7411d3fbb93938407365efbd1790

SHA256
1e70fc9965939f6011488f81cd325223f17b07ee158a93c32c124602b506aa6b

SHA512
05e5b5e9c5ef61f33a883b0286c2239cb2a464581d6e8a86d7b179b1887b4cb2cd7304e0821cdd3208501421c44c63c248a5166c790792717a90f8ac528fbf2f

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.4.838\resources\wallpapers\raindrops\wallpaper.json

Filesize
397B

MD5
69472b2b8eb07ec616a8e94a492c6c5b

SHA1
aec5df4e15d292a360a5dd6125217ef063ebe65e

SHA256
6e9ef0bb0853c6c898ec033d54d9d5cfcb68a5f52cd8f9bfff3528a02c73e06c

SHA512
e355958272292bcd7d767af692fb33941ad469809abb6366b1aff2bd4585de6a18b290258799e943f9a53416c9f5c139ccabc47cb337d0e6e4f5d499f2e27aa4

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.4.838\resources\wallpapers\sea.webm

Filesize
12.5MB

MD5
00756df0dfaa14e2f246493bd87cb251

SHA1
39ce8b45f484a5e3aa997b8c8f3ad174e482b1b9

SHA256
fa8d0ae53ebdbec47b533239709b7e1514ecb71278907621ca2d288241eb0b13

SHA512
967670863f3c77af26fa1d44cd7b4fe78148d2ba6ea930b7b29b9f35d606554d664c0577068e0c26fa125d54627d7e7543360bce4acee0af17783b07450b5f52

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.4.838\resources\wallpapers\sea\sea_preview.png

Filesize
3KB

MD5
3c0d06da1b5db81ea2f1871e33730204

SHA1
33a17623183376735d04337857fae74bcb772167

SHA256
02d8e450f03129936a08b67f3a50ea5d2e79f32c4e8f24d34b464f2cb5e0b086

SHA512
ff0e60c94fc3c0c61d356a26667c5170256e1143b29adf23d4e7d27012da72ed8865ef59dc2046314c7335b8d3d331e5fd78f38b9b92f6af48729dae80f85b15

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.4.838\resources\wallpapers\sea\wallpaper.json

Filesize
391B

MD5
a79af1c34d9d4fcc609e57fbd387924b

SHA1
6ae1f8730d03cbca17a1c368da8a600157e0ea49

SHA256
8c60b18ca1810a5e75950095cb0dfb4bb9c32a18f99e5505cf40c39840b8a633

SHA512
b95aef743acb3c6890e3ca74fc260a8fdeb134ba399f6e9851d34a47fb2cad9791a64d6214acb956ba4c8b51dd710f8f10fa8c3e88fb1a0f52a7e2214eca16fe

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.4.838\resources\wallpapers\sea_preview.jpg

Filesize
59KB

MD5
53ba159f3391558f90f88816c34eacc3

SHA1
0669f66168a43f35c2c6a686ce1415508318574d

SHA256
f60c331f1336b891a44aeff7cc3429c5c6014007028ad81cca53441c5c6b293e

SHA512
94c82f78df95061bcfa5a3c7b6b7bf0b9fb90e33ea3e034f4620836309fb915186da929b0c38aa3d835e60ea632fafd683623f44c41e72a879baf19de9561179

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.4.838\resources\wallpapers\sea_static.jpg

Filesize
300KB

MD5
5e1d673daa7286af82eb4946047fe465

SHA1
02370e69f2a43562f367aa543e23c2750df3f001

SHA256
1605169330d8052d726500a2605da63b30613ac743a7fbfb04e503a4056c4e8a

SHA512
03f4abc1eb45a66ff3dcbb5618307867a85f7c5d941444c2c1e83163752d4863c5fc06a92831b88c66435e689cdfccdc226472be3fdef6d9cb921871156a0828

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.4.838\resources\wallpapers\stars\preview.png

Filesize
6KB

MD5
ed9839039b42c2bf8ac33c09f941d698

SHA1
822e8df6bfee8df670b9094f47603cf878b4b3ed

SHA256
4fa185f67eaf3a65b991cea723d11f78de15a6a9a5235848a6456b98a9d7f689

SHA512
85119055ddfc6bc4cca05de034b941b1743cbb787607c053e8c10309572d2ef223786fc454d962fbb5e3cde5320117f9efe99041116db48916bc3d2fcd4ffa25

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.4.838\resources\wallpapers\stars\wallpaper.json

Filesize
550B

MD5
8571306e9021fc89eff3c5ced3e02098

SHA1
49d6a7baa6ab4182c4b38c95be4bef1b243fc594

SHA256
0529c0be39bdcb289bf29e6a9c774d907b444857cfaa47d3942e5dae1b75531c

SHA512
7657c0e48b4cfa3025bc33b0decacc22646bde2cedda7f51b98b19a17a91461ebee57f054b64edc58318ef6caef7227ac21b740527144f3fb0bc0a2e7b9fef19

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.4.838\resources\wallpapers\web\wallpaper.json

Filesize
391B

MD5
7b00cfeccb0f471865d2ef08fa1d1222

SHA1
1881d5a29dfe86d6d19cac14a1a4b95b05494830

SHA256
22557386855643b706808ea9aed33ac22fa26f58d2fc281fb0ba917cf55f990a

SHA512
b7d80dccfa5f051b1ec8987193857aad83c7365e12f12fa68b8edc6ae0dca1d8a4d846e284fb8e15715b5ce7478dae334da5651b97a68189cb43c74e7fdf7177

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\23.9.4.838\resources\wallpapers\web\web_preview.png

Filesize
8KB

MD5
3f7b54e2363f49defe33016bbd863cc7

SHA1
5d62fbfa06a49647a758511dfcca68d74606232c

SHA256
0bbf72a3c021393192134893777ecb305717ccef81b232961ca97ae4991d9ba8

SHA512
b3b458860701f3bc163b4d437066a58b5d441d8a427a8b03772c9c519c01983e3d3fdb8da20f6a53ad95c88dcdd0298f72822f39bc3672cb6f1d77fcc3f025a9

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\64249f04-c6f0-4b5a-8921-2796c8e8cece.tmp

Filesize
158KB

MD5
a69cd60cb8361fe4d9971ade95d98cdf

SHA1
020a21d118a2b8af3942a29e6ffd20af120ae209

SHA256
552d6d0ab0fb36e05e6a8c9419f24d1d7b4c0d9ada08f295d31e556f190d90c5

SHA512
e7d1c7e73c8fe62ff89bbaf76757fd060cb37411b25c47eddf0556335e5a5689eddc074ba4a4789d36c4750b49179387a3e8a7523d591693c5662c53e2dbdb04

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad\settings.dat

Filesize
48B

MD5
d9b357c0008703161658be38ad844b68

SHA1
423e4faf64031e20f55593b5a0f663f3928e4a30

SHA256
e26333414b64a294f8fc818e184154c27daf9218e39596fac49169ac0b2b8e01

SHA512
c56eb74cdcabe0cbc60841e74d56328c6b8b25c042ccf30c15b83e443fec76eb74246fc39adf19263a56bd370f335026a075f6c02336cd574abd4506fba254f8

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad\settings.dat

Filesize
48B

MD5
339ef8aa76fc24d89bb0cbaa16397d8e

SHA1
60e0920b86091d110c68d5fbcc67be303d9f17ff

SHA256
cb660035bdc4fc7ad8b6464c930d6e28f005ec41e57f2de0a16560226dcc086a

SHA512
2a52e36c8973f7fb8757b97f201743321a390d6298859a8b6543382a1306656280f6363ead2e52b461f0d8f863b20037398c4402c08acadbd06975a560fa26ef

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
a316738b15614b473ca58f4256581c04

SHA1
b66a46028436b1c2bcadc61bdc0231381ff12054

SHA256
8b5ee0f1a9b57c10839c760af58d0f011ed883ad0b0404790d5666bcfd34b5db

SHA512
f199ba7f4aef8c619818a4dd6975f67a67800cd26fac3d5116197c9abdac16a152e282ccdcd6b157d0768b4b071734742c9270f3f60b940a49751a19bcb42c12

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
fc991efcee98fbe149137a797aa204ce

SHA1
e2074dc6fae1f9a9b100d1156106b53b949351e2

SHA256
276a0894c364ca5c89b20c1016193cad2153611b4740626c73a5c6cb2983af8d

SHA512
d1641b5b73835d686f0aed502e2c09b13e8835c145830508cb54929426d275796a54e29399a7416fb5e472673abc1e7f076998ebf38d603db343f97cfb7982f2

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe591d62.TMP

Filesize
48B

MD5
538ce3e73141b38e6bd63ea8c57eaa01

SHA1
354f33656eb74cda15eedc18582c282d9f6a2de5

SHA256
acc3c05b1165d7a7e1677772fea3a7d9b0f078d944f5d1249fdcf0b92b453706

SHA512
fcec40eaa3858b84ea2b151890f133c7e8e9797f11bdd07c1166a29f9777c902df85f054d6a02462567a7a2a01b7a805b455c56c3e599c265db045f16fb5c087

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
af4f357671cc3d470c1e0eb5a769fe75

SHA1
0f6ae1f97dbaf30535f53d56beb4a5814f304c25

SHA256
d1e0a392e6acaeca0ea2f85e9094a5603d70c2ae820f9416c197ee1d717e3037

SHA512
d153aa416d43a67d48fb634bc33818279af24410ea13c3e1e98af93ef92d2113d07181e4c133790ad41a1840770b5e8e5ccab037f143e0920fabf512613cd472

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\Network Persistent State~RFe59b099.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
030c3859a53549dc08cb912d37ff9ee7

SHA1
1582bc7cad4e2e4b370a84d8108b06a2ab9cfdc5

SHA256
f95459829b48fd74b7a55276d1e079cae0dd4f9c747b582fe748d3718d1a69f0

SHA512
6f8f69254c9f6b6bff9ba28148e1c8693879da815b85a1487c1e1c3df481a67a271774a8f6a255375bbcb61409d307f92f74b5842d0705e4f1d7bce2d752a54d

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4fea0d3938eb5dde049a19ea2c9c5458

SHA1
25850dbf40b252e26f7f3d3889c3215e616ee7ca

SHA256
abffc548bb6ee0ed9a29b2a1b944219d5cb6fa0815b56b786374fb1f00fb4938

SHA512
d0d464fc0deed618ad717edc6d434657b422ad820ff7ed1bc68d995722966dc4cc14c14b9ea828e1cc648bc2632ef6f6ce5868d144803b3cb307f1332478897c

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d5ed33d11441a32eb4de8a312e1aade2

SHA1
2f3553bbbe63eefdf64e852078668a8a5cc846ed

SHA256
21a215c6c2e09817db40f022714510aee512c2d06dd30b4a220f82c82b8c2b0f

SHA512
d84d7dd4f3738db15fc93c90f9fbd55e2c45bb48124b069a01a348b2b26c0bea8c6c3a5685b68a9f28a225995b885c1ed54c79a64e742648d2e5708c469f884a

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1644a4843218fec3c1110f5042873c61

SHA1
2bd7555f9ab1aaf6bd6c13fec5cab68507c1f22f

SHA256
9d840d46a9411453c6c3c55e9bea7adc0016056b150c654007400c5ec7c2e873

SHA512
1a9efbf8b64a337e90f4738c038dcfe7dcc515b62464c1fcd789939628fd6ca4f393fca5cff4528b7bdfffb5481603e854ecd1c2ba9a65f8c8004df6b5b66939

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3fc4c3f0fc0c321811f09249afaa4fb9

SHA1
7dfc5f9d4167a16583faad46ff6e97fbe58ae78d

SHA256
53d1972c14516932635a2d27890cc4783ac763afca7f8bcd1c2f28469d3fa3d5

SHA512
6df4bba9cb5de122b1c4c7a5751b265b6e5062b1c5b7c0a3eebea91938f649fecc14a36df3940d99e7af11ea635685cac2274680c173add47deaf0d3b4e7d80f

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0184a57f21fc7185a3b7e630eceb2af6

SHA1
19a4f2170b495e2b4ac4bc9ca426ce565469d895

SHA256
4139598250b2c040319c198071b497a58dbccf14a895fd7d9386962c1613d961

SHA512
6c4d36ed9953f7ab574298370f2f2a0cbf112abd629a01424439ac94925356541dbfa860bf32fefa6b50c138c5a863ee62393012ac41fb4c37e06ce3cc9bab60

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity~RFe58f519.TMP

Filesize
1KB

MD5
c95119e440f907988733813a3fbd1b5f

SHA1
17f8098be9bf3c43abf58e52b5c8530a59fddea8

SHA256
52cf2ce3ae4ee2d1ee2edeeb0a18850451d55b55958560d2a0d1280d93c358a5

SHA512
88ce3f4cddd5c07753f12079f231f8b5eae3c39f03bf9589ab4c8b507943cc962b127fb835e89d3553fc9d2caa818abe09f2058ac1a70a5ab5a772d656d3b998

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

Filesize
9KB

MD5
126657ef8845ab0721b59e82349992e3

SHA1
6af464b455d296f023e1f733c2dd32d8ac90b5b2

SHA256
c77001dbcea5c3996f8f30d473c225b3f6e72def33214d384b96c92d1b5df9e2

SHA512
6c16a4c145fa5fc3d5194a368f6f13ba4748f9bfecc19fe6146a2b74e99c53fde921b4c78735da50420560a5b3bd50af5848e7ea1d51fc41c47edc7110b7a381

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

Filesize
12KB

MD5
f2ae676a3893a873f58bd9cb7b5635e0

SHA1
73df76c17e8af3ba87c88e1c3bcbb9e0f29e1841

SHA256
5883f3722ea7f8ae5cdf4f7c7e12199fb4b609593b2fbd11e82a1c18cab7f280

SHA512
328e628dae4e7314f9a07379178838dff4e1ecb064883dca75b38eb916318f13a74cc9c4da302d94dcf4441744fce0567297702b815cb5a6717dc2508689e56e

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

Filesize
14KB

MD5
e17afbabc60fda8a8f4bca658195be7c

SHA1
50ace748605d927a2440d396aa2b66d1fbbec0d2

SHA256
67f055cefe938efe714893f51d5ed37778cad730bbfbb8d33df4dd115faff27d

SHA512
bff31e7cd4a7dc53d84327a3a5189d2f517a740d4b57506f87079bff79d8b87c1daaba78f8716ec10a4a3558a1dfc348413a220642217b617bc7b182a71e2e65

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

Filesize
7KB

MD5
4428a2e228334f3ac5f8a02c8acd171b

SHA1
20747ab8ed43f17d83a424aa187ff6fa0cb599a0

SHA256
6ce7c77e6d2a8d69b2fbaed1bb90f5599e92c62c95e8d14f27ac2593cdcb83df

SHA512
41b003cfe7f8f70c085bf17061b020887f9b3f37822b6aba054d64eef227ffb72ec5b6663c92cc7ab378942028d964be71dcf6e7026587695eeaa235a918700c

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

Filesize
13KB

MD5
cdf96c97cc21e0b96a519f027ef4d899

SHA1
165e4e970aea9fb3ab3eb03460d0224ba108e315

SHA256
e557888271a3971f56d133ae23d81de371befdf55885a4d397aa9b51bc424bbe

SHA512
ab62ad64cd92f2d5bbf2a90a10c5fcde54e80a9c551bbb2efca4af65bb74e089104130fc7b299704ef4817b7f7deba53c78b0921ff04f84b57d86824e848aba0

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

Filesize
14KB

MD5
981590e8a232286d90fccd55b2d322e8

SHA1
ed1e40acd1c1c19f9f1299ce072a88846dec3e8a

SHA256
057cb7594d89d00451efe15c4c31b9431054b28157ed17a338c4fdac1acea90f

SHA512
587fe874e02c2d99b51e5415b81fb9867b421593c723d3abec58121e43a33bf5d68fecc8b89779fc2008a670fdde21138aed7363ddb6b90f96e8bc8df46941bf

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences~RFe58973a.TMP

Filesize
4KB

MD5
c125486d5396bc5dcef8d6f6d95d28d3

SHA1
c6c9794bc0b3fd5f796286136e59f0201e584764

SHA256
de76f32a688d9cbf88b01608250aada8058cba2fa972c86e29437d626c70c981

SHA512
0e4c95445a4e3041440a99bf633793cc8b09eb20d1100b98991a5083dfd8df69d191ed38468c290f1d712b3b7d15faceed9e6b1fbfdff0fbfad5d7f5382fe447

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Secure Preferences

Filesize
10KB

MD5
29393f45aaa5e2f1597674db52df51b5

SHA1
07772ba01250feb382a94fefd7a1749e529119a0

SHA256
a44fb97f6a4ef25b7721b12ed9729854b99102d6eace8320e463879a75688596

SHA512
eb1614a5a6253ec7a5b2bae90fd451c1ab8e0de5abe8cb4deeac280b219e536e4efe429ed2853ae278202e9fca6f980616ba8372e2e7640584a650954567a67d

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Secure Preferences~RFe589b03.TMP

Filesize
1KB

MD5
6c293b41415737b5b12eddcb5220186e

SHA1
61cbbac115f3b3ef74222a62b4ee546fa304f54e

SHA256
2ac459c3f72dc1a41516ed7cf1520f76dd4cdf1a66518fa15b10358d90077bd8

SHA512
82ab4add7bcecb174ad524a44e0882cffecd23b7290703add2be3c02f13b4be0a35afdb1630e5aeaf0699b5ee1e7b2db1bfee5a5f2c3f64dd13ee1807843ad36

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Site Characteristics Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Site Characteristics Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Tablo

Filesize
220KB

MD5
3f6ec6a7ad86439bdef351f8488c9f88

SHA1
6bee5d5049a8dfa2750f887658a4dda7411d1329

SHA256
182524e82d66aa34385b5b106846c1ed3df0fc953dbd41642b96fd407706a4d9

SHA512
e47d7c2f963b0d5ed9c6ac0d907b337de9f54a32ba782a7087553a853a8fa97d851fc5f032f565f8e03890ca866f1cefd4fb22e1be3edd252464a896b35a3b33

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Tablo~RFe58fce9.TMP

Filesize
234KB

MD5
2baaa29b4ce30748a96e14440a7ecf7d

SHA1
931d67cac4471c91d7249905a058cac09a1e1b4b

SHA256
52e21df06207d893bf60e9b3666606e37d3d1a7dd5aac890a4bf9388a725995b

SHA512
043860752fe18c80f365979c348edee683c239695f11541cc969c07fe8c331be98a97780f3cec73d9eab893284785919820ab389f6160454920b397c52bbc32b

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\c0589063-c19d-41cb-a932-da461c8dc36f\index-dir\the-real-index

Filesize
2KB

MD5
b3067deebbf15f4928fc40a632d72ea4

SHA1
11350f98b1929c8d89af2bbb6ddbba0102864a07

SHA256
550502bd718f12fd4cd72948602811b6bddc5add68253b3d9e4e99ccdd427971

SHA512
425377f0c3366d397e391f671619f14524179111cc1f7093532fa9503a19dab99c7290f1cbb38c8da1b6582393f64c744d7b3be25f5b4a9ca1309e2ea73cab49

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\c0589063-c19d-41cb-a932-da461c8dc36f\index-dir\the-real-index~RFe591e6b.TMP

Filesize
2KB

MD5
8bae3f13a1207b76f0c9ea8a195f749f

SHA1
905fcd96fc687e4ca5c94bd0ec6b2923cfb09a3d

SHA256
d0dcf1e1c92951c0ba27207613ade54c512aa22223ec5383514c47774ab9b632

SHA512
3c0262dce5a9e39fb792a54ce47cee0a2bc94d09b9f4ba04c6126121312dd89ebcd99f04a071294f109c520568634c81d9aa5e49f23552b60143a6b7c809c810

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\bcadigmkecmhhknameopgaidphameinh\Icons\16.png

Filesize
699B

MD5
238b0e7dc06028db4b6aba8078740ffb

SHA1
5fd2309587993b371beabb7a9d039e0dba3006ba

SHA256
d159e510392f6da58c4d15cc098171d45c7b02a1362cbf7be7a2d47a1a10e7fc

SHA512
1dda4de21be647067c04dfc47174df39d0c6c1eeee3e9005211f908351b69d6a27ed268b5ec7480285fb203a95136a3a205f7bafb7eb5223a3dcbab0dadc0e5d

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\e730e86f-4d4d-489a-9214-1a4f241e5d70.tmp

Filesize
167KB

MD5
4d4b657a4d0b9703e41b3e14991c5f6f

SHA1
65858616de1ec60bba42d2afc307cec3d6da232c

SHA256
a0b1ad95ddf3645510625d1f6da088b1d78ad2fd3d19aa1550dcac7e8e4ccf1e

SHA512
10b753ca1898a8c5ca162feb1f58e9c90d17a2cca47b6a70c555d7e7a1188e331e339a2177f83e8211e742a0a2e680b0d86e0f2ee2fb17c8914fb1d6c6b3cd92

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\turboapp_db.json

Filesize
25KB

MD5
c1a3c28e39245ee7273470cd7439de71

SHA1
7a76b794aa40e164c1c01a8ade804c7d63013dc7

SHA256
784dbd48e9907542ff9e679544e254f23fe32ec14aa732b8c97451f66e6f47be

SHA512
e0a28098dfd10fb849099f1b0c60d4dfb61159a5bf589d8558834b71ab087d71b88938ba04d26b0d03aa2a1f8763cd7538afc056dd8d6813b060c45018f4143e

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\turboapp_db.json

Filesize
25KB

MD5
02b8d59d7b7a992d38a47a27c19fd5f0

SHA1
78b172dc4573c001a099ef4c99cb60c0d1987720

SHA256
5884fa2912340aa844f7ffaf029a3282e677b192abe29d36f47b522ca6140934

SHA512
48bb2c3f093a8e9c8da5ddf9afca104ce93ee99585f989ec8ca8e46ee23130dcfb86b4aced1f159df83d7876e3858fef1e17dbf11797f2930d89f17d98fa7f75

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\turboapp_db.json~RFe589e00.TMP

Filesize
15KB

MD5
7e9a69f89b9d46b72c183f680d88d414

SHA1
03b6ed6e5a1595384ac034ebd54e6308a88c04cf

SHA256
fc7bd8ac5cdc391a4c4f045d0c31c3e3ff112ad3581b80b7877e7fe66e5c890b

SHA512
71214e949475488bc0607dd9c7f48ff6954fa17bf76f3870445f305d50c4ac115428788dc411bad748f549c751f631bcf8041d6f3d7373112166e6dc4a22cc39

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\GraphiteDawnCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\GraphiteDawnCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\GraphiteDawnCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Local State

Filesize
166KB

MD5
c6c31b3daab3d9c35e86fb478b6e490e

SHA1
beed7c9b1fc4fc470fda4c5f31b7ac60f2a61b15

SHA256
8465b52f21df551321922ef9d70df35a4af709428256ca34d4d8cf0d3c458c43

SHA512
5387b79d3c877f5da5fd8c159f6ee50254f42793c96e568f18125c9c65b71e4ee7a1cbb90c559b1d40cc53fc23d6cd37139e5f68a5918ca2def292a509a2be58

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Local State

Filesize
166KB

MD5
2d47b433d3e63922f7f46767bba62fe9

SHA1
ba9ac1cd52e3b555be5dbc14ec145bdb8f1d0d6a

SHA256
11f16e6509b0ce7e7cb5776f1d4c9e9f78ad189ddecd60f0eb5877a1e43ba5e4

SHA512
6111a9d2f0e86782fd98062d764e12ffc7fa61e1971a4df700ac5f67d0cc222dffac581bca2814c95321949fef8f47c4ab9a7a27d3b8d2b70e21d9e444874cf6

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Local State

Filesize
169KB

MD5
13b94aa61d399e5c89b5dc4cbeb8a607

SHA1
34474756d4f92bb15befd24df59b6fdc6b4572e3

SHA256
9f9e5bcce81191ba852b43fe049eb0ae209c688b8060fbe5c9e2df714098ec8f

SHA512
c28bb7a25f950e9b67044f3d7b500043fb223c3d5036ca24e1b777d9fc2893a1c058ed3b08e0785cd6ed18c8b2689cd630361f5ae572b552d6674e3428b8c7ff

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Local State

Filesize
169KB

MD5
999a8ccb74ec9bbb0c3bde9c42094764

SHA1
b155e86bfaa51b57369d59c095780f55acd4d064

SHA256
bd3c0e2489052d7f4b6321824b2a34af792f25cbf6d2b7b895470772a85090ef

SHA512
f8e1d7b439abc0ab3f548ac4d5ecf2aa9b1f63150041c6035f22a87bcad28fb9738b03468b5afc290afbd8c1b3756f699b6ce6939cc92984e276362bf63acd8f

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\PKIMetadata\765\crs.pb

Filesize
140KB

MD5
a6d40ae583f1eafdbeee35ddcae8506f

SHA1
bd0364bffa76570e608fc9e1c8b7559df42044a4

SHA256
760b2c3d16b445d27a85cba18bfe13aef5f71068e46234f82efc0647d74934d5

SHA512
cc583d9dd0aa94bb24b92829596b732a38e0604d385f782229f86d2e26da28332fe0f1f1cc8e2cbddbc55ad29e29449379899b5ba3f73bd4cbee204e5b3f5f79

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\PKIMetadata\765\ct_config.pb

Filesize
45KB

MD5
c65c397ab45470d36e709e051e0d1725

SHA1
254347ca31415bf7ba45271e77b8468b955d4910

SHA256
ed43242c1871eb25158005526967022bda69a329419efd1f35635ea966741674

SHA512
4bbcf55641341193bb3d5bbe135e5c12ce15d89a4e3c4faaf0f3d3989c5920f9d206e062230dc15789ac7f097e314c60ebe0bb910475ed311d018a16505f47d5

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\PKIMetadata\765\kp_pinslist.pb

Filesize
11KB

MD5
dad545043d0ab7284ee758e8b6d1e921

SHA1
7018e4671f7ce15606b5333f8e6831ab4333f4e6

SHA256
10099226e835bfe9ac827154b0f8f6b975f3b157d24d172b75be8a680a4f2e55

SHA512
31484b054993b38946687a19f27552d6241bf11591a36cde46e1d6d5fd0c57312a698411701d074c9f9cd6bbecfc2bd4ac6442f015f8491e2b854c525606baed

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\component_crx_cache\oimompecagnajdejgnnjijobebaeigek_1.2903aec9f77378fa19280af8ff89294fb9ce2caf8e0092c69e19973c0a9cc6fe

Filesize
13.5MB

MD5
5d9ad58399fbef9be94190d149c2f863

SHA1
45f3674f0425d58d9ffc5d9001ff6754f357543c

SHA256
2903aec9f77378fa19280af8ff89294fb9ce2caf8e0092c69e19973c0a9cc6fe

SHA512
9a9532cce2de086d5934235d21d27b8a0863ae902a81151a728364aebe044faef5e5805d64efe68d67a5a5aaf408f74954d08f10c6a011dc9ea82c629339d3b0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\yandex.website

Filesize
488B

MD5
2baf611b1b6876e6c393054aa8c46a0a

SHA1
3d26e532d5b37939b51884bfb53732070c4dca9a

SHA256
5f7570144541408b41c15373bb8870e7bde53ad3c5413e2f6000e6f0e449b853

SHA512
1a0dc02bdd53e1bd49b2a72b10828463f5c8bed8a17b8498eb4ae939a40dfd8bcaeba1feac1190f5595b4da245a7aa0e4507724ef9fb74172b29581e885cd563

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex.lnk

Filesize
2KB

MD5
674a77f188b44b6afd6fa50eb1c0d4d3

SHA1
c59fbe140b8ca3fc478433013f2e6951db68fea0

SHA256
71f48b40ea327176e7c10dc7a44629f29de974c0074a4a0df696e8264bf73a63

SHA512
8eab1def448a3f3d53496bc48c82799af7ffe113507a17dda5fb6504034affaa8c63bb052af7f93ae5f058ca8d08b4f39c5319e0887ca1b01b42ea01be400b43

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
edf69e5ae86bbe52dcd0a0fac81f5f2d

SHA1
f246e7731cb5bc37c3cc94acc6dbe43f5625219b

SHA256
697c791d91e131982a5decba7f4b3781202047236dafd624e92a5fda4fd98af9

SHA512
45980d0b6773458ad925b34a8a4c533c44280910ace56dc6706a5415ace9da6f7493923ec9c1e0dbd503b3b47f4d639f71c9810a9767a6988a078a69edc57b53

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
edf69e5ae86bbe52dcd0a0fac81f5f2d

SHA1
f246e7731cb5bc37c3cc94acc6dbe43f5625219b

SHA256
697c791d91e131982a5decba7f4b3781202047236dafd624e92a5fda4fd98af9

SHA512
45980d0b6773458ad925b34a8a4c533c44280910ace56dc6706a5415ace9da6f7493923ec9c1e0dbd503b3b47f4d639f71c9810a9767a6988a078a69edc57b53

Download Submit
C:\Windows\TEMP\sdwra_3556_309310129\service_update.exe

Filesize
2.6MB

MD5
59aad4eb7e5762093e6ebf9195148dbb

SHA1
77a3e4ce5c273f773df68198584df5652a7ee9a2

SHA256
eb99f103de7d43a08fcba2264a3882706a7d8a6e6dd45df1442170f222595b79

SHA512
dd6c4317ee91cfb684f434520102f735796f369bb0097b83ac7049b1dd77a14e754f729df991d2aab1b1b538abd6efd965d8d5bd7a0c35131f867d09dcb4f1e0

Download Submit
C:\Windows\Temp\sdwra_3556_309310129\service_update.exe

Filesize
2.6MB

MD5
59aad4eb7e5762093e6ebf9195148dbb

SHA1
77a3e4ce5c273f773df68198584df5652a7ee9a2

SHA256
eb99f103de7d43a08fcba2264a3882706a7d8a6e6dd45df1442170f222595b79

SHA512
dd6c4317ee91cfb684f434520102f735796f369bb0097b83ac7049b1dd77a14e754f729df991d2aab1b1b538abd6efd965d8d5bd7a0c35131f867d09dcb4f1e0

Download Submit
memory/5456-1865-0x000002A117590000-0x000002A117591000-memory.dmp

Filesize
4KB

Download
memory/5456-1899-0x000002A117410000-0x000002A117411000-memory.dmp

Filesize
4KB

Download
memory/5456-1873-0x000002A117590000-0x000002A117591000-memory.dmp

Filesize
4KB

Download
memory/5456-1874-0x000002A1171C0000-0x000002A1171C1000-memory.dmp

Filesize
4KB

Download
memory/5456-1875-0x000002A1171B0000-0x000002A1171B1000-memory.dmp

Filesize
4KB

Download
memory/5456-1877-0x000002A1171C0000-0x000002A1171C1000-memory.dmp

Filesize
4KB

Download
memory/5456-1880-0x000002A1171B0000-0x000002A1171B1000-memory.dmp

Filesize
4KB

Download
memory/5456-1883-0x000002A1170F0000-0x000002A1170F1000-memory.dmp

Filesize
4KB

Download
memory/5456-1895-0x000002A1172F0000-0x000002A1172F1000-memory.dmp

Filesize
4KB

Download
memory/5456-1897-0x000002A117300000-0x000002A117301000-memory.dmp

Filesize
4KB

Download
memory/5456-1898-0x000002A117300000-0x000002A117301000-memory.dmp

Filesize
4KB

Download
memory/5456-1872-0x000002A117590000-0x000002A117591000-memory.dmp

Filesize
4KB

Download
memory/5456-1871-0x000002A117590000-0x000002A117591000-memory.dmp

Filesize
4KB

Download
memory/5456-1870-0x000002A117590000-0x000002A117591000-memory.dmp

Filesize
4KB

Download
memory/5456-1869-0x000002A117590000-0x000002A117591000-memory.dmp

Filesize
4KB

Download
memory/5456-1868-0x000002A117590000-0x000002A117591000-memory.dmp

Filesize
4KB

Download
memory/5456-1867-0x000002A117590000-0x000002A117591000-memory.dmp

Filesize
4KB

Download
memory/5456-1866-0x000002A117590000-0x000002A117591000-memory.dmp

Filesize
4KB

Download
memory/5456-1864-0x000002A117590000-0x000002A117591000-memory.dmp

Filesize
4KB

Download
memory/5456-1863-0x000002A117570000-0x000002A117571000-memory.dmp

Filesize
4KB

Download
memory/5456-1847-0x000002A10EF80000-0x000002A10EF90000-memory.dmp

Filesize
64KB

Download
memory/5456-1831-0x000002A10EE80000-0x000002A10EE90000-memory.dmp

Filesize
64KB

Download