6e287dca83f3b909f15275b9f5f832fee327f5a9c9a5903450e75abbcb9ef2ad

Analysis

max time kernel
140s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
18/08/2024, 19:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6e287dca83f3b909f15275b9f5f832fee327f5a9c9a5903450e75abbcb9ef2ad.exe
Size

10.4MB
MD5

2e784cdab6b1f0e6cc0ef4b620354bfd
SHA1

4f1f5f252804720aa2c94682d0af141bc9c8584e
SHA256

6e287dca83f3b909f15275b9f5f832fee327f5a9c9a5903450e75abbcb9ef2ad
SHA512

2303c0c89824babee763944a74c8f77a94ff6185e00819942fc29fe54658185c5eec8ccbc7bc702406f938a28bbfdc5ee7e3314421e717ca2c27f3c8a8dd7aca
SSDEEP

196608:gUZWC2SSJ7PbDdh0HtQba8z1sjzkAilU4I4:gUZB25J7PbDjOQba8psjzyz

Score

8^/10

discovery persistence spyware stealer

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 14 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation	6e287dca83f3b909f15275b9f5f832fee327f5a9c9a5903450e75abbcb9ef2ad.exe
Key value queried	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation	setup.exe
Key value queried	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation	service_update.exe
Key value queried	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation	explorer.exe
Key value queried	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation	Yandex.exe
Key value queried	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation	explorer.exe
Key value queried	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation	browser.exe

Executes dropped EXE 62 IoCs

pid	Process
1580	yb8E55.tmp
4068	setup.exe
3488	setup.exe
3848	setup.exe
1456	service_update.exe
3064	service_update.exe
3576	service_update.exe
3768	service_update.exe
1596	service_update.exe
3976	service_update.exe
3808	explorer.exe
3112	explorer.exe
3004	Yandex.exe
3636	explorer.exe
2892	clidmgr.exe
2828	clidmgr.exe
1740	browser.exe
3844	browser.exe
2200	browser.exe
844	browser.exe
3108	browser.exe
4480	browser.exe
4136	browser.exe
2432	browser.exe
3380	browser.exe
232	browser.exe
4960	browser.exe
6040	browser.exe
2604	browser.exe
5144	browser.exe
5332	browser.exe
5960	browser.exe
5944	browser.exe
3384	browser.exe
5500	browser.exe
5740	browser.exe
3456	browser.exe
5568	browser.exe
5608	browser.exe
5660	browser.exe
5752	browser.exe
2396	browser.exe
5276	browser.exe
5304	browser.exe
6040	browser.exe
652	browser.exe
5720	browser.exe
5920	browser.exe
2028	browser.exe
4132	browser.exe
5668	browser.exe
864	browser.exe
2052	browser.exe
5880	browser.exe
5956	browser.exe
5516	browser.exe
4012	browser.exe
5260	browser.exe
6112	browser.exe
5364	browser.exe
5368	browser.exe
4456	browser.exe

Loads dropped DLL 64 IoCs

pid	Process
1740	browser.exe
3844	browser.exe
1740	browser.exe
2200	browser.exe
2200	browser.exe
844	browser.exe
844	browser.exe
3108	browser.exe
3108	browser.exe
4480	browser.exe
4480	browser.exe
4136	browser.exe
4136	browser.exe
3380	browser.exe
2432	browser.exe
232	browser.exe
232	browser.exe
2432	browser.exe
3380	browser.exe
4960	browser.exe
4960	browser.exe
2200	browser.exe
2200	browser.exe
2200	browser.exe
2200	browser.exe
2200	browser.exe
2200	browser.exe
2200	browser.exe
6040	browser.exe
6040	browser.exe
2604	browser.exe
2604	browser.exe
5144	browser.exe
5144	browser.exe
5332	browser.exe
5332	browser.exe
5960	browser.exe
5960	browser.exe
5944	browser.exe
3384	browser.exe
3384	browser.exe
5944	browser.exe
5500	browser.exe
5500	browser.exe
5740	browser.exe
5740	browser.exe
3456	browser.exe
3456	browser.exe
5568	browser.exe
5568	browser.exe
5608	browser.exe
5608	browser.exe
5660	browser.exe
5752	browser.exe
5660	browser.exe
5752	browser.exe
5276	browser.exe
5276	browser.exe
5304	browser.exe
5304	browser.exe
6040	browser.exe
6040	browser.exe
652	browser.exe
5720	browser.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\YandexBrowserAutoLaunch_45886AE68CD319C7351FF54A1DBD4B87 = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --shutdown-if-not-closed-by-system-restart"	browser.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks system information in the registry 2 TTPs 5 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	browser.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	browser.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	browser.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	browser.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	browser.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\system32\config\systemprofile\AppData\Roaming\Yandex\ui	service_update.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1029\service_update.exe	service_update.exe
File opened for modification	C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1029\service_update.exe	service_update.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\Tasks\System update for Yandex Browser.job	service_update.exe
File created	C:\Windows\Tasks\Update for Yandex Browser.job	service_update.exe
File created	C:\Windows\Tasks\Repairing Yandex Browser update service.job	service_update.exe
File created	C:\Windows\Tasks\Обновление Браузера Яндекс.job	browser.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	clidmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	clidmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6e287dca83f3b909f15275b9f5f832fee327f5a9c9a5903450e75abbcb9ef2ad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6e287dca83f3b909f15275b9f5f832fee327f5a9c9a5903450e75abbcb9ef2ad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Yandex.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	explorer.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	browser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	browser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	browser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	browser.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	browser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	browser.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	browser.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	browser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	browser.exe

Modifies data under HKEY_USERS 6 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133684831663072678"	browser.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\Yandex	service_update.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	service_update.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\AppDataLow	service_update.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\Yandex\UICreated_SYSTEM = "1"	service_update.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	browser.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\YandexEPUB.KLJIBSNKFGTPAB7LZL2RGHFY7I\Application	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\yabrowser\shell\open	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\YandexSWF.KLJIBSNKFGTPAB7LZL2RGHFY7I\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\SystemFileAssociations\.tif\shell\image_search\ = "Поиск по картинке"	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\YandexPNG.KLJIBSNKFGTPAB7LZL2RGHFY7I\Application\ApplicationDescription = "Яндекс\u00a0Браузер – это быстрая и\u00a0удобная программа для\u00a0работы в\u00a0интернете и\u00a0просмотра веб-страниц."	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\YandexSVG.KLJIBSNKFGTPAB7LZL2RGHFY7I\Application\ApplicationName = "Yandex"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\YandexJS.KLJIBSNKFGTPAB7LZL2RGHFY7I\Application\ApplicationCompany = "Yandex"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\SystemFileAssociations\.tif\shell\image_search\command	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\YandexJS.KLJIBSNKFGTPAB7LZL2RGHFY7I\Application\AppUserModelId = "Yandex.KLJIBSNKFGTPAB7LZL2RGHFY7I"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\.js\OpenWithProgids\YandexJS.KLJIBSNKFGTPAB7LZL2RGHFY7I	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\YandexSVG.KLJIBSNKFGTPAB7LZL2RGHFY7I\shell\open\command	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\SystemFileAssociations\.jpeg\shell\image_search\command	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\YandexBrowser.crx\Application\ApplicationIcon = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,0"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\YandexINFE.KLJIBSNKFGTPAB7LZL2RGHFY7I\Application\ApplicationName = "Yandex"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\YandexJS.KLJIBSNKFGTPAB7LZL2RGHFY7I\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\.gif\OpenWithProgids\YandexGIF.KLJIBSNKFGTPAB7LZL2RGHFY7I	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\YandexBrowser.crx\shell	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\YandexWEBP.KLJIBSNKFGTPAB7LZL2RGHFY7I\Application\ApplicationIcon = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,0"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\YandexSWF.KLJIBSNKFGTPAB7LZL2RGHFY7I\shell	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\.fb2\OpenWithProgids	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\YandexEPUB.KLJIBSNKFGTPAB7LZL2RGHFY7I\ = "Yandex Browser EPUB Document"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\YandexJPEG.KLJIBSNKFGTPAB7LZL2RGHFY7I\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-109"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\SystemFileAssociations\.bmp\shell\image_search\command	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\YandexINFE.KLJIBSNKFGTPAB7LZL2RGHFY7I\ = "Malware Infected File"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\YandexWEBP.KLJIBSNKFGTPAB7LZL2RGHFY7I\Application	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\YandexPDF.KLJIBSNKFGTPAB7LZL2RGHFY7I\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-112"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\.tiff\OpenWithProgids\YandexTIFF.KLJIBSNKFGTPAB7LZL2RGHFY7I	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\.html\OpenWithProgids\YandexHTML.KLJIBSNKFGTPAB7LZL2RGHFY7I	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\YandexJPEG.KLJIBSNKFGTPAB7LZL2RGHFY7I\shell\open	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\YandexWEBM.KLJIBSNKFGTPAB7LZL2RGHFY7I\Application\ApplicationCompany = "Yandex"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\YandexFB2.KLJIBSNKFGTPAB7LZL2RGHFY7I\Application	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\YandexTIFF.KLJIBSNKFGTPAB7LZL2RGHFY7I\shell\open	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\YandexWEBP.KLJIBSNKFGTPAB7LZL2RGHFY7I	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\YandexXML.KLJIBSNKFGTPAB7LZL2RGHFY7I\Application\ApplicationIcon = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,0"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\.tif	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\yabrowser\shell	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\YandexCSS.KLJIBSNKFGTPAB7LZL2RGHFY7I\Application	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\YandexEPUB.KLJIBSNKFGTPAB7LZL2RGHFY7I\Application\AppUserModelId = "Yandex.KLJIBSNKFGTPAB7LZL2RGHFY7I"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\YandexGIF.KLJIBSNKFGTPAB7LZL2RGHFY7I\DefaultIcon	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\.mhtml\OpenWithProgids\YandexHTML.KLJIBSNKFGTPAB7LZL2RGHFY7I	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\YandexEPUB.KLJIBSNKFGTPAB7LZL2RGHFY7I\shell\open\command	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\.epub\OpenWithProgids\YandexEPUB.KLJIBSNKFGTPAB7LZL2RGHFY7I	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\SystemFileAssociations	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\YandexFB2.KLJIBSNKFGTPAB7LZL2RGHFY7I\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-122"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\YandexSWF.KLJIBSNKFGTPAB7LZL2RGHFY7I\Application\ApplicationCompany = "Yandex"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\SystemFileAssociations\.gif	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\SystemFileAssociations\.bmp\shell\image_search	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\YandexCRX.KLJIBSNKFGTPAB7LZL2RGHFY7I\shell	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\.gif\OpenWithProgids	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\.css\OpenWithProgids\YandexCSS.KLJIBSNKFGTPAB7LZL2RGHFY7I	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\YandexCSS.KLJIBSNKFGTPAB7LZL2RGHFY7I\ = "Yandex Browser CSS Document"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\YandexCSS.KLJIBSNKFGTPAB7LZL2RGHFY7I\shell\open\command	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\.jpg\OpenWithProgids	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\YandexFB2.KLJIBSNKFGTPAB7LZL2RGHFY7I\Application\ApplicationDescription = "Яндекс\u00a0Браузер – это быстрая и\u00a0удобная программа для\u00a0работы в\u00a0интернете и\u00a0просмотра веб-страниц."	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\YandexTIFF.KLJIBSNKFGTPAB7LZL2RGHFY7I\Application\ApplicationDescription = "Яндекс\u00a0Браузер – это быстрая и\u00a0удобная программа для\u00a0работы в\u00a0интернете и\u00a0просмотра веб-страниц."	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\YandexINFE.KLJIBSNKFGTPAB7LZL2RGHFY7I\DefaultIcon	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\.htm	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\SystemFileAssociations\.jpg\shell\image_search\ = "Поиск по картинке"	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\.css\OpenWithProgids	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\.pdf	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\YandexPDF.KLJIBSNKFGTPAB7LZL2RGHFY7I\Application\AppUserModelId = "Yandex.KLJIBSNKFGTPAB7LZL2RGHFY7I"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\.txt	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\YandexCSS.KLJIBSNKFGTPAB7LZL2RGHFY7I\Application\ApplicationIcon = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,0"	setup.exe

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 5c000000010000000400000000100000190000000100000010000000ea6089055218053dd01e37e1d806eedf0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254830400000001000000100000001bfe69d191b71933a372a80fe155e5b52000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd	6e287dca83f3b909f15275b9f5f832fee327f5a9c9a5903450e75abbcb9ef2ad.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 040000000100000010000000e94fb54871208c00df70f708ac47085b0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b81900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b4200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 5c0000000100000004000000001000001900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c040000000100000010000000e94fb54871208c00df70f708ac47085b200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E	6e287dca83f3b909f15275b9f5f832fee327f5a9c9a5903450e75abbcb9ef2ad.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0400000001000000100000001bfe69d191b71933a372a80fe155e5b50f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e190000000100000010000000ea6089055218053dd01e37e1d806eedf2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd	6e287dca83f3b909f15275b9f5f832fee327f5a9c9a5903450e75abbcb9ef2ad.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3488	setup.exe
3488	setup.exe
3488	setup.exe
3488	setup.exe
1740	browser.exe
1740	browser.exe
1740	browser.exe
1740	browser.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1740	browser.exe
1740	browser.exe
1740	browser.exe
1740	browser.exe
1740	browser.exe
1740	browser.exe
1740	browser.exe
1740	browser.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1740	browser.exe
Token: SeCreatePagefilePrivilege	1740	browser.exe
Token: SeShutdownPrivilege	1740	browser.exe
Token: SeCreatePagefilePrivilege	1740	browser.exe
Token: SeShutdownPrivilege	1740	browser.exe
Token: SeCreatePagefilePrivilege	1740	browser.exe
Token: SeShutdownPrivilege	1740	browser.exe
Token: SeCreatePagefilePrivilege	1740	browser.exe
Token: SeShutdownPrivilege	1740	browser.exe
Token: SeCreatePagefilePrivilege	1740	browser.exe
Token: SeShutdownPrivilege	1740	browser.exe
Token: SeCreatePagefilePrivilege	1740	browser.exe
Token: SeShutdownPrivilege	1740	browser.exe
Token: SeCreatePagefilePrivilege	1740	browser.exe
Token: SeShutdownPrivilege	1740	browser.exe
Token: SeCreatePagefilePrivilege	1740	browser.exe
Token: SeShutdownPrivilege	1740	browser.exe
Token: SeCreatePagefilePrivilege	1740	browser.exe
Token: SeShutdownPrivilege	1740	browser.exe
Token: SeCreatePagefilePrivilege	1740	browser.exe
Token: SeShutdownPrivilege	1740	browser.exe
Token: SeCreatePagefilePrivilege	1740	browser.exe
Token: SeShutdownPrivilege	1740	browser.exe
Token: SeCreatePagefilePrivilege	1740	browser.exe
Token: SeShutdownPrivilege	1740	browser.exe
Token: SeCreatePagefilePrivilege	1740	browser.exe
Token: SeShutdownPrivilege	1740	browser.exe
Token: SeCreatePagefilePrivilege	1740	browser.exe
Token: SeShutdownPrivilege	1740	browser.exe
Token: SeCreatePagefilePrivilege	1740	browser.exe
Token: SeShutdownPrivilege	1740	browser.exe
Token: SeCreatePagefilePrivilege	1740	browser.exe
Token: SeShutdownPrivilege	1740	browser.exe
Token: SeCreatePagefilePrivilege	1740	browser.exe
Token: SeShutdownPrivilege	1740	browser.exe
Token: SeCreatePagefilePrivilege	1740	browser.exe
Token: SeShutdownPrivilege	1740	browser.exe
Token: SeCreatePagefilePrivilege	1740	browser.exe
Token: SeShutdownPrivilege	1740	browser.exe
Token: SeCreatePagefilePrivilege	1740	browser.exe
Token: SeShutdownPrivilege	1740	browser.exe
Token: SeCreatePagefilePrivilege	1740	browser.exe
Token: SeShutdownPrivilege	1740	browser.exe
Token: SeCreatePagefilePrivilege	1740	browser.exe
Token: SeShutdownPrivilege	1740	browser.exe
Token: SeCreatePagefilePrivilege	1740	browser.exe
Token: SeShutdownPrivilege	1740	browser.exe
Token: SeCreatePagefilePrivilege	1740	browser.exe
Token: SeShutdownPrivilege	1740	browser.exe
Token: SeCreatePagefilePrivilege	1740	browser.exe
Token: SeShutdownPrivilege	1740	browser.exe
Token: SeCreatePagefilePrivilege	1740	browser.exe
Token: SeShutdownPrivilege	1740	browser.exe
Token: SeCreatePagefilePrivilege	1740	browser.exe
Token: SeShutdownPrivilege	1740	browser.exe
Token: SeCreatePagefilePrivilege	1740	browser.exe
Token: SeShutdownPrivilege	1740	browser.exe
Token: SeCreatePagefilePrivilege	1740	browser.exe
Token: SeShutdownPrivilege	1740	browser.exe
Token: SeCreatePagefilePrivilege	1740	browser.exe
Token: SeShutdownPrivilege	1740	browser.exe
Token: SeCreatePagefilePrivilege	1740	browser.exe
Token: SeShutdownPrivilege	1740	browser.exe
Token: SeCreatePagefilePrivilege	1740	browser.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
2168	6e287dca83f3b909f15275b9f5f832fee327f5a9c9a5903450e75abbcb9ef2ad.exe
3808	explorer.exe
3636	explorer.exe
1740	browser.exe
1740	browser.exe
1740	browser.exe
1740	browser.exe
1740	browser.exe
1740	browser.exe
1740	browser.exe
1740	browser.exe
1740	browser.exe
1740	browser.exe
1740	browser.exe
1740	browser.exe
1740	browser.exe
1740	browser.exe
1740	browser.exe
1740	browser.exe
1740	browser.exe
1740	browser.exe
1740	browser.exe
1740	browser.exe
1740	browser.exe
1740	browser.exe
1740	browser.exe
1740	browser.exe
1740	browser.exe
1740	browser.exe
1740	browser.exe
1740	browser.exe
1740	browser.exe
1740	browser.exe
1740	browser.exe
1740	browser.exe
1740	browser.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1740	browser.exe
1740	browser.exe
1740	browser.exe
1740	browser.exe
1740	browser.exe
1740	browser.exe
1740	browser.exe
1740	browser.exe
1740	browser.exe
1740	browser.exe
1740	browser.exe
1740	browser.exe
1740	browser.exe
1740	browser.exe
1740	browser.exe
1740	browser.exe
1740	browser.exe
1740	browser.exe
1740	browser.exe
1740	browser.exe
1740	browser.exe
1740	browser.exe
1740	browser.exe
1740	browser.exe
1740	browser.exe
1740	browser.exe
1740	browser.exe
1740	browser.exe
1740	browser.exe
1740	browser.exe
1740	browser.exe
1740	browser.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2168	6e287dca83f3b909f15275b9f5f832fee327f5a9c9a5903450e75abbcb9ef2ad.exe
1740	browser.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2168 wrote to memory of 1516	2168	6e287dca83f3b909f15275b9f5f832fee327f5a9c9a5903450e75abbcb9ef2ad.exe	86
PID 2168 wrote to memory of 1516	2168	6e287dca83f3b909f15275b9f5f832fee327f5a9c9a5903450e75abbcb9ef2ad.exe	86
PID 2168 wrote to memory of 1516	2168	6e287dca83f3b909f15275b9f5f832fee327f5a9c9a5903450e75abbcb9ef2ad.exe	86
PID 1516 wrote to memory of 1580	1516	6e287dca83f3b909f15275b9f5f832fee327f5a9c9a5903450e75abbcb9ef2ad.exe	97
PID 1516 wrote to memory of 1580	1516	6e287dca83f3b909f15275b9f5f832fee327f5a9c9a5903450e75abbcb9ef2ad.exe	97
PID 1580 wrote to memory of 4068	1580	yb8E55.tmp	98
PID 1580 wrote to memory of 4068	1580	yb8E55.tmp	98
PID 4068 wrote to memory of 3488	4068	setup.exe	99
PID 4068 wrote to memory of 3488	4068	setup.exe	99
PID 3488 wrote to memory of 3848	3488	setup.exe	100
PID 3488 wrote to memory of 3848	3488	setup.exe	100
PID 3488 wrote to memory of 1456	3488	setup.exe	103
PID 3488 wrote to memory of 1456	3488	setup.exe	103
PID 1456 wrote to memory of 3064	1456	service_update.exe	104
PID 1456 wrote to memory of 3064	1456	service_update.exe	104
PID 3576 wrote to memory of 3768	3576	service_update.exe	106
PID 3576 wrote to memory of 3768	3576	service_update.exe	106
PID 3576 wrote to memory of 1596	3576	service_update.exe	107
PID 3576 wrote to memory of 1596	3576	service_update.exe	107
PID 1596 wrote to memory of 3976	1596	service_update.exe	108
PID 1596 wrote to memory of 3976	1596	service_update.exe	108
PID 3488 wrote to memory of 3808	3488	setup.exe	110
PID 3488 wrote to memory of 3808	3488	setup.exe	110
PID 3808 wrote to memory of 3112	3808	explorer.exe	111
PID 3808 wrote to memory of 3112	3808	explorer.exe	111
PID 3488 wrote to memory of 3004	3488	setup.exe	112
PID 3488 wrote to memory of 3004	3488	setup.exe	112
PID 3488 wrote to memory of 3004	3488	setup.exe	112
PID 3004 wrote to memory of 3636	3004	Yandex.exe	113
PID 3004 wrote to memory of 3636	3004	Yandex.exe	113
PID 3004 wrote to memory of 3636	3004	Yandex.exe	113
PID 3488 wrote to memory of 2892	3488	setup.exe	114
PID 3488 wrote to memory of 2892	3488	setup.exe	114
PID 3488 wrote to memory of 2892	3488	setup.exe	114
PID 3488 wrote to memory of 2828	3488	setup.exe	116
PID 3488 wrote to memory of 2828	3488	setup.exe	116
PID 3488 wrote to memory of 2828	3488	setup.exe	116
PID 1740 wrote to memory of 3844	1740	browser.exe	119
PID 1740 wrote to memory of 3844	1740	browser.exe	119
PID 1740 wrote to memory of 2200	1740	browser.exe	120
PID 1740 wrote to memory of 2200	1740	browser.exe	120
PID 1740 wrote to memory of 2200	1740	browser.exe	120
PID 1740 wrote to memory of 2200	1740	browser.exe	120
PID 1740 wrote to memory of 2200	1740	browser.exe	120
PID 1740 wrote to memory of 2200	1740	browser.exe	120
PID 1740 wrote to memory of 2200	1740	browser.exe	120
PID 1740 wrote to memory of 2200	1740	browser.exe	120
PID 1740 wrote to memory of 2200	1740	browser.exe	120
PID 1740 wrote to memory of 2200	1740	browser.exe	120
PID 1740 wrote to memory of 2200	1740	browser.exe	120
PID 1740 wrote to memory of 2200	1740	browser.exe	120
PID 1740 wrote to memory of 2200	1740	browser.exe	120
PID 1740 wrote to memory of 2200	1740	browser.exe	120
PID 1740 wrote to memory of 2200	1740	browser.exe	120
PID 1740 wrote to memory of 2200	1740	browser.exe	120
PID 1740 wrote to memory of 2200	1740	browser.exe	120
PID 1740 wrote to memory of 2200	1740	browser.exe	120
PID 1740 wrote to memory of 2200	1740	browser.exe	120
PID 1740 wrote to memory of 2200	1740	browser.exe	120
PID 1740 wrote to memory of 2200	1740	browser.exe	120
PID 1740 wrote to memory of 2200	1740	browser.exe	120
PID 1740 wrote to memory of 2200	1740	browser.exe	120
PID 1740 wrote to memory of 2200	1740	browser.exe	120
PID 1740 wrote to memory of 2200	1740	browser.exe	120

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\6e287dca83f3b909f15275b9f5f832fee327f5a9c9a5903450e75abbcb9ef2ad.exe
"C:\Users\Admin\AppData\Local\Temp\6e287dca83f3b909f15275b9f5f832fee327f5a9c9a5903450e75abbcb9ef2ad.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Modifies system certificate store
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2168
- C:\Users\Admin\AppData\Local\Temp\6e287dca83f3b909f15275b9f5f832fee327f5a9c9a5903450e75abbcb9ef2ad.exe
  "C:\Users\Admin\AppData\Local\Temp\6e287dca83f3b909f15275b9f5f832fee327f5a9c9a5903450e75abbcb9ef2ad.exe" --parent-installer-process-id=2168 --run-as-admin --setup-cmd-line="fake_browser_arc --abt-config-resource-file=\"C:\Users\Admin\AppData\Local\Temp\abt_config_resource\" --abt-update-path=\"C:\Users\Admin\AppData\Local\Temp\53c2c567-2c78-40cf-b70a-810d6da77f7b.tmp\" --brand-name=yandex --browser-present=none --distr-info-file=\"C:\Users\Admin\AppData\Local\Temp\distrib_info\" --installer-brand-id=yandex --installer-partner-id=exp_firstscreen_2 --progress-window=393542 --testids=1045949 --variations-update-path=\"C:\Users\Admin\AppData\Local\Temp\66dee2bf-90b4-4b00-ba9e-30ee4eaca702.tmp\" --verbose-logging"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:1516
- - C:\Users\Admin\AppData\Local\Temp\yb8E55.tmp
    "C:\Users\Admin\AppData\Local\Temp\yb8E55.tmp" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\53c2c567-2c78-40cf-b70a-810d6da77f7b.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --browser-present=none --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=30 --install-start-time-no-uac=474540495 --installer-brand-id=yandex --installer-partner-id=exp_firstscreen_2 --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --partner-package="C:\Users\Admin\AppData\Local\Temp\PartnerFile" --progress-window=393542 --source=lite --testids=1045949 --variations-update-path="C:\Users\Admin\AppData\Local\Temp\66dee2bf-90b4-4b00-ba9e-30ee4eaca702.tmp" --verbose-logging
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:1580
  - - C:\Users\Admin\AppData\Local\Temp\YB_4AF15.tmp\setup.exe
      "C:\Users\Admin\AppData\Local\Temp\YB_4AF15.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_4AF15.tmp\BROWSER.PACKED.7Z" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\53c2c567-2c78-40cf-b70a-810d6da77f7b.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --browser-present=none --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=30 --install-start-time-no-uac=474540495 --installer-brand-id=yandex --installer-partner-id=exp_firstscreen_2 --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --partner-package="C:\Users\Admin\AppData\Local\Temp\PartnerFile" --progress-window=393542 --source=lite --testids=1045949 --variations-update-path="C:\Users\Admin\AppData\Local\Temp\66dee2bf-90b4-4b00-ba9e-30ee4eaca702.tmp" --verbose-logging
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:4068
    - - C:\Users\Admin\AppData\Local\Temp\YB_4AF15.tmp\setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\YB_4AF15.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_4AF15.tmp\BROWSER.PACKED.7Z" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\53c2c567-2c78-40cf-b70a-810d6da77f7b.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --browser-present=none --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=30 --install-start-time-no-uac=474540495 --installer-brand-id=yandex --installer-partner-id=exp_firstscreen_2 --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --partner-package="C:\Users\Admin\AppData\Local\Temp\PartnerFile" --progress-window=393542 --source=lite --testids=1045949 --variations-update-path="C:\Users\Admin\AppData\Local\Temp\66dee2bf-90b4-4b00-ba9e-30ee4eaca702.tmp" --verbose-logging --verbose-logging --run-as-admin --target-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application" --child-setup-process --restart-as-admin-time=509103002
        5⤵
        Executes dropped EXE
        Modifies registry class
        Modifies system certificate store
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:3488
      - C:\Users\Admin\AppData\Local\Temp\YB_4AF15.tmp\setup.exe
        
        C:\Users\Admin\AppData\Local\Temp\YB_4AF15.tmp\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=488dca4c15f9a1d330ad312b391a804e --annotation=main_process_pid=3488 --annotation=plat=Win64 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.7.1.1029 --initial-client-data=0x270,0x274,0x278,0x24c,0x27c,0x7ff7598ad728,0x7ff7598ad734,0x7ff7598ad740
        6⤵
        Executes dropped EXE
        
        PID:3848
      - C:\Windows\TEMP\sdwra_3488_1071071119\service_update.exe
        
        "C:\Windows\TEMP\sdwra_3488_1071071119\service_update.exe" --setup
        6⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in Program Files directory
        Suspicious use of WriteProcessMemory
        
        PID:1456
        
        C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1029\service_update.exe
        
        "C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1029\service_update.exe" --install
        7⤵
        Executes dropped EXE
        
        PID:3064
      - C:\Users\Admin\AppData\Local\Temp\YB_4AF15.tmp\Temp\scoped_dir3488_542270092\explorer.exe
        
        "C:\Users\Admin\AppData\Local\Temp\YB_4AF15.tmp\Temp\scoped_dir3488_542270092\explorer.exe" --pttw1="C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex.lnk"
        6⤵
        Checks computer location settings
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of WriteProcessMemory
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\YB_4AF15.tmp\Temp\scoped_dir3488_542270092\explorer.exe
        
        C:\Users\Admin\AppData\Local\Temp\YB_4AF15.tmp\Temp\scoped_dir3488_542270092\explorer.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=488dca4c15f9a1d330ad312b391a804e --annotation=main_process_pid=3808 --annotation=plat=Win64 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.7.1.1029 --initial-client-data=0x26c,0x270,0x274,0x248,0x278,0x7ff795e7d728,0x7ff795e7d734,0x7ff795e7d740
        7⤵
        Executes dropped EXE
        
        PID:3112
      - C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe
        
        C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe --silent
        6⤵
        Checks computer location settings
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\pin\explorer.exe
        
        C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe --silent /pin-path="C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.lnk" --is-pinning
        7⤵
        Checks computer location settings
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Modifies registry class
        Suspicious use of FindShellTrayWindow
        
        PID:3636
      - C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
        
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Temp\clids.xml"
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2892
      - C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
        
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\source3488_1381053220\Browser-bin\clids_yandex.xml"
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2828

C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1029\service_update.exe
"C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1029\service_update.exe" --run-as-service
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies data under HKEY_USERS
- Suspicious use of WriteProcessMemory
PID:3576
- C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1029\service_update.exe
  "C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1029\service_update.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=488dca4c15f9a1d330ad312b391a804e --annotation=main_process_pid=3576 --annotation=plat=Win64 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.7.1.1029 --initial-client-data=0x210,0x214,0x218,0x1ec,0x21c,0x7ff70f268b00,0x7ff70f268b0c,0x7ff70f268b18
  2⤵
  - Executes dropped EXE
  PID:3768
- C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1029\service_update.exe
  "C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1029\service_update.exe" --update-scheduler
  2⤵
  - Executes dropped EXE
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:1596
- - C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1029\service_update.exe
    "C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1029\service_update.exe" --update-background-scheduler
    3⤵
    - Executes dropped EXE
    - Drops file in Windows directory
    PID:3976

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --progress-window=393542 --install-start-time-no-uac=474540495
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Checks system information in the registry
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1740
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id= --annotation=main_process_pid=1740 --annotation=metrics_client_id=32f7d1d00ac94b35a34a3713289e3c96 --annotation=plat=Win64 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.7.1.1029 --initial-client-data=0x13c,0x140,0x144,0x118,0x148,0x7ffca1abcf90,0x7ffca1abcf9c,0x7ffca1abcfa8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3844
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=72CAD7FF-BCB0-48A9-856B-31A7F5B7FD16 --brand-id=yandex --partner-id=exp_firstscreen_2 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --gpu-process-kind=sandboxed --field-trial-handle=2280,i,1780109098437334083,13275903869426892066,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=1720 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2200
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=72CAD7FF-BCB0-48A9-856B-31A7F5B7FD16 --brand-id=yandex --partner-id=exp_firstscreen_2 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=disabled --gpu-process-kind=trampoline --field-trial-handle=2068,i,1780109098437334083,13275903869426892066,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2352 /prefetch:6
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:844
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=72CAD7FF-BCB0-48A9-856B-31A7F5B7FD16 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Network Service" --field-trial-handle=2700,i,1780109098437334083,13275903869426892066,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2664 --brver=24.7.1.1029 /prefetch:3
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3108
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=ru --service-sandbox-type=service --user-id=72CAD7FF-BCB0-48A9-856B-31A7F5B7FD16 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Storage Service" --field-trial-handle=2840,i,1780109098437334083,13275903869426892066,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3212 --brver=24.7.1.1029 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4480
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=ru --service-sandbox-type=audio --user-id=72CAD7FF-BCB0-48A9-856B-31A7F5B7FD16 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Audio Service" --field-trial-handle=3028,i,1780109098437334083,13275903869426892066,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3348 --brver=24.7.1.1029 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4136
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=ru --service-sandbox-type=none --user-id=72CAD7FF-BCB0-48A9-856B-31A7F5B7FD16 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Video Capture" --field-trial-handle=3156,i,1780109098437334083,13275903869426892066,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3492 --brver=24.7.1.1029 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2432
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=72CAD7FF-BCB0-48A9-856B-31A7F5B7FD16 --brand-id=yandex --partner-id=exp_firstscreen_2 --extension-process --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --allow-prefetch --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3536,i,1780109098437334083,13275903869426892066,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3532 /prefetch:2
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3380
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=72CAD7FF-BCB0-48A9-856B-31A7F5B7FD16 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=3984,i,1780109098437334083,13275903869426892066,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4080 --brver=24.7.1.1029 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:232
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=72CAD7FF-BCB0-48A9-856B-31A7F5B7FD16 --brand-id=yandex --partner-id=exp_firstscreen_2 --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --allow-prefetch --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4500,i,1780109098437334083,13275903869426892066,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4496 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4960
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=ru --service-sandbox-type=none --user-id=72CAD7FF-BCB0-48A9-856B-31A7F5B7FD16 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Импорт профилей" --field-trial-handle=5148,i,1780109098437334083,13275903869426892066,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5164 --brver=24.7.1.1029 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:6040
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=72CAD7FF-BCB0-48A9-856B-31A7F5B7FD16 --brand-id=yandex --partner-id=exp_firstscreen_2 --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5436,i,1780109098437334083,13275903869426892066,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2604
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=72CAD7FF-BCB0-48A9-856B-31A7F5B7FD16 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=5584,i,1780109098437334083,13275903869426892066,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5640 --brver=24.7.1.1029 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5144
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=uwp_cookie_provider.mojom.UwpCookieProvider --lang=ru --service-sandbox-type=utility --user-id=72CAD7FF-BCB0-48A9-856B-31A7F5B7FD16 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name=uwp_cookie_provider.mojom.UwpCookieProvider --field-trial-handle=5944,i,1780109098437334083,13275903869426892066,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5956 --brver=24.7.1.1029 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5332
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=72CAD7FF-BCB0-48A9-856B-31A7F5B7FD16 --brand-id=yandex --partner-id=exp_firstscreen_2 --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --ya-custo-process --enable-instaserp --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4100,i,1780109098437334083,13275903869426892066,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5820 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5960
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=72CAD7FF-BCB0-48A9-856B-31A7F5B7FD16 --brand-id=yandex --partner-id=exp_firstscreen_2 --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --ya-custo-process --enable-instaserp --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4564,i,1780109098437334083,13275903869426892066,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4548 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5944
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=72CAD7FF-BCB0-48A9-856B-31A7F5B7FD16 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=6388,i,1780109098437334083,13275903869426892066,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=6396 --brver=24.7.1.1029 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3384
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=ru --service-sandbox-type=none --user-id=72CAD7FF-BCB0-48A9-856B-31A7F5B7FD16 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Утилиты Windows" --field-trial-handle=6532,i,1780109098437334083,13275903869426892066,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=6628 --brver=24.7.1.1029 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5500
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=service --user-id=72CAD7FF-BCB0-48A9-856B-31A7F5B7FD16 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Распаковщик файлов" --field-trial-handle=6360,i,1780109098437334083,13275903869426892066,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5844 --brver=24.7.1.1029 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5740
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=72CAD7FF-BCB0-48A9-856B-31A7F5B7FD16 --brand-id=yandex --partner-id=exp_firstscreen_2 --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=4508,i,1780109098437334083,13275903869426892066,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=6572 /prefetch:1
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3456
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=72CAD7FF-BCB0-48A9-856B-31A7F5B7FD16 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=5728,i,1780109098437334083,13275903869426892066,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=6128 --brver=24.7.1.1029 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5568
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=72CAD7FF-BCB0-48A9-856B-31A7F5B7FD16 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=6960,i,1780109098437334083,13275903869426892066,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=6896 --brver=24.7.1.1029 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5608
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=72CAD7FF-BCB0-48A9-856B-31A7F5B7FD16 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=6976,i,1780109098437334083,13275903869426892066,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=7264 --brver=24.7.1.1029 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5660
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=72CAD7FF-BCB0-48A9-856B-31A7F5B7FD16 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=5268,i,1780109098437334083,13275903869426892066,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=7436 --brver=24.7.1.1029 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5720
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=72CAD7FF-BCB0-48A9-856B-31A7F5B7FD16 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=5280,i,1780109098437334083,13275903869426892066,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=7564 --brver=24.7.1.1029 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5752
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=72CAD7FF-BCB0-48A9-856B-31A7F5B7FD16 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=5596,i,1780109098437334083,13275903869426892066,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=7712 --brver=24.7.1.1029 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5276
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=72CAD7FF-BCB0-48A9-856B-31A7F5B7FD16 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=6580,i,1780109098437334083,13275903869426892066,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=7872 --brver=24.7.1.1029 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5304
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=72CAD7FF-BCB0-48A9-856B-31A7F5B7FD16 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=6620,i,1780109098437334083,13275903869426892066,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=7972 --brver=24.7.1.1029 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:6040
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=72CAD7FF-BCB0-48A9-856B-31A7F5B7FD16 --brand-id=yandex --partner-id=exp_firstscreen_2 --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=7856,i,1780109098437334083,13275903869426892066,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=8120 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  PID:2396
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=72CAD7FF-BCB0-48A9-856B-31A7F5B7FD16 --brand-id=yandex --partner-id=exp_firstscreen_2 --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=5700,i,1780109098437334083,13275903869426892066,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=6548 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  PID:864
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=service --user-id=72CAD7FF-BCB0-48A9-856B-31A7F5B7FD16 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Распаковщик файлов" --field-trial-handle=8368,i,1780109098437334083,13275903869426892066,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=6364 --brver=24.7.1.1029 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:652
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=72CAD7FF-BCB0-48A9-856B-31A7F5B7FD16 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=6860,i,1780109098437334083,13275903869426892066,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=6520 --brver=24.7.1.1029 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:5920
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=72CAD7FF-BCB0-48A9-856B-31A7F5B7FD16 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=6628,i,1780109098437334083,13275903869426892066,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=8360 --brver=24.7.1.1029 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=72CAD7FF-BCB0-48A9-856B-31A7F5B7FD16 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=7052,i,1780109098437334083,13275903869426892066,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2468 --brver=24.7.1.1029 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:4132
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=72CAD7FF-BCB0-48A9-856B-31A7F5B7FD16 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=7056,i,1780109098437334083,13275903869426892066,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2452 --brver=24.7.1.1029 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:5668

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --broupdater --broupdater-origin=auto --bits_job_guid={93DEEE52-4496-4BEA-86FB-0FEDDB547F3B}
1⤵
- Executes dropped EXE
- Checks system information in the registry
- Enumerates system info in registry
PID:2052
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" --url=https://crash-reports.browser.yandex.net/submit --annotation=install_date=1724009561 --annotation=last_update_date=1724009561 --annotation=launches_after_update=1 --annotation=machine_id=488dca4c15f9a1d330ad312b391a804e --annotation=main_process_pid=2052 --annotation=metrics_client_id=32f7d1d00ac94b35a34a3713289e3c96 --annotation=micromode=broupdater --annotation=plat=Win64 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.7.1.1029 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffca1abcf90,0x7ffca1abcf9c,0x7ffca1abcfa8
  2⤵
  - Executes dropped EXE
  PID:5880
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=72CAD7FF-BCB0-48A9-856B-31A7F5B7FD16 --brand-id=yandex --partner-id=exp_firstscreen_2 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --gpu-process-kind=sandboxed --field-trial-handle=2388,i,13926107809480512248,633855750660793135,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2384 /prefetch:2
  2⤵
  - Executes dropped EXE
  PID:5956
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=72CAD7FF-BCB0-48A9-856B-31A7F5B7FD16 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Network Service" --field-trial-handle=2268,i,13926107809480512248,633855750660793135,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2448 --brver=24.7.1.1029 /prefetch:3
  2⤵
  - Executes dropped EXE
  PID:5516

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --broupdater-stat-bits --broupdater-stat-name=install --bits_job_guid={BA8A8FCD-D92A-47CF-8EB0-9EC54509266A}
1⤵
- Executes dropped EXE
- Checks system information in the registry
- Enumerates system info in registry
PID:4012
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" --url=https://crash-reports.browser.yandex.net/submit --annotation=install_date=1724009561 --annotation=last_update_date=1724009561 --annotation=launches_after_update=2 --annotation=machine_id=488dca4c15f9a1d330ad312b391a804e --annotation=main_process_pid=4012 --annotation=metrics_client_id=32f7d1d00ac94b35a34a3713289e3c96 --annotation=plat=Win64 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.7.1.1029 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffca1abcf90,0x7ffca1abcf9c,0x7ffca1abcfa8
  2⤵
  - Executes dropped EXE
  PID:5260
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=72CAD7FF-BCB0-48A9-856B-31A7F5B7FD16 --brand-id=yandex --partner-id=exp_firstscreen_2 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --gpu-process-kind=sandboxed --field-trial-handle=2248,i,15946737092656847918,10718360335295902132,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2240 /prefetch:2
  2⤵
  - Executes dropped EXE
  PID:6112
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=72CAD7FF-BCB0-48A9-856B-31A7F5B7FD16 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Network Service" --field-trial-handle=2320,i,15946737092656847918,10718360335295902132,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2332 --brver=24.7.1.1029 /prefetch:3
  2⤵
  - Executes dropped EXE
  PID:5364

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --broupdater-stat-bits --broupdater-stat-name=dayuse --bits_job_guid={2CC23C0D-5C65-4737-848A-B71C3721F629}
1⤵
- Executes dropped EXE
- Checks system information in the registry
- Enumerates system info in registry
PID:5368
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" --url=https://crash-reports.browser.yandex.net/submit --annotation=install_date=1724009561 --annotation=last_update_date=1724009561 --annotation=launches_after_update=3 --annotation=machine_id=488dca4c15f9a1d330ad312b391a804e --annotation=main_process_pid=5368 --annotation=metrics_client_id=32f7d1d00ac94b35a34a3713289e3c96 --annotation=plat=Win64 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.7.1.1029 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffca1abcf90,0x7ffca1abcf9c,0x7ffca1abcfa8
  2⤵
  - Executes dropped EXE
  PID:4456
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=72CAD7FF-BCB0-48A9-856B-31A7F5B7FD16 --brand-id=yandex --partner-id=exp_firstscreen_2 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --gpu-process-kind=sandboxed --field-trial-handle=2132,i,736481766841182054,4035598296797767570,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2352 /prefetch:2
  2⤵
  PID:5560
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=72CAD7FF-BCB0-48A9-856B-31A7F5B7FD16 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Network Service" --field-trial-handle=2232,i,736481766841182054,4035598296797767570,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2536 --brver=24.7.1.1029 /prefetch:3
  2⤵
  PID:4816

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
1KB

MD5
05e11f72672df9a114031f3aa74ac241

SHA1
9490dcf5bc2db7e3b2cdb1c5b3cf005c29c31eb4

SHA256
ef3acc890fb1d40728e0c037ea2a797ac50af43d80568f9a06d59f4708dcfd95

SHA512
06336a3b348bbba5458ad48ddb579805e6f95bb14029845a6432955d74b1f89d184bcd43c49d15b0684aa5da498ac4413b431182b4f3a94e871e933c8b0c71a9

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
1KB

MD5
ab8d7169119fa52298db2bc52bfa4640

SHA1
99dd2a654954085c35706b01b6802e3a4735151f

SHA256
bc63d1abbc79f3947a79a4da995b71ba4806d962456a626698e45bd09c64d9e3

SHA512
990d0ef158130a0903424f57c16f72518a6af92c6075de4f4d8a43dba6c95fdc4ec170e4a07fd7439402213ea1c20e02f3a8762a39f918997889daf615b95e8a

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
2KB

MD5
8dc208a7267e380b939a80030804d2fa

SHA1
6ddaa2f901ae4515bc0f56ae829de63974b5cd1a

SHA256
d91ccfef32bfdf13b9a1e02326da256e00e8e347c691d5089e67f5e0b3f50e34

SHA512
99e50745ee14b6a232d210db2fe52541b6aa4ca38ea5ce2acf67a650d4738d1f25f979b6c2a60f89e3796a4715dcca86f5093be2c1629781772641b6e4d7c966

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
2KB

MD5
031a89e50476d2089ddc8b8a623d9db4

SHA1
5a379414ee25219406ae9c4d55c0db3953d66df1

SHA256
0c085c8ce489a6d0f348282f80245e6224ef6e9a032d06e76b18ea6262e7427d

SHA512
23eff2f8fb63048d5a797d17626661ddfbb558dc09d96a7e79ad4b7850a6e3ed4ad92c075359faa0e6ac4a031026008b8935d0eb39b26aeafd67e7755d534315

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
3KB

MD5
c8436ef2e8bd2d39ae41fd2f879d3f77

SHA1
83e55e521777ff426352071bdbdc5875d072ea85

SHA256
c11fa1959898a0e59fb9c5532b5a00501294b84e7c9ee195dfab76a5afc61aa7

SHA512
60adf37d4494f0a58155f815f54c1a00d375b765156c048ee08aec046a1c0c856662120c4fd263dce7df778211bc6fe3ce5da85eff142b654875f08182b32a66

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
3KB

MD5
65ab7070fccb3cd65fa69e897438873c

SHA1
30f5994573171c315ff191d92a17b1f32627e1a2

SHA256
55fc3908fe56ca657bb0d3267d209278975071f985e50c61a0bd26f155fb0fb4

SHA512
089e95093be5a5bc40cda185d719772879dcc0206ced5620452c7602067cc2d9129132c475e1859eaada7a3bce2b9a09993134a0b82552328eefb2310d887a69

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
4KB

MD5
8215dd7c71db245a5e27fc78d5ed3044

SHA1
d77d8d8cde3451e7087663344ea693d4438dab98

SHA256
b0f701f291cd1efa6ed031f02a4310111d1c08c2a39b8aa50678372ca1f347a2

SHA512
09994befc3021e23d71ffa4e3165c971a8a7ecf92f2aa63515b16adf8d14951d20bb1123d6da96573e7a553a6c082e536a2411c446139672c37dc8089509ee9a

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
5KB

MD5
8551dd5bfba5ceb4e13ec33440fff549

SHA1
de30ff981a0dd3e7ce5cee4aae8cf526222426b0

SHA256
c48ceb5fa333238dbc41243e3f6b6f69ae007eba1d7921fb3312c4d0ba92e3f5

SHA512
d9f5e3eb719647386a9cad9d78e7fd198cdd4eba9f28d078f58f4b8fc6fd71732302b4e4f39995864093850ef3325e09fb90755645e3a166ad957b8726ac763a

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
6KB

MD5
4b8d6aba2b6bfe96d58ed634066c80bc

SHA1
fbf5a49f6d495fa9e24d70f9634484043d911047

SHA256
7b3f44f74987de30d085c249683a8fb7ba4740d79f9aa58f71621d668623b301

SHA512
457833f1847b6df013998dd791ca9ddde85de08d070cf29b3856830ca1066a6f63f8f410c12fef63d7649307ae926cff11b9affb34bab64120ec957af3531b2e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_D94F4A82266DCEDAC0F3F1BFD0843F4D

Filesize
2KB

MD5
f6e6c88d326e622549a40fb602be7e55

SHA1
7c3969d6e221dda7b3cb6ed8c255de051224eafa

SHA256
6fd01a7061a09c39cdcc9f1a2cd4bcfdc27e7922a0380402c74865385f068702

SHA512
ff65d7a2503ae9d1ddf08ad5e053cf05c6b0cf5777090eb1c4fe13e4128b37499acdb65765dfa04c2bcd376d469397ca2a6f744c407ac29d472d9e5c0988de71

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B

Filesize
1KB

MD5
43635593143f640172003fb63ccb038f

SHA1
af5482293bf633453e8bc07d139f1021fb4ccc96

SHA256
398729442d0f833c3e9cfeb4ed2e70d3b12001c6f313d822ef1a655de0418f69

SHA512
439835461d4d179d3c917e4841d2d748585ff00850ef201205c8751d8bfcc221e7b70931e12350cad90dda5530487706168af8096385836c705ae95e6b802006

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\349D186F1CB5682FA0194D4F3754EF36_329286CE101A90C7D927A9DF52224760

Filesize
1KB

MD5
7fc01bb6ef7a098a7b74a276e7ee7f20

SHA1
350645f9f4d2fcd260527fc5917a8d6ea3f354ee

SHA256
985bed20e276e2276e8e1639cfd9f39dd79b4b4e5f90435962ccdf1204506992

SHA512
4c2c591cf063c0b0af0874c00c29e7cba5bab2da35ff2de35b9889d14cfeb221537379926caa55f6fd8cd755cb301befc900b2880db4835681dd4c72242c1e52

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\357F04AD41BCF5FE18FCB69F60C6680F_394487CAFBCFB8C5917AD7A10924C8A7

Filesize
1KB

MD5
6f30deb113dab9a2185a139d8eefbe69

SHA1
d54c5d565434e09087b6fee855220928b7708017

SHA256
2931e0c8e5df39768d40ea66baa77662180707ee6991f2b356233580b192e086

SHA512
d089b90b58cc6d281a2101126daa3d4502e62d35373ab8b1555eb370414bb6fab95422acbd7e75491a15231395cf703ab8487a3f6ef9b2485b37c70a35f9f841

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E

Filesize
1KB

MD5
ff120af664ee6f514c785c1f2d2bf51d

SHA1
fcd5b54aaa24a61683ff2e7f4db0104acddf6007

SHA256
1ee9f76d110914bf062da6e771578b302d8bd452c760f480777ea7a789d100ec

SHA512
3d84e7b4d8477d015010218146c55423eaa467ef0aa30238723fe881e1391b71bf8f5858d3cced9728113e0a9e964f21cb49eec8939fe1c69b6af2154eb3b71f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9E5AF9A59B2A0198F537F5F6F7EBA776_57ABCF7C80DDF20409A123C0B25EDA1D

Filesize
765B

MD5
e7313156ebc898862cc1a8cfb553f712

SHA1
144f80078182df8624a01fbcc20157b717a6b89c

SHA256
b5c8e6a2da01cf0fa6ad56912f2d3b0f8d28c780fa025f6d46e8639d230a96b9

SHA512
1f4657c9f87da475349db96b712de3a975c95621173854dada9fe16acc2e3282f5639a3321f2f977420346cf2c887c4b4eeebc93ebc2722cce26d594f7ea87ed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A334956C3F99BD182BF4859935BADE72_FACA7E02B2152427A5B3C5BC1AC9CE92

Filesize
637B

MD5
4919ab1c703daa8690011d4b3d2b9376

SHA1
2daefc2e17d2e774eed0b303ce3937a89cd604a3

SHA256
cb8c8fc787177b06400af26f031964c166349c9a83809e99edc2f7cca6d290e6

SHA512
fe6be38ee8495eabe27f22c6981945aef99bea0a97fdce25ad3270c07aee16bd74a3cbde005ff39acb33ce5a5d2b815f0ab4941bb49935381bcc9e241667f758

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3

Filesize
1KB

MD5
6369ffae2415881ce9a3fb29eda0f29e

SHA1
997231175a87d034da05622fe2e2a020ef21d828

SHA256
03328d11da6b032ff40de14de033375820484189a933022d338534fef8c8a945

SHA512
148bd607f9065009e0b1a8b12ac20590f3c7f553e1e5fcec306345f8a06719c62c73f19e27abdfcebb9e074171a0f80aba848bcca463da20d7c07a56ca78f912

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_D94F4A82266DCEDAC0F3F1BFD0843F4D

Filesize
488B

MD5
c8cea84d30919ec08863f3a20441aea5

SHA1
3d5101dba51be11ddd774d251997619d3cd073c1

SHA256
27e7ba7eb33e2b68e357f39f768c39a17df9ecf717ff60b1d521faba260a9a90

SHA512
956dd5ff3dedf38eec78b0a480ecb972c99287d51e57b0b0a044d90e33b40508d7e23eeb90f5fffe683407020bb373201479e7ff8cbc5badf3b7a1cfb07a13f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B

Filesize
508B

MD5
1667307b0219fd6f68da8b8ca75b4570

SHA1
0eeb29d19f8f61e2ec93240a84247d058275aca2

SHA256
638d8b2c69d77474917e8145dbd66ef85012cfcabe14d5ffff6628c3ceb505fa

SHA512
87be59d03cd8d571618d6416d0049a413313e97c7c0ff7c34ff2278afe041269cb784e2db4dea7d9b0c393020ccd208b61990c3aa12d057f88221737508ec431

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\349D186F1CB5682FA0194D4F3754EF36_329286CE101A90C7D927A9DF52224760

Filesize
532B

MD5
f650b75d476d902eb92d84cce2697fe4

SHA1
e2ed78b843b586c8a28f3ca14bb4f07cb9343f38

SHA256
65a738eb6fa05baaa4ce658caf6193226dce443964b0ceb8608939965dfcdabb

SHA512
3f98628e6bb61ccf39c25fca1a0c2f4dff659ccdeb69ff9759affec10935fb92fd7cad92023b6a851accdfb198e6cfb42703e55d05f785c64ac4bb89ff0b24f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\357F04AD41BCF5FE18FCB69F60C6680F_394487CAFBCFB8C5917AD7A10924C8A7

Filesize
536B

MD5
f7527ed67e2aed5844bf5d696b2aef85

SHA1
03fcdcc7bf0025ce8066d30b7f0b40d6c55de0f0

SHA256
e3fd392ff8e0f3a661ab6a058814b406cea9fcb5738803ac7d09f1ee41cf8dfe

SHA512
6bada62c5c3e834922f0ac3c61058f22b2d07a3448112cf9589184934145d42aa59d8f3ca11e185728641a78466c4e2108dd434d30c00776bb0edaf52bcdcaf3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E

Filesize
536B

MD5
4ad7dfb18bea831e21a0a9caea6bc359

SHA1
b208addc00e491bc34e800cf41803de2e01a55bb

SHA256
8386e6abc51abe67a2b95afe110a08945a12d8c57370f9b388e18050219ac82f

SHA512
b8a6aab53ef0f1596a13891d7ce74f95114e0988c3f0b5869d6f344668ab61e2d462d4c4393d819082ecddb01eff3f169cea2205b6b98700b9318762deb7eaee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9E5AF9A59B2A0198F537F5F6F7EBA776_57ABCF7C80DDF20409A123C0B25EDA1D

Filesize
496B

MD5
9942da36f6117300fa6aacabcef6135c

SHA1
f98ba0edab3c3cff161cc098a41fd0dd85ddbed3

SHA256
e031041efefdf9e0ed07a2a7894bf35233d33484943defc47ba2d1fbb24f30ae

SHA512
3c518aad653344674bbce4f7fd83c10dd0d6ca084d38fc6832510b2c18c2b887f067a0599bee539e8fe003da01c619026d184bd4b417f850b707a709890086ea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A334956C3F99BD182BF4859935BADE72_FACA7E02B2152427A5B3C5BC1AC9CE92

Filesize
480B

MD5
e98e657c100003055e9374b31187bdf2

SHA1
afa269335cc2ba972b5f70c3ec11267cec252eec

SHA256
185c2d304bcc952fc63c97e64fa1a5aaefad104ffd7b2abb3a5c83d66c3d00f7

SHA512
f6103380c8139be74fdccb66ba2738c086e1fb850586c6e3753ce075fee65ebd1466fda02e1111d86dfac7ee2f0d49ae61c804c09ec84a46d54a633c38e3453b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3

Filesize
506B

MD5
9956e68f7f8db90b02ebccad036bbfc7

SHA1
bdc9294f63c0fc7a0ec9585991bb3d0fd96bf11d

SHA256
9a76f851a9bd6e769b2edc8b574c0455bf3caf28356bb5ea19b1e228cf0359f5

SHA512
7d7a25c16ce584c13dfa7a829c15b00d81019cd33bfea465f9a443ccac94c48acbea52c3e8c3c55b062510460e5fdf08460539470010e1b945455c76003c8b75

Download Submit
C:\Users\Admin\AppData\Local\Temp\PartnerFile

Filesize
646KB

MD5
f609e719d46e21530ee972ebfb083393

SHA1
e5c0b8f5ada4034bd34831ded6fe8d06f6a9941e

SHA256
80cbec2da26291caa67309c161c288b99d4cbca16970bc37311ae309a065235d

SHA512
aaa01d9c7b3b0547826c8099998f0df5b86dbbc1d3a26d8787cea8e0c9af69a12df2d295098b5df1d4d30a9c14b6a01bd4d645957e073f580b4fff01409adf3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\YB_4AF15.tmp\BRAND_COMMON

Filesize
25.6MB

MD5
b5774fca1d4a8cbb93f85209392ef872

SHA1
bf2e2bf3e890521ced14ff4c5b9414982aa742c6

SHA256
672daea93cad291c72487f7608bc91b7b61ca411ff84a3e8e8fffd21e65e2bdd

SHA512
b2066ba271901041c71285859a72e3f2d7de1f3fa30bd814107639d3d747f8d98b694e24966c1c028c9e1f8fbee79166aaf35418f51ad50f0d2749f675025e7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\YB_4AF15.tmp\brand_yandex

Filesize
1.8MB

MD5
25c8fd0b8d4fa9db3c7102a222adb969

SHA1
a71385a34c5668df611647b03473d68bd7e845ba

SHA256
3a1008f5f71875bd3585fa76a19c8c66f97d9c521d4e5d6258de83c7a1be2fa6

SHA512
991e0f87404d6160d060f664a833ff3abb71fa9c76f35a57245cc34f91ef7313511a9b21e038f52c6e69321fd75b3c64463dd6a47b26879b3a9763d7f73b1aa5

Download Submit
C:\Users\Admin\AppData\Local\Temp\YB_4AF15.tmp\setup.exe

Filesize
4.9MB

MD5
cbe88b139c373792a8f9cfea1116e00f

SHA1
5c1058ba01b2a886aa8c342f865027967340ea27

SHA256
c53a5862ac68eafa66dd4ff5bc0d18636b88838017e8bdab64f4c7668a19a7ab

SHA512
59250d6c2dc8064131492a094e72d6c065bdae296ad02299608a66e7445860d1f22fc952a909c07667e63d18d798b0e16712efc2086413e395955b6c8d9fe296

Download Submit
C:\Users\Admin\AppData\Local\Temp\clids.xml

Filesize
580B

MD5
94767e5bd3c7d598c990dcba9e0abf8b

SHA1
c4ae03d2480a773b24ad9716472426c47c7355f2

SHA256
e1f801c2623eca1d2ef8c5beb325b64d3eecd2a36e92e8c2bcfcf9315f9773af

SHA512
c0fff8d20d2ad2182c9e3fdab72cc2384beb97af3fc4964a831e9605fc8cb711e3de9af0f1589f1399eb6b4a940f0d2a6caaac81bd7ddbee071a10265fce4685

Download Submit
C:\Users\Admin\AppData\Local\Temp\distrib_info

Filesize
362B

MD5
a38a1469944e7502b653ac6f879494cd

SHA1
eb092ab1c4b8eeefa3daa0a2a93f7e78cc20019e

SHA256
f8da764ee24cd2b144f64b0d2e0f8849199b9840477dcee89b31ddb8d2480c79

SHA512
b6f1c8e3869849e19e35a7c87e7f8a173c5bdf36419615b9703a21cd563fd8e029d39b31d36364aae97d19b480380ab202d40b0775e4922c40ade457d4a3ad88

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
16KB

MD5
c525371d8c4f474af96e7f65ba520777

SHA1
1f1ade92cda4f6b78d5aca7e758d2c0960261fb5

SHA256
b1a4b681ab8715424ef0e540481269754d5e91625efcaa95c3bd1916923ccc91

SHA512
e8f53f68968f539fd778a70f2e3f4563a995d5c503b69da9cd010e983566c1dc67d64cfeabc9b8151b0681270f309746edc1c301b8c79632d472592c12b82b75

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
16KB

MD5
8e0aa75c3b686b3ebe9c03848be8656e

SHA1
42a7f8f99363699ee3777d4dc8d0600beee8515c

SHA256
7a8ea5886dc893af5fcb81127502668f4a43fd8d26e7f32ef6be43d1cb21ffdb

SHA512
e9f8547fac6db599ec21affd4c1d26d0e45a12ef8c9dd08284b4c7b4b5a6d5486eed9bf5d3f333616bbee2b52356098bdc50fe98ff95cd0ff89d7ccc880be54d

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
9KB

MD5
7da87b3e069f02b258319dc21bdf2677

SHA1
a6596f21e3b211e4f8e5d7f017ca55bab5862972

SHA256
c818c24210c88da73f2d2a9a99a88dc7678c5c3e12325c2e532d5ef0ac514154

SHA512
d4524b53deffd895d073ec72f5ce74ab74e402c2e00ec9969711457f67555da3ae26f45a9c31ae0d985f2077bf6f5d4c55cae9fe9e720551234fb6483a7ddf5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
29KB

MD5
c97364fbe11bd39a0232bf0e13f97c4c

SHA1
083b5637fa5d38444b45f793032dc45deff53845

SHA256
3dfb92d551c6f0305c2626ad09e7638d1c8ade63f835d0ecd484e710a6229774

SHA512
0151b9063c124dff70734c293ffc5351aa454d411888f3eeb11488f0da77ba0fb40de36ecfb96dee11a94562093b28a39c36f65d0fd246210f07a71f1214ac07

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
29KB

MD5
df7fb702b9e2061f57eae1af3a0d69b4

SHA1
c0dbebfd7d2388d7ed68b1752e115c17ac403f56

SHA256
2d2a61526b59440cf332173d3ad88c47af9eeb2558d70d3490d23d99260ca027

SHA512
9ae013633bdb7721bfcb5325b09f2368679ed5d2ae19c52be4f26faa1e58f11e655676deb44b7b20933701e6f99772b47439bb43790c4939a4c5b9ef02ae7f01

Download Submit
C:\Users\Admin\AppData\Local\Temp\master_preferences

Filesize
171KB

MD5
3a2fc253fb320ed2434634267fd66a06

SHA1
5705c70e0fe44eb359d2022938ee69bc1635e542

SHA256
808141fc7fd533e08fe7bf80cc2bed88dda2e7f35e2da7526b9593b9e730d96e

SHA512
cd6bf9816abe160603f285fefaaf9da04e3108dae64878a5bec97d3e95c90dceef5f931dd9b097907115e0bae8e41462761b52f695e72c773fcf6dffe2fac76b

Download Submit
C:\Users\Admin\AppData\Local\Temp\yandex_browser_installer.log

Filesize
4KB

MD5
0cd8a9aeb76425f14dc9238e5a371b2d

SHA1
9aefb38c231abb35d05265cda31f7951b2404c76

SHA256
158efdc3852401940574c411bb543ca783c4fd87cbe2ffcf987f730e270d0cc9

SHA512
7b2922c5628521ff477dec722c2011681832eb1085955a5fd05fa782630741ab5bdd3f998b7fe41ad14da7853cc5e69f584683f747af9ad3acc6f06e98aadecd

Download Submit
C:\Users\Admin\AppData\Local\Temp\yandex_browser_installer.log

Filesize
24KB

MD5
8a58f268ad45ab25a434260e78dc3ac4

SHA1
f688a456ff9ff34f355c8a3dc54acdc0dd2cf18a

SHA256
f726f2b857f7bdcf1a0505938a45f8a475f0be07719970e60f6e34b76ba39117

SHA512
6254708f7c9782f2af41ed9364a02ab0ceb70a524ff3c6d97c91778cab0f6b88a95a30e66351de2ac001b9bf2dc3f4bd2ab7b61f2b006becd467d87306ee56cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\yandex_browser_updater.log

Filesize
5KB

MD5
6bffe3faa2fecf4d21df4a22246b3c67

SHA1
d8e0fdceb1e01780cd7c4339225b71f146518dca

SHA256
e56935b34feafde88bbd1747ca21e817ce1414a92a93bc01a811d3ff05ac029d

SHA512
6ec69b8f39870b054f6a0b24709a689eacd03b407ddd5e53e152037f606a11733197db661cc5bea4bd64a443a5a00c64b2d1a8361debd9e2c8a4f654a7e929cb

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe

Filesize
633KB

MD5
fa5ca1c4e0bdccbe8e5b7957f771ee89

SHA1
55e21fb6b2c96a33b65c2855745c8ac0f49e0d2b

SHA256
10e0ba6dd4e37827ab42f8c851097e2b96bb897c677d95a0ea4f870d670d5f2b

SHA512
a9e6148879e65208140ab270ef3f171dc21640420c072b7cb613dc94895f8943fd6b1526c830597b5ed5fc40889496ce1a8914ff918a68eb928b4a4e78250da5

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.lnk

Filesize
2KB

MD5
646044fff7079788eae820aa9534d5bc

SHA1
9816c56568ed5f22ffc0dbfee5258ed86cbe71bd

SHA256
25a12a62255ec3a12a0200eb78a4e46cc41387d04dbc653dbe928ddb9ec375c3

SHA512
6f6671aaf60949e6a7221891b96f203ed34c213e667696171d49a6b3d74556d92463486302ca8bb8f1b3c2f10bae46562e40992a306fdcbb1ba2648140455181

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.7.1.1029\brand_config

Filesize
8KB

MD5
d4683d96f6bf40859ef88eddc5507f8d

SHA1
75c79036cb66c2f1a0716f6f2353911e283c5585

SHA256
a29b7c2ec97e48b5e56a7140c11722ff917566347487e1a1ffda74b141d332a8

SHA512
38ea8e7595c90861b399b0751eab1b560a5e444bc202d9d574fd7a6f8f0d32d415be6a7b2a3c08fb88e4f7a70dddb838cb8c8e4815fe4c44ac20c3f0ac4d1564

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.7.1.1029\partner_config

Filesize
692B

MD5
807c3202f4ee1c6e7c2c34e7ee224e6d

SHA1
0df6a74ea5677b26f52ac9b06643f47afb4015d6

SHA256
9fe5e97cd8eeafccf0ce63e997c8a5ff37998308dd7c57f1fe5b319b3c3b1ff1

SHA512
6467b26a30684252ec4a8c5fe39a614c68fec396204890f467522cf21cc38f6e1e3a66f8223cf0f0f33f75f2ba8564d2c75f4f6ac16530cd16743c4dfd28bde5

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\Temp\chrome_Unpacker_BeginUnzipping1740_2141195326\manifest.json

Filesize
158B

MD5
53a619b251b435e0de368357a6da48e4

SHA1
a4175293d1973bdc3d2b0b7581ff44726b3bd965

SHA256
0abd615bb9d01bef1bc19ffe892eb54ca302ef41e7ac80ec5bee088cd6a10b28

SHA512
86134cbe2e72c19d5ae35a73b226915ee20e5a9aea8891ae4ea83afb6f575882dda48490bd8c4a061023f9f940bbd64b3310ec6e79c82d42c7696a9f7a22a637

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\YandexDictionaries\ru.bdic

Filesize
4.5MB

MD5
ac3768f0462853d08df284e67c7c4ebd

SHA1
732581ac6f2e02246696817adc53d2e2e5d0dcb5

SHA256
af2bcc135f974aad505a8f55296117dbf4cbc095931e22f424698b181d273656

SHA512
27d558deffeeefe1198aebdf65a3fef0b0f3d6b6c4177d03ff32b0363f0a2fb1b7ff6454f45dd3254427cec9174b03181c50bc51dba212e6ab0114a6e72bcf96

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

Filesize
4.4MB

MD5
3fc029221ef4d4760a8c3d09600da615

SHA1
bf1f892004e6d30193d087fc4dc6c438be9e5756

SHA256
f048d57f37a6f3bd850f9059c47606728110fbf5761551704b52d6e9637efdf6

SHA512
6b2dd02ca9fb843af14b46eb71bb6b310906e47d3313a1d865f160dd843138145302092ceb8d87a1b35a13b09dc662265dee3d7a1596bd35d9f2b7746da9e100

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\install_state.json

Filesize
1KB

MD5
540a60aaec9b5a0fc395b96c06cbe321

SHA1
9f9e7b2eb10de38ed653f73b277970e7e1b674ed

SHA256
b311d019d4a72c6bb3dce99d6d62c40d015c4a6ac5a22e19ee20feea8b9a3a0f

SHA512
9530fc87f2e4d3b3090e5a39bb0c798f4ee2c0b723442c6cb259e841b76803b0fe77cc467d9b2bc98b1861ee0952ddaecdeed17352285555e385b6c5f923d26c

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1029\Extensions\ghjgbemlcjioaaejhnnmgfpiplgalgcl.json

Filesize
119B

MD5
2ec6275318f8bfcab1e2e36a03fd9ffa

SHA1
063008acf0df2415f5bd28392d05b265427aac5c

SHA256
20832de8163d5af0a0c8bda863bcd6083df4f92175d856ce527de1dae1f7c433

SHA512
5eee4555be05d07bce49c9d89a1a64bb526b83e3ca6f06e2f9ef2094ad04c892110d43c25183da336989a00d05dad6ff5898ff59e2f0a69dcaaf0aa28f89a508

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1029\resources\about_logo_en.png

Filesize
1KB

MD5
1376f5abbe56c563deead63daf51e4e9

SHA1
0c838e0bd129d83e56e072243c796470a6a1088d

SHA256
c56ae312020aef1916a8a01d5a1fc67ed3b41e5da539c0f26632c904a5e49c62

SHA512
a0bab3bae1307ea8c7ccbd558b86c9f40e748cdd6fd8067bb33eeef863191534af367a0058111553a2c3a24e666a99009176a8636c0a5db3bf1aa6226130498f

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1029\resources\about_logo_en_2x.png

Filesize
3KB

MD5
900fdf32c590f77d11ad28bf322e3e60

SHA1
310932b2b11f94e0249772d14d74871a1924b19f

SHA256
fe20d86fd62a4d1ab51531b78231749bd5990c9221eab1e7958be6d6aef292d9

SHA512
64ebc4c6a52440b4f9f05de8ffb343c2024c4690fe5c9f336e78cd1dd01ae8225e8bc446f386feb442e76136b20d6b04ee293467b21f5b294ce25e500922f453

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1029\resources\about_logo_ru.png

Filesize
1KB

MD5
ff321ebfe13e569bc61aee173257b3d7

SHA1
93c5951e26d4c0060f618cf57f19d6af67901151

SHA256
1039ea2d254d536410588d30f302e6ab727d633cf08cb409caa5d22718af5e64

SHA512
e98fbfb4ed40c5ac804b9f4d9f0c163508c319ec91f5d1e9deb6a5d3eada9338980f1b5fe11c49e6e88935ecd50119d321ce55ca5bdd0723a6e8c414e1e68e16

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1029\resources\about_logo_ru_2x.png

Filesize
3KB

MD5
a6911c85bb22e4e33a66532b0ed1a26c

SHA1
cbd2b98c55315ac6e44fb0352580174ed418db0a

SHA256
5bb0977553ded973c818d43a178e5d9874b24539dacbd7904cd1871e0ba82b23

SHA512
279fb0c1f2871ce41b250e9a4662046bc13c6678a79866eaf317cc93c997a683114122092214ce24f8e7f8a40520fe4ca03f54930148f4f794df0df3ecf74e9d

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1029\resources\configs\all_zip

Filesize
650KB

MD5
849cc75f9772e37306aaf9980b7b33ba

SHA1
c784d80bfef09853850960a37b330f93427fda7d

SHA256
7dc09ee9fcb4ef4fdbb718fdcd7fa93982897ea812073defb234ad2df96475e9

SHA512
61a2d951a445dba6b72045c7675f19f4010a08a6fb217ee7239dd88186d81be0323243fb7921f57de33d76a485625dfe72dac844c7cc6b3922a5fd092b990c49

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1029\resources\easylist\easylist.txt

Filesize
620KB

MD5
8e4bcad511334a0d363fc9f0ece75993

SHA1
62d4b56e340464e1dc4344ae6cb596d258b8b5de

SHA256
2f317fee439877eaadb1264bd3d1e153c963ef98596a4ccf227592aea12ae76f

SHA512
65077bd249c51be198234ff927040ef849cd79adcd611ed2afae511bc2a257a21f13171bf01cb06fce788c1cff88c8ad39cf768c5900d77cd15453a35e7f0721

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1029\resources\easylist\manifest.json

Filesize
68B

MD5
15bcd6d3b8895b8e1934ef224c947df8

SHA1
e4a7499779a256475d8748f6a00fb4580ac5d80d

SHA256
77334f6256abddcc254f31854d1b00aa6743e20aadbb9e69187144847099a66b

SHA512
c2d3778a99af8d8598e653593d5e2d1d0b3b2ace11addd2d3eeb2bf3b57d51bf938ddaf2d2743322e0ce02e291b81f61c319daf34c1cd604ffce1f6407a30b34

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1029\resources\extension\elokbjeafkcggjfjkakpchmcmhkhaofn\brand_settings.json

Filesize
379B

MD5
f70c4b106fa9bb31bc107314c40c8507

SHA1
2a39695d79294ce96ec33b36c03e843878397814

SHA256
4940847c9b4787e466266f1bb921097abb4269d6d10c0d2f7327fde9f1b032b7

SHA512
494dce5543e6dacc77d546015f4ea75fd2588625e13450dba7ba0bd4c2f548b28c746a0d42c7f9b20d37f92af6710927d4bccb2fee4faa17d3ec2c07ff547e70

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1029\resources\extension\fcgfaidpicddcilhjhafmmcgfodijhjd\brand_settings.json

Filesize
316B

MD5
a3779768809574f70dc2cba07517da14

SHA1
ffd2343ed344718fa397bac5065f6133008159b8

SHA256
de0fbb08708d4be7b9af181ec26f45fccd424e437bc0cfb5cf38f2604f01f7b2

SHA512
62570be7ea7adee14b765d2af46fcd4dc8eec9d6274d9e00c5f361ff9b0cdb150305edad65a52b557c17dd9682e371004a471fa8958b0bd9cfbe42bb04ca5240

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1029\resources\extension\gopnelejddjjkamjfblkcijjikkinnec\brand_settings.json

Filesize
246B

MD5
30fdb583023f550b0f42fd4e547fea07

SHA1
fcd6a87cfb7f719a401398a975957039e3fbb877

SHA256
114fd03aa5ef1320f6cc586e920031cf5595a0d055218ce30571ff33417806d3

SHA512
bae328e1be15c368f75396d031364bef170cfcf95dbdf4d78be98cff2b37a174d3f7ebb85b6e9eb915bb6269898cbcecd8a8415dc005c4444175fe0447126395

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1029\resources\import-bg.png

Filesize
9KB

MD5
85756c1b6811c5c527b16c9868d3b777

SHA1
b473844783d4b5a694b71f44ffb6f66a43f49a45

SHA256
7573af31ed2bfcfff97ed2132237db65f05aff36637cd4bdeccdf8ca02cd9038

SHA512
1709222e696c392ca7bcd360f9a2b301896898eb83ddfb6a9db0d0c226a03f50671633b8bed4d060d8f70df7282ffc2cd7ab1d1449acf2e07a7b6c251aa3a19e

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1029\resources\morphology\dictionary-ru-RU.mrf

Filesize
1.1MB

MD5
0be7417225caaa3c7c3fe03c6e9c2447

SHA1
ff3a8156e955c96cce6f87c89a282034787ef812

SHA256
1585b1599418d790da830ef11e8eeceee0cbb038876fe3959cc41858bd501dbc

SHA512
dfc0de77b717029a8c365146522580ab9d94e4b2327cef24db8f6535479790505c337852d0e924fbfa26e756b3aec911f27f5f17eba824496365c9a526464072

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1029\resources\morphology\dictionary-ru-RU.mrf.sig

Filesize
256B

MD5
d704b5744ddc826c0429dc7f39bc6208

SHA1
92a7ace56fb726bf7ea06232debe10e0f022bd57

SHA256
151739137bbbdf5f9608a82ec648bdf5d7454a81b86631b53dfc5ad602b207d6

SHA512
1c01217e3480872a6d0f595ceb1b2242ffe3e1ff8b3fdd76eea13a7541606b94d3ccd69492a88220e0e40c17da5d785e4dba1d7501e6be749b9c46f72572ef6f

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1029\resources\morphology\stop-words-ru-RU.list

Filesize
52B

MD5
24281b7d32717473e29ffab5d5f25247

SHA1
aa1ae9c235504706891fd34bd172763d4ab122f6

SHA256
cbeec72666668a12ab6579ae0f45ccbdbe3d29ee9a862916f8c9793e2cf55552

SHA512
2f81c87358795640c5724cfabcabe3a4c19e5188cedeab1bd993c8ccfc91c9c63a63e77ac51b257496016027d8bccb779bd766174fa7ea2d744bd2e2c109cb8b

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1029\resources\safebrowsing\download.png

Filesize
437B

MD5
528381b1f5230703b612b68402c1b587

SHA1
c29228966880e1a06df466d437ec90d1cac5bf2e

SHA256
3129d9eaba1c5f31302c2563ebfa85747eda7a6d3f95602de6b01b34e4369f04

SHA512
9eb45b0d4e3480a2d51a27ac5a6f20b9ef4e12bf8ac608043a5f01a372db5ea41a628458f7a0b02aaba94cd6bb8355a583d17666f87c3f29e82a0b899e9700bd

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1029\resources\sxs.ico

Filesize
43KB

MD5
592b848cb2b777f2acd889d5e1aae9a1

SHA1
2753e9021579d24b4228f0697ae4cc326aeb1812

SHA256
ad566a3e6f8524c705844e95a402cdeb4d6eed36c241c183147409a44e97ebcd

SHA512
c9552f4db4b6c02707d72b6f67c2a11f1cf110b2c4ac5a1b7ac78291a14bf6eb35a9b4a05bc51ac80135504cd9dcad2d7a883249ee2e20a256cb9e9ceeb0032f

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1029\resources\tablo

Filesize
846KB

MD5
16929f802c4e8b18ca2b27410a56183e

SHA1
70959fc3445a0c0ed704c1c50c32949224227599

SHA256
bdda0751ce3cfcedcc482bc349b4fc8e427ad8b06973d2d324dcf70aa3510bd3

SHA512
3efb4f990005ffd484bf2b2a81b9080f61bd5e9216f3359f8d534fca9efa3d19050ca5b514c960aec83a431151a12d9fdbc7eda0b91843e50d2bd03efec22cde

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1029\resources\wallpapers\1-1x.png

Filesize
18KB

MD5
80121a47bf1bb2f76c9011e28c4f8952

SHA1
a5a814bafe586bc32b7d5d4634cd2e581351f15c

SHA256
a62f9fdf3de1172988e01a989bf7a2344550f2f05a3ac0e6dc0ccd39ed1a697e

SHA512
a04df34e61fd30764cf344b339ba2636b9280a358863f298690f6a8533c5e5dfa9773a14f8d16a5bb709ea17cf75e1da6302335aa9120009892e529bfad30df9

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1029\resources\wallpapers\abstract\light.jpg

Filesize
536KB

MD5
3bf3da7f6d26223edf5567ee9343cd57

SHA1
50b8deaf89c88e23ef59edbb972c233df53498a2

SHA256
2e6f376222299f8142ff330e457867bad3300b21d96daec53579bf011629b896

SHA512
fef8e951c6cf5cec82dbeafd306de3ad46fd0d90e3f41dcea2a6046c95ab1ae39bf8a6e4a696580246c11330d712d4e6e8757ba24bbf180eec1e98a4aec1583b

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1029\resources\wallpapers\abstract\light_preview.jpg

Filesize
5KB

MD5
9f6a43a5a7a5c4c7c7f9768249cbcb63

SHA1
36043c3244d9f76f27d2ff2d4c91c20b35e4452a

SHA256
add61971c87104187ae89e50cec62a196d6f8908315e85e76e16983539fba04b

SHA512
56d7bd72c8a380099309c36912513bcafbe1970830b000a1b89256aae20137c88e1e281f2455bb381ab120d682d6853d1ef05d8c57dd68a81a24b7a2a8d61387

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1029\resources\wallpapers\custogray\custogray_full.png

Filesize
313B

MD5
55841c472563c3030e78fcf241df7138

SHA1
69f9a73b0a6aaafa41cecff40b775a50e36adc90

SHA256
a7cd964345c3d15840b88fd9bc88f0d0c34a18edbf1ce39359af4582d1d7da45

SHA512
f7433d17937342d9d44aa86bcc30db9ae90450b84aa745d2c7390ff430449e195b693a8ae6df35d05fee2d97149a58a7d881737d57902d9885c6c55393d25d6f

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1029\resources\wallpapers\custogray\preview.png

Filesize
136B

MD5
0474a1a6ea2aac549523f5b309f62bff

SHA1
cc4acf26a804706abe5500dc8565d8dfda237c91

SHA256
55a236ad63d00d665b86ff7f91f2076226d5ed62b9d9e8f835f7cb998556545f

SHA512
d8e3de4fea62b29fd719376d33a65367a3a2a2a22ed175cc1eeff3e38dfbaac448c97a6fbea55bc6159351d11a6aad97e09cb12548cf297e01bd23bf6074de08

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1029\resources\wallpapers\custogray\wallpaper.json

Filesize
233B

MD5
662f166f95f39486f7400fdc16625caa

SHA1
6b6081a0d3aa322163034c1d99f1db0566bfc838

SHA256
4cd690fb8ed5cd733a9c84d80d20d173496617e8dde6fca19e8a430517349ed5

SHA512
360a175c5e72ff8d2a01ee4e0f365237bbd725b695139ea54afc905e9e57686c5db8864b5abf31373a9cb475adcbdb3db292daf0a53c6eb643a5d61b868ad39b

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1029\resources\wallpapers\fir_tree\fir_tree_preview.png

Filesize
8KB

MD5
d6305ea5eb41ef548aa560e7c2c5c854

SHA1
4d7d24befe83f892fb28a00cf2c4121aeb2d9c5d

SHA256
4c2b561cf301d9e98383d084a200deb7555ec47a92772a94453d3d8d1de04080

SHA512
9330009997d62c1804f1e4cf575345016cda8d6a1dd6cb7d2501df65ea2021df6b8a5bc26809ddfc84e6ff9450f1e404c135561b1b00b9e4915c69e84f89cfec

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1029\resources\wallpapers\fir_tree\wallpaper.json

Filesize
384B

MD5
8a2f19a330d46083231ef031eb5a3749

SHA1
81114f2e7bf2e9b13e177f5159129c3303571938

SHA256
2cc83bc391587b7fe5ddd387506c3f51840b806f547d203ccd90487753b782f1

SHA512
635828e7b6044eeede08e3d2bb2e68bc0dbbe9e14691a9fb6e2bc9a2ac96526d8b39c8e22918ff2d944fb07b2531077f8febd43028be8213aa2fad858b6ee116

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1029\resources\wallpapers\flowers\flowers_preview.png

Filesize
9KB

MD5
ba6e7c6e6cf1d89231ec7ace18e32661

SHA1
b8cba24211f2e3f280e841398ef4dcc48230af66

SHA256
70a7a65aa6e8279a1a45d93750088965b65ea8e900c5b155089ca119425df003

SHA512
1a532c232dd151474fbc25e1b435a5e0d9d3f61372036d97bcaab3c352e7037f1c424b54a8904ef52cf34c13a77b7ab295fb4fd006c3ab86289577f469a6cd4c

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1029\resources\wallpapers\flowers\wallpaper.json

Filesize
387B

MD5
a0ef93341ffbe93762fd707ef00c841c

SHA1
7b7452fd8f80ddd8fa40fc4dcb7b4c69e4de71a0

SHA256
70c8d348f7f3385ac638956a23ef467da2769cb48e28df105d10a0561a8acb9e

SHA512
a40b5f7bd4c2f5e97434d965ef79eed1f496274278f7caf72374989ac795c9b87ead49896a7c9cbcac2346d91a50a9e273669296da78ee1d96d119b87a7ae66a

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1029\resources\wallpapers\huangshan\huangshan.jpg

Filesize
211KB

MD5
c51eed480a92977f001a459aa554595a

SHA1
0862f95662cff73b8b57738dfaca7c61de579125

SHA256
713c9e03aac760a11e51b833d7e1c9013759990b9b458363a856fd29ea108eec

SHA512
6f896c5f7f05524d05f90dc45914478a2f7509ea79114f240396791f658e2f7070e783fab6ac284327361dc2a48c5918b9f1c969b90795ceacce2c5c5bfa56ca

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1029\resources\wallpapers\huangshan\huangshan.webm

Filesize
9.6MB

MD5
b78f2fd03c421aa82b630e86e4619321

SHA1
0d07bfbaa80b9555e6eaa9f301395c5db99dde25

SHA256
05e7170852a344e2f3288fc3b74c84012c3d51fb7ad7d25a15e71b2b574bfd56

SHA512
404fb2b76e5b549cbcba0a8cf744b750068cbd8d0f9f6959c4f883b35bcaa92d46b0df454719ca1cef22f5924d1243ba2a677b2f86a239d20bfad5365dc08650

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1029\resources\wallpapers\huangshan\huangshan_preview.jpg

Filesize
26KB

MD5
1edab3f1f952372eb1e3b8b1ea5fd0cf

SHA1
aeb7edc3503585512c9843481362dca079ac7e4a

SHA256
649c55ccc096cc37dfe534f992b1c7bda68da589258611924d3f6172d0680212

SHA512
ecd9609fbf821239ddcbdc18ef69dade6e32efd10c383d79e0db39389fa890a5c2c6db430a01b49a44d5fa185f8197dbbde2e1e946f12a1f97a8c118634c0c34

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1029\resources\wallpapers\meadow\preview.png

Filesize
5KB

MD5
d10bda5b0d078308c50190f4f7a7f457

SHA1
3f51aae42778b8280cd9d5aa12275b9386003665

SHA256
0499c4cc77a64cc89055b3c65d7af8387f5d42399ff2c0a2622eccbd6d481238

SHA512
668e1a70a50a0decf633167ac23cba6916d0e05d0894daae1f7e3d487519f0a126abd4298430b38f52746a5c3b83ccd520b3d9b0ae1a79f893e36821a0458566

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1029\resources\wallpapers\meadow\wallpaper.json

Filesize
439B

MD5
f3673bcc0e12e88f500ed9a94b61c88c

SHA1
e96e2b2b5c9de451d76742f04cc8a74b5d9a11c0

SHA256
c6581e9f59646e0a51a3194798ec994c7c5c99f28897108838aaf4a4e2bda04a

SHA512
83fb3fe4a3562449a53c13d1c38d5fe9ef1fa55c3006f59b65eace9a6ad4963e768088bc500dbe5266b5979c6ace77874ef11a15a7bd9fabae00ff137e70ecb5

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1029\resources\wallpapers\misty_forest\preview.png

Filesize
5KB

MD5
77aa87c90d28fbbd0a5cd358bd673204

SHA1
5813d5759e4010cc21464fcba232d1ba0285da12

SHA256
ea340a389af6d7ad760dff2016cf4e79488bda1a45d0a415b3cd02a4430c9711

SHA512
759519b8822a6a4b88fc9ba47fa9d5d898b2f5a0f359acfbefc04809e6d7f5df86fb130f191eb6f63322792a18c0e7170aedf3ce7060fd9ad7e1bec2e686c3b2

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1029\resources\wallpapers\misty_forest\wallpaper.json

Filesize
423B

MD5
2b65eb8cc132df37c4e673ff119fb520

SHA1
a59f9abf3db2880593962a3064e61660944fa2de

SHA256
ebe9cadad41bd573f4b5d20e3e251410300b1695dfdf8b1f1f1276d0f0f8fa6d

SHA512
c85fe6895453d0c38a1b393307b52d828bad8fa60d1d65bb83ffa3c5e17b71aa13cab60955489198503839ce5a4a6c1bb353752ab107f5e5b97908116c987e52

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1029\resources\wallpapers\mountains_preview.jpg

Filesize
35KB

MD5
a3272b575aa5f7c1af8eea19074665d1

SHA1
d4e3def9a37e9408c3a348867169fe573050f943

SHA256
55074794869b59cd5c693dfa6f6615aea068c2cd50cdae6dd69bd0410661ded8

SHA512
c69bf39362658dd6cbd827cf6db0f188a9c4410b3c6b7b532595fd5907974e2141d857942ffb2497282e31eaa33c71240c2c2bd8721046df55e3358e8b76c061

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1029\resources\wallpapers\neuro_dark\neuro_dark_preview.jpg

Filesize
20KB

MD5
7b24c2482e13f1c709fa04840a6e05f4

SHA1
27d308dd3101720cc2fae288b7525ae89f654ea3

SHA256
34ab81fad24e5343f02d1af01318f3bbd010be345b1ff86a1d3d0a243a2e3ac7

SHA512
e2f5c42358fadb3f6237026346e330ddd3c1237c8fceb4b93fb85fffd0498c30358eedc62f5a52fdd2030cdac95a09bc8614926d73d07f053306afea38d8c23f

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1029\resources\wallpapers\neuro_dark\neuro_dark_static.jpg

Filesize
1.7MB

MD5
bc94b91af647ee7d1106bd510c30ab9e

SHA1
a8cf4d3e889e3c7b8805606a5c1bf993c2d5976f

SHA256
e5f2c59ed9e5a0dd5d1597477ba0ca7745f512fdd5519f30f3154bd02bcb558c

SHA512
36ef6607439dfaf51cdf4ff5f544b2a28cd8dd670d2a12bc86e15b315695c00872d206eb31825ab5e445d46ae631826351ff46351f924d3a7bdca64cb2e21bc1

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1029\resources\wallpapers\neuro_light\neuro_light_preview.jpg

Filesize
17KB

MD5
acf549f4fe2b19d1bdb3a06b3b1f7d2a

SHA1
d0eb8c6cb7d1c4b9108ddfc3a3c679912309508d

SHA256
e8bf84c4152526aefcc4cf84a88f591db0803665127ab41a58e1425c3aff7cc9

SHA512
e980233b29dd388c3cf8d3d2da343843aee8309e67d22a118bf07c90af1498fa0f19cb8f4c943ae195754cc2058719b5157717ef0440a92930f88d957afff7da

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1029\resources\wallpapers\neuro_light\neuro_light_static.jpg

Filesize
619KB

MD5
75b6d2830e0ea08ff0ec2d415924d6f9

SHA1
453cfb7151a30cb7d233fcc71bcfb406056b987f

SHA256
547e49d300dc647657254fd4ff4953a330f088a4efb501519badd9e6844ce6bf

SHA512
f96017b368cedbea1ff463398eb2e3512f9bb441ea028d08a50c62077a236e131964ead0a2c3eff0d37ef6ff99c973d690410edf16ed9ae832624dc3c3815812

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1029\resources\wallpapers\peak\preview.png

Filesize
5KB

MD5
1d62921f4efbcaecd5de492534863828

SHA1
06e10e044e0d46cd6dccbcd4bae6fb9a77f8be45

SHA256
f72ea12f6c972edfe3d5a203e1e42cbbaf4985633de419342c2af31363f33dab

SHA512
eec8171bd3bea92e24066e36801f334ac93905b7e8e50935f360e09fa8c9b9f848c4c62b687299e8297c0693d6dbaf9c6035b471e6345d626510b73e3606ee4d

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1029\resources\wallpapers\peak\wallpaper.json

Filesize
440B

MD5
f0ac84f70f003c4e4aff7cccb902e7c6

SHA1
2d3267ff12a1a823664203ed766d0a833f25ad93

SHA256
e491962b42c3f97649afec56ad4ea78fd49845ceb15f36edddd08d9e43698658

SHA512
75e048c1d1db6618ead9b1285846922c16a46ee138a511e21235342a5a6452c467b906578bdd4a56e7b9e0a26535df6fb6319ae1cae238055887b48963fa6ed6

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1029\resources\wallpapers\raindrops\raindrops_preview.png

Filesize
7KB

MD5
28b10d683479dcbf08f30b63e2269510

SHA1
61f35e43425b7411d3fbb93938407365efbd1790

SHA256
1e70fc9965939f6011488f81cd325223f17b07ee158a93c32c124602b506aa6b

SHA512
05e5b5e9c5ef61f33a883b0286c2239cb2a464581d6e8a86d7b179b1887b4cb2cd7304e0821cdd3208501421c44c63c248a5166c790792717a90f8ac528fbf2f

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1029\resources\wallpapers\raindrops\wallpaper.json

Filesize
385B

MD5
5f18d6878646091047fec1e62c4708b7

SHA1
3f906f68b22a291a3b9f7528517d664a65c85cda

SHA256
bcfea0bebf30ee9744821a61fcce6df0222c1a266e0995b9a8cfbb9156eeeefd

SHA512
893b2077a4abaa2fe89676c89f5e428ccd2420177268159395b5568824dd3fe08bea8a8b2f828c6c9297b19e0f8e3a1b7899315c0b07f4b61fc86ce94301518b

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1029\resources\wallpapers\sea.webm

Filesize
12.5MB

MD5
00756df0dfaa14e2f246493bd87cb251

SHA1
39ce8b45f484a5e3aa997b8c8f3ad174e482b1b9

SHA256
fa8d0ae53ebdbec47b533239709b7e1514ecb71278907621ca2d288241eb0b13

SHA512
967670863f3c77af26fa1d44cd7b4fe78148d2ba6ea930b7b29b9f35d606554d664c0577068e0c26fa125d54627d7e7543360bce4acee0af17783b07450b5f52

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1029\resources\wallpapers\sea\sea_preview.png

Filesize
3KB

MD5
3c0d06da1b5db81ea2f1871e33730204

SHA1
33a17623183376735d04337857fae74bcb772167

SHA256
02d8e450f03129936a08b67f3a50ea5d2e79f32c4e8f24d34b464f2cb5e0b086

SHA512
ff0e60c94fc3c0c61d356a26667c5170256e1143b29adf23d4e7d27012da72ed8865ef59dc2046314c7335b8d3d331e5fd78f38b9b92f6af48729dae80f85b15

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1029\resources\wallpapers\sea\wallpaper.json

Filesize
379B

MD5
92e86315b9949404698d81b2c21c0c96

SHA1
4e3fb8ecf2a5c15141bb324ada92c5c004fb5c93

SHA256
c2bb1e5d842c7e5b1b318f6eb7fe1ce24a8209661ddd5a83ab051217ca7c3f65

SHA512
2834b1ef7bb70b2d24c4fedef87cd32c6e8f401d8ee5f3852808f6a557724ce036c31a71298cd0ed601cde4be59ec4042542351c63c4e0ac3d31419f79240956

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1029\resources\wallpapers\sea_preview.jpg

Filesize
59KB

MD5
53ba159f3391558f90f88816c34eacc3

SHA1
0669f66168a43f35c2c6a686ce1415508318574d

SHA256
f60c331f1336b891a44aeff7cc3429c5c6014007028ad81cca53441c5c6b293e

SHA512
94c82f78df95061bcfa5a3c7b6b7bf0b9fb90e33ea3e034f4620836309fb915186da929b0c38aa3d835e60ea632fafd683623f44c41e72a879baf19de9561179

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1029\resources\wallpapers\sea_static.jpg

Filesize
300KB

MD5
5e1d673daa7286af82eb4946047fe465

SHA1
02370e69f2a43562f367aa543e23c2750df3f001

SHA256
1605169330d8052d726500a2605da63b30613ac743a7fbfb04e503a4056c4e8a

SHA512
03f4abc1eb45a66ff3dcbb5618307867a85f7c5d941444c2c1e83163752d4863c5fc06a92831b88c66435e689cdfccdc226472be3fdef6d9cb921871156a0828

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1029\resources\wallpapers\stars\preview.png

Filesize
6KB

MD5
ed9839039b42c2bf8ac33c09f941d698

SHA1
822e8df6bfee8df670b9094f47603cf878b4b3ed

SHA256
4fa185f67eaf3a65b991cea723d11f78de15a6a9a5235848a6456b98a9d7f689

SHA512
85119055ddfc6bc4cca05de034b941b1743cbb787607c053e8c10309572d2ef223786fc454d962fbb5e3cde5320117f9efe99041116db48916bc3d2fcd4ffa25

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1029\resources\wallpapers\stars\wallpaper.json

Filesize
537B

MD5
9660de31cea1128f4e85a0131b7a2729

SHA1
a09727acb85585a1573db16fa8e056e97264362f

SHA256
d1bef520c71c7222956d25335e3ba2ea367d19e6c821fb96c8112e5871576294

SHA512
4cb80766c8e3c77dfb5ca7af515939e745280aa695eca36e1f0a83fb795b2b3ef406472f990a82c727cea42d1b4ef44a0d34a7f4f23e362f2992dbff2527798b

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1029\resources\wallpapers\web\wallpaper.json

Filesize
379B

MD5
e4bd3916c45272db9b4a67a61c10b7c0

SHA1
8bafa0f39ace9da47c59b705de0edb5bca56730c

SHA256
7fdddc908bd2f95411dcc4781b615d5da3b5ab68e8e5a0e2b3d2d25d713f0e01

SHA512
4045e262a0808225c37711b361837070d0aeb5d65a32b5d514cc6f3c86962ba68f7d108bf4d81aa3bf645789d0753029a72c1ce34688a6d7af15f3e854c73f07

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1029\resources\wallpapers\web\web_preview.png

Filesize
8KB

MD5
3f7b54e2363f49defe33016bbd863cc7

SHA1
5d62fbfa06a49647a758511dfcca68d74606232c

SHA256
0bbf72a3c021393192134893777ecb305717ccef81b232961ca97ae4991d9ba8

SHA512
b3b458860701f3bc163b4d437066a58b5d441d8a427a8b03772c9c519c01983e3d3fdb8da20f6a53ad95c88dcdd0298f72822f39bc3672cb6f1d77fcc3f025a9

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\406bdc51-cd42-4aa6-aa54-89670b3c1635.tmp

Filesize
191KB

MD5
62062e555fc716af3e5c843336de3e45

SHA1
0dfe00a12e7c062a03a6d2b7e235f3b2ca991b24

SHA256
3e428d0d81c6506356a2c0801645c89ea06ce5b1c86af7d467b8611ce831585f

SHA512
b4b437edb9281339bb8ebfa7cdebb52e28f394f008460c8e44796c26448c245911df8ff292570077afe943ae4aaeabcabf86b5d72cf7a49329329c729c7d8511

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad\settings.dat

Filesize
48B

MD5
2dc44e62f724254cac82e3e794c94b1e

SHA1
46b68fd4c723ec9a06adab5ff951da00b4d34edb

SHA256
f096579adc52b6223676cc74824344409c3c9b1ab15cc2a4dea46d9084e3568e

SHA512
475247d3c0e1c40826887bd2ace308415f3f00e1992aaab17e4951c488cf8743ca8eed20e08bdd08a2b1b7d287cff68eaac4ca14316333f33c29165e06d26d29

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad\settings.dat

Filesize
48B

MD5
6b2067526b89743f0c88af72be1f1d89

SHA1
f38e0142471ef599487c7dfde6c1eee6d4293bb6

SHA256
df49e85eb84813fbc64245a2364a319e706b7f16a26cd0bcc07decd97fd87c68

SHA512
e9f6e2087207399cba7bd93ed665e2fbce662fd725c634a700351d3396580a077642db30f626376374da0672ed8c14d55d2844419f17749a7ffb89253ddd14ec

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
600B

MD5
39ee2f72b078f78fead6be8d37b7232c

SHA1
0821ab67de3c9923ce0dc1e0411aa391dbc3d9c8

SHA256
1de86a6a55437ec47b5c3abfae34b98f5b260473ed289bbeb1ee38d19d1b35c5

SHA512
aa2009708b311a2d39ee8cc83d2ffe90f71967464d706acb3e22c9b4c3b75bf4e922216265eb797f8f261bb6424057aa2b150ef322bedf9d8d2724e6515d5d7b

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe591a83.TMP

Filesize
48B

MD5
10be3398659323c61f1cbcfb972b4b68

SHA1
88bbe42f291d529d20a0907646b5c9f6036da6a2

SHA256
6a3e45a9e06073d74f16ffbc4dbbb8cde298d0199196740039733cece06b861a

SHA512
1e650898885df79f350e834a1c40b26e4b64a33ae13fd07e3b5657c030de90948c3fb2c6ecfe600100dc7a7db756594703db656358b67f776d5cec39567ee1aa

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\Network Persistent State

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
1cc7f45a47cf292f73d08717e74ee6fa

SHA1
2162f997702b8e9f2ba1fdc1bc669a396ab5e22c

SHA256
d42f8dae698953fc5b9866348cbb5e972edb05b62ca3ac4ba2b543b18abdf4d6

SHA512
92bfbf4ef66a1ef899a87c8bcfdea38e0a1c50f7b1e31bdf565d08362e94918f418489e42b79c78adc584c0055bae5f5944b38d1e9ccac833985383dd80dcf3d

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\Network Persistent State~RFe591c0a.TMP

Filesize
59B

MD5
78bfcecb05ed1904edce3b60cb5c7e62

SHA1
bf77a7461de9d41d12aa88fba056ba758793d9ce

SHA256
c257f929cff0e4380bf08d9f36f310753f7b1ccb5cb2ab811b52760dd8cb9572

SHA512
2420dff6eb853f5e1856cdab99561a896ea0743fcff3e04b37cb87eddf063770608a30c6ffb0319e5d353b0132c5f8135b7082488e425666b2c22b753a6a4d73

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
abb6d7dbfb44e7de9ca55730e6327728

SHA1
2af3a35be97db561d0336385b773212854608507

SHA256
3e5294e40b30d3a65567a68520d9eafa5a616bbf5e0d033caa9bca90aa3aded3

SHA512
d5cc94a4a7c454d632f972048fb56067e0b152b1f6b82bee00928aed9d1e161b16a3f715c7e11ca8556a354107c1a57e5e8533ae08cb08aa9ed771f464b0284f

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
58980bc989ef915d267715a80d3546e5

SHA1
946c72ab7ba58abe2df404923d89044912160948

SHA256
ec67fa756d3cc0d8689b65840fb42ab61b83f7fe50548f993518bb3e9bc20338

SHA512
c8d632892d7c5e893b92081632c2d4408d6506114ce03a5db007fe82dc99cd92eefa8c35a15230e0e57a10b5ac9f5276868d097dd4cb35118aaa7242bb181e99

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0c8baed65cd1479960feeb768d744bc0

SHA1
c1457fc22f7d044d21dd02b171f343dbf8cc99f2

SHA256
e014a41fb6e55d3ae1071793562b41a4c84bab7908b75c75211dc56b1146121f

SHA512
e1b95f8adbb754d7da478bfd36eab38ca0690119361a0f2f5e889651cca8229ce0e44a3ef6d91aafc627a47501b91b7896e888573e20ab44710f55b5d5b4af2b

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
542b19cd90ea5ac006698f3adf189eb3

SHA1
78d80cecdb9c82ecb98d0cac29da92d0ac58c41f

SHA256
25be42e7ceb4ed707f4803ac0c714cc5300eb5a3fad57bf113bd3c5f803d62c9

SHA512
3b10a3fa5d010988f3a6dfab3a26d0dce2127e4e0b6fcbaeafa0917328d3e4448b699498d99476ce42be0069718c3c53a1f311f63e1f372fefe49b83d56a4103

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
db69e130cf857d3fbb0e2034b52c3687

SHA1
67b5a944c5f90f04071edd40199e9274837e3996

SHA256
184f2c3195200fb4b57fbc500569970cc3dc75fb55502305d2e08a0635576c42

SHA512
ac9445ef265399aae57bca95b2d112b4d0ceb68ced6ace329f3b2e894ffa9adfc937f6741e8e3f7cd2c3ef62f81e60a80a8e4cb57840099ba400eaab5d972f06

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity~RFe591b1f.TMP

Filesize
1KB

MD5
b8f4d8944f4362da7b3e11aead94f2d6

SHA1
b6e0436f041751de6ddc76532d914d83f2ccbfc0

SHA256
fb4f5e50001d1b61a3633826159a02c9b76332cf3daa7a0c66d72d788edfbe43

SHA512
6d112005078553a41bce007f35d7b5d0cbeb0167ef422c12826097c792e9b855eb5f53f3cb3bcde7cff477b3f558d00938883f16b010978a6d54e2e01591971c

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Platform Notifications\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

Filesize
15KB

MD5
fa7b82dcbcc3c35e7b175d3f8655de66

SHA1
5ae98a5aa57aa3bb78bd7b3b978d1085c51d3215

SHA256
30ef66f8a6dc7d5003b91cebcd1c5e8f4e540d04cb33cf5080d1da106bc39386

SHA512
ddfac46246c3de0a42ac4d0ac15f0fd8512dc1f41245943d5b6c7f64078009ad2cb794b873eddd2bb6dc299753453c91372b51e51d33847cfd8e9bbf000adaee

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

Filesize
15KB

MD5
41d31e1345ed61d0144301059365ed17

SHA1
29b9cd3fdc974d97520b4feb4d8e30726cd324dc

SHA256
70134f9de3e1f1603777fd8deaebc2e455aa801a032651afa35eaf851126a835

SHA512
c8a4d96208d6a79428833f48fac39fbfe1a47304ac36c5abff93cb824254468f018967358c6645f58325c171e12bfaec04277aae0e005b7ad2bb7bc730569eae

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

Filesize
15KB

MD5
df30ab2cb8633217e45f7dd03c8092e7

SHA1
c6a2c42a168020803a5147617775b1e045b79618

SHA256
f30758c10b24c1cf1d1edafc5a6ddc1632d2d87e119f0230c75452a4ffc83c65

SHA512
c4fa451eb17d5a5145aae5cc5700e46e01e1d00c2988b8787b7b3889de799690bfa2217daf6475cee23937876d60798ebb537cae5b98af4f48a99f40e3191def

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

Filesize
7KB

MD5
b33b338c0138660040955dd1506bbd2f

SHA1
5d272cde8df911da70fee1ab7a5a68aa9ae00804

SHA256
b115c0cfbf9dae3255a941f3e78d30407cf5a7f470e6831c72afcdef795960b3

SHA512
8da06202e42f01389fbaa4f24ee54f409d2032ab2524fa463e8b5e3a77d772ba7310da3f4e4837b33988062eda6fea7272f74872ce83a723f72a7981f2424cd1

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

Filesize
11KB

MD5
73ec5c6e959565385177da0bc67836cd

SHA1
b616ffeeefe5ed4d5a58b251b578926ee3310d4a

SHA256
f980b0c2d890bf3c9bd2fc2b98f5210d03e5ed19157aee135cd1a955ab1013ac

SHA512
10bae63618f44dfddfe63656d7b8dfa5a51ca0834b82fffbe0869542cf7c9b0629bd98549ccefca443d43689dcc6e85f9b6f1651c9f7a1bbcd1c1cb9e1b3aee2

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

Filesize
16KB

MD5
1b19ee66150d1cb110d27f66fb74fb04

SHA1
05af58ab7aaae3e3e249efb9e45eba753437a295

SHA256
31177807e8e0988f79517b07395d45b6f105cb8da485bb75cf68e75baca1beef

SHA512
af03adbd6ce424d89964e6312a6d516b86d10d4db3dccffd6b6f86cf672f70f89dc777e054abc5b395ed72b36d524776be3ea6408a38802296174b42d4f897e1

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences~RFe58701a.TMP

Filesize
3KB

MD5
f46636d5bc563efc33e83879be9a8952

SHA1
20d3a88e12381d80ba5693e26ae46955f0d30c49

SHA256
fff5d53ca76f19693df3d0a9766b0e1bfa396f21ab5512fd138157e9a66bf466

SHA512
a30618a6f35eff808996d10ea47a1e0fe89277729d81d691af461795b94388b71bfb6b6aab66f728af6b6c7d4eebf5bc6273f059ef903c10390044605ff4b96c

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Secure Preferences

Filesize
10KB

MD5
4a27b4f183563848d86104bb4315e058

SHA1
46da2fe238c46f7444b52755f5b13aad38da16e9

SHA256
7e9f52cf8818708e9699ea5bb48e7b49ae6ceedaa96d5821192aac1e58983f20

SHA512
bc6cc08ed6d02c2146aa483e8b970a5ae77745d89b27047f381969bfd1934d1c6220ce84e78ce6d304c7c5077d208bb7e48649bf867f19e03bf234cc0d85d834

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Secure Preferences~RFe5870d6.TMP

Filesize
1KB

MD5
b3d0f825f196eafd0246c1a2e496694b

SHA1
4975c4173295b2123cef496ab31d764ee65dbce4

SHA256
30101f0e1746653a150c20374ad5d868e272bd1191c0e362a0bc7d21a5e7fca0

SHA512
fa81786380a027bcd660b0e5d75d276aff54201a4dcfffa7f9e5b64e9f59da95c9a6a1f1f986c3b28587c9d56cf41d13ef97c0638695f402849f65b708617194

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Shared Dictionary\cache\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Site Characteristics Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Tablo

Filesize
383KB

MD5
27425d9f55cee30f8f1d3ba77a2b7de2

SHA1
2b706b6f81b6222abf5138f38df9444d6e0a4ead

SHA256
a8a0897ccdd2b941b49ccaffb50a9f9933c496be1d3152330237fe0bf1e37487

SHA512
8bf194bd2485941116d26b4a6dd004a3ae930a019772c51e70288350f66c327f13d239b3fc6dc57317ed5271dba4d8db404906e1f90a8f124e547af845f56f96

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Tablo

Filesize
150KB

MD5
2120e1230851a211f31bbba754c039d4

SHA1
b61e817b965b1b0b25728434b11125660c3efea0

SHA256
6dc17ca669596fe77cb6d645c9ce0042bcb2eb0fad8a6dd97aed1d735670d3b3

SHA512
95fb4662f29d71d9cff5b218aef3f6bb27b660421afd575b7aa840ecd2ef81ee0ea24d4f069bb71fd0afc5a4b42869f42809e391b92f6095b94604ff26cb177f

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\e4c366f3-6ae5-4d69-96f8-c43e3167ccfb\index-dir\the-real-index

Filesize
4KB

MD5
fba88b7b2c211350c30a49cff66bec3a

SHA1
858365f2e24e1751155c47782247ed0b7ce37508

SHA256
c3677c506eefebe4d8c8ad6603c57269a78c5e00efb4b7e422da2c5c60739a91

SHA512
14f433585ccbfccda6c326e5c7acd897c6e906f4f209b1488c855c8d1883ac74a4a4540ade08b584676d3bd2bc95959a1b406fbed016deaea90b85355fe0c77a

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\e4c366f3-6ae5-4d69-96f8-c43e3167ccfb\index-dir\the-real-index~RFe58ceb5.TMP

Filesize
4KB

MD5
81fb56770e40ba565e8cb21334d7bf92

SHA1
311859b5e89da20baafe0ba8c63e77f87c4150ab

SHA256
76397f73452e11544a26d3f7ed1236037d2cfae5d642a352dbe2542a8514cd70

SHA512
b8cf0a1f7d7d1205b10b59b123ce99b275c53deec47d8997ea3c886b0e7321462b008295e1c54c2255f67c8ae90be63c92ac16932965bbfd77675e3e9a2ff1bd

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\bcadigmkecmhhknameopgaidphameinh\Icons\128.png

Filesize
11KB

MD5
363bbbffe31e45e3945aa0ff3b8cdd1d

SHA1
f223255a82218ddd45bdf54a0cf1e8b438a67edc

SHA256
39b835c3dcf4261025de83d49ab151f5af0bc1ed8845932065aa1a333f026684

SHA512
7bbfb3810a2bed3d2a8a899afa95412cca95fa6916b1684ae3182bd0ad28faa7076fdf328281d106a53c10385667729b4089b0050610e87eadef2f3ff54e80be

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\bcadigmkecmhhknameopgaidphameinh\Icons\16.png

Filesize
699B

MD5
238b0e7dc06028db4b6aba8078740ffb

SHA1
5fd2309587993b371beabb7a9d039e0dba3006ba

SHA256
d159e510392f6da58c4d15cc098171d45c7b02a1362cbf7be7a2d47a1a10e7fc

SHA512
1dda4de21be647067c04dfc47174df39d0c6c1eeee3e9005211f908351b69d6a27ed268b5ec7480285fb203a95136a3a205f7bafb7eb5223a3dcbab0dadc0e5d

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\bcadigmkecmhhknameopgaidphameinh\Icons\256.png

Filesize
24KB

MD5
a363094ba5e40a4760a9bf566e5defd3

SHA1
1e74e20f48ec878bd0b76448c722168879c5b387

SHA256
05ae2d6161a3acd83798ec56dbc45087e6aeb0a1376401f55aa46539b1d95559

SHA512
ce30f312cc08366aa588e75b229c178a83cf6d464a1051bd1118b81e5166085a2b1bcfbff97804f3e8662366b59f43a659e4b0e315dabad125f16ec9ad9ac379

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\bcadigmkecmhhknameopgaidphameinh\Icons\32.png

Filesize
1KB

MD5
d2e7ab79b45eda7c4421f296abf37c52

SHA1
8490f4e098d50ec161e64db912f8430826daf2bc

SHA256
ded3490683fcf3c5b87803bb1835759df2b65831a6257a326709a708a1dd45ac

SHA512
094c2150f872e727980f84b6c011f13210d43cbfd9437825b3b014211c69d7bd3f6367e9913370b624ddad270cfe91c190ebf2c5f5fd4e082b5d6c85199cb6b1

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\bcadigmkecmhhknameopgaidphameinh\Icons\48.png

Filesize
2KB

MD5
7cf35c8c1a7bd815f6beea2ef9a5a258

SHA1
758f98bfed64e09e0cc52192827836f9e1252fd1

SHA256
67c320fa485a8094fc91cd3fcd59a7c75d2474e3046a7eb274b01863257fbe01

SHA512
0bbebde654c9f44cf56b74fc1a9525b62c88724ec80658efede3cbb370c3a6d4f3e78df459bbd0559a51838f4a172bdfcd370bd5477038309024b77cd69f2a15

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\bcadigmkecmhhknameopgaidphameinh\Icons\64.png

Filesize
4KB

MD5
6f5486bcca8c4ce582982a196d89ece5

SHA1
4648ae13d71b2ff681cabc5d0b5b4bb242cb78a2

SHA256
c870819a5c73e2ea5f94312bdf10fc56668d3311ef2eab6509b659efb456bb8d

SHA512
9a36d519a9cadf5b464a98082511906cc5f24c4218f6bc2ae323f6b38bf5fd413614807ef0d442801bfbc3b2ce2a0527b0f7be24fd51f49cbde6b5dfe2cafd7c

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\bcadigmkecmhhknameopgaidphameinh\Icons\96.png

Filesize
7KB

MD5
115decbc3eb53574b2582f15a0996e83

SHA1
598a1d495135f767be6d03cf50418615b22146b6

SHA256
07fbfbda84eb5467b120fb3f9b4e028077303098bac8c2934635b14bbda847e0

SHA512
af237ddb585ad38fd0fc3d0f0b75c60d0117e965a548bda055b2625f86ee7d91fedc840e1afa2fe80814f152732371255133faa21c3d774ca9691446541cf46c

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\fdd2ee8d-9d69-4ba8-8066-7ae3e31c33d3.tmp

Filesize
160KB

MD5
54497ce2271deb0e673ec048b44da343

SHA1
5f886314234b7aa6a4da5efc937a9d63ed007727

SHA256
3dcf052bb8050fa32f28873bb665f63f457799cb9a92549fb2dbea94014f929b

SHA512
d0d77d763b1b12c1b9d7a9a3f2aee4640ed5fb10d828b7c3c2cb051504c2b7b6438309124b934b346a4152c0aca009883d6bda42dc997188b8ca2736ac3419c9

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\turboapp_db.json

Filesize
38KB

MD5
8ff1c5be8fb6139cab67af757551f74d

SHA1
c47153924e27f207d9254670b9ae5c235245af87

SHA256
788f021276074fffb759c36b15e758b76cbb90b6f567e7a0fc5fd01b9fa9b114

SHA512
a06067f62bee838bb288c8dda156e0dfd520d6d438806569dd25e129bac70d37c9501e07edc63f5a46ef3dcb632edc28e20314a41f8ec058a11fc544edad770c

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\turboapp_db.json

Filesize
38KB

MD5
5fd97abac392d00172b9aed253ec66cf

SHA1
17fb82f3b5c9a61b8f30fa8f4e2e32013a13d69f

SHA256
4eb761e353247fc37c76605a61e31cf5e6aa7629f0f79a08fa41c6653896e964

SHA512
a126857e42d1130f880258bc2c55376586984fb724ee034fc25dd115dccfc0c20c4f8f5664f5af44691095c678d9f39e4f8ed8ced85a32826a2ff5127a7d8649

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\turboapp_db.json~RFe587318.TMP

Filesize
23KB

MD5
62fb896a9be6aab811773f33ff340bb0

SHA1
ec5ce571652967c25368ec8863e9ca89c0f385ed

SHA256
7c8220190327372023135bdcf44c854557ff6215724e683f94e1d1bb075520d7

SHA512
93a9e37e1a0f04b58571cfdfabc95c30a1ac6a5a2e93c80ec127a171f895f1fdd8c707da8bf755afaf208ebdec18c429c05d5f14e85f8ac9add51bcb37ff8a3c

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\GrShaderCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\GrShaderCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\GrShaderCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\component_crx_cache\oimompecagnajdejgnnjijobebaeigek_1.d9a253514b6a010dfc1916c55246797e5773f13844ea3ec2d25078e845fef760

Filesize
13.7MB

MD5
17c227679ab0ed29eae2192843b1802f

SHA1
cc78820a5be29fd58da8ef97f756b5331db3c13e

SHA256
d9a253514b6a010dfc1916c55246797e5773f13844ea3ec2d25078e845fef760

SHA512
7e33288afd65948a5752323441c42fcc437d7c12d1eaf7a9b6ae1995784d0771e15637f23cc6bc958e40ea870414543d67a27b4c20331fde93d5b6dc6a59cbaf

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\google_import_script\24.8.5.0\_metadata\yandex\verified_contents.json

Filesize
989B

MD5
720d8a1452473a2a1c97bd71d19a85db

SHA1
ef027ebc3a191375d952a0b0539de7cd1eac3eba

SHA256
08404d106e3ddbfe839d0869a2a07de692ac1ecc6aa02fb2003e679af2358469

SHA512
3cc756962f182284f69698fa4a08bf9b7346e9f011fbb4da28ed3a5a8a7dc1eed9dfae4cb83be649c702f65c7ffc5daa314f824280592e6545a6463b27e8cede

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\google_import_script\24.8.5.0\script

Filesize
4KB

MD5
b807ebd3002f71c1de6deb285528a920

SHA1
14b2c18684174abd078600bc9ac95628c00ea952

SHA256
8b44c53ea53b3ff1465263dec2380c68e88e4964984dbdc1497ff2aeedb010d6

SHA512
2885e6e91a8ddb346b15ee22f8bd0ea4735314d16a7a480c999b890fc3fcf68e5ab7ee137c7e788f1652f889f23ed920e70cd58bd9300a1e0af44babeeb9fdab

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\yandex.website

Filesize
488B

MD5
2baf611b1b6876e6c393054aa8c46a0a

SHA1
3d26e532d5b37939b51884bfb53732070c4dca9a

SHA256
5f7570144541408b41c15373bb8870e7bde53ad3c5413e2f6000e6f0e449b853

SHA512
1a0dc02bdd53e1bd49b2a72b10828463f5c8bed8a17b8498eb4ae939a40dfd8bcaeba1feac1190f5595b4da245a7aa0e4507724ef9fb74172b29581e885cd563

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex.lnk

Filesize
2KB

MD5
2437d8e5240ec49b225560c5b3473a91

SHA1
21f1421a54ca4c82f010df6bbe3d601a457d152a

SHA256
bb937f04931fd0646f7db8a58d82bfd7f9db00c2b06a0bc103de112bf8d542c3

SHA512
89b7be4a3ba975696c312e77ff8a7579590e2729abc6dcee8478c3f731493fbb2fbdb4811adbbd497ab9d63c4285a959fd1ae45085ce6d36f54ef4a8846dead3

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
57baa6e2450758b43bfbd902ca339e4b

SHA1
080ac5ae02f3c992d8042c6d1038cc9a7f712e9d

SHA256
7a4b2168d0abc6ea72aacd8aacc896e84e26ea7eba5eae4e01468326db3ec26b

SHA512
f00f5dff6ec8447b95de626a3808738efc9bfc750995c43ad959ff658c866f7c1cc8ea1d258e72680a88454de8fb71569b3811c5f5306d74976d4cf65e3a4271

Download Submit
C:\Windows\Temp\sdwra_3488_1071071119\service_update.exe

Filesize
2.9MB

MD5
15886a3a4dfbbcd9e422e1f130e12f02

SHA1
9a79dd81b1d9201fa74ea568a604d41e653b3a11

SHA256
26f94ec35d9ce5816044fb58df265e10ea8cb53b96105427ea4bf6cb57ce485f

SHA512
a14c76b4e5042e264034849d05753ec387dfcbfbcd8015d58254e468dca269f9d5f0e4fb91c762b2eac57133692768447d3ed77c306b4b34e497a4b5764122ac

Download Submit
memory/232-1147-0x00007FFCC1350000-0x00007FFCC1351000-memory.dmp

Filesize
4KB

Download
memory/232-1146-0x00007FFCBF9D0000-0x00007FFCBF9D1000-memory.dmp

Filesize
4KB

Download
memory/844-1795-0x000002818F8D0000-0x000002818F9FA000-memory.dmp

Filesize
1.2MB

Download
memory/2200-1666-0x00000168F1A80000-0x00000168F1E4D000-memory.dmp

Filesize
3.8MB

Download
memory/2200-1668-0x00000168F1A80000-0x00000168F1E4D000-memory.dmp

Filesize
3.8MB

Download
memory/2200-1669-0x00000168EA8F0000-0x00000168EA8F1000-memory.dmp

Filesize
4KB

Download
memory/2200-1066-0x00007FFCC0060000-0x00007FFCC0061000-memory.dmp

Filesize
4KB

Download
memory/2200-1667-0x00000168F1A80000-0x00000168F1E4D000-memory.dmp

Filesize
3.8MB

Download
memory/2200-1665-0x00000168EA8E0000-0x00000168EA8E1000-memory.dmp

Filesize
4KB

Download
memory/2200-1794-0x00000168E7E00000-0x00000168E7F2A000-memory.dmp

Filesize
1.2MB

Download