170e58ad15c295b733caca94b3737c7a7e145562bec4c940dd9030e7bf2cb9a6

Analysis

max time kernel
88s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21/08/2024, 18:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

170e58ad15c295b733caca94b3737c7a7e145562bec4c940dd9030e7bf2cb9a6.exe
Size

10.4MB
MD5

8cc689ef8ff2c65b2b34469c0a586cc1
SHA1

51917ae28e6a1a35eb5825d46debcf8e62148bd1
SHA256

170e58ad15c295b733caca94b3737c7a7e145562bec4c940dd9030e7bf2cb9a6
SHA512

7b8346360f4f964eeed16a25416f11a0392c18d64b2a6878665225500df8f26dd78f3cbafbfd571f283fe343f688a407cf0f720a1b328f08fcb8fce477f45ec4
SSDEEP

196608:uVBPUSSJ7PbDdh0HtQba8z1sjzkAilU4I4:ubs5J7PbDjOQba8psjzyz

Score

8^/10

discovery persistence spyware stealer

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 12 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Control Panel\International\Geo\Nation	170e58ad15c295b733caca94b3737c7a7e145562bec4c940dd9030e7bf2cb9a6.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Control Panel\International\Geo\Nation	setup.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Control Panel\International\Geo\Nation	explorer.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Control Panel\International\Geo\Nation	Yandex.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Control Panel\International\Geo\Nation	service_update.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Control Panel\International\Geo\Nation	explorer.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Control Panel\International\Geo\Nation	browser.exe

Executes dropped EXE 51 IoCs

pid	Process
2480	yb5436.tmp
4204	setup.exe
4692	setup.exe
2428	setup.exe
4992	service_update.exe
4724	service_update.exe
1148	service_update.exe
2992	service_update.exe
4828	service_update.exe
4756	service_update.exe
5276	explorer.exe
5312	explorer.exe
5704	Yandex.exe
5820	explorer.exe
6008	clidmgr.exe
6080	clidmgr.exe
1780	browser.exe
772	browser.exe
1692	browser.exe
5532	browser.exe
5600	browser.exe
5072	browser.exe
5736	browser.exe
5756	browser.exe
5792	browser.exe
5804	browser.exe
1676	browser.exe
5432	browser.exe
6808	setup.exe
2524	setup.exe
6548	browser.exe
6096	browser.exe
2296	browser.exe
1432	browser.exe
2420	browser.exe
6516	browser.exe
6472	browser.exe
6640	browser.exe
6960	browser.exe
6984	browser.exe
7000	browser.exe
7024	browser.exe
7048	browser.exe
7084	browser.exe
7068	browser.exe
6888	browser.exe
4832	browser.exe
6504	browser.exe
5684	browser.exe
6664	browser.exe
6056	browser.exe

Loads dropped DLL 64 IoCs

pid	Process
1780	browser.exe
772	browser.exe
1780	browser.exe
5600	browser.exe
5600	browser.exe
1692	browser.exe
1692	browser.exe
5532	browser.exe
5532	browser.exe
5072	browser.exe
5072	browser.exe
5756	browser.exe
5756	browser.exe
5792	browser.exe
5804	browser.exe
5792	browser.exe
5804	browser.exe
1692	browser.exe
1692	browser.exe
1692	browser.exe
5736	browser.exe
5736	browser.exe
1692	browser.exe
1692	browser.exe
1692	browser.exe
1692	browser.exe
1676	browser.exe
1676	browser.exe
5432	browser.exe
5432	browser.exe
6548	browser.exe
6548	browser.exe
6096	browser.exe
6096	browser.exe
2296	browser.exe
2296	browser.exe
1432	browser.exe
1432	browser.exe
2420	browser.exe
2420	browser.exe
6516	browser.exe
6472	browser.exe
6516	browser.exe
6472	browser.exe
6640	browser.exe
6640	browser.exe
6960	browser.exe
6984	browser.exe
6960	browser.exe
6984	browser.exe
7000	browser.exe
7024	browser.exe
7024	browser.exe
7000	browser.exe
7048	browser.exe
7068	browser.exe
7048	browser.exe
7068	browser.exe
7084	browser.exe
7084	browser.exe
6888	browser.exe
4832	browser.exe
6888	browser.exe
4832	browser.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Unexpected DNS network traffic destination 34 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	77.88.8.1
Destination IP	77.88.8.1
Destination IP	77.88.8.1
Destination IP	77.88.8.1
Destination IP	77.88.8.1
Destination IP	77.88.8.1
Destination IP	77.88.8.1
Destination IP	77.88.8.1
Destination IP	77.88.8.1
Destination IP	77.88.8.1
Destination IP	77.88.8.1
Destination IP	77.88.8.1
Destination IP	77.88.8.8
Destination IP	77.88.8.1
Destination IP	77.88.8.1
Destination IP	77.88.8.1
Destination IP	77.88.8.8
Destination IP	77.88.8.1
Destination IP	77.88.8.1
Destination IP	77.88.8.1
Destination IP	77.88.8.8
Destination IP	77.88.8.8
Destination IP	77.88.8.1
Destination IP	77.88.8.1
Destination IP	77.88.8.1
Destination IP	77.88.8.1
Destination IP	77.88.8.1
Destination IP	77.88.8.1
Destination IP	77.88.8.1
Destination IP	77.88.8.1
Destination IP	77.88.8.1
Destination IP	77.88.8.1
Destination IP	77.88.8.1
Destination IP	77.88.8.8

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\YandexBrowserAutoLaunch_45886AE68CD319C7351FF54A1DBD4B87 = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --shutdown-if-not-closed-by-system-restart"	browser.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks system information in the registry 2 TTPs 3 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	browser.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	browser.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	browser.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\system32\config\systemprofile\AppData\Roaming\Yandex\ui	service_update.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1076\service_update.exe	service_update.exe
File opened for modification	C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1076\service_update.exe	service_update.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\Tasks\System update for Yandex Browser.job	service_update.exe
File created	C:\Windows\Tasks\Update for Yandex Browser.job	service_update.exe
File created	C:\Windows\Tasks\Repairing Yandex Browser update service.job	service_update.exe
File created	C:\Windows\Tasks\Обновление Браузера Яндекс.job	browser.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	170e58ad15c295b733caca94b3737c7a7e145562bec4c940dd9030e7bf2cb9a6.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Yandex.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	clidmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	clidmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	170e58ad15c295b733caca94b3737c7a7e145562bec4c940dd9030e7bf2cb9a6.exe

Enumerates system info in registry 2 TTPs 5 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	browser.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	browser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	browser.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	browser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	browser.exe

Modifies data under HKEY_USERS 6 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133687384232270156"	browser.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\Yandex	service_update.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	service_update.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\AppDataLow	service_update.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\Yandex\UICreated_SYSTEM = "1"	service_update.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	browser.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\YandexWEBP.SUW7AOWUISCUORGBRD6LS6VK24\ = "Yandex Browser WEBP Document"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\SystemFileAssociations\.webp\shell	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\.fb2\OpenWithProgids	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\YandexINFE.SUW7AOWUISCUORGBRD6LS6VK24\shell\open\command	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\yabrowser\shell\open\ddeexec	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\YandexWEBP.SUW7AOWUISCUORGBRD6LS6VK24\Application\ApplicationIcon = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,0"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\.epub\OpenWithProgids\YandexEPUB.SUW7AOWUISCUORGBRD6LS6VK24	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\YandexEPUB.SUW7AOWUISCUORGBRD6LS6VK24\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\YandexEPUB.SUW7AOWUISCUORGBRD6LS6VK24\shell\open	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\.css\OpenWithProgids	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\.jpeg	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\.xht\OpenWithProgids\YandexHTML.SUW7AOWUISCUORGBRD6LS6VK24	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\.webp\OpenWithProgids	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\YandexSVG.SUW7AOWUISCUORGBRD6LS6VK24\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-123"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\YandexTXT.SUW7AOWUISCUORGBRD6LS6VK24\shell\open\command	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\YandexCSS.SUW7AOWUISCUORGBRD6LS6VK24\Application	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\SystemFileAssociations\.jpeg\shell\image_search\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --image-search=\"%1\""	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\YandexCRX.SUW7AOWUISCUORGBRD6LS6VK24	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\YandexEPUB.SUW7AOWUISCUORGBRD6LS6VK24\shell\open\command	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\.webm\OpenWithProgids\YandexWEBM.SUW7AOWUISCUORGBRD6LS6VK24	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\YandexJPEG.SUW7AOWUISCUORGBRD6LS6VK24\shell\open	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\YandexWEBM.SUW7AOWUISCUORGBRD6LS6VK24\ = "Yandex Browser WEBM Document"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\.xml\OpenWithProgids	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\YandexSVG.SUW7AOWUISCUORGBRD6LS6VK24\Application\AppUserModelId = "Yandex.SUW7AOWUISCUORGBRD6LS6VK24"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\YandexWEBP.SUW7AOWUISCUORGBRD6LS6VK24\ = "Yandex Browser WEBP Document"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\YandexJS.SUW7AOWUISCUORGBRD6LS6VK24	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\YandexJS.SUW7AOWUISCUORGBRD6LS6VK24\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-126"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\YandexJPEG.SUW7AOWUISCUORGBRD6LS6VK24	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\YandexTXT.SUW7AOWUISCUORGBRD6LS6VK24\shell\open	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\SystemFileAssociations\.png\shell	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\SystemFileAssociations\.webp\shell\image_search\ = "Поиск по картинке"	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\YandexFB2.SUW7AOWUISCUORGBRD6LS6VK24	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\.jpeg	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\YandexTXT.SUW7AOWUISCUORGBRD6LS6VK24	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\YandexCSS.SUW7AOWUISCUORGBRD6LS6VK24\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-124"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\YandexCSS.SUW7AOWUISCUORGBRD6LS6VK24\Application\ApplicationIcon = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,0"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\YandexJPEG.SUW7AOWUISCUORGBRD6LS6VK24\shell	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\YandexPDF.SUW7AOWUISCUORGBRD6LS6VK24\Application\ApplicationIcon = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,0"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\YandexBrowser.crx\Application\ApplicationIcon = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,0"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\YandexTXT.SUW7AOWUISCUORGBRD6LS6VK24\Application\ApplicationName = "Yandex"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\YandexHTML.SUW7AOWUISCUORGBRD6LS6VK24\shell\open\command	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\YandexGIF.SUW7AOWUISCUORGBRD6LS6VK24\Application\ApplicationIcon = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,0"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\YandexSVG.SUW7AOWUISCUORGBRD6LS6VK24\ = "Yandex Browser SVG Document"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\YandexCRX.SUW7AOWUISCUORGBRD6LS6VK24\Application\AppUserModelId = "Yandex.SUW7AOWUISCUORGBRD6LS6VK24"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\YandexCSS.SUW7AOWUISCUORGBRD6LS6VK24\Application\ApplicationCompany = "Yandex"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\YandexFB2.SUW7AOWUISCUORGBRD6LS6VK24\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\YandexSVG.SUW7AOWUISCUORGBRD6LS6VK24\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\.xml	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\YandexPNG.SUW7AOWUISCUORGBRD6LS6VK24\shell\open\command	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\YandexCRX.SUW7AOWUISCUORGBRD6LS6VK24\shell\open	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\YandexCRX.SUW7AOWUISCUORGBRD6LS6VK24\Application\AppUserModelId = "Yandex.SUW7AOWUISCUORGBRD6LS6VK24"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\SystemFileAssociations\.gif\shell\image_search\Icon = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,0"	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\YandexSVG.SUW7AOWUISCUORGBRD6LS6VK24\shell\open	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\YandexSWF.SUW7AOWUISCUORGBRD6LS6VK24\DefaultIcon	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\YandexTXT.SUW7AOWUISCUORGBRD6LS6VK24\shell\open\command	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\.epub	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\YandexCSS.SUW7AOWUISCUORGBRD6LS6VK24\Application\ApplicationDescription = "Яндекс\u00a0Браузер – это быстрая и\u00a0удобная программа для\u00a0работы в\u00a0интернете и\u00a0просмотра веб-страниц."	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\YandexGIF.SUW7AOWUISCUORGBRD6LS6VK24\shell\open	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\YandexJPEG.SUW7AOWUISCUORGBRD6LS6VK24\Application	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\.htm\OpenWithProgids\YandexHTML.SUW7AOWUISCUORGBRD6LS6VK24	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\YandexBrowser.crx\Application\ApplicationDescription = "Яндекс\u00a0Браузер – это быстрая и\u00a0удобная программа для\u00a0работы в\u00a0интернете и\u00a0просмотра веб-страниц."	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\YandexCRX.SUW7AOWUISCUORGBRD6LS6VK24\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\YandexSWF.SUW7AOWUISCUORGBRD6LS6VK24\Application\ApplicationCompany = "Yandex"	setup.exe

Modifies system certificate store 2 TTPs 14 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E	170e58ad15c295b733caca94b3737c7a7e145562bec4c940dd9030e7bf2cb9a6.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 5c000000010000000400000000100000190000000100000010000000ea6089055218053dd01e37e1d806eedf0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254830400000001000000100000001bfe69d191b71933a372a80fe155e5b52000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd	170e58ad15c295b733caca94b3737c7a7e145562bec4c940dd9030e7bf2cb9a6.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8094640EB5A7A1CA119C1FDDD59F810263A7FBD1\Blob = 5c000000010000000400000000100000190000000100000010000000cb9dd0fceaaa492f75ce292c21bbfbdd0300000001000000140000008094640eb5a7a1ca119c1fddd59f810263a7fbd17e00000001000000080000000080c82b6886d7017a000000010000000c000000300a06082b060105050703091d0000000100000010000000521f5c98970d19a8e515ef6eeb6d48ef140000000100000014000000ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a07f0000000100000016000000301406082b0601050507030306082b060105050703096200000001000000200000002cabeafe37d06ca22aba7391c0033d25982952c453647349763a3ab5ad6ccf690b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520036000000090000000100000056000000305406082b0601050507030206082b06010505070303060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000007e000000307c301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301f06092b06010401a032010230123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000030000000ea09c51d4c3a334ce4acd2bc08c6a9be352e334f45c4fccfcab63edb9f82dc87d4bd2ed2fadae11163fb954809984ff10400000001000000100000004fdd07e4d42264391e0c3742ead1c6ae200000000100000087050000308205833082036ba003020102020e45e6bb038333c3856548e6ff4551300d06092a864886f70d01010c0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3134313231303030303030305a170d3334313231303030303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820222300d06092a864886f70d01010105000382020f003082020a02820201009507e873ca66f9ec14ca7b3cf70d08f1b4450b2c82b448c6eb5b3cae83b841923314a46f7fe92accc6b0886bc5b689d1c6b2ff14ce511421ec4add1b5ac6d687ee4d3a1506ed64660b9280ca44de73944ef3a7897f4f786308c812506d42662f4db979284d521a8a1a80b719810e7ec48abc644c211c4368d73d3c8ac5b266d5909ab73106c5bee26d3206a61ef9b9ebaaa3b8bfbe826350d0f01889dfe40f79f5eaa21f2ad2702e7be7bc93bb6d53e2487c8c100738ff66b277617ee0ea8c3caab4a4f6f3954a12076dfd8cb289cfd0a06177c85874b0d4233af75d3acaa2db9d09de5d442d90f181cd5792fa7ebc50046334df6b9318be6b36b239e4ac2436b7f0efb61c135793b6deb2f8e285b773a2b835aa45f2e09d36a16f548af172566e2e88c55142441594eea3c538969b4e4e5a0b47f30636497730bc7137e5a6ec210875fce661163f77d5d99197840a6cd4024d74c014edfd39fb83f25e14a104b00be9feee8fe16e0bb208b36166096ab1063a659659c0f035fdc9da288d1a118770810aa89a751d9e3a8605009edb80d625f9dc059e27594c76395beaf9a5a1d8830fd1ffdf3011f985cf3348f5ca6d64142c7a584fd34b0849c595641a630e793df5b38cca58ad9c4245796e0e87195c54b165b6bf8c9bdc13e90d6fb82edc676ec98b11b584148a0019708379919791d41a27bf371e3207d814633c284caf0203010001a3633061300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0301f0603551d23041830168014ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0300d06092a864886f70d01010c050003820201008325ede8d1fd9552cd9ec004a09169e65cd084dedcada24fe84778d66598a95ba83c877c028ad16eb71673e65fc05498d574bec1cde21191ad23183ddde1724496b4955ec07b8e99781643135657b3a2b33bb577dc4072aca3eb9b353eb10821a1e7c443377932beb5e79c2c4cbc4329998e30d3ac21e0e31dfad80733765400222ab94d202e7068dae553fc835cd39df2ff440c4466f2d2e3bd46001a6d02ba255d8da13151dd54461c4ddb9996ef1a1c045ca615ef78e079fe5ddb3eaa4c55fd9a15a96fe1a6fbdf7030e9c3ee4246edc2930589fa7d637b3fd071817c00e898ae0e7834c325fbaf0a9f206bdd3b138f128ce2411a487a73a07769c7b65c7f82c81efe581b282ba86cad5e6dc005d27bb7eb80fe2537fe029b68ac425dc3eef5ccdcf05075d236699ce67b04df6e0669b6de0a09485987eb7b14607a64aa6943ef91c74cec18dd6cef532d8c99e15ef2723ecf54c8bd67eca40f4c45ffd3b93023074c8f10bf8696d9995ab499571ca4ccbb158953ba2c050fe4c49e19b11834d54c9dbaedf71faf24950478a803bbee81e5da5f7c8b4aa1907425a7b33e4bc82c56bdc7c8ef38e25c92f079f79c84ba742d6101207e7ed1f24f07595f8b2d4352eb460c94e1f566477977d5545b1fad2437cb455a4ea04448c8d8b099c5158409f6d64949c065b8e61a716ea0a8f182e8453e6cd602d70a6783055ac9a410	explorer.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 1900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82	170e58ad15c295b733caca94b3737c7a7e145562bec4c940dd9030e7bf2cb9a6.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0400000001000000100000001bfe69d191b71933a372a80fe155e5b50f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e190000000100000010000000ea6089055218053dd01e37e1d806eedf2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd	170e58ad15c295b733caca94b3737c7a7e145562bec4c940dd9030e7bf2cb9a6.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8094640EB5A7A1CA119C1FDDD59F810263A7FBD1\Blob = 190000000100000010000000cb9dd0fceaaa492f75ce292c21bbfbdd0300000001000000140000008094640eb5a7a1ca119c1fddd59f810263a7fbd17e00000001000000080000000080c82b6886d7017a000000010000000c000000300a06082b060105050703091d0000000100000010000000521f5c98970d19a8e515ef6eeb6d48ef140000000100000014000000ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a07f0000000100000016000000301406082b0601050507030306082b060105050703096200000001000000200000002cabeafe37d06ca22aba7391c0033d25982952c453647349763a3ab5ad6ccf690b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520036000000090000000100000056000000305406082b0601050507030206082b06010505070303060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000007e000000307c301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301f06092b06010401a032010230123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000030000000ea09c51d4c3a334ce4acd2bc08c6a9be352e334f45c4fccfcab63edb9f82dc87d4bd2ed2fadae11163fb954809984ff1200000000100000087050000308205833082036ba003020102020e45e6bb038333c3856548e6ff4551300d06092a864886f70d01010c0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3134313231303030303030305a170d3334313231303030303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820222300d06092a864886f70d01010105000382020f003082020a02820201009507e873ca66f9ec14ca7b3cf70d08f1b4450b2c82b448c6eb5b3cae83b841923314a46f7fe92accc6b0886bc5b689d1c6b2ff14ce511421ec4add1b5ac6d687ee4d3a1506ed64660b9280ca44de73944ef3a7897f4f786308c812506d42662f4db979284d521a8a1a80b719810e7ec48abc644c211c4368d73d3c8ac5b266d5909ab73106c5bee26d3206a61ef9b9ebaaa3b8bfbe826350d0f01889dfe40f79f5eaa21f2ad2702e7be7bc93bb6d53e2487c8c100738ff66b277617ee0ea8c3caab4a4f6f3954a12076dfd8cb289cfd0a06177c85874b0d4233af75d3acaa2db9d09de5d442d90f181cd5792fa7ebc50046334df6b9318be6b36b239e4ac2436b7f0efb61c135793b6deb2f8e285b773a2b835aa45f2e09d36a16f548af172566e2e88c55142441594eea3c538969b4e4e5a0b47f30636497730bc7137e5a6ec210875fce661163f77d5d99197840a6cd4024d74c014edfd39fb83f25e14a104b00be9feee8fe16e0bb208b36166096ab1063a659659c0f035fdc9da288d1a118770810aa89a751d9e3a8605009edb80d625f9dc059e27594c76395beaf9a5a1d8830fd1ffdf3011f985cf3348f5ca6d64142c7a584fd34b0849c595641a630e793df5b38cca58ad9c4245796e0e87195c54b165b6bf8c9bdc13e90d6fb82edc676ec98b11b584148a0019708379919791d41a27bf371e3207d814633c284caf0203010001a3633061300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0301f0603551d23041830168014ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0300d06092a864886f70d01010c050003820201008325ede8d1fd9552cd9ec004a09169e65cd084dedcada24fe84778d66598a95ba83c877c028ad16eb71673e65fc05498d574bec1cde21191ad23183ddde1724496b4955ec07b8e99781643135657b3a2b33bb577dc4072aca3eb9b353eb10821a1e7c443377932beb5e79c2c4cbc4329998e30d3ac21e0e31dfad80733765400222ab94d202e7068dae553fc835cd39df2ff440c4466f2d2e3bd46001a6d02ba255d8da13151dd54461c4ddb9996ef1a1c045ca615ef78e079fe5ddb3eaa4c55fd9a15a96fe1a6fbdf7030e9c3ee4246edc2930589fa7d637b3fd071817c00e898ae0e7834c325fbaf0a9f206bdd3b138f128ce2411a487a73a07769c7b65c7f82c81efe581b282ba86cad5e6dc005d27bb7eb80fe2537fe029b68ac425dc3eef5ccdcf05075d236699ce67b04df6e0669b6de0a09485987eb7b14607a64aa6943ef91c74cec18dd6cef532d8c99e15ef2723ecf54c8bd67eca40f4c45ffd3b93023074c8f10bf8696d9995ab499571ca4ccbb158953ba2c050fe4c49e19b11834d54c9dbaedf71faf24950478a803bbee81e5da5f7c8b4aa1907425a7b33e4bc82c56bdc7c8ef38e25c92f079f79c84ba742d6101207e7ed1f24f07595f8b2d4352eb460c94e1f566477977d5545b1fad2437cb455a4ea04448c8d8b099c5158409f6d64949c065b8e61a716ea0a8f182e8453e6cd602d70a6783055ac9a410	explorer.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8094640EB5A7A1CA119C1FDDD59F810263A7FBD1\Blob = 0400000001000000100000004fdd07e4d42264391e0c3742ead1c6ae0f0000000100000030000000ea09c51d4c3a334ce4acd2bc08c6a9be352e334f45c4fccfcab63edb9f82dc87d4bd2ed2fadae11163fb954809984ff153000000010000007e000000307c301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301f06092b06010401a032010230123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000056000000305406082b0601050507030206082b06010505070303060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d0020005200360000006200000001000000200000002cabeafe37d06ca22aba7391c0033d25982952c453647349763a3ab5ad6ccf697f0000000100000016000000301406082b0601050507030306082b06010505070309140000000100000014000000ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a01d0000000100000010000000521f5c98970d19a8e515ef6eeb6d48ef7a000000010000000c000000300a06082b060105050703097e00000001000000080000000080c82b6886d7010300000001000000140000008094640eb5a7a1ca119c1fddd59f810263a7fbd1190000000100000010000000cb9dd0fceaaa492f75ce292c21bbfbdd200000000100000087050000308205833082036ba003020102020e45e6bb038333c3856548e6ff4551300d06092a864886f70d01010c0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3134313231303030303030305a170d3334313231303030303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820222300d06092a864886f70d01010105000382020f003082020a02820201009507e873ca66f9ec14ca7b3cf70d08f1b4450b2c82b448c6eb5b3cae83b841923314a46f7fe92accc6b0886bc5b689d1c6b2ff14ce511421ec4add1b5ac6d687ee4d3a1506ed64660b9280ca44de73944ef3a7897f4f786308c812506d42662f4db979284d521a8a1a80b719810e7ec48abc644c211c4368d73d3c8ac5b266d5909ab73106c5bee26d3206a61ef9b9ebaaa3b8bfbe826350d0f01889dfe40f79f5eaa21f2ad2702e7be7bc93bb6d53e2487c8c100738ff66b277617ee0ea8c3caab4a4f6f3954a12076dfd8cb289cfd0a06177c85874b0d4233af75d3acaa2db9d09de5d442d90f181cd5792fa7ebc50046334df6b9318be6b36b239e4ac2436b7f0efb61c135793b6deb2f8e285b773a2b835aa45f2e09d36a16f548af172566e2e88c55142441594eea3c538969b4e4e5a0b47f30636497730bc7137e5a6ec210875fce661163f77d5d99197840a6cd4024d74c014edfd39fb83f25e14a104b00be9feee8fe16e0bb208b36166096ab1063a659659c0f035fdc9da288d1a118770810aa89a751d9e3a8605009edb80d625f9dc059e27594c76395beaf9a5a1d8830fd1ffdf3011f985cf3348f5ca6d64142c7a584fd34b0849c595641a630e793df5b38cca58ad9c4245796e0e87195c54b165b6bf8c9bdc13e90d6fb82edc676ec98b11b584148a0019708379919791d41a27bf371e3207d814633c284caf0203010001a3633061300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0301f0603551d23041830168014ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0300d06092a864886f70d01010c050003820201008325ede8d1fd9552cd9ec004a09169e65cd084dedcada24fe84778d66598a95ba83c877c028ad16eb71673e65fc05498d574bec1cde21191ad23183ddde1724496b4955ec07b8e99781643135657b3a2b33bb577dc4072aca3eb9b353eb10821a1e7c443377932beb5e79c2c4cbc4329998e30d3ac21e0e31dfad80733765400222ab94d202e7068dae553fc835cd39df2ff440c4466f2d2e3bd46001a6d02ba255d8da13151dd54461c4ddb9996ef1a1c045ca615ef78e079fe5ddb3eaa4c55fd9a15a96fe1a6fbdf7030e9c3ee4246edc2930589fa7d637b3fd071817c00e898ae0e7834c325fbaf0a9f206bdd3b138f128ce2411a487a73a07769c7b65c7f82c81efe581b282ba86cad5e6dc005d27bb7eb80fe2537fe029b68ac425dc3eef5ccdcf05075d236699ce67b04df6e0669b6de0a09485987eb7b14607a64aa6943ef91c74cec18dd6cef532d8c99e15ef2723ecf54c8bd67eca40f4c45ffd3b93023074c8f10bf8696d9995ab499571ca4ccbb158953ba2c050fe4c49e19b11834d54c9dbaedf71faf24950478a803bbee81e5da5f7c8b4aa1907425a7b33e4bc82c56bdc7c8ef38e25c92f079f79c84ba742d6101207e7ed1f24f07595f8b2d4352eb460c94e1f566477977d5545b1fad2437cb455a4ea04448c8d8b099c5158409f6d64949c065b8e61a716ea0a8f182e8453e6cd602d70a6783055ac9a410	explorer.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8094640EB5A7A1CA119C1FDDD59F810263A7FBD1\Blob = 0f0000000100000030000000ea09c51d4c3a334ce4acd2bc08c6a9be352e334f45c4fccfcab63edb9f82dc87d4bd2ed2fadae11163fb954809984ff153000000010000007e000000307c301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301f06092b06010401a032010230123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000056000000305406082b0601050507030206082b06010505070303060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d0020005200360000006200000001000000200000002cabeafe37d06ca22aba7391c0033d25982952c453647349763a3ab5ad6ccf697f0000000100000016000000301406082b0601050507030306082b06010505070309140000000100000014000000ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a01d0000000100000010000000521f5c98970d19a8e515ef6eeb6d48ef7a000000010000000c000000300a06082b060105050703097e00000001000000080000000080c82b6886d7010300000001000000140000008094640eb5a7a1ca119c1fddd59f810263a7fbd1200000000100000087050000308205833082036ba003020102020e45e6bb038333c3856548e6ff4551300d06092a864886f70d01010c0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3134313231303030303030305a170d3334313231303030303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820222300d06092a864886f70d01010105000382020f003082020a02820201009507e873ca66f9ec14ca7b3cf70d08f1b4450b2c82b448c6eb5b3cae83b841923314a46f7fe92accc6b0886bc5b689d1c6b2ff14ce511421ec4add1b5ac6d687ee4d3a1506ed64660b9280ca44de73944ef3a7897f4f786308c812506d42662f4db979284d521a8a1a80b719810e7ec48abc644c211c4368d73d3c8ac5b266d5909ab73106c5bee26d3206a61ef9b9ebaaa3b8bfbe826350d0f01889dfe40f79f5eaa21f2ad2702e7be7bc93bb6d53e2487c8c100738ff66b277617ee0ea8c3caab4a4f6f3954a12076dfd8cb289cfd0a06177c85874b0d4233af75d3acaa2db9d09de5d442d90f181cd5792fa7ebc50046334df6b9318be6b36b239e4ac2436b7f0efb61c135793b6deb2f8e285b773a2b835aa45f2e09d36a16f548af172566e2e88c55142441594eea3c538969b4e4e5a0b47f30636497730bc7137e5a6ec210875fce661163f77d5d99197840a6cd4024d74c014edfd39fb83f25e14a104b00be9feee8fe16e0bb208b36166096ab1063a659659c0f035fdc9da288d1a118770810aa89a751d9e3a8605009edb80d625f9dc059e27594c76395beaf9a5a1d8830fd1ffdf3011f985cf3348f5ca6d64142c7a584fd34b0849c595641a630e793df5b38cca58ad9c4245796e0e87195c54b165b6bf8c9bdc13e90d6fb82edc676ec98b11b584148a0019708379919791d41a27bf371e3207d814633c284caf0203010001a3633061300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0301f0603551d23041830168014ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0300d06092a864886f70d01010c050003820201008325ede8d1fd9552cd9ec004a09169e65cd084dedcada24fe84778d66598a95ba83c877c028ad16eb71673e65fc05498d574bec1cde21191ad23183ddde1724496b4955ec07b8e99781643135657b3a2b33bb577dc4072aca3eb9b353eb10821a1e7c443377932beb5e79c2c4cbc4329998e30d3ac21e0e31dfad80733765400222ab94d202e7068dae553fc835cd39df2ff440c4466f2d2e3bd46001a6d02ba255d8da13151dd54461c4ddb9996ef1a1c045ca615ef78e079fe5ddb3eaa4c55fd9a15a96fe1a6fbdf7030e9c3ee4246edc2930589fa7d637b3fd071817c00e898ae0e7834c325fbaf0a9f206bdd3b138f128ce2411a487a73a07769c7b65c7f82c81efe581b282ba86cad5e6dc005d27bb7eb80fe2537fe029b68ac425dc3eef5ccdcf05075d236699ce67b04df6e0669b6de0a09485987eb7b14607a64aa6943ef91c74cec18dd6cef532d8c99e15ef2723ecf54c8bd67eca40f4c45ffd3b93023074c8f10bf8696d9995ab499571ca4ccbb158953ba2c050fe4c49e19b11834d54c9dbaedf71faf24950478a803bbee81e5da5f7c8b4aa1907425a7b33e4bc82c56bdc7c8ef38e25c92f079f79c84ba742d6101207e7ed1f24f07595f8b2d4352eb460c94e1f566477977d5545b1fad2437cb455a4ea04448c8d8b099c5158409f6d64949c065b8e61a716ea0a8f182e8453e6cd602d70a6783055ac9a410	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8	170e58ad15c295b733caca94b3737c7a7e145562bec4c940dd9030e7bf2cb9a6.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b8200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82	170e58ad15c295b733caca94b3737c7a7e145562bec4c940dd9030e7bf2cb9a6.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 040000000100000010000000e94fb54871208c00df70f708ac47085b0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b81900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b4200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 5c0000000100000004000000001000001900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c040000000100000010000000e94fb54871208c00df70f708ac47085b200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8094640EB5A7A1CA119C1FDDD59F810263A7FBD1	explorer.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4692	setup.exe
4692	setup.exe
4692	setup.exe
4692	setup.exe
1780	browser.exe
1780	browser.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1780	browser.exe
1780	browser.exe
1780	browser.exe
1780	browser.exe
1780	browser.exe
1780	browser.exe
1780	browser.exe

Suspicious use of AdjustPrivilegeToken 40 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1780	browser.exe
Token: SeCreatePagefilePrivilege	1780	browser.exe
Token: SeShutdownPrivilege	1780	browser.exe
Token: SeCreatePagefilePrivilege	1780	browser.exe
Token: SeShutdownPrivilege	1780	browser.exe
Token: SeCreatePagefilePrivilege	1780	browser.exe
Token: SeShutdownPrivilege	1780	browser.exe
Token: SeCreatePagefilePrivilege	1780	browser.exe
Token: SeShutdownPrivilege	1780	browser.exe
Token: SeCreatePagefilePrivilege	1780	browser.exe
Token: SeShutdownPrivilege	1780	browser.exe
Token: SeCreatePagefilePrivilege	1780	browser.exe
Token: SeShutdownPrivilege	1780	browser.exe
Token: SeCreatePagefilePrivilege	1780	browser.exe
Token: SeShutdownPrivilege	1780	browser.exe
Token: SeCreatePagefilePrivilege	1780	browser.exe
Token: SeShutdownPrivilege	1780	browser.exe
Token: SeCreatePagefilePrivilege	1780	browser.exe
Token: SeShutdownPrivilege	1780	browser.exe
Token: SeCreatePagefilePrivilege	1780	browser.exe
Token: SeShutdownPrivilege	1780	browser.exe
Token: SeCreatePagefilePrivilege	1780	browser.exe
Token: SeShutdownPrivilege	1780	browser.exe
Token: SeCreatePagefilePrivilege	1780	browser.exe
Token: SeShutdownPrivilege	1780	browser.exe
Token: SeCreatePagefilePrivilege	1780	browser.exe
Token: SeShutdownPrivilege	1780	browser.exe
Token: SeCreatePagefilePrivilege	1780	browser.exe
Token: SeShutdownPrivilege	1780	browser.exe
Token: SeCreatePagefilePrivilege	1780	browser.exe
Token: SeShutdownPrivilege	1780	browser.exe
Token: SeCreatePagefilePrivilege	1780	browser.exe
Token: SeShutdownPrivilege	1780	browser.exe
Token: SeCreatePagefilePrivilege	1780	browser.exe
Token: SeShutdownPrivilege	1780	browser.exe
Token: SeCreatePagefilePrivilege	1780	browser.exe
Token: SeShutdownPrivilege	1780	browser.exe
Token: SeCreatePagefilePrivilege	1780	browser.exe
Token: SeShutdownPrivilege	1780	browser.exe
Token: SeCreatePagefilePrivilege	1780	browser.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
512	170e58ad15c295b733caca94b3737c7a7e145562bec4c940dd9030e7bf2cb9a6.exe
5276	explorer.exe
5820	explorer.exe
1780	browser.exe
1780	browser.exe
1780	browser.exe
1780	browser.exe
1780	browser.exe
1780	browser.exe
1780	browser.exe
1780	browser.exe
1780	browser.exe
1780	browser.exe
1780	browser.exe
1780	browser.exe
1780	browser.exe
1780	browser.exe
1780	browser.exe
1780	browser.exe
1780	browser.exe
1780	browser.exe
1780	browser.exe
1780	browser.exe
1780	browser.exe
1780	browser.exe
1780	browser.exe
1780	browser.exe
1780	browser.exe
1780	browser.exe
1780	browser.exe
1780	browser.exe
1780	browser.exe
1780	browser.exe
1780	browser.exe
1780	browser.exe
1780	browser.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1780	browser.exe
1780	browser.exe
1780	browser.exe
1780	browser.exe
1780	browser.exe
1780	browser.exe
1780	browser.exe
1780	browser.exe
1780	browser.exe
1780	browser.exe
1780	browser.exe
1780	browser.exe
1780	browser.exe
1780	browser.exe
1780	browser.exe
1780	browser.exe
1780	browser.exe
1780	browser.exe
1780	browser.exe
1780	browser.exe
1780	browser.exe
1780	browser.exe
1780	browser.exe
1780	browser.exe
1780	browser.exe
1780	browser.exe
1780	browser.exe
1780	browser.exe
1780	browser.exe
1780	browser.exe
1780	browser.exe
1780	browser.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
512	170e58ad15c295b733caca94b3737c7a7e145562bec4c940dd9030e7bf2cb9a6.exe
1780	browser.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 512 wrote to memory of 4492	512	170e58ad15c295b733caca94b3737c7a7e145562bec4c940dd9030e7bf2cb9a6.exe	91
PID 512 wrote to memory of 4492	512	170e58ad15c295b733caca94b3737c7a7e145562bec4c940dd9030e7bf2cb9a6.exe	91
PID 512 wrote to memory of 4492	512	170e58ad15c295b733caca94b3737c7a7e145562bec4c940dd9030e7bf2cb9a6.exe	91
PID 4492 wrote to memory of 2480	4492	170e58ad15c295b733caca94b3737c7a7e145562bec4c940dd9030e7bf2cb9a6.exe	105
PID 4492 wrote to memory of 2480	4492	170e58ad15c295b733caca94b3737c7a7e145562bec4c940dd9030e7bf2cb9a6.exe	105
PID 2480 wrote to memory of 4204	2480	yb5436.tmp	106
PID 2480 wrote to memory of 4204	2480	yb5436.tmp	106
PID 4204 wrote to memory of 4692	4204	setup.exe	107
PID 4204 wrote to memory of 4692	4204	setup.exe	107
PID 4692 wrote to memory of 2428	4692	setup.exe	108
PID 4692 wrote to memory of 2428	4692	setup.exe	108
PID 4692 wrote to memory of 4992	4692	setup.exe	110
PID 4692 wrote to memory of 4992	4692	setup.exe	110
PID 4992 wrote to memory of 4724	4992	service_update.exe	111
PID 4992 wrote to memory of 4724	4992	service_update.exe	111
PID 1148 wrote to memory of 2992	1148	service_update.exe	113
PID 1148 wrote to memory of 2992	1148	service_update.exe	113
PID 1148 wrote to memory of 4828	1148	service_update.exe	114
PID 1148 wrote to memory of 4828	1148	service_update.exe	114
PID 4828 wrote to memory of 4756	4828	service_update.exe	115
PID 4828 wrote to memory of 4756	4828	service_update.exe	115
PID 4692 wrote to memory of 5276	4692	setup.exe	116
PID 4692 wrote to memory of 5276	4692	setup.exe	116
PID 5276 wrote to memory of 5312	5276	explorer.exe	118
PID 5276 wrote to memory of 5312	5276	explorer.exe	118
PID 4692 wrote to memory of 5704	4692	setup.exe	120
PID 4692 wrote to memory of 5704	4692	setup.exe	120
PID 4692 wrote to memory of 5704	4692	setup.exe	120
PID 5704 wrote to memory of 5820	5704	Yandex.exe	121
PID 5704 wrote to memory of 5820	5704	Yandex.exe	121
PID 5704 wrote to memory of 5820	5704	Yandex.exe	121
PID 4692 wrote to memory of 6008	4692	setup.exe	123
PID 4692 wrote to memory of 6008	4692	setup.exe	123
PID 4692 wrote to memory of 6008	4692	setup.exe	123
PID 4692 wrote to memory of 6080	4692	setup.exe	125
PID 4692 wrote to memory of 6080	4692	setup.exe	125
PID 4692 wrote to memory of 6080	4692	setup.exe	125
PID 1780 wrote to memory of 772	1780	browser.exe	128
PID 1780 wrote to memory of 772	1780	browser.exe	128
PID 1780 wrote to memory of 1692	1780	browser.exe	129
PID 1780 wrote to memory of 1692	1780	browser.exe	129
PID 1780 wrote to memory of 1692	1780	browser.exe	129
PID 1780 wrote to memory of 1692	1780	browser.exe	129
PID 1780 wrote to memory of 1692	1780	browser.exe	129
PID 1780 wrote to memory of 1692	1780	browser.exe	129
PID 1780 wrote to memory of 1692	1780	browser.exe	129
PID 1780 wrote to memory of 1692	1780	browser.exe	129
PID 1780 wrote to memory of 1692	1780	browser.exe	129
PID 1780 wrote to memory of 1692	1780	browser.exe	129
PID 1780 wrote to memory of 1692	1780	browser.exe	129
PID 1780 wrote to memory of 1692	1780	browser.exe	129
PID 1780 wrote to memory of 1692	1780	browser.exe	129
PID 1780 wrote to memory of 1692	1780	browser.exe	129
PID 1780 wrote to memory of 1692	1780	browser.exe	129
PID 1780 wrote to memory of 1692	1780	browser.exe	129
PID 1780 wrote to memory of 1692	1780	browser.exe	129
PID 1780 wrote to memory of 1692	1780	browser.exe	129
PID 1780 wrote to memory of 1692	1780	browser.exe	129
PID 1780 wrote to memory of 1692	1780	browser.exe	129
PID 1780 wrote to memory of 1692	1780	browser.exe	129
PID 1780 wrote to memory of 1692	1780	browser.exe	129
PID 1780 wrote to memory of 1692	1780	browser.exe	129
PID 1780 wrote to memory of 1692	1780	browser.exe	129
PID 1780 wrote to memory of 1692	1780	browser.exe	129

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\170e58ad15c295b733caca94b3737c7a7e145562bec4c940dd9030e7bf2cb9a6.exe
"C:\Users\Admin\AppData\Local\Temp\170e58ad15c295b733caca94b3737c7a7e145562bec4c940dd9030e7bf2cb9a6.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Modifies system certificate store
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:512
- C:\Users\Admin\AppData\Local\Temp\170e58ad15c295b733caca94b3737c7a7e145562bec4c940dd9030e7bf2cb9a6.exe
  "C:\Users\Admin\AppData\Local\Temp\170e58ad15c295b733caca94b3737c7a7e145562bec4c940dd9030e7bf2cb9a6.exe" --parent-installer-process-id=512 --run-as-admin --setup-cmd-line="fake_browser_arc --abt-config-resource-file=\"C:\Users\Admin\AppData\Local\Temp\abt_config_resource\" --abt-update-path=\"C:\Users\Admin\AppData\Local\Temp\ff76be42-4086-4c91-826b-f794d9f64043.tmp\" --brand-name=yandex --browser-present=none --distr-info-file=\"C:\Users\Admin\AppData\Local\Temp\distrib_info\" --installer-brand-id=yandex --installer-partner-id=exp_firstscreen_2 --make-browser-default-after-import --progress-window=458858 --send-statistics --testids=1045949 --variations-update-path=\"C:\Users\Admin\AppData\Local\Temp\aca46082-b1f6-4332-8f1f-0bb28930eaaf.tmp\" --verbose-logging"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:4492
- - C:\Users\Admin\AppData\Local\Temp\yb5436.tmp
    "C:\Users\Admin\AppData\Local\Temp\yb5436.tmp" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\ff76be42-4086-4c91-826b-f794d9f64043.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --browser-present=none --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=23 --install-start-time-no-uac=525657368 --installer-brand-id=yandex --installer-partner-id=exp_firstscreen_2 --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --make-browser-default-after-import --partner-package="C:\Users\Admin\AppData\Local\Temp\PartnerFile" --progress-window=458858 --send-statistics --source=lite --testids=1045949 --variations-update-path="C:\Users\Admin\AppData\Local\Temp\aca46082-b1f6-4332-8f1f-0bb28930eaaf.tmp" --verbose-logging
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:2480
  - - C:\Users\Admin\AppData\Local\Temp\YB_793E5.tmp\setup.exe
      "C:\Users\Admin\AppData\Local\Temp\YB_793E5.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_793E5.tmp\BROWSER.PACKED.7Z" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\ff76be42-4086-4c91-826b-f794d9f64043.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --browser-present=none --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=23 --install-start-time-no-uac=525657368 --installer-brand-id=yandex --installer-partner-id=exp_firstscreen_2 --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --make-browser-default-after-import --partner-package="C:\Users\Admin\AppData\Local\Temp\PartnerFile" --progress-window=458858 --send-statistics --source=lite --testids=1045949 --variations-update-path="C:\Users\Admin\AppData\Local\Temp\aca46082-b1f6-4332-8f1f-0bb28930eaaf.tmp" --verbose-logging
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:4204
    - - C:\Users\Admin\AppData\Local\Temp\YB_793E5.tmp\setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\YB_793E5.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_793E5.tmp\BROWSER.PACKED.7Z" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\ff76be42-4086-4c91-826b-f794d9f64043.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --browser-present=none --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=23 --install-start-time-no-uac=525657368 --installer-brand-id=yandex --installer-partner-id=exp_firstscreen_2 --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --make-browser-default-after-import --partner-package="C:\Users\Admin\AppData\Local\Temp\PartnerFile" --progress-window=458858 --send-statistics --source=lite --testids=1045949 --variations-update-path="C:\Users\Admin\AppData\Local\Temp\aca46082-b1f6-4332-8f1f-0bb28930eaaf.tmp" --verbose-logging --verbose-logging --run-as-admin --target-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application" --child-setup-process --restart-as-admin-time=560141762
        5⤵
        Executes dropped EXE
        Modifies registry class
        Modifies system certificate store
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:4692
      - C:\Users\Admin\AppData\Local\Temp\YB_793E5.tmp\setup.exe
        
        C:\Users\Admin\AppData\Local\Temp\YB_793E5.tmp\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=488dca4c15f9a1d330ad312b391a804e --annotation=main_process_pid=4692 --annotation=plat=Win64 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.7.1.1076 --initial-client-data=0x294,0x298,0x29c,0x270,0x2a0,0x7ff754d4d728,0x7ff754d4d734,0x7ff754d4d740
        6⤵
        Executes dropped EXE
        
        PID:2428
      - C:\Windows\TEMP\sdwra_4692_1464962284\service_update.exe
        
        "C:\Windows\TEMP\sdwra_4692_1464962284\service_update.exe" --setup
        6⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in Program Files directory
        Suspicious use of WriteProcessMemory
        
        PID:4992
        
        C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1076\service_update.exe
        
        "C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1076\service_update.exe" --install
        7⤵
        Executes dropped EXE
        
        PID:4724
      - C:\Users\Admin\AppData\Local\Temp\YB_793E5.tmp\Temp\scoped_dir4692_2060137206\explorer.exe
        
        "C:\Users\Admin\AppData\Local\Temp\YB_793E5.tmp\Temp\scoped_dir4692_2060137206\explorer.exe" --pttw1="C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex.lnk"
        6⤵
        Checks computer location settings
        Executes dropped EXE
        Modifies registry class
        Modifies system certificate store
        Suspicious use of FindShellTrayWindow
        Suspicious use of WriteProcessMemory
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\YB_793E5.tmp\Temp\scoped_dir4692_2060137206\explorer.exe
        
        C:\Users\Admin\AppData\Local\Temp\YB_793E5.tmp\Temp\scoped_dir4692_2060137206\explorer.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=488dca4c15f9a1d330ad312b391a804e --annotation=main_process_pid=5276 --annotation=plat=Win64 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.7.1.1076 --initial-client-data=0x288,0x28c,0x290,0x264,0x294,0x7ff7be53d728,0x7ff7be53d734,0x7ff7be53d740
        7⤵
        Executes dropped EXE
        
        PID:5312
      - C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe
        
        C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe --silent
        6⤵
        Checks computer location settings
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\pin\explorer.exe
        
        C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe --silent /pin-path="C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.lnk" --is-pinning
        7⤵
        Checks computer location settings
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        
        PID:5820
      - C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
        
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Temp\clids.xml"
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:6008
      - C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
        
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\source4692_504049281\Browser-bin\clids_yandex.xml"
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:6080

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4048,i,10597648459838880772,16562651767759956329,262144 --variations-seed-version --mojo-platform-channel-handle=3804 /prefetch:8
1⤵
PID:1016

C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1076\service_update.exe
"C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1076\service_update.exe" --run-as-service
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies data under HKEY_USERS
- Suspicious use of WriteProcessMemory
PID:1148
- C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1076\service_update.exe
  "C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1076\service_update.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=488dca4c15f9a1d330ad312b391a804e --annotation=main_process_pid=1148 --annotation=plat=Win64 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.7.1.1076 --initial-client-data=0x20c,0x210,0x214,0x1e8,0x218,0x7ff7697a8b00,0x7ff7697a8b0c,0x7ff7697a8b18
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1076\service_update.exe
  "C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1076\service_update.exe" --update-scheduler
  2⤵
  - Executes dropped EXE
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:4828
- - C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1076\service_update.exe
    "C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1076\service_update.exe" --update-background-scheduler
    3⤵
    - Executes dropped EXE
    - Drops file in Windows directory
    PID:4756

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --progress-window=458858 --install-start-time-no-uac=525657368
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Checks system information in the registry
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1780
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id= --annotation=main_process_pid=1780 --annotation=metrics_client_id=7009f952625e45eb9cccded36543ee6b --annotation=plat=Win64 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.7.1.1076 --initial-client-data=0x13c,0x140,0x144,0x118,0x148,0x7ff962a1cf90,0x7ff962a1cf9c,0x7ff962a1cfa8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:772
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=4303D519-17FA-4641-A04C-B5B1DF8359B2 --brand-id=yandex --partner-id=exp_firstscreen_2 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --gpu-process-kind=sandboxed --field-trial-handle=2388,i,7382963703331391105,18105471214897633373,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2384 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1692
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=4303D519-17FA-4641-A04C-B5B1DF8359B2 --brand-id=yandex --partner-id=exp_firstscreen_2 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=disabled --gpu-process-kind=trampoline --field-trial-handle=2084,i,7382963703331391105,18105471214897633373,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2544 /prefetch:6
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5532
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=4303D519-17FA-4641-A04C-B5B1DF8359B2 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Network Service" --field-trial-handle=2624,i,7382963703331391105,18105471214897633373,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3508 --brver=24.7.1.1076 /prefetch:3
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5600
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=ru --service-sandbox-type=service --user-id=4303D519-17FA-4641-A04C-B5B1DF8359B2 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Storage Service" --field-trial-handle=2652,i,7382963703331391105,18105471214897633373,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3792 --brver=24.7.1.1076 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5072
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=4303D519-17FA-4641-A04C-B5B1DF8359B2 --brand-id=yandex --partner-id=exp_firstscreen_2 --extension-process --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --allow-prefetch --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3996,i,7382963703331391105,18105471214897633373,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3984 /prefetch:2
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5736
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=ru --service-sandbox-type=audio --user-id=4303D519-17FA-4641-A04C-B5B1DF8359B2 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Audio Service" --field-trial-handle=3128,i,7382963703331391105,18105471214897633373,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4052 --brver=24.7.1.1076 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5756
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=ru --service-sandbox-type=none --user-id=4303D519-17FA-4641-A04C-B5B1DF8359B2 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Video Capture" --field-trial-handle=3136,i,7382963703331391105,18105471214897633373,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4184 --brver=24.7.1.1076 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5792
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=4303D519-17FA-4641-A04C-B5B1DF8359B2 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=3428,i,7382963703331391105,18105471214897633373,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4308 --brver=24.7.1.1076 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5804
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=4303D519-17FA-4641-A04C-B5B1DF8359B2 --brand-id=yandex --partner-id=exp_firstscreen_2 --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --allow-prefetch --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3036,i,7382963703331391105,18105471214897633373,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3132 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1676
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=ru --service-sandbox-type=none --user-id=4303D519-17FA-4641-A04C-B5B1DF8359B2 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Импорт профилей" --field-trial-handle=5092,i,7382963703331391105,18105471214897633373,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5116 --brver=24.7.1.1076 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5432
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.7.1.1076\Installer\setup.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.7.1.1076\Installer\setup.exe" --set-as-default-browser
  2⤵
  - Executes dropped EXE
  - Modifies registry class
  PID:6808
- - C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.7.1.1076\Installer\setup.exe
    C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.7.1.1076\Installer\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=488dca4c15f9a1d330ad312b391a804e --annotation=main_process_pid=6808 --annotation=plat=Win64 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.7.1.1076 --initial-client-data=0x28c,0x290,0x294,0x268,0x298,0x7ff7ca4ed728,0x7ff7ca4ed734,0x7ff7ca4ed740
    3⤵
    - Executes dropped EXE
    PID:2524
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=4303D519-17FA-4641-A04C-B5B1DF8359B2 --brand-id=yandex --partner-id=exp_firstscreen_2 --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5480,i,7382963703331391105,18105471214897633373,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:6548
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=4303D519-17FA-4641-A04C-B5B1DF8359B2 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=5684,i,7382963703331391105,18105471214897633373,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5692 --brver=24.7.1.1076 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:6096
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=ru --service-sandbox-type=none --user-id=4303D519-17FA-4641-A04C-B5B1DF8359B2 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Утилиты Windows" --field-trial-handle=4396,i,7382963703331391105,18105471214897633373,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4720 --brver=24.7.1.1076 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2296
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=uwp_cookie_provider.mojom.UwpCookieProvider --lang=ru --service-sandbox-type=utility --user-id=4303D519-17FA-4641-A04C-B5B1DF8359B2 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name=uwp_cookie_provider.mojom.UwpCookieProvider --field-trial-handle=5936,i,7382963703331391105,18105471214897633373,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=6216 --brver=24.7.1.1076 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1432
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=4303D519-17FA-4641-A04C-B5B1DF8359B2 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=4720,i,7382963703331391105,18105471214897633373,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5892 --brver=24.7.1.1076 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2420
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=4303D519-17FA-4641-A04C-B5B1DF8359B2 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=5044,i,7382963703331391105,18105471214897633373,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5056 --brver=24.7.1.1076 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:6472
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=4303D519-17FA-4641-A04C-B5B1DF8359B2 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=5644,i,7382963703331391105,18105471214897633373,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5012 --brver=24.7.1.1076 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:6516
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=4303D519-17FA-4641-A04C-B5B1DF8359B2 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=6348,i,7382963703331391105,18105471214897633373,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5036 --brver=24.7.1.1076 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:6640
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=4303D519-17FA-4641-A04C-B5B1DF8359B2 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=6340,i,7382963703331391105,18105471214897633373,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=6584 --brver=24.7.1.1076 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:6960
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=4303D519-17FA-4641-A04C-B5B1DF8359B2 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=6756,i,7382963703331391105,18105471214897633373,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=6524 --brver=24.7.1.1076 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:6984
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=4303D519-17FA-4641-A04C-B5B1DF8359B2 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=6752,i,7382963703331391105,18105471214897633373,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=6516 --brver=24.7.1.1076 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:7000
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=4303D519-17FA-4641-A04C-B5B1DF8359B2 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=6748,i,7382963703331391105,18105471214897633373,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=6800 --brver=24.7.1.1076 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:7024
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=4303D519-17FA-4641-A04C-B5B1DF8359B2 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=6512,i,7382963703331391105,18105471214897633373,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=6612 --brver=24.7.1.1076 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:7048
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=4303D519-17FA-4641-A04C-B5B1DF8359B2 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=6508,i,7382963703331391105,18105471214897633373,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=6960 --brver=24.7.1.1076 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:7068
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=4303D519-17FA-4641-A04C-B5B1DF8359B2 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=6500,i,7382963703331391105,18105471214897633373,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=7224 --brver=24.7.1.1076 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:7084
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=4303D519-17FA-4641-A04C-B5B1DF8359B2 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=7404,i,7382963703331391105,18105471214897633373,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=7420 --brver=24.7.1.1076 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:6888
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=4303D519-17FA-4641-A04C-B5B1DF8359B2 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=7408,i,7382963703331391105,18105471214897633373,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=7484 --brver=24.7.1.1076 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4832
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=4303D519-17FA-4641-A04C-B5B1DF8359B2 --brand-id=yandex --partner-id=exp_firstscreen_2 --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --ya-custo-process --enable-instaserp --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=7396,i,7382963703331391105,18105471214897633373,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3520 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  PID:6504
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=4303D519-17FA-4641-A04C-B5B1DF8359B2 --brand-id=yandex --partner-id=exp_firstscreen_2 --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --ya-custo-process --enable-instaserp --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=7768,i,7382963703331391105,18105471214897633373,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3552 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  PID:5684
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=4303D519-17FA-4641-A04C-B5B1DF8359B2 --brand-id=yandex --partner-id=exp_firstscreen_2 --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=4048,i,7382963703331391105,18105471214897633373,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3692 /prefetch:1
  2⤵
  PID:6988
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=4303D519-17FA-4641-A04C-B5B1DF8359B2 --brand-id=yandex --partner-id=exp_firstscreen_2 --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=4120,i,7382963703331391105,18105471214897633373,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=6032 /prefetch:1
  2⤵
  PID:6188
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=ru --service-sandbox-type=none --user-id=4303D519-17FA-4641-A04C-B5B1DF8359B2 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Утилиты Windows" --field-trial-handle=3524,i,7382963703331391105,18105471214897633373,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=7892 --brver=24.7.1.1076 /prefetch:8
  2⤵
  PID:5976
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=ru --service-sandbox-type=none --user-id=4303D519-17FA-4641-A04C-B5B1DF8359B2 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Утилиты Windows" --field-trial-handle=7928,i,7382963703331391105,18105471214897633373,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=7904 --brver=24.7.1.1076 /prefetch:8
  2⤵
  PID:6824
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=4303D519-17FA-4641-A04C-B5B1DF8359B2 --brand-id=yandex --partner-id=exp_firstscreen_2 --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=8072,i,7382963703331391105,18105471214897633373,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=8068 /prefetch:1
  2⤵
  PID:2932
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=uwp_cookie_provider.mojom.UwpCookieProvider --lang=ru --service-sandbox-type=utility --user-id=4303D519-17FA-4641-A04C-B5B1DF8359B2 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name=uwp_cookie_provider.mojom.UwpCookieProvider --field-trial-handle=7992,i,7382963703331391105,18105471214897633373,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=6328 --brver=24.7.1.1076 /prefetch:8
  2⤵
  PID:2744
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=ru --service-sandbox-type=none --user-id=4303D519-17FA-4641-A04C-B5B1DF8359B2 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Импорт профилей" --field-trial-handle=8096,i,7382963703331391105,18105471214897633373,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4016 --brver=24.7.1.1076 /prefetch:8
  2⤵
  PID:7164
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=ru --service-sandbox-type=none --user-id=4303D519-17FA-4641-A04C-B5B1DF8359B2 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Импорт профилей" --field-trial-handle=4024,i,7382963703331391105,18105471214897633373,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=1076 --brver=24.7.1.1076 /prefetch:8
  2⤵
  PID:4316
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=ru --service-sandbox-type=none --user-id=4303D519-17FA-4641-A04C-B5B1DF8359B2 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Импорт профилей" --field-trial-handle=1088,i,7382963703331391105,18105471214897633373,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4156 --brver=24.7.1.1076 /prefetch:8
  2⤵
  PID:5784
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=service --user-id=4303D519-17FA-4641-A04C-B5B1DF8359B2 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Распаковщик файлов" --field-trial-handle=276,i,7382963703331391105,18105471214897633373,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=1184 --brver=24.7.1.1076 /prefetch:8
  2⤵
  PID:7112
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=ru --service-sandbox-type=none --user-id=4303D519-17FA-4641-A04C-B5B1DF8359B2 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Импорт профилей" --field-trial-handle=6324,i,7382963703331391105,18105471214897633373,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=7920 --brver=24.7.1.1076 /prefetch:8
  2⤵
  PID:6996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4408,i,10597648459838880772,16562651767759956329,262144 --variations-seed-version --mojo-platform-channel-handle=1032 /prefetch:8
1⤵
PID:6756

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --broupdater --broupdater-origin=auto --bits_job_guid={678A6FF8-C393-4836-B51C-AAE97FF6A0DE}
1⤵
- Executes dropped EXE
- Checks system information in the registry
- Enumerates system info in registry
PID:6664
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" --url=https://crash-reports.browser.yandex.net/submit --annotation=install_date=1724264817 --annotation=last_update_date=1724264817 --annotation=launches_after_update=1 --annotation=machine_id=488dca4c15f9a1d330ad312b391a804e --annotation=main_process_pid=6664 --annotation=metrics_client_id=7009f952625e45eb9cccded36543ee6b --annotation=micromode=broupdater --annotation=plat=Win64 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.7.1.1076 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ff962a1cf90,0x7ff962a1cf9c,0x7ff962a1cfa8
  2⤵
  - Executes dropped EXE
  PID:6056
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=4303D519-17FA-4641-A04C-B5B1DF8359B2 --brand-id=yandex --partner-id=exp_firstscreen_2 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --gpu-process-kind=sandboxed --field-trial-handle=2412,i,13237854641194613164,1183684635066440013,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2404 /prefetch:2
  2⤵
  PID:6168
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=4303D519-17FA-4641-A04C-B5B1DF8359B2 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Network Service" --field-trial-handle=2192,i,13237854641194613164,1183684635066440013,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2508 --brver=24.7.1.1076 /prefetch:3
  2⤵
  PID:536

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
1KB

MD5
98f60a3c77d3a154168503e7d9f4cc44

SHA1
2f8346b0e7af27cfaef77c637f687c2c818e05f2

SHA256
eacc77afb57ce0cd8a9d274b071ff20602ac9ee7cf619edc545a85ab02e873b2

SHA512
101d2767b6c66da1402bf3043679399e142a38b9f9d0c180a7ca74e8e031b0a0a7746dd6902e2f9e41be0c1afe9909ffa5ed4e3f1342688f083ead37f962fda0

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
2KB

MD5
036c2b519013254dfafc0a77e96de8bf

SHA1
21d8556b9c6ac8b13141b0a3bd9a8ae39131890b

SHA256
d3017e3be0ccc66276f28b492a916a142307d08c64b60ba9ca888630bbb20b96

SHA512
2870eb56b080f6c1b8b10e8621ae4966de45752c5c3dc4bafbc1cdff72b2da01ab0d861478fa0954485bf8276da991e82ffcaea6b85016c5ce124e79e9610c36

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
2KB

MD5
ffd06928017ea28b79620c1d0e986d2b

SHA1
8ac58d5972a826ea59244017b6243784e56c20c9

SHA256
86029f4d3478f4577ce6a0271578a7c3e82b75663541bc37078778fc5fd59cb8

SHA512
dc0445d838df574e0caa3e5af5401763069bb62ae03c39cb315767129abcd9ece2d637794fa420783b8c9be8f3acc6092fc7ee2804c1c6d7f29ffabe51e75b1b

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
3KB

MD5
b99e404bfb29c23ad3976e5b57902149

SHA1
cb313fc231ce8fb68a34d4deb2a5c648c00a5115

SHA256
1d157a35a94bfa3157347009c5af41c0f1d6288dbed3c75126f17125c54e6aae

SHA512
7752627ce2de2e472f0786a2117b2f376f9f4e25b579d8fcc8cee20f5c76f77551abbfeb60cdbb5485577930e9417ac4e9ae82db052a521b78ea731b097c5f95

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
3KB

MD5
9a5df5641da47cd808dd56b2f23c8ff1

SHA1
7d477ac7ebbede38d4262d1fff5e998e82fb7d43

SHA256
51e5b0aaa2a91c23ec943de8130cbfcc1383641d5b1541fb688c293db64fe881

SHA512
da88b214e87f986581dad37671cb8c55299810b7bd622e00de1c1f868812bc3c95cd3bdebf52b03b216a7c9e91928a931befb80de5007393a7f3519b90960f59

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
4KB

MD5
ee94fdc73b935945edda3d1a1710346f

SHA1
699d4e45ec38c05d994f6e7c283e04b321d6c10c

SHA256
4ac9ac9f9727df5346ebbe4c34e9559c9f647dbe91f6ee63eae62e8f6918b531

SHA512
c4f4997d28f9c81bb5a7801b732bc92be40f999cedcd7434b54023ad77fc547b5e513775b80c86c39bef5b8572b05178dabebb977e7aeed208d69aa4b687bdea

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
5KB

MD5
758ea75e2f2a43a7eaba72d8fb561905

SHA1
6af4dcfb7f6fc6c58423c46873b748fe57277159

SHA256
1bd3622287a2d9cb991e1c31a7a7822979c7af64d4ab4de2acbb255a24b00dbb

SHA512
69d85f4e72efd1a46de06b9f1a710b70413f09efe6684ddd9913bd9c073caf2811e0cb8ea892e8333d8afff6234176b341ab02ee2af86b26e2aa00dca593df6f

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
6KB

MD5
f51d38f2bf970b74534a82ec6bf90b5c

SHA1
062e6f9dc2223c744d050443f9b56cd04890b01e

SHA256
fbcbfbec80991861fc0b3debf79832a32390d696994cd11bf54d619595e63338

SHA512
d77a336eda7db5478ca3ea3ae969d71d044bb0157e60b0c30c8cfe564c449a472a87c2b34c18350874df7c678fd17da2af2e84a10245284754a00fd127f1d118

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_D94F4A82266DCEDAC0F3F1BFD0843F4D

Filesize
2KB

MD5
70b68b65b21c6b0b71d16a2981101104

SHA1
a72943744e0da0c09925cc75740fa6d02f3b4679

SHA256
49d4d04948cb028821ae2a08c526a53ac53cc5cd954f73c95364898482d118aa

SHA512
7bf623cb0428edf253fb1293747f86538df25b79c58c447d79d9d6806482d722707e9f4ab78d1340f4254010348e5cff670d7d5c90a8a781b0c53a961137363a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B

Filesize
1KB

MD5
065d55e18cf1858b439b42c74bc29a45

SHA1
d029f0fd2984b8a91109662ccffce2224a2dd744

SHA256
2b5044503e1639fdb206a1a5d6148555e568e4e0df3d979c6f81e8f9600d57c3

SHA512
f4be7a5fd0b283745123c86f6ff2baa6af8e731e430b880dea964a36983b5e47906a067193cfadd2a3a357958733a3049615ab4eb8607275f8a3d3b0d9241a8a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\140D9F340B6DC510C8D6D2E269E09CB5

Filesize
752B

MD5
c4bc98cb73f2b7cd34735292df126ea0

SHA1
d644a6e6f521135267f946fcbf002a6e5d8ea993

SHA256
e5111db854f31bab2d473648308dc3df1ec21df70b8086162ce29613a24d7cdb

SHA512
44e02e800fcd3849290a1b4dc869fbd947c8b1ff1549b602c3f3bbd6c452d85b7ddf1876bb45b72134b991b0b2e6edae4e395f102c6cdab91035e7d112a477bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\349D186F1CB5682FA0194D4F3754EF36_329286CE101A90C7D927A9DF52224760

Filesize
1KB

MD5
b485e378db43269b8fe4413ba60d193b

SHA1
074da3de286ce25c849918302ea518ac35eaeda6

SHA256
878cbda80c3420bb327ca925c82dcbc387d509b04fa82e36c4300fa5aba43feb

SHA512
d7377f89f9b880b8212234aa251a8d3f97e3fb1d7f31dd64ef18713f600ca758bbb7600f0bb897782484646c958b1d121b9c3808f6ece28a9a14f64e50036d24

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\357F04AD41BCF5FE18FCB69F60C6680F_394487CAFBCFB8C5917AD7A10924C8A7

Filesize
1KB

MD5
6ca0339d6115c7eff30607b171ebcff9

SHA1
e1dc69bf9e5866fd3ddd0aac3812340c15ad9629

SHA256
968a7b1ce7d9068909324c33f4b7e88b77e4d7b8042c2d90fbbe729b58b6a022

SHA512
052a35cceaaa1f41fad41e60bcf6ec7666c937556b8b96e653b083efcb79d930c49d63e5ed7b27bb961b794da8840d1de208693cf6733c23e84871ea98d5a55c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E

Filesize
1KB

MD5
8f0cfe240ac373dc2c345095a8938899

SHA1
8a8d890d905e238c3686269fa32e90c3653049a6

SHA256
45be8463a9c9739762041e791f8135ac60938ac671afceb71c5e7fb186868b7d

SHA512
725020a95be23c2007a30eb602e10a40bc5f2d632406ff6528369c6ee574d3db558906601385860f96b762e288c27aabec20ce88c99e84db88f85844ecff3028

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A334956C3F99BD182BF4859935BADE72_FACA7E02B2152427A5B3C5BC1AC9CE92

Filesize
637B

MD5
229443cf91cea7609553160f544cccab

SHA1
d1b02d335713a32cb0336c9eddde0626427f7f84

SHA256
3bbfa39e217b859551d081ca642049ec8888dad4999afbc6a6c9077456f80ee2

SHA512
eafbc55d2d4b1741226453abcb7605784bf3d85dbdf664493938fcfd88f5a06f6e54f15d9d7c6eb3a2e78489d92f16321d6ae9dd146f7055ef76dfebe1ddf687

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3

Filesize
1KB

MD5
5946a96f8b65aa0fc574144428afea41

SHA1
f6769726a4874f13464e6b40526cd761f7d9ce86

SHA256
a4e16de22a381dcae774f3bfa23ba2a9536739383d75bf97160dd5d7d47810d7

SHA512
58cc2583c0b353db5f46fe89c135aacca472b1b51623a36c37cedc433b4de5a143a6a8aa790750407bfb7520572f8ef182dd548e37d9fdab51111294421d8596

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_D94F4A82266DCEDAC0F3F1BFD0843F4D

Filesize
488B

MD5
35583ea60faaf20cb784b6aeaa041989

SHA1
9dd51c8cda59ab2fb0ad8493cea233d040bbfd58

SHA256
c186c78867e27a23ed08a4b769e4143e593b61272a1594d5d5c664f3a1fed5b2

SHA512
ea77fd9f0d367126bbe52f987e3a67dcc4736c0f530448222716cebaabc1eda0eefa92ecff6c19c92276faf0813a2d34b5ad8124fe885224499b5748a2372d92

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B

Filesize
508B

MD5
9e534cd696177951b5eda7576dea69dd

SHA1
597651974a52aec2cb55e2c4a33ce7a766481313

SHA256
ff7dd84e899a74383b75d28f6008db07b05776f3a8f4e70eff2f7e047f6b5df4

SHA512
663f78e7363d8f191d0a9f3b97c3156105cd0816d7fc6580817e88971925737c3f5ff19e97a81d24a3e2f362f90734c5a8449a0a1491015d40f53fc30044cdc3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\140D9F340B6DC510C8D6D2E269E09CB5

Filesize
322B

MD5
1e0e2d6548a38974e7b9b4657d8ecd77

SHA1
830e013ca279881de7b23bff6047b7bc777c6a7e

SHA256
c94702b96150b2a5091655b354a7a0edf982c447c52e6f5f9da86dc61f398043

SHA512
6bb5b292ca237fb72a2ab3e6cd9044c46d7bc65b724b63cae73e127546bd907fee57db42715907726c4dbac2d69cf333839321ef13d5986204925973b4a214c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\349D186F1CB5682FA0194D4F3754EF36_329286CE101A90C7D927A9DF52224760

Filesize
532B

MD5
2499539da2ed9c94a7ea87a9262e8082

SHA1
06cd8496feb5b895e688c0af557bf0dec0109e72

SHA256
7f7264308a4dea0e207039b4c03645c738b7c44f62b489b655448e5c2d25db61

SHA512
5bf7f19e9af32248e3888c266aacab7773723818f60b26707e373b863d11ce99bd2b98cb92739f94eaf96bc22a7adc01033610d9daf492e1c871dff932cc6447

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\357F04AD41BCF5FE18FCB69F60C6680F_394487CAFBCFB8C5917AD7A10924C8A7

Filesize
536B

MD5
d75a044d4c0ca3ab537ea6fbd694f1e3

SHA1
ccd44abfaf3c0afad05affc4e37df62bf0d57c79

SHA256
f24ab37d6e96b33ce8c725846689d5e88ed48148ec80e4f0416a01359f16fe58

SHA512
295381f017aa2d6addf0fb47902ca87339011ee315fcbb58caacd293071112eeb624d5362e0e57f5793d0e9aa4989ec1e31c082b2ca2e81c0419d39491452b99

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E

Filesize
536B

MD5
b9a6e87d669cb633a826e863c76f5875

SHA1
a1c9c6f6c0c4e191b0d62aa9b9e041806d33cd30

SHA256
e1f1726b87b160a35446675f9c6f265624ff30b77cf2a015cf819a6111eefd2e

SHA512
23dbcb629084ff112539dd2880adcf318b93d614c84aa11f5d8cf2ce08d2fcf29871083b17c694ad1e54055312143536f2f5243546e6ff26fb80e4dcdbc414c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A334956C3F99BD182BF4859935BADE72_FACA7E02B2152427A5B3C5BC1AC9CE92

Filesize
480B

MD5
1ecbd3bdd8daa3771c6f984c159797d6

SHA1
3db1beb1f6d269f49eefdbb66ba7d05550a78d83

SHA256
447de1f1f00bf0464e5ffb98ac6ded5bbbd9db739c727cccb21cf45411698aa5

SHA512
24f482bd5c8c858bf0812b47b389c38706a79c101d8989f5ee9ce5e9921de9d7c4e1a70d69ccaf9f7eed78348799439930bbc25ef1c3710ac2d34bdc6ebeb51f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3

Filesize
506B

MD5
f01d159f8cbc273ce94a6f7dc766f0f4

SHA1
e2969fb5097644df14d63fb3b10b8b6368bc8f55

SHA256
6fac37183006ff3090d2831d88f98dcf01827abdfe8802d0bceac32eee91ea9a

SHA512
c2ff132bc06d584ec556a07932cc95442cd49951571372e6073a05eca5a7f216aeac687d19bf103f56f909cc58a145488be5ef9d9ddfe000ebe95a63e70945e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\PartnerFile

Filesize
646KB

MD5
7dea904bc19a3b7e4d480801bfb8fe80

SHA1
d9e6d1774aec2ca571cb691d1653d5fb73aed70b

SHA256
cef0bfe16e1ff7e25602eb3b3fd158baac280cc4021c0dfa5203ac3450df6ecf

SHA512
51a7d7a570fac5b689f16ee5f779a26eed4d423d081aedea5e2e65c436f3c5fd66c2623c076d574ecd391fe0304abf3a6f83a4d146e7b7eadb5bb01f95d1dd5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\YB_793E5.tmp\BRAND_COMMON

Filesize
25.6MB

MD5
8f2a744a5486097630c3b1053048b661

SHA1
dbd052a5f414dcb821bdd5d5dd75dcb0e4ee15e5

SHA256
d9abf1a2af93415f5c8417147ce83d39491f99a4a3a1cef8aa7496ec86cad52a

SHA512
449f8b240849b3b49c714179856a468b2311b0bb1b0539093bd16789cfc33ef736c763348536af2bc7dc2282ebf4bc98766c7a6ae5df49ee5c5835cca8c56c47

Download Submit
C:\Users\Admin\AppData\Local\Temp\YB_793E5.tmp\brand_yandex

Filesize
1.8MB

MD5
725a39c4ea18b2cc052a91acede57288

SHA1
5d6a60272da00adc32fec90c50b5592ae942c74a

SHA256
d69cd40242d5f8e6286c5c3b4ec25d39d2195b911d209b20bbaf5e02cf93c4d3

SHA512
48b36e5c11162b40def2dc4757cb191a743d4cd08093e88b8ca76b658676c4d13c5aeaf0a990b7d284194ad0ce3c9dd40fa3a1a3754e0ef55275184e79a39575

Download Submit
C:\Users\Admin\AppData\Local\Temp\YB_793E5.tmp\setup.exe

Filesize
4.9MB

MD5
1c85d1c3f7c0a8da27c1acc8f051766c

SHA1
5d79fadccdcac8938c119f9db581c92232475f64

SHA256
44648d5e8d60eca6483ebe9d79a3a6ee62a873b09821806b06c911dab83462e3

SHA512
48c5dc82d587ce0cca655e73cceb5175fc20a27f38f78f76c588df0e6ceb243d30b9942edb89133148c361be30c88a9ec108e5b5ceb8071e2164ce3dd631d02e

Download Submit
C:\Users\Admin\AppData\Local\Temp\clids.xml

Filesize
580B

MD5
94767e5bd3c7d598c990dcba9e0abf8b

SHA1
c4ae03d2480a773b24ad9716472426c47c7355f2

SHA256
e1f801c2623eca1d2ef8c5beb325b64d3eecd2a36e92e8c2bcfcf9315f9773af

SHA512
c0fff8d20d2ad2182c9e3fdab72cc2384beb97af3fc4964a831e9605fc8cb711e3de9af0f1589f1399eb6b4a940f0d2a6caaac81bd7ddbee071a10265fce4685

Download Submit
C:\Users\Admin\AppData\Local\Temp\distrib_info

Filesize
361B

MD5
33ae4078cc7853bf50d0d2e90f5d96e9

SHA1
c75b317ba76df2837047122591594cfc00003258

SHA256
98ddb6f16e1a38f73c6447d09e529e2b9fa774ceb1604bb6dc54d3a3849e277d

SHA512
8866ddfa4d6051916d893d77f4daaf8c006e8e907fb43a68c68d3d533ba496e7aa0f483113315f236e066aa21b32d49ad8b7e44ad1a70d23ba68f48c5c9ae9d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
16KB

MD5
b0529b42beed21a036702565bb1a55d6

SHA1
4dd128fe2f37ff70f0ef09ae0ec0072bed585f12

SHA256
0a9f93b7d94fb8802b004710b500fc06f0865be63ba022ece764217f834e9ec3

SHA512
8b26fcf9adf5827ed6d7698e8bf71429f387273236f6c4cf55b231fd6d39916492ae05c7b5a8202858b787036883994fcd8a080b9df97a76cbbf3a455204e7e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
16KB

MD5
ac37c4113a655daaacc07ad478f666df

SHA1
f4ce0cf3b45a9409df5c661d0c9d3644f5fe8a0b

SHA256
7c6315007e91b076c11801a3867c8a7f9b6e3aa44923d58ef0f6120b6978436a

SHA512
705064daebdda9b2322517bfa4ff9bb4c45467d2c85739f478cd709043cbbefa69e119389e771d4c7a9406ed357f7bed79ec8ab7e5df1f7edf2f15dd030d655d

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
5KB

MD5
addb291ab34d136b42830dbee7d4cada

SHA1
9849e06515fafb63687a6f6e5c9618e7c28f72eb

SHA256
91ad1f0b238573a53e3162c7589c3e9639c898890bc8671f93a2eec0d4bdbc0b

SHA512
2f82f3582543cb7e3e7b54b364f0d30a5d5e1f8b39c56b3fd3e54f7e7fed96b63e603c2b0634085fe38bcc171d6bd5085e2b087ec53ec67539490e480d717806

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
28KB

MD5
b4706a5df4727f5680f1036d958fd456

SHA1
9e9bf7839de0193ee6c5624dfceb4920615d563b

SHA256
bffe6007509d04908e0bc98bfdc98e7ab596fd60cf7d7027755536db94c5862b

SHA512
b78a1ab68597fda142294d4d2b743ac1fe7224e4449789d384367c1e086186b7ab52153a9322666ca93059a170c8aa6e89f96cc3ba77923fa379dcf8f6b61f7e

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
28KB

MD5
aa81ecfab8af671951ec6f92919ccdd9

SHA1
350c87948f00c36b504f868d128958a094f715b8

SHA256
997c728d93574aa2b8f69679cf2a9cce2d32c1ab95c08ff344c2c449f1cf9d84

SHA512
5f09f143635bcaf50c32bb4305e43cb35becefda93f8fd558f3524b9d674dfd3c865482689332ddd8f1ce9ec01b2bb89bc7610eb7daa537fce6eecc2b9c14534

Download Submit
C:\Users\Admin\AppData\Local\Temp\master_preferences

Filesize
171KB

MD5
5df7b03d702fd3bdd383455dd82e6086

SHA1
b98ac2732ff8383dbd747f04998ef2648e3d910a

SHA256
43d8afe58ea0972e36416dc7e9535bc1d7252caa20200ba3b4b29ae7c886c893

SHA512
d8648f29fa3e5ef9bd82ca92651766fae2de7f4eface02fc5c9fc1d375f09879cd21f1a59e361344182a284539e5e07977e208680357692872660af353e23e38

Download Submit
C:\Users\Admin\AppData\Local\Temp\yandex_browser_installer.log

Filesize
8KB

MD5
9d1d351c3c1bcb0afc42ce967e64588a

SHA1
d785473e2e09398ef62019d7cf40f36bb899ebb4

SHA256
5b2fea1ecfeae4502f30f506e98fb0c1b7ca48147326e9743078540e95810689

SHA512
043da6f2955afe9772ae71edfd90b399209946910c7c1c804d13ed70482e182326f458b20c71fb62ce3243d7d00db61b257dd234d95b0e9517df01bd1aaaf142

Download Submit
C:\Users\Admin\AppData\Local\Temp\yandex_browser_installer.log

Filesize
24KB

MD5
afe3c6533019565baf2e7c04c0f6ba53

SHA1
60aacc13a999d4bd927a5d04164450fc00db7863

SHA256
7ca792a7ce70e6f9b8bb1a17a002ffc38b76713d0e43ebfbaacdf946694c8b3c

SHA512
2394e7a94468fa186331d7f3c01f9350114c324da218423e0fabcc5c19f216736fc4418905bfc9b10c014d81d23a51526b818cace682b4320cbb8da104db4fd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\yandex_browser_updater.log

Filesize
5KB

MD5
9a60004e7ad9be83a6af82c3265ae4fe

SHA1
c01b772e8d4a13583fe3c1c0b7b4f9de1727ca02

SHA256
2880b2e7747232fac05e629f02fef31ee73904743972f75da79f192615936497

SHA512
6e66c47c36e5bcf0ef71887feef1498021205b3a76cc376889cc162953145d7a2fafe4a17988977fea0744f72ef231d93b4e348ac1df6ed46fbbe3c8d76ad745

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe

Filesize
633KB

MD5
27ae5aa1badfd04aa6a4c74f7388a30b

SHA1
76f2cf2bed23d41393258b6220bbae71f3286bad

SHA256
48be70e280d4021a547d0b7a414ad1a3486a7ec1b1a31fa9d2315d908990f5cf

SHA512
1dc52ba882533410a1dd19393bcca52f5859542fe296c3427a05651105b9d2f7a5d67f60bd253c33c71715eb30fe82251431ff404868c9e95ca1609c6158499f

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.lnk

Filesize
2KB

MD5
880b891959c430949595798bd79e4cfa

SHA1
a95286283f3ab8b36ff899cf88c0fe922ef1d76c

SHA256
f4002e2106cfc56c28bea8461d32adf9c092b6c2b25f12f6279b0f463f92d9e3

SHA512
bfcde2382327c501b75246fe150275d259c060ccd18c3c9f709cfbc4c2d8082624d07dc7a1a33d02be35ddae195ee9b6fbbaba94df8dbaec584e616c63d5eaef

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.7.1.1076\brand_config

Filesize
8KB

MD5
50114904422daff0939f2bee7ef2b7a7

SHA1
af5b517c0406f1267cabf924ab2d544c314212bf

SHA256
8a5bd6617986086e65658c5eee1c68e562031cb01533b1adf032f93d026f4c91

SHA512
cba8c9f047ed5ce5013fb39ec3fa02de40fd2a4944a4506d43fb9e25c069db7f45f57934d950bb5acaefdefda5dddd9259cee48df0a76b481a73632853d48d3f

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.7.1.1076\partner_config

Filesize
692B

MD5
1ebad97f86d33c6cf13746b770f92d5a

SHA1
545f4e133410f71784d2674997320324011e44a2

SHA256
480b23d068024570bfe9bd6cde89ab882f5b1d58a51bdf7ad64224c63ae51cd0

SHA512
5faf30dfd1355cd23c17ac802d85777860f8cd26964f813852d551b1b7cb0ab4e191dc0fc737b0b727ae9e0f92b295ffb2955b8e3f71b47022cf6e6866fad08a

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\Temp\chrome_Unpacker_BeginUnzipping1780_863593079\manifest.json

Filesize
1001B

MD5
2648d437c53db54b3ebd00e64852687e

SHA1
66cfe157f4c8e17bfda15325abfef40ec6d49608

SHA256
68a3d7cb10f3001f40bc583b7fff0183895a61d3bd1b7a1c34e602df6f0f8806

SHA512
86d5c3129bec156b17b8ebd5dec5a6258e10cb426b84dd3e4af85c9c2cd7ebf4faea01fd10dd906a18ea1042394c3f41a835eae2d83dc8146dfe4b6d71147828

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\YandexDictionaries\ru.bdic

Filesize
4.5MB

MD5
ac3768f0462853d08df284e67c7c4ebd

SHA1
732581ac6f2e02246696817adc53d2e2e5d0dcb5

SHA256
af2bcc135f974aad505a8f55296117dbf4cbc095931e22f424698b181d273656

SHA512
27d558deffeeefe1198aebdf65a3fef0b0f3d6b6c4177d03ff32b0363f0a2fb1b7ff6454f45dd3254427cec9174b03181c50bc51dba212e6ab0114a6e72bcf96

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

Filesize
4.4MB

MD5
e7a21406fe722c917a4d14cd460e437f

SHA1
cd2450f244e368e0887107430f93680843376804

SHA256
51f05ad877861df8781a364b8e3c0db654d747dfd9234a832c4a3a622e29dd5b

SHA512
3f80243242443d65ca0d853cc5a7d61592c355fd88c4153c99f6897a178e452fea61776977db560a605d27501a266faad748bff5e35bb2c0e3cdaad4f4ce96ea

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\install_state.json

Filesize
1KB

MD5
6340f31f4324bd3009729a0e020b54e5

SHA1
78ef8bfd2436c5eeae20176cef7b1f41cf4c7cf2

SHA256
0f420e9a241de8bbdb98a6723e1848133bf29697436b57a11b3d7af902814715

SHA512
d2ed0a4e44ae3fbaaacae47462c80a5aff6a1773fb002d560a2585c0215153c6f0a99ffbb6164e8fbadd26779a6983b3f7158f1edaaedaeadbb8db52e319cfb7

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1076\Extensions\ghjgbemlcjioaaejhnnmgfpiplgalgcl.json

Filesize
119B

MD5
2ec6275318f8bfcab1e2e36a03fd9ffa

SHA1
063008acf0df2415f5bd28392d05b265427aac5c

SHA256
20832de8163d5af0a0c8bda863bcd6083df4f92175d856ce527de1dae1f7c433

SHA512
5eee4555be05d07bce49c9d89a1a64bb526b83e3ca6f06e2f9ef2094ad04c892110d43c25183da336989a00d05dad6ff5898ff59e2f0a69dcaaf0aa28f89a508

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1076\resources\about_logo_en.png

Filesize
1KB

MD5
1376f5abbe56c563deead63daf51e4e9

SHA1
0c838e0bd129d83e56e072243c796470a6a1088d

SHA256
c56ae312020aef1916a8a01d5a1fc67ed3b41e5da539c0f26632c904a5e49c62

SHA512
a0bab3bae1307ea8c7ccbd558b86c9f40e748cdd6fd8067bb33eeef863191534af367a0058111553a2c3a24e666a99009176a8636c0a5db3bf1aa6226130498f

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1076\resources\about_logo_en_2x.png

Filesize
3KB

MD5
900fdf32c590f77d11ad28bf322e3e60

SHA1
310932b2b11f94e0249772d14d74871a1924b19f

SHA256
fe20d86fd62a4d1ab51531b78231749bd5990c9221eab1e7958be6d6aef292d9

SHA512
64ebc4c6a52440b4f9f05de8ffb343c2024c4690fe5c9f336e78cd1dd01ae8225e8bc446f386feb442e76136b20d6b04ee293467b21f5b294ce25e500922f453

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1076\resources\about_logo_ru.png

Filesize
1KB

MD5
ff321ebfe13e569bc61aee173257b3d7

SHA1
93c5951e26d4c0060f618cf57f19d6af67901151

SHA256
1039ea2d254d536410588d30f302e6ab727d633cf08cb409caa5d22718af5e64

SHA512
e98fbfb4ed40c5ac804b9f4d9f0c163508c319ec91f5d1e9deb6a5d3eada9338980f1b5fe11c49e6e88935ecd50119d321ce55ca5bdd0723a6e8c414e1e68e16

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1076\resources\about_logo_ru_2x.png

Filesize
3KB

MD5
a6911c85bb22e4e33a66532b0ed1a26c

SHA1
cbd2b98c55315ac6e44fb0352580174ed418db0a

SHA256
5bb0977553ded973c818d43a178e5d9874b24539dacbd7904cd1871e0ba82b23

SHA512
279fb0c1f2871ce41b250e9a4662046bc13c6678a79866eaf317cc93c997a683114122092214ce24f8e7f8a40520fe4ca03f54930148f4f794df0df3ecf74e9d

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1076\resources\configs\all_zip

Filesize
650KB

MD5
afe483f734afc49508438d8cdbe7007f

SHA1
55aa5f8450e4a3990c76415c1ca77fd80fa94664

SHA256
d57fcdc8e1db92baa2e55dd983232fe1f2b73aaabeb6355ef1078757e85a0e21

SHA512
7282efc99932ebe26d7da4e888f7fd61ab4ab712a83dcb0bf9f00a476899bcdcee4cc4bda87d97861cdbf88d46b3bebf9270fedc6a5b25d9ccd6539edc52314f

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1076\resources\easylist\easylist.txt

Filesize
620KB

MD5
8e4bcad511334a0d363fc9f0ece75993

SHA1
62d4b56e340464e1dc4344ae6cb596d258b8b5de

SHA256
2f317fee439877eaadb1264bd3d1e153c963ef98596a4ccf227592aea12ae76f

SHA512
65077bd249c51be198234ff927040ef849cd79adcd611ed2afae511bc2a257a21f13171bf01cb06fce788c1cff88c8ad39cf768c5900d77cd15453a35e7f0721

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1076\resources\easylist\manifest.json

Filesize
68B

MD5
15bcd6d3b8895b8e1934ef224c947df8

SHA1
e4a7499779a256475d8748f6a00fb4580ac5d80d

SHA256
77334f6256abddcc254f31854d1b00aa6743e20aadbb9e69187144847099a66b

SHA512
c2d3778a99af8d8598e653593d5e2d1d0b3b2ace11addd2d3eeb2bf3b57d51bf938ddaf2d2743322e0ce02e291b81f61c319daf34c1cd604ffce1f6407a30b34

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1076\resources\extension\elokbjeafkcggjfjkakpchmcmhkhaofn\brand_settings.json

Filesize
379B

MD5
f70c4b106fa9bb31bc107314c40c8507

SHA1
2a39695d79294ce96ec33b36c03e843878397814

SHA256
4940847c9b4787e466266f1bb921097abb4269d6d10c0d2f7327fde9f1b032b7

SHA512
494dce5543e6dacc77d546015f4ea75fd2588625e13450dba7ba0bd4c2f548b28c746a0d42c7f9b20d37f92af6710927d4bccb2fee4faa17d3ec2c07ff547e70

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1076\resources\extension\fcgfaidpicddcilhjhafmmcgfodijhjd\brand_settings.json

Filesize
316B

MD5
a3779768809574f70dc2cba07517da14

SHA1
ffd2343ed344718fa397bac5065f6133008159b8

SHA256
de0fbb08708d4be7b9af181ec26f45fccd424e437bc0cfb5cf38f2604f01f7b2

SHA512
62570be7ea7adee14b765d2af46fcd4dc8eec9d6274d9e00c5f361ff9b0cdb150305edad65a52b557c17dd9682e371004a471fa8958b0bd9cfbe42bb04ca5240

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1076\resources\extension\gopnelejddjjkamjfblkcijjikkinnec\brand_settings.json

Filesize
246B

MD5
30fdb583023f550b0f42fd4e547fea07

SHA1
fcd6a87cfb7f719a401398a975957039e3fbb877

SHA256
114fd03aa5ef1320f6cc586e920031cf5595a0d055218ce30571ff33417806d3

SHA512
bae328e1be15c368f75396d031364bef170cfcf95dbdf4d78be98cff2b37a174d3f7ebb85b6e9eb915bb6269898cbcecd8a8415dc005c4444175fe0447126395

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1076\resources\import-bg.png

Filesize
9KB

MD5
85756c1b6811c5c527b16c9868d3b777

SHA1
b473844783d4b5a694b71f44ffb6f66a43f49a45

SHA256
7573af31ed2bfcfff97ed2132237db65f05aff36637cd4bdeccdf8ca02cd9038

SHA512
1709222e696c392ca7bcd360f9a2b301896898eb83ddfb6a9db0d0c226a03f50671633b8bed4d060d8f70df7282ffc2cd7ab1d1449acf2e07a7b6c251aa3a19e

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1076\resources\morphology\dictionary-ru-RU.mrf

Filesize
1.1MB

MD5
0be7417225caaa3c7c3fe03c6e9c2447

SHA1
ff3a8156e955c96cce6f87c89a282034787ef812

SHA256
1585b1599418d790da830ef11e8eeceee0cbb038876fe3959cc41858bd501dbc

SHA512
dfc0de77b717029a8c365146522580ab9d94e4b2327cef24db8f6535479790505c337852d0e924fbfa26e756b3aec911f27f5f17eba824496365c9a526464072

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1076\resources\morphology\dictionary-ru-RU.mrf.sig

Filesize
256B

MD5
d704b5744ddc826c0429dc7f39bc6208

SHA1
92a7ace56fb726bf7ea06232debe10e0f022bd57

SHA256
151739137bbbdf5f9608a82ec648bdf5d7454a81b86631b53dfc5ad602b207d6

SHA512
1c01217e3480872a6d0f595ceb1b2242ffe3e1ff8b3fdd76eea13a7541606b94d3ccd69492a88220e0e40c17da5d785e4dba1d7501e6be749b9c46f72572ef6f

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1076\resources\morphology\stop-words-ru-RU.list

Filesize
52B

MD5
24281b7d32717473e29ffab5d5f25247

SHA1
aa1ae9c235504706891fd34bd172763d4ab122f6

SHA256
cbeec72666668a12ab6579ae0f45ccbdbe3d29ee9a862916f8c9793e2cf55552

SHA512
2f81c87358795640c5724cfabcabe3a4c19e5188cedeab1bd993c8ccfc91c9c63a63e77ac51b257496016027d8bccb779bd766174fa7ea2d744bd2e2c109cb8b

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1076\resources\safebrowsing\download.png

Filesize
437B

MD5
528381b1f5230703b612b68402c1b587

SHA1
c29228966880e1a06df466d437ec90d1cac5bf2e

SHA256
3129d9eaba1c5f31302c2563ebfa85747eda7a6d3f95602de6b01b34e4369f04

SHA512
9eb45b0d4e3480a2d51a27ac5a6f20b9ef4e12bf8ac608043a5f01a372db5ea41a628458f7a0b02aaba94cd6bb8355a583d17666f87c3f29e82a0b899e9700bd

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1076\resources\sxs.ico

Filesize
43KB

MD5
592b848cb2b777f2acd889d5e1aae9a1

SHA1
2753e9021579d24b4228f0697ae4cc326aeb1812

SHA256
ad566a3e6f8524c705844e95a402cdeb4d6eed36c241c183147409a44e97ebcd

SHA512
c9552f4db4b6c02707d72b6f67c2a11f1cf110b2c4ac5a1b7ac78291a14bf6eb35a9b4a05bc51ac80135504cd9dcad2d7a883249ee2e20a256cb9e9ceeb0032f

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1076\resources\tablo

Filesize
846KB

MD5
16929f802c4e8b18ca2b27410a56183e

SHA1
70959fc3445a0c0ed704c1c50c32949224227599

SHA256
bdda0751ce3cfcedcc482bc349b4fc8e427ad8b06973d2d324dcf70aa3510bd3

SHA512
3efb4f990005ffd484bf2b2a81b9080f61bd5e9216f3359f8d534fca9efa3d19050ca5b514c960aec83a431151a12d9fdbc7eda0b91843e50d2bd03efec22cde

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1076\resources\wallpapers\1-1x.png

Filesize
18KB

MD5
80121a47bf1bb2f76c9011e28c4f8952

SHA1
a5a814bafe586bc32b7d5d4634cd2e581351f15c

SHA256
a62f9fdf3de1172988e01a989bf7a2344550f2f05a3ac0e6dc0ccd39ed1a697e

SHA512
a04df34e61fd30764cf344b339ba2636b9280a358863f298690f6a8533c5e5dfa9773a14f8d16a5bb709ea17cf75e1da6302335aa9120009892e529bfad30df9

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1076\resources\wallpapers\abstract\light.jpg

Filesize
536KB

MD5
3bf3da7f6d26223edf5567ee9343cd57

SHA1
50b8deaf89c88e23ef59edbb972c233df53498a2

SHA256
2e6f376222299f8142ff330e457867bad3300b21d96daec53579bf011629b896

SHA512
fef8e951c6cf5cec82dbeafd306de3ad46fd0d90e3f41dcea2a6046c95ab1ae39bf8a6e4a696580246c11330d712d4e6e8757ba24bbf180eec1e98a4aec1583b

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1076\resources\wallpapers\abstract\light_preview.jpg

Filesize
5KB

MD5
9f6a43a5a7a5c4c7c7f9768249cbcb63

SHA1
36043c3244d9f76f27d2ff2d4c91c20b35e4452a

SHA256
add61971c87104187ae89e50cec62a196d6f8908315e85e76e16983539fba04b

SHA512
56d7bd72c8a380099309c36912513bcafbe1970830b000a1b89256aae20137c88e1e281f2455bb381ab120d682d6853d1ef05d8c57dd68a81a24b7a2a8d61387

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1076\resources\wallpapers\custogray\custogray_full.png

Filesize
313B

MD5
55841c472563c3030e78fcf241df7138

SHA1
69f9a73b0a6aaafa41cecff40b775a50e36adc90

SHA256
a7cd964345c3d15840b88fd9bc88f0d0c34a18edbf1ce39359af4582d1d7da45

SHA512
f7433d17937342d9d44aa86bcc30db9ae90450b84aa745d2c7390ff430449e195b693a8ae6df35d05fee2d97149a58a7d881737d57902d9885c6c55393d25d6f

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1076\resources\wallpapers\custogray\preview.png

Filesize
136B

MD5
0474a1a6ea2aac549523f5b309f62bff

SHA1
cc4acf26a804706abe5500dc8565d8dfda237c91

SHA256
55a236ad63d00d665b86ff7f91f2076226d5ed62b9d9e8f835f7cb998556545f

SHA512
d8e3de4fea62b29fd719376d33a65367a3a2a2a22ed175cc1eeff3e38dfbaac448c97a6fbea55bc6159351d11a6aad97e09cb12548cf297e01bd23bf6074de08

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1076\resources\wallpapers\custogray\wallpaper.json

Filesize
233B

MD5
662f166f95f39486f7400fdc16625caa

SHA1
6b6081a0d3aa322163034c1d99f1db0566bfc838

SHA256
4cd690fb8ed5cd733a9c84d80d20d173496617e8dde6fca19e8a430517349ed5

SHA512
360a175c5e72ff8d2a01ee4e0f365237bbd725b695139ea54afc905e9e57686c5db8864b5abf31373a9cb475adcbdb3db292daf0a53c6eb643a5d61b868ad39b

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1076\resources\wallpapers\fir_tree\fir_tree_preview.png

Filesize
8KB

MD5
d6305ea5eb41ef548aa560e7c2c5c854

SHA1
4d7d24befe83f892fb28a00cf2c4121aeb2d9c5d

SHA256
4c2b561cf301d9e98383d084a200deb7555ec47a92772a94453d3d8d1de04080

SHA512
9330009997d62c1804f1e4cf575345016cda8d6a1dd6cb7d2501df65ea2021df6b8a5bc26809ddfc84e6ff9450f1e404c135561b1b00b9e4915c69e84f89cfec

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1076\resources\wallpapers\fir_tree\wallpaper.json

Filesize
384B

MD5
8a2f19a330d46083231ef031eb5a3749

SHA1
81114f2e7bf2e9b13e177f5159129c3303571938

SHA256
2cc83bc391587b7fe5ddd387506c3f51840b806f547d203ccd90487753b782f1

SHA512
635828e7b6044eeede08e3d2bb2e68bc0dbbe9e14691a9fb6e2bc9a2ac96526d8b39c8e22918ff2d944fb07b2531077f8febd43028be8213aa2fad858b6ee116

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1076\resources\wallpapers\flowers\flowers_preview.png

Filesize
9KB

MD5
ba6e7c6e6cf1d89231ec7ace18e32661

SHA1
b8cba24211f2e3f280e841398ef4dcc48230af66

SHA256
70a7a65aa6e8279a1a45d93750088965b65ea8e900c5b155089ca119425df003

SHA512
1a532c232dd151474fbc25e1b435a5e0d9d3f61372036d97bcaab3c352e7037f1c424b54a8904ef52cf34c13a77b7ab295fb4fd006c3ab86289577f469a6cd4c

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1076\resources\wallpapers\flowers\wallpaper.json

Filesize
387B

MD5
a0ef93341ffbe93762fd707ef00c841c

SHA1
7b7452fd8f80ddd8fa40fc4dcb7b4c69e4de71a0

SHA256
70c8d348f7f3385ac638956a23ef467da2769cb48e28df105d10a0561a8acb9e

SHA512
a40b5f7bd4c2f5e97434d965ef79eed1f496274278f7caf72374989ac795c9b87ead49896a7c9cbcac2346d91a50a9e273669296da78ee1d96d119b87a7ae66a

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1076\resources\wallpapers\huangshan\huangshan.jpg

Filesize
211KB

MD5
c51eed480a92977f001a459aa554595a

SHA1
0862f95662cff73b8b57738dfaca7c61de579125

SHA256
713c9e03aac760a11e51b833d7e1c9013759990b9b458363a856fd29ea108eec

SHA512
6f896c5f7f05524d05f90dc45914478a2f7509ea79114f240396791f658e2f7070e783fab6ac284327361dc2a48c5918b9f1c969b90795ceacce2c5c5bfa56ca

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1076\resources\wallpapers\huangshan\huangshan.webm

Filesize
9.6MB

MD5
b78f2fd03c421aa82b630e86e4619321

SHA1
0d07bfbaa80b9555e6eaa9f301395c5db99dde25

SHA256
05e7170852a344e2f3288fc3b74c84012c3d51fb7ad7d25a15e71b2b574bfd56

SHA512
404fb2b76e5b549cbcba0a8cf744b750068cbd8d0f9f6959c4f883b35bcaa92d46b0df454719ca1cef22f5924d1243ba2a677b2f86a239d20bfad5365dc08650

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1076\resources\wallpapers\huangshan\huangshan_preview.jpg

Filesize
26KB

MD5
1edab3f1f952372eb1e3b8b1ea5fd0cf

SHA1
aeb7edc3503585512c9843481362dca079ac7e4a

SHA256
649c55ccc096cc37dfe534f992b1c7bda68da589258611924d3f6172d0680212

SHA512
ecd9609fbf821239ddcbdc18ef69dade6e32efd10c383d79e0db39389fa890a5c2c6db430a01b49a44d5fa185f8197dbbde2e1e946f12a1f97a8c118634c0c34

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1076\resources\wallpapers\meadow\preview.png

Filesize
5KB

MD5
d10bda5b0d078308c50190f4f7a7f457

SHA1
3f51aae42778b8280cd9d5aa12275b9386003665

SHA256
0499c4cc77a64cc89055b3c65d7af8387f5d42399ff2c0a2622eccbd6d481238

SHA512
668e1a70a50a0decf633167ac23cba6916d0e05d0894daae1f7e3d487519f0a126abd4298430b38f52746a5c3b83ccd520b3d9b0ae1a79f893e36821a0458566

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1076\resources\wallpapers\meadow\wallpaper.json

Filesize
439B

MD5
f3673bcc0e12e88f500ed9a94b61c88c

SHA1
e96e2b2b5c9de451d76742f04cc8a74b5d9a11c0

SHA256
c6581e9f59646e0a51a3194798ec994c7c5c99f28897108838aaf4a4e2bda04a

SHA512
83fb3fe4a3562449a53c13d1c38d5fe9ef1fa55c3006f59b65eace9a6ad4963e768088bc500dbe5266b5979c6ace77874ef11a15a7bd9fabae00ff137e70ecb5

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1076\resources\wallpapers\misty_forest\preview.png

Filesize
5KB

MD5
77aa87c90d28fbbd0a5cd358bd673204

SHA1
5813d5759e4010cc21464fcba232d1ba0285da12

SHA256
ea340a389af6d7ad760dff2016cf4e79488bda1a45d0a415b3cd02a4430c9711

SHA512
759519b8822a6a4b88fc9ba47fa9d5d898b2f5a0f359acfbefc04809e6d7f5df86fb130f191eb6f63322792a18c0e7170aedf3ce7060fd9ad7e1bec2e686c3b2

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1076\resources\wallpapers\misty_forest\wallpaper.json

Filesize
423B

MD5
2b65eb8cc132df37c4e673ff119fb520

SHA1
a59f9abf3db2880593962a3064e61660944fa2de

SHA256
ebe9cadad41bd573f4b5d20e3e251410300b1695dfdf8b1f1f1276d0f0f8fa6d

SHA512
c85fe6895453d0c38a1b393307b52d828bad8fa60d1d65bb83ffa3c5e17b71aa13cab60955489198503839ce5a4a6c1bb353752ab107f5e5b97908116c987e52

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1076\resources\wallpapers\mountains_preview.jpg

Filesize
35KB

MD5
a3272b575aa5f7c1af8eea19074665d1

SHA1
d4e3def9a37e9408c3a348867169fe573050f943

SHA256
55074794869b59cd5c693dfa6f6615aea068c2cd50cdae6dd69bd0410661ded8

SHA512
c69bf39362658dd6cbd827cf6db0f188a9c4410b3c6b7b532595fd5907974e2141d857942ffb2497282e31eaa33c71240c2c2bd8721046df55e3358e8b76c061

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1076\resources\wallpapers\neuro_dark\neuro_dark_preview.jpg

Filesize
20KB

MD5
7b24c2482e13f1c709fa04840a6e05f4

SHA1
27d308dd3101720cc2fae288b7525ae89f654ea3

SHA256
34ab81fad24e5343f02d1af01318f3bbd010be345b1ff86a1d3d0a243a2e3ac7

SHA512
e2f5c42358fadb3f6237026346e330ddd3c1237c8fceb4b93fb85fffd0498c30358eedc62f5a52fdd2030cdac95a09bc8614926d73d07f053306afea38d8c23f

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1076\resources\wallpapers\neuro_dark\neuro_dark_static.jpg

Filesize
1.7MB

MD5
bc94b91af647ee7d1106bd510c30ab9e

SHA1
a8cf4d3e889e3c7b8805606a5c1bf993c2d5976f

SHA256
e5f2c59ed9e5a0dd5d1597477ba0ca7745f512fdd5519f30f3154bd02bcb558c

SHA512
36ef6607439dfaf51cdf4ff5f544b2a28cd8dd670d2a12bc86e15b315695c00872d206eb31825ab5e445d46ae631826351ff46351f924d3a7bdca64cb2e21bc1

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1076\resources\wallpapers\neuro_light\neuro_light_preview.jpg

Filesize
17KB

MD5
acf549f4fe2b19d1bdb3a06b3b1f7d2a

SHA1
d0eb8c6cb7d1c4b9108ddfc3a3c679912309508d

SHA256
e8bf84c4152526aefcc4cf84a88f591db0803665127ab41a58e1425c3aff7cc9

SHA512
e980233b29dd388c3cf8d3d2da343843aee8309e67d22a118bf07c90af1498fa0f19cb8f4c943ae195754cc2058719b5157717ef0440a92930f88d957afff7da

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1076\resources\wallpapers\neuro_light\neuro_light_static.jpg

Filesize
619KB

MD5
75b6d2830e0ea08ff0ec2d415924d6f9

SHA1
453cfb7151a30cb7d233fcc71bcfb406056b987f

SHA256
547e49d300dc647657254fd4ff4953a330f088a4efb501519badd9e6844ce6bf

SHA512
f96017b368cedbea1ff463398eb2e3512f9bb441ea028d08a50c62077a236e131964ead0a2c3eff0d37ef6ff99c973d690410edf16ed9ae832624dc3c3815812

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1076\resources\wallpapers\peak\preview.png

Filesize
5KB

MD5
1d62921f4efbcaecd5de492534863828

SHA1
06e10e044e0d46cd6dccbcd4bae6fb9a77f8be45

SHA256
f72ea12f6c972edfe3d5a203e1e42cbbaf4985633de419342c2af31363f33dab

SHA512
eec8171bd3bea92e24066e36801f334ac93905b7e8e50935f360e09fa8c9b9f848c4c62b687299e8297c0693d6dbaf9c6035b471e6345d626510b73e3606ee4d

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1076\resources\wallpapers\peak\wallpaper.json

Filesize
440B

MD5
f0ac84f70f003c4e4aff7cccb902e7c6

SHA1
2d3267ff12a1a823664203ed766d0a833f25ad93

SHA256
e491962b42c3f97649afec56ad4ea78fd49845ceb15f36edddd08d9e43698658

SHA512
75e048c1d1db6618ead9b1285846922c16a46ee138a511e21235342a5a6452c467b906578bdd4a56e7b9e0a26535df6fb6319ae1cae238055887b48963fa6ed6

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1076\resources\wallpapers\raindrops\raindrops_preview.png

Filesize
7KB

MD5
28b10d683479dcbf08f30b63e2269510

SHA1
61f35e43425b7411d3fbb93938407365efbd1790

SHA256
1e70fc9965939f6011488f81cd325223f17b07ee158a93c32c124602b506aa6b

SHA512
05e5b5e9c5ef61f33a883b0286c2239cb2a464581d6e8a86d7b179b1887b4cb2cd7304e0821cdd3208501421c44c63c248a5166c790792717a90f8ac528fbf2f

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1076\resources\wallpapers\raindrops\wallpaper.json

Filesize
385B

MD5
5f18d6878646091047fec1e62c4708b7

SHA1
3f906f68b22a291a3b9f7528517d664a65c85cda

SHA256
bcfea0bebf30ee9744821a61fcce6df0222c1a266e0995b9a8cfbb9156eeeefd

SHA512
893b2077a4abaa2fe89676c89f5e428ccd2420177268159395b5568824dd3fe08bea8a8b2f828c6c9297b19e0f8e3a1b7899315c0b07f4b61fc86ce94301518b

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1076\resources\wallpapers\sea.webm

Filesize
12.5MB

MD5
00756df0dfaa14e2f246493bd87cb251

SHA1
39ce8b45f484a5e3aa997b8c8f3ad174e482b1b9

SHA256
fa8d0ae53ebdbec47b533239709b7e1514ecb71278907621ca2d288241eb0b13

SHA512
967670863f3c77af26fa1d44cd7b4fe78148d2ba6ea930b7b29b9f35d606554d664c0577068e0c26fa125d54627d7e7543360bce4acee0af17783b07450b5f52

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1076\resources\wallpapers\sea\sea_preview.png

Filesize
3KB

MD5
3c0d06da1b5db81ea2f1871e33730204

SHA1
33a17623183376735d04337857fae74bcb772167

SHA256
02d8e450f03129936a08b67f3a50ea5d2e79f32c4e8f24d34b464f2cb5e0b086

SHA512
ff0e60c94fc3c0c61d356a26667c5170256e1143b29adf23d4e7d27012da72ed8865ef59dc2046314c7335b8d3d331e5fd78f38b9b92f6af48729dae80f85b15

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1076\resources\wallpapers\sea\wallpaper.json

Filesize
379B

MD5
92e86315b9949404698d81b2c21c0c96

SHA1
4e3fb8ecf2a5c15141bb324ada92c5c004fb5c93

SHA256
c2bb1e5d842c7e5b1b318f6eb7fe1ce24a8209661ddd5a83ab051217ca7c3f65

SHA512
2834b1ef7bb70b2d24c4fedef87cd32c6e8f401d8ee5f3852808f6a557724ce036c31a71298cd0ed601cde4be59ec4042542351c63c4e0ac3d31419f79240956

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1076\resources\wallpapers\sea_preview.jpg

Filesize
59KB

MD5
53ba159f3391558f90f88816c34eacc3

SHA1
0669f66168a43f35c2c6a686ce1415508318574d

SHA256
f60c331f1336b891a44aeff7cc3429c5c6014007028ad81cca53441c5c6b293e

SHA512
94c82f78df95061bcfa5a3c7b6b7bf0b9fb90e33ea3e034f4620836309fb915186da929b0c38aa3d835e60ea632fafd683623f44c41e72a879baf19de9561179

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1076\resources\wallpapers\sea_static.jpg

Filesize
300KB

MD5
5e1d673daa7286af82eb4946047fe465

SHA1
02370e69f2a43562f367aa543e23c2750df3f001

SHA256
1605169330d8052d726500a2605da63b30613ac743a7fbfb04e503a4056c4e8a

SHA512
03f4abc1eb45a66ff3dcbb5618307867a85f7c5d941444c2c1e83163752d4863c5fc06a92831b88c66435e689cdfccdc226472be3fdef6d9cb921871156a0828

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1076\resources\wallpapers\stars\preview.png

Filesize
6KB

MD5
ed9839039b42c2bf8ac33c09f941d698

SHA1
822e8df6bfee8df670b9094f47603cf878b4b3ed

SHA256
4fa185f67eaf3a65b991cea723d11f78de15a6a9a5235848a6456b98a9d7f689

SHA512
85119055ddfc6bc4cca05de034b941b1743cbb787607c053e8c10309572d2ef223786fc454d962fbb5e3cde5320117f9efe99041116db48916bc3d2fcd4ffa25

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1076\resources\wallpapers\stars\wallpaper.json

Filesize
537B

MD5
9660de31cea1128f4e85a0131b7a2729

SHA1
a09727acb85585a1573db16fa8e056e97264362f

SHA256
d1bef520c71c7222956d25335e3ba2ea367d19e6c821fb96c8112e5871576294

SHA512
4cb80766c8e3c77dfb5ca7af515939e745280aa695eca36e1f0a83fb795b2b3ef406472f990a82c727cea42d1b4ef44a0d34a7f4f23e362f2992dbff2527798b

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1076\resources\wallpapers\web\wallpaper.json

Filesize
379B

MD5
e4bd3916c45272db9b4a67a61c10b7c0

SHA1
8bafa0f39ace9da47c59b705de0edb5bca56730c

SHA256
7fdddc908bd2f95411dcc4781b615d5da3b5ab68e8e5a0e2b3d2d25d713f0e01

SHA512
4045e262a0808225c37711b361837070d0aeb5d65a32b5d514cc6f3c86962ba68f7d108bf4d81aa3bf645789d0753029a72c1ce34688a6d7af15f3e854c73f07

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1076\resources\wallpapers\web\web_preview.png

Filesize
8KB

MD5
3f7b54e2363f49defe33016bbd863cc7

SHA1
5d62fbfa06a49647a758511dfcca68d74606232c

SHA256
0bbf72a3c021393192134893777ecb305717ccef81b232961ca97ae4991d9ba8

SHA512
b3b458860701f3bc163b4d437066a58b5d441d8a427a8b03772c9c519c01983e3d3fdb8da20f6a53ad95c88dcdd0298f72822f39bc3672cb6f1d77fcc3f025a9

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad\settings.dat

Filesize
48B

MD5
f619460b93478a69a89cb5fc9df2b7c4

SHA1
3cd58ec46123c854542408804eb7f0aaf0dd38c0

SHA256
07233d0b0bd5f7cc7102ff73ce563b549d183bcf1d80c90db97db3dc77efb47e

SHA512
8b536bad964dbf0c52ac96e7d73ee53b82ddc415b8320c374d570c1093f173b55a39141e8b6a5820e9a48dc1b4a7b7c5cbc81e663a8d12ae5286261e55599ea5

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad\settings.dat

Filesize
48B

MD5
30f36b5b19be97a8e3f3d3d796c66399

SHA1
57216ce8356cc87bc07854cbe9f83528cbd8120b

SHA256
489964c9becc8c901148f7c73fe36bc27a9866ebfdea3ddc2a06b3e8f3f949e8

SHA512
d1b3ac35a3509217339cdb9f8f5122b1917d80d8d0cb2b1a983d3952ec375face8f76b1f5cc9cbdb664e169604a7cca083af7e8461fc4e34476a82661080881d

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\6010e7b8-85af-49da-bd22-4c705226eb57.tmp

Filesize
160KB

MD5
54497ce2271deb0e673ec048b44da343

SHA1
5f886314234b7aa6a4da5efc937a9d63ed007727

SHA256
3dcf052bb8050fa32f28873bb665f63f457799cb9a92549fb2dbea94014f929b

SHA512
d0d77d763b1b12c1b9d7a9a3f2aee4640ed5fb10d828b7c3c2cb051504c2b7b6438309124b934b346a4152c0aca009883d6bda42dc997188b8ca2736ac3419c9

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\7bd13355-2c59-4643-a593-74e2651e9cd0.tmp

Filesize
150KB

MD5
4f7a8f2ac002606afc1ae7f3104def4e

SHA1
ea76ab424b080917ae4e27a13e0fad031c726116

SHA256
d63c8280492d1d3699613c10750f51480f1ad58819da05610cb902213f7281e5

SHA512
f88a3cd2a2e1d1ba18c47ad2be99c8911bac73b96f69a64f735b36994be8f6ddc1e3ffcc04d946cf4ea1a466f04f4fe99629b5f09570de5ae0d19539dfe565da

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
70b95d9a29c33abac0ef44e8e917c8e1

SHA1
b4000002187224a01bb882837828325161b787f0

SHA256
b2591e3e8b3acca6758b8400ef5b6ace591a4a47518b9e242e4b87cd2b4019cb

SHA512
f1cef1c8c3586ff0e115c72c70aedf99fc0b40f0fbe82d86b05788c576a359700d1009a840d137cf3bc9c1cd73ebe45fbcbd929b0e9ac69911aa96e4f45250e3

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe5a2ed2.TMP

Filesize
48B

MD5
70f41e81b7d5e2d72f96f765fd571b4a

SHA1
7bdcb1ba18e86d3091e1241a4f70ec220298cc16

SHA256
83bbda6549af42e632dd19ae6d5dd9c8ff390d790262be8f2855707876f7208b

SHA512
ef2c6a50336e3afa1530b9ce567f576ec92813b53ff179574763c118a69199382be242529932a5b8013e86a705b17e3b3faabfc9de3f8b53cc9e119fdb7655ab

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Extension Scripts\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Extension Scripts\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\Network Persistent State

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
3d7dca274bf8a9cf9ca7ec40d5c6b473

SHA1
d89faaa39e1228ae5b5d451da4fccf0d4df62031

SHA256
f7872eb834745f0781a4b86bfc24931437c41ddcc6e9447af9d5b9c5375dc6a6

SHA512
780636139581a252805c7123892dc323f2c9f5c5d65d189e5280d5dad27b931728700e400d23430560c71d0ccc7f6600b2aa6b01c33f717a67d4b6e54ae2213b

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\Network Persistent State~RFe59e1cb.TMP

Filesize
59B

MD5
78bfcecb05ed1904edce3b60cb5c7e62

SHA1
bf77a7461de9d41d12aa88fba056ba758793d9ce

SHA256
c257f929cff0e4380bf08d9f36f310753f7b1ccb5cb2ab811b52760dd8cb9572

SHA512
2420dff6eb853f5e1856cdab99561a896ea0743fcff3e04b37cb87eddf063770608a30c6ffb0319e5d353b0132c5f8135b7082488e425666b2c22b753a6a4d73

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
661a5d1df5f59a3375133ea55dfad4c7

SHA1
4f1f2eeff885659b147d702206a3e6aaece89b04

SHA256
a27aa8d3de75a8c05fa15c5b87652c0a8c52fd2bc0b1a3e23e9259a28b7673d2

SHA512
1c63385f3a4a58d06109a7a0b7d5e798768f4867196815f549c0e8b2bdc7e676a9002b6fb37ef908a2f948c9b1befe7a041eca9ba78a869a9e11102c0b2c86a4

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
90d863f7ca6fbfe1cb720bb9ce9838b8

SHA1
8255c33e164b1cfc8586b154180c8405a280cc19

SHA256
b988ac3497015ea3e285a104c54777fc7bf9233c748a75311f5e147d0f4b88ad

SHA512
b2a1a5eb49b20309481174ae98e6f2f4701d20125525c722066bc5851d0e7c321c199ee6ef2da6cfb5470ebdea18d30b36cdce1e9ca0ab076b3d4f487ee6f5f8

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
85575bb391302b3a17c084a09e7c23be

SHA1
62665642c47f3fe4b91bbcde898ce3568cf8acc9

SHA256
fab00e42bb8cd5cba7f24100dff0c5b69dcde12d75d05279efa2f4f6220c0f8a

SHA512
761e23748c506343d309a3b632b8daffbc4a3910e98d73904e95b9753de50ab872781aa0b5ba338980a3f23a41436682b0b92e3894ee517cdf3769bf95eb5b6f

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
230c6ffaf6d0716805e95227b5738af2

SHA1
9d27771ff68cc49107ef56f16242acabdfb32ae6

SHA256
98f4611952aea42a678e0252dd6ec02c6416b703bcb62262d04f3c7b2effa120

SHA512
2ddd61ddb16e82dcf83381cd5b1a3db6b54f4277a1212fd1a438c66a77b064e721aac3b3aa70c755233dd19d499aca7888d87697ce104c932835f3783ec3e119

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity~RFe59cf3d.TMP

Filesize
858B

MD5
f721abf6cb24ee77f14fe2b263eb98a1

SHA1
adcc55e23a63e07a016c0a99703345d3e75c8cc1

SHA256
4d6bd1a98a130dda7e21500514b3f229730ffe66987d3b28bdb066da44f60d1c

SHA512
19bd6429017023e7f1239392b69853296559cbc3b4840d9bedbd605553c1f15ec78b0519825a49b86fad270247838352d910a725ace6ce1ff555928f3f3b6ddf

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

Filesize
7KB

MD5
dac41a75caa765983e3a22f45517e0ba

SHA1
60eca28d84d150ac2dca8092b230895ee2cff277

SHA256
3922fb6fe2b63f39e7e2d525f983c5d492adb62e6c72e230a9507b44eb93718d

SHA512
c2b6119437872fc88a87a462601cfe932107ff71907cb68b3fcf78912c25e7365207e4d276645de40d4517123065be7dbc462b00db1b604daa6b424ce00ac4ab

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

Filesize
11KB

MD5
3825ff7e8fd0e042d377731abfb0e7cd

SHA1
7df2f6778ce8e62a36972b2c8e24fb7b2f61c8f5

SHA256
13a58d29ce793c0185d83f8ee417a30f9304fddcd46522219457c862ccc19bbe

SHA512
612837fbf32f11c019e92dee197b5827b965d6f625d5515abaced69e291d10312f06ed6358b03a9316abf8438da2f848d867b3230bde735acde50fd7ebb60fd1

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

Filesize
14KB

MD5
87e58d6b6e1764f54fdd405846613224

SHA1
fee44deac6007de06d27a7f4a1fe3945fc141fab

SHA256
8237d9be1185d8404a8d49bb0ab7f6ae1e66e32d0677dab3c3ca561cf538a088

SHA512
f013c343d5842dfddb88df03e2c1e51124e3728ede7707e07725ffeebb54807c77a12d2a3d4182c74ce27b5ca9f96a3dd129b0388eee2c3c520800235525dc12

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

Filesize
15KB

MD5
c287d43708ca127f0976afac6db213de

SHA1
65bb3f1c9cfdf3f6669335d713253178883bc30c

SHA256
e3102cecbf864c7227f65a4c81df629ced738f4c96b086e3386d208d50057093

SHA512
d30d9c30d487b7929ba52e5cece54fd698feb330c9b5646dd0ab5563d235209d3ede58102f3fc723633f391b22df0e01740ab112e6ce563ad5054ea9f38db370

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

Filesize
14KB

MD5
4351d76191f310d5f263a0c9180eedfe

SHA1
a6523b1a7355dd05b978600594d1227f2f1f8586

SHA256
ee1974501efb4e5cd0cf3dd827d02c78f33098f8ca3eb064caa2951028671140

SHA512
25b92d8232fbf5999f9203f44bdca85438e0f6befd145816a0113ed0c8ae3741855da75924da280dd885844c5893474de7080181bd6cf468ad0392dff869e0ad

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

Filesize
16KB

MD5
447d448e45ea50f135e9e8a76165a7b4

SHA1
8d4b0bc8bc7e5bfffe056eb4615db5cf32a26756

SHA256
d220f4d686c4b4c5f7e42883ea1afa8ceec6a399189d6dab0e9254c8c7203818

SHA512
1570d67cf67bbf7174ba7545e3e0cd8691888e73b770e8be018089e144770eacf735464e68634c1d464dd48b48dc150dda6ea4b7255c2263f5619c5ade2eb9c7

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences~RFe5957ab.TMP

Filesize
3KB

MD5
373888a4f448953cf2d666ec1070ae83

SHA1
c1b9950f21613043666c74c36fd12936a517ced5

SHA256
71271d8b582ec62ccc64b78836483adcdad618262e2befa6d3df178567948bdc

SHA512
2783fd65610035ffc8a56a8e91f96939f9e4b83df50cd0ee52456245e5acc386b474fbf6c3e9cad523e8e11d12058591a039342295e2c9fc7b44082366927073

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Secure Preferences

Filesize
10KB

MD5
5bd3265512c1a83a63e68640b0f9c978

SHA1
e4dee455a483f24103ebb2ae3284d04d6593b8d8

SHA256
6f035b3e54db50c3fedd00319a8803ada321e9448559dbf9f2e164280ccd415b

SHA512
b2f525144d71d0d2ecbe8ea2398a7b4dbaa5bc13f51978427be57031895ebe59d89e1d34f905a6e39e9c84db509ed561e7649781fa6bd2e0e280662eebf65bb6

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Secure Preferences~RFe595932.TMP

Filesize
1KB

MD5
0fdd84b793d38471d34f97ec9dfc4bbf

SHA1
5593ec3882813aed0e8638e85346ea1244237f9c

SHA256
ac6a2f1f87acca9aeba4167dfd2a42196cca0ed2c4aeb1caae95105a293f8158

SHA512
8d7ee4b957d1b1976ce7f0c9b1e76500b90daf9d8e33c625758c763b369737fa2adbfe12210d426eee35551e4e8643776c6c882229ec36dc5a4e8bacf6d88003

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Tablo~RFe59bf4f.TMP

Filesize
174KB

MD5
fed3d02b552114caf30df70dd1d5884a

SHA1
841cffd9f4164102654cd5f278104bc404d48b41

SHA256
552edca84cb62b2d7a3e64ae42a1a5815212deba71070b14123f244dbf27b3f5

SHA512
46cde4c38428c8c2a810a1d0410999bd9b4846eba943747659038a6c0181a20578ae0b041d48ac058e1a96c5ddc87d6594c62731ef4f7ce49dd44f2c14578296

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\89a12418-3d8f-46aa-a1d9-cb8f5ae383cb\00c7095d81baad83_0

Filesize
21KB

MD5
4d24e03a37dd98a2c5c8b6b3db507339

SHA1
7ad62b6672e798774c9ca2f344e2b8d8445c3e08

SHA256
3d05e50232dc29c83ea3d6303c32ea741f72b395dc740eceb8468879065f103c

SHA512
fdfc942f6b3ba08870bb7bc7df3304984836e8bbc79845cb1566b17e43caac199f131119dd2b3477ae52748519b214e702824096949b26d4debc5a4f69a55c39

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\89a12418-3d8f-46aa-a1d9-cb8f5ae383cb\11b2a035e28b3e94_0

Filesize
545B

MD5
813361932b486b0dcc95b6ccdac636bd

SHA1
544e770f3050fe551f2b027fcfcea75d7945bc2b

SHA256
383836a0a9b32d9dd4994ed625fdc3b0b5106fc4895a520f05b0f5572dcb8009

SHA512
421144f48f7972ddbffd709bd5acde5ca0de25060e46a09ec64fdefa71e2bb6a8b98fbf98ca65a5635364e68014818dd1c5fb170c0daef8e75be609fd15e2eff

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\89a12418-3d8f-46aa-a1d9-cb8f5ae383cb\1ad10c4bb9e37138_0

Filesize
44KB

MD5
e57ebaa421abb69c998b1c801b8a213e

SHA1
386a3166fd447d1ec8bf1f8daf51d81b4f9020d6

SHA256
fe43fa74b6a6c370af142d7ab14d8d89e610923ff0a00a5a777920e4c9d6fcff

SHA512
5ffbfee9970bfa19ff9242b08870ad1b4d3690363f05d7af792cabced98cb27fdafba3f1161f4fc1544ca34da1fa3ac418131f5210e3452e376456ed57377cb4

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\89a12418-3d8f-46aa-a1d9-cb8f5ae383cb\25fecb7eba1124c3_0

Filesize
586B

MD5
df5239903c20374d11f3c757a1bbbcfd

SHA1
7bd4c2d2a26cc4f06aac6089d84822f7e5298d2f

SHA256
bc1738ff3d35f86808babcdd3d8a11603cf213e3abc907b8a9df133d9630856a

SHA512
f4561d450735f614cb4a2f14b23fc6298124f060106a1ad6df1176edc908cc40c91a69baff848f37ebd0c3abd8fe8709fd52d7c7d38fb07b2dfea5fb4c87dd3c

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\89a12418-3d8f-46aa-a1d9-cb8f5ae383cb\261779a6811bbe41_0

Filesize
600B

MD5
424153b88709940239d633ca57cd032d

SHA1
8140ee5d1896cca484d602a6abcdd427e56b3f55

SHA256
b186b0e70c9dd55ef860e556c063a996b5ce676d56e968c6d66e1b33e987b754

SHA512
40ab2406840a000a82f5495c48be66b0087289ae256d8172ba60225335b2802bad9ba61a62c20db8f885d68b1a36c0df61d4d35d5373d533f5c54b7ba956b2dc

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\89a12418-3d8f-46aa-a1d9-cb8f5ae383cb\26986cc774600b65_0

Filesize
541B

MD5
e639c233ce080d788d8f0e6a3477fa48

SHA1
3a27ce65eef3d1461e157291d45aeab1bc7b0438

SHA256
5711ea052329a3a27a73fd195d33f4f1016649e6383167bb0626b07a070034f0

SHA512
55320631d4496c4320b1728ab4273cb263983b3d5ff423a9876fef2a2bc86f247f5c4bc4c756485609f2ab3b25ed64ad0421912b43257ba875df210c20450a90

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\89a12418-3d8f-46aa-a1d9-cb8f5ae383cb\292fbdd019f435bf_0

Filesize
1KB

MD5
ce49ffd96f3a0f37fd409db959c5542c

SHA1
3603990c7bac5671509d136950c14e43bdf10db4

SHA256
8775e72567355d67ab5d1103b497b20fad47c61be6ca754e58f69633891a59f1

SHA512
5d150812ecb4e6b38343be33784da153c21a7b8cd6593398cb2b2857e300d9e1496d0ece9cdc600f8ad482e184e784d20420cfbd2add6187bcf41d7659aa2042

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\89a12418-3d8f-46aa-a1d9-cb8f5ae383cb\2a9877b782e7616c_0

Filesize
42KB

MD5
39846803ac3f83839365ce751d1870e7

SHA1
1eac7e342ae8a1cbb09e01c2f2e658b06f45458d

SHA256
35a82e2e896ab0129a3a01aba72f20af0a5d09dc351c6d0250cd849c15dc090c

SHA512
063dd219c835a58206254301a7ac896580efdb6f762e0f1d81a9ebb56a19eb1bb842f87d1e233ca42d712f30881d9657c98edc3a1b0cb351ac986cb29444647d

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\89a12418-3d8f-46aa-a1d9-cb8f5ae383cb\34d55d7e20f905f1_0

Filesize
715KB

MD5
92372ae435a1cd13d97cff07339d1143

SHA1
0a2a9bbd422c9c4a2c508c28223a15b416b66526

SHA256
09f70a147c071eee403d8a3ce6088641fc5a447465e84317a35b628ced160354

SHA512
0b026fa31faecd8ce24880c48b88b9b76100ce3e9eb198ae613851825c626e7f975ce6b5ad84ab411f57d22b7e24bed17735e98d26b82280a272552c1535a40a

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\89a12418-3d8f-46aa-a1d9-cb8f5ae383cb\5128ede85833242e_0

Filesize
4KB

MD5
bee1c94006f703548bd3eb0ba17230e4

SHA1
1f6a91404255ddd024e35048772bfa57396590c2

SHA256
d0f016d16bb9faee831f2713c2b2f6b2ea40ce29990a0e9f25c8e10f24de5fc7

SHA512
7a6face339d3f3934d78bbcbb11e4f716130e51d806eddc8b57502acef0b434f34a8d92c02815ef7fbdbcf7785af0183ed8761e190ee6e449de2ebcb1e342e29

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\89a12418-3d8f-46aa-a1d9-cb8f5ae383cb\646f705fd535828b_0

Filesize
26KB

MD5
896937d0296bc49f144560f29bd08ede

SHA1
c42be9c79200b1324d2ba1b12582bbc8dbaa7467

SHA256
6f914b8388c4e7b706643f4e4082f2bdaa042e8bb650bb8058533dd42f8383eb

SHA512
ae6ff51e42d700c28d74190e95a898f4546c4ebed1d1a98c2ac5d788d4fb6165a16f7d64c65672cfc52845dd2a2832b6a052c039125307d042904036093cfaa1

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\89a12418-3d8f-46aa-a1d9-cb8f5ae383cb\6d861d3c5a9afc0c_0

Filesize
4KB

MD5
d256f73305bf5d044358e64ce8986a2f

SHA1
e28faba7f00fe14ab0642b19af0e4833bbe05514

SHA256
6cc735cdc0f34a8ed614d884f8df4adc1c50d7afffad3668747103090a0d9cf7

SHA512
2a9d0b0b7185e6be42a8d365813e2cc9d2a012e392c69bd1972a7a3437511dabe37054c8c4f98a0e9bbbf23fd7f80766be858b39d75b9273a3a16e88d7104154

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\89a12418-3d8f-46aa-a1d9-cb8f5ae383cb\72c2e20ca5d250b9_0

Filesize
13KB

MD5
fe144e8a946692c1fdbbc1e94d5aab9e

SHA1
8e93027375dce95f4373e2c38aa3c57634240d48

SHA256
e9532c23d55b0620c0a6dee30de083b2993c5fbf497fec4de854cfb1262077af

SHA512
815b2ee2e1ab7c5bd4098555ca948b37e473671d6189d1aa8fe6ed381453555b80fd4f118c74cf58e581c33d4066eab4552673da52f5aebb1fe87c1099cd885b

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\89a12418-3d8f-46aa-a1d9-cb8f5ae383cb\88a052183f2a4b12_0

Filesize
480B

MD5
a24ec308005470ad8ebf021f60f34c4e

SHA1
73d84ddf6a6dcf42cde5ca155efd7c2495aaee58

SHA256
a9500fc6c51d69be22f6c594dbe92c0eac32a505737120663cdad7096fc6b721

SHA512
3fb3d6187fd1cb40997b1124c0d3d9d6e64f77a465a439bd49d47c0556c28c35e226049f48d1dd46ff9bee810ab788f6131d522c86c7a31c1a6dfb97ff8a7998

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\89a12418-3d8f-46aa-a1d9-cb8f5ae383cb\988c7673b1659963_0

Filesize
36KB

MD5
43df9a2062a2ab305c2d9756932351ab

SHA1
c3430aae3a489d9bce33f71d14540e224af96f40

SHA256
e14b1af5d53f9469a8daf32cce24a1d484509243c209327e6d7cfd7603e1ea9c

SHA512
182643715a0b90306887f57dfab963c7ed8b8aeaef4a050027a7cb9679a5ed7da3115584641a7d198b718df3c76d2889d60bfb52d964dc8863c9042fe35d125d

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\89a12418-3d8f-46aa-a1d9-cb8f5ae383cb\9c1d7216fb32fb2b_0

Filesize
14KB

MD5
c79374430f99c63078cd9dea8669d627

SHA1
081ab48ee9093d1b0eb1cc5e773a81a2a3c431ea

SHA256
a2b872d715662ed1b369c06b4ee179dee8036e65dadab70f7753f8cfa143392b

SHA512
bdba70c40a19dc1a47e2c2efaf866d8547f810bbec627956652a301df789e46aee9f50be1a5fa89f447f89febd829404cfed35a60706733dc2122e5306add136

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\89a12418-3d8f-46aa-a1d9-cb8f5ae383cb\a81966f4be168991_0

Filesize
1KB

MD5
3ae0f5a4fd05d891bff56d4c0f41d325

SHA1
2f3915d6c7d452f9c75b088076bd22309549fdf0

SHA256
a69351d19806788f8c0e768cef3cc8574cefc855ebfbcd3f655de010def8519a

SHA512
853c1905cc18e534c8d73829d6278c33571cd41639e02a52e7453d97039d4fee5c50a6c5b53cbe5900db53d02abe0ec5dd896d9e93959ea29afd12ff8ec01bf2

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\89a12418-3d8f-46aa-a1d9-cb8f5ae383cb\ae662e046f7b3fd9_0

Filesize
3KB

MD5
bca4c558f9dc9d4becb164bfefb0b8f8

SHA1
a735452410f3b870f7017d0579fea61b3326046f

SHA256
2f2d589a50f51e990d758f9d552076e0fde5f9ce9b8be781465f86c3fe1dc810

SHA512
e85c68f22871ebda2d559a22ed0056afd3631f75b4ca09e89da73fca2f9499df7e32e106b3f7227db2529ac93fe375316ec8f3c0501fa794ca60ceed4b645798

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\89a12418-3d8f-46aa-a1d9-cb8f5ae383cb\cd4004d6793712fa_0

Filesize
295KB

MD5
d8b4c2d97d843da3f576599122e45bf6

SHA1
33423ee82244450056292e4d46a0ce2c8abd545b

SHA256
1dc739f09ae3c59b424c64ce51e701117cb878852a337095309c4589c0b4b8f5

SHA512
06d8324a1e1e7516d45c6c825468a326286ff47cf5a85007cbbcee64643264b0e8243abebd290c2b5b45526aaf677d5176481c98625e0a22ed58bc62f95e9bbf

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\89a12418-3d8f-46aa-a1d9-cb8f5ae383cb\dcd100f566d000a0_0

Filesize
11KB

MD5
aa44ff5d3fc20a45b973649d2804ef6c

SHA1
dbf61de0d2a646df9c9cf4307c23f867d5f45648

SHA256
8c44591d4861f4a2377b41396d7219201bcecb733678889213fa57ab89042cdf

SHA512
7e1d16fbdf5c39b4968cdf74ecc797c3db3bf1d6a0629fbacf51e7333570e0980792bddace388b964a3494afc001f02d97620bdfb2c2c20a368fbade29a487b1

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\89a12418-3d8f-46aa-a1d9-cb8f5ae383cb\de3b030126695833_0

Filesize
436B

MD5
45d06d56086c9b67cfb8b52c8d806ba7

SHA1
a86a2333ec99715ca6352e423a74a84d13b13036

SHA256
8aaefaa38fa069c69851f3261fbd6234352c358baefc9c0c1427d1483e2ef667

SHA512
8c263d46a5384923f5b71e73da8fdd34814b59fbd22f48c60867a68951161af24be6283bab67b68c86ee0ad725ad7e8c30c79b5449de3a7071c9538925b54283

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\89a12418-3d8f-46aa-a1d9-cb8f5ae383cb\e7d083353a620397_0

Filesize
777B

MD5
400d22f91fdbd17ad45b1a39743c69dd

SHA1
fa38d5d97dda5336895e593dd029d224006b242a

SHA256
f3f3a7cd6966e3aec87065042f6b1efac1747fe68d3f676c9a16b86c2dd03fa3

SHA512
6ec61a1a277acd448a7bc0c8539aa06819edff1eeab5153e1a6f758309d93d1715bb3d3fdd1c8b01a101203c2a09d356efc2690f47db27ce08eb014d685d68ae

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\89a12418-3d8f-46aa-a1d9-cb8f5ae383cb\f52d67bc27e4b536_0

Filesize
15KB

MD5
54d2658e90f86b6e3721d83a803eb56a

SHA1
90908e4718feed4f6367f9bc233fcc31c1d0469e

SHA256
a21c59f9ad69e78cfc793bf2c8290f85a18fe67dade41ed9a8f8bb360321b9da

SHA512
00a3c0022f468d366f1d646f435a9321cefe650e9c7d3404c1fd0ebc07fe93d50f9acef259ad79b07a5f13a94a2cfdd2004589f2ecd6a9ea67cd1d61b849eb5e

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\89a12418-3d8f-46aa-a1d9-cb8f5ae383cb\fd41ca2a883063a6_0

Filesize
9KB

MD5
33904d82f43c90b5e9ffb866e4066b7c

SHA1
ce9ec159724ee3d72e3299fad2d63bd1a5add7e6

SHA256
986899c2b72631e9299c4147d5312dcc8a2417a27a22739c81041ebbc32f75d8

SHA512
862d44599fd039e1d5d7319e3100642e89f0aa1da9cd629ed2ec9cda09543665d64d201039ecc77d49bd4961b9534304d156141c2d73e3bed3d698247ff9073e

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\89a12418-3d8f-46aa-a1d9-cb8f5ae383cb\fef132170d47887d_0

Filesize
5KB

MD5
c7135c456a7c205d0008d730f29a1c5d

SHA1
ec03c7dd87efa987d642d8757f032cb22b49bb23

SHA256
abb3cc938627392057a17b73d208240fafea3f55a6d2d75fa3e849382c580cd3

SHA512
8dd1920c4b932bbb8962b63305a9c5017462798279740e41447e78dbe5d88e19c6e628c11a343cd69fcb749c6d8a3421d271b163aa7025a7ff99228d5f70d9d0

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\89a12418-3d8f-46aa-a1d9-cb8f5ae383cb\index-dir\the-real-index

Filesize
4KB

MD5
4457344bba0a6b4f47afdf13c0c5e2d2

SHA1
4d7b276856ed5028d4088afaffe4a0302fdc6088

SHA256
fc3d21c6b2db085682d457aee84e471fbb75812598673d8d8fbd8d3846c762af

SHA512
67d1712e9b2b90a9e50e41ccd002bdbaadfbd2cbfaa0021d93e465d22c039a1776a4cc5cc9b2399e2a93a93a0d31b59c76271cf4a8d8a6c571d1ec0b19c6c3fb

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\89a12418-3d8f-46aa-a1d9-cb8f5ae383cb\index-dir\the-real-index

Filesize
4KB

MD5
940c616769b9a1ffda1724318110d662

SHA1
c29f48af44f2845d6189dc9359e4c07cba2d8e4d

SHA256
a47e40cc19662d3d020aa67cfbceda95b7af72b22c22b8085e20396af8d51dd4

SHA512
d8e2e4866bc3e5ca769d19ad85c4be5cde494b7b51e01698820025e5616d3cbcb9ae3117f312d8bc170d763e36046bbad257a71af8cb9aacd4162e39d0bcf3c1

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\89a12418-3d8f-46aa-a1d9-cb8f5ae383cb\index-dir\the-real-index~RFe59d7d8.TMP

Filesize
4KB

MD5
c39cacdd400bdf02fd5c9113ae1c286b

SHA1
f6147e549ab19c7c1748abe911747a4ba3610289

SHA256
e61acd8b26f5c7477740abdaeaa0039e2b6190899a2f9630929a940f370bf567

SHA512
fa52a7679def61334c24d779cf1365bdec36378605bff0d3cc74c10a2fb8061a1c23f46c5f15d760d8832d896128682522698f3b7db1fd2a18cc95236476eb4c

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\web_ntp_cache\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\bcadigmkecmhhknameopgaidphameinh\Icons\48.png

Filesize
2KB

MD5
7cf35c8c1a7bd815f6beea2ef9a5a258

SHA1
758f98bfed64e09e0cc52192827836f9e1252fd1

SHA256
67c320fa485a8094fc91cd3fcd59a7c75d2474e3046a7eb274b01863257fbe01

SHA512
0bbebde654c9f44cf56b74fc1a9525b62c88724ec80658efede3cbb370c3a6d4f3e78df459bbd0559a51838f4a172bdfcd370bd5477038309024b77cd69f2a15

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\turboapp_db.json

Filesize
38KB

MD5
3f8f8efcc108f60de0c0062001d1fdd4

SHA1
0a78418ae7d247ba9d93e74b5e0241e6f9753205

SHA256
691aafdc9460d5351a04c6fc3b1374082a0fd1aee9828e9bbfe711c0b939a678

SHA512
4f9bec77ebb330e9be25c0a85c59e361227386afa9942fe514e85d202a7a6c1f8bbf7dd595f09e014462cfc328ff00de1020fbda7fe25d3032f53848f55d6064

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\turboapp_db.json

Filesize
38KB

MD5
67e48d67aa232ffcd38040915a302428

SHA1
9805e4f01460424f7b4a21cff8e84b7d67e3a150

SHA256
80a09f50f0b3a74566016af90b81f641cb444fa49d3c8593bf02240a8b7d46b9

SHA512
35d50d578a8b22b46cdde23dc87f329b2850e8085992f941203c450eaf441b595aaf49d60121ac8ae297f7296181f4c25efaf8d0134b8ac672fd86df14b925a0

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\turboapp_db.json~RFe596095.TMP

Filesize
23KB

MD5
2a7aa0aa233ad4fa25dea2ddd123461b

SHA1
adfda6f1893ada0832066149b5176028bb23251e

SHA256
8d5dbbcb734dae9083c06b48e29457caa9de96dbf08cf9894cedc655487c76a1

SHA512
8646af2b2569fcc4a77182ec91f4abb9212bb5ac7f18396afea9c53bcb7071127bf44ad02cbea049a97fbf2bfe4f469cb64e713bdb71f5287fa02597f6dbccc4

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\GrShaderCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\GrShaderCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\GrShaderCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\component_crx_cache\oimompecagnajdejgnnjijobebaeigek_1.d9a253514b6a010dfc1916c55246797e5773f13844ea3ec2d25078e845fef760

Filesize
2.5MB

MD5
385ffd8796be0e12c0b299a39b544e7b

SHA1
876bf816470eaf7d79ae3b47425c6483784d123b

SHA256
19adbb5868ee236933a44c76abd2632ab5932934d57b9d9229bbc79c4d9703ef

SHA512
bb4ac055fe7dce6cdac9b7bd80aff3c91e45e9cb8b72e8c5a1c77305a6f055a43460c5c97e1019939ff5d52bfe9fd3fb89b2925b07082474c91b066ac41f72a5

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\f1f78618-254e-41d6-8e6a-aeab238ce534.tmp

Filesize
192KB

MD5
71f4cbdb68f1cd3c5927f2d7d78903dc

SHA1
6fec3833e1bb96a463da2b7d469d79000c54402b

SHA256
5e5af6222b0b5d3144ffa9c9e98812b88074e1530edf1493211aeda230e76f8e

SHA512
f20d7307d1f329ac6748b81189570fad7e5d733c070e9dfc41f17b7223cfd684e39ca451611f8148b78fbd21e0c12b551302df2f0f1fc9031689a66dd14b66f1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\yandex.website

Filesize
488B

MD5
2baf611b1b6876e6c393054aa8c46a0a

SHA1
3d26e532d5b37939b51884bfb53732070c4dca9a

SHA256
5f7570144541408b41c15373bb8870e7bde53ad3c5413e2f6000e6f0e449b853

SHA512
1a0dc02bdd53e1bd49b2a72b10828463f5c8bed8a17b8498eb4ae939a40dfd8bcaeba1feac1190f5595b4da245a7aa0e4507724ef9fb74172b29581e885cd563

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex.lnk

Filesize
2KB

MD5
cbaebdbc036276a293332b125c2c6d67

SHA1
5f9b95a7742ea6557d772df9393d9cf117fe17bc

SHA256
8106aa3b8b7b17ad65ee6034b7b14308fa0878cb82d5343e8aa5c479e9c67b5d

SHA512
bb8eb545140115d908fffc8ec6a8289334693efac94211f9e8b7838815a926f727aece70f173cdcb6bb12d400c4655148984b26d61fd18b760aa8224f2784127

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
b3c37fbfa1fd0dd691c0ac6ac0d6e869

SHA1
05f1395a225a10254a2d7b488a8fd6080d430f59

SHA256
87ae105d957f881be5f996e1b022021687f182c9c37b674067631f1852ed03e1

SHA512
5359c3cd2bf1b53678a3e065956854af3cd3875b493ba1c5c73296ea868ebf12edad83f0d449c98a7e77ab8cf700d47f2ac2869fcbad17197983aee8f90e8940

Download Submit
C:\Windows\TEMP\sdwra_4692_1464962284\service_update.exe

Filesize
2.9MB

MD5
826754f6a1b61fab78f1b8d3eaa485c1

SHA1
11d9f816b2696d10a9b9637ab0a46af884efd32c

SHA256
39b6cb9a1df0981d1ef5ab2ba3821614a057c46ee56ef5c70a62bd8ca2155f0d

SHA512
798932465f415b9b094425f34aa6a8b7f0fcb63d08370d2b6439bde9875b71883217fa34d0d22d95ea2dcec12cbade33101f3e8b804757a9189eb1ce75439e38

Download Submit
memory/1676-2134-0x000001492A660000-0x000001492A690000-memory.dmp

Filesize
192KB

Download
memory/1692-2260-0x000001BFAFC40000-0x000001BFAFC48000-memory.dmp

Filesize
32KB

Download
memory/1692-967-0x00007FF982180000-0x00007FF982181000-memory.dmp

Filesize
4KB

Download
memory/1692-2308-0x000001BFB2860000-0x000001BFB2861000-memory.dmp

Filesize
4KB

Download
memory/2420-2101-0x000001A9B82E0000-0x000001A9B8310000-memory.dmp

Filesize
192KB

Download
memory/4832-2214-0x000002295D4D0000-0x000002295D500000-memory.dmp

Filesize
192KB

Download
memory/5072-1015-0x00007FF983270000-0x00007FF983271000-memory.dmp

Filesize
4KB

Download
memory/5072-1016-0x00007FF982280000-0x00007FF982281000-memory.dmp

Filesize
4KB

Download
memory/5072-2261-0x00000199B7620000-0x00000199B7650000-memory.dmp

Filesize
192KB

Download
memory/5736-2262-0x0000025CC37C0000-0x0000025CC37F0000-memory.dmp

Filesize
192KB

Download
memory/5804-2055-0x0000026EC2EE0000-0x0000026EC2F10000-memory.dmp

Filesize
192KB

Download
memory/6096-2058-0x000001C525120000-0x000001C525150000-memory.dmp

Filesize
192KB

Download
memory/6472-2173-0x000001EF8A180000-0x000001EF8A1B0000-memory.dmp

Filesize
192KB

Download
memory/6516-2174-0x0000023F62EC0000-0x0000023F62EF0000-memory.dmp

Filesize
192KB

Download
memory/6640-2179-0x0000020474EF0000-0x0000020474F20000-memory.dmp

Filesize
192KB

Download
memory/6888-2213-0x000001CD451F0000-0x000001CD45220000-memory.dmp

Filesize
192KB

Download
memory/6960-2215-0x000001F0AA620000-0x000001F0AA650000-memory.dmp

Filesize
192KB

Download
memory/6984-2209-0x000001C897CB0000-0x000001C897CE0000-memory.dmp

Filesize
192KB

Download
memory/7000-2208-0x000001A770450000-0x000001A770480000-memory.dmp

Filesize
192KB

Download
memory/7024-2210-0x0000021B75880000-0x0000021B758B0000-memory.dmp

Filesize
192KB

Download
memory/7048-2216-0x0000025B9A9B0000-0x0000025B9A9E0000-memory.dmp

Filesize
192KB

Download
memory/7068-2211-0x000001A79CCE0000-0x000001A79CD10000-memory.dmp

Filesize
192KB

Download
memory/7084-2212-0x00000200A9D10000-0x00000200A9D40000-memory.dmp

Filesize
192KB

Download