d2873dad634eafe9d2f76742d3608d54db705b065642bc1a6cfa1b1d6adc5495

Analysis

max time kernel
149s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
10-10-2024 13:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d2873dad634eafe9d2f76742d3608d54db705b065642bc1a6cfa1b1d6adc5495.exe
Size

9.8MB
MD5

7226f7f7c56907b55e0dbc538f8e27f7
SHA1

7c47caa1a6ccc0628fd46507bf32877f05168614
SHA256

d2873dad634eafe9d2f76742d3608d54db705b065642bc1a6cfa1b1d6adc5495
SHA512

48649a636628999812631d28867b803852648794de416eaec80b0b374050c8ec312ac2d0b906782237cfc43ecb7723e84f5c4f5c397fc677be2fadf632850ca9
SSDEEP

196608:rw4SSJ7PbDdh0HtQba8z1sjzkAilU4I4:rw45J7PbDjOQba8psjzyz

Score

8^/10

discovery persistence spyware stealer

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 8 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	setup.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	service_update.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	explorer.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	d2873dad634eafe9d2f76742d3608d54db705b065642bc1a6cfa1b1d6adc5495.exe

Executes dropped EXE 32 IoCs

pid	Process
3788	yb8EA3.tmp
4504	setup.exe
3612	setup.exe
1196	setup.exe
4164	service_update.exe
2272	service_update.exe
2908	service_update.exe
1700	service_update.exe
3752	service_update.exe
4456	service_update.exe
5644	explorer.exe
5692	explorer.exe
6036	clidmgr.exe
4196	clidmgr.exe
5516	browser.exe
5484	browser.exe
1692	browser.exe
5680	browser.exe
5656	browser.exe
6000	browser.exe
6132	browser.exe
6076	browser.exe
2896	browser.exe
4660	browser.exe
532	browser.exe
4768	browser.exe
6496	setup.exe
7620	setup.exe
5368	browser.exe
7248	browser.exe
7700	browser.exe
7696	browser.exe

Loads dropped DLL 39 IoCs

pid	Process
5516	browser.exe
5484	browser.exe
5516	browser.exe
5516	browser.exe
1692	browser.exe
5680	browser.exe
1692	browser.exe
5680	browser.exe
5656	browser.exe
5656	browser.exe
6000	browser.exe
6076	browser.exe
6000	browser.exe
2896	browser.exe
2896	browser.exe
532	browser.exe
4768	browser.exe
532	browser.exe
4768	browser.exe
6132	browser.exe
6076	browser.exe
4660	browser.exe
6132	browser.exe
532	browser.exe
532	browser.exe
532	browser.exe
4660	browser.exe
532	browser.exe
532	browser.exe
532	browser.exe
532	browser.exe
5368	browser.exe
5368	browser.exe
7248	browser.exe
7248	browser.exe
7700	browser.exe
7696	browser.exe
7700	browser.exe
7696	browser.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\YandexBrowserAutoLaunch_45886AE68CD319C7351FF54A1DBD4B87 = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --shutdown-if-not-closed-by-system-restart"	browser.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
44	yandex.com
45	yandex.com
36	yandex.com

Checks system information in the registry 2 TTPs 2 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	browser.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	browser.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\system32\config\systemprofile\AppData\Roaming\Yandex\ui	service_update.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Yandex\YandexBrowser\24.6.1.766\service_update.exe	service_update.exe
File opened for modification	C:\Program Files (x86)\Yandex\YandexBrowser\24.6.1.766\service_update.exe	service_update.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\Tasks\System update for Yandex Browser.job	service_update.exe
File created	C:\Windows\Tasks\Update for Yandex Browser.job	service_update.exe
File created	C:\Windows\Tasks\Repairing Yandex Browser update service.job	service_update.exe
File opened for modification	C:\Windows\Tasks\Update for Yandex Browser.job	browser.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d2873dad634eafe9d2f76742d3608d54db705b065642bc1a6cfa1b1d6adc5495.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d2873dad634eafe9d2f76742d3608d54db705b065642bc1a6cfa1b1d6adc5495.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	clidmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	clidmgr.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	browser.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	browser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	browser.exe

Modifies data under HKEY_USERS 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\Yandex	service_update.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	service_update.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\AppDataLow	service_update.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\Yandex\UICreated_SYSTEM = "1"	service_update.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\YandexTXT.YV44JKSK5TTWCDJ5TZHULZIXUU\Application\ApplicationCompany = "Yandex"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\YandexXML.YV44JKSK5TTWCDJ5TZHULZIXUU\DefaultIcon	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\YandexGIF.YV44JKSK5TTWCDJ5TZHULZIXUU\Application\ApplicationName = "Yandex"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\YandexTXT.YV44JKSK5TTWCDJ5TZHULZIXUU\Application\ApplicationDescription = "Yandex\u00a0Browser is a fast and convenient software for working online and viewing web pages."	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\YandexTIFF.YV44JKSK5TTWCDJ5TZHULZIXUU\Application\AppUserModelId = "Yandex.YV44JKSK5TTWCDJ5TZHULZIXUU"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\YandexTXT.YV44JKSK5TTWCDJ5TZHULZIXUU\Application	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\YandexCSS.YV44JKSK5TTWCDJ5TZHULZIXUU\Application\ApplicationCompany = "Yandex"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\YandexFB2.YV44JKSK5TTWCDJ5TZHULZIXUU\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\YandexGIF.YV44JKSK5TTWCDJ5TZHULZIXUU\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-107"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\YandexPDF.YV44JKSK5TTWCDJ5TZHULZIXUU\Application\ApplicationName = "Yandex"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\.js\OpenWithProgids\YandexJS.YV44JKSK5TTWCDJ5TZHULZIXUU	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\.mhtml	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\YandexTIFF.YV44JKSK5TTWCDJ5TZHULZIXUU\DefaultIcon	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\YandexTXT.YV44JKSK5TTWCDJ5TZHULZIXUU\shell\open	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\YandexPDF.YV44JKSK5TTWCDJ5TZHULZIXUU\Application\AppUserModelId = "Yandex.YV44JKSK5TTWCDJ5TZHULZIXUU"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\YandexCSS.YV44JKSK5TTWCDJ5TZHULZIXUU	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\YandexJS.YV44JKSK5TTWCDJ5TZHULZIXUU\ = "Yandex Browser JS Document"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\YandexJS.YV44JKSK5TTWCDJ5TZHULZIXUU\Application\AppUserModelId = "Yandex.YV44JKSK5TTWCDJ5TZHULZIXUU"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\YandexWEBM.YV44JKSK5TTWCDJ5TZHULZIXUU\ = "Yandex Browser WEBM Document"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\YandexPDF.YV44JKSK5TTWCDJ5TZHULZIXUU\ = "Yandex Browser PDF Document"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\YandexCRX.YV44JKSK5TTWCDJ5TZHULZIXUU\Application\ApplicationDescription = "Yandex\u00a0Browser is a fast and convenient software for working online and viewing web pages."	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\YandexTXT.YV44JKSK5TTWCDJ5TZHULZIXUU\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\YandexINFE.YV44JKSK5TTWCDJ5TZHULZIXUU\ = "Malware Infected File"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\.png\OpenWithProgids\YandexPNG.YV44JKSK5TTWCDJ5TZHULZIXUU	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\YandexFB2.YV44JKSK5TTWCDJ5TZHULZIXUU\Application	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\YandexTIFF.YV44JKSK5TTWCDJ5TZHULZIXUU\shell\open	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\.gif\OpenWithProgids	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\.gif\OpenWithProgids\YandexGIF.YV44JKSK5TTWCDJ5TZHULZIXUU	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\YandexHTML.YV44JKSK5TTWCDJ5TZHULZIXUU\shell\open\command	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\YandexGIF.YV44JKSK5TTWCDJ5TZHULZIXUU\Application\ApplicationCompany = "Yandex"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\.swf	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\YandexINFE.YV44JKSK5TTWCDJ5TZHULZIXUU\Application\ApplicationCompany = "Yandex"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\YandexJPEG.YV44JKSK5TTWCDJ5TZHULZIXUU\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\YandexWEBM.YV44JKSK5TTWCDJ5TZHULZIXUU\DefaultIcon	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\YandexWEBM.YV44JKSK5TTWCDJ5TZHULZIXUU\shell	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\.txt\OpenWithProgids	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\.htm\OpenWithProgids	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\YandexFB2.YV44JKSK5TTWCDJ5TZHULZIXUU\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-122"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\YandexEPUB.YV44JKSK5TTWCDJ5TZHULZIXUU\Application\ApplicationName = "Yandex"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\YandexWEBP.YV44JKSK5TTWCDJ5TZHULZIXUU\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\YandexCRX.YV44JKSK5TTWCDJ5TZHULZIXUU	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\YandexWEBP.YV44JKSK5TTWCDJ5TZHULZIXUU\shell\open	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\YandexSWF.YV44JKSK5TTWCDJ5TZHULZIXUU\Application\ApplicationName = "Yandex"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\YandexTXT.YV44JKSK5TTWCDJ5TZHULZIXUU\shell\open\command	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\.pdf\OpenWithProgids\YandexPDF.YV44JKSK5TTWCDJ5TZHULZIXUU	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\YandexJPEG.YV44JKSK5TTWCDJ5TZHULZIXUU	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\YandexWEBP.YV44JKSK5TTWCDJ5TZHULZIXUU\Application\ApplicationIcon = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,0"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\YandexXML.YV44JKSK5TTWCDJ5TZHULZIXUU\shell\open\command	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\YandexINFE.YV44JKSK5TTWCDJ5TZHULZIXUU\Application\AppUserModelId = "Yandex.YV44JKSK5TTWCDJ5TZHULZIXUU"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\YandexPNG.YV44JKSK5TTWCDJ5TZHULZIXUU	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\yabrowser\shell\open\ddeexec\	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\.swf\OpenWithProgids	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\YandexSVG.YV44JKSK5TTWCDJ5TZHULZIXUU\ = "Yandex Browser SVG Document"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\YandexWEBM.YV44JKSK5TTWCDJ5TZHULZIXUU\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\YandexXML.YV44JKSK5TTWCDJ5TZHULZIXUU\Application\AppUserModelId = "Yandex.YV44JKSK5TTWCDJ5TZHULZIXUU"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\.gif\OpenWithProgids	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\.tif\OpenWithProgids\YandexTIFF.YV44JKSK5TTWCDJ5TZHULZIXUU	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\YandexXML.YV44JKSK5TTWCDJ5TZHULZIXUU	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\YandexXML.YV44JKSK5TTWCDJ5TZHULZIXUU\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\YandexGIF.YV44JKSK5TTWCDJ5TZHULZIXUU\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\YandexJPEG.YV44JKSK5TTWCDJ5TZHULZIXUU\Application\AppUserModelId = "Yandex.YV44JKSK5TTWCDJ5TZHULZIXUU"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\YandexTIFF.YV44JKSK5TTWCDJ5TZHULZIXUU\Application\ApplicationName = "Yandex"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\YandexWEBP.YV44JKSK5TTWCDJ5TZHULZIXUU\shell\open	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\yabrowser\shell	setup.exe

Modifies system certificate store 2 TTPs 11 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 040000000100000010000000e94fb54871208c00df70f708ac47085b0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b81900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b4200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 190000000100000010000000ea6089055218053dd01e37e1d806eedf0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254832000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 5c000000010000000400000000100000190000000100000010000000ea6089055218053dd01e37e1d806eedf0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254830400000001000000100000001bfe69d191b71933a372a80fe155e5b52000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8094640EB5A7A1CA119C1FDDD59F810263A7FBD1\Blob = 5c000000010000000400000000100000190000000100000010000000cb9dd0fceaaa492f75ce292c21bbfbdd0300000001000000140000008094640eb5a7a1ca119c1fddd59f810263a7fbd17e00000001000000080000000080c82b6886d7017a000000010000000c000000300a06082b060105050703091d0000000100000010000000521f5c98970d19a8e515ef6eeb6d48ef140000000100000014000000ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a07f0000000100000016000000301406082b0601050507030306082b060105050703096200000001000000200000002cabeafe37d06ca22aba7391c0033d25982952c453647349763a3ab5ad6ccf690b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520036000000090000000100000056000000305406082b0601050507030206082b06010505070303060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000007e000000307c301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301f06092b06010401a032010230123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000030000000ea09c51d4c3a334ce4acd2bc08c6a9be352e334f45c4fccfcab63edb9f82dc87d4bd2ed2fadae11163fb954809984ff10400000001000000100000004fdd07e4d42264391e0c3742ead1c6ae200000000100000087050000308205833082036ba003020102020e45e6bb038333c3856548e6ff4551300d06092a864886f70d01010c0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3134313231303030303030305a170d3334313231303030303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820222300d06092a864886f70d01010105000382020f003082020a02820201009507e873ca66f9ec14ca7b3cf70d08f1b4450b2c82b448c6eb5b3cae83b841923314a46f7fe92accc6b0886bc5b689d1c6b2ff14ce511421ec4add1b5ac6d687ee4d3a1506ed64660b9280ca44de73944ef3a7897f4f786308c812506d42662f4db979284d521a8a1a80b719810e7ec48abc644c211c4368d73d3c8ac5b266d5909ab73106c5bee26d3206a61ef9b9ebaaa3b8bfbe826350d0f01889dfe40f79f5eaa21f2ad2702e7be7bc93bb6d53e2487c8c100738ff66b277617ee0ea8c3caab4a4f6f3954a12076dfd8cb289cfd0a06177c85874b0d4233af75d3acaa2db9d09de5d442d90f181cd5792fa7ebc50046334df6b9318be6b36b239e4ac2436b7f0efb61c135793b6deb2f8e285b773a2b835aa45f2e09d36a16f548af172566e2e88c55142441594eea3c538969b4e4e5a0b47f30636497730bc7137e5a6ec210875fce661163f77d5d99197840a6cd4024d74c014edfd39fb83f25e14a104b00be9feee8fe16e0bb208b36166096ab1063a659659c0f035fdc9da288d1a118770810aa89a751d9e3a8605009edb80d625f9dc059e27594c76395beaf9a5a1d8830fd1ffdf3011f985cf3348f5ca6d64142c7a584fd34b0849c595641a630e793df5b38cca58ad9c4245796e0e87195c54b165b6bf8c9bdc13e90d6fb82edc676ec98b11b584148a0019708379919791d41a27bf371e3207d814633c284caf0203010001a3633061300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0301f0603551d23041830168014ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0300d06092a864886f70d01010c050003820201008325ede8d1fd9552cd9ec004a09169e65cd084dedcada24fe84778d66598a95ba83c877c028ad16eb71673e65fc05498d574bec1cde21191ad23183ddde1724496b4955ec07b8e99781643135657b3a2b33bb577dc4072aca3eb9b353eb10821a1e7c443377932beb5e79c2c4cbc4329998e30d3ac21e0e31dfad80733765400222ab94d202e7068dae553fc835cd39df2ff440c4466f2d2e3bd46001a6d02ba255d8da13151dd54461c4ddb9996ef1a1c045ca615ef78e079fe5ddb3eaa4c55fd9a15a96fe1a6fbdf7030e9c3ee4246edc2930589fa7d637b3fd071817c00e898ae0e7834c325fbaf0a9f206bdd3b138f128ce2411a487a73a07769c7b65c7f82c81efe581b282ba86cad5e6dc005d27bb7eb80fe2537fe029b68ac425dc3eef5ccdcf05075d236699ce67b04df6e0669b6de0a09485987eb7b14607a64aa6943ef91c74cec18dd6cef532d8c99e15ef2723ecf54c8bd67eca40f4c45ffd3b93023074c8f10bf8696d9995ab499571ca4ccbb158953ba2c050fe4c49e19b11834d54c9dbaedf71faf24950478a803bbee81e5da5f7c8b4aa1907425a7b33e4bc82c56bdc7c8ef38e25c92f079f79c84ba742d6101207e7ed1f24f07595f8b2d4352eb460c94e1f566477977d5545b1fad2437cb455a4ea04448c8d8b099c5158409f6d64949c065b8e61a716ea0a8f182e8453e6cd602d70a6783055ac9a410	d2873dad634eafe9d2f76742d3608d54db705b065642bc1a6cfa1b1d6adc5495.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8094640EB5A7A1CA119C1FDDD59F810263A7FBD1	d2873dad634eafe9d2f76742d3608d54db705b065642bc1a6cfa1b1d6adc5495.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8094640EB5A7A1CA119C1FDDD59F810263A7FBD1\Blob = 0400000001000000100000004fdd07e4d42264391e0c3742ead1c6ae0f0000000100000030000000ea09c51d4c3a334ce4acd2bc08c6a9be352e334f45c4fccfcab63edb9f82dc87d4bd2ed2fadae11163fb954809984ff153000000010000007e000000307c301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301f06092b06010401a032010230123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000056000000305406082b0601050507030206082b06010505070303060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d0020005200360000006200000001000000200000002cabeafe37d06ca22aba7391c0033d25982952c453647349763a3ab5ad6ccf697f0000000100000016000000301406082b0601050507030306082b06010505070309140000000100000014000000ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a01d0000000100000010000000521f5c98970d19a8e515ef6eeb6d48ef7a000000010000000c000000300a06082b060105050703097e00000001000000080000000080c82b6886d7010300000001000000140000008094640eb5a7a1ca119c1fddd59f810263a7fbd1190000000100000010000000cb9dd0fceaaa492f75ce292c21bbfbdd200000000100000087050000308205833082036ba003020102020e45e6bb038333c3856548e6ff4551300d06092a864886f70d01010c0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3134313231303030303030305a170d3334313231303030303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820222300d06092a864886f70d01010105000382020f003082020a02820201009507e873ca66f9ec14ca7b3cf70d08f1b4450b2c82b448c6eb5b3cae83b841923314a46f7fe92accc6b0886bc5b689d1c6b2ff14ce511421ec4add1b5ac6d687ee4d3a1506ed64660b9280ca44de73944ef3a7897f4f786308c812506d42662f4db979284d521a8a1a80b719810e7ec48abc644c211c4368d73d3c8ac5b266d5909ab73106c5bee26d3206a61ef9b9ebaaa3b8bfbe826350d0f01889dfe40f79f5eaa21f2ad2702e7be7bc93bb6d53e2487c8c100738ff66b277617ee0ea8c3caab4a4f6f3954a12076dfd8cb289cfd0a06177c85874b0d4233af75d3acaa2db9d09de5d442d90f181cd5792fa7ebc50046334df6b9318be6b36b239e4ac2436b7f0efb61c135793b6deb2f8e285b773a2b835aa45f2e09d36a16f548af172566e2e88c55142441594eea3c538969b4e4e5a0b47f30636497730bc7137e5a6ec210875fce661163f77d5d99197840a6cd4024d74c014edfd39fb83f25e14a104b00be9feee8fe16e0bb208b36166096ab1063a659659c0f035fdc9da288d1a118770810aa89a751d9e3a8605009edb80d625f9dc059e27594c76395beaf9a5a1d8830fd1ffdf3011f985cf3348f5ca6d64142c7a584fd34b0849c595641a630e793df5b38cca58ad9c4245796e0e87195c54b165b6bf8c9bdc13e90d6fb82edc676ec98b11b584148a0019708379919791d41a27bf371e3207d814633c284caf0203010001a3633061300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0301f0603551d23041830168014ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0300d06092a864886f70d01010c050003820201008325ede8d1fd9552cd9ec004a09169e65cd084dedcada24fe84778d66598a95ba83c877c028ad16eb71673e65fc05498d574bec1cde21191ad23183ddde1724496b4955ec07b8e99781643135657b3a2b33bb577dc4072aca3eb9b353eb10821a1e7c443377932beb5e79c2c4cbc4329998e30d3ac21e0e31dfad80733765400222ab94d202e7068dae553fc835cd39df2ff440c4466f2d2e3bd46001a6d02ba255d8da13151dd54461c4ddb9996ef1a1c045ca615ef78e079fe5ddb3eaa4c55fd9a15a96fe1a6fbdf7030e9c3ee4246edc2930589fa7d637b3fd071817c00e898ae0e7834c325fbaf0a9f206bdd3b138f128ce2411a487a73a07769c7b65c7f82c81efe581b282ba86cad5e6dc005d27bb7eb80fe2537fe029b68ac425dc3eef5ccdcf05075d236699ce67b04df6e0669b6de0a09485987eb7b14607a64aa6943ef91c74cec18dd6cef532d8c99e15ef2723ecf54c8bd67eca40f4c45ffd3b93023074c8f10bf8696d9995ab499571ca4ccbb158953ba2c050fe4c49e19b11834d54c9dbaedf71faf24950478a803bbee81e5da5f7c8b4aa1907425a7b33e4bc82c56bdc7c8ef38e25c92f079f79c84ba742d6101207e7ed1f24f07595f8b2d4352eb460c94e1f566477977d5545b1fad2437cb455a4ea04448c8d8b099c5158409f6d64949c065b8e61a716ea0a8f182e8453e6cd602d70a6783055ac9a410	d2873dad634eafe9d2f76742d3608d54db705b065642bc1a6cfa1b1d6adc5495.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 5c0000000100000004000000001000001900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c040000000100000010000000e94fb54871208c00df70f708ac47085b200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0400000001000000100000001bfe69d191b71933a372a80fe155e5b50f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e190000000100000010000000ea6089055218053dd01e37e1d806eedf2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd	setup.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
1492	msedge.exe
1492	msedge.exe
4964	msedge.exe
4964	msedge.exe
3204	identity_helper.exe
3204	identity_helper.exe
3612	setup.exe
3612	setup.exe
3612	setup.exe
3612	setup.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
5516	browser.exe
5516	browser.exe
5516	browser.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5516	browser.exe
Token: SeCreatePagefilePrivilege	5516	browser.exe
Token: SeShutdownPrivilege	5516	browser.exe
Token: SeCreatePagefilePrivilege	5516	browser.exe
Token: SeShutdownPrivilege	5516	browser.exe
Token: SeCreatePagefilePrivilege	5516	browser.exe
Token: SeShutdownPrivilege	5516	browser.exe
Token: SeCreatePagefilePrivilege	5516	browser.exe
Token: SeShutdownPrivilege	5516	browser.exe
Token: SeCreatePagefilePrivilege	5516	browser.exe
Token: SeShutdownPrivilege	5516	browser.exe
Token: SeCreatePagefilePrivilege	5516	browser.exe
Token: SeShutdownPrivilege	5516	browser.exe
Token: SeCreatePagefilePrivilege	5516	browser.exe
Token: SeShutdownPrivilege	5516	browser.exe
Token: SeCreatePagefilePrivilege	5516	browser.exe
Token: SeShutdownPrivilege	5516	browser.exe
Token: SeCreatePagefilePrivilege	5516	browser.exe
Token: SeShutdownPrivilege	5516	browser.exe
Token: SeCreatePagefilePrivilege	5516	browser.exe
Token: SeShutdownPrivilege	5516	browser.exe
Token: SeCreatePagefilePrivilege	5516	browser.exe
Token: SeShutdownPrivilege	5516	browser.exe
Token: SeCreatePagefilePrivilege	5516	browser.exe
Token: SeShutdownPrivilege	5516	browser.exe
Token: SeCreatePagefilePrivilege	5516	browser.exe
Token: SeShutdownPrivilege	5516	browser.exe
Token: SeCreatePagefilePrivilege	5516	browser.exe
Token: SeShutdownPrivilege	5516	browser.exe
Token: SeCreatePagefilePrivilege	5516	browser.exe
Token: SeShutdownPrivilege	5516	browser.exe
Token: SeCreatePagefilePrivilege	5516	browser.exe
Token: SeShutdownPrivilege	5516	browser.exe
Token: SeCreatePagefilePrivilege	5516	browser.exe
Token: SeShutdownPrivilege	5516	browser.exe
Token: SeCreatePagefilePrivilege	5516	browser.exe
Token: SeShutdownPrivilege	5516	browser.exe
Token: SeCreatePagefilePrivilege	5516	browser.exe
Token: SeShutdownPrivilege	5516	browser.exe
Token: SeCreatePagefilePrivilege	5516	browser.exe
Token: SeShutdownPrivilege	5516	browser.exe
Token: SeCreatePagefilePrivilege	5516	browser.exe
Token: SeShutdownPrivilege	5516	browser.exe
Token: SeCreatePagefilePrivilege	5516	browser.exe
Token: SeShutdownPrivilege	5516	browser.exe
Token: SeCreatePagefilePrivilege	5516	browser.exe
Token: SeShutdownPrivilege	5516	browser.exe
Token: SeCreatePagefilePrivilege	5516	browser.exe
Token: SeShutdownPrivilege	5516	browser.exe
Token: SeCreatePagefilePrivilege	5516	browser.exe
Token: SeShutdownPrivilege	5516	browser.exe
Token: SeCreatePagefilePrivilege	5516	browser.exe
Token: SeShutdownPrivilege	5516	browser.exe
Token: SeCreatePagefilePrivilege	5516	browser.exe
Token: SeShutdownPrivilege	5516	browser.exe
Token: SeCreatePagefilePrivilege	5516	browser.exe
Token: SeShutdownPrivilege	5516	browser.exe
Token: SeCreatePagefilePrivilege	5516	browser.exe
Token: SeShutdownPrivilege	5516	browser.exe
Token: SeCreatePagefilePrivilege	5516	browser.exe
Token: SeShutdownPrivilege	5516	browser.exe
Token: SeCreatePagefilePrivilege	5516	browser.exe
Token: SeShutdownPrivilege	5516	browser.exe
Token: SeCreatePagefilePrivilege	5516	browser.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
1328	d2873dad634eafe9d2f76742d3608d54db705b065642bc1a6cfa1b1d6adc5495.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
5644	explorer.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1328	d2873dad634eafe9d2f76742d3608d54db705b065642bc1a6cfa1b1d6adc5495.exe
5516	browser.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1328 wrote to memory of 3004	1328	d2873dad634eafe9d2f76742d3608d54db705b065642bc1a6cfa1b1d6adc5495.exe	86
PID 1328 wrote to memory of 3004	1328	d2873dad634eafe9d2f76742d3608d54db705b065642bc1a6cfa1b1d6adc5495.exe	86
PID 1328 wrote to memory of 3004	1328	d2873dad634eafe9d2f76742d3608d54db705b065642bc1a6cfa1b1d6adc5495.exe	86
PID 1328 wrote to memory of 4964	1328	d2873dad634eafe9d2f76742d3608d54db705b065642bc1a6cfa1b1d6adc5495.exe	89
PID 1328 wrote to memory of 4964	1328	d2873dad634eafe9d2f76742d3608d54db705b065642bc1a6cfa1b1d6adc5495.exe	89
PID 4964 wrote to memory of 5076	4964	msedge.exe	90
PID 4964 wrote to memory of 5076	4964	msedge.exe	90
PID 4964 wrote to memory of 3848	4964	msedge.exe	91
PID 4964 wrote to memory of 3848	4964	msedge.exe	91
PID 4964 wrote to memory of 3848	4964	msedge.exe	91
PID 4964 wrote to memory of 3848	4964	msedge.exe	91
PID 4964 wrote to memory of 3848	4964	msedge.exe	91
PID 4964 wrote to memory of 3848	4964	msedge.exe	91
PID 4964 wrote to memory of 3848	4964	msedge.exe	91
PID 4964 wrote to memory of 3848	4964	msedge.exe	91
PID 4964 wrote to memory of 3848	4964	msedge.exe	91
PID 4964 wrote to memory of 3848	4964	msedge.exe	91
PID 4964 wrote to memory of 3848	4964	msedge.exe	91
PID 4964 wrote to memory of 3848	4964	msedge.exe	91
PID 4964 wrote to memory of 3848	4964	msedge.exe	91
PID 4964 wrote to memory of 3848	4964	msedge.exe	91
PID 4964 wrote to memory of 3848	4964	msedge.exe	91
PID 4964 wrote to memory of 3848	4964	msedge.exe	91
PID 4964 wrote to memory of 3848	4964	msedge.exe	91
PID 4964 wrote to memory of 3848	4964	msedge.exe	91
PID 4964 wrote to memory of 3848	4964	msedge.exe	91
PID 4964 wrote to memory of 3848	4964	msedge.exe	91
PID 4964 wrote to memory of 3848	4964	msedge.exe	91
PID 4964 wrote to memory of 3848	4964	msedge.exe	91
PID 4964 wrote to memory of 3848	4964	msedge.exe	91
PID 4964 wrote to memory of 3848	4964	msedge.exe	91
PID 4964 wrote to memory of 3848	4964	msedge.exe	91
PID 4964 wrote to memory of 3848	4964	msedge.exe	91
PID 4964 wrote to memory of 3848	4964	msedge.exe	91
PID 4964 wrote to memory of 3848	4964	msedge.exe	91
PID 4964 wrote to memory of 3848	4964	msedge.exe	91
PID 4964 wrote to memory of 3848	4964	msedge.exe	91
PID 4964 wrote to memory of 3848	4964	msedge.exe	91
PID 4964 wrote to memory of 3848	4964	msedge.exe	91
PID 4964 wrote to memory of 3848	4964	msedge.exe	91
PID 4964 wrote to memory of 3848	4964	msedge.exe	91
PID 4964 wrote to memory of 3848	4964	msedge.exe	91
PID 4964 wrote to memory of 3848	4964	msedge.exe	91
PID 4964 wrote to memory of 3848	4964	msedge.exe	91
PID 4964 wrote to memory of 3848	4964	msedge.exe	91
PID 4964 wrote to memory of 3848	4964	msedge.exe	91
PID 4964 wrote to memory of 3848	4964	msedge.exe	91
PID 4964 wrote to memory of 1492	4964	msedge.exe	92
PID 4964 wrote to memory of 1492	4964	msedge.exe	92
PID 4964 wrote to memory of 1480	4964	msedge.exe	93
PID 4964 wrote to memory of 1480	4964	msedge.exe	93
PID 4964 wrote to memory of 1480	4964	msedge.exe	93
PID 4964 wrote to memory of 1480	4964	msedge.exe	93
PID 4964 wrote to memory of 1480	4964	msedge.exe	93
PID 4964 wrote to memory of 1480	4964	msedge.exe	93
PID 4964 wrote to memory of 1480	4964	msedge.exe	93
PID 4964 wrote to memory of 1480	4964	msedge.exe	93
PID 4964 wrote to memory of 1480	4964	msedge.exe	93
PID 4964 wrote to memory of 1480	4964	msedge.exe	93
PID 4964 wrote to memory of 1480	4964	msedge.exe	93
PID 4964 wrote to memory of 1480	4964	msedge.exe	93
PID 4964 wrote to memory of 1480	4964	msedge.exe	93
PID 4964 wrote to memory of 1480	4964	msedge.exe	93
PID 4964 wrote to memory of 1480	4964	msedge.exe	93

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\d2873dad634eafe9d2f76742d3608d54db705b065642bc1a6cfa1b1d6adc5495.exe
"C:\Users\Admin\AppData\Local\Temp\d2873dad634eafe9d2f76742d3608d54db705b065642bc1a6cfa1b1d6adc5495.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Modifies system certificate store
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1328
- C:\Users\Admin\AppData\Local\Temp\d2873dad634eafe9d2f76742d3608d54db705b065642bc1a6cfa1b1d6adc5495.exe
  "C:\Users\Admin\AppData\Local\Temp\d2873dad634eafe9d2f76742d3608d54db705b065642bc1a6cfa1b1d6adc5495.exe" --parent-installer-process-id=1328 --run-as-admin --setup-cmd-line="fake_browser_arc --abt-config-resource-file=\"C:\Users\Admin\AppData\Local\Temp\abt_config_resource\" --abt-update-path=\"C:\Users\Admin\AppData\Local\Temp\4e3b4b42-f076-4812-b398-da8c1158564c.tmp\" --brand-name=int --browser-present=none --disableyapin --distr-info-file=\"C:\Users\Admin\AppData\Local\Temp\distrib_info\" --installer-brand-id=int --make-browser-default-after-import --ok-button-pressed-time=481055421 --progress-window=328268 --send-statistics --server-config-bundle-path=\"C:\Users\Admin\AppData\Local\Temp\97205f4e-b68c-4815-8805-f9c20c19b053.tmp\" --variations-update-path=\"C:\Users\Admin\AppData\Local\Temp\83887af8-c2d4-4e42-b9b5-d1b1292bdb8a.tmp\" --verbose-logging"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3004
- - C:\Users\Admin\AppData\Local\Temp\yb8EA3.tmp
    "C:\Users\Admin\AppData\Local\Temp\yb8EA3.tmp" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\4e3b4b42-f076-4812-b398-da8c1158564c.tmp" --brand-name=int --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --browser-present=none --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --disableyapin --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=34 --install-start-time-no-uac=481664789 --installer-brand-id=int --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --make-browser-default-after-import --ok-button-pressed-time=481055421 --progress-window=328268 --send-statistics --server-config-bundle-path="C:\Users\Admin\AppData\Local\Temp\97205f4e-b68c-4815-8805-f9c20c19b053.tmp" --source=lite --variations-update-path="C:\Users\Admin\AppData\Local\Temp\83887af8-c2d4-4e42-b9b5-d1b1292bdb8a.tmp" --verbose-logging
    3⤵
    - Executes dropped EXE
    PID:3788
  - - C:\Users\Admin\AppData\Local\Temp\YB_13FE5.tmp\setup.exe
      "C:\Users\Admin\AppData\Local\Temp\YB_13FE5.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_13FE5.tmp\BROWSER.PACKED.7Z" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\4e3b4b42-f076-4812-b398-da8c1158564c.tmp" --brand-name=int --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --browser-present=none --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --disableyapin --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=34 --install-start-time-no-uac=481664789 --installer-brand-id=int --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --make-browser-default-after-import --ok-button-pressed-time=481055421 --progress-window=328268 --send-statistics --server-config-bundle-path="C:\Users\Admin\AppData\Local\Temp\97205f4e-b68c-4815-8805-f9c20c19b053.tmp" --source=lite --variations-update-path="C:\Users\Admin\AppData\Local\Temp\83887af8-c2d4-4e42-b9b5-d1b1292bdb8a.tmp" --verbose-logging
      4⤵
      Checks computer location settings
      Executes dropped EXE
      PID:4504
    - - C:\Users\Admin\AppData\Local\Temp\YB_13FE5.tmp\setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\YB_13FE5.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_13FE5.tmp\BROWSER.PACKED.7Z" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\4e3b4b42-f076-4812-b398-da8c1158564c.tmp" --brand-name=int --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --browser-present=none --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --disableyapin --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=34 --install-start-time-no-uac=481664789 --installer-brand-id=int --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --make-browser-default-after-import --ok-button-pressed-time=481055421 --progress-window=328268 --send-statistics --server-config-bundle-path="C:\Users\Admin\AppData\Local\Temp\97205f4e-b68c-4815-8805-f9c20c19b053.tmp" --source=lite --variations-update-path="C:\Users\Admin\AppData\Local\Temp\83887af8-c2d4-4e42-b9b5-d1b1292bdb8a.tmp" --verbose-logging --verbose-logging --run-as-admin --target-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application" --child-setup-process --restart-as-admin-time=511175729
        5⤵
        Executes dropped EXE
        Modifies registry class
        Modifies system certificate store
        Suspicious behavior: EnumeratesProcesses
        
        PID:3612
      - C:\Users\Admin\AppData\Local\Temp\YB_13FE5.tmp\setup.exe
        
        C:\Users\Admin\AppData\Local\Temp\YB_13FE5.tmp\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=488dca4c15f9a1d330ad312b391a804e --annotation=main_process_pid=3612 --annotation=plat=Win64 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.6.1.766 --initial-client-data=0x288,0x28c,0x290,0x264,0x294,0x7ff7e584d688,0x7ff7e584d694,0x7ff7e584d6a0
        6⤵
        Executes dropped EXE
        
        PID:1196
      - C:\Windows\TEMP\sdwra_3612_1611613164\service_update.exe
        
        "C:\Windows\TEMP\sdwra_3612_1611613164\service_update.exe" --setup
        6⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in Program Files directory
        
        PID:4164
        
        C:\Program Files (x86)\Yandex\YandexBrowser\24.6.1.766\service_update.exe
        
        "C:\Program Files (x86)\Yandex\YandexBrowser\24.6.1.766\service_update.exe" --install
        7⤵
        Executes dropped EXE
        
        PID:2272
      - C:\Users\Admin\AppData\Local\Temp\YB_13FE5.tmp\Temp\scoped_dir3612_2105338957\explorer.exe
        
        "C:\Users\Admin\AppData\Local\Temp\YB_13FE5.tmp\Temp\scoped_dir3612_2105338957\explorer.exe" --pttw1="C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex.lnk"
        6⤵
        Checks computer location settings
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\YB_13FE5.tmp\Temp\scoped_dir3612_2105338957\explorer.exe
        
        C:\Users\Admin\AppData\Local\Temp\YB_13FE5.tmp\Temp\scoped_dir3612_2105338957\explorer.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=488dca4c15f9a1d330ad312b391a804e --annotation=main_process_pid=5644 --annotation=plat=Win64 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.6.1.766 --initial-client-data=0x28c,0x290,0x294,0x264,0x298,0x7ff63704d688,0x7ff63704d694,0x7ff63704d6a0
        7⤵
        Executes dropped EXE
        
        PID:5692
      - C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
        
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Temp\clids.xml"
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:6036
      - C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
        
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\source3612_544605717\Browser-bin\clids_yandex.xml"
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:4196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://yandex.com/legal/browser_agreement/?lang=en
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:4964
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa6d5d46f8,0x7ffa6d5d4708,0x7ffa6d5d4718
    3⤵
    PID:5076
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,14677624846383726093,8113422724452657117,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
    3⤵
    PID:3848
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,14677624846383726093,8113422724452657117,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1492
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,14677624846383726093,8113422724452657117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
    3⤵
    PID:1480
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,14677624846383726093,8113422724452657117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
    3⤵
    PID:2248
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,14677624846383726093,8113422724452657117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
    3⤵
    PID:400
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,14677624846383726093,8113422724452657117,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 /prefetch:8
    3⤵
    PID:3704
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,14677624846383726093,8113422724452657117,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3204
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,14677624846383726093,8113422724452657117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
    3⤵
    PID:4996
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,14677624846383726093,8113422724452657117,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
    3⤵
    PID:5096
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,14677624846383726093,8113422724452657117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4112 /prefetch:1
    3⤵
    PID:4124
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,14677624846383726093,8113422724452657117,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
    3⤵
    PID:884
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,14677624846383726093,8113422724452657117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:1
    3⤵
    PID:3236
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,14677624846383726093,8113422724452657117,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6124 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3704

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2356

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4504

C:\Program Files (x86)\Yandex\YandexBrowser\24.6.1.766\service_update.exe
"C:\Program Files (x86)\Yandex\YandexBrowser\24.6.1.766\service_update.exe" --run-as-service
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies data under HKEY_USERS
PID:2908
- C:\Program Files (x86)\Yandex\YandexBrowser\24.6.1.766\service_update.exe
  "C:\Program Files (x86)\Yandex\YandexBrowser\24.6.1.766\service_update.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=488dca4c15f9a1d330ad312b391a804e --annotation=main_process_pid=2908 --annotation=plat=Win64 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.6.1.766 --initial-client-data=0x210,0x214,0x218,0x1ec,0x21c,0x7ff6f6368aa0,0x7ff6f6368aac,0x7ff6f6368ab8
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Program Files (x86)\Yandex\YandexBrowser\24.6.1.766\service_update.exe
  "C:\Program Files (x86)\Yandex\YandexBrowser\24.6.1.766\service_update.exe" --update-scheduler
  2⤵
  - Executes dropped EXE
  - Drops file in Windows directory
  PID:3752
- - C:\Program Files (x86)\Yandex\YandexBrowser\24.6.1.766\service_update.exe
    "C:\Program Files (x86)\Yandex\YandexBrowser\24.6.1.766\service_update.exe" --update-background-scheduler
    3⤵
    - Executes dropped EXE
    - Drops file in Windows directory
    PID:4456

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --progress-window=328268 --ok-button-pressed-time=481055421 --install-start-time-no-uac=481664789
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Checks system information in the registry
- Drops file in Windows directory
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:5516
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id= --annotation=main_process_pid=5516 --annotation=metrics_client_id=22f8f65240234198a1e12599daca52ca --annotation=plat=Win64 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.6.1.766 --initial-client-data=0x13c,0x140,0x144,0x118,0x148,0x7ffa5b05bf90,0x7ffa5b05bf9c,0x7ffa5b05bfa8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5484
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=3CA16BB7-4B4F-4599-9180-C46394143411 --brand-id=int --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --gpu-process-kind=sandboxed --field-trial-handle=2688,i,9898639611272759708,18329454573135072144,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2684 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:532
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=3CA16BB7-4B4F-4599-9180-C46394143411 --brand-id=int --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=disabled --gpu-process-kind=trampoline --field-trial-handle=1940,i,9898639611272759708,18329454573135072144,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2360 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4768
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-id=3CA16BB7-4B4F-4599-9180-C46394143411 --brand-id=int --no-appcompat-clear --process-name="Network Service" --field-trial-handle=2096,i,9898639611272759708,18329454573135072144,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3416 --brver=24.6.1.766 /prefetch:3
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1692
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-id=3CA16BB7-4B4F-4599-9180-C46394143411 --brand-id=int --no-appcompat-clear --process-name="Storage Service" --field-trial-handle=2300,i,9898639611272759708,18329454573135072144,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3524 --brver=24.6.1.766 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5680
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --user-id=3CA16BB7-4B4F-4599-9180-C46394143411 --brand-id=int --no-appcompat-clear --process-name="Audio Service" --field-trial-handle=1616,i,9898639611272759708,18329454573135072144,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3580 --brver=24.6.1.766 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5656
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --user-id=3CA16BB7-4B4F-4599-9180-C46394143411 --brand-id=int --no-appcompat-clear --process-name="Video Capture" --field-trial-handle=2624,i,9898639611272759708,18329454573135072144,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3908 --brver=24.6.1.766 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:6000
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=3CA16BB7-4B4F-4599-9180-C46394143411 --brand-id=int --extension-process --help-url=https://api.browser.yandex.com/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --no-appcompat-clear --allow-prefetch --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3952,i,9898639611272759708,18329454573135072144,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3948 /prefetch:2
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:6132
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --user-id=3CA16BB7-4B4F-4599-9180-C46394143411 --brand-id=int --no-appcompat-clear --process-name="Data Decoder Service" --field-trial-handle=3768,i,9898639611272759708,18329454573135072144,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4092 --brver=24.6.1.766 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:6076
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --user-id=3CA16BB7-4B4F-4599-9180-C46394143411 --brand-id=int --no-appcompat-clear --process-name="Profile Importer" --field-trial-handle=4272,i,9898639611272759708,18329454573135072144,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4328 --brver=24.6.1.766 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2896
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=3CA16BB7-4B4F-4599-9180-C46394143411 --brand-id=int --help-url=https://api.browser.yandex.com/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --no-appcompat-clear --allow-prefetch --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4468,i,9898639611272759708,18329454573135072144,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4464 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4660
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.6.1.766\Installer\setup.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.6.1.766\Installer\setup.exe" --set-as-default-browser
  2⤵
  - Executes dropped EXE
  - Modifies registry class
  PID:6496
- - C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.6.1.766\Installer\setup.exe
    C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.6.1.766\Installer\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=488dca4c15f9a1d330ad312b391a804e --annotation=main_process_pid=6496 --annotation=plat=Win64 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.6.1.766 --initial-client-data=0x28c,0x290,0x294,0x268,0x298,0x7ff65c36d688,0x7ff65c36d694,0x7ff65c36d6a0
    3⤵
    - Executes dropped EXE
    PID:7620
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=uwp_cookie_provider.mojom.UwpCookieProvider --lang=en-US --service-sandbox-type=utility --user-id=3CA16BB7-4B4F-4599-9180-C46394143411 --brand-id=int --no-appcompat-clear --process-name=uwp_cookie_provider.mojom.UwpCookieProvider --field-trial-handle=5280,i,9898639611272759708,18329454573135072144,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5284 --brver=24.6.1.766 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5368
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=3CA16BB7-4B4F-4599-9180-C46394143411 --brand-id=int --help-url=https://api.browser.yandex.com/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4516,i,9898639611272759708,18329454573135072144,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4520 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:7248
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --user-id=3CA16BB7-4B4F-4599-9180-C46394143411 --brand-id=int --no-appcompat-clear --process-name="Windows Utilities" --field-trial-handle=1044,i,9898639611272759708,18329454573135072144,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4504 --brver=24.6.1.766 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:7700
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --user-id=3CA16BB7-4B4F-4599-9180-C46394143411 --brand-id=int --no-appcompat-clear --process-name="Windows Utilities" --field-trial-handle=3268,i,9898639611272759708,18329454573135072144,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4512 --brver=24.6.1.766 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:7696

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
1KB

MD5
89b2de3d0eae610194592c6b76184ff5

SHA1
0d06b46aa61d0e43fd4f1a9f6500bbc71850942b

SHA256
45f4dad44f0f3265be0c9d85b37f108a1b38162703c9a27c07945d456d500b16

SHA512
e04f6891281238664c077ef9d5ae38ae1aaa1f74299f418d3a9c9849b88adc36f308735f83c3f4923977ebdbb715b82a69d1277475b730015dc95a76c8a4abff

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
1KB

MD5
1573bee758f1f0be33f07832534e0a8b

SHA1
55dc6ddefc6b271226f19b04707a9fbe6a8c0088

SHA256
8530da5f962ef736b8a0e75d07761c24c8605a9141003add3098c745cf41f1dd

SHA512
761a8c5a4f852eb15faec05857825f144270898f84598e1d7ceca8afc49cbdcba623cca53c295af0a0d474c392861a0715591d967a9cba2f837e724931e47e76

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
1KB

MD5
8742a2a3422967549d85e54f58409395

SHA1
ba55c10edd162f571fdc30652663e178d6e8e7ae

SHA256
b7eb954476df3fde4f67823d2cf6b96e9729b8972070b713db3a71137644f555

SHA512
831dfba94cee3af29796fcf058b303210077d8cff3ba213f591773448ead84b7941a9c9ae15cd8929bcd402f9cbe9c84f039986348f4b0b96c519b28fe4daa2e

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
2KB

MD5
44c137a852d2779022dbad37afb12fe3

SHA1
048f5a3c557011d146e46cc2782831b21fb48afa

SHA256
95f2b9ad260de70a7897d2a94c3794f3560c6620d0ee8730887e25e7c7564c26

SHA512
935432a52902fbfdbb931ac8c83f52e0913024330991c7dc5697786dbd67f530aeba8a6f9d6d5fa2923bd2c4b3a343e9790aaed6041bff5d306c5a6119815b4a

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
3KB

MD5
bcc4d615f89b7247531b56e9c9c19e36

SHA1
801f9149b42b0ac9b04ec411d582d8697b282167

SHA256
b93ff943cd10764b4d18aff3170bd67b9de072ebf28ab97794a211e507c148be

SHA512
e2f25c7bb1fc21f3a60dba6c74836df4055fa5ff2f0e4b8ad2da54968416667256f9f1d04eac883e7f4ace866577575f2b8055c404018740c15c6fb3962f35e0

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
3KB

MD5
026309c258b2c0bca089f4b92fea4eed

SHA1
a8ec5133db0343a45a9925f772d53ca27595b03a

SHA256
6d4ba5709b45119ffd0371d2d7bec50b6d64d4eaf85d8ed9571a7f872c650a73

SHA512
568afd19aff77095edb2eee9d825dff7995fb73c8484a7a7bc00e62369223f9d8dacd76b732acc79b666742dcaa67b8cc9cc3840cb10147c1b73ada3315eb6c1

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
4KB

MD5
b57a6442c541720dcc0572aeda91d681

SHA1
affaa8ecb3911755506a8cf1adec73323f1c6ca8

SHA256
6eb51990196e0370ee4f2ff67f105efc7fb714fcae063c7b7f0caeab60eb7a98

SHA512
c5191222e90c2dc1d58e69c6cf2942f97cd2d76bb92bf396ca86748a80e2d2a4104369f2c00b118744888de38123573d7b74c002ab109cb7847e6ca7c2820679

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
5KB

MD5
17b4c4c6c4506c1ac5b6766210c68d36

SHA1
16a4cfdf6cf6a170e37513090e3824e8e5e6441e

SHA256
6834c19272fa4121a9e48a281bcc72b18a0ff49aecbb73dd6946d2d3f9c4f7ae

SHA512
ae99ce07e6a4ed485cd3c0e44491c2774458435c490e54d1d9d740f199944c3b7de45fee06cb45a41d05697be7bd398d4633ce5e6fd81b1e2142328f8f36c4c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B

Filesize
1KB

MD5
4e7f71516c45cf7f1204e8aad23d7013

SHA1
eb639e3309e3591af8d6a50b076190fe0f0b6dd0

SHA256
1d9feabf397cf672d18f0879e4c5e8dc858dc379f78e817dd02b08842050de8d

SHA512
817b89b88afc2ac9fedc353821f9f94ae8d83ac49e76709569ccfb621b6dc58f4b6fcfda3136fd745ff28e426cd185c40b3f9012e0ad08377ebb718dc28657cd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_7DAD5545724AA2C98C55095F428499FB

Filesize
1KB

MD5
e344e360c881621aaa49bfc11b70a06f

SHA1
7b8a0911f18caffc51b7fed9b208bf4871c7ec36

SHA256
cd4de238fc47cbd97e97ee780ebb48e14c7da8ab166713ce08c22825a76e1500

SHA512
f8549f0f6d265c6a8ec1c83fa5027cfba1ecce4967b09a8cbc26b6e7e770008c3b9112dc94a9e9da3ebdb64833509e34d04b66b8a93bf1e7ef5ebc475cdf0fc3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\349D186F1CB5682FA0194D4F3754EF36_329286CE101A90C7D927A9DF52224760

Filesize
1KB

MD5
df774ac8c74cb9481d2693c32003abb9

SHA1
3b9e09fe4b8adfec1f292fe8bb2cad17ab0b908d

SHA256
092a1c261b7ccbee340aa37f9866e3ca1041cfc461bd87741a933d30835754b6

SHA512
37b02eb49afe6978ec358b3896da4c0dfa7c0e25561347c71d330c347b937326e37d2797f2916fbf3517a9c05b8fcb284e5ca377b43ef1dd32737c4975fe32d8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\357F04AD41BCF5FE18FCB69F60C6680F_394487CAFBCFB8C5917AD7A10924C8A7

Filesize
1KB

MD5
987f2019b3e0212fe208b88a04c4ef71

SHA1
2b99ba132fabe7bdfe5ffff0de696e8bc33ef27e

SHA256
3c6017277d5e013dfb273a83354a9e69a9c6ac3c6296313813241520641c02cf

SHA512
71a76826f07cfafe0a549abadb9f6508d40f5882dc65f01f214b69d3906c10b67cfbb83cde1e9faf6d6fb1162dd7d5412c3356a5fa8b55e2cb73d168ef2374fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\66F835E41EC6A985EB9271E4A70169D7_CF44E3C99F7F4AC558EEB35244F7E046

Filesize
1KB

MD5
377075803f722f051f438f0931fb4371

SHA1
e9eef5f4222f257573d386c33cb893853d2d5b09

SHA256
3189bb3c9748b6c6c0c499778fe65958240c15b6102130d9c0cdb5333b09c530

SHA512
9827917b57b113733fd995c87d121d9d3ce91d839a177b77d7f0f116a679abb59e2c54d02786ca445e997a7306d1af76cf1310b7a9d36f27bdf4ba299ef1fdd0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E

Filesize
1KB

MD5
6fce018037239d44d766c56bdfaba65a

SHA1
f7ad781aa0f2fb88b899e80ad30ac3b6f99f261b

SHA256
4447c6b09ebe86b5c3b8db8881828bf5961b803d1c6b404d282a6e24431f05cd

SHA512
0e17267c2131dd3f0a59ee5a55fffdced9587a7c572105be7003d8c944e86e8f1a9f3c7ac41360cc8af785ff233d8f058074249f450bc845b5550c2a514dc526

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3

Filesize
1KB

MD5
a24c0521afcec5a6afa7338aff1b3f74

SHA1
0580d47e292de51e710f53bbf417f5885cbc2488

SHA256
b43ab16dc472eea890600f5952e5bca20822ac79aae50dd600abbcfd538ed7a2

SHA512
30ca006b2eeecaecd73e1381f115e39327844c0827001b7c26aa1fd4d69ca277f9aa8e987d6f9a0c0bf62ec95951b21852ed17d02a8dfb3c006d332da73e3bd3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B

Filesize
508B

MD5
9d37fecb36087fe4f892e0a5b077d753

SHA1
7d1f3fd735565d5bb01a630018f352056978505d

SHA256
e3887a5442b5123b244a246826ce731d9a2a912fd2644b09d2431ccec7c0a968

SHA512
da728cd51688d41c895ed4855ec55a209db87518bd55d4aef348298bd795afe8af72ad243425639b1aea1c7f161f152686cb905b6c2ee8e89d018b4bdd1f17dc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_7DAD5545724AA2C98C55095F428499FB

Filesize
512B

MD5
dbc49079db14120c2229b15c7a07702f

SHA1
2ec3ff9fab8bc8a954f7e152565613da1509bdad

SHA256
cb63655f0cc6e0ecbdd6d37a4ebe242c0242c55ae09522b91035d991b65c641c

SHA512
db88d83a9e1fc2e564b32cbd089cbf5bd31dca39c5e93b3bdde583ed663e880e25038cffbdafdfdb566c6da154a00a948c89ab5a00e37ff751f6c0eccfb3ea55

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\349D186F1CB5682FA0194D4F3754EF36_329286CE101A90C7D927A9DF52224760

Filesize
532B

MD5
275fe1b1ee93686afd626a15038e3815

SHA1
d6f0e268da42ef663383a6891102002f4e8047d8

SHA256
66d0120427e1c338331dd2958b0675c3c554b67dec10ff7789f13c7e456a7620

SHA512
25914a31527ec445c5f0749b961770d37b1211941d579868e23717738300ebede30edc535a521fe0f95e8a5c42eaa5186f51c40eb19a2048bc360fe91efff1bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\357F04AD41BCF5FE18FCB69F60C6680F_394487CAFBCFB8C5917AD7A10924C8A7

Filesize
536B

MD5
dfa08d489a2747040d8f6225e9b91a78

SHA1
8ad7ad36a0125ec7a14939e91a221180366e2de5

SHA256
2bd1740dd1553ec6c9a699b2bad97982c7c02087a824d9790fb2f4d0fb5df24a

SHA512
1ea6276e9dbfc2435d5f9f39d33e620b5be6bc538d3131607e35410ba6b6d9773efe9b68b5476bd3bf8ef9eb2c6e64550c7179999c1bba5ce202cfedb1d894d4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\66F835E41EC6A985EB9271E4A70169D7_CF44E3C99F7F4AC558EEB35244F7E046

Filesize
502B

MD5
ba2b011a8998dd6833ab37be3f9fc4fd

SHA1
3d2ede27210e7babf564503cdc0c4adb318ff750

SHA256
8ce1e53dfd8d503b24cee2aff120e1ddfc66b85e7bba4c8a7a8d81c0bfcf568e

SHA512
ad20554d1713e64ec1528cdaa6f158133675718f522305ed849c9dd68545f4115a95d68b0f76377de6685c0ad55490b6423b6ea1419a824255d62a1eba0d1444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E

Filesize
536B

MD5
476353873cd24972f0d0774f981820b4

SHA1
56c0afae18983e3a972d845b82769fe68d3307c8

SHA256
a3cad46ed1bb0fa918e9845f0e99a15bd78f50ea740d8d5b53f5cf417e96d9d3

SHA512
3ef15177b61234cd7f700ec0dcc5c0346348706a54f6661db01354fd2706aec70a337b649abb4b95af6998e0e2e27f90b26faf16d8eea6e7fb68be27aee8df3c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3

Filesize
506B

MD5
e5b562deac36a0ebb31b7eebe71dbde1

SHA1
e5de81c56297342feac8b033c9421b8bfdd1aa62

SHA256
e0504a4cf01b15562848635e3bd35405e9817170b3101d7878710e949ed3ef23

SHA512
e10ae2c39642a7c1d928ea8817cca017dab09932d3e60d4438bfc63c09bb4f113956a71f8e439464856dc466401686bbc87e5076b11f276f103105f3ac0d1fa6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c2d9eeb3fdd75834f0ac3f9767de8d6f

SHA1
4d16a7e82190f8490a00008bd53d85fb92e379b0

SHA256
1e5efb5f1d78a4cc269cb116307e9d767fc5ad8a18e6cf95c81c61d7b1da5c66

SHA512
d92f995f9e096ecc0a7b8b4aca336aeef0e7b919fe7fe008169f0b87da84d018971ba5728141557d42a0fc562a25191bd85e0d7354c401b09e8b62cdc44b6dcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e55832d7cd7e868a2c087c4c73678018

SHA1
ed7a2f6d6437e907218ffba9128802eaf414a0eb

SHA256
a4d7777b980ec53de3a70aca8fb25b77e9b53187e7d2f0fa1a729ee9a35da574

SHA512
897fdebf1a9269a1bf1e3a791f6ee9ab7c24c9d75eeff65ac9599764e1c8585784e1837ba5321d90af0b004af121b2206081a6fb1b1ad571a0051ee33d3f5c5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
93bcc001138f9746985faf011920fb76

SHA1
652f4f0d25399b9af3be8c35747f45a36ce581ac

SHA256
f27916761f7fb40516427b9df035ebb845ebf2ac7c95ccb3edf187bdee8eb474

SHA512
35cc0e8b2bf7439d6ef831a91567d775fb748e7856aa983ebe33dd9d22399db83335041f399990c227a186ff3b4cef785268c6a50cf36b39d27925750f1a8f65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
682B

MD5
6c73be2bd69229ad5759bb892982c688

SHA1
580155dfaff3cb1ea9ea6cb6020669a7cf16b420

SHA256
8be9ef3843fbe50a5f2ac5de507f25d8f51a8df4c47877efd5d009b691605ab7

SHA512
7d1012f26416b1147815558af252dec8ade95261280edd6db4052f2bfeac061e08ca0cb6db693c443c96b6a0ce694dd441ec4bd0dc672180affbf9f71b251215

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2bec4749a546443e30b20ce66d74fa08

SHA1
f38c4d9aaa007e57e1f04456204531d36cc45f9a

SHA256
02daf4cf66d9d0fa5fe6dfa052e1a266653913e703f418ca4730dda2de16c320

SHA512
d0c3d97a29b67025fd56b6e6eceac084df1977cfd343dcd92522306b10762f1aa44d9fdeeed11bafbbf8b9a969dea7d2f66ad8488fe99ce5a0df29c8c3e19e06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3b0e0f38e4075814b9a401a59b2c6e99

SHA1
48762d0dcf7c4949c293ca64ffc4b1f9e61a82b9

SHA256
9dc8eacb22b2febc9cb10195f82e386049fae763228a23da3032ff2c1a45b5aa

SHA512
08269ed29649c009260a1dd15eb62b13b8b56bb74a75b75b21a977276ceae75758697be6673738251e1fa2c61830841735b95e225588145460691f32fb6660c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
31c2a698c4312040b43faeea827d6ca4

SHA1
6ba6c02adefe22f49f412ece08e1345686daeb05

SHA256
d237765d000249fb7e5c5a11066180bf991046443ab71f98d3b5488a88c15e1d

SHA512
07d62f4c797bc4572791ef49a2bc820bc5439bc9bc4c9b71401c7c15ecc98c86b90385d4c73fbc3e19ad5c429312df4abd7f55d8aeecd3a42fe81e4748e735cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2aae6baea5fc063b06e16be1bc2988b5

SHA1
03daa0398ed073a6e41ce713b365c6298e70ceeb

SHA256
a47af168d509fcf2dff4442424971e90eeb3b266c3b0454c8e16af54fceaf508

SHA512
f4db2527c1bf7c5c008b06f4a9696f465be2f04bca6a95a4f87ba7dbdfefbde76d3013d76fa96734227a2ea81f8d3c9c22d6e8250382bfb10e976436f3a4c382

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
557fb0f51e1c4c1cb82c88ed940083c1

SHA1
42c7da69b45d87833ac4151294cdb8777ac50aea

SHA256
43077abc08ab5216a6701419023671c605f9c754bd362b3303704f16e33efd06

SHA512
c0b06c03938143a2b8878fdb4e6713ee87d72a3690f54d76f0ba979f5bf0fbb67ea8346a5d2f0cb26eee66f6a76dc566d019f6146f9a0f093156c3db906bae28

Download Submit
C:\Users\Admin\AppData\Local\Temp\YB_13FE5.tmp\BRAND_COMMON

Filesize
23.4MB

MD5
a759c5f1c85c746667a2116f3826def4

SHA1
cc123af479e5a778e2e380eb853529c00a6abbe3

SHA256
c12498e96122788d6938cdd23697db73cb4cc67593314eacec21d4a73ccb37f5

SHA512
ac88e74bd3fc7eef48b75331631e47f15e69b04a88b7ba7c76d666ac4adae739ba4ebbfee9e721dd1099cc166894b934bb3053de069c2aa382756e5788d3e6a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\YB_13FE5.tmp\brand_int

Filesize
6.2MB

MD5
3510863bdd2584a2d91daabe0852f3d5

SHA1
5f4518b3ab74ea3bb834b137123f2e65681ed289

SHA256
ac12ee7fefa378584abe8e7e685c45e4d7f59acd7afa7d93ccdb66311e02a37b

SHA512
6b2437790045367243060137390fc22648fa44ffbc6aa97ec6a1a4296a94d5aea13683091b96da20f4b2976132ce22a59c096954e50f85791184e89c4088bd06

Download Submit
C:\Users\Admin\AppData\Local\Temp\YB_13FE5.tmp\setup.exe

Filesize
4.8MB

MD5
3567844a6a9f79777657d980d8ee0092

SHA1
b0800199cf6ee828268926e76f563adb23dfa7a9

SHA256
cb575379b3235c343c67088a6041b8d105f56f9a60bad0fb721c7aefd6bbf592

SHA512
bb87dce77a5dbe7b19ec44286fd930e92812aa857832aba8d80103eee044ae53e302c183d1dc6d5edbb9e64206b8891977f326bb8bb6ef53a1e7d1f1a47a16fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\distrib_info

Filesize
331B

MD5
8cd93f5156c952f6fd3adf33e97481ba

SHA1
9e842f3ed5c3b595973ce86185124b75c17f8278

SHA256
1bbaba1c07b8f32f9da1e08c45feee77464c56a59c568bdb1aa166b0738ee06f

SHA512
94462fcbd4b9026e02f0fdfd9a03d334497893ddd58a9972c2494a21fe6c88511ac0a243ef4cab645e4ca4503486a7aac575e5b7aaacc3c5b48fe3aaec72579a

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
352d355f8e2661d751a7174cf7dc3948

SHA1
383f5105066179385bc3d3ae9937b5c630d6bd8b

SHA256
5ccd557e32513beb31a3f9f0ec105c017fc909d068baab45a64102350e2af958

SHA512
90eb6a201813412d9767a456f1dda401065529fea176e540c91650a51b1741030743af151226d4a50d1d6ae1177c6d58ac4f740e0c290ffb29cdc1b23e9af2f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
14KB

MD5
3cd3b641ea8048be3ac8313f1dc6007f

SHA1
ef75ec0e024e1f1b7fd99c8bfd0803a401f5d1eb

SHA256
8572df5b13c4c36da98c4658b8167089f0aaa6ef3ed8fd0e3d0ddb4bdbbd5d91

SHA512
b3caf32e3a34c1b4c889f366369af435a41bc72591933d9175e479db1636f38478bf573c3816ade5164d16af27ad02f7852fd3b083027a7969e203999ec3fd5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
15KB

MD5
ff09258bf0907ba6d4f26cee683df5e0

SHA1
612882b64dc6c60521431df08a13e7d5a80bc7eb

SHA256
9e924e7a890fbc13421cc64ff3f3a2825523001d2c81fc14e53a37bdfc14942e

SHA512
9e2d1fdf24d7582570fd6f66a9be3184a7b69b171154d5bb5efdbf1e6e62269bae72259d8f9831954129672312fa6c344e34a1e4de6a7596238fbd75896be6c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
5KB

MD5
8267b1b96ed74f10be4cb7cdfe987630

SHA1
ea8e3f1d26630e58666f40e739a6394fedf6b352

SHA256
dbbd62a9225d82ca6c87f69d711260f876e4876594cd13de27e90a9d75132423

SHA512
a38629c674d4eaee2d8827f2bd60a7ce1e34a5d4228944dec1e316d8e48216f3946a0bbb89f81c82d7f07a293a086d2986d50a0d36db174c263e3e45db26e591

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
23KB

MD5
dfa5342e5aec6746c89ed717fdfec127

SHA1
30052a86e5b4925f8ce2553220a6cf61c5543321

SHA256
bc89ff48c0ac6d6c438088f2a221ba74426115d783cd22c07d69777c2d0411b2

SHA512
3c83ba23a06a355d1bf3ac212de56427f7a62d5780fa352fd1347bd0cdf0643854653fc81d691aa5980769b3e6d7a31f7a9c2eb6783cbf290dbe1e5973210772

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
24KB

MD5
8f53752cd65547ec4a86108bcfa18f15

SHA1
9d0279266ab9422425b9ec10eb2e37442407ebc1

SHA256
a045e84323945fd23c13f187493e74d5fde82dce37a7cc2552ac2a35c0ca9ade

SHA512
215771dd76ad2689fabef8a9b57a5989a85d2e70c54a9be329b4f84b1079fe32e29ee4dffff7120a6992d69d21a16d4ae8910f6a1c6f70c78641a462248afbf0

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
24KB

MD5
614067f36fbdd5407ce3a722f42d5bc9

SHA1
38294b01868b042c761a2b0ee4645e56c72f9a8d

SHA256
b1088bdbf984d33c1902d9a26abf127cd8a822269f73f5434516c2189669c426

SHA512
36ccbf0efa9cb8b0a449e6c37f28af4762995839dd6f17e007ef6fdaf08d43becfff333f67f54349a809df55306348828da187c374fa3467db07fc523ef5254e

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
24KB

MD5
248a4338a0d654cde923a9116399da0a

SHA1
9e4361dc00f74461e06c0d9d61279cd603d7d249

SHA256
911cf165d6bd4a3dd705e3981b6ed0664f666bb43d374efdb3e09d6d9590cab6

SHA512
8759f47383aac3f4e26a96e0798f988598983c895fc3a9e686f0e9521eb05a3ffbdf22802f3ce07071d74747d4b08fc47093c21f979120824871f614e7cbb246

Download Submit
C:\Users\Admin\AppData\Local\Temp\master_preferences

Filesize
166KB

MD5
4420dd84487c800ad7a9051167166c95

SHA1
e88e4852e8a2ad1455f711aee51c871a1e6a158d

SHA256
6f2497d865f6f5ac38e9426abe5b234afffb00f11e48d332b198bb61341e5ec7

SHA512
555951739eed0892dbe368a24268c4fe48c959d6ae550b65756a11c2e594b2d8b180f53f65bf662313f0554b52d7a4876761d7656cc0b4e509f85e6d0173187c

Download Submit
C:\Users\Admin\AppData\Local\Temp\yandex_browser_installer.log

Filesize
8KB

MD5
d94e3240253e79ea00a3f26a22c63e16

SHA1
17023d5839b720b2f593de9314bfe4fc56a905eb

SHA256
6ea976a14a82f51ad39338ddfa1732a6d83c4ca03e70765ad5a9f896239fcfd7

SHA512
d3dd9ba431fca0d86e76a8de9584e7127cd6418d5794a20de78bf4c57ec6a67075c0c874e37059e8294207c44f8fc8d41341ecabfa67a5390d52ee4c90d05a3a

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.6.1.766\brand_config

Filesize
6KB

MD5
c58880e8fe94993877961f66f2d6f64f

SHA1
f4695e57ee5f3c37655fddcada0f64aee014f9b4

SHA256
a2448207c0e747a750afc7599ac5dc6daa3cfa7c51dc87c380b81fa96af95e13

SHA512
115720ca3cc79591a82dffb58906b1c38a9708cbdf865c132bd6ba1bda70141d68a0d6b1fa7682ff3b366470bb05d1577b8240c7b947ec83594c541706558a9e

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

Filesize
4.4MB

MD5
59056ed6f292c396d692c4df62c9f39c

SHA1
68d4b88a4d4ea3770eaefce1d6a7c2361c4471ab

SHA256
f6898aa373621f37ceff948ded3b784ce7ef206e13d8b4b97319e9ef3669a01a

SHA512
3b0dcdd27a4fd4fcad357135743867201425aa1a5b93bb3e1f9d60e59b4511767812ceb52fd700f0dc62f3bcf0eb7972042f5281407be5bb82f1fd36ee6fda89

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\install_state.json

Filesize
1KB

MD5
6a6042576537b34f0202cbe5370f9dd3

SHA1
d83166d2b5da148d45235cef4168d3e9240f9d7e

SHA256
aba40ba54997ff9eeff2459890d25cb30b5c38925eb8b46dfa4901c58f4c846f

SHA512
ddf86546fc4a59cd0d737143cd7df8bbb0999837ba3bf9d0e51e81227df0a42d2f15ec24ccce9b811b4e0c4597d6427276342cfe8c621f87fd87c27519cc17d3

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.1.766\resources\about_logo_en.png

Filesize
1KB

MD5
1376f5abbe56c563deead63daf51e4e9

SHA1
0c838e0bd129d83e56e072243c796470a6a1088d

SHA256
c56ae312020aef1916a8a01d5a1fc67ed3b41e5da539c0f26632c904a5e49c62

SHA512
a0bab3bae1307ea8c7ccbd558b86c9f40e748cdd6fd8067bb33eeef863191534af367a0058111553a2c3a24e666a99009176a8636c0a5db3bf1aa6226130498f

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.1.766\resources\about_logo_en_2x.png

Filesize
3KB

MD5
900fdf32c590f77d11ad28bf322e3e60

SHA1
310932b2b11f94e0249772d14d74871a1924b19f

SHA256
fe20d86fd62a4d1ab51531b78231749bd5990c9221eab1e7958be6d6aef292d9

SHA512
64ebc4c6a52440b4f9f05de8ffb343c2024c4690fe5c9f336e78cd1dd01ae8225e8bc446f386feb442e76136b20d6b04ee293467b21f5b294ce25e500922f453

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.1.766\resources\about_logo_ru.png

Filesize
1KB

MD5
ff321ebfe13e569bc61aee173257b3d7

SHA1
93c5951e26d4c0060f618cf57f19d6af67901151

SHA256
1039ea2d254d536410588d30f302e6ab727d633cf08cb409caa5d22718af5e64

SHA512
e98fbfb4ed40c5ac804b9f4d9f0c163508c319ec91f5d1e9deb6a5d3eada9338980f1b5fe11c49e6e88935ecd50119d321ce55ca5bdd0723a6e8c414e1e68e16

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.1.766\resources\about_logo_ru_2x.png

Filesize
3KB

MD5
a6911c85bb22e4e33a66532b0ed1a26c

SHA1
cbd2b98c55315ac6e44fb0352580174ed418db0a

SHA256
5bb0977553ded973c818d43a178e5d9874b24539dacbd7904cd1871e0ba82b23

SHA512
279fb0c1f2871ce41b250e9a4662046bc13c6678a79866eaf317cc93c997a683114122092214ce24f8e7f8a40520fe4ca03f54930148f4f794df0df3ecf74e9d

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.1.766\resources\configs\all_zip

Filesize
627KB

MD5
ea3ae3b2101e4e4806afa0fecd78ee72

SHA1
9f1719a2bab8afe355bc7329ffdfad65662d44da

SHA256
31086498440a9ab6cb32a31179c2c7b353df49c1b3a67f129cff2b2a9a4a04ee

SHA512
24fb4877ff65681b941ebcc6fe7669e0c02845928c38359487902321cdd6c6646bfffefa26936a235f15c2463cb51212e7ce34349f1d62835ef4af9fbe9f0121

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.1.766\resources\extension\elokbjeafkcggjfjkakpchmcmhkhaofn\brand_settings.json

Filesize
382B

MD5
909b09582eadd71cdfd92d615ea70a87

SHA1
715f244e8c4b306f26649167a2186a598f65f3df

SHA256
7bbd3e9581b9990cd48933c7b6ed0a22216db7f3544daf510b4acfadcab0426a

SHA512
95a6d43d88b88bacc7ad49ea40b1797f28c2fe835f8c5287b13426581088154d952803c8461d6c311520fa3b92ceae4ee9f9328a9e70ceb9b48be639f948cc4c

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.1.766\resources\extension\fcgfaidpicddcilhjhafmmcgfodijhjd\brand_settings.json

Filesize
318B

MD5
fda6c7f7660e9be254ef3745b8dcc4c0

SHA1
953062beb6ba234633f1de0a6964e7dec3ba2cf0

SHA256
29660aabd512c66468f36862bf0087855e4c18bee937e9d1a403d548f0ce1b8c

SHA512
0b18601b8771071d601c00a8ecb687d807ca4c785c387701f6dff99566fab72227b9af84a17bf9c40a583c2501d3c20cb93681f4a1f6cb0227e4dd5b5a005077

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.1.766\resources\extension\gopnelejddjjkamjfblkcijjikkinnec\brand_settings.json

Filesize
247B

MD5
4c817e4c2d0ed4b5603e7192da413a6a

SHA1
e70fe2b6c5548273bc00b8863e0752c7bf93ad11

SHA256
cbbda477eaadbaf9fc385bff50dfaf9af360dd82fd8b345209456d8da580273b

SHA512
39a4796f25ee166dd8a079b3556b1e50d9e85a1bad8a9229a428a9d160411c7362fdf05db872ff167ce23f7769de582f63155863bd3e06313d49e71841f369ae

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.1.766\resources\import-bg.png

Filesize
13KB

MD5
be2acbae1c7b09125a85c5517a7dd70c

SHA1
091dbd354f830ddf74258b337dc4f7177a860d1b

SHA256
d1f78371b8d86ecd9a1e6c5878ff5da756f8c9ebb6b1a6d5d24ed017ad64c010

SHA512
dfc66f11ab6f79a8726efe47c478664973b04a277a9290cc6703899a12271909c757482be8c0a2cdcdd290e5a2a29d441a8d09c2bfc686a9482f07ceeb33f673

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.1.766\resources\morphology\dictionary-en-US.mrf

Filesize
372KB

MD5
c8a293e130ee93c08592f0f5ba9616a8

SHA1
49e7d245af097bd28af5ffa503858830cd45011e

SHA256
fbd6c8f911927a994db26eac21e4c028d75ea9de593eaa525f331e5c9a911ce3

SHA512
9f4c01c6083ad7063db29b7075e0ac475794dfaa9b6714b119174607aefbf5384cbf17a96256b097de5b2a73669d060d5082cf2aa9244e7968c3d8853d09083b

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.1.766\resources\morphology\dictionary-en-US.mrf.sig

Filesize
256B

MD5
197eaa00216af72690c09b8b82211809

SHA1
1e49ba86b771b391b63335fede7614f5ac427f84

SHA256
d5e3a63301977129113a9c0bdc0dd14173768c6f9f5ce2f2036c0cc6a53d706c

SHA512
f57b8e7d481ba5791c6bf454363fca3aad042270b572fb4b2ae1c0429a6e2f70d153b6bf44b139d48c959a1817c4e72ad3b280257b7877746fe93c40c880f514

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.1.766\resources\morphology\stop-words-en-US.list

Filesize
9B

MD5
202e1cc3e24e0a76bb1fd8779ddae5cb

SHA1
7566a9437663e808740ef75c9a79f414daa6b44d

SHA256
95984aa8caca82fc5c2ac6721e17206e45f12404567bf05bf397131ab83cef58

SHA512
dba1d7714da25c670cef62d22638ba759add34e26e69666973e26b7e7542b7c04d3694bb0f22ec2b7f89a33e48b3546507a108a385ba5945e0d293f501511717

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.1.766\resources\safebrowsing\download.png

Filesize
437B

MD5
528381b1f5230703b612b68402c1b587

SHA1
c29228966880e1a06df466d437ec90d1cac5bf2e

SHA256
3129d9eaba1c5f31302c2563ebfa85747eda7a6d3f95602de6b01b34e4369f04

SHA512
9eb45b0d4e3480a2d51a27ac5a6f20b9ef4e12bf8ac608043a5f01a372db5ea41a628458f7a0b02aaba94cd6bb8355a583d17666f87c3f29e82a0b899e9700bd

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.1.766\resources\sxs.ico

Filesize
43KB

MD5
592b848cb2b777f2acd889d5e1aae9a1

SHA1
2753e9021579d24b4228f0697ae4cc326aeb1812

SHA256
ad566a3e6f8524c705844e95a402cdeb4d6eed36c241c183147409a44e97ebcd

SHA512
c9552f4db4b6c02707d72b6f67c2a11f1cf110b2c4ac5a1b7ac78291a14bf6eb35a9b4a05bc51ac80135504cd9dcad2d7a883249ee2e20a256cb9e9ceeb0032f

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.1.766\resources\tablo

Filesize
220KB

MD5
b8aca2f09f3c9ecbd1c848007c3fd8b6

SHA1
e81fc8e2512026f9df9a661529a1e7a9ce0b2ba3

SHA256
a3b688dbadf99ba57652809adf074bb6e441895d0035983fae33912128fdb7cc

SHA512
df4eae94ee9eee02ce2fb7ced9968d9f644369638ec1ff392a15a28c89e4ec112aef966260be4072681f87145eee1460db1ced15b61798e3955c10eed3454a38

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.1.766\resources\tablo_BR_

Filesize
451KB

MD5
6a8fa7f8a6893d052627cd428d1e3237

SHA1
81422d8c739a136967a6bf77167bda1afee1280c

SHA256
71e8cdfe763f3479b399ffdb8dacd136e118c52b9d980e75e97a41e592cd258c

SHA512
86bf094a4b2d7d13ac1d9d872458ca88cadca6744a638173e0425f4eba5ff624343de2c9b9ef38502174847e0b4f00ce768c7fafdf8e7f8a9ad1d1c2fb308d42

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.1.766\resources\tablo_CA_

Filesize
415KB

MD5
f8495a109372348b2f3aa8fd41fac4f7

SHA1
77c42c500e5a0889ad83d7693c6988b091a45012

SHA256
3b5a77e2a5d9bd96d68ae95981d82aab133fca44110622fcf5ee7e12dd667ebd

SHA512
19126463e599d7a41a7b1815ca8176a7aac922ef39807c262ae15671bb49c0244e884094b361a20554c08e0aae028155d6608f080fd0d72ee12d36185ea203a2

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.1.766\resources\tablo_CN_

Filesize
746KB

MD5
f2826b7f3232265257d6efad0c443d21

SHA1
9da0d12745e199ac3f30f92c672b4dc97f35c75c

SHA256
cfb1791b0a72d00fde5675da5c041fc2de53123b5f5b2b2129237404eb8ba482

SHA512
4a8ac9dda75df8016e9b367b5d76afbab7f4f7f6fdcfe7f36d6273b7709fb992c377d21954a3665c234f84f640342b90161965e5dd09942ff8fbeaa8cccf7b8d

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.1.766\resources\tablo_DE_

Filesize
561KB

MD5
4757da1b4ddb8085be308d987b150a35

SHA1
ce3492d4efa7f87e29c6b53aa7e3ac6d9ee95152

SHA256
9133f9eca9355387159ecfecc7158796305713c4046445d601eb5ded5fc0d3c3

SHA512
025d1e09494ac470f0cdefea6136d928d47f5f795f105603b43f37e43884e2c73da15757dc24f6793760bcc11501a2a4b3832a31f213c6751da20fc866ce9d72

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.1.766\resources\tablo_ES_

Filesize
527KB

MD5
1c5d71e5a413ad550a08fe785f11d94c

SHA1
6c90db1ac6f5aa58202ee350f4e53ae3971be2bb

SHA256
e60f38def5e81c8784a6e09c61bb9577e3bba62a959d01a1a858f1ac30b61643

SHA512
5a74f8161ee5cbca1d935186b28d3650a6632be8d9b558996043decf0ebe05ab81af5ad8d94aa4632e370e596e9db9912c8e08bfaf0e1ef127c0cfd4d059b3af

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.1.766\resources\tablo_GB_

Filesize
403KB

MD5
efda29551136fcc4de2ab4092ff02e21

SHA1
a911fb873c1221efd99e9ca330435788aea01a75

SHA256
c491c7db179d23b53ec7f378f280d971d7b96d738187c1377fed5bc8c89a652c

SHA512
e650b8b567dc658720cf74d8eb5cb6d51b4685f208232b9510a6b8739f8caa7f1d5e5e7b20a98b0b856ee56dce86cdae3eb7cf1b83974cb473011253a0af5c25

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.1.766\resources\tablo_ID_

Filesize
161KB

MD5
2271cc49e222c5fd558572fe9d7808b0

SHA1
6dbcf76e96e67434b8b9f294a61d1185afd9cbba

SHA256
8a4d261a6344c0eca555038eab21dd54d68c3cfbbe6eb11e7792c33f12537d03

SHA512
f3c5b9480dda3b8d7d7c36e5b2d4084c776ddd92d3a1e8086b9bb447486060ba07fb3d7ad9c8a15421d19b82b4e61f60057e94da726e5c8a7362438fa8b1961d

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.1.766\resources\tablo_IT_

Filesize
566KB

MD5
da963f528183e2c335b3523c5b5e667f

SHA1
1b63bc824508cc978916ad6ace199d8058ef53dc

SHA256
bdc01e40b4ac8d262d616d31bef7d8bd2784c918ec9ea76e2be929bfb554585e

SHA512
8e1dca38a869a00bf7eb86b4173850631b1085068da2b49a184ef68029e03b8fe1906d8d0df2f6a5457905570b6dad57191a8175d6581a50092d531bda672e73

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.1.766\resources\tablo_JP_

Filesize
426KB

MD5
eb6d55790b6164b73e275c2401ad0550

SHA1
5c47d0c866925eb05a4b59986921ed60f8a612c4

SHA256
61f5b2ef85394c0034cfb05b650d7f4d9d79ffa87f2f6448566929f27a11411f

SHA512
0d4915979764f168b320e5152adfc18b186c5c966a3d42ba02c81bd5041386e08a89c818aa79d1c76304a3c9a3971982d5c97fc0493f19c1f283a64317acf9f3

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.1.766\resources\tablo_KZ_

Filesize
380KB

MD5
7a9698fd54deaf12679dfa246adf5b60

SHA1
e824691b404a9aafe617c9c88e2063aaa08794bb

SHA256
8ff43d0de20a9e37107bd6428d6ac41843fe4f8261b00b8cea5792b72e365122

SHA512
805d72d8ade2e2018e7dba83bfdc292b3cdc4dff9746e717d74f5955466e55f67f8d03076bf1a6c5f8be37e77f8aaf855044b8b28a0e7f39580dad009fea4e8c

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.1.766\resources\tablo_PT_

Filesize
523KB

MD5
0dde45f225a4290e59bfb55c80d4a51c

SHA1
3ebbbbb509d51a7c8e5cf409068644ad5ddbc09e

SHA256
8acb93ee7331e6b12feb81102b435c4bc044c614ef0fb8e69d2a0116bfe33d40

SHA512
d250d3891165505eb1fb7c5d2ccad397428785e8a6bb689dc56b55f2313f4b11bf402132d6f34ab6e9192453c43b74915bd7ddfafaf1716a954ccabd8b4d28c7

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.1.766\resources\tablo_RU_

Filesize
286KB

MD5
fbd7c40aa538b758a4588a07e88ac57c

SHA1
af30b54822bbd0674cb1ea9a51be19b7a78d43b4

SHA256
4ff2f383821f2e77878e4e624aadda8d4fc942e54803c69747da41c9988919c8

SHA512
bb183fe4b7f197bcf1ef72b5095cf41065f288c1426b006a6b99873969592825b623eeec51642a98fa783f6d7817766747a3f1209c8344559d21614f12c58448

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.1.766\resources\tablo_TR_

Filesize
530KB

MD5
9aac83dab47ce1228e8819cdcf1cceb4

SHA1
c3d60af194dc7be089ea62750ecedbb6e5fa16fe

SHA256
199b7586e0d25718342e3657eedbe81d20968759af4a8a63b04eb9ac6ee56d5f

SHA512
3cf47d3c13c752222a34a94896c005db96927c2d5d4c132655bd7a84bfb9607a0feeccefbfae8e98467cd8642c31d843bba4c6293007ef071d91e7dcfc8bf1b3

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.1.766\resources\tablo_UA_

Filesize
557KB

MD5
1af7c65a09f5b23c8919656a631580db

SHA1
c9dca1523cc25f50bdd8d5ce2d354abb40cf6e5c

SHA256
71f09d4dc7592990580ad74d2f5262c29f98f72e11319daccdbcd1f095cec3f0

SHA512
f39f7490857186663577af939c802757ba35a8b15fd0d7acc9786779f5cd2e179dc41d5b89695abaeaf1b6acc9d20b5754e6201f2ffe55c393e8fedb3ac24eb6

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.1.766\resources\wallpapers\1-1x.png

Filesize
18KB

MD5
80121a47bf1bb2f76c9011e28c4f8952

SHA1
a5a814bafe586bc32b7d5d4634cd2e581351f15c

SHA256
a62f9fdf3de1172988e01a989bf7a2344550f2f05a3ac0e6dc0ccd39ed1a697e

SHA512
a04df34e61fd30764cf344b339ba2636b9280a358863f298690f6a8533c5e5dfa9773a14f8d16a5bb709ea17cf75e1da6302335aa9120009892e529bfad30df9

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.1.766\resources\wallpapers\abstract\light.jpg

Filesize
536KB

MD5
3bf3da7f6d26223edf5567ee9343cd57

SHA1
50b8deaf89c88e23ef59edbb972c233df53498a2

SHA256
2e6f376222299f8142ff330e457867bad3300b21d96daec53579bf011629b896

SHA512
fef8e951c6cf5cec82dbeafd306de3ad46fd0d90e3f41dcea2a6046c95ab1ae39bf8a6e4a696580246c11330d712d4e6e8757ba24bbf180eec1e98a4aec1583b

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.1.766\resources\wallpapers\abstract\light_preview.jpg

Filesize
5KB

MD5
9f6a43a5a7a5c4c7c7f9768249cbcb63

SHA1
36043c3244d9f76f27d2ff2d4c91c20b35e4452a

SHA256
add61971c87104187ae89e50cec62a196d6f8908315e85e76e16983539fba04b

SHA512
56d7bd72c8a380099309c36912513bcafbe1970830b000a1b89256aae20137c88e1e281f2455bb381ab120d682d6853d1ef05d8c57dd68a81a24b7a2a8d61387

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.1.766\resources\wallpapers\custogray\custogray_full.png

Filesize
313B

MD5
55841c472563c3030e78fcf241df7138

SHA1
69f9a73b0a6aaafa41cecff40b775a50e36adc90

SHA256
a7cd964345c3d15840b88fd9bc88f0d0c34a18edbf1ce39359af4582d1d7da45

SHA512
f7433d17937342d9d44aa86bcc30db9ae90450b84aa745d2c7390ff430449e195b693a8ae6df35d05fee2d97149a58a7d881737d57902d9885c6c55393d25d6f

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.1.766\resources\wallpapers\custogray\preview.png

Filesize
136B

MD5
0474a1a6ea2aac549523f5b309f62bff

SHA1
cc4acf26a804706abe5500dc8565d8dfda237c91

SHA256
55a236ad63d00d665b86ff7f91f2076226d5ed62b9d9e8f835f7cb998556545f

SHA512
d8e3de4fea62b29fd719376d33a65367a3a2a2a22ed175cc1eeff3e38dfbaac448c97a6fbea55bc6159351d11a6aad97e09cb12548cf297e01bd23bf6074de08

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.1.766\resources\wallpapers\custogray\wallpaper.json

Filesize
233B

MD5
662f166f95f39486f7400fdc16625caa

SHA1
6b6081a0d3aa322163034c1d99f1db0566bfc838

SHA256
4cd690fb8ed5cd733a9c84d80d20d173496617e8dde6fca19e8a430517349ed5

SHA512
360a175c5e72ff8d2a01ee4e0f365237bbd725b695139ea54afc905e9e57686c5db8864b5abf31373a9cb475adcbdb3db292daf0a53c6eb643a5d61b868ad39b

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.1.766\resources\wallpapers\fir_tree\fir_tree_preview.png

Filesize
8KB

MD5
d6305ea5eb41ef548aa560e7c2c5c854

SHA1
4d7d24befe83f892fb28a00cf2c4121aeb2d9c5d

SHA256
4c2b561cf301d9e98383d084a200deb7555ec47a92772a94453d3d8d1de04080

SHA512
9330009997d62c1804f1e4cf575345016cda8d6a1dd6cb7d2501df65ea2021df6b8a5bc26809ddfc84e6ff9450f1e404c135561b1b00b9e4915c69e84f89cfec

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.1.766\resources\wallpapers\fir_tree\wallpaper.json

Filesize
384B

MD5
8a2f19a330d46083231ef031eb5a3749

SHA1
81114f2e7bf2e9b13e177f5159129c3303571938

SHA256
2cc83bc391587b7fe5ddd387506c3f51840b806f547d203ccd90487753b782f1

SHA512
635828e7b6044eeede08e3d2bb2e68bc0dbbe9e14691a9fb6e2bc9a2ac96526d8b39c8e22918ff2d944fb07b2531077f8febd43028be8213aa2fad858b6ee116

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.1.766\resources\wallpapers\flowers\flowers_preview.png

Filesize
9KB

MD5
ba6e7c6e6cf1d89231ec7ace18e32661

SHA1
b8cba24211f2e3f280e841398ef4dcc48230af66

SHA256
70a7a65aa6e8279a1a45d93750088965b65ea8e900c5b155089ca119425df003

SHA512
1a532c232dd151474fbc25e1b435a5e0d9d3f61372036d97bcaab3c352e7037f1c424b54a8904ef52cf34c13a77b7ab295fb4fd006c3ab86289577f469a6cd4c

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.1.766\resources\wallpapers\flowers\wallpaper.json

Filesize
359B

MD5
4938bc67f6e2d6e8faeb7ba9ca8dbc69

SHA1
7600cfbe9d5e6be6a12642670107857abe36e383

SHA256
3bdb98cfc0379426a56ac7813f4bdd4787bea9ee8a65b7914e62226e584ac977

SHA512
27b680deb837cf7831c2d865f210fa1321fe5a2ee885be1dc058916ae0fa0e6fcf9c9f9de4ee86806dd3ab271c47f79ab621741664b8bdce7be117ff52ef6c85

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.1.766\resources\wallpapers\huangshan\huangshan.jpg

Filesize
211KB

MD5
c51eed480a92977f001a459aa554595a

SHA1
0862f95662cff73b8b57738dfaca7c61de579125

SHA256
713c9e03aac760a11e51b833d7e1c9013759990b9b458363a856fd29ea108eec

SHA512
6f896c5f7f05524d05f90dc45914478a2f7509ea79114f240396791f658e2f7070e783fab6ac284327361dc2a48c5918b9f1c969b90795ceacce2c5c5bfa56ca

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.1.766\resources\wallpapers\huangshan\huangshan.webm

Filesize
9.6MB

MD5
b78f2fd03c421aa82b630e86e4619321

SHA1
0d07bfbaa80b9555e6eaa9f301395c5db99dde25

SHA256
05e7170852a344e2f3288fc3b74c84012c3d51fb7ad7d25a15e71b2b574bfd56

SHA512
404fb2b76e5b549cbcba0a8cf744b750068cbd8d0f9f6959c4f883b35bcaa92d46b0df454719ca1cef22f5924d1243ba2a677b2f86a239d20bfad5365dc08650

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.1.766\resources\wallpapers\huangshan\huangshan_preview.jpg

Filesize
26KB

MD5
1edab3f1f952372eb1e3b8b1ea5fd0cf

SHA1
aeb7edc3503585512c9843481362dca079ac7e4a

SHA256
649c55ccc096cc37dfe534f992b1c7bda68da589258611924d3f6172d0680212

SHA512
ecd9609fbf821239ddcbdc18ef69dade6e32efd10c383d79e0db39389fa890a5c2c6db430a01b49a44d5fa185f8197dbbde2e1e946f12a1f97a8c118634c0c34

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.1.766\resources\wallpapers\meadow\preview.png

Filesize
5KB

MD5
d10bda5b0d078308c50190f4f7a7f457

SHA1
3f51aae42778b8280cd9d5aa12275b9386003665

SHA256
0499c4cc77a64cc89055b3c65d7af8387f5d42399ff2c0a2622eccbd6d481238

SHA512
668e1a70a50a0decf633167ac23cba6916d0e05d0894daae1f7e3d487519f0a126abd4298430b38f52746a5c3b83ccd520b3d9b0ae1a79f893e36821a0458566

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.1.766\resources\wallpapers\meadow\wallpaper.json

Filesize
439B

MD5
f3673bcc0e12e88f500ed9a94b61c88c

SHA1
e96e2b2b5c9de451d76742f04cc8a74b5d9a11c0

SHA256
c6581e9f59646e0a51a3194798ec994c7c5c99f28897108838aaf4a4e2bda04a

SHA512
83fb3fe4a3562449a53c13d1c38d5fe9ef1fa55c3006f59b65eace9a6ad4963e768088bc500dbe5266b5979c6ace77874ef11a15a7bd9fabae00ff137e70ecb5

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.1.766\resources\wallpapers\misty_forest\preview.png

Filesize
5KB

MD5
77aa87c90d28fbbd0a5cd358bd673204

SHA1
5813d5759e4010cc21464fcba232d1ba0285da12

SHA256
ea340a389af6d7ad760dff2016cf4e79488bda1a45d0a415b3cd02a4430c9711

SHA512
759519b8822a6a4b88fc9ba47fa9d5d898b2f5a0f359acfbefc04809e6d7f5df86fb130f191eb6f63322792a18c0e7170aedf3ce7060fd9ad7e1bec2e686c3b2

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.1.766\resources\wallpapers\misty_forest\wallpaper.json

Filesize
423B

MD5
2b65eb8cc132df37c4e673ff119fb520

SHA1
a59f9abf3db2880593962a3064e61660944fa2de

SHA256
ebe9cadad41bd573f4b5d20e3e251410300b1695dfdf8b1f1f1276d0f0f8fa6d

SHA512
c85fe6895453d0c38a1b393307b52d828bad8fa60d1d65bb83ffa3c5e17b71aa13cab60955489198503839ce5a4a6c1bb353752ab107f5e5b97908116c987e52

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.1.766\resources\wallpapers\mountains_preview.jpg

Filesize
35KB

MD5
a3272b575aa5f7c1af8eea19074665d1

SHA1
d4e3def9a37e9408c3a348867169fe573050f943

SHA256
55074794869b59cd5c693dfa6f6615aea068c2cd50cdae6dd69bd0410661ded8

SHA512
c69bf39362658dd6cbd827cf6db0f188a9c4410b3c6b7b532595fd5907974e2141d857942ffb2497282e31eaa33c71240c2c2bd8721046df55e3358e8b76c061

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.1.766\resources\wallpapers\peak\preview.png

Filesize
5KB

MD5
1d62921f4efbcaecd5de492534863828

SHA1
06e10e044e0d46cd6dccbcd4bae6fb9a77f8be45

SHA256
f72ea12f6c972edfe3d5a203e1e42cbbaf4985633de419342c2af31363f33dab

SHA512
eec8171bd3bea92e24066e36801f334ac93905b7e8e50935f360e09fa8c9b9f848c4c62b687299e8297c0693d6dbaf9c6035b471e6345d626510b73e3606ee4d

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.1.766\resources\wallpapers\peak\wallpaper.json

Filesize
440B

MD5
f0ac84f70f003c4e4aff7cccb902e7c6

SHA1
2d3267ff12a1a823664203ed766d0a833f25ad93

SHA256
e491962b42c3f97649afec56ad4ea78fd49845ceb15f36edddd08d9e43698658

SHA512
75e048c1d1db6618ead9b1285846922c16a46ee138a511e21235342a5a6452c467b906578bdd4a56e7b9e0a26535df6fb6319ae1cae238055887b48963fa6ed6

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.1.766\resources\wallpapers\raindrops\raindrops_preview.png

Filesize
7KB

MD5
28b10d683479dcbf08f30b63e2269510

SHA1
61f35e43425b7411d3fbb93938407365efbd1790

SHA256
1e70fc9965939f6011488f81cd325223f17b07ee158a93c32c124602b506aa6b

SHA512
05e5b5e9c5ef61f33a883b0286c2239cb2a464581d6e8a86d7b179b1887b4cb2cd7304e0821cdd3208501421c44c63c248a5166c790792717a90f8ac528fbf2f

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.1.766\resources\wallpapers\raindrops\wallpaper.json

Filesize
385B

MD5
5f18d6878646091047fec1e62c4708b7

SHA1
3f906f68b22a291a3b9f7528517d664a65c85cda

SHA256
bcfea0bebf30ee9744821a61fcce6df0222c1a266e0995b9a8cfbb9156eeeefd

SHA512
893b2077a4abaa2fe89676c89f5e428ccd2420177268159395b5568824dd3fe08bea8a8b2f828c6c9297b19e0f8e3a1b7899315c0b07f4b61fc86ce94301518b

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.1.766\resources\wallpapers\sea.webm

Filesize
12.5MB

MD5
00756df0dfaa14e2f246493bd87cb251

SHA1
39ce8b45f484a5e3aa997b8c8f3ad174e482b1b9

SHA256
fa8d0ae53ebdbec47b533239709b7e1514ecb71278907621ca2d288241eb0b13

SHA512
967670863f3c77af26fa1d44cd7b4fe78148d2ba6ea930b7b29b9f35d606554d664c0577068e0c26fa125d54627d7e7543360bce4acee0af17783b07450b5f52

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.1.766\resources\wallpapers\sea\sea_preview.png

Filesize
3KB

MD5
3c0d06da1b5db81ea2f1871e33730204

SHA1
33a17623183376735d04337857fae74bcb772167

SHA256
02d8e450f03129936a08b67f3a50ea5d2e79f32c4e8f24d34b464f2cb5e0b086

SHA512
ff0e60c94fc3c0c61d356a26667c5170256e1143b29adf23d4e7d27012da72ed8865ef59dc2046314c7335b8d3d331e5fd78f38b9b92f6af48729dae80f85b15

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.1.766\resources\wallpapers\sea\wallpaper.json

Filesize
379B

MD5
92e86315b9949404698d81b2c21c0c96

SHA1
4e3fb8ecf2a5c15141bb324ada92c5c004fb5c93

SHA256
c2bb1e5d842c7e5b1b318f6eb7fe1ce24a8209661ddd5a83ab051217ca7c3f65

SHA512
2834b1ef7bb70b2d24c4fedef87cd32c6e8f401d8ee5f3852808f6a557724ce036c31a71298cd0ed601cde4be59ec4042542351c63c4e0ac3d31419f79240956

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.1.766\resources\wallpapers\sea_preview.jpg

Filesize
59KB

MD5
53ba159f3391558f90f88816c34eacc3

SHA1
0669f66168a43f35c2c6a686ce1415508318574d

SHA256
f60c331f1336b891a44aeff7cc3429c5c6014007028ad81cca53441c5c6b293e

SHA512
94c82f78df95061bcfa5a3c7b6b7bf0b9fb90e33ea3e034f4620836309fb915186da929b0c38aa3d835e60ea632fafd683623f44c41e72a879baf19de9561179

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.1.766\resources\wallpapers\sea_static.jpg

Filesize
300KB

MD5
5e1d673daa7286af82eb4946047fe465

SHA1
02370e69f2a43562f367aa543e23c2750df3f001

SHA256
1605169330d8052d726500a2605da63b30613ac743a7fbfb04e503a4056c4e8a

SHA512
03f4abc1eb45a66ff3dcbb5618307867a85f7c5d941444c2c1e83163752d4863c5fc06a92831b88c66435e689cdfccdc226472be3fdef6d9cb921871156a0828

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.1.766\resources\wallpapers\stars\preview.png

Filesize
6KB

MD5
ed9839039b42c2bf8ac33c09f941d698

SHA1
822e8df6bfee8df670b9094f47603cf878b4b3ed

SHA256
4fa185f67eaf3a65b991cea723d11f78de15a6a9a5235848a6456b98a9d7f689

SHA512
85119055ddfc6bc4cca05de034b941b1743cbb787607c053e8c10309572d2ef223786fc454d962fbb5e3cde5320117f9efe99041116db48916bc3d2fcd4ffa25

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.1.766\resources\wallpapers\stars\wallpaper.json

Filesize
537B

MD5
9660de31cea1128f4e85a0131b7a2729

SHA1
a09727acb85585a1573db16fa8e056e97264362f

SHA256
d1bef520c71c7222956d25335e3ba2ea367d19e6c821fb96c8112e5871576294

SHA512
4cb80766c8e3c77dfb5ca7af515939e745280aa695eca36e1f0a83fb795b2b3ef406472f990a82c727cea42d1b4ef44a0d34a7f4f23e362f2992dbff2527798b

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.1.766\resources\wallpapers\web\wallpaper.json

Filesize
379B

MD5
e4bd3916c45272db9b4a67a61c10b7c0

SHA1
8bafa0f39ace9da47c59b705de0edb5bca56730c

SHA256
7fdddc908bd2f95411dcc4781b615d5da3b5ab68e8e5a0e2b3d2d25d713f0e01

SHA512
4045e262a0808225c37711b361837070d0aeb5d65a32b5d514cc6f3c86962ba68f7d108bf4d81aa3bf645789d0753029a72c1ce34688a6d7af15f3e854c73f07

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.6.1.766\resources\wallpapers\web\web_preview.png

Filesize
8KB

MD5
3f7b54e2363f49defe33016bbd863cc7

SHA1
5d62fbfa06a49647a758511dfcca68d74606232c

SHA256
0bbf72a3c021393192134893777ecb305717ccef81b232961ca97ae4991d9ba8

SHA512
b3b458860701f3bc163b4d437066a58b5d441d8a427a8b03772c9c519c01983e3d3fdb8da20f6a53ad95c88dcdd0298f72822f39bc3672cb6f1d77fcc3f025a9

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\7cf57750-f8c3-41aa-b961-6721c452c9e7.tmp

Filesize
210KB

MD5
75c3616ca92a8c16dc4d3f6b1bf0a4f3

SHA1
2798a3c901c0c4e807627dfe5307b8ccf699c1f5

SHA256
4396247571694324b2e181b5f017155a1e77b08d35f109247e3be340c5926033

SHA512
ddb738f3cabd1bd52c65dcb6103cf3e4b4e7b8f540c685069e7b4b0ae8d51adab69e49daabfcb7c8f655c1d8792bd14907b17b29bef3bb83c2691e70ba4554c2

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
599ef632a26d020f8dfccb8cc476b9d4

SHA1
a4e96d87f1bfad7d9155bee1219f5234fb548e92

SHA256
61a662d6d539f91af47293c4f32691e8c8157ed25f03b0442bf0ca9833e47937

SHA512
93b7ef03c529e5510290cf3c83c189bcb332434e0e3a187a74bc6197f6ab759474b4ec0041e148a0e7148df9f20bfe3f38eb84bfea9d12b95652e2a07c5becb0

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe58e7ac.TMP

Filesize
48B

MD5
b7346f7564b82df6b4880432448c51a5

SHA1
6b55068724cc746f6f89d8966b0c989be6cf0f89

SHA256
e633739fd9c4c968e9e04fbe6fe5db14591b5799b49fab9337490fbf6db68b1a

SHA512
f1f88537dddd0fe0ac495c60b3adfc837826bbffb4df9ef551cd2608b49262575ef1eb5e352f1acf4cb4e5e366444416580e7a951a05a2e8c78e99bee5d2a0c7

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\Network Persistent State

Filesize
1018B

MD5
f06a08aeeed61a9ccd0c94b34bd32e38

SHA1
0cb9382ae574711c878e2f1e2557735ed6c52486

SHA256
b61d6aa0d9398688b386db36a21ad0eada9ace0d7b0582f476c1db33e8253a65

SHA512
9a8bcd014f25024bfd1d58db9946a6efa14918293e68b554d5af9789a1542dcdd5c7647debfaf0368828a2f1db6f30fb1d7e373068f1f5d296237fdc8de836f1

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\Network Persistent State~RFe59af80.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3bdb7ec6b7887c6f2a66b8307b5dfea0

SHA1
06843a36ac1c771621fd67d1a9df13a5902e260f

SHA256
e4e3c67fb7e0608953572ccf5bad76e8da99eeccd29b077418b94a4d6fece7cd

SHA512
72ab263efe0481938a91b7736655f67e6cab13eb9ce10638bfdfd8958476d4291a12a7a7e10608ac2d8365b25054b0b1820637bc67f00435e5d2cb978e7f0f1e

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
44307bc5b4e8c24d79be174a71d5245d

SHA1
29f4f97aa8fb4bb76eb498c998b94a42db39adf7

SHA256
1d771e26d2bb4389b7ead80bafeb913e5c5b3b829e458ce7c853e2a6fb706c8c

SHA512
558026d4a34e52bf7d31528f7d886f9e9a7aab4dd3cd9c5a78b8317110e9806189273f3863f3e9109dd04a38bc18dbb6e7ec8dbb24c3b6ea88927e5e051398d6

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3b073b0788dedd212e25bd3546f74696

SHA1
6f9225457947ab1433a8963005c7b24cca9b7ed9

SHA256
ea33002b8fbe2cc84f41895029d2bd82f261e5c81d06ffe8eb75e5117500620a

SHA512
c10cd898b11df277739d3b0923d8332f921e500fde1d9b9990f2ed823f8e1ffc9b8f1dc8cc9ce7c997d53de1508e01dbbc1a2f4f96c6af1f264fa224ff8305e0

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
63a035ad52b2dc61810beaff1852cef6

SHA1
4c9fb13c68ce2d112d8d2031a0f7d31bdc368877

SHA256
1fcb500bca0e04c3c4f56bee804eb183dd2dd75a20e5efdf1864fe3ac189d68f

SHA512
d4b4c61af2d58a3e6a6bd242efaa49eb926a1d231ef2dd0958f581303b61dd49c0d34610f8e6ae537308ad711402fb9602d355e85614526c3e74a02c547a4dd9

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
aab5f2cd326ec299649f2a1db5d3dbab

SHA1
cbc2ae4bccb44003004c328953c7c2c83b5efe0c

SHA256
23f9f5b067114bcf886b7691d71faf560b8413f62b74214f3d9f7bbf17004ef8

SHA512
5731724e0f3518ee095be2c9a3ec973d946fdceb051f9bd497fa42bc2d8ceffe33e64deed48e4c3048eadd60019af77c101819b6300cca0df12582f0cf76d497

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d72bd810c9f811cab321b124e40cf751

SHA1
e3adeca12ba8c97b5731c2f1a50479407540ad97

SHA256
710055552683c1ab9d092bf1571462df05a9d4cf467da37061e242f8725e2b40

SHA512
8e193c288089ae6266720f12ac2908b599129c69c9383b03b3ba01c610709a82bfbce5cf2a7cc7b7e6f78fbeaa70f5afd23421505fdf026a41deb2f57acc8b25

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity~RFe58ff1c.TMP

Filesize
356B

MD5
0e429d24ccfd5177cf7fc08a5cf1508b

SHA1
02387ca5acfd0a464bf9a59606344c7c325ce6d6

SHA256
2195f69ffe3b75aa5539769ad30f2d1819970554a4969958fd37b8fa16426859

SHA512
2d78363693b349c5886c7afcb3627a36d31a3f2dd7f27d46130443e37f2a8d7e99b340826151b32d21f76432d893b247ba56914b9ed12e1ca014aa5b54b07b8c

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

Filesize
11KB

MD5
8327947d4d603f4cef7676a31738067b

SHA1
e5ed68f04510c777e754d3105784a35b37b15fab

SHA256
6172ebe00493ad6dbd5dd1895ec44091280c98bdfcadfcdb86dc6f6ae213d604

SHA512
a8034db3c51875f74a196e4e1d5e64e2e5bce7160ffc246ff3701033b24d6e48e64e26df39ef10822503676303bdd3240e5ad9d5643ce81b20cfe4e189e4973c

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

Filesize
7KB

MD5
16b2fe3f39a7414b5cd45d83a3d751d4

SHA1
05b47545c4391a434c248d4123369817c8877dcb

SHA256
e7222041a2e870b43fee97e6eabc8a49fc0b0f05403ab56cc6f617e479c021b9

SHA512
32c3acc4ead0a2720536b51eb4a8bc62419ec1e55b39bcb1b036ab9b0d065ce9634de14a0d6c7b55e92eceb54e01cd8b93b2dcae5db7c3f0f9cca1ee579a7b4f

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

Filesize
12KB

MD5
00c0b90a54b085e2343ecb71f8792d19

SHA1
a4d43d1a49e95e4771309dec099a1b75186ea602

SHA256
6d25854a9049bbf170e8272e5343b39da6d0980b1a3b6c6acfd8b70468b8c6cf

SHA512
bb6028e64daa03a3815e3c23ab52eb25440674afb2f2757032ce41f96cd858444b00d9f88834fc908e0487cf97bf51d05665664f6b0c994b33713e21886ee1af

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

Filesize
12KB

MD5
4503e444bfac568dadc904f396e01b78

SHA1
caca4085702ea72e842f5b1ffc4fcf8f9f88026d

SHA256
3db7d68c817cb020ed4f59dfb2946e744affebc789abf3e56ad660cb62b9913c

SHA512
256213c5014dd925673ec00f645a4f03cd2d022b3901aebe4e060a087305c59e3eab615a7f4a92d30bffdad06b5eac788cf01ffb146a7750c7c3628535ec95d6

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences~RFe5896cc.TMP

Filesize
3KB

MD5
36db8c5cff47c29f8b58e971685d2bed

SHA1
9fab7f2a73e1b196cfa04acf2fb0dedf6359576f

SHA256
2e6e05699e9e398a5a898cedca2babbb5532c0e52dd41ee1576fd41f97d5d63d

SHA512
e5a1886325b3a4a3bdbc7855b3c41ef461f87f195f4796cfddb430630b111b4b267dc1c3380164ee38c72765edca37158017e45aabe1afe152ca18f4f0b1bd53

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Secure Preferences

Filesize
10KB

MD5
9d96040d36743c99d2d040b26516bf9d

SHA1
982576a728a956110bf8366b0733a61d2364a30e

SHA256
01112bed9ab6dd362c1b2193069a048dc90ceb60440c8d98b7f29cdb2fb5876e

SHA512
fe6e423fa0d37c823ea1f082b5d807cc85d819677568fae75d264fda0da2a6340bc4c8483d88b01bd5f51b4f5158a8ea17235d87a5941da65519a2ae5881b23c

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Secure Preferences~RFe5898e0.TMP

Filesize
1KB

MD5
136df357360b7f929bc045e19ca8ec53

SHA1
1e8189329b01202dfcceb0b6e243fbdf8960bbb6

SHA256
e246b9b40bd25fc6c618fb390457071971f41954a326c963e8f5f13e72ce9f49

SHA512
5cbcc3411d3c231726e0e2822551e0a5d7293e6671497dda773d68c088e3e581694c9fbfe903fb966dd9e5ed32950c77fac4812573c09290050e6fa05b975e35

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Sync Data\LevelDB\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\5ea260da-0909-433e-a17f-b3d2b9e45c45\index-dir\the-real-index

Filesize
3KB

MD5
a0ebfef436e83fb6a4a215f9096b98d7

SHA1
a0ccb09254727e8fd651f7133735059aa507b3bd

SHA256
4c9ad11f83beaf250c82fd4ea0bda152b0f534d3d736f90a441df91ff7153e8e

SHA512
05ecfcfabb99eab35aff1180b652d5da4048374fe79e027090f8491a6e54703e0f86928b7d3ed43e220fe6165f9f82a27788c3fec84cc77324e598273cd99df1

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\web_ntp_cache\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\fipcnjpflgbbjnfeonhlfgalcilbfaie\Icons\128.png

Filesize
12KB

MD5
e4e50cc5b187d2c380bd98cda0ce9140

SHA1
4b9e71a015e7201eedec8b1cd51219b18e232eab

SHA256
b7e5aff778e8930f415ae444c9caa6fc4eb6a26bfee7d80603c6c69a645a2702

SHA512
fd454ffcbd68f1071dd5d54a221b3f41aee88be38b5acb63bc285d04232da9d13fdb9011a85f87c579043d7987f0863e6ec8b3ac1013454ee6bffa5acf4e67cf

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\fipcnjpflgbbjnfeonhlfgalcilbfaie\Icons\16.png

Filesize
752B

MD5
4ba9bff449aa818bd40d00277c088df7

SHA1
3fd8742ca57a086075239e1c2f76821177aac653

SHA256
1532cd8dd902ae80ed72d42304d8a43194cca7d18b0c993fa4ac938a8631b702

SHA512
8dee24d83ceabe5728dc4cd38f21de57ae7355db34818976d117adfe37e2687b8630d353dde0d5815354c63b75d960769ad151d0717213924b1a8a1abb406573

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\fipcnjpflgbbjnfeonhlfgalcilbfaie\Icons\256.png

Filesize
24KB

MD5
1535a76a498b65bee06ded1c5f50e4a1

SHA1
018661eeef38f3d500aedbfe207d832b0f90a42f

SHA256
3bca4e4770c35facfc30643c961cdd582df578fbe5c8dc4fac0b58bb11dd4e5d

SHA512
87005610e053dde9f81f2f86e41170b6470678a8dd6963b0bb979e1ae0c493c204f93fdc002a4cf76d17bf627750968802dd0773afe5d5cc6a8fbd4a8425f3bf

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\fipcnjpflgbbjnfeonhlfgalcilbfaie\Icons\32.png

Filesize
1KB

MD5
b2e115beeb708b1128414a99e1364795

SHA1
7133bd55ba21daa3a1309e89e4ae6add3c7e582e

SHA256
db9a7fa18af97a9ed6d6936b6661da6d5438f3580191a879079e444a1675405d

SHA512
3760e8ba321ea5265ec92340768b2f8f3247b97751f7998c48694e7890c3521bca126dedaa26272b0b570f2e4338e42b6f377f9afbe581ba7a7d51730379bffe

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\fipcnjpflgbbjnfeonhlfgalcilbfaie\Icons\48.png

Filesize
2KB

MD5
d2febeac064e50019485b7eed903fc19

SHA1
83d85f246a6cb8d55d7d159a82163cbca82a5476

SHA256
086dbea695a07a1c9a128e217c75f33feed49be7c48b86987928ed1286145994

SHA512
592d28728d6278ea1a7425122c88a556e4584107bab883915cd5a7414abfeec2f3ca6efa89b78147399a12943261a80f1931d721363e52e82afe0675a03c63a1

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\fipcnjpflgbbjnfeonhlfgalcilbfaie\Icons\64.png

Filesize
4KB

MD5
8440c3597e83ff1c7a7cf59556cf5a2c

SHA1
cb5f1dce00457d8475dae15df3dd71f66c43060e

SHA256
bf089d45819bf9d044583525c34ec0a1199fbd8ae1858f8d3eea07ee332b2a59

SHA512
5b00af8c7ac557c8bc2ec9f9afee1e91cf06c33ee3deabfec7dd4b382a12ff0a942f90c501c44e66b38f38e448b465fa55a8c74e8afbb357e3c2e1381aef4628

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\fipcnjpflgbbjnfeonhlfgalcilbfaie\Icons\96.png

Filesize
8KB

MD5
4f2707f07034b3bff67c301f7e849d2e

SHA1
3c3fc972f9eb7b670d94b018356a78067851c2d2

SHA256
ef2af430071fedf5ca3a58ee3370ed517aeac8ed39860cb914c69730f9dec188

SHA512
1ef91c533c93ed39246514be9bb4817bc553f755a08c0f36d6f0f40c31a73ccc1003fb422e4ada109d15048c80abb7da2a13bc5a5557ea189bd528c1e3a9cb2b

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\d2874fd7-7ae7-4c31-8bfd-837ce197a911.tmp

Filesize
160KB

MD5
e83f8ddcd8a44db1f17574eb0f501331

SHA1
0b30ec881ad62158f896ea47f5c70db3806aefd6

SHA256
3bae34ca8c4ca34ad7177a57d3934891651bea573f72a7da8cdf004f897ffee3

SHA512
8a246ea1417825e1de0ee26af667c849175659441dac4c9f115d58ebb68abaac9245b231d787edfa72384ebdf0f170e871fca352b441faa41bc2984bc1a56223

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\turboapp_db.json

Filesize
36KB

MD5
6722c85f206e89bbbd9a3732bfec0c43

SHA1
fac2a569bff24c3d1b75999ef740151581121e53

SHA256
ecb613a00f86c19b560ef32618d78cca122a8c5c890f1259d45e1e11336bb356

SHA512
383c47667cdd459e862639df5dd61fe0114c00462ea02206632b62a8e91e8f3f7fcee48a01f744b55a9dbbd7fe0e5735886b90401ca8580e2d6475fe4b30afe9

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\turboapp_db.json~RFe589c0c.TMP

Filesize
22KB

MD5
0155e850f444c7acaec3b15eeb438fb1

SHA1
7083266e377bf39038fbe54281d2ec1f0963a1c5

SHA256
5dba8526d1872973ef579411f83f60e57b3b9387054cec2d58fad0774b024579

SHA512
c06005435ff22621231384355e5c53ca45ee9ac927382f0a615d9ff32897473664838d7daeb584d33fd99a2144c4631441fbb79c9bc6668793fe5c66f637a9c7

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\GrShaderCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\GrShaderCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\GrShaderCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
b4abb0322d966c354c5ac7f001c3ccfc

SHA1
829fa4b39311fa5a412a349a1b79a954dd923589

SHA256
fe610ce4c96fa2ccc516056c1068c24a2a52312892b09a745c9bbe7f2bd35770

SHA512
4d281926f85608c1c32f8e7c8a912787bfa0a1a2334dc4098641dd20614237574c61a67dd1bc1d75e33ee9bd571d74ff41b8c424f40f59423c140d14497b7e11

Download Submit
C:\Windows\TEMP\sdwra_3612_1611613164\service_update.exe

Filesize
2.9MB

MD5
640d5c17c78283c43f02abc001a701fa

SHA1
640de7ea486310a0006f003b98107460b01611cb

SHA256
480ca1ca69e5ef3e0ae7a5bd1a242fdd80c68bdaf1f328a03e4c95d2cf7853b7

SHA512
e333b638d6b44834200ac13d64d7e82f8be5ecf334bf70b97e673a65bec7caf65371787e77cf6ff5e927b6fa056505db1447755116c96e44d0183d2859ba3c6f

Download Submit
\??\pipe\LOCAL\crashpad_4964_NUZNKJNOMBSGDYQM

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/532-1207-0x00007FFA7BF40000-0x00007FFA7BF41000-memory.dmp

Filesize
4KB

Download
memory/532-2328-0x0000020C8F3D0000-0x0000020C8F3FB000-memory.dmp

Filesize
172KB

Download
memory/4768-2317-0x000001E646010000-0x000001E64603B000-memory.dmp

Filesize
172KB

Download
memory/5680-1209-0x00007FFA7ABA0000-0x00007FFA7ABA1000-memory.dmp

Filesize
4KB

Download
memory/5680-1210-0x00007FFA7C2D0000-0x00007FFA7C2D1000-memory.dmp

Filesize
4KB

Download