47a6ad15849a40b428923da090be3fac091d72bdbafe1e7ec4c2e8c878abe0cf

Analysis

max time kernel
93s
max time network
87s
platform
windows11-21h2_x64
resource
win11-20250218-en
submitted
20/02/2025, 05:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Yandex.exe
Size

9.9MB
MD5

c1436035efcccf475139d86a5f0cf567
SHA1

ccefebbf217ab02ebf93c66bfbe465f7854723ed
SHA256

47a6ad15849a40b428923da090be3fac091d72bdbafe1e7ec4c2e8c878abe0cf
SHA512

c2527c16e58cb791879d7067e4783688319772cbb0c9b340a1a663bf4d0209d0d4837a67d1b734edbabfb0df10a83910b52f3a9071ffe3cf0640b57378f22e76
SSDEEP

98304:styix9uytNA7DyMrwAPf4xNTEY9xFUkcVwNSHfbv/kaIhThw6Q1f+hl/hjY4+ias:stjx9+ZH4NTx9Pe20/zkaiu1f+79YRs

Score

7^/10

discovery persistence spyware stealer

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
4120	yb2CD7.tmp
1156	setup.exe
4648	setup.exe
2296	setup.exe
3240	service_update.exe
4608	service_update.exe
2400	service_update.exe
5036	service_update.exe
2288	service_update.exe
1616	service_update.exe
2484	explorer.exe
384	explorer.exe
1908	Yandex.exe
1092	explorer.exe
1452	clidmgr.exe
2544	clidmgr.exe
4176	browser.exe
4168	browser.exe
4668	browser.exe
2584	browser.exe
2988	browser.exe
1908	browser.exe
2940	browser.exe
4360	browser.exe
2428	browser.exe
2372	browser.exe
3192	browser.exe
5340	setup.exe
6000	setup.exe
2332	browser.exe
4792	browser.exe
5996	browser.exe
5128	browser.exe
5804	browser.exe
6168	browser.exe
6612	browser.exe
6764	browser.exe
1732	browser.exe
5308	browser.exe
5368	browser.exe
5384	browser.exe
5092	browser.exe
5304	browser.exe
1040	browser.exe
6228	browser.exe
6268	browser.exe
6280	browser.exe
6292	browser.exe
6524	browser.exe
6572	browser.exe
6552	browser.exe
6352	browser.exe
6812	browser.exe
6864	browser.exe
2828	browser.exe
8	browser.exe
3932	browser.exe
6540	browser.exe
3736	browser.exe
5084	browser.exe
1852	browser.exe
3884	browser.exe
6032	browser.exe
5408	browser.exe

Loads dropped DLL 64 IoCs

pid	Process
4176	browser.exe
4168	browser.exe
4176	browser.exe
4668	browser.exe
4668	browser.exe
2584	browser.exe
2584	browser.exe
1908	browser.exe
1908	browser.exe
2988	browser.exe
2988	browser.exe
2940	browser.exe
2940	browser.exe
4360	browser.exe
4360	browser.exe
4668	browser.exe
4668	browser.exe
4668	browser.exe
2428	browser.exe
2428	browser.exe
2372	browser.exe
2372	browser.exe
4668	browser.exe
4668	browser.exe
4668	browser.exe
3192	browser.exe
3192	browser.exe
4792	browser.exe
2332	browser.exe
4792	browser.exe
2332	browser.exe
5996	browser.exe
5996	browser.exe
5128	browser.exe
5128	browser.exe
5804	browser.exe
5804	browser.exe
6168	browser.exe
6168	browser.exe
6612	browser.exe
6612	browser.exe
1732	browser.exe
1732	browser.exe
5308	browser.exe
5308	browser.exe
5368	browser.exe
5384	browser.exe
5368	browser.exe
5384	browser.exe
5092	browser.exe
5092	browser.exe
5304	browser.exe
5304	browser.exe
1040	browser.exe
1040	browser.exe
6268	browser.exe
6228	browser.exe
6280	browser.exe
6228	browser.exe
6280	browser.exe
6292	browser.exe
6524	browser.exe
6292	browser.exe
6524	browser.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2287204051-441334380-1151193565-1000\Software\Microsoft\Windows\CurrentVersion\Run\YandexBrowserAutoLaunch_45886AE68CD319C7351FF54A1DBD4B87 = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --shutdown-if-not-closed-by-system-restart"	browser.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks system information in the registry 2 TTPs 4 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	browser.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	browser.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	browser.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	browser.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\system32\config\systemprofile\AppData\Roaming\Yandex\ui	service_update.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Yandex\YandexBrowser\25.2.1.887\service_update.exe	service_update.exe
File opened for modification	C:\Program Files (x86)\Yandex\YandexBrowser\25.2.1.887\service_update.exe	service_update.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SystemTemp\scoped_dir5340_1899256918\w.bin	setup.exe
File opened for modification	C:\Windows\SystemTemp\scoped_dir5340_1899256918\w.bin	setup.exe
File opened for modification	C:\Windows\SystemTemp\scoped_dir5340_2069554386\w.bin	setup.exe
File opened for modification	C:\Windows\SystemTemp	service_update.exe
File opened for modification	C:\Windows\SystemTemp\scoped_dir5340_410983273\w.bin	setup.exe
File created	C:\Windows\SystemTemp\scoped_dir5340_238975944\d.bin	setup.exe
File created	C:\Windows\Tasks\Обновление Браузера Яндекс.job	browser.exe
File opened for modification	C:\Windows\SystemTemp	service_update.exe
File created	C:\Windows\Tasks\Repairing Yandex Browser update service.job	service_update.exe
File opened for modification	C:\Windows\SystemTemp	browser.exe
File created	C:\Windows\SystemTemp\scoped_dir5340_1299448115\w.bin	setup.exe
File created	C:\Windows\SystemTemp\scoped_dir5340_238975944\w.bin	setup.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4176_720538547\_metadata\yandex\verified_contents.json	browser.exe
File created	C:\Windows\SystemTemp\scoped_dir4648_497210581\explorer.exe	setup.exe
File created	C:\Windows\SystemTemp\scoped_dir5340_1369415200\d.bin	setup.exe
File opened for modification	C:\Windows\SystemTemp\scoped_dir5340_1248562276\w.bin	setup.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4176_720538547\script	browser.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4176_1968348478\_platform_specific\win_x64\widevinecdm.dll.sig	browser.exe
File opened for modification	C:\Windows\SystemTemp\yandex_browser_installer.log	setup.exe
File opened for modification	C:\Windows\SystemTemp\scoped_dir3192_1033580486\places.sqlite	browser.exe
File created	C:\Windows\SystemTemp\scoped_dir5340_1899256918\d.bin	setup.exe
File opened for modification	C:\Windows\SystemTemp\scoped_dir5340_1369415200\w.bin	setup.exe
File created	C:\Windows\SystemTemp\scoped_dir5340_1248562276\d.bin	setup.exe
File created	C:\Windows\SystemTemp\scoped_dir5340_1248562276\w.bin	setup.exe
File opened for modification	C:\Windows\SystemTemp	service_update.exe
File created	C:\Windows\Tasks\System update for Yandex Browser.job	service_update.exe
File opened for modification	C:\Windows\SystemTemp	explorer.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4176_720538547\manifest.json	browser.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4176_1968348478\LICENSE	browser.exe
File opened for modification	C:\Windows\SystemTemp\yandex_browser_service_update.log	service_update.exe
File opened for modification	C:\Windows\SystemTemp\yandex_browser_installer.log	setup.exe
File created	C:\Windows\SystemTemp\scoped_dir5340_1299448115\d.bin	setup.exe
File opened for modification	C:\Windows\SystemTemp	service_update.exe
File created	C:\Windows\SystemTemp\scoped_dir5340_2069554386\w.bin	setup.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4176_1968348478\manifest.fingerprint	browser.exe
File created	C:\Windows\SystemTemp\scoped_dir3192_1033580486\places.sqlite	browser.exe
File opened for modification	C:\Windows\SystemTemp\scoped_dir3192_1033580486\places.sqlite-journal	browser.exe
File created	C:\Windows\Tasks\Update for Yandex Browser.job	service_update.exe
File opened for modification	C:\Windows\SystemTemp	browser.exe
File created	C:\Windows\SystemTemp\scoped_dir5340_780036860\w.bin	setup.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File created	C:\Windows\SystemTemp\scoped_dir5340_410983273\w.bin	setup.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4176_1968348478\manifest.json	browser.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\yandex_browser_service_update.log	service_update.exe
File created	C:\Windows\SystemTemp\scoped_dir3192_1033580486\places.sqlite-wal	browser.exe
File created	C:\Windows\SystemTemp\scoped_dir5340_2069554386\d.bin	setup.exe
File opened for modification	C:\Windows\SystemTemp\scoped_dir5340_780036860\w.bin	setup.exe
File opened for modification	C:\Windows\SystemTemp\yandex_browser_service_update.log	service_update.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4176_720538547\manifest.fingerprint	browser.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4176_1968348478\_platform_specific\win_x64\widevinecdm.dll	browser.exe
File created	C:\Windows\SystemTemp\scoped_dir3192_1033580486\places.sqlite-shm	browser.exe
File created	C:\Windows\SystemTemp\scoped_dir5340_1369415200\w.bin	setup.exe
File created	C:\Windows\SystemTemp\scoped_dir5340_410983273\d.bin	setup.exe
File opened for modification	C:\Windows\SystemTemp\scoped_dir5340_1299448115\w.bin	setup.exe
File created	C:\Windows\SystemTemp\scoped_dir5340_780036860\d.bin	setup.exe
File opened for modification	C:\Windows\SystemTemp\scoped_dir3192_1033580486\places.sqlite-wal	browser.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\yandex_browser_installer.log	setup.exe
File opened for modification	C:\Windows\SystemTemp\yandex_browser_service_update.log	service_update.exe
File opened for modification	C:\Windows\SystemTemp	service_update.exe
File opened for modification	C:\Windows\SystemTemp\yandex_browser_service_update.log	service_update.exe
File opened for modification	C:\Windows\SystemTemp	service_update.exe
File opened for modification	C:\Windows\SystemTemp\yandex_browser_installer.log	explorer.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	clidmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	clidmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Yandex.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Yandex.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Yandex.exe

Enumerates system info in registry 2 TTPs 7 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	browser.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	browser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	browser.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	browser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	browser.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	browser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	browser.exe

Modifies data under HKEY_USERS 6 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	browser.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133845023397809396"	browser.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\Yandex	service_update.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	service_update.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\AppDataLow	service_update.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\Yandex\UICreated_SYSTEM = "1"	service_update.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2287204051-441334380-1151193565-1000_Classes\.crx\ = "YandexBrowser.crx"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2287204051-441334380-1151193565-1000_Classes\YandexTIFF.WU7O2MUYXRLYMH3MDL5O6RAJ3Q\DefaultIcon	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2287204051-441334380-1151193565-1000_Classes\YandexWEBP.WU7O2MUYXRLYMH3MDL5O6RAJ3Q\ = "Yandex Browser WEBP Document"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2287204051-441334380-1151193565-1000_Classes\YandexWEBP.WU7O2MUYXRLYMH3MDL5O6RAJ3Q\Application	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2287204051-441334380-1151193565-1000_Classes\SystemFileAssociations\.jpg	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2287204051-441334380-1151193565-1000_Classes\YandexCSS.WU7O2MUYXRLYMH3MDL5O6RAJ3Q\Application\ApplicationIcon = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,0"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2287204051-441334380-1151193565-1000_Classes\YandexGIF.WU7O2MUYXRLYMH3MDL5O6RAJ3Q\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-107"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2287204051-441334380-1151193565-1000_Classes\.gif\OpenWithProgids	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2287204051-441334380-1151193565-1000_Classes\YandexHTML.WU7O2MUYXRLYMH3MDL5O6RAJ3Q\Application\ApplicationIcon = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,0"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2287204051-441334380-1151193565-1000_Classes\YandexXML.WU7O2MUYXRLYMH3MDL5O6RAJ3Q	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2287204051-441334380-1151193565-1000_Classes\YandexCRX.WU7O2MUYXRLYMH3MDL5O6RAJ3Q\Application\ApplicationDescription = "Яндекс\u00a0Браузер – это быстрая и\u00a0удобная программа для\u00a0работы в\u00a0интернете и\u00a0просмотра веб-страниц."	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2287204051-441334380-1151193565-1000_Classes\YandexCSS.WU7O2MUYXRLYMH3MDL5O6RAJ3Q	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2287204051-441334380-1151193565-1000_Classes\YandexPNG.WU7O2MUYXRLYMH3MDL5O6RAJ3Q\Application	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2287204051-441334380-1151193565-1000_Classes\YandexGIF.WU7O2MUYXRLYMH3MDL5O6RAJ3Q\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2287204051-441334380-1151193565-1000_Classes\YandexSVG.WU7O2MUYXRLYMH3MDL5O6RAJ3Q\shell	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2287204051-441334380-1151193565-1000_Classes\YandexTXT.WU7O2MUYXRLYMH3MDL5O6RAJ3Q\ = "Yandex Browser TXT Document"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2287204051-441334380-1151193565-1000_Classes\.tif\OpenWithProgids\YandexTIFF.WU7O2MUYXRLYMH3MDL5O6RAJ3Q	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2287204051-441334380-1151193565-1000_Classes\.webm\OpenWithProgids\YandexWEBM.WU7O2MUYXRLYMH3MDL5O6RAJ3Q	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2287204051-441334380-1151193565-1000_Classes\YandexCSS.WU7O2MUYXRLYMH3MDL5O6RAJ3Q\DefaultIcon	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2287204051-441334380-1151193565-1000_Classes\.gif	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2287204051-441334380-1151193565-1000_Classes\.xht\OpenWithProgids	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2287204051-441334380-1151193565-1000_Classes\SystemFileAssociations\.tif\shell\image_search\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --image-search=\"%1\""	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2287204051-441334380-1151193565-1000_Classes\YandexCSS.WU7O2MUYXRLYMH3MDL5O6RAJ3Q\ = "Yandex Browser CSS Document"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2287204051-441334380-1151193565-1000_Classes\YandexCSS.WU7O2MUYXRLYMH3MDL5O6RAJ3Q\Application\ApplicationDescription = "Яндекс\u00a0Браузер – это быстрая и\u00a0удобная программа для\u00a0работы в\u00a0интернете и\u00a0просмотра веб-страниц."	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2287204051-441334380-1151193565-1000_Classes\.tiff\OpenWithProgids\YandexTIFF.WU7O2MUYXRLYMH3MDL5O6RAJ3Q	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2287204051-441334380-1151193565-1000_Classes\YandexFB2.WU7O2MUYXRLYMH3MDL5O6RAJ3Q\AppUserModelId = "Yandex.WU7O2MUYXRLYMH3MDL5O6RAJ3Q"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2287204051-441334380-1151193565-1000_Classes\YandexSVG.WU7O2MUYXRLYMH3MDL5O6RAJ3Q\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-123"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2287204051-441334380-1151193565-1000_Classes\YandexGIF.WU7O2MUYXRLYMH3MDL5O6RAJ3Q\Application\ApplicationIcon = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,0"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2287204051-441334380-1151193565-1000_Classes\YandexTXT.WU7O2MUYXRLYMH3MDL5O6RAJ3Q\shell	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2287204051-441334380-1151193565-1000_Classes\.fb2\OpenWithProgids\YandexFB2.WU7O2MUYXRLYMH3MDL5O6RAJ3Q	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2287204051-441334380-1151193565-1000_Classes\YandexINFE.WU7O2MUYXRLYMH3MDL5O6RAJ3Q\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2287204051-441334380-1151193565-1000_Classes\YandexPNG.WU7O2MUYXRLYMH3MDL5O6RAJ3Q\Application\AppUserModelId = "Yandex.WU7O2MUYXRLYMH3MDL5O6RAJ3Q"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2287204051-441334380-1151193565-1000_Classes\YandexSWF.WU7O2MUYXRLYMH3MDL5O6RAJ3Q\Application\ApplicationCompany = "Yandex"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2287204051-441334380-1151193565-1000_Classes\.htm	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2287204051-441334380-1151193565-1000_Classes\.xht	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2287204051-441334380-1151193565-1000_Classes\YandexJS.WU7O2MUYXRLYMH3MDL5O6RAJ3Q\Application\ApplicationIcon = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,0"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2287204051-441334380-1151193565-1000_Classes\.gif\OpenWithProgids\YandexGIF.WU7O2MUYXRLYMH3MDL5O6RAJ3Q	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2287204051-441334380-1151193565-1000_Classes\YandexHTML.WU7O2MUYXRLYMH3MDL5O6RAJ3Q\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2287204051-441334380-1151193565-1000_Classes\YandexCRX.WU7O2MUYXRLYMH3MDL5O6RAJ3Q	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2287204051-441334380-1151193565-1000_Classes\YandexTIFF.WU7O2MUYXRLYMH3MDL5O6RAJ3Q\Application	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2287204051-441334380-1151193565-1000_Classes\YandexPDF.WU7O2MUYXRLYMH3MDL5O6RAJ3Q\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2287204051-441334380-1151193565-1000_Classes\.xht\OpenWithProgids\YandexHTML.WU7O2MUYXRLYMH3MDL5O6RAJ3Q	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2287204051-441334380-1151193565-1000_Classes\YandexCSS.WU7O2MUYXRLYMH3MDL5O6RAJ3Q\Application	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2287204051-441334380-1151193565-1000_Classes\YandexEPUB.WU7O2MUYXRLYMH3MDL5O6RAJ3Q\ = "Yandex Browser EPUB Document"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2287204051-441334380-1151193565-1000_Classes\YandexFB2.WU7O2MUYXRLYMH3MDL5O6RAJ3Q\Application\ApplicationName = "Yandex"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2287204051-441334380-1151193565-1000_Classes\YandexCSS.WU7O2MUYXRLYMH3MDL5O6RAJ3Q\Application\AppUserModelId = "Yandex.WU7O2MUYXRLYMH3MDL5O6RAJ3Q"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2287204051-441334380-1151193565-1000_Classes\YandexCSS.WU7O2MUYXRLYMH3MDL5O6RAJ3Q\Application\ApplicationIcon = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,0"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2287204051-441334380-1151193565-1000_Classes\YandexWEBM.WU7O2MUYXRLYMH3MDL5O6RAJ3Q\shell\open	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2287204051-441334380-1151193565-1000_Classes\YandexHTML.WU7O2MUYXRLYMH3MDL5O6RAJ3Q\shell	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2287204051-441334380-1151193565-1000_Classes\YandexSWF.WU7O2MUYXRLYMH3MDL5O6RAJ3Q\ = "Yandex Browser SWF Document"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2287204051-441334380-1151193565-1000_Classes\YandexWEBM.WU7O2MUYXRLYMH3MDL5O6RAJ3Q\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2287204051-441334380-1151193565-1000_Classes\YandexPDF.WU7O2MUYXRLYMH3MDL5O6RAJ3Q\shell\open	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2287204051-441334380-1151193565-1000_Classes\YandexCRX.WU7O2MUYXRLYMH3MDL5O6RAJ3Q\Application\AppUserModelId = "Yandex.WU7O2MUYXRLYMH3MDL5O6RAJ3Q"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2287204051-441334380-1151193565-1000_Classes\YandexINFE.WU7O2MUYXRLYMH3MDL5O6RAJ3Q\ = "Malware Infected File"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2287204051-441334380-1151193565-1000_Classes\YandexSWF.WU7O2MUYXRLYMH3MDL5O6RAJ3Q\Application\ApplicationDescription = "Яндекс\u00a0Браузер – это быстрая и\u00a0удобная программа для\u00a0работы в\u00a0интернете и\u00a0просмотра веб-страниц."	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2287204051-441334380-1151193565-1000_Classes\YandexCSS.WU7O2MUYXRLYMH3MDL5O6RAJ3Q\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-124"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2287204051-441334380-1151193565-1000_Classes\YandexEPUB.WU7O2MUYXRLYMH3MDL5O6RAJ3Q\Application\ApplicationIcon = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,0"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2287204051-441334380-1151193565-1000_Classes\YandexTXT.WU7O2MUYXRLYMH3MDL5O6RAJ3Q\shell\open	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2287204051-441334380-1151193565-1000_Classes\YandexEPUB.WU7O2MUYXRLYMH3MDL5O6RAJ3Q\DefaultIcon	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2287204051-441334380-1151193565-1000_Classes\SystemFileAssociations\.jpeg\shell	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2287204051-441334380-1151193565-1000_Classes\YandexSVG.WU7O2MUYXRLYMH3MDL5O6RAJ3Q\Application\ApplicationDescription = "Яндекс\u00a0Браузер – это быстрая и\u00a0удобная программа для\u00a0работы в\u00a0интернете и\u00a0просмотра веб-страниц."	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2287204051-441334380-1151193565-1000_Classes\YandexXML.WU7O2MUYXRLYMH3MDL5O6RAJ3Q\shell	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2287204051-441334380-1151193565-1000_Classes\.jpeg\OpenWithProgids\YandexJPEG.WU7O2MUYXRLYMH3MDL5O6RAJ3Q	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2287204051-441334380-1151193565-1000_Classes\YandexJS.WU7O2MUYXRLYMH3MDL5O6RAJ3Q\Application\ApplicationName = "Yandex"	setup.exe

Modifies system certificate store 2 TTPs 16 IoCs

defense_evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd	Yandex.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b8200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82	Yandex.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 1900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82	Yandex.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0400000001000000100000001bfe69d191b71933a372a80fe155e5b50300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483190000000100000010000000ea6089055218053dd01e37e1d806eedf2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd	Yandex.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E	Yandex.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8094640EB5A7A1CA119C1FDDD59F810263A7FBD1\Blob = 190000000100000010000000cb9dd0fceaaa492f75ce292c21bbfbdd0300000001000000140000008094640eb5a7a1ca119c1fddd59f810263a7fbd17e00000001000000080000000080c82b6886d7017a000000010000000c000000300a06082b060105050703091d0000000100000010000000521f5c98970d19a8e515ef6eeb6d48ef140000000100000014000000ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a07f0000000100000016000000301406082b0601050507030306082b060105050703096200000001000000200000002cabeafe37d06ca22aba7391c0033d25982952c453647349763a3ab5ad6ccf690b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520036000000090000000100000056000000305406082b0601050507030206082b06010505070303060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000007e000000307c301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301f06092b06010401a032010230123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000030000000ea09c51d4c3a334ce4acd2bc08c6a9be352e334f45c4fccfcab63edb9f82dc87d4bd2ed2fadae11163fb954809984ff1200000000100000087050000308205833082036ba003020102020e45e6bb038333c3856548e6ff4551300d06092a864886f70d01010c0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3134313231303030303030305a170d3334313231303030303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820222300d06092a864886f70d01010105000382020f003082020a02820201009507e873ca66f9ec14ca7b3cf70d08f1b4450b2c82b448c6eb5b3cae83b841923314a46f7fe92accc6b0886bc5b689d1c6b2ff14ce511421ec4add1b5ac6d687ee4d3a1506ed64660b9280ca44de73944ef3a7897f4f786308c812506d42662f4db979284d521a8a1a80b719810e7ec48abc644c211c4368d73d3c8ac5b266d5909ab73106c5bee26d3206a61ef9b9ebaaa3b8bfbe826350d0f01889dfe40f79f5eaa21f2ad2702e7be7bc93bb6d53e2487c8c100738ff66b277617ee0ea8c3caab4a4f6f3954a12076dfd8cb289cfd0a06177c85874b0d4233af75d3acaa2db9d09de5d442d90f181cd5792fa7ebc50046334df6b9318be6b36b239e4ac2436b7f0efb61c135793b6deb2f8e285b773a2b835aa45f2e09d36a16f548af172566e2e88c55142441594eea3c538969b4e4e5a0b47f30636497730bc7137e5a6ec210875fce661163f77d5d99197840a6cd4024d74c014edfd39fb83f25e14a104b00be9feee8fe16e0bb208b36166096ab1063a659659c0f035fdc9da288d1a118770810aa89a751d9e3a8605009edb80d625f9dc059e27594c76395beaf9a5a1d8830fd1ffdf3011f985cf3348f5ca6d64142c7a584fd34b0849c595641a630e793df5b38cca58ad9c4245796e0e87195c54b165b6bf8c9bdc13e90d6fb82edc676ec98b11b584148a0019708379919791d41a27bf371e3207d814633c284caf0203010001a3633061300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0301f0603551d23041830168014ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0300d06092a864886f70d01010c050003820201008325ede8d1fd9552cd9ec004a09169e65cd084dedcada24fe84778d66598a95ba83c877c028ad16eb71673e65fc05498d574bec1cde21191ad23183ddde1724496b4955ec07b8e99781643135657b3a2b33bb577dc4072aca3eb9b353eb10821a1e7c443377932beb5e79c2c4cbc4329998e30d3ac21e0e31dfad80733765400222ab94d202e7068dae553fc835cd39df2ff440c4466f2d2e3bd46001a6d02ba255d8da13151dd54461c4ddb9996ef1a1c045ca615ef78e079fe5ddb3eaa4c55fd9a15a96fe1a6fbdf7030e9c3ee4246edc2930589fa7d637b3fd071817c00e898ae0e7834c325fbaf0a9f206bdd3b138f128ce2411a487a73a07769c7b65c7f82c81efe581b282ba86cad5e6dc005d27bb7eb80fe2537fe029b68ac425dc3eef5ccdcf05075d236699ce67b04df6e0669b6de0a09485987eb7b14607a64aa6943ef91c74cec18dd6cef532d8c99e15ef2723ecf54c8bd67eca40f4c45ffd3b93023074c8f10bf8696d9995ab499571ca4ccbb158953ba2c050fe4c49e19b11834d54c9dbaedf71faf24950478a803bbee81e5da5f7c8b4aa1907425a7b33e4bc82c56bdc7c8ef38e25c92f079f79c84ba742d6101207e7ed1f24f07595f8b2d4352eb460c94e1f566477977d5545b1fad2437cb455a4ea04448c8d8b099c5158409f6d64949c065b8e61a716ea0a8f182e8453e6cd602d70a6783055ac9a410	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 190000000100000010000000ea6089055218053dd01e37e1d806eedf0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd	Yandex.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8	Yandex.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 040000000100000010000000e94fb54871208c00df70f708ac47085b0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b81900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b4200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8094640EB5A7A1CA119C1FDDD59F810263A7FBD1\Blob = 0400000001000000100000004fdd07e4d42264391e0c3742ead1c6ae0f0000000100000030000000ea09c51d4c3a334ce4acd2bc08c6a9be352e334f45c4fccfcab63edb9f82dc87d4bd2ed2fadae11163fb954809984ff153000000010000007e000000307c301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301f06092b06010401a032010230123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000056000000305406082b0601050507030206082b06010505070303060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d0020005200360000006200000001000000200000002cabeafe37d06ca22aba7391c0033d25982952c453647349763a3ab5ad6ccf697f0000000100000016000000301406082b0601050507030306082b06010505070309140000000100000014000000ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a01d0000000100000010000000521f5c98970d19a8e515ef6eeb6d48ef7a000000010000000c000000300a06082b060105050703097e00000001000000080000000080c82b6886d7010300000001000000140000008094640eb5a7a1ca119c1fddd59f810263a7fbd1190000000100000010000000cb9dd0fceaaa492f75ce292c21bbfbdd200000000100000087050000308205833082036ba003020102020e45e6bb038333c3856548e6ff4551300d06092a864886f70d01010c0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3134313231303030303030305a170d3334313231303030303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820222300d06092a864886f70d01010105000382020f003082020a02820201009507e873ca66f9ec14ca7b3cf70d08f1b4450b2c82b448c6eb5b3cae83b841923314a46f7fe92accc6b0886bc5b689d1c6b2ff14ce511421ec4add1b5ac6d687ee4d3a1506ed64660b9280ca44de73944ef3a7897f4f786308c812506d42662f4db979284d521a8a1a80b719810e7ec48abc644c211c4368d73d3c8ac5b266d5909ab73106c5bee26d3206a61ef9b9ebaaa3b8bfbe826350d0f01889dfe40f79f5eaa21f2ad2702e7be7bc93bb6d53e2487c8c100738ff66b277617ee0ea8c3caab4a4f6f3954a12076dfd8cb289cfd0a06177c85874b0d4233af75d3acaa2db9d09de5d442d90f181cd5792fa7ebc50046334df6b9318be6b36b239e4ac2436b7f0efb61c135793b6deb2f8e285b773a2b835aa45f2e09d36a16f548af172566e2e88c55142441594eea3c538969b4e4e5a0b47f30636497730bc7137e5a6ec210875fce661163f77d5d99197840a6cd4024d74c014edfd39fb83f25e14a104b00be9feee8fe16e0bb208b36166096ab1063a659659c0f035fdc9da288d1a118770810aa89a751d9e3a8605009edb80d625f9dc059e27594c76395beaf9a5a1d8830fd1ffdf3011f985cf3348f5ca6d64142c7a584fd34b0849c595641a630e793df5b38cca58ad9c4245796e0e87195c54b165b6bf8c9bdc13e90d6fb82edc676ec98b11b584148a0019708379919791d41a27bf371e3207d814633c284caf0203010001a3633061300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0301f0603551d23041830168014ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0300d06092a864886f70d01010c050003820201008325ede8d1fd9552cd9ec004a09169e65cd084dedcada24fe84778d66598a95ba83c877c028ad16eb71673e65fc05498d574bec1cde21191ad23183ddde1724496b4955ec07b8e99781643135657b3a2b33bb577dc4072aca3eb9b353eb10821a1e7c443377932beb5e79c2c4cbc4329998e30d3ac21e0e31dfad80733765400222ab94d202e7068dae553fc835cd39df2ff440c4466f2d2e3bd46001a6d02ba255d8da13151dd54461c4ddb9996ef1a1c045ca615ef78e079fe5ddb3eaa4c55fd9a15a96fe1a6fbdf7030e9c3ee4246edc2930589fa7d637b3fd071817c00e898ae0e7834c325fbaf0a9f206bdd3b138f128ce2411a487a73a07769c7b65c7f82c81efe581b282ba86cad5e6dc005d27bb7eb80fe2537fe029b68ac425dc3eef5ccdcf05075d236699ce67b04df6e0669b6de0a09485987eb7b14607a64aa6943ef91c74cec18dd6cef532d8c99e15ef2723ecf54c8bd67eca40f4c45ffd3b93023074c8f10bf8696d9995ab499571ca4ccbb158953ba2c050fe4c49e19b11834d54c9dbaedf71faf24950478a803bbee81e5da5f7c8b4aa1907425a7b33e4bc82c56bdc7c8ef38e25c92f079f79c84ba742d6101207e7ed1f24f07595f8b2d4352eb460c94e1f566477977d5545b1fad2437cb455a4ea04448c8d8b099c5158409f6d64949c065b8e61a716ea0a8f182e8453e6cd602d70a6783055ac9a410	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8094640EB5A7A1CA119C1FDDD59F810263A7FBD1\Blob = 5c000000010000000400000000100000190000000100000010000000cb9dd0fceaaa492f75ce292c21bbfbdd0300000001000000140000008094640eb5a7a1ca119c1fddd59f810263a7fbd17e00000001000000080000000080c82b6886d7017a000000010000000c000000300a06082b060105050703091d0000000100000010000000521f5c98970d19a8e515ef6eeb6d48ef140000000100000014000000ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a07f0000000100000016000000301406082b0601050507030306082b060105050703096200000001000000200000002cabeafe37d06ca22aba7391c0033d25982952c453647349763a3ab5ad6ccf690b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520036000000090000000100000056000000305406082b0601050507030206082b06010505070303060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000007e000000307c301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301f06092b06010401a032010230123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000030000000ea09c51d4c3a334ce4acd2bc08c6a9be352e334f45c4fccfcab63edb9f82dc87d4bd2ed2fadae11163fb954809984ff10400000001000000100000004fdd07e4d42264391e0c3742ead1c6ae200000000100000087050000308205833082036ba003020102020e45e6bb038333c3856548e6ff4551300d06092a864886f70d01010c0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3134313231303030303030305a170d3334313231303030303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820222300d06092a864886f70d01010105000382020f003082020a02820201009507e873ca66f9ec14ca7b3cf70d08f1b4450b2c82b448c6eb5b3cae83b841923314a46f7fe92accc6b0886bc5b689d1c6b2ff14ce511421ec4add1b5ac6d687ee4d3a1506ed64660b9280ca44de73944ef3a7897f4f786308c812506d42662f4db979284d521a8a1a80b719810e7ec48abc644c211c4368d73d3c8ac5b266d5909ab73106c5bee26d3206a61ef9b9ebaaa3b8bfbe826350d0f01889dfe40f79f5eaa21f2ad2702e7be7bc93bb6d53e2487c8c100738ff66b277617ee0ea8c3caab4a4f6f3954a12076dfd8cb289cfd0a06177c85874b0d4233af75d3acaa2db9d09de5d442d90f181cd5792fa7ebc50046334df6b9318be6b36b239e4ac2436b7f0efb61c135793b6deb2f8e285b773a2b835aa45f2e09d36a16f548af172566e2e88c55142441594eea3c538969b4e4e5a0b47f30636497730bc7137e5a6ec210875fce661163f77d5d99197840a6cd4024d74c014edfd39fb83f25e14a104b00be9feee8fe16e0bb208b36166096ab1063a659659c0f035fdc9da288d1a118770810aa89a751d9e3a8605009edb80d625f9dc059e27594c76395beaf9a5a1d8830fd1ffdf3011f985cf3348f5ca6d64142c7a584fd34b0849c595641a630e793df5b38cca58ad9c4245796e0e87195c54b165b6bf8c9bdc13e90d6fb82edc676ec98b11b584148a0019708379919791d41a27bf371e3207d814633c284caf0203010001a3633061300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0301f0603551d23041830168014ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0300d06092a864886f70d01010c050003820201008325ede8d1fd9552cd9ec004a09169e65cd084dedcada24fe84778d66598a95ba83c877c028ad16eb71673e65fc05498d574bec1cde21191ad23183ddde1724496b4955ec07b8e99781643135657b3a2b33bb577dc4072aca3eb9b353eb10821a1e7c443377932beb5e79c2c4cbc4329998e30d3ac21e0e31dfad80733765400222ab94d202e7068dae553fc835cd39df2ff440c4466f2d2e3bd46001a6d02ba255d8da13151dd54461c4ddb9996ef1a1c045ca615ef78e079fe5ddb3eaa4c55fd9a15a96fe1a6fbdf7030e9c3ee4246edc2930589fa7d637b3fd071817c00e898ae0e7834c325fbaf0a9f206bdd3b138f128ce2411a487a73a07769c7b65c7f82c81efe581b282ba86cad5e6dc005d27bb7eb80fe2537fe029b68ac425dc3eef5ccdcf05075d236699ce67b04df6e0669b6de0a09485987eb7b14607a64aa6943ef91c74cec18dd6cef532d8c99e15ef2723ecf54c8bd67eca40f4c45ffd3b93023074c8f10bf8696d9995ab499571ca4ccbb158953ba2c050fe4c49e19b11834d54c9dbaedf71faf24950478a803bbee81e5da5f7c8b4aa1907425a7b33e4bc82c56bdc7c8ef38e25c92f079f79c84ba742d6101207e7ed1f24f07595f8b2d4352eb460c94e1f566477977d5545b1fad2437cb455a4ea04448c8d8b099c5158409f6d64949c065b8e61a716ea0a8f182e8453e6cd602d70a6783055ac9a410	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 5c000000010000000400000000100000190000000100000010000000ea6089055218053dd01e37e1d806eedf0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0400000001000000100000001bfe69d191b71933a372a80fe155e5b52000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd	Yandex.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8094640EB5A7A1CA119C1FDDD59F810263A7FBD1	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 5c0000000100000004000000001000001900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c040000000100000010000000e94fb54871208c00df70f708ac47085b200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8094640EB5A7A1CA119C1FDDD59F810263A7FBD1\Blob = 0f0000000100000030000000ea09c51d4c3a334ce4acd2bc08c6a9be352e334f45c4fccfcab63edb9f82dc87d4bd2ed2fadae11163fb954809984ff153000000010000007e000000307c301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301f06092b06010401a032010230123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000056000000305406082b0601050507030206082b06010505070303060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d0020005200360000006200000001000000200000002cabeafe37d06ca22aba7391c0033d25982952c453647349763a3ab5ad6ccf697f0000000100000016000000301406082b0601050507030306082b06010505070309140000000100000014000000ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a01d0000000100000010000000521f5c98970d19a8e515ef6eeb6d48ef7a000000010000000c000000300a06082b060105050703097e00000001000000080000000080c82b6886d7010300000001000000140000008094640eb5a7a1ca119c1fddd59f810263a7fbd1200000000100000087050000308205833082036ba003020102020e45e6bb038333c3856548e6ff4551300d06092a864886f70d01010c0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3134313231303030303030305a170d3334313231303030303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820222300d06092a864886f70d01010105000382020f003082020a02820201009507e873ca66f9ec14ca7b3cf70d08f1b4450b2c82b448c6eb5b3cae83b841923314a46f7fe92accc6b0886bc5b689d1c6b2ff14ce511421ec4add1b5ac6d687ee4d3a1506ed64660b9280ca44de73944ef3a7897f4f786308c812506d42662f4db979284d521a8a1a80b719810e7ec48abc644c211c4368d73d3c8ac5b266d5909ab73106c5bee26d3206a61ef9b9ebaaa3b8bfbe826350d0f01889dfe40f79f5eaa21f2ad2702e7be7bc93bb6d53e2487c8c100738ff66b277617ee0ea8c3caab4a4f6f3954a12076dfd8cb289cfd0a06177c85874b0d4233af75d3acaa2db9d09de5d442d90f181cd5792fa7ebc50046334df6b9318be6b36b239e4ac2436b7f0efb61c135793b6deb2f8e285b773a2b835aa45f2e09d36a16f548af172566e2e88c55142441594eea3c538969b4e4e5a0b47f30636497730bc7137e5a6ec210875fce661163f77d5d99197840a6cd4024d74c014edfd39fb83f25e14a104b00be9feee8fe16e0bb208b36166096ab1063a659659c0f035fdc9da288d1a118770810aa89a751d9e3a8605009edb80d625f9dc059e27594c76395beaf9a5a1d8830fd1ffdf3011f985cf3348f5ca6d64142c7a584fd34b0849c595641a630e793df5b38cca58ad9c4245796e0e87195c54b165b6bf8c9bdc13e90d6fb82edc676ec98b11b584148a0019708379919791d41a27bf371e3207d814633c284caf0203010001a3633061300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0301f0603551d23041830168014ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0300d06092a864886f70d01010c050003820201008325ede8d1fd9552cd9ec004a09169e65cd084dedcada24fe84778d66598a95ba83c877c028ad16eb71673e65fc05498d574bec1cde21191ad23183ddde1724496b4955ec07b8e99781643135657b3a2b33bb577dc4072aca3eb9b353eb10821a1e7c443377932beb5e79c2c4cbc4329998e30d3ac21e0e31dfad80733765400222ab94d202e7068dae553fc835cd39df2ff440c4466f2d2e3bd46001a6d02ba255d8da13151dd54461c4ddb9996ef1a1c045ca615ef78e079fe5ddb3eaa4c55fd9a15a96fe1a6fbdf7030e9c3ee4246edc2930589fa7d637b3fd071817c00e898ae0e7834c325fbaf0a9f206bdd3b138f128ce2411a487a73a07769c7b65c7f82c81efe581b282ba86cad5e6dc005d27bb7eb80fe2537fe029b68ac425dc3eef5ccdcf05075d236699ce67b04df6e0669b6de0a09485987eb7b14607a64aa6943ef91c74cec18dd6cef532d8c99e15ef2723ecf54c8bd67eca40f4c45ffd3b93023074c8f10bf8696d9995ab499571ca4ccbb158953ba2c050fe4c49e19b11834d54c9dbaedf71faf24950478a803bbee81e5da5f7c8b4aa1907425a7b33e4bc82c56bdc7c8ef38e25c92f079f79c84ba742d6101207e7ed1f24f07595f8b2d4352eb460c94e1f566477977d5545b1fad2437cb455a4ea04448c8d8b099c5158409f6d64949c065b8e61a716ea0a8f182e8453e6cd602d70a6783055ac9a410	setup.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4648	setup.exe
4648	setup.exe
4648	setup.exe
4648	setup.exe
4176	browser.exe
4176	browser.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
4176	browser.exe
4176	browser.exe
4176	browser.exe
4176	browser.exe
4176	browser.exe
4176	browser.exe
4176	browser.exe
4176	browser.exe
4176	browser.exe
4176	browser.exe
4176	browser.exe
4176	browser.exe

Suspicious use of AdjustPrivilegeToken 50 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4176	browser.exe
Token: SeCreatePagefilePrivilege	4176	browser.exe
Token: SeShutdownPrivilege	4176	browser.exe
Token: SeCreatePagefilePrivilege	4176	browser.exe
Token: SeShutdownPrivilege	4176	browser.exe
Token: SeCreatePagefilePrivilege	4176	browser.exe
Token: SeShutdownPrivilege	4176	browser.exe
Token: SeCreatePagefilePrivilege	4176	browser.exe
Token: SeShutdownPrivilege	4176	browser.exe
Token: SeCreatePagefilePrivilege	4176	browser.exe
Token: SeShutdownPrivilege	4176	browser.exe
Token: SeCreatePagefilePrivilege	4176	browser.exe
Token: SeShutdownPrivilege	4176	browser.exe
Token: SeCreatePagefilePrivilege	4176	browser.exe
Token: SeShutdownPrivilege	4176	browser.exe
Token: SeCreatePagefilePrivilege	4176	browser.exe
Token: SeShutdownPrivilege	4176	browser.exe
Token: SeCreatePagefilePrivilege	4176	browser.exe
Token: SeShutdownPrivilege	4176	browser.exe
Token: SeCreatePagefilePrivilege	4176	browser.exe
Token: SeShutdownPrivilege	4176	browser.exe
Token: SeCreatePagefilePrivilege	4176	browser.exe
Token: SeShutdownPrivilege	4176	browser.exe
Token: SeCreatePagefilePrivilege	4176	browser.exe
Token: SeShutdownPrivilege	4176	browser.exe
Token: SeCreatePagefilePrivilege	4176	browser.exe
Token: SeShutdownPrivilege	4176	browser.exe
Token: SeCreatePagefilePrivilege	4176	browser.exe
Token: SeShutdownPrivilege	4176	browser.exe
Token: SeCreatePagefilePrivilege	4176	browser.exe
Token: SeShutdownPrivilege	4176	browser.exe
Token: SeCreatePagefilePrivilege	4176	browser.exe
Token: SeShutdownPrivilege	4176	browser.exe
Token: SeCreatePagefilePrivilege	4176	browser.exe
Token: SeShutdownPrivilege	4176	browser.exe
Token: SeCreatePagefilePrivilege	4176	browser.exe
Token: SeShutdownPrivilege	4176	browser.exe
Token: SeCreatePagefilePrivilege	4176	browser.exe
Token: SeShutdownPrivilege	4176	browser.exe
Token: SeCreatePagefilePrivilege	4176	browser.exe
Token: SeShutdownPrivilege	4176	browser.exe
Token: SeCreatePagefilePrivilege	4176	browser.exe
Token: SeShutdownPrivilege	4176	browser.exe
Token: SeCreatePagefilePrivilege	4176	browser.exe
Token: SeShutdownPrivilege	4176	browser.exe
Token: SeCreatePagefilePrivilege	4176	browser.exe
Token: SeShutdownPrivilege	4176	browser.exe
Token: SeCreatePagefilePrivilege	4176	browser.exe
Token: SeShutdownPrivilege	4176	browser.exe
Token: SeCreatePagefilePrivilege	4176	browser.exe

Suspicious use of FindShellTrayWindow 38 IoCs

pid	Process
3596	Yandex.exe
2484	explorer.exe
2484	explorer.exe
1092	explorer.exe
4176	browser.exe
4176	browser.exe
4176	browser.exe
4176	browser.exe
4176	browser.exe
4176	browser.exe
4176	browser.exe
4176	browser.exe
4176	browser.exe
4176	browser.exe
4176	browser.exe
4176	browser.exe
4176	browser.exe
4176	browser.exe
4176	browser.exe
4176	browser.exe
4176	browser.exe
4176	browser.exe
4176	browser.exe
4176	browser.exe
4176	browser.exe
4176	browser.exe
4176	browser.exe
4176	browser.exe
4176	browser.exe
4176	browser.exe
4176	browser.exe
4176	browser.exe
4176	browser.exe
4176	browser.exe
4176	browser.exe
4176	browser.exe
4176	browser.exe
4176	browser.exe

Suspicious use of SendNotifyMessage 16 IoCs

pid	Process
4176	browser.exe
4176	browser.exe
4176	browser.exe
4176	browser.exe
4176	browser.exe
4176	browser.exe
4176	browser.exe
4176	browser.exe
4176	browser.exe
4176	browser.exe
4176	browser.exe
4176	browser.exe
4176	browser.exe
4176	browser.exe
4176	browser.exe
4176	browser.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
3596	Yandex.exe
4176	browser.exe
4176	browser.exe
4176	browser.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3596 wrote to memory of 4512	3596	Yandex.exe	85
PID 3596 wrote to memory of 4512	3596	Yandex.exe	85
PID 3596 wrote to memory of 4512	3596	Yandex.exe	85
PID 4512 wrote to memory of 4120	4512	Yandex.exe	89
PID 4512 wrote to memory of 4120	4512	Yandex.exe	89
PID 4120 wrote to memory of 1156	4120	yb2CD7.tmp	90
PID 4120 wrote to memory of 1156	4120	yb2CD7.tmp	90
PID 1156 wrote to memory of 4648	1156	setup.exe	91
PID 1156 wrote to memory of 4648	1156	setup.exe	91
PID 4648 wrote to memory of 2296	4648	setup.exe	92
PID 4648 wrote to memory of 2296	4648	setup.exe	92
PID 4648 wrote to memory of 3240	4648	setup.exe	93
PID 4648 wrote to memory of 3240	4648	setup.exe	93
PID 3240 wrote to memory of 4608	3240	service_update.exe	94
PID 3240 wrote to memory of 4608	3240	service_update.exe	94
PID 2400 wrote to memory of 5036	2400	service_update.exe	96
PID 2400 wrote to memory of 5036	2400	service_update.exe	96
PID 2400 wrote to memory of 2288	2400	service_update.exe	97
PID 2400 wrote to memory of 2288	2400	service_update.exe	97
PID 2288 wrote to memory of 1616	2288	service_update.exe	98
PID 2288 wrote to memory of 1616	2288	service_update.exe	98
PID 4648 wrote to memory of 2484	4648	setup.exe	99
PID 4648 wrote to memory of 2484	4648	setup.exe	99
PID 2484 wrote to memory of 384	2484	explorer.exe	100
PID 2484 wrote to memory of 384	2484	explorer.exe	100
PID 4648 wrote to memory of 1908	4648	setup.exe	102
PID 4648 wrote to memory of 1908	4648	setup.exe	102
PID 4648 wrote to memory of 1908	4648	setup.exe	102
PID 1908 wrote to memory of 1092	1908	Yandex.exe	103
PID 1908 wrote to memory of 1092	1908	Yandex.exe	103
PID 1908 wrote to memory of 1092	1908	Yandex.exe	103
PID 4648 wrote to memory of 1452	4648	setup.exe	105
PID 4648 wrote to memory of 1452	4648	setup.exe	105
PID 4648 wrote to memory of 1452	4648	setup.exe	105
PID 4648 wrote to memory of 2544	4648	setup.exe	107
PID 4648 wrote to memory of 2544	4648	setup.exe	107
PID 4648 wrote to memory of 2544	4648	setup.exe	107
PID 4176 wrote to memory of 4168	4176	browser.exe	110
PID 4176 wrote to memory of 4168	4176	browser.exe	110
PID 4176 wrote to memory of 4668	4176	browser.exe	111
PID 4176 wrote to memory of 4668	4176	browser.exe	111
PID 4176 wrote to memory of 4668	4176	browser.exe	111
PID 4176 wrote to memory of 4668	4176	browser.exe	111
PID 4176 wrote to memory of 4668	4176	browser.exe	111
PID 4176 wrote to memory of 4668	4176	browser.exe	111
PID 4176 wrote to memory of 4668	4176	browser.exe	111
PID 4176 wrote to memory of 4668	4176	browser.exe	111
PID 4176 wrote to memory of 4668	4176	browser.exe	111
PID 4176 wrote to memory of 4668	4176	browser.exe	111
PID 4176 wrote to memory of 4668	4176	browser.exe	111
PID 4176 wrote to memory of 4668	4176	browser.exe	111
PID 4176 wrote to memory of 4668	4176	browser.exe	111
PID 4176 wrote to memory of 4668	4176	browser.exe	111
PID 4176 wrote to memory of 4668	4176	browser.exe	111
PID 4176 wrote to memory of 4668	4176	browser.exe	111
PID 4176 wrote to memory of 4668	4176	browser.exe	111
PID 4176 wrote to memory of 4668	4176	browser.exe	111
PID 4176 wrote to memory of 4668	4176	browser.exe	111
PID 4176 wrote to memory of 4668	4176	browser.exe	111
PID 4176 wrote to memory of 4668	4176	browser.exe	111
PID 4176 wrote to memory of 4668	4176	browser.exe	111
PID 4176 wrote to memory of 4668	4176	browser.exe	111
PID 4176 wrote to memory of 4668	4176	browser.exe	111
PID 4176 wrote to memory of 4668	4176	browser.exe	111

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\Yandex.exe
"C:\Users\Admin\AppData\Local\Temp\Yandex.exe"
1⤵
- System Location Discovery: System Language Discovery
- Modifies system certificate store
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3596
- C:\Users\Admin\AppData\Local\Temp\Yandex.exe
  "C:\Users\Admin\AppData\Local\Temp\Yandex.exe" --parent-installer-process-id=3596 --run-as-admin --setup-cmd-line="fake_browser_arc --abt-config-resource-file=\"C:\Users\Admin\AppData\Local\Temp\abt_config_resource\" --abt-update-path=\"C:\Users\Admin\AppData\Local\Temp\11797e02-4b5b-4314-bd2f-7a494daa771f.tmp\" --brand-name=yandex --browser-present=none --distr-info-file=\"C:\Users\Admin\AppData\Local\Temp\distrib_info\" --installer-brand-id=yandex --installer-partner-id=exp_tablo_1 --make-browser-default-after-import --ok-button-pressed-time=508507283 --progress-window=327894 --send-statistics --testids=1190163;1114258;1114347;1124063;1127618;1176504;1190158/44 --variations-resource-file=\"C:\Users\Admin\AppData\Local\Temp\variations_resource\" --variations-update-path=\"C:\Users\Admin\AppData\Local\Temp\2ea784b9-d8fc-4889-96f8-f5098fb32efb.tmp\" --verbose-logging"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:4512
- - C:\Users\Admin\AppData\Local\Temp\yb2CD7.tmp
    "C:\Users\Admin\AppData\Local\Temp\yb2CD7.tmp" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\11797e02-4b5b-4314-bd2f-7a494daa771f.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --browser-present=none --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=26 --install-start-time-no-uac=508819761 --installer-brand-id=yandex --installer-partner-id=exp_tablo_1 --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --make-browser-default-after-import --ok-button-pressed-time=508507283 --partner-package="C:\Users\Admin\AppData\Local\Temp\PartnerFile" --progress-window=327894 --send-statistics --source=lite --testids=1190163;1114258;1114347;1124063;1127618;1176504;1190158/44 --variations-resource-file="C:\Users\Admin\AppData\Local\Temp\variations_resource" --variations-update-path="C:\Users\Admin\AppData\Local\Temp\2ea784b9-d8fc-4889-96f8-f5098fb32efb.tmp" --verbose-logging
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:4120
  - - C:\Users\Admin\AppData\Local\Temp\YB_37465.tmp\setup.exe
      "C:\Users\Admin\AppData\Local\Temp\YB_37465.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_37465.tmp\BROWSER.PACKED.7Z" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\11797e02-4b5b-4314-bd2f-7a494daa771f.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --browser-present=none --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=26 --install-start-time-no-uac=508819761 --installer-brand-id=yandex --installer-partner-id=exp_tablo_1 --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --make-browser-default-after-import --ok-button-pressed-time=508507283 --partner-package="C:\Users\Admin\AppData\Local\Temp\PartnerFile" --progress-window=327894 --send-statistics --source=lite --testids=1190163;1114258;1114347;1124063;1127618;1176504;1190158/44 --variations-resource-file="C:\Users\Admin\AppData\Local\Temp\variations_resource" --variations-update-path="C:\Users\Admin\AppData\Local\Temp\2ea784b9-d8fc-4889-96f8-f5098fb32efb.tmp" --verbose-logging
      4⤵
      Executes dropped EXE
      Drops file in Windows directory
      Suspicious use of WriteProcessMemory
      PID:1156
    - - C:\Users\Admin\AppData\Local\Temp\YB_37465.tmp\setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\YB_37465.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_37465.tmp\BROWSER.PACKED.7Z" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\11797e02-4b5b-4314-bd2f-7a494daa771f.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --browser-present=none --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=26 --install-start-time-no-uac=508819761 --installer-brand-id=yandex --installer-partner-id=exp_tablo_1 --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --make-browser-default-after-import --ok-button-pressed-time=508507283 --partner-package="C:\Users\Admin\AppData\Local\Temp\PartnerFile" --progress-window=327894 --send-statistics --source=lite --testids=1190163;1114258;1114347;1124063;1127618;1176504;1190158/44 --variations-resource-file="C:\Users\Admin\AppData\Local\Temp\variations_resource" --variations-update-path="C:\Users\Admin\AppData\Local\Temp\2ea784b9-d8fc-4889-96f8-f5098fb32efb.tmp" --verbose-logging --verbose-logging --run-as-admin --target-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application" --child-setup-process --restart-as-admin-time=537133567
        5⤵
        Executes dropped EXE
        Drops file in Windows directory
        Modifies registry class
        Modifies system certificate store
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:4648
      - C:\Users\Admin\AppData\Local\Temp\YB_37465.tmp\setup.exe
        
        C:\Users\Admin\AppData\Local\Temp\YB_37465.tmp\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=488dca4c15f9a1d330ad312b391a804e --annotation=main_process_pid=4648 --annotation=plat=Win64 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=25.2.1.887 --initial-client-data=0x2ac,0x2b0,0x2b4,0x288,0x2b8,0x7ff72ba74008,0x7ff72ba74014,0x7ff72ba74020
        6⤵
        Executes dropped EXE
        
        PID:2296
      - C:\Windows\TEMP\sdwra_4648_1893241693\service_update.exe
        
        "C:\Windows\TEMP\sdwra_4648_1893241693\service_update.exe" --setup
        6⤵
        Executes dropped EXE
        Drops file in Program Files directory
        Drops file in Windows directory
        Suspicious use of WriteProcessMemory
        
        PID:3240
        
        C:\Program Files (x86)\Yandex\YandexBrowser\25.2.1.887\service_update.exe
        
        "C:\Program Files (x86)\Yandex\YandexBrowser\25.2.1.887\service_update.exe" --install
        7⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:4608
      - C:\Windows\SystemTemp\scoped_dir4648_497210581\explorer.exe
        
        "C:\Windows\SystemTemp\scoped_dir4648_497210581\explorer.exe" --pttw1="C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex.lnk"
        6⤵
        Executes dropped EXE
        Drops file in Windows directory
        Suspicious use of FindShellTrayWindow
        Suspicious use of WriteProcessMemory
        
        PID:2484
        
        C:\Windows\SystemTemp\scoped_dir4648_497210581\explorer.exe
        
        C:\Windows\SystemTemp\scoped_dir4648_497210581\explorer.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=488dca4c15f9a1d330ad312b391a804e --annotation=main_process_pid=2484 --annotation=plat=Win64 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=25.2.1.887 --initial-client-data=0x2ac,0x2b0,0x2b4,0x288,0x2b8,0x7ff701934008,0x7ff701934014,0x7ff701934020
        7⤵
        Executes dropped EXE
        
        PID:384
      - C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe
        
        C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe --silent
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\pin\explorer.exe
        
        C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe --silent /pin-path="C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.lnk" --is-pinning
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        
        PID:1092
      - C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
        
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Temp\clids.xml"
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1452
      - C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
        
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\source4648_1553113393\Browser-bin\clids_yandex.xml"
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2544

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --string-annotations --always-read-main-dll --field-trial-handle=4564,i,15195321112227810029,13870653243844057049,262144 --variations-seed-version --mojo-platform-channel-handle=4664 /prefetch:14
1⤵
PID:1404

C:\Program Files (x86)\Yandex\YandexBrowser\25.2.1.887\service_update.exe
"C:\Program Files (x86)\Yandex\YandexBrowser\25.2.1.887\service_update.exe" --run-as-service
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Suspicious use of WriteProcessMemory
PID:2400
- C:\Program Files (x86)\Yandex\YandexBrowser\25.2.1.887\service_update.exe
  "C:\Program Files (x86)\Yandex\YandexBrowser\25.2.1.887\service_update.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=488dca4c15f9a1d330ad312b391a804e --annotation=main_process_pid=2400 --annotation=plat=Win64 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=25.2.1.887 --initial-client-data=0x22c,0x230,0x234,0x208,0x238,0x7ff6b32a1490,0x7ff6b32a149c,0x7ff6b32a14a8
  2⤵
  - Executes dropped EXE
  - Drops file in Windows directory
  PID:5036
- C:\Program Files (x86)\Yandex\YandexBrowser\25.2.1.887\service_update.exe
  "C:\Program Files (x86)\Yandex\YandexBrowser\25.2.1.887\service_update.exe" --update-scheduler
  2⤵
  - Executes dropped EXE
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:2288
- - C:\Program Files (x86)\Yandex\YandexBrowser\25.2.1.887\service_update.exe
    "C:\Program Files (x86)\Yandex\YandexBrowser\25.2.1.887\service_update.exe" --update-background-scheduler
    3⤵
    - Executes dropped EXE
    - Drops file in Windows directory
    PID:1616

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --progress-window=327894 --ok-button-pressed-time=508507283 --install-start-time-no-uac=508819761
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Checks system information in the registry
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4176
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id= --annotation=main_process_pid=4176 --annotation=metrics_client_id=4f2cc652509b4d7fb52f91bc553bb819 --annotation=plat=Win64 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=25.2.1.887 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ff9259458d0,0x7ff9259458dc,0x7ff9259458e8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4168
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=15E5CAEE-267D-474A-AD9B-963671430A40 --brand-id=yandex --partner-id=exp_tablo_1 --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --gpu-process-kind=sandboxed --field-trial-handle=2700,i,5928942492899909082,9487064660806431859,262144 --variations-seed-version --mojo-platform-channel-handle=2696 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4668
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=15E5CAEE-267D-474A-AD9B-963671430A40 --brand-id=yandex --partner-id=exp_tablo_1 --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=disabled --gpu-process-kind=trampoline --field-trial-handle=1940,i,5928942492899909082,9487064660806431859,262144 --variations-seed-version --mojo-platform-channel-handle=2684 /prefetch:6
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2584
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=15E5CAEE-267D-474A-AD9B-963671430A40 --brand-id=yandex --partner-id=exp_tablo_1 --string-annotations --process-name="Network Service" --field-trial-handle=2272,i,5928942492899909082,9487064660806431859,262144 --variations-seed-version --mojo-platform-channel-handle=2948 --brver=25.2.1.887 /prefetch:11
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2988
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=ru --service-sandbox-type=service --user-id=15E5CAEE-267D-474A-AD9B-963671430A40 --brand-id=yandex --partner-id=exp_tablo_1 --string-annotations --process-name="Storage Service" --field-trial-handle=2284,i,5928942492899909082,9487064660806431859,262144 --variations-seed-version --mojo-platform-channel-handle=3036 --brver=25.2.1.887 /prefetch:13
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1908
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=ru --service-sandbox-type=audio --user-id=15E5CAEE-267D-474A-AD9B-963671430A40 --brand-id=yandex --partner-id=exp_tablo_1 --string-annotations --process-name="Audio Service" --field-trial-handle=2640,i,5928942492899909082,9487064660806431859,262144 --variations-seed-version --mojo-platform-channel-handle=3164 --brver=25.2.1.887 /prefetch:12
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2940
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=ru --service-sandbox-type=none --user-id=15E5CAEE-267D-474A-AD9B-963671430A40 --brand-id=yandex --partner-id=exp_tablo_1 --string-annotations --process-name="Video Capture" --field-trial-handle=2660,i,5928942492899909082,9487064660806431859,262144 --variations-seed-version --mojo-platform-channel-handle=3304 --brver=25.2.1.887 /prefetch:14
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4360
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=15E5CAEE-267D-474A-AD9B-963671430A40 --brand-id=yandex --partner-id=exp_tablo_1 --string-annotations --process-name="Data Decoder Service" --field-trial-handle=3488,i,5928942492899909082,9487064660806431859,262144 --variations-seed-version --mojo-platform-channel-handle=2548 --brver=25.2.1.887 /prefetch:14
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2428
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=15E5CAEE-267D-474A-AD9B-963671430A40 --brand-id=yandex --partner-id=exp_tablo_1 --string-annotations --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --allow-prefetch --video-capture-use-gpu-memory-buffer --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --may-use-trampoline-gpu --field-trial-handle=4300,i,5928942492899909082,9487064660806431859,262144 --variations-seed-version --mojo-platform-channel-handle=4440 /prefetch:1
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2372
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=ru --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --user-id=15E5CAEE-267D-474A-AD9B-963671430A40 --brand-id=yandex --partner-id=exp_tablo_1 --string-annotations --process-name="Импорт профилей" --field-trial-handle=4940,i,5928942492899909082,9487064660806431859,262144 --variations-seed-version --mojo-platform-channel-handle=4992 --brver=25.2.1.887 /prefetch:14
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Windows directory
  PID:3192
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.1.887\Installer\setup.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.1.887\Installer\setup.exe" --set-as-default-browser
  2⤵
  - Executes dropped EXE
  - Drops file in Windows directory
  - Modifies registry class
  PID:5340
- - C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.1.887\Installer\setup.exe
    C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.1.887\Installer\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=488dca4c15f9a1d330ad312b391a804e --annotation=main_process_pid=5340 --annotation=plat=Win64 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=25.2.1.887 --initial-client-data=0x2ac,0x2b0,0x2b4,0x288,0x2b8,0x7ff7881f4008,0x7ff7881f4014,0x7ff7881f4020
    3⤵
    - Executes dropped EXE
    PID:6000
- - C:\Windows\SYSTEM32\regini.exe
    regini.exe "C:\Windows\SystemTemp\scoped_dir5340_1899256918\w.bin"
    3⤵
    PID:6536
- - C:\Windows\SYSTEM32\regini.exe
    regini.exe "C:\Windows\SystemTemp\scoped_dir5340_1369415200\d.bin"
    3⤵
    PID:6592
- - C:\Windows\SYSTEM32\regini.exe
    regini.exe "C:\Windows\SystemTemp\scoped_dir5340_1369415200\w.bin"
    3⤵
    PID:6640
- - C:\Windows\SYSTEM32\regini.exe
    regini.exe "C:\Windows\SystemTemp\scoped_dir5340_410983273\d.bin"
    3⤵
    PID:6696
- - C:\Windows\SYSTEM32\regini.exe
    regini.exe "C:\Windows\SystemTemp\scoped_dir5340_410983273\w.bin"
    3⤵
    PID:6748
- - C:\Windows\SYSTEM32\regini.exe
    regini.exe "C:\Windows\SystemTemp\scoped_dir5340_1299448115\d.bin"
    3⤵
    PID:6804
- - C:\Windows\SYSTEM32\regini.exe
    regini.exe "C:\Windows\SystemTemp\scoped_dir5340_1299448115\w.bin"
    3⤵
    PID:6852
- - C:\Windows\SYSTEM32\regini.exe
    regini.exe "C:\Windows\SystemTemp\scoped_dir5340_238975944\d.bin"
    3⤵
    PID:6904
- - C:\Windows\SYSTEM32\regini.exe
    regini.exe "C:\Windows\SystemTemp\scoped_dir5340_238975944\w.bin"
    3⤵
    PID:6948
- - C:\Windows\SYSTEM32\regini.exe
    regini.exe "C:\Windows\SystemTemp\scoped_dir5340_2069554386\d.bin"
    3⤵
    PID:7000
- - C:\Windows\SYSTEM32\regini.exe
    regini.exe "C:\Windows\SystemTemp\scoped_dir5340_2069554386\w.bin"
    3⤵
    PID:7048
- - C:\Windows\SYSTEM32\regini.exe
    regini.exe "C:\Windows\SystemTemp\scoped_dir5340_1248562276\d.bin"
    3⤵
    PID:7116
- - C:\Windows\SYSTEM32\regini.exe
    regini.exe "C:\Windows\SystemTemp\scoped_dir5340_1248562276\w.bin"
    3⤵
    PID:6064
- - C:\Windows\SYSTEM32\regini.exe
    regini.exe "C:\Windows\SystemTemp\scoped_dir5340_780036860\d.bin"
    3⤵
    PID:4908
- - C:\Windows\SYSTEM32\regini.exe
    regini.exe "C:\Windows\SystemTemp\scoped_dir5340_780036860\w.bin"
    3⤵
    PID:128
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=15E5CAEE-267D-474A-AD9B-963671430A40 --brand-id=yandex --partner-id=exp_tablo_1 --string-annotations --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --allow-prefetch --video-capture-use-gpu-memory-buffer --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5488,i,5928942492899909082,9487064660806431859,262144 --variations-seed-version --mojo-platform-channel-handle=5512 /prefetch:1
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2332
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --user-id=15E5CAEE-267D-474A-AD9B-963671430A40 --brand-id=yandex --partner-id=exp_tablo_1 --string-annotations --process-name="Data Decoder Service" --field-trial-handle=5744,i,5928942492899909082,9487064660806431859,262144 --variations-seed-version --mojo-platform-channel-handle=5728 --brver=25.2.1.887 /prefetch:14
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4792
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=uwp_cookie_provider.mojom.UwpCookieProvider --lang=ru --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --user-id=15E5CAEE-267D-474A-AD9B-963671430A40 --brand-id=yandex --partner-id=exp_tablo_1 --string-annotations --process-name=uwp_cookie_provider.mojom.UwpCookieProvider --field-trial-handle=5948,i,5928942492899909082,9487064660806431859,262144 --variations-seed-version --mojo-platform-channel-handle=5012 --brver=25.2.1.887 /prefetch:14
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5996
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=15E5CAEE-267D-474A-AD9B-963671430A40 --brand-id=yandex --partner-id=exp_tablo_1 --string-annotations --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --video-capture-use-gpu-memory-buffer --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3540,i,5928942492899909082,9487064660806431859,262144 --variations-seed-version --mojo-platform-channel-handle=3512 /prefetch:1
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5128
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --user-id=15E5CAEE-267D-474A-AD9B-963671430A40 --brand-id=yandex --partner-id=exp_tablo_1 --string-annotations --process-name="Data Decoder Service" --field-trial-handle=3428,i,5928942492899909082,9487064660806431859,262144 --variations-seed-version --mojo-platform-channel-handle=4452 --brver=25.2.1.887 /prefetch:14
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5804
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=15E5CAEE-267D-474A-AD9B-963671430A40 --brand-id=yandex --partner-id=exp_tablo_1 --string-annotations --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --ya-custo-process --enable-instaserp --video-capture-use-gpu-memory-buffer --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=6068,i,5928942492899909082,9487064660806431859,262144 --variations-seed-version --mojo-platform-channel-handle=4508 /prefetch:1
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:6168
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=15E5CAEE-267D-474A-AD9B-963671430A40 --brand-id=yandex --partner-id=exp_tablo_1 --string-annotations --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --ya-custo-process --enable-instaserp --video-capture-use-gpu-memory-buffer --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=6120,i,5928942492899909082,9487064660806431859,262144 --variations-seed-version --mojo-platform-channel-handle=6100 /prefetch:1
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:6612
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=15E5CAEE-267D-474A-AD9B-963671430A40 --brand-id=yandex --partner-id=exp_tablo_1 --string-annotations --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --video-capture-use-gpu-memory-buffer --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=6404,i,5928942492899909082,9487064660806431859,262144 --variations-seed-version --mojo-platform-channel-handle=6300 /prefetch:1
  2⤵
  - Executes dropped EXE
  PID:6764
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=15E5CAEE-267D-474A-AD9B-963671430A40 --brand-id=yandex --partner-id=exp_tablo_1 --string-annotations --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --video-capture-use-gpu-memory-buffer --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=6348,i,5928942492899909082,9487064660806431859,262144 --variations-seed-version --mojo-platform-channel-handle=6316 /prefetch:1
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1732
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=15E5CAEE-267D-474A-AD9B-963671430A40 --brand-id=yandex --partner-id=exp_tablo_1 --string-annotations --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --video-capture-use-gpu-memory-buffer --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6960,i,5928942492899909082,9487064660806431859,262144 --variations-seed-version --mojo-platform-channel-handle=6956 /prefetch:1
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5308
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=15E5CAEE-267D-474A-AD9B-963671430A40 --brand-id=yandex --partner-id=exp_tablo_1 --string-annotations --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --video-capture-use-gpu-memory-buffer --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=6512,i,5928942492899909082,9487064660806431859,262144 --variations-seed-version --mojo-platform-channel-handle=6460 /prefetch:1
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5368
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=15E5CAEE-267D-474A-AD9B-963671430A40 --brand-id=yandex --partner-id=exp_tablo_1 --string-annotations --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --video-capture-use-gpu-memory-buffer --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=7208,i,5928942492899909082,9487064660806431859,262144 --variations-seed-version --mojo-platform-channel-handle=7232 /prefetch:1
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5384
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=15E5CAEE-267D-474A-AD9B-963671430A40 --brand-id=yandex --partner-id=exp_tablo_1 --string-annotations --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --video-capture-use-gpu-memory-buffer --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=7204,i,5928942492899909082,9487064660806431859,262144 --variations-seed-version --mojo-platform-channel-handle=7392 /prefetch:1
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1040
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=ru --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --user-id=15E5CAEE-267D-474A-AD9B-963671430A40 --brand-id=yandex --partner-id=exp_tablo_1 --string-annotations --process-name="Утилиты Windows" --field-trial-handle=7596,i,5928942492899909082,9487064660806431859,262144 --variations-seed-version --mojo-platform-channel-handle=7252 --brver=25.2.1.887 /prefetch:14
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5092
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --user-id=15E5CAEE-267D-474A-AD9B-963671430A40 --brand-id=yandex --partner-id=exp_tablo_1 --string-annotations --process-name="Распаковщик файлов" --field-trial-handle=4468,i,5928942492899909082,9487064660806431859,262144 --variations-seed-version --mojo-platform-channel-handle=7668 --brver=25.2.1.887 /prefetch:14
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5304
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --user-id=15E5CAEE-267D-474A-AD9B-963671430A40 --brand-id=yandex --partner-id=exp_tablo_1 --string-annotations --process-name="Data Decoder Service" --field-trial-handle=7588,i,5928942492899909082,9487064660806431859,262144 --variations-seed-version --mojo-platform-channel-handle=7792 --brver=25.2.1.887 /prefetch:14
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:6228
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --user-id=15E5CAEE-267D-474A-AD9B-963671430A40 --brand-id=yandex --partner-id=exp_tablo_1 --string-annotations --process-name="Data Decoder Service" --field-trial-handle=7600,i,5928942492899909082,9487064660806431859,262144 --variations-seed-version --mojo-platform-channel-handle=8024 --brver=25.2.1.887 /prefetch:14
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:6268
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --user-id=15E5CAEE-267D-474A-AD9B-963671430A40 --brand-id=yandex --partner-id=exp_tablo_1 --string-annotations --process-name="Data Decoder Service" --field-trial-handle=7556,i,5928942492899909082,9487064660806431859,262144 --variations-seed-version --mojo-platform-channel-handle=8172 --brver=25.2.1.887 /prefetch:14
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:6280
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --user-id=15E5CAEE-267D-474A-AD9B-963671430A40 --brand-id=yandex --partner-id=exp_tablo_1 --string-annotations --process-name="Data Decoder Service" --field-trial-handle=7412,i,5928942492899909082,9487064660806431859,262144 --variations-seed-version --mojo-platform-channel-handle=7216 --brver=25.2.1.887 /prefetch:14
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:6292
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --user-id=15E5CAEE-267D-474A-AD9B-963671430A40 --brand-id=yandex --partner-id=exp_tablo_1 --string-annotations --process-name="Распаковщик файлов" --field-trial-handle=7404,i,5928942492899909082,9487064660806431859,262144 --variations-seed-version --mojo-platform-channel-handle=7900 --brver=25.2.1.887 /prefetch:14
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:6524
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=15E5CAEE-267D-474A-AD9B-963671430A40 --brand-id=yandex --partner-id=exp_tablo_1 --string-annotations --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --video-capture-use-gpu-memory-buffer --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=8344,i,5928942492899909082,9487064660806431859,262144 --variations-seed-version --mojo-platform-channel-handle=8368 /prefetch:1
  2⤵
  - Executes dropped EXE
  PID:6540
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --user-id=15E5CAEE-267D-474A-AD9B-963671430A40 --brand-id=yandex --partner-id=exp_tablo_1 --string-annotations --process-name="Data Decoder Service" --field-trial-handle=8312,i,5928942492899909082,9487064660806431859,262144 --variations-seed-version --mojo-platform-channel-handle=8504 --brver=25.2.1.887 /prefetch:14
  2⤵
  - Executes dropped EXE
  PID:6572
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --user-id=15E5CAEE-267D-474A-AD9B-963671430A40 --brand-id=yandex --partner-id=exp_tablo_1 --string-annotations --process-name="Data Decoder Service" --field-trial-handle=8488,i,5928942492899909082,9487064660806431859,262144 --variations-seed-version --mojo-platform-channel-handle=8652 --brver=25.2.1.887 /prefetch:14
  2⤵
  - Executes dropped EXE
  PID:6552
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --user-id=15E5CAEE-267D-474A-AD9B-963671430A40 --brand-id=yandex --partner-id=exp_tablo_1 --string-annotations --process-name="Data Decoder Service" --field-trial-handle=8328,i,5928942492899909082,9487064660806431859,262144 --variations-seed-version --mojo-platform-channel-handle=8320 --brver=25.2.1.887 /prefetch:14
  2⤵
  - Executes dropped EXE
  PID:6352
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --user-id=15E5CAEE-267D-474A-AD9B-963671430A40 --brand-id=yandex --partner-id=exp_tablo_1 --string-annotations --process-name="Data Decoder Service" --field-trial-handle=4996,i,5928942492899909082,9487064660806431859,262144 --variations-seed-version --mojo-platform-channel-handle=7584 --brver=25.2.1.887 /prefetch:14
  2⤵
  - Executes dropped EXE
  PID:6812
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --user-id=15E5CAEE-267D-474A-AD9B-963671430A40 --brand-id=yandex --partner-id=exp_tablo_1 --string-annotations --process-name="Data Decoder Service" --field-trial-handle=8324,i,5928942492899909082,9487064660806431859,262144 --variations-seed-version --mojo-platform-channel-handle=9040 --brver=25.2.1.887 /prefetch:14
  2⤵
  - Executes dropped EXE
  PID:6864
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --user-id=15E5CAEE-267D-474A-AD9B-963671430A40 --brand-id=yandex --partner-id=exp_tablo_1 --string-annotations --process-name="Data Decoder Service" --field-trial-handle=9204,i,5928942492899909082,9487064660806431859,262144 --variations-seed-version --mojo-platform-channel-handle=9224 --brver=25.2.1.887 /prefetch:14
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --user-id=15E5CAEE-267D-474A-AD9B-963671430A40 --brand-id=yandex --partner-id=exp_tablo_1 --string-annotations --process-name="Data Decoder Service" --field-trial-handle=7392,i,5928942492899909082,9487064660806431859,262144 --variations-seed-version --mojo-platform-channel-handle=9324 --brver=25.2.1.887 /prefetch:14
  2⤵
  - Executes dropped EXE
  PID:8
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --user-id=15E5CAEE-267D-474A-AD9B-963671430A40 --brand-id=yandex --partner-id=exp_tablo_1 --string-annotations --process-name="Data Decoder Service" --field-trial-handle=9192,i,5928942492899909082,9487064660806431859,262144 --variations-seed-version --mojo-platform-channel-handle=9356 --brver=25.2.1.887 /prefetch:14
  2⤵
  - Executes dropped EXE
  PID:3932

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --broupdater --broupdater-origin=auto --bits_job_guid={45D8B300-DB38-41B5-AF4B-0AEA46F323B5}
1⤵
- Executes dropped EXE
- Checks system information in the registry
- Enumerates system info in registry
PID:3736
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" --url=https://crash-reports.browser.yandex.net/submit --annotation=install_date=1740028717 --annotation=last_update_date=1740028717 --annotation=launches_after_update=1 --annotation=machine_id=488dca4c15f9a1d330ad312b391a804e --annotation=main_process_pid=3736 --annotation=metrics_client_id=4f2cc652509b4d7fb52f91bc553bb819 --annotation=micromode=broupdater --annotation=plat=Win64 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=25.2.1.887 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ff9259458d0,0x7ff9259458dc,0x7ff9259458e8
  2⤵
  - Executes dropped EXE
  PID:5084
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=15E5CAEE-267D-474A-AD9B-963671430A40 --brand-id=yandex --partner-id=exp_tablo_1 --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=angle --use-angle=swiftshader-webgl --gpu-process-kind=sandboxed --field-trial-handle=1984,i,634280565439502767,11063982479525930384,262144 --variations-seed-version --mojo-platform-channel-handle=1980 /prefetch:2
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=15E5CAEE-267D-474A-AD9B-963671430A40 --brand-id=yandex --partner-id=exp_tablo_1 --string-annotations --process-name="Network Service" --field-trial-handle=1796,i,634280565439502767,11063982479525930384,262144 --variations-seed-version --mojo-platform-channel-handle=2188 --brver=25.2.1.887 /prefetch:11
  2⤵
  - Executes dropped EXE
  PID:3884

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --broupdater-stat-bits --broupdater-stat-name=install --bits_job_guid={B6EAA433-0CB3-4F69-9A7D-2DE4145BEE87}
1⤵
- Executes dropped EXE
- Checks system information in the registry
- Enumerates system info in registry
PID:6032
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" --url=https://crash-reports.browser.yandex.net/submit --annotation=install_date=1740028717 --annotation=last_update_date=1740028717 --annotation=launches_after_update=2 --annotation=machine_id=488dca4c15f9a1d330ad312b391a804e --annotation=main_process_pid=6032 --annotation=metrics_client_id=4f2cc652509b4d7fb52f91bc553bb819 --annotation=plat=Win64 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=25.2.1.887 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ff9259458d0,0x7ff9259458dc,0x7ff9259458e8
  2⤵
  - Executes dropped EXE
  PID:5408
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=15E5CAEE-267D-474A-AD9B-963671430A40 --brand-id=yandex --partner-id=exp_tablo_1 --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=angle --use-angle=swiftshader-webgl --gpu-process-kind=sandboxed --field-trial-handle=1956,i,8096311695197101242,994179828181636278,262144 --variations-seed-version --mojo-platform-channel-handle=1952 /prefetch:2
  2⤵
  PID:5976
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=15E5CAEE-267D-474A-AD9B-963671430A40 --brand-id=yandex --partner-id=exp_tablo_1 --string-annotations --process-name="Network Service" --field-trial-handle=1800,i,8096311695197101242,994179828181636278,262144 --variations-seed-version --mojo-platform-channel-handle=2160 --brver=25.2.1.887 /prefetch:11
  2⤵
  PID:6172

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_D94F4A82266DCEDAC0F3F1BFD0843F4D

Filesize
2KB

MD5
7388cf7d19ce2221a0067ee7b09ada02

SHA1
df95b23fe326e77eb3ef98844963e86ebd3aa906

SHA256
c2926710e2bc242a0c9faff96ded8500c6ef451b262a0e20b78b6638a345895c

SHA512
dce29c8d335ded49c436754c8a5a6f7648658eed7eea628297e053124fb81be390a0ad379bca18e99d459ac48ae92c5450cb2a3d34a6d9364d46d67b0ec1ee43

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B

Filesize
1KB

MD5
1387484d1dc6530689237b387de580b9

SHA1
d285aa40d4284eef3f1c86c559a9780b9992b15b

SHA256
6242ce041a2f039564def92b5a00f744e3237a69359d8e9fd64d592c387c7be1

SHA512
a85091d8f3a6799e2e487824883e1856ebae38301aa7dcbc8b32a1a574118b70b5245084ee9473e975b527baf19dd66b7fc1c126691adc694db1258f2dbdf113

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\349D186F1CB5682FA0194D4F3754EF36_1A63C94825D2CC9ACE0AFA6C616B60BF

Filesize
1KB

MD5
7612212ce7474ab2010c555395faef34

SHA1
0ae5ca1f9b6e2cef3b61ce0924ecc3159ceb316a

SHA256
391dc57275d8e594ae6f60efd86b34e6246673fdd70b35fe8a501878c30438d7

SHA512
6a3b19ea13b73159887b52bf0a1184a49f073be92c741309ea24d66a8ed77336fc37ca9980cc9ea18cc406782d6be6bb14f8c607705c0fa2743f1eb89e575a5e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\357F04AD41BCF5FE18FCB69F60C6680F_394487CAFBCFB8C5917AD7A10924C8A7

Filesize
1KB

MD5
80b273adbe132f8e05e71789db26da40

SHA1
bbd762e6306aba652efe2a52c49649f5fd77ea8f

SHA256
0556a572d6b76de3547eaecbbd613c317e232174620767dccc675be7135f3a1b

SHA512
87fcadb099947bb989f17da99f0b94e1711fdf97600455a5c2fbda7d3103d366262929adc4130c31185236707d6373cff396b58462858b5aee1d6ca566e74697

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E

Filesize
1KB

MD5
3c6bb2db25e83bdf5fd9341bf4d38c2c

SHA1
09d1740dbf0e507170bef6f9e146b4ab1c11ae39

SHA256
15de111d583fcabdc76fd9801e1780942e39cc384246e374c7f51967d943200b

SHA512
76e1d565548b32bba024a73893c97a3832b58176567b7d6baad6e0b2f50d8e5cb40ac2b08ce6632f5659152df623c44042b66d624a1fe27f10179d64bc6fd516

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9E5AF9A59B2A0198F537F5F6F7EBA776_57ABCF7C80DDF20409A123C0B25EDA1D

Filesize
765B

MD5
656752db4bcd9e002ff69f3ccf7d52d6

SHA1
3c6e4bce10e25fac8ae837cecd9763b82a79e541

SHA256
5adee5022663df5916db49d30e5c2abfb4604cbee0e389265f225027ccb0219d

SHA512
1a0b351dac0fa3104facebbbada1fd74424ce259737788e042002d7c1ca0b74172950619434fa88f59237d9446c6c81202f3a143d400bc2b6eb0aefe24052c91

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A334956C3F99BD182BF4859935BADE72_FACA7E02B2152427A5B3C5BC1AC9CE92

Filesize
637B

MD5
d41e962aa9005631ecd2aa9340461b88

SHA1
22f7dad79a64522092bdd0dc319962c92e4d3af8

SHA256
368ad5d9890509a194e7de8770b45c2ed87fadacd2d11daabec1dbb2e0d80ec3

SHA512
3cbd243b41177aab26b12f736679a3b626528705da8d352f1917ccccaeb160303ad7632f9db274955f817058880f033337f29d5e38029a58562cc55a1fc17119

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3

Filesize
1KB

MD5
d17c826d2fa3ba29a2231dbce5354e18

SHA1
1d7ad4144a75f7b145c36b508142da44cbcbf10e

SHA256
ba903e57fc2d25f2f6a0f1d6cebf81fa3f2d65c3b98dbb69317562ce8fa950b1

SHA512
e175ae8e0978a856d1fd72242daf91173e9ff2e925b3e7642e96b004c051b2822840db55eb791abefe23960ccf78bc9d3d2d8d21c7ac0ae1784ae55c50ff52df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_D94F4A82266DCEDAC0F3F1BFD0843F4D

Filesize
488B

MD5
375ed08b80eeaa86ba16273e8023bb68

SHA1
74d89922a167478c350a2bbe3b27b81928c6a520

SHA256
a25d5d82ea7f55c56230867f14ca7b2fd2e6227e6d180bac11b103f8675302ee

SHA512
fce947bef1fc1a5dd35ff42d88595558674199f2824304a6d03f61b6588fbb677582fd8d089c8db83e3a321aae42aa3d8ac2d697d3d084f4095b4349973d376b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B

Filesize
508B

MD5
1764c7db6538362bb7a6bdc6f8866d9a

SHA1
5747a32a21e4185e9ddeb8b41e719566b03e020c

SHA256
d0d4a0d821b81df075927d055fe991072771e438a656f94ada987b60fc3a5c3d

SHA512
f8ee985e99d0e056afa30198dccc859f9ba667f5190848a80b2827969282bed966b165b463a6861f590c5b999c3b38f85985dbed3b0677cf4c2e6a73e07f4b6f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\349D186F1CB5682FA0194D4F3754EF36_1A63C94825D2CC9ACE0AFA6C616B60BF

Filesize
536B

MD5
d7a96fc5b620bc53ca113b5f2e09e302

SHA1
a58256eb87b1aad49f1ef0a15a10c696c450d0f3

SHA256
31c99d7b50b97bd562bef7461144ad6b526396a514bae7e4645483717b855b54

SHA512
06345bf9aa2c6eaf1eebb746581e99bebc074ef8462c6231c1d0294e414399d07c0c7f338e46f6180c1f5c63ed2e8dd4332f41e3bf629b4976a9f9beef50609e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\357F04AD41BCF5FE18FCB69F60C6680F_394487CAFBCFB8C5917AD7A10924C8A7

Filesize
536B

MD5
86ff751559739a08ce8f8f9db6b5f488

SHA1
8ef873e951156920878324b65f8b1f10fd1397f0

SHA256
90cc17799a1867468ed1775762b07447e93b3c3aad88eca1880a8ecb4a726696

SHA512
27aba78ee99057bcef13afb7270f6d9461a59174fec93e1a8d622b8ea86ddbd1558ad6ae7935a77b765b926a66c07dc71efd7d567c66a9f23a1bf6771024811a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E

Filesize
536B

MD5
ac1e594d34bdc6991f9ddfd75bd3fe1d

SHA1
2a1a2ad5d83f20264f469342e2d7b65371c9260a

SHA256
1814ed1bc1547aca6604e66720f7675f51e1b7c7c445fcaf7674e77f9d9fe35a

SHA512
089215ae1db20979b923c1422af01c605e7e864e64b3b4e0ad2c86a7911abf127d82d3d99a1c2afd0f6df153885c41c49e2ea75a580aec86c4c78b8cb7b9d217

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9E5AF9A59B2A0198F537F5F6F7EBA776_57ABCF7C80DDF20409A123C0B25EDA1D

Filesize
496B

MD5
8174ea64ba43e3ab35e376cfdb1c3ea0

SHA1
b3d1443a69d7af48f71b7bc911f33e00e8155806

SHA256
b8f4c60a420406ef966f2a9c16199a8f1fe0298b6e61b5dceccbdff807028704

SHA512
c9b1eb4871a32e610271d9d0086e6fdc7a2d1ceeafd91136251320b836b99b6c941643c0d44663dccb7c38ee6a32afb744e98a447e05501e532747239881b511

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A334956C3F99BD182BF4859935BADE72_FACA7E02B2152427A5B3C5BC1AC9CE92

Filesize
480B

MD5
8d03c6d9b859cd48bb861f30b9cf609e

SHA1
21491f976aea0a78fe9b61a9b2e6f42515c00030

SHA256
a3631463c0fc4276f653f37ac13aa3157387d8b75819cc26db6e627153b4690b

SHA512
b19bc783542429d0c2e68ec630f84c8449d8b6a83b54a034d5c3c648063edac68a65fb35204ab918befdf7959d17587228dacce2c3f51022cf05e44c572d2067

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3

Filesize
506B

MD5
d43df761c088fd115220d3ca9d4aaa45

SHA1
df65b5e01a942d6e96929f14976b519ab2a05d49

SHA256
801479036cb07f2ba5c4cb7abe366dae6626f9f4dd818957a2ab67b084446b6b

SHA512
15408b32da8acc829fa39b07c65915b7f8ab5ed27c4cf430f9bfbd8479729422e1dde37589741d7206f476707b3977e34207b800b0051bc75b887cca91224e68

Download Submit
C:\Users\Admin\AppData\Local\Temp\PartnerFile

Filesize
691KB

MD5
f55122ed147ffb158e79c2b9d9388a17

SHA1
7847c5c22ae75dbe217ee6b2532bc3bd65e8e50e

SHA256
1ef2f4b60a9d809931f7acda752d780b63b79950c86fa7e2aa8c928b699cb501

SHA512
1d61131dc52f61fc8a86212fd30b7307813549508af48e544ce823edb546dc439133a2c1413803d75724bc7ed5af3d7a5d15ea2195fdb7488da600792d338977

Download Submit
C:\Users\Admin\AppData\Local\Temp\YB_37465.tmp\BRAND_COMMON

Filesize
26.5MB

MD5
d6c2cd5f17ff8ef12b5a20ccbd61ff8e

SHA1
33eb512ca57fed7e435464fe2485a13ea586ca97

SHA256
681e99fc00dc3462f3868bca81670d1403ae7d3ba7d469bb676631722ab65482

SHA512
10962750b1c66ec5f595a4fcc7f86d43346cf893059be5cbc8d93ac48b7a718d2e458ab48ac6097805cd2b0990ac774a1241b6030a88f90054b9be12c61a5bbc

Download Submit
C:\Users\Admin\AppData\Local\Temp\YB_37465.tmp\brand_yandex

Filesize
1.9MB

MD5
59a36c91967d7b4bdde3f1946475f50b

SHA1
8412f404d1311395230033307f489baeee88f002

SHA256
73e64673a0b6d07c8cae0532310824010d00fbda7d5e0472e14a9a396bdbc4c2

SHA512
ef9f6f3d47d71131b9f85f21b0402933495b434c812c4243c3bfa6a838e45b7d9a23a3d17f98f6716a309eee603e2059c9f350177dd669854c661cd7cd3b8f59

Download Submit
C:\Users\Admin\AppData\Local\Temp\YB_37465.tmp\setup.exe

Filesize
5.7MB

MD5
b09c4fe773ba08fdd9c9c32e3f92db05

SHA1
84e17445f6cdf96256cb049cb35024cad46a767d

SHA256
1fa26beb3e59ad1ecc31e59f93c3f42698fa26c634b9e0ead6137edfcc14daad

SHA512
d4a0698c72ad0e0ef60efa4653ecc98598bdf491ab01de1bee69b0bfe79345fbbcf32b14105bf32b754796430d2eba37640593e4ccfb0df6d46110f728f09d9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\clids.xml

Filesize
580B

MD5
94767e5bd3c7d598c990dcba9e0abf8b

SHA1
c4ae03d2480a773b24ad9716472426c47c7355f2

SHA256
e1f801c2623eca1d2ef8c5beb325b64d3eecd2a36e92e8c2bcfcf9315f9773af

SHA512
c0fff8d20d2ad2182c9e3fdab72cc2384beb97af3fc4964a831e9605fc8cb711e3de9af0f1589f1399eb6b4a940f0d2a6caaac81bd7ddbee071a10265fce4685

Download Submit
C:\Users\Admin\AppData\Local\Temp\distrib_info

Filesize
422B

MD5
2802a4251c48dfcb51643659363a5ebf

SHA1
f81a0dba51b750d3564ab68a39ef3639e2730e15

SHA256
b875c5ed2420efc41f1aef2b8dea05c47421c7d55ccf34a956e371de1fb29119

SHA512
f26f07abbce99c65f53742c29be2ba517ab12fd54afbc362b94b791eaddde83bf53893f357c125b054ce43a059eb4bb367446a48038c1ed0e6589608ee230561

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
9KB

MD5
6a6a39c4429698041f90ecafc4ad7a70

SHA1
20c3134eec727ee01b78717ad8395f205982ab51

SHA256
f42d46e5d222613ee2af6a3d50c37974d6d549873a40af5128dee2934a8e48a7

SHA512
a9823386e9eb0230438b81befa9d5e3817ebad99d2aa78cb53cea3ab02eae93ff8dabddec58a08fa1453c6fed8d9655226f0a8585df258ee0a633bf5fdddc9ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
21KB

MD5
9e00e37fbb29dd6d8de1623448a0160f

SHA1
469a621319e65121c49e4ea716f4ceef98092314

SHA256
90c0070f1dd534da7ca83dd10494ca3c7a7d2b6ca34c73cb1f0a09ffc43e86eb

SHA512
7622af1fc4e30c088e66583484366acec6c7c877c4c1422f0db063b9ae19924e8c1113a4fba1df75bd1f5535f3a317bbf6d44b5d305a1711eb91fba1500ae467

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
21KB

MD5
d9ce5ab1abf384ab88bb58456bc9c9d8

SHA1
df1fb9f9a42c91c8fb0b3e4ef998f425cad08947

SHA256
63326bcf38849a945e116b4fe78c6881cd6626a82d71c985f43fbe88b58b8287

SHA512
51fe07720361d5a0fa625200d92c31534e3f07ccb0b1ae94beb59aa98c0859925e12046594c1472463f48e8f905fd3146ff55a419096ccfe22bd1c1d3430921c

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
34KB

MD5
c09bc848fa68f8fecab0d01f85eafdc1

SHA1
4ce53fb59b327609def49240f33e310b93cbb6de

SHA256
a4dc5dd081a8e54d3806f3ae19ee276b3dd507999ef3dee8eef1fd30572cc20f

SHA512
9dbe1c5ae19b3f3af1b15c329836b534507833749689a877b05a7f07746bde6157edc85620fc802ae896a9b4d78840008e10d8cf3af63bea532c1c1308042812

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
34KB

MD5
2cfec8541a0edd95e1840e67761cb59d

SHA1
353dd75344c756af1ec0fb383cc21e65e5aa3c76

SHA256
f19df95041fe9b1185ab294d1d5ad331b7dba8ffa9bbbfe7ce3eb450d80d8bd1

SHA512
c0dae370f27c694aa6489a9a43e4219b93fe0db7176fa31afe5125cf24af7cd9f8f1334d83f9449db43874b569af8999822e9edecf195728e231748d69bc9bee

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
35KB

MD5
113d94249dbaa13050900089b074e5c5

SHA1
59cba360e9891af240b5b3f74f22597b825f5dc9

SHA256
1d78253cb89a8521b236d10d1caf95c0e6dae70ddff38eba7421bcbfa8881a10

SHA512
018cb605ecf948d3a00eb67511291558da866b6c709ba8563a6fcd608aab0d16b139a935a9792bcd98574f80b2341af3b834974e4e184e5ab57ffa960997380c

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
35KB

MD5
b1ecac898418c076a26523638dab96e2

SHA1
f3a2a62c0d9bb24910daa92d83b9e2f3ee0c4f5e

SHA256
05e8ba6f090171849392e9d151a152676ad4c440faf3d674d077d84bc89e18d2

SHA512
d1a4e099fcfa0e4a1f337d9abcaffbec71f9727a23b11440d4d4133798cb7996c544ed67b465492d3dc38d27cac2a57af91a7a9fbd14b2441fbc76c41d5ad48d

Download Submit
C:\Users\Admin\AppData\Local\Temp\master_preferences

Filesize
431B

MD5
ab5f473605a87def3fbb6a6bd9b02f94

SHA1
b9fc47f7eb9abc4f704a679358c8be2401cb97d5

SHA256
ec3a2ae79d46c2933d86c3d93b663a42a60b2a1434ac079b11097814a76a81c8

SHA512
dbc4caca0f26382fcafde19b1d4b421c3a5e14162f83880c6c11e7909a4b759f97e7a1ad977bdad3d0be04ebe0961c682d8ebb4a44a2d0e1c1de435160a704ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\yandex_browser_updater.log

Filesize
5KB

MD5
293caa6cd65be1b454162bc206901213

SHA1
f6dbd8cc0139140b2fb68e85713d9fee5e73605f

SHA256
f3a0dbdb09c46d6408ac557eaafffb4c6ce75fed7883079ea98cabb1223b8478

SHA512
8a2f5e704e4cc8a6dc157641cb1802fb02cfb590294d58e6dc3c54321c9b726e570afa6f499ff838cd8c6909d7c5ab1254b7a1226cc97b3f7ac2548f0f24d307

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe

Filesize
618KB

MD5
72edb5156d1fde5ac807f6b79720a3ff

SHA1
4db2ecf6cbdfe713d448020194f1159393c7bf81

SHA256
39cd4b55575d9dfde155871b57ec2e24346cf9375f53fe2f39ff6d1315841909

SHA512
c27cf183257b0a31ab1848b28f39c071ccdf87b2d9af79a1dcc989e1a017cff3056b51cd5e25d0a9490c21367789060254cf57e005f685c7490d9b4a71d0eeea

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.lnk

Filesize
2KB

MD5
f931a204f485c47e7afbed2226d747f9

SHA1
f4fc3bef88ef8a89117f56dd20c484517a38beaa

SHA256
75c0bdd0eaa2d5a99e8a722766db38af38b2749f53abf03e3df416bc1d66c8cb

SHA512
253a5742a34f24129e1ffd75048b50142968063f565a3bac0302d270e085514144b5aa832e8c312c7575c10d2bd33c00dcd39498fa6b815f1cc053abca949414

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YaPin\yandex.website

Filesize
488B

MD5
2baf611b1b6876e6c393054aa8c46a0a

SHA1
3d26e532d5b37939b51884bfb53732070c4dca9a

SHA256
5f7570144541408b41c15373bb8870e7bde53ad3c5413e2f6000e6f0e449b853

SHA512
1a0dc02bdd53e1bd49b2a72b10828463f5c8bed8a17b8498eb4ae939a40dfd8bcaeba1feac1190f5595b4da245a7aa0e4507724ef9fb74172b29581e885cd563

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.1.887\brand_config

Filesize
7KB

MD5
ac900c4e3cb599802f28ed02cc9acc5b

SHA1
58dce0513206f36199450e1bd0243ea3754c32a2

SHA256
bea3055691094d67ee31ef5b008fec16a3f9da04a50daa4e94c55fbccc656fce

SHA512
61569489023e7484b9b7a5e261c4033298705562f6335a261dbde30b03fc25e75fe30a8fe32a68644f2cdd6856b72489080f493968bb30a8a2e16bb5c1bd1520

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.1.887\partner_config

Filesize
505B

MD5
fab1b17f7aaec14109500c6f83b35669

SHA1
a11208973d612e060c67e8bbddcbe9a6b92e19e1

SHA256
c4168438bf236f88c8f34fe412728a4392b3afae0eb41f9d712a51215bec58b5

SHA512
72c543fdeec56aecaef99f88d1b1dcef0e88864dedc0e130b88d11e129878a289b0c51b810078de6c8ed1e2d71fd6d85ab061cf3644bdbb96459c1a3887540ab

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\YandexDictionaries\ru.bdic

Filesize
4.5MB

MD5
ac3768f0462853d08df284e67c7c4ebd

SHA1
732581ac6f2e02246696817adc53d2e2e5d0dcb5

SHA256
af2bcc135f974aad505a8f55296117dbf4cbc095931e22f424698b181d273656

SHA512
27d558deffeeefe1198aebdf65a3fef0b0f3d6b6c4177d03ff32b0363f0a2fb1b7ff6454f45dd3254427cec9174b03181c50bc51dba212e6ab0114a6e72bcf96

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

Filesize
5.1MB

MD5
6ccddbd76f400db088d7f45ad8484dcf

SHA1
b4e75ec1d1ae3288b17f1716f1a01f2b84912796

SHA256
7b5628d2f3c92a27985153101abc8ff7106157db929106c1aec777c52152ea53

SHA512
df5133bd7524bc63f6fb3439bbe035add20b36b06c0b3b951fc4d209b88f1c55acf7e10cb0f39284ded5501e3721dfab05cc13785bd97749be03738e113dd837

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\install_state.json

Filesize
1KB

MD5
74327d3c53cb9408f3c90812df688adc

SHA1
1d24d45981248f1fa1e2556c2aac430d8d7fe593

SHA256
7c557d6d742de7fe3248f59a894e7bb72234a1c80abcea3dc73e61ce9b56dcff

SHA512
2389bca5eff1cad4d4bd12e683c011004be2c4acf80e21897524985e6d73cf22fed208a08c117335a3acd3433f2252ade00a01c7315bfb536933589f0f112e94

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.1.887\Extensions\ghjgbemlcjioaaejhnnmgfpiplgalgcl.json

Filesize
119B

MD5
2ec6275318f8bfcab1e2e36a03fd9ffa

SHA1
063008acf0df2415f5bd28392d05b265427aac5c

SHA256
20832de8163d5af0a0c8bda863bcd6083df4f92175d856ce527de1dae1f7c433

SHA512
5eee4555be05d07bce49c9d89a1a64bb526b83e3ca6f06e2f9ef2094ad04c892110d43c25183da336989a00d05dad6ff5898ff59e2f0a69dcaaf0aa28f89a508

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.1.887\resources\about_logo_en.png

Filesize
1KB

MD5
1376f5abbe56c563deead63daf51e4e9

SHA1
0c838e0bd129d83e56e072243c796470a6a1088d

SHA256
c56ae312020aef1916a8a01d5a1fc67ed3b41e5da539c0f26632c904a5e49c62

SHA512
a0bab3bae1307ea8c7ccbd558b86c9f40e748cdd6fd8067bb33eeef863191534af367a0058111553a2c3a24e666a99009176a8636c0a5db3bf1aa6226130498f

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.1.887\resources\about_logo_en_2x.png

Filesize
3KB

MD5
900fdf32c590f77d11ad28bf322e3e60

SHA1
310932b2b11f94e0249772d14d74871a1924b19f

SHA256
fe20d86fd62a4d1ab51531b78231749bd5990c9221eab1e7958be6d6aef292d9

SHA512
64ebc4c6a52440b4f9f05de8ffb343c2024c4690fe5c9f336e78cd1dd01ae8225e8bc446f386feb442e76136b20d6b04ee293467b21f5b294ce25e500922f453

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.1.887\resources\about_logo_ru.png

Filesize
1KB

MD5
ff321ebfe13e569bc61aee173257b3d7

SHA1
93c5951e26d4c0060f618cf57f19d6af67901151

SHA256
1039ea2d254d536410588d30f302e6ab727d633cf08cb409caa5d22718af5e64

SHA512
e98fbfb4ed40c5ac804b9f4d9f0c163508c319ec91f5d1e9deb6a5d3eada9338980f1b5fe11c49e6e88935ecd50119d321ce55ca5bdd0723a6e8c414e1e68e16

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.1.887\resources\about_logo_ru_2x.png

Filesize
3KB

MD5
a6911c85bb22e4e33a66532b0ed1a26c

SHA1
cbd2b98c55315ac6e44fb0352580174ed418db0a

SHA256
5bb0977553ded973c818d43a178e5d9874b24539dacbd7904cd1871e0ba82b23

SHA512
279fb0c1f2871ce41b250e9a4662046bc13c6678a79866eaf317cc93c997a683114122092214ce24f8e7f8a40520fe4ca03f54930148f4f794df0df3ecf74e9d

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.1.887\resources\configs\all_zip

Filesize
695KB

MD5
c3484015eb5e9bd63ed5fc447d56290d

SHA1
6c347f09d7caa73c05a1414c25c8df1f091afd4b

SHA256
2d88e859d1907c44fb43c1607a00d9b2c53f03946e21873ec13b336dc6eed78b

SHA512
32278926509b651674573939fa26211fecd9eb743ed9142324ea51a2f72e7bf62e04d0e29647fadb095ce23716f386139b45ba827a024d360415b65a6fcd71e1

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.1.887\resources\easylist\easylist.txt

Filesize
620KB

MD5
8e4bcad511334a0d363fc9f0ece75993

SHA1
62d4b56e340464e1dc4344ae6cb596d258b8b5de

SHA256
2f317fee439877eaadb1264bd3d1e153c963ef98596a4ccf227592aea12ae76f

SHA512
65077bd249c51be198234ff927040ef849cd79adcd611ed2afae511bc2a257a21f13171bf01cb06fce788c1cff88c8ad39cf768c5900d77cd15453a35e7f0721

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.1.887\resources\easylist\manifest.json

Filesize
68B

MD5
15bcd6d3b8895b8e1934ef224c947df8

SHA1
e4a7499779a256475d8748f6a00fb4580ac5d80d

SHA256
77334f6256abddcc254f31854d1b00aa6743e20aadbb9e69187144847099a66b

SHA512
c2d3778a99af8d8598e653593d5e2d1d0b3b2ace11addd2d3eeb2bf3b57d51bf938ddaf2d2743322e0ce02e291b81f61c319daf34c1cd604ffce1f6407a30b34

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.1.887\resources\extension\elokbjeafkcggjfjkakpchmcmhkhaofn\brand_settings.json

Filesize
379B

MD5
f70c4b106fa9bb31bc107314c40c8507

SHA1
2a39695d79294ce96ec33b36c03e843878397814

SHA256
4940847c9b4787e466266f1bb921097abb4269d6d10c0d2f7327fde9f1b032b7

SHA512
494dce5543e6dacc77d546015f4ea75fd2588625e13450dba7ba0bd4c2f548b28c746a0d42c7f9b20d37f92af6710927d4bccb2fee4faa17d3ec2c07ff547e70

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.1.887\resources\extension\fcgfaidpicddcilhjhafmmcgfodijhjd\brand_settings.json

Filesize
316B

MD5
a3779768809574f70dc2cba07517da14

SHA1
ffd2343ed344718fa397bac5065f6133008159b8

SHA256
de0fbb08708d4be7b9af181ec26f45fccd424e437bc0cfb5cf38f2604f01f7b2

SHA512
62570be7ea7adee14b765d2af46fcd4dc8eec9d6274d9e00c5f361ff9b0cdb150305edad65a52b557c17dd9682e371004a471fa8958b0bd9cfbe42bb04ca5240

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.1.887\resources\extension\gopnelejddjjkamjfblkcijjikkinnec\brand_settings.json

Filesize
246B

MD5
30fdb583023f550b0f42fd4e547fea07

SHA1
fcd6a87cfb7f719a401398a975957039e3fbb877

SHA256
114fd03aa5ef1320f6cc586e920031cf5595a0d055218ce30571ff33417806d3

SHA512
bae328e1be15c368f75396d031364bef170cfcf95dbdf4d78be98cff2b37a174d3f7ebb85b6e9eb915bb6269898cbcecd8a8415dc005c4444175fe0447126395

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.1.887\resources\import-bg.png

Filesize
9KB

MD5
85756c1b6811c5c527b16c9868d3b777

SHA1
b473844783d4b5a694b71f44ffb6f66a43f49a45

SHA256
7573af31ed2bfcfff97ed2132237db65f05aff36637cd4bdeccdf8ca02cd9038

SHA512
1709222e696c392ca7bcd360f9a2b301896898eb83ddfb6a9db0d0c226a03f50671633b8bed4d060d8f70df7282ffc2cd7ab1d1449acf2e07a7b6c251aa3a19e

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.1.887\resources\morphology\dictionary-ru-RU.mrf

Filesize
1.1MB

MD5
0be7417225caaa3c7c3fe03c6e9c2447

SHA1
ff3a8156e955c96cce6f87c89a282034787ef812

SHA256
1585b1599418d790da830ef11e8eeceee0cbb038876fe3959cc41858bd501dbc

SHA512
dfc0de77b717029a8c365146522580ab9d94e4b2327cef24db8f6535479790505c337852d0e924fbfa26e756b3aec911f27f5f17eba824496365c9a526464072

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.1.887\resources\morphology\dictionary-ru-RU.mrf.sig

Filesize
256B

MD5
d704b5744ddc826c0429dc7f39bc6208

SHA1
92a7ace56fb726bf7ea06232debe10e0f022bd57

SHA256
151739137bbbdf5f9608a82ec648bdf5d7454a81b86631b53dfc5ad602b207d6

SHA512
1c01217e3480872a6d0f595ceb1b2242ffe3e1ff8b3fdd76eea13a7541606b94d3ccd69492a88220e0e40c17da5d785e4dba1d7501e6be749b9c46f72572ef6f

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.1.887\resources\morphology\stop-words-ru-RU.list

Filesize
52B

MD5
24281b7d32717473e29ffab5d5f25247

SHA1
aa1ae9c235504706891fd34bd172763d4ab122f6

SHA256
cbeec72666668a12ab6579ae0f45ccbdbe3d29ee9a862916f8c9793e2cf55552

SHA512
2f81c87358795640c5724cfabcabe3a4c19e5188cedeab1bd993c8ccfc91c9c63a63e77ac51b257496016027d8bccb779bd766174fa7ea2d744bd2e2c109cb8b

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.1.887\resources\safebrowsing\download.png

Filesize
437B

MD5
528381b1f5230703b612b68402c1b587

SHA1
c29228966880e1a06df466d437ec90d1cac5bf2e

SHA256
3129d9eaba1c5f31302c2563ebfa85747eda7a6d3f95602de6b01b34e4369f04

SHA512
9eb45b0d4e3480a2d51a27ac5a6f20b9ef4e12bf8ac608043a5f01a372db5ea41a628458f7a0b02aaba94cd6bb8355a583d17666f87c3f29e82a0b899e9700bd

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.1.887\resources\sxs.ico

Filesize
43KB

MD5
592b848cb2b777f2acd889d5e1aae9a1

SHA1
2753e9021579d24b4228f0697ae4cc326aeb1812

SHA256
ad566a3e6f8524c705844e95a402cdeb4d6eed36c241c183147409a44e97ebcd

SHA512
c9552f4db4b6c02707d72b6f67c2a11f1cf110b2c4ac5a1b7ac78291a14bf6eb35a9b4a05bc51ac80135504cd9dcad2d7a883249ee2e20a256cb9e9ceeb0032f

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.1.887\resources\tablo

Filesize
939KB

MD5
8958ea4502b052a7ed60091ba1b105d1

SHA1
c3bd10c1e595a15874dd64ab339aa282f2061075

SHA256
ed6dd9ab57cd69f5558fe79b595bd7f9d3bba95db87e8e31397bfa6f22740d2f

SHA512
097a57bfe8d70f0044819474d0c49937d23ff8a82defbc37ab66ab465c1bf1e0d90a98cabb79554a4b9291a446e259a953d460c39e0699fa1a9d3dc1873de4c0

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.1.887\resources\wallpapers\1-1x.png

Filesize
18KB

MD5
80121a47bf1bb2f76c9011e28c4f8952

SHA1
a5a814bafe586bc32b7d5d4634cd2e581351f15c

SHA256
a62f9fdf3de1172988e01a989bf7a2344550f2f05a3ac0e6dc0ccd39ed1a697e

SHA512
a04df34e61fd30764cf344b339ba2636b9280a358863f298690f6a8533c5e5dfa9773a14f8d16a5bb709ea17cf75e1da6302335aa9120009892e529bfad30df9

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.1.887\resources\wallpapers\abstract\light.jpg

Filesize
536KB

MD5
3bf3da7f6d26223edf5567ee9343cd57

SHA1
50b8deaf89c88e23ef59edbb972c233df53498a2

SHA256
2e6f376222299f8142ff330e457867bad3300b21d96daec53579bf011629b896

SHA512
fef8e951c6cf5cec82dbeafd306de3ad46fd0d90e3f41dcea2a6046c95ab1ae39bf8a6e4a696580246c11330d712d4e6e8757ba24bbf180eec1e98a4aec1583b

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.1.887\resources\wallpapers\abstract\light_preview.jpg

Filesize
5KB

MD5
9f6a43a5a7a5c4c7c7f9768249cbcb63

SHA1
36043c3244d9f76f27d2ff2d4c91c20b35e4452a

SHA256
add61971c87104187ae89e50cec62a196d6f8908315e85e76e16983539fba04b

SHA512
56d7bd72c8a380099309c36912513bcafbe1970830b000a1b89256aae20137c88e1e281f2455bb381ab120d682d6853d1ef05d8c57dd68a81a24b7a2a8d61387

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.1.887\resources\wallpapers\custogray\custogray_full.png

Filesize
313B

MD5
55841c472563c3030e78fcf241df7138

SHA1
69f9a73b0a6aaafa41cecff40b775a50e36adc90

SHA256
a7cd964345c3d15840b88fd9bc88f0d0c34a18edbf1ce39359af4582d1d7da45

SHA512
f7433d17937342d9d44aa86bcc30db9ae90450b84aa745d2c7390ff430449e195b693a8ae6df35d05fee2d97149a58a7d881737d57902d9885c6c55393d25d6f

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.1.887\resources\wallpapers\custogray\preview.png

Filesize
136B

MD5
0474a1a6ea2aac549523f5b309f62bff

SHA1
cc4acf26a804706abe5500dc8565d8dfda237c91

SHA256
55a236ad63d00d665b86ff7f91f2076226d5ed62b9d9e8f835f7cb998556545f

SHA512
d8e3de4fea62b29fd719376d33a65367a3a2a2a22ed175cc1eeff3e38dfbaac448c97a6fbea55bc6159351d11a6aad97e09cb12548cf297e01bd23bf6074de08

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.1.887\resources\wallpapers\custogray\wallpaper.json

Filesize
233B

MD5
662f166f95f39486f7400fdc16625caa

SHA1
6b6081a0d3aa322163034c1d99f1db0566bfc838

SHA256
4cd690fb8ed5cd733a9c84d80d20d173496617e8dde6fca19e8a430517349ed5

SHA512
360a175c5e72ff8d2a01ee4e0f365237bbd725b695139ea54afc905e9e57686c5db8864b5abf31373a9cb475adcbdb3db292daf0a53c6eb643a5d61b868ad39b

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.1.887\resources\wallpapers\fir_tree\fir_tree_preview.png

Filesize
8KB

MD5
d6305ea5eb41ef548aa560e7c2c5c854

SHA1
4d7d24befe83f892fb28a00cf2c4121aeb2d9c5d

SHA256
4c2b561cf301d9e98383d084a200deb7555ec47a92772a94453d3d8d1de04080

SHA512
9330009997d62c1804f1e4cf575345016cda8d6a1dd6cb7d2501df65ea2021df6b8a5bc26809ddfc84e6ff9450f1e404c135561b1b00b9e4915c69e84f89cfec

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.1.887\resources\wallpapers\fir_tree\wallpaper.json

Filesize
384B

MD5
8a2f19a330d46083231ef031eb5a3749

SHA1
81114f2e7bf2e9b13e177f5159129c3303571938

SHA256
2cc83bc391587b7fe5ddd387506c3f51840b806f547d203ccd90487753b782f1

SHA512
635828e7b6044eeede08e3d2bb2e68bc0dbbe9e14691a9fb6e2bc9a2ac96526d8b39c8e22918ff2d944fb07b2531077f8febd43028be8213aa2fad858b6ee116

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.1.887\resources\wallpapers\flowers\flowers_preview.png

Filesize
9KB

MD5
ba6e7c6e6cf1d89231ec7ace18e32661

SHA1
b8cba24211f2e3f280e841398ef4dcc48230af66

SHA256
70a7a65aa6e8279a1a45d93750088965b65ea8e900c5b155089ca119425df003

SHA512
1a532c232dd151474fbc25e1b435a5e0d9d3f61372036d97bcaab3c352e7037f1c424b54a8904ef52cf34c13a77b7ab295fb4fd006c3ab86289577f469a6cd4c

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.1.887\resources\wallpapers\flowers\wallpaper.json

Filesize
387B

MD5
a0ef93341ffbe93762fd707ef00c841c

SHA1
7b7452fd8f80ddd8fa40fc4dcb7b4c69e4de71a0

SHA256
70c8d348f7f3385ac638956a23ef467da2769cb48e28df105d10a0561a8acb9e

SHA512
a40b5f7bd4c2f5e97434d965ef79eed1f496274278f7caf72374989ac795c9b87ead49896a7c9cbcac2346d91a50a9e273669296da78ee1d96d119b87a7ae66a

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.1.887\resources\wallpapers\huangshan\huangshan.jpg

Filesize
211KB

MD5
c51eed480a92977f001a459aa554595a

SHA1
0862f95662cff73b8b57738dfaca7c61de579125

SHA256
713c9e03aac760a11e51b833d7e1c9013759990b9b458363a856fd29ea108eec

SHA512
6f896c5f7f05524d05f90dc45914478a2f7509ea79114f240396791f658e2f7070e783fab6ac284327361dc2a48c5918b9f1c969b90795ceacce2c5c5bfa56ca

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.1.887\resources\wallpapers\huangshan\huangshan.webm

Filesize
9.6MB

MD5
b78f2fd03c421aa82b630e86e4619321

SHA1
0d07bfbaa80b9555e6eaa9f301395c5db99dde25

SHA256
05e7170852a344e2f3288fc3b74c84012c3d51fb7ad7d25a15e71b2b574bfd56

SHA512
404fb2b76e5b549cbcba0a8cf744b750068cbd8d0f9f6959c4f883b35bcaa92d46b0df454719ca1cef22f5924d1243ba2a677b2f86a239d20bfad5365dc08650

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.1.887\resources\wallpapers\huangshan\huangshan_preview.jpg

Filesize
26KB

MD5
1edab3f1f952372eb1e3b8b1ea5fd0cf

SHA1
aeb7edc3503585512c9843481362dca079ac7e4a

SHA256
649c55ccc096cc37dfe534f992b1c7bda68da589258611924d3f6172d0680212

SHA512
ecd9609fbf821239ddcbdc18ef69dade6e32efd10c383d79e0db39389fa890a5c2c6db430a01b49a44d5fa185f8197dbbde2e1e946f12a1f97a8c118634c0c34

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.1.887\resources\wallpapers\meadow\preview.png

Filesize
5KB

MD5
d10bda5b0d078308c50190f4f7a7f457

SHA1
3f51aae42778b8280cd9d5aa12275b9386003665

SHA256
0499c4cc77a64cc89055b3c65d7af8387f5d42399ff2c0a2622eccbd6d481238

SHA512
668e1a70a50a0decf633167ac23cba6916d0e05d0894daae1f7e3d487519f0a126abd4298430b38f52746a5c3b83ccd520b3d9b0ae1a79f893e36821a0458566

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.1.887\resources\wallpapers\meadow\wallpaper.json

Filesize
439B

MD5
f3673bcc0e12e88f500ed9a94b61c88c

SHA1
e96e2b2b5c9de451d76742f04cc8a74b5d9a11c0

SHA256
c6581e9f59646e0a51a3194798ec994c7c5c99f28897108838aaf4a4e2bda04a

SHA512
83fb3fe4a3562449a53c13d1c38d5fe9ef1fa55c3006f59b65eace9a6ad4963e768088bc500dbe5266b5979c6ace77874ef11a15a7bd9fabae00ff137e70ecb5

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.1.887\resources\wallpapers\misty_forest\preview.png

Filesize
5KB

MD5
77aa87c90d28fbbd0a5cd358bd673204

SHA1
5813d5759e4010cc21464fcba232d1ba0285da12

SHA256
ea340a389af6d7ad760dff2016cf4e79488bda1a45d0a415b3cd02a4430c9711

SHA512
759519b8822a6a4b88fc9ba47fa9d5d898b2f5a0f359acfbefc04809e6d7f5df86fb130f191eb6f63322792a18c0e7170aedf3ce7060fd9ad7e1bec2e686c3b2

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.1.887\resources\wallpapers\misty_forest\wallpaper.json

Filesize
423B

MD5
2b65eb8cc132df37c4e673ff119fb520

SHA1
a59f9abf3db2880593962a3064e61660944fa2de

SHA256
ebe9cadad41bd573f4b5d20e3e251410300b1695dfdf8b1f1f1276d0f0f8fa6d

SHA512
c85fe6895453d0c38a1b393307b52d828bad8fa60d1d65bb83ffa3c5e17b71aa13cab60955489198503839ce5a4a6c1bb353752ab107f5e5b97908116c987e52

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.1.887\resources\wallpapers\mountains_preview.jpg

Filesize
35KB

MD5
a3272b575aa5f7c1af8eea19074665d1

SHA1
d4e3def9a37e9408c3a348867169fe573050f943

SHA256
55074794869b59cd5c693dfa6f6615aea068c2cd50cdae6dd69bd0410661ded8

SHA512
c69bf39362658dd6cbd827cf6db0f188a9c4410b3c6b7b532595fd5907974e2141d857942ffb2497282e31eaa33c71240c2c2bd8721046df55e3358e8b76c061

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.1.887\resources\wallpapers\neuro_dark\neuro_dark_preview.jpg

Filesize
24KB

MD5
29c69a5650cab81375e6a64e3197a1ea

SHA1
5a9d17bd18180ef9145e2f7d4b9a2188262417d1

SHA256
462614d8d683691842bdfb437f50bfdea3c8e05ad0d5dac05b1012462d8b4f66

SHA512
6d287be30edcb553657e68aef0abc7932dc636306afed3d24354f054382852f0064c96bebb7ae12315e84aab1f0fd176672f07b0a6b8901f60141b1042b8d0be

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.1.887\resources\wallpapers\neuro_dark\neuro_dark_static.jpg

Filesize
2.4MB

MD5
e6f09f71de38ed2262fd859445c97c21

SHA1
486d44dae3e9623273c6aca5777891c2b977406f

SHA256
a274d201df6c2e612b7fa5622327fd1c7ad6363f69a4e5ca376081b8e1346b86

SHA512
f6060b78c02e4028ac6903b820054db784b4e63c255bfbdc2c0db0d5a6abc17ff0cb50c82e589746491e8a0ea34fd076628bbcf0e75fa98b4647335417f6c1b7

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.1.887\resources\wallpapers\neuro_light\neuro_light_preview.jpg

Filesize
13KB

MD5
d72d6a270b910e1e983aa29609a18a21

SHA1
f1f8c4a01d0125fea1030e0cf3366e99a3868184

SHA256
031f129cb5bab4909e156202f195a95fa571949faa33e64fe5ff7a6f3ee3c6b3

SHA512
96151c80aac20dbad5021386e23132b5c91159355b49b0235a82ca7d3f75312cfea9a2158479ebc99878728598b7316b413b517b681486105538bbeb7490b9c2

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.1.887\resources\wallpapers\neuro_light\neuro_light_static.jpg

Filesize
726KB

MD5
9c71dbde6af8a753ba1d0d238b2b9185

SHA1
4d3491fa6b0e26b1924b3c49090f03bdb225d915

SHA256
111f666d5d5c3ffbcb774403df5267d2fd816bdf197212af3ac7981c54721d2e

SHA512
9529a573013038614cd016a885af09a5a06f4d201205258a87a5008676746c4082d1c4a52341d73f7c32c47135763de6d8f86760a3d904336f4661e65934077e

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.1.887\resources\wallpapers\peak\preview.png

Filesize
5KB

MD5
1d62921f4efbcaecd5de492534863828

SHA1
06e10e044e0d46cd6dccbcd4bae6fb9a77f8be45

SHA256
f72ea12f6c972edfe3d5a203e1e42cbbaf4985633de419342c2af31363f33dab

SHA512
eec8171bd3bea92e24066e36801f334ac93905b7e8e50935f360e09fa8c9b9f848c4c62b687299e8297c0693d6dbaf9c6035b471e6345d626510b73e3606ee4d

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.1.887\resources\wallpapers\peak\wallpaper.json

Filesize
440B

MD5
f0ac84f70f003c4e4aff7cccb902e7c6

SHA1
2d3267ff12a1a823664203ed766d0a833f25ad93

SHA256
e491962b42c3f97649afec56ad4ea78fd49845ceb15f36edddd08d9e43698658

SHA512
75e048c1d1db6618ead9b1285846922c16a46ee138a511e21235342a5a6452c467b906578bdd4a56e7b9e0a26535df6fb6319ae1cae238055887b48963fa6ed6

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.1.887\resources\wallpapers\raindrops\raindrops_preview.png

Filesize
7KB

MD5
28b10d683479dcbf08f30b63e2269510

SHA1
61f35e43425b7411d3fbb93938407365efbd1790

SHA256
1e70fc9965939f6011488f81cd325223f17b07ee158a93c32c124602b506aa6b

SHA512
05e5b5e9c5ef61f33a883b0286c2239cb2a464581d6e8a86d7b179b1887b4cb2cd7304e0821cdd3208501421c44c63c248a5166c790792717a90f8ac528fbf2f

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.1.887\resources\wallpapers\raindrops\wallpaper.json

Filesize
385B

MD5
5f18d6878646091047fec1e62c4708b7

SHA1
3f906f68b22a291a3b9f7528517d664a65c85cda

SHA256
bcfea0bebf30ee9744821a61fcce6df0222c1a266e0995b9a8cfbb9156eeeefd

SHA512
893b2077a4abaa2fe89676c89f5e428ccd2420177268159395b5568824dd3fe08bea8a8b2f828c6c9297b19e0f8e3a1b7899315c0b07f4b61fc86ce94301518b

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.1.887\resources\wallpapers\sea.webm

Filesize
12.5MB

MD5
00756df0dfaa14e2f246493bd87cb251

SHA1
39ce8b45f484a5e3aa997b8c8f3ad174e482b1b9

SHA256
fa8d0ae53ebdbec47b533239709b7e1514ecb71278907621ca2d288241eb0b13

SHA512
967670863f3c77af26fa1d44cd7b4fe78148d2ba6ea930b7b29b9f35d606554d664c0577068e0c26fa125d54627d7e7543360bce4acee0af17783b07450b5f52

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.1.887\resources\wallpapers\sea\sea_preview.png

Filesize
3KB

MD5
3c0d06da1b5db81ea2f1871e33730204

SHA1
33a17623183376735d04337857fae74bcb772167

SHA256
02d8e450f03129936a08b67f3a50ea5d2e79f32c4e8f24d34b464f2cb5e0b086

SHA512
ff0e60c94fc3c0c61d356a26667c5170256e1143b29adf23d4e7d27012da72ed8865ef59dc2046314c7335b8d3d331e5fd78f38b9b92f6af48729dae80f85b15

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.1.887\resources\wallpapers\sea\wallpaper.json

Filesize
379B

MD5
92e86315b9949404698d81b2c21c0c96

SHA1
4e3fb8ecf2a5c15141bb324ada92c5c004fb5c93

SHA256
c2bb1e5d842c7e5b1b318f6eb7fe1ce24a8209661ddd5a83ab051217ca7c3f65

SHA512
2834b1ef7bb70b2d24c4fedef87cd32c6e8f401d8ee5f3852808f6a557724ce036c31a71298cd0ed601cde4be59ec4042542351c63c4e0ac3d31419f79240956

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.1.887\resources\wallpapers\sea_preview.jpg

Filesize
59KB

MD5
53ba159f3391558f90f88816c34eacc3

SHA1
0669f66168a43f35c2c6a686ce1415508318574d

SHA256
f60c331f1336b891a44aeff7cc3429c5c6014007028ad81cca53441c5c6b293e

SHA512
94c82f78df95061bcfa5a3c7b6b7bf0b9fb90e33ea3e034f4620836309fb915186da929b0c38aa3d835e60ea632fafd683623f44c41e72a879baf19de9561179

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.1.887\resources\wallpapers\sea_static.jpg

Filesize
300KB

MD5
5e1d673daa7286af82eb4946047fe465

SHA1
02370e69f2a43562f367aa543e23c2750df3f001

SHA256
1605169330d8052d726500a2605da63b30613ac743a7fbfb04e503a4056c4e8a

SHA512
03f4abc1eb45a66ff3dcbb5618307867a85f7c5d941444c2c1e83163752d4863c5fc06a92831b88c66435e689cdfccdc226472be3fdef6d9cb921871156a0828

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.1.887\resources\wallpapers\stars\preview.png

Filesize
6KB

MD5
ed9839039b42c2bf8ac33c09f941d698

SHA1
822e8df6bfee8df670b9094f47603cf878b4b3ed

SHA256
4fa185f67eaf3a65b991cea723d11f78de15a6a9a5235848a6456b98a9d7f689

SHA512
85119055ddfc6bc4cca05de034b941b1743cbb787607c053e8c10309572d2ef223786fc454d962fbb5e3cde5320117f9efe99041116db48916bc3d2fcd4ffa25

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.1.887\resources\wallpapers\stars\wallpaper.json

Filesize
537B

MD5
9660de31cea1128f4e85a0131b7a2729

SHA1
a09727acb85585a1573db16fa8e056e97264362f

SHA256
d1bef520c71c7222956d25335e3ba2ea367d19e6c821fb96c8112e5871576294

SHA512
4cb80766c8e3c77dfb5ca7af515939e745280aa695eca36e1f0a83fb795b2b3ef406472f990a82c727cea42d1b4ef44a0d34a7f4f23e362f2992dbff2527798b

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.1.887\resources\wallpapers\web\wallpaper.json

Filesize
379B

MD5
e4bd3916c45272db9b4a67a61c10b7c0

SHA1
8bafa0f39ace9da47c59b705de0edb5bca56730c

SHA256
7fdddc908bd2f95411dcc4781b615d5da3b5ab68e8e5a0e2b3d2d25d713f0e01

SHA512
4045e262a0808225c37711b361837070d0aeb5d65a32b5d514cc6f3c86962ba68f7d108bf4d81aa3bf645789d0753029a72c1ce34688a6d7af15f3e854c73f07

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.1.887\resources\wallpapers\web\web_preview.png

Filesize
8KB

MD5
3f7b54e2363f49defe33016bbd863cc7

SHA1
5d62fbfa06a49647a758511dfcca68d74606232c

SHA256
0bbf72a3c021393192134893777ecb305717ccef81b232961ca97ae4991d9ba8

SHA512
b3b458860701f3bc163b4d437066a58b5d441d8a427a8b03772c9c519c01983e3d3fdb8da20f6a53ad95c88dcdd0298f72822f39bc3672cb6f1d77fcc3f025a9

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\7b90207a-1b6e-416e-904a-e66e7ac57bca.tmp

Filesize
208KB

MD5
8fa7b24d4d7b417910db17ad539139d1

SHA1
fab30f430afa9ff720812eb62aad2dc5b1ca9662

SHA256
6d18212d81f07002bc68ec2f8294e2e8367023f4ecf370f635d76b5de162aa56

SHA512
f461d3033bdb46bb988792e06bad3eabcb5c251b24bcd39113c95e13a8fa4cd3c4afd69682dcdc6702c19a3a06d1cb35686ce9df61c958c4c7798d3027501cf8

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad\settings.dat

Filesize
48B

MD5
7c0ca54b5972f6d1fee13fe93618af1b

SHA1
d0d48b7f3c9fea3d1194efdcd38c509626bc2fe6

SHA256
68f3b2b1851ad458adebd6e2efdd79f42c741c4042f891e6abd77e3c9eb5a921

SHA512
c57d442148009b9b53d1675127806518688b65a2040ff6f10ce3e95a8906141ac398f4c0acb7be0a0d6bf85d11b00e2c3e2041ab6f8337a859a5da34ed78738b

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad\settings.dat

Filesize
48B

MD5
f09514ee76e617ea734cb011f6c9b56e

SHA1
88428b2d51e6b730b4653b3048d1d4b3b66da411

SHA256
4d5f170a41277f7978660ad7374884fd3bdce8cbba807a515ef8fa24abe91bb9

SHA512
f01787343bf9b702f9c96d003d90ed0984f71c3b098442b4c970c745053575c66e0ea563350ba43421a803b08573f9a4ea3ecbba5a3d2cc9ffa3fe3d0a82275f

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\5258aaff-3244-470e-a119-34cb3e0a4067.tmp

Filesize
15KB

MD5
eb62c3cb1176c901f35efeab4a625870

SHA1
84ea5194d7d5fa805e708b0e2bd779c9dfc58b26

SHA256
3e39bb3d5f3249c69d6d9a5e36e97cf805a58382391ed68fce13dce019fe021b

SHA512
858a8a83ea63bf70405e104ecaf30197847b2e5df759e8d609e83e26c27462d8ac9e9600d7e2cbdffca1306be51d894718ca7e8d9dfcf03aec5fb3771b236623

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a72961468a825b34826fdadbcf25dfb0

SHA1
13fa451b87b6b555774ba3b63e26a880433fee1d

SHA256
8cef5fe76eabe308c573e4775a7a13c297c932286976d22d7e1b6694f0843255

SHA512
9e73b64c9b01d1977547b9a3dd74a82ecfac97b942a7aee9d705a7c995365547add9b3036f5a78c5ab350b457d4dd57b358b031b9548975d987df728a3c558de

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe597044.TMP

Filesize
48B

MD5
b88690df858b59426fd8c103c9acc648

SHA1
948944702199a6edb600b35f5b84c35798f04cd8

SHA256
6f39279f05c5649dc9aac028e78badbfaace750c31364564b2fc9bbceb3e2e70

SHA512
0be2a7a9893a8079caaa99ec0053589566d05035f7ea77cf8eb81bfe196a05bbb867798c14b16e9aaee0a09ad1a26d12232d225fb28ea04684c8533f4abce3cd

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Extension Rules\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
a1d96411981af3fdee64d894c138fc16

SHA1
66cb7011f14a8da2be24eb9ce36dab02a7041776

SHA256
b9dfcb933c8fbd6b4676492e63882a6b85cc81c6bc7dce0dec89da298a3e53d0

SHA512
ea058a3e871e32fc88d4df0c1dfbe0d590fbc7dddb207abb7c4267529d4f58bc8ebbc5b22ba238a6cabb4852a0e69e241bc642e02eff6e1d3857eff24e1d88f3

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\Network Persistent State~RFe5970b2.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4b44877e05ddfad0c4f260ccb0f32853

SHA1
0083d7ec901b58f396340443a6d52b6edfe7c9e2

SHA256
5959fb49d732eea54bc20e2bb311f4fcc8f0b0e37b9aaa1f990c5955928502c2

SHA512
0506d2ab11b7601f9324e0e1d243426c2cae762309e820b46614b66596610a28772169a25b58ff0cc4de8e9e45c3a7789af09b88178bb045ab16b1b233f991a6

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity~RFe5970b2.TMP

Filesize
1KB

MD5
9f409d5d81c29a1ad3fdf49def9c922c

SHA1
3cd7a2e35d95b213edffbde56fa1b3c56f813c4b

SHA256
d1699ee5c323915ef689d117e2b10c9524059c5fa8627a2d0604432fc90ebe34

SHA512
31c6a667ed223b84d42acfccdf72b8da90835c08452a70692ea6a581de86c883610cd8eaa2bd66a07c96d1f6b63fb2040856f4b39419dff89a20159b587b6d2a

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

Filesize
16KB

MD5
d1eeed0b917a0f7bf98e8937a3b33017

SHA1
3f480d64749cd6e7232436126532f0b2908b5ce4

SHA256
0363ba4683ea904b2962b19e9ca0d867bb637e7db6f59d7c7550b2e7fbad5b91

SHA512
b96b806a21e79e04556bf858a49c6630f51d070b32afc50cedbfaee67a73ad92cb6b624c2f37f0850e8357610f8a1357d20824e01e46022b067349a902731cf6

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

Filesize
17KB

MD5
c5f757dc0d35f962f3fead83329a8537

SHA1
74c1c2d480a7ef25cc85ef79d5ffb6ac79577ab6

SHA256
dd439955b3493895f8efe11c3a1866b1f945ca447543d78e694b6fae5b20d1e3

SHA512
5d254a6f1d1cd71c1fabc8322a53f60577ebb440c337558c8a131fc68156f0936bbfa22318e55b2207e88dcb91af8ed8a2b5594bd64aedb2c9fa3a5117e79962

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

Filesize
7KB

MD5
015926434fee66be30b8518c370271ca

SHA1
8f7232fc575f710119b7244644bc0041901f96bd

SHA256
88b8dcf0badf44fff35bfc6aa98a25ac3b9ef5b913b9b69a27d3d4c8ca447378

SHA512
e79d970319676cd00c19ba211c7018cc082e5b7b9a0fc2bc316442c8ce890eafb7b78edcc6d3d7d596dd5e99315c73552badc890b9c5d3903bf83d033bab31cd

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

Filesize
11KB

MD5
020d016575e5980bd739ff6641b51ed3

SHA1
661cdbc9c866860f37151de8b7a6494fcde52b30

SHA256
808460adea0ac01f623e98f9dfac668f187f2fbdb571a36cd6891be6d6edc735

SHA512
34128e2bd411b7c79df28cc9a444e03dff356f2a8d40867340d11d5f4bca58660aa518896e7a48211beb51301ef65f2354458f4232740fde89e04d405b8b3a5b

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences~RFe590a66.TMP

Filesize
3KB

MD5
02b59fc50ec65becf734530e0c4a90f9

SHA1
914c629a01f7a66181c69006d5b547f610d901cf

SHA256
4637a0c2f4b6c85434b4fa0a85fc50493f3edc7316bdace4a715ae2b19d1c807

SHA512
e3382cd15c535d9c407c99f78ec2464bf79c14e615d6fd75ffbc6d8d57ce5d8908224b5cb7fce312f6187059c1b823b387e1b43e46187c525376088bacbde69c

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Secure Preferences

Filesize
9KB

MD5
cde897a54c257c660723002b9c1a8e5c

SHA1
92c58dbfdade64dc915603e99d5745962eadd8ee

SHA256
37fc2167f0f1ba20cc98729839504dab236db721f7622f7bf1217299fd70e14c

SHA512
1c1a2e145552efb892052340ff3e5bdff31d4c19715f731ec7100347c44e555e0ee86192f910c3a16591913774238e8bdd9c76c41b1f633fe2593debe95fc016

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Secure Preferences~RFe590b8f.TMP

Filesize
2KB

MD5
08911ed549cb7252635650f42559a0fb

SHA1
00deb7e270a8ccb383ef91d3edfc12e14e5b0cbe

SHA256
cdc917fdcd6cfef572022b05994c408a3137cdcf62fcfc17510e10c0c0b2ba4e

SHA512
d7ca34c7cc859515d2fcd92ff2bf0a00d3d7409864772c54df18b8183a0f60f6db7480be838759a38f6325d84dce3f08eae3fa4450f1aee63e04cb5e664ad4f0

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Service Worker\CacheStorage\a401a5c3e5a6e316d830c597aeb6f7a2ff00e988\00ea0772-b570-417b-a5ae-9b15d2d85103\index-dir\the-real-index

Filesize
264B

MD5
c5493dacc3a7d4e8282f5a9591a21629

SHA1
2ea5dbecc7d6e67ce08e2e10f85c6b9668cd0723

SHA256
38dcc7ca91d397a3e754a95620438dc5e29c39d005984badf05a4a37f796e38b

SHA512
9e20ed36384b4c42da305611da4aab061b909bc7af07b540fb8cc69971cae077d7789d4a2c8c8fc5c95dd81fd8808cfe523301642a05df75768d7899e13bd405

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Service Worker\CacheStorage\a401a5c3e5a6e316d830c597aeb6f7a2ff00e988\00ea0772-b570-417b-a5ae-9b15d2d85103\index-dir\the-real-index~RFe597054.TMP

Filesize
48B

MD5
376885469a72f74381ffe4cece3f12e4

SHA1
bcf8044590d6bea474be96b0acfaa8f9e8327c54

SHA256
bd9532768d15d035826b4d0a0cef9fa48971efa7ccf558e7b1dfdff415dac35d

SHA512
6f780daedaba18ed2e7e1a07a71507e74ce0a5ca4b16d474aa3f519b0ea0f356f0f602e91c77c081fe8c30ea1ce379f065e294393e3c44233f0ef03b1a51ccae

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Service Worker\CacheStorage\a401a5c3e5a6e316d830c597aeb6f7a2ff00e988\0842c5d4-9da4-4736-bc1c-2fefc0df9294\index-dir\the-real-index

Filesize
72B

MD5
f2138b974c960f81d85459699be1b43e

SHA1
6b79b4995a6deb5d7f0374179b2d0eee53984727

SHA256
e41b187f67b33fc1ac8e1a975c83f88608d2539a93dcdab8d1249bb98797f559

SHA512
5c475552521940e38ddf425e98893a23da6e3d78a2c53c21bc086820d05616143e398fc7d4e55e1fe2d52c19b5d78e2596efb5c27c9c359ecae2a6693f1e82ac

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Service Worker\CacheStorage\a401a5c3e5a6e316d830c597aeb6f7a2ff00e988\0842c5d4-9da4-4736-bc1c-2fefc0df9294\index-dir\the-real-index~RFe597054.TMP

Filesize
48B

MD5
d10b862ef6a98873e15b6e5b01044bf4

SHA1
3f9381072ed739d63abdba4a266c11ce45b4d782

SHA256
7d5f19d56928f27e5e6c4194f46709234584d47295f1ddc1c845631ef9a7226c

SHA512
c8b48865ad82f4a0010eb5a034640795c08669aa9eba8f6e395624624d670666bdd016d0d1b49d0998eae6e33cde55dea952379310484ae20ed57b1a340a26bc

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Service Worker\CacheStorage\a401a5c3e5a6e316d830c597aeb6f7a2ff00e988\987db6fa-82df-4169-a644-168861b394c0\index-dir\the-real-index

Filesize
144B

MD5
05d13d99e3ccf457746be849c5fee05e

SHA1
a852a4c87055bb4ff86d417d07d09cf7a38e331f

SHA256
0c4b3cd603a2c7459e8e097876b1a419649e603d906394feb0dcfb08a5f6cfdc

SHA512
4028c641b5f4784a825a19d7d41844fd4e80c9127d7445971fa97a7a9693b0feaafcff25e8ee1b161f43f7b30e9c5fce0699a782e0f1a1cdfd601bf2976d1412

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Service Worker\CacheStorage\a401a5c3e5a6e316d830c597aeb6f7a2ff00e988\987db6fa-82df-4169-a644-168861b394c0\index-dir\the-real-index~RFe597054.TMP

Filesize
48B

MD5
471a432fc9f640343d61ce6bfb04baea

SHA1
9bb579c1045a87d2f8ff9058efe60c7286e0cf36

SHA256
fd8607ca1585655c542642dd8cb03b47757e7c2b012089e377b6a943aaf561a4

SHA512
97e70fb2b23e14e62a3aa8b2f9d0bbc23e8f794916c81801bad657154ed259ff6b62d1c9b9474242f9bbfb015b78ecdcd952d75d95f66f6858c5c90db31379c2

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Service Worker\CacheStorage\a401a5c3e5a6e316d830c597aeb6f7a2ff00e988\index.txt

Filesize
262B

MD5
b9df7726507fdbf6326a5a17d64fc001

SHA1
71a89b471313e4dbdb85dace5802692c5875de26

SHA256
6c2e1f686b9c3e42193ab9bf89d6a198aab4393aa5fb1bb3a5ca02c5d84efe10

SHA512
8b572130fc239304d78d0c5074e5ab51d53e9be154ea3d0a342d75092a327af9021e24035e805abee5b01026c35e6414f28e7265b1448bda221425235c9d1853

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Service Worker\CacheStorage\a401a5c3e5a6e316d830c597aeb6f7a2ff00e988\index.txt

Filesize
328B

MD5
57b70c8b989885fe82a011e039b44263

SHA1
e61f8640c667a4ad3c2ad0a4a947ab53a3c99c73

SHA256
8a89da0ede1699ffb563536816adc2587d90643e3948b02d58a8887c1aa43bd2

SHA512
1edfb91d782ce0dfaa22c2014d520b49528419a9984a11f76f7bbf54182360c155bcc02627e2a8b3995d6c0ab8de0b88bd486f8330f372b5a75acf9569e2a8b4

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Service Worker\CacheStorage\a401a5c3e5a6e316d830c597aeb6f7a2ff00e988\index.txt

Filesize
324B

MD5
c6ca8350991dddd5d61ae2f7aa7e9780

SHA1
09052a6e3185b3317e291a69a438c0d8d0ed7a00

SHA256
4482e711c3bedf7392b8ab1330a7bc70ec30432855f6f04d52c640574f0a79f5

SHA512
bdce388ce52c6d7a6cb47aeca9517ef06d878a1e486eb1cab258aff395fadaaa4549d81f495524c69e306d93f1157a1e8bf865489f749aed5fb8037297333d42

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Service Worker\CacheStorage\a401a5c3e5a6e316d830c597aeb6f7a2ff00e988\index.txt~RFe592476.TMP

Filesize
208B

MD5
2a6b26ecca2266f8783c6f4912987611

SHA1
75761f4714b9d9e60f4234958e50fc24097f8700

SHA256
ddaf68c2cbb634cfa9731cecfd54ba1b7ee4916a0a11d373ec130abc7273d0e9

SHA512
ff53be52dca443f6852afbdc65d96bb64a7f1a1c10ca72d1869eb5d901d1624f9593b3746da082a097217a1969bf7db8dee77fe1da7f0389687fc95f7f2aa53b

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Service Worker\CacheStorage\f0a1ef1ab533153702e0a7f73b8d66e0b7e01d1d\36cc9833-f5a2-4c2b-96e6-b8592b93379b\index-dir\the-real-index

Filesize
3KB

MD5
9af1538ccc359a27777adcb817530998

SHA1
dee2af9f3bf284a1d7621e7fc5fbd7070ceae5eb

SHA256
f6237979a5964f0a41634d402bee4aae0e1b2b003dcedf822226711e64b69ab1

SHA512
d5cdbb5e2111a5adc627b7f96c217c79de1e759d2ed895441798ab6e4cd4316c647af8254eda4e63ab1d06d252ddc289b7fa44f2ffb944529a4f8296d5214ce5

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Service Worker\CacheStorage\f0a1ef1ab533153702e0a7f73b8d66e0b7e01d1d\36cc9833-f5a2-4c2b-96e6-b8592b93379b\index-dir\the-real-index~RFe597054.TMP

Filesize
48B

MD5
326959d650dba8d2669e4e82f8fe4900

SHA1
de0f7804a4eaddd857b64ea2aa66e1527d422731

SHA256
c59ceb0c9f60324d1adbd7816859fb938dd5be4ce02b3633ed842b79bd3bef63

SHA512
23660109a8d031d66300c14e0fc883443fd6932db27925b55b79dab1ce8261d47a034c5994996cb317218883f92e3d4f310fbcaf2a561341dd1c57f56516ad8a

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Service Worker\CacheStorage\f0a1ef1ab533153702e0a7f73b8d66e0b7e01d1d\index.txt

Filesize
106B

MD5
8bdb016d77db24566a0ef97ac37ce864

SHA1
70c377b2d6a69f45368acdaa6f5e20ae0fafbf76

SHA256
742a7d1fa206b937555bf1c8ca3cbeabbe2187969ea70e1f1ab372b658ae5616

SHA512
55408e7c3a98aec6359d60cf37630ed1e82125e377c8af510c866fbaa85dd7a0a7a46b9ef0d6dbbe3b236ae81be778d6aecc6b3f2200300c383ad7c5b7e95920

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Service Worker\CacheStorage\f0a1ef1ab533153702e0a7f73b8d66e0b7e01d1d\index.txt~RFe597064.TMP

Filesize
111B

MD5
5ce602dcfe17be43f5cd2db97302f885

SHA1
29826bdde944f34b5741bbfea5d56881d1004e0c

SHA256
a3a92a5ca4b4c73f9962b4a7b909fc1a5375349cde7fc0cf65a07cfc9081fb60

SHA512
b8a5cf6b915d4d9881d4d95c3cd86de1df951753cfc7b49e645f3786cf88e7f6f27758b4632b712c0f74bd8d41c3b01c8647f4d262c179cb23e4cd1cda47c15b

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
247709f2a2b0a92496ccd0ff209be6de

SHA1
af444f8135244a2d2c5e8d2bb8e0ace9bf073069

SHA256
0a8c6b5eb346d9365993f0d556e5005a72bb5e5e159e8d5aade7efdb69a7cd61

SHA512
8c6158807892750126f0e2682f1cbfab5cf5c8a42ad974cad05a333f57228972be75dd52019f334e8338e6bfb3e16bed084759527f83274448fbeb108df69bf1

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe597044.TMP

Filesize
48B

MD5
0613867ba9cbd7572e97d76ec9c38071

SHA1
19759bd99806499b312e0956ea5ec7fe72edae33

SHA256
5ffe0caf9b6fe5bdd2621050bd4b315a083b34af8e61babebd6e443a7eb080c8

SHA512
7e1fdf40ac83582d8a3134c1bb4243a3609ebb8625917383b41247761dd69f86f1e8824394e49a34eff1017c396b9b109718d2d08bbe3ffce27b829d2e4f1fa6

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Site Characteristics Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\35e7203c-3712-4b5c-ae7d-b2b56a6b8f55\058060ba448ded6b_0

Filesize
11KB

MD5
ab85a11dda080990fd4e3f31c973724c

SHA1
6d0441fc03e8c8a4bc9abb874eb6e9daede90906

SHA256
5d0390d764a9121e33bfb2540458def0125a0e4e95199b51f109ac9383dcd6f5

SHA512
2f9bfce03ffff24446de6104e8e5485dbf80748f68e1a51595e30b0c6203f9dfc2070491825278e3c23682f35a115f8d23f66a3c553b34ac74951fbc9b0ef323

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\35e7203c-3712-4b5c-ae7d-b2b56a6b8f55\1ad10c4bb9e37138_0

Filesize
44KB

MD5
5b7dee00a82c64c9dbae0255da970aea

SHA1
c8d3f7840844000c64ea7e00cdc33d3643114137

SHA256
386916d207ff118ecedb093786ec7da73ce4a51d41a1ee7ddb59e38da21e78ac

SHA512
db461035d8b5de47e7b2f8b02d732a067c661906b4e3a0fda5fa1adfa745cdff227c5f8941e7347d7c2b935280fb2b5a263445dcde07995f6c1a3b153e13f83b

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\35e7203c-3712-4b5c-ae7d-b2b56a6b8f55\24af4dfebb5df1a7_0

Filesize
4KB

MD5
f26cff47d94bd6ae86eb4259c98a3516

SHA1
586afaeb9d0d850c1828f5aaf51908fa32b30484

SHA256
287d7b9ae41509931c3118fe00d8657ee1b078bf4b4cecc95a9c0000ab7a557c

SHA512
6b74512818e0ff73bacd1febede3e9e1134f741c51855410619b389554ab909c30fa626a3fc45887c847bd6c975b33206e683552fe8761ff631bee7048038c17

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\35e7203c-3712-4b5c-ae7d-b2b56a6b8f55\261779a6811bbe41_0

Filesize
612B

MD5
2124bad97e384daa0d50af6286ad203e

SHA1
448d28a4ce87c3619a53dbdb000c1b8263340b11

SHA256
1e42752580880f6824af07bddd9cb41a5948f983520b51c15bcacba045a9d9d8

SHA512
b51cf680d4af919ff1e2e11c3844e67c737c9abcfe372ab2dc04664fce86d46d450e9821b51128ceaa0fa7d6f56fce7590b7b21ee6590c3acd96cac993c11a3b

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\35e7203c-3712-4b5c-ae7d-b2b56a6b8f55\2a9877b782e7616c_0

Filesize
42KB

MD5
3ebc2b163bd503a8259ab509bf494feb

SHA1
0c2ef5faced31f929af217fc45dc9bfe5563fb4b

SHA256
8ecb36458a994d193899a31a18b4fc73eed3dadc3f1ad04d7391d559b308311b

SHA512
3550676ac4b5e2023aa63217fbc58a3a40444757a967f82a9fcd8f62d531b275e7b9dcc6070bd4bb577691db19addd5195f6b2a2d8df1749af64453baa2dff0f

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\35e7203c-3712-4b5c-ae7d-b2b56a6b8f55\4055ad33116fc165_0

Filesize
2KB

MD5
4d6764765bd0f10a99992da746f1219e

SHA1
ce9ac4d0aad0cb9b6a6d6f4b6f1976a7395e22cc

SHA256
5c2151c212b281b844ee57ceef536edc60f2e7ced832414815ff3239b5e898dc

SHA512
9d3275295f4bdb65c8edb0299d796a0cb8af32f79c41d99cd20b199dcf1b5fe27647904f1455a3c996f31935b1f56ca97d67b3f75b23dbc5f6306a2ba82f42fc

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\35e7203c-3712-4b5c-ae7d-b2b56a6b8f55\52a0bbf9e2796062_0

Filesize
35KB

MD5
2cf0afdd9263324567b04611ddf3951f

SHA1
4fd5b6ffcd2205025a5fddb01dfcdcd6917f7d6f

SHA256
802fe86113b1d6e690a7db1ac06ebd5aae52a1fb6dd55635ff13f12aa7dcbb18

SHA512
37b52f9cc81248ecf58f466e0b15f12061a35bed1583068f8217287be18c3a9a2566ecff00cd37d2a6dfd1cdb7cdd4b572fef2cd63142e958094127bd76a5210

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\35e7203c-3712-4b5c-ae7d-b2b56a6b8f55\65f5056494abf7f7_0

Filesize
782KB

MD5
67e8d820f15ccb03ed1607a81f1fe679

SHA1
b4d873cafa180363d25c8e1f4898d6a412e48e0f

SHA256
df1e88e8492047a7b2b18c88a3edbf98a3cdaee4b2f2b0600ae2678f6abcf7ce

SHA512
7984e8d26dce85ccbda61f09c73f4f7fc75ff2c8388af45ca07e9f84880cf0ef001a21b627fa83d4def7d4001a2459e914a672443a314f02ea2e86f83eea5cee

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\35e7203c-3712-4b5c-ae7d-b2b56a6b8f55\661b694a12ee01c7_0

Filesize
1KB

MD5
ff7b7dae917acc37f64f9f9c8b37dc13

SHA1
60d31e4485e68ec4bd166df0afa410de937ab0b5

SHA256
b427f8353f90558a8719a41daf5b4cc2fe3b84cad507cdc854069c3c4a98f9b7

SHA512
e6d46f707ecc58fa1b30f12314a6b16da416e6418fc75bfc1384675eeff0b99cf8d1a3e2f29e7ec985f6776b6f1cc04c48a8506da7006324b3127ce9080d17eb

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\35e7203c-3712-4b5c-ae7d-b2b56a6b8f55\72c2e20ca5d250b9_0

Filesize
13KB

MD5
d75dc882e902093586d67d24fed814c3

SHA1
d6f3b4b5af8fc2c8cfa54f943e613dec65be6d41

SHA256
4fc05b6e92f1eb0baf462d6efeb3090df68931dba01fe6156196e2d0b7f85a8b

SHA512
295e3ff37c45b2c843d8f0dedbf43c86ff0807d43eda5ae7875bb2f008ae423ba1a03d672093fafb1d21a4a640c813b248151450be809389392c2899162104b0

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\35e7203c-3712-4b5c-ae7d-b2b56a6b8f55\780716c60bb8931c_0

Filesize
4KB

MD5
ddaa30cc8877acdc2726152e14c80a69

SHA1
7dfe0289e85cbb54bd60db554200af2e44e25204

SHA256
2d4198c4504e58a36c923740503305fadd7d622ed589c7b9c32c526a1113a020

SHA512
5c19e4a6e39053fcda9e463cc3fc40d01e816827b8823636ad997d50ae0b6808d55da142de5a2bb6e2a56844ca36aa99bbf0c1cdeaeb898f459e681f811e1443

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\35e7203c-3712-4b5c-ae7d-b2b56a6b8f55\7f25d9c5e3e7ea32_0

Filesize
3KB

MD5
2f765ff08960fe87aa8c381570b7d0b0

SHA1
fba3b537226795bc71701d6a8af65e2aa9e9aa52

SHA256
f51e061f14cf485dc4a2d19bbc586308da4c141755966f784eacb1aac53a30d4

SHA512
ac6a2406394fbf9c7bfd2b3afbcd127d07f6aebc4351fe650c28efb3d352a3588ae0f85056cde006156f607a2e80531cd355050743f2a8bcc450dbf9531e6081

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\35e7203c-3712-4b5c-ae7d-b2b56a6b8f55\ae662e046f7b3fd9_0

Filesize
3KB

MD5
86ec98a5d03f01371c7723b1ad71de1c

SHA1
cc0fc1950d7daf2ff635e0e285896ccdafdffb6c

SHA256
69df88c7a30908fce6cb9bdd79bf396ce43e8d33623c22f7da2f6caf3ec1a44d

SHA512
983ce73633d95a01c319d660e8341f6224eb3a697c44d927c588c27bcccaf5e0146c616191cb4118fd7ae428f507d5370580d3fdf33eca5b595a6300d0553544

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\35e7203c-3712-4b5c-ae7d-b2b56a6b8f55\b3f0dc54e2b61fc9_0

Filesize
1KB

MD5
dd25712aad62a42b453a346dcd03ac28

SHA1
7ee5a5da73104e317bef1ba289fcb8f488502cbd

SHA256
2eee36d4dec20880da393c7a204a8961a184abaef7caf6128621577bc3687509

SHA512
1f8411de0621302def67ec814cfbe69014962a56838cc26bfb91a62308146ed610298157be2c7ec711776617ee331f1bea1b553f63e70c19a8ff5717e6fb5b76

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\35e7203c-3712-4b5c-ae7d-b2b56a6b8f55\bacba500485a7fa6_0

Filesize
1KB

MD5
a433fc3c8aaf8e505c838eb8814297de

SHA1
89e46c2e4a3d5f74854b12a6ab1b9842d3c4927d

SHA256
22a0a8c6a2a0c92bb5640c9df73c3f0b5f096fc0432a30333c7b6027e736fee6

SHA512
55ed106c71db5bcd1d797605584b5a6303b6af986504dff4e863cb868ad3e881a17d431723fc9f0b1f6f62e57e09098ebdf13dbb27afbff974481b10d528d6c7

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\35e7203c-3712-4b5c-ae7d-b2b56a6b8f55\c0bda676d50722ea_0

Filesize
552B

MD5
68730d4e2472c73c04a074b706a1a005

SHA1
d0cd601b37485f87807ce397d277562829592896

SHA256
db5ebed51703cd18e8255ed5d7c170a55b6007777277ded704fe72cc3873c780

SHA512
15a9451eb9817e5fe3916d6f10dc43229053f8fb6b441027b6c11ddb135cf4b9e3565650c87ff186a440b87d124e107f65be29b686e5c26a43c89807950ca40c

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\35e7203c-3712-4b5c-ae7d-b2b56a6b8f55\cd4004d6793712fa_0

Filesize
295KB

MD5
a9c53457c34ff3200d7d5f7b0391d0b4

SHA1
57e89b61f1bcf6f5c6b0361f1adf95924cd213fb

SHA256
46ee0f5fc69c47237e91f5607b267afa8e60ec3a7038234a23597315ee2af57a

SHA512
23109046d1a01b19b323bd5fb829c792618b27f474faf6fa8d45bf232e7a7e063242c8cffdb227d38002d10af9ae2b4de4bf2937573dae6041f5851a46e61dbb

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\35e7203c-3712-4b5c-ae7d-b2b56a6b8f55\e268339246b29adc_0

Filesize
4KB

MD5
b66a4781bfe5ac7dffe51cfea91aede0

SHA1
301dd3788f6e024dc8889efcf2a4027c55ff4ebd

SHA256
947dd8ce337d968e7379f9b72bb49f5f6460ed988ac7a1250400148abf5f06fe

SHA512
56c8df0f0444854692255c7603e6a0c00fd8102271984960ca98cdcebf7655c85d1b661127105b6d635cf341407575284daa0e7b2971bbac953739fe7bac351a

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\35e7203c-3712-4b5c-ae7d-b2b56a6b8f55\e31626ca4064b460_0

Filesize
14KB

MD5
3835c88da0eff357e78531d43acd6b04

SHA1
2c222d204cd3705a1bb1baa765eb555c49d2d78b

SHA256
be1117dc8cbe6fe9d62a2dd8efee416e51d2b7aaafecff4c28c336d17b70bc4c

SHA512
a40c3a3668285a7460886edc971cd1fc93e140d55600e734c503cd6d72b236c1b7c4b3cae79ffa3ad23778cc2724d0e11d77938a1d2a03ed4301124f4f0e2efc

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\35e7203c-3712-4b5c-ae7d-b2b56a6b8f55\e7d083353a620397_0

Filesize
789B

MD5
68152e5a78da4d03c9d896e06e114139

SHA1
e2ab5c97cdff4196cbf214787ea555097d742d47

SHA256
bd138ef40dbd88a356a7b79dd1e686d0067913e05fbf9d48777c5189baca635c

SHA512
6cac021a6ff0877ee8e74ff4d2daaac05a800b37eba53490572661641d45db44ccabfe9cb26527fad1fd8df50a71af814e601515edeba1bd828fb69f23c18a7d

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\35e7203c-3712-4b5c-ae7d-b2b56a6b8f55\f4a50b60517127e2_0

Filesize
22KB

MD5
96d14e8d0188436c1c1eb66a4efb0601

SHA1
98ef00c8b89e03e78a5b7f14804a21340c8ce9a5

SHA256
68473423693df9dae4b99aaeb2a402cae1c635e2129b4f8ffbf4fe1170326821

SHA512
4a2e7cccac70db8752222f3c03819947233ef48afe9c724def3490903cb93295ac02134da344412cd19df10cfc321da8a89089da80259f9fd2d7cf04c8a6b0b2

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\35e7203c-3712-4b5c-ae7d-b2b56a6b8f55\f51d5af08878d17b_0

Filesize
6KB

MD5
c3f7cd1d08730c9c6cfda16497f70b84

SHA1
a1a75863fe24d67cb9a36fd0a2c535b158be8527

SHA256
e3663ded0f751ac4cfab959b18b9cd836b57a794654fa3f6bd9aada6619650f9

SHA512
04718022233a33decaa08d95c8fdfd707528abb38bc40d12d1a60a77a0739541790860e42a557ec73cc454e635574fb2cc71bba16a263f665caad4d89f481963

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\35e7203c-3712-4b5c-ae7d-b2b56a6b8f55\f55f00a9a3efca75_0

Filesize
556B

MD5
de0ac65cfb7eee6a7b6f7858a064cafe

SHA1
f5a8299880cfdee5d67882b6afaf58dc4d7b884e

SHA256
8dd9d1c17540fe1224d8a8285d9b403c5c5bf9cd74bcd78754477e4c87b710a3

SHA512
cfd42d043eb5820126887a15ed3c4d35d53eacb6884f39d0ca6774e60de45592519ee177e11d264cd6c45037509319ed57da34b7adfac02e4920ed8607cd5d53

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\35e7203c-3712-4b5c-ae7d-b2b56a6b8f55\fb57acea038ad26a_0

Filesize
25KB

MD5
e2b727d21344e53573165df8e941058f

SHA1
e4d29791fe63bcef4077caebc3c68038d45c9080

SHA256
c9626d6d2bf23121465859b4ab01eb8680f108e1a2ea23c465dc6af2a977f651

SHA512
8902064d6557013e32615e7d8c8cacd7f3d5a74d0695cff6e2642af906876a44f4ce7129047f07132463cff6096234ae0d71fc431eeaee973e228a361adb3ca1

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\35e7203c-3712-4b5c-ae7d-b2b56a6b8f55\fd41ca2a883063a6_0

Filesize
9KB

MD5
9e0a46e1e2e7821b54cbd0e7a6ccb660

SHA1
fe306a9655e003e28dc3e3da23c63990e665c2ca

SHA256
f09611362166620081e1bd35663959ddf65d8bdb8204fe9247e9e1473efacde5

SHA512
2b44da94e1f21a3720c4386bf3497b753e6a26d3586c1350ffa2b876c0d360046b1124b99220b43988cdf19dc3f2bec4668b350abb0f9b149303ac89a31f5520

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\35e7203c-3712-4b5c-ae7d-b2b56a6b8f55\fef132170d47887d_0

Filesize
5KB

MD5
ba4de805126a78cbdd48a426477303e9

SHA1
87d87f2a9efd23b6c757fd4b2ee3e57b7e11354f

SHA256
a9a8c5cb0cc7279b18f78faa1cce747c6bf5f57f5c1e34a9f3dc3014fb93d55f

SHA512
a9351086a2619021dd5d2dd0e03e6f1ee47af3f604559b3519a61eabcdebb703cc53f4317867e41fe4d011942a601cdcedee48338a7ad23abd9dcbb6432695d5

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\35e7203c-3712-4b5c-ae7d-b2b56a6b8f55\index-dir\the-real-index

Filesize
4KB

MD5
d94dd598f1cc3c676f6be4e4c185cb08

SHA1
97dd61e3eace0076999321619e208522e541e41e

SHA256
ac0c9334d4410aa647ba00a069c25314ca33cbf23edcacde2c939e1a54648a83

SHA512
b532a27d000250978aacd367808130898e00955945006547bdf952e241856d88e0925025660c697bc10d0c2ac26f4cf3028720beaed723b16bcb504797ba182b

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\35e7203c-3712-4b5c-ae7d-b2b56a6b8f55\index-dir\the-real-index

Filesize
4KB

MD5
7f78c9d422acb778ce0d49397a9a7e1f

SHA1
51b0367f6199864c16fff45f1875e2b0348d5dbc

SHA256
e677e8f5891669a3dc2897756e92506a601946a3dc928ec943ec40991bde4721

SHA512
41653765c6178134a1d63c0040597a9bb2090513d801326a1d3069944582ea6106d3ae44816286422976763933ca1884671670dc040997cbfb8525c7cc165587

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\35e7203c-3712-4b5c-ae7d-b2b56a6b8f55\index-dir\the-real-index~RFe597044.TMP

Filesize
4KB

MD5
961c984ff73e8f14440a66a5ce6ec89e

SHA1
8188e70ef5334205186c512b15443d8ba0420088

SHA256
86cfec13c6d36e1eb97dc2d6a2b184124b8b201edea56e3b070e1f3bd1a67c1f

SHA512
d436e3a7484d64defa5f6d0265281eadb929bdc631e1f6fc14b40b692eb7ecd88a10bf989d03a8b85ca98e14ce96dd1fe23cdb2215fb219ac6df31261dc72f0e

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\web_ntp_cache\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\bcadigmkecmhhknameopgaidphameinh\Icons\16.png

Filesize
699B

MD5
238b0e7dc06028db4b6aba8078740ffb

SHA1
5fd2309587993b371beabb7a9d039e0dba3006ba

SHA256
d159e510392f6da58c4d15cc098171d45c7b02a1362cbf7be7a2d47a1a10e7fc

SHA512
1dda4de21be647067c04dfc47174df39d0c6c1eeee3e9005211f908351b69d6a27ed268b5ec7480285fb203a95136a3a205f7bafb7eb5223a3dcbab0dadc0e5d

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\bcadigmkecmhhknameopgaidphameinh\Icons\48.png

Filesize
2KB

MD5
7cf35c8c1a7bd815f6beea2ef9a5a258

SHA1
758f98bfed64e09e0cc52192827836f9e1252fd1

SHA256
67c320fa485a8094fc91cd3fcd59a7c75d2474e3046a7eb274b01863257fbe01

SHA512
0bbebde654c9f44cf56b74fc1a9525b62c88724ec80658efede3cbb370c3a6d4f3e78df459bbd0559a51838f4a172bdfcd370bd5477038309024b77cd69f2a15

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\bb9926af-06a4-42d3-becb-fcd4b25c5c3e.tmp

Filesize
160KB

MD5
54497ce2271deb0e673ec048b44da343

SHA1
5f886314234b7aa6a4da5efc937a9d63ed007727

SHA256
3dcf052bb8050fa32f28873bb665f63f457799cb9a92549fb2dbea94014f929b

SHA512
d0d77d763b1b12c1b9d7a9a3f2aee4640ed5fb10d828b7c3c2cb051504c2b7b6438309124b934b346a4152c0aca009883d6bda42dc997188b8ca2736ac3419c9

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\turboapp_db.json

Filesize
43KB

MD5
4d48fd3db34ffcb1aa3bb66f26b6aeb9

SHA1
3870df90b23e58e63e8bcaa18cbc285485f7e573

SHA256
cdaeb037fcf79a377a66c161dc046dc610719f4190634d493479006ab239c325

SHA512
65e98c998140e6afe036ed67a1450c84ec537f06d3415576527cab3cdfdf553c96b85aeddc1a1883410284e1c2c6584011c7ebf5162b7cc24aa404432d2212d2

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\turboapp_db.json

Filesize
43KB

MD5
d42e1137a60858f6f5834fa1e18689ef

SHA1
3ff9364d537d820936093ee0f76c1aad2940031f

SHA256
b650fa64f79693b3b168de65934100e91353b540b1444da93918a37bc37b441a

SHA512
0cb940afa53a2ac3959f990cf27902b0b79381ef6856e489e2156e0f5e2491dbede6dc2fd0d5e30cba2e93e75e331b06ec85b3803a871c3c252d2aa7998459ed

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\turboapp_db.json~RFe591e8a.TMP

Filesize
26KB

MD5
be55f4ea2f43ca6a37e1a21c00c35259

SHA1
0dfd5d51cccd8dc012f7567ea11246e8ded8e16f

SHA256
e076a5516865bf47e0ec9379d94f802c0b286749855e17804e317d5e47394f4b

SHA512
343be108ecd0bdbd7c2281554073ff3d4e3fe11709492b87fe89015eb2e8c348e837eb9ce4272f61466ffb9f49aa51dff3785ce39581c4a163bf15c14585da50

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\GrShaderCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\GrShaderCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\GrShaderCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\GraphiteDawnCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Local State

Filesize
229KB

MD5
be8037d21d68c8005429d535bf307d38

SHA1
3c08a8f0028af3531a0aa5d6960cc08c4b9c23d5

SHA256
ca5d48eb756ad89a7d03f0ab4bfdc1a0b872550768e0e654c310cdcecfc038e0

SHA512
ca04a6c95dd74fb8a95cbe8aa30db7b7cf18e274a69864d57d3576abb7d4a78f1cd820b3fc088020c1638078a37ae0e73beb9d001d2cfb98c40a1f9b1fde42d3

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\component_crx_cache\jeackiehcknahnkgbcajjemlnfndgdfo_1.44638f59336288f1e379bc02448460af400d5c52b6c8026c830c91c985f16d20

Filesize
6KB

MD5
7fc4cc8cc5a52c6a38fa8f7bd6fc2fe2

SHA1
83a2170cce3e837ef200d0f1b5ac5db4fbb9eb15

SHA256
44638f59336288f1e379bc02448460af400d5c52b6c8026c830c91c985f16d20

SHA512
e50659fb7395291efa4c82a2786bee4faef09ba9085eb4f5e65341713f4d1b2cff0e3b64951fd69b82fca43431801543daac7af79d84ca943707111da3a8b157

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\component_crx_cache\oimompecagnajdejgnnjijobebaeigek_1.567f5df81ea0c9bdcfb7221f0ea091893150f8c16e3012e4f0314ba3d43f1632

Filesize
13.8MB

MD5
3db950b4014a955d2142621aaeecd826

SHA1
c2b728b05bc34b43d82379ac4ce6bdae77d27c51

SHA256
567f5df81ea0c9bdcfb7221f0ea091893150f8c16e3012e4f0314ba3d43f1632

SHA512
03105dcf804e4713b6ed7c281ad0343ac6d6eb2aed57a897c6a09515a8c7f3e06b344563e224365dc9159cfd8ed3ef665d6aec18cc07aaad66eed0dc4957dde3

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\google_import_script\24.10.25.0\_metadata\yandex\verified_contents.json

Filesize
992B

MD5
7198e65d7fff96c7e11499ad448625a7

SHA1
740a66608c9dbb1db05f15f7894c4caf32723fc5

SHA256
4b5bb2f78c8aa7e3f73d5de49d48464707d02c4421a714fb5e5082db1e558cf8

SHA512
be3c6df2c5ccc025234d5751e3509115c844353aa77d6d0ba0e58ed3c0efc7f753482359bc97d51f8cd66c62ef745f5c240f80797c2b77a8ee956d91f0f7778c

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\google_import_script\24.10.25.0\manifest.fingerprint

Filesize
66B

MD5
dfee8a2f9eb6efdc94f5c7c28e3eb12b

SHA1
df3748ae866c68fa5478ad50e401bcb361ddf0dc

SHA256
97fabff9dd390a2594b5ecf3a8f8cd99ff2abb68c13ba8631203ffd3cc3f2f56

SHA512
660bc708cd686009d75b84244efe1a1302fe78bac3d6b764678ccdd5e39ee35a5eeec1fa8e1aac9ec8557cb807496cf73f6234b78652679390a226530de7849d

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\google_import_script\24.10.25.0\script

Filesize
4KB

MD5
b807ebd3002f71c1de6deb285528a920

SHA1
14b2c18684174abd078600bc9ac95628c00ea952

SHA256
8b44c53ea53b3ff1465263dec2380c68e88e4964984dbdc1497ff2aeedb010d6

SHA512
2885e6e91a8ddb346b15ee22f8bd0ea4735314d16a7a480c999b890fc3fcf68e5ab7ee137c7e788f1652f889f23ed920e70cd58bd9300a1e0af44babeeb9fdab

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex.lnk

Filesize
2KB

MD5
8118d7f3b979e1055100f7dc2037197e

SHA1
04141af06c82f89419cae07bbd9b74f92d33252e

SHA256
bcf5304809a8e3f43cc786810445afcfff0442c9f8df58cc1cfea3ac6dcc0c7e

SHA512
73ab46d198f64b5ce265e3de659d0bd3c531652f6c9db35aebe54ce013bf8e6eabd8db3acb11de5300a7515bb4051ef3183881116c05ee555a81d2b3f84a3f12

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
8e867d8162d21253c56f39f14f8f8291

SHA1
a5777d51731fe8349ab49d25e3efa164dd021a32

SHA256
ca0418055dfacf81391ad25d8157542ce02d1be30bf8d1c6a1cfb0181d140594

SHA512
1155955839201f8a8cf353c0ce9a50a7f435225e1841f22f999c39acf3a381ec2c176693e8b69b5924350778a288e05f8e696b8b43fdba7685e23ecc57e8d979

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4176_1968348478\manifest.json

Filesize
1001B

MD5
2ff237adbc218a4934a8b361bcd3428e

SHA1
efad279269d9372dcf9c65b8527792e2e9e6ca7d

SHA256
25a702dd5389cc7b077c6b4e06c1fad9bdea74a9c37453388986d093c277d827

SHA512
bafd91699019ab756adf13633b825d9d9bae374ca146e8c05abc70c931d491d421268a6e6549a8d284782898bc6eb99e3017fbe3a98e09cd3dfecad19f95e542

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4176_720538547\manifest.json

Filesize
160B

MD5
913950ec6c74d9cd942a99d51d3a3e11

SHA1
910a828887d6be21e1c02375841137fcbee10e6f

SHA256
b811b93c15f2a203cc4b8d93b0e8be4325e382945222f291e5387874eff5e353

SHA512
b9959b329e42ae15a50e52254e047124cbd61aa57c9d3b556a8c51528a329eb245457b3e50198bd8b6d926f2da5a9d0694fcd3b08a6c4a375c482865835d6dfd

Download Submit
C:\Windows\SystemTemp\yandex_browser_installer.log

Filesize
8KB

MD5
6cf76dad81013f6076df69767a8c1f51

SHA1
1cfd34e9b5b6e182f6ecc46239a99394b975670b

SHA256
985e94c206fbd463c0c51ccebad6d189d31ec5961759d1bbe0e88d2dab1c9f85

SHA512
bff3a6312f9dd27795bd27f11161d0a68272700637482fd8309635869ab3f619b3f5728f0dc4a3e4c8e7197338b1cbc07290e929b70b7f3bed90a26ac882e584

Download Submit
C:\Windows\SystemTemp\yandex_browser_installer.log

Filesize
26KB

MD5
4810830fdb3ae13f57521aea4522a43d

SHA1
0c4956f891c764d2406235f6a295efbeb85b9ad7

SHA256
661356d0a10c7f10c4ee84f1f96e9c410f3c1dd504ec71dc65132a3df51b3709

SHA512
c96944213142e829da37b47ca7148bef6ff11ce066495ef10ae4e1b664e05a46d8d15ba0bbf57cd4a1c72980fca19c9bcb7681d7c96ef7066da0e56a74ab31fc

Download Submit
C:\Windows\SystemTemp\yandex_browser_service_update.log

Filesize
1KB

MD5
60dc70c319350a82f7733575db043616

SHA1
e9833fbee2bdcebca1af82519dfd68ec6aad2a6b

SHA256
ddafd70269917a398e85a6ac8855282ff47bbc4338d278aaece1a1d7b1aca257

SHA512
4945ece47af403528c87c3df2531e6741b74194d2acfd1bc95ae5d17f55937967389c76fc62b90a08aea1b8364b8ca765a57d486fa2a249284b34c5a2b87d1a4

Download Submit
C:\Windows\SystemTemp\yandex_browser_service_update.log

Filesize
3KB

MD5
67a93157d00e1cd3bd8524fef5c85744

SHA1
84521d3422c829a63c5e41dca4542ed423763c85

SHA256
9f67748c6a82874947c92181c2f9b5a46f07affab259555fa1ca2cfc3e8f5fd6

SHA512
9137e41ed91aec7fb66bb97e9c1afab352c38904083764e9628867b52a6326a03b2c2508b32b98b4e8329023dd85b6863e10c8039f662df024df3e9e5bd46171

Download Submit
C:\Windows\SystemTemp\yandex_browser_service_update.log

Filesize
5KB

MD5
c10eea2d121bea080417081421d2bb22

SHA1
6e125d3c7a33fdbdba17ceafaaf4adbe08c95a7f

SHA256
39fb24f49397c7b011c19b8d698b1498900fe9f6c401d14f6c9ef3004b151540

SHA512
ac040ae8420406e82495314f3a36e33d2decb08e7794e6a069798a3c38b297c479bcb2b1ea5188358bd08d854b3eb38c0b275e587cacbc3c3072070481e3bcaa

Download Submit
C:\Windows\SystemTemp\yandex_browser_service_update.log

Filesize
6KB

MD5
b9f48a44a218b1799f002643b5673a9e

SHA1
b93d6f3085e4648ee10d91601f3928325968fdc5

SHA256
0e606c4e06a68f36ac9b8799574b8abe69b969840e86002627d435e8670b4184

SHA512
fbaa4081a2b0152c4609d1e86d898085e79f599ab94b94c6b8e504650c7b13db4f90b21fc97707fb3e7deecb981e714d3bc1b0ba33a65e3a873faab22aee51ee

Download Submit
C:\Windows\Temp\sdwra_4648_1893241693\service_update.exe

Filesize
3.8MB

MD5
38870367db74922ed710c9dd33dfb537

SHA1
40f6adb1175b562faadb5d7ad8c5950769dae4dc

SHA256
3a99f46ca3e565a7b94303c46aa03eeacbf9598b47aedbba002606bdc9421945

SHA512
84e6a753450b2c742274bb3844da4b27cadf9786958d495e28284480715b2fcaf8ebd67aecc9322486cef82bf3480690bcaf9147021dee1e009b6a193a57c680

Download Submit
memory/2372-1112-0x00007FF9456C0000-0x00007FF9456C1000-memory.dmp

Filesize
4KB

Download
memory/2372-1113-0x00007FF9461F0000-0x00007FF9461F1000-memory.dmp

Filesize
4KB

Download
memory/4668-2611-0x0000018E887E0000-0x0000018E88BA1000-memory.dmp

Filesize
3.8MB

Download
memory/4668-2609-0x0000018E887D0000-0x0000018E887D1000-memory.dmp

Filesize
4KB

Download
memory/4668-2610-0x0000018E887E0000-0x0000018E88BA1000-memory.dmp

Filesize
3.8MB

Download
memory/4668-1037-0x00007FF9457F0000-0x00007FF9457F1000-memory.dmp

Filesize
4KB

Download
memory/4668-2613-0x0000018E88780000-0x0000018E88781000-memory.dmp

Filesize
4KB

Download
memory/4668-2612-0x0000018E887E0000-0x0000018E88BA1000-memory.dmp

Filesize
3.8MB

Download
memory/6764-2480-0x0000023646750000-0x0000023646760000-memory.dmp

Filesize
64KB

Download