19eac162665903722e90df45f943ef2207c294b9f3a969e1a6a3727f4d82277a

Analysis

max time kernel
150s
max time network
155s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
14/08/2024, 02:48

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

19eac162665903722e90df45f943ef2207c294b9f3a969e1a6a3727f4d82277a.exe
Size

10.5MB
MD5

b510ca99b7f03e17b0cb4b3a1ec68338
SHA1

94f1d7b4566ab181adda85fe0493107405c51222
SHA256

19eac162665903722e90df45f943ef2207c294b9f3a969e1a6a3727f4d82277a
SHA512

0e95e5012d7e09f98df973359fb0c7ca8c01cc3e63c3fa7846ee51deca2685c8b03eadf09a1b689e69a608b5ed289ab9f7428a00cdf9d79f57c7908572b5fe70
SSDEEP

196608:0bGKPyHbSSJ7PbDdh0HtQba8z1sjzkAilU4I4:0KKPe5J7PbDjOQba8psjzyz

Score

7^/10

discovery persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 7 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Control Panel\International\Geo\Nation	browser.exe

Executes dropped EXE 59 IoCs

pid	Process
2772	yb25E8.tmp
2860	setup.exe
2940	setup.exe
2564	setup.exe
592	service_update.exe
1336	service_update.exe
1468	service_update.exe
1624	service_update.exe
2116	service_update.exe
1988	service_update.exe
2076	Yandex.exe
572	clidmgr.exe
1304	clidmgr.exe
1360	browser.exe
1484	browser.exe
2524	browser.exe
1384	browser.exe
748	browser.exe
2932	browser.exe
1920	browser.exe
484	browser.exe
1696	browser.exe
2936	browser.exe
1728	browser.exe
2788	browser.exe
2576	browser.exe
2372	browser.exe
1928	browser.exe
2916	browser.exe
648	browser.exe
2156	browser.exe
2600	browser.exe
524	browser.exe
2216	browser.exe
2596	browser.exe
3008	browser.exe
2012	browser.exe
2756	browser.exe
2020	browser.exe
1632	browser.exe
2760	browser.exe
3132	browser.exe
3260	browser.exe
3584	browser.exe
3488	browser.exe
3680	browser.exe
1664	browser.exe
3164	browser.exe
3180	browser.exe
1480	browser.exe
3600	browser.exe
3244	browser.exe
3372	browser.exe
3956	browser.exe
2112	browser.exe
1220	browser.exe
2332	browser.exe
3280	browser.exe
3612	browser.exe

Loads dropped DLL 64 IoCs

pid	Process
2376	19eac162665903722e90df45f943ef2207c294b9f3a969e1a6a3727f4d82277a.exe
2376	19eac162665903722e90df45f943ef2207c294b9f3a969e1a6a3727f4d82277a.exe
2376	19eac162665903722e90df45f943ef2207c294b9f3a969e1a6a3727f4d82277a.exe
2740	19eac162665903722e90df45f943ef2207c294b9f3a969e1a6a3727f4d82277a.exe
2772	yb25E8.tmp
2860	setup.exe
2860	setup.exe
2860	setup.exe
2940	setup.exe
2940	setup.exe
2940	setup.exe
592	service_update.exe
592	service_update.exe
592	service_update.exe
592	service_update.exe
592	service_update.exe
1468	service_update.exe
1468	service_update.exe
2116	service_update.exe
2940	setup.exe
2940	setup.exe
2940	setup.exe
2940	setup.exe
2940	setup.exe
2076	Yandex.exe
2940	setup.exe
2940	setup.exe
2940	setup.exe
1360	browser.exe
1484	browser.exe
1360	browser.exe
2524	browser.exe
748	browser.exe
2524	browser.exe
748	browser.exe
1384	browser.exe
1384	browser.exe
2932	browser.exe
2932	browser.exe
1920	browser.exe
1920	browser.exe
484	browser.exe
484	browser.exe
2524	browser.exe
2524	browser.exe
2524	browser.exe
1696	browser.exe
2936	browser.exe
2936	browser.exe
1696	browser.exe
1728	browser.exe
1728	browser.exe
1728	browser.exe
1728	browser.exe
1728	browser.exe
2788	browser.exe
2788	browser.exe
2576	browser.exe
2576	browser.exe
2372	browser.exe
2372	browser.exe
1360	browser.exe
1360	browser.exe
1360	browser.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\YandexBrowserAutoLaunch_45886AE68CD319C7351FF54A1DBD4B87 = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --shutdown-if-not-closed-by-system-restart"	browser.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks system information in the registry 2 TTPs 5 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	browser.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	browser.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	browser.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	browser.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	browser.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Yandex\ui	service_update.exe

Drops file in Program Files directory 3 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Yandex\YandexBrowser\24.7.0.2377\service_update.exe	service_update.exe
File opened for modification	C:\Program Files (x86)\Yandex\YandexBrowser\24.7.0.2377\service_update.exe	service_update.exe
File opened for modification	C:\Program Files (x86)\Yandex\YandexBrowser\24.7.0.2377\debug.log	service_update.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\Tasks\Обновление Браузера Яндекс.job	browser.exe
File created	C:\Windows\Tasks\System update for Yandex Browser.job	service_update.exe
File created	C:\Windows\Tasks\Update for Yandex Browser.job	service_update.exe
File created	C:\Windows\Tasks\Repairing Yandex Browser update service.job	service_update.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 61 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	service_update.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	service_update.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	yb25E8.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	service_update.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Yandex.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	19eac162665903722e90df45f943ef2207c294b9f3a969e1a6a3727f4d82277a.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	clidmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	service_update.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	clidmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	service_update.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	service_update.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	19eac162665903722e90df45f943ef2207c294b9f3a969e1a6a3727f4d82277a.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	browser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	browser.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	browser.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	browser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	browser.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	browser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	browser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	browser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	browser.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\Yandex	service_update.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	service_update.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow	service_update.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\Yandex	service_update.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\Yandex\UICreated_SYSTEM = "1"	service_update.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\YandexWEBM.RKHYTWQ5KFBB34KEXR2ODPT6NU\shell	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\YandexPDF.RKHYTWQ5KFBB34KEXR2ODPT6NU\shell\open\command	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\yabrowser\shell\open\ddeexec\	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\YandexCRX.RKHYTWQ5KFBB34KEXR2ODPT6NU\Application\ApplicationName = "Yandex"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\YandexFB2.RKHYTWQ5KFBB34KEXR2ODPT6NU\ = "Yandex Browser FB2 Document"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\YandexWEBP.RKHYTWQ5KFBB34KEXR2ODPT6NU\shell\open\command	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\YandexWEBP.RKHYTWQ5KFBB34KEXR2ODPT6NU\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\YandexXML.RKHYTWQ5KFBB34KEXR2ODPT6NU\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\.css	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\.js\OpenWithProgids\YandexJS.RKHYTWQ5KFBB34KEXR2ODPT6NU	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\SystemFileAssociations\.gif	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\YandexGIF.RKHYTWQ5KFBB34KEXR2ODPT6NU\shell	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\YandexSVG.RKHYTWQ5KFBB34KEXR2ODPT6NU\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\YandexPDF.RKHYTWQ5KFBB34KEXR2ODPT6NU\Application\ApplicationName = "Yandex"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\.gif\OpenWithProgids\YandexGIF.RKHYTWQ5KFBB34KEXR2ODPT6NU	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\YandexFB2.RKHYTWQ5KFBB34KEXR2ODPT6NU\shell\open\command	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\YandexJS.RKHYTWQ5KFBB34KEXR2ODPT6NU\DefaultIcon	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\YandexJPEG.RKHYTWQ5KFBB34KEXR2ODPT6NU\DefaultIcon	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\SystemFileAssociations\.webp\shell	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\YandexSVG.RKHYTWQ5KFBB34KEXR2ODPT6NU	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\YandexSWF.RKHYTWQ5KFBB34KEXR2ODPT6NU\Application\ApplicationDescription = "Яндекс\u00a0Браузер – это быстрая и\u00a0удобная программа для\u00a0работы в\u00a0интернете и\u00a0просмотра веб-страниц."	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\YandexTXT.RKHYTWQ5KFBB34KEXR2ODPT6NU\Application\ApplicationCompany = "Yandex"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\YandexWEBP.RKHYTWQ5KFBB34KEXR2ODPT6NU\shell	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\SystemFileAssociations\.tif\shell\image_search	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\YandexGIF.RKHYTWQ5KFBB34KEXR2ODPT6NU\ = "Yandex Browser GIF Document"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\YandexSVG.RKHYTWQ5KFBB34KEXR2ODPT6NU\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-123"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\yabrowser\shell\ = "open"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\YandexBrowser.crx	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\YandexJPEG.RKHYTWQ5KFBB34KEXR2ODPT6NU\Application\ApplicationCompany = "Yandex"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\YandexPNG.RKHYTWQ5KFBB34KEXR2ODPT6NU\DefaultIcon	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\.pdf\OpenWithProgids	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\YandexFB2.RKHYTWQ5KFBB34KEXR2ODPT6NU\Application\ApplicationDescription = "Яндекс\u00a0Браузер – это быстрая и\u00a0удобная программа для\u00a0работы в\u00a0интернете и\u00a0просмотра веб-страниц."	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\YandexTXT.RKHYTWQ5KFBB34KEXR2ODPT6NU\Application\AppUserModelId = "Yandex.RKHYTWQ5KFBB34KEXR2ODPT6NU"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\.epub\OpenWithProgids	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\.jpeg\OpenWithProgids	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\.txt\OpenWithProgids	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\SystemFileAssociations\.tif\shell	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\SystemFileAssociations\.webp	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\YandexINFE.RKHYTWQ5KFBB34KEXR2ODPT6NU\shell\open	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\YandexJS.RKHYTWQ5KFBB34KEXR2ODPT6NU\Application\ApplicationDescription = "Яндекс\u00a0Браузер – это быстрая и\u00a0удобная программа для\u00a0работы в\u00a0интернете и\u00a0просмотра веб-страниц."	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\YandexCRX.RKHYTWQ5KFBB34KEXR2ODPT6NU\shell\open	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\YandexCRX.RKHYTWQ5KFBB34KEXR2ODPT6NU\Application\AppUserModelId = "Yandex.RKHYTWQ5KFBB34KEXR2ODPT6NU"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\YandexPNG.RKHYTWQ5KFBB34KEXR2ODPT6NU\Application\ApplicationIcon = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,0"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\YandexBrowser.crx\Application	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\YandexINFE.RKHYTWQ5KFBB34KEXR2ODPT6NU\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-135"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\YandexPNG.RKHYTWQ5KFBB34KEXR2ODPT6NU\shell\open	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\YandexSWF.RKHYTWQ5KFBB34KEXR2ODPT6NU	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\YandexTIFF.RKHYTWQ5KFBB34KEXR2ODPT6NU\shell\open\command	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\SystemFileAssociations\.jpg\shell\image_search\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --image-search=\"%1\""	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\YandexFB2.RKHYTWQ5KFBB34KEXR2ODPT6NU\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\YandexWEBP.RKHYTWQ5KFBB34KEXR2ODPT6NU	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\.tiff\OpenWithProgids\YandexTIFF.RKHYTWQ5KFBB34KEXR2ODPT6NU	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\YandexBrowser.crx\shell\open\command	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\YandexFB2.RKHYTWQ5KFBB34KEXR2ODPT6NU\Application\ApplicationIcon = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,0"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\YandexHTML.RKHYTWQ5KFBB34KEXR2ODPT6NU\Application\ApplicationCompany = "Yandex"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\YandexPNG.RKHYTWQ5KFBB34KEXR2ODPT6NU\Application\ApplicationCompany = "Yandex"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\YandexINFE.RKHYTWQ5KFBB34KEXR2ODPT6NU\Application\ApplicationCompany = "Yandex"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\.jpg	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\.mhtml\OpenWithProgids	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\SystemFileAssociations\.tif\shell\image_search\ = "Поиск по картинке"	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\SystemFileAssociations\.webp\shell\image_search	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\.webm\OpenWithProgids\YandexWEBM.RKHYTWQ5KFBB34KEXR2ODPT6NU	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\YandexINFE.RKHYTWQ5KFBB34KEXR2ODPT6NU\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\YandexTIFF.RKHYTWQ5KFBB34KEXR2ODPT6NU\Application	setup.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
2940	setup.exe
2940	setup.exe
1360	browser.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1360	browser.exe
Token: SeShutdownPrivilege	1360	browser.exe
Token: SeShutdownPrivilege	1360	browser.exe
Token: SeShutdownPrivilege	1360	browser.exe
Token: SeShutdownPrivilege	1360	browser.exe
Token: SeShutdownPrivilege	1360	browser.exe
Token: SeShutdownPrivilege	1360	browser.exe
Token: SeShutdownPrivilege	1360	browser.exe
Token: SeShutdownPrivilege	1360	browser.exe
Token: SeShutdownPrivilege	1360	browser.exe
Token: SeShutdownPrivilege	1360	browser.exe
Token: SeShutdownPrivilege	1360	browser.exe
Token: SeShutdownPrivilege	1360	browser.exe
Token: SeShutdownPrivilege	1360	browser.exe
Token: SeShutdownPrivilege	1360	browser.exe
Token: SeShutdownPrivilege	1360	browser.exe
Token: SeShutdownPrivilege	1360	browser.exe
Token: SeShutdownPrivilege	1360	browser.exe
Token: SeShutdownPrivilege	1360	browser.exe
Token: SeShutdownPrivilege	1360	browser.exe
Token: SeShutdownPrivilege	1360	browser.exe
Token: SeShutdownPrivilege	1360	browser.exe
Token: SeShutdownPrivilege	1360	browser.exe
Token: SeShutdownPrivilege	1360	browser.exe
Token: SeShutdownPrivilege	1360	browser.exe
Token: SeShutdownPrivilege	1360	browser.exe
Token: SeShutdownPrivilege	1360	browser.exe
Token: SeShutdownPrivilege	1360	browser.exe
Token: SeShutdownPrivilege	1360	browser.exe
Token: SeShutdownPrivilege	1360	browser.exe
Token: SeShutdownPrivilege	1360	browser.exe
Token: SeShutdownPrivilege	1360	browser.exe
Token: SeShutdownPrivilege	1360	browser.exe
Token: SeShutdownPrivilege	1360	browser.exe
Token: SeShutdownPrivilege	1360	browser.exe
Token: SeShutdownPrivilege	1360	browser.exe
Token: SeShutdownPrivilege	1360	browser.exe
Token: SeShutdownPrivilege	1360	browser.exe
Token: SeShutdownPrivilege	1360	browser.exe
Token: SeShutdownPrivilege	1360	browser.exe
Token: SeShutdownPrivilege	1360	browser.exe
Token: SeShutdownPrivilege	1360	browser.exe
Token: SeShutdownPrivilege	1360	browser.exe
Token: SeShutdownPrivilege	1360	browser.exe
Token: SeShutdownPrivilege	1360	browser.exe
Token: SeShutdownPrivilege	1360	browser.exe
Token: SeShutdownPrivilege	1360	browser.exe
Token: SeShutdownPrivilege	1360	browser.exe
Token: SeShutdownPrivilege	1360	browser.exe
Token: SeShutdownPrivilege	1360	browser.exe
Token: SeShutdownPrivilege	1360	browser.exe
Token: SeShutdownPrivilege	1360	browser.exe
Token: SeShutdownPrivilege	1360	browser.exe
Token: SeShutdownPrivilege	1360	browser.exe
Token: SeShutdownPrivilege	1360	browser.exe
Token: SeShutdownPrivilege	1360	browser.exe
Token: SeShutdownPrivilege	1360	browser.exe
Token: SeShutdownPrivilege	1360	browser.exe
Token: SeShutdownPrivilege	1360	browser.exe
Token: SeShutdownPrivilege	1360	browser.exe
Token: SeShutdownPrivilege	1360	browser.exe
Token: SeShutdownPrivilege	1360	browser.exe
Token: SeShutdownPrivilege	1360	browser.exe
Token: SeShutdownPrivilege	1360	browser.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2376	19eac162665903722e90df45f943ef2207c294b9f3a969e1a6a3727f4d82277a.exe
1360	browser.exe
1360	browser.exe
1360	browser.exe
1360	browser.exe
1360	browser.exe
1360	browser.exe
1360	browser.exe
1360	browser.exe
1360	browser.exe
1360	browser.exe
1360	browser.exe
1360	browser.exe
1360	browser.exe
1360	browser.exe
1360	browser.exe
1360	browser.exe
1360	browser.exe
1360	browser.exe
1360	browser.exe
1360	browser.exe
1360	browser.exe
1360	browser.exe
1360	browser.exe
1360	browser.exe
1360	browser.exe
1360	browser.exe
1360	browser.exe
1360	browser.exe
1360	browser.exe
1360	browser.exe
1360	browser.exe
1360	browser.exe
1360	browser.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1360	browser.exe
1360	browser.exe
1360	browser.exe
1360	browser.exe
1360	browser.exe
1360	browser.exe
1360	browser.exe
1360	browser.exe
1360	browser.exe
1360	browser.exe
1360	browser.exe
1360	browser.exe
1360	browser.exe
1360	browser.exe
1360	browser.exe
1360	browser.exe
1360	browser.exe
1360	browser.exe
1360	browser.exe
1360	browser.exe
1360	browser.exe
1360	browser.exe
1360	browser.exe
1360	browser.exe
1360	browser.exe
1360	browser.exe
1360	browser.exe
1360	browser.exe
1360	browser.exe
1360	browser.exe
1360	browser.exe
1360	browser.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2376	19eac162665903722e90df45f943ef2207c294b9f3a969e1a6a3727f4d82277a.exe
1360	browser.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2376 wrote to memory of 2740	2376	19eac162665903722e90df45f943ef2207c294b9f3a969e1a6a3727f4d82277a.exe	30
PID 2376 wrote to memory of 2740	2376	19eac162665903722e90df45f943ef2207c294b9f3a969e1a6a3727f4d82277a.exe	30
PID 2376 wrote to memory of 2740	2376	19eac162665903722e90df45f943ef2207c294b9f3a969e1a6a3727f4d82277a.exe	30
PID 2376 wrote to memory of 2740	2376	19eac162665903722e90df45f943ef2207c294b9f3a969e1a6a3727f4d82277a.exe	30
PID 2376 wrote to memory of 2740	2376	19eac162665903722e90df45f943ef2207c294b9f3a969e1a6a3727f4d82277a.exe	30
PID 2376 wrote to memory of 2740	2376	19eac162665903722e90df45f943ef2207c294b9f3a969e1a6a3727f4d82277a.exe	30
PID 2376 wrote to memory of 2740	2376	19eac162665903722e90df45f943ef2207c294b9f3a969e1a6a3727f4d82277a.exe	30
PID 2740 wrote to memory of 2772	2740	19eac162665903722e90df45f943ef2207c294b9f3a969e1a6a3727f4d82277a.exe	32
PID 2740 wrote to memory of 2772	2740	19eac162665903722e90df45f943ef2207c294b9f3a969e1a6a3727f4d82277a.exe	32
PID 2740 wrote to memory of 2772	2740	19eac162665903722e90df45f943ef2207c294b9f3a969e1a6a3727f4d82277a.exe	32
PID 2740 wrote to memory of 2772	2740	19eac162665903722e90df45f943ef2207c294b9f3a969e1a6a3727f4d82277a.exe	32
PID 2740 wrote to memory of 2772	2740	19eac162665903722e90df45f943ef2207c294b9f3a969e1a6a3727f4d82277a.exe	32
PID 2740 wrote to memory of 2772	2740	19eac162665903722e90df45f943ef2207c294b9f3a969e1a6a3727f4d82277a.exe	32
PID 2740 wrote to memory of 2772	2740	19eac162665903722e90df45f943ef2207c294b9f3a969e1a6a3727f4d82277a.exe	32
PID 2772 wrote to memory of 2860	2772	yb25E8.tmp	33
PID 2772 wrote to memory of 2860	2772	yb25E8.tmp	33
PID 2772 wrote to memory of 2860	2772	yb25E8.tmp	33
PID 2772 wrote to memory of 2860	2772	yb25E8.tmp	33
PID 2772 wrote to memory of 2860	2772	yb25E8.tmp	33
PID 2772 wrote to memory of 2860	2772	yb25E8.tmp	33
PID 2772 wrote to memory of 2860	2772	yb25E8.tmp	33
PID 2860 wrote to memory of 2940	2860	setup.exe	34
PID 2860 wrote to memory of 2940	2860	setup.exe	34
PID 2860 wrote to memory of 2940	2860	setup.exe	34
PID 2860 wrote to memory of 2940	2860	setup.exe	34
PID 2860 wrote to memory of 2940	2860	setup.exe	34
PID 2860 wrote to memory of 2940	2860	setup.exe	34
PID 2860 wrote to memory of 2940	2860	setup.exe	34
PID 2940 wrote to memory of 2564	2940	setup.exe	35
PID 2940 wrote to memory of 2564	2940	setup.exe	35
PID 2940 wrote to memory of 2564	2940	setup.exe	35
PID 2940 wrote to memory of 2564	2940	setup.exe	35
PID 2940 wrote to memory of 2564	2940	setup.exe	35
PID 2940 wrote to memory of 2564	2940	setup.exe	35
PID 2940 wrote to memory of 2564	2940	setup.exe	35
PID 2940 wrote to memory of 592	2940	setup.exe	37
PID 2940 wrote to memory of 592	2940	setup.exe	37
PID 2940 wrote to memory of 592	2940	setup.exe	37
PID 2940 wrote to memory of 592	2940	setup.exe	37
PID 2940 wrote to memory of 592	2940	setup.exe	37
PID 2940 wrote to memory of 592	2940	setup.exe	37
PID 2940 wrote to memory of 592	2940	setup.exe	37
PID 592 wrote to memory of 1336	592	service_update.exe	38
PID 592 wrote to memory of 1336	592	service_update.exe	38
PID 592 wrote to memory of 1336	592	service_update.exe	38
PID 592 wrote to memory of 1336	592	service_update.exe	38
PID 592 wrote to memory of 1336	592	service_update.exe	38
PID 592 wrote to memory of 1336	592	service_update.exe	38
PID 592 wrote to memory of 1336	592	service_update.exe	38
PID 1468 wrote to memory of 1624	1468	service_update.exe	40
PID 1468 wrote to memory of 1624	1468	service_update.exe	40
PID 1468 wrote to memory of 1624	1468	service_update.exe	40
PID 1468 wrote to memory of 1624	1468	service_update.exe	40
PID 1468 wrote to memory of 1624	1468	service_update.exe	40
PID 1468 wrote to memory of 1624	1468	service_update.exe	40
PID 1468 wrote to memory of 1624	1468	service_update.exe	40
PID 1468 wrote to memory of 2116	1468	service_update.exe	41
PID 1468 wrote to memory of 2116	1468	service_update.exe	41
PID 1468 wrote to memory of 2116	1468	service_update.exe	41
PID 1468 wrote to memory of 2116	1468	service_update.exe	41
PID 1468 wrote to memory of 2116	1468	service_update.exe	41
PID 1468 wrote to memory of 2116	1468	service_update.exe	41
PID 1468 wrote to memory of 2116	1468	service_update.exe	41
PID 2116 wrote to memory of 1988	2116	service_update.exe	42

C:\Users\Admin\AppData\Local\Temp\19eac162665903722e90df45f943ef2207c294b9f3a969e1a6a3727f4d82277a.exe
"C:\Users\Admin\AppData\Local\Temp\19eac162665903722e90df45f943ef2207c294b9f3a969e1a6a3727f4d82277a.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2376
- C:\Users\Admin\AppData\Local\Temp\19eac162665903722e90df45f943ef2207c294b9f3a969e1a6a3727f4d82277a.exe
  "C:\Users\Admin\AppData\Local\Temp\19eac162665903722e90df45f943ef2207c294b9f3a969e1a6a3727f4d82277a.exe" --parent-installer-process-id=2376 --run-as-admin --setup-cmd-line="fake_browser_arc --abt-config-resource-file=\"C:\Users\Admin\AppData\Local\Temp\abt_config_resource\" --abt-update-path=\"C:\Users\Admin\AppData\Local\Temp\044ffab2-ddf2-4289-b544-f73e23a9f897.tmp\" --brand-name=yandex --browser-present=none --distr-info-file=\"C:\Users\Admin\AppData\Local\Temp\distrib_info\" --installer-brand-id=yandex --installer-partner-id=exp_firstscreen_2 --progress-window=131632 --testids=1045949 --variations-update-path=\"C:\Users\Admin\AppData\Local\Temp\72188116-e663-43d8-918c-94903c8a2d91.tmp\" --verbose-logging"
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2740
- - C:\Users\Admin\AppData\Local\Temp\yb25E8.tmp
    "C:\Users\Admin\AppData\Local\Temp\yb25E8.tmp" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\044ffab2-ddf2-4289-b544-f73e23a9f897.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --browser-present=none --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=37 --install-start-time-no-uac=267042200 --installer-brand-id=yandex --installer-partner-id=exp_firstscreen_2 --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --partner-package="C:\Users\Admin\AppData\Local\Temp\PartnerFile" --progress-window=131632 --source=lite --testids=1045949 --variations-update-path="C:\Users\Admin\AppData\Local\Temp\72188116-e663-43d8-918c-94903c8a2d91.tmp" --verbose-logging
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:2772
  - - C:\Users\Admin\AppData\Local\Temp\YB_7C2E7.tmp\setup.exe
      "C:\Users\Admin\AppData\Local\Temp\YB_7C2E7.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_7C2E7.tmp\BROWSER.PACKED.7Z" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\044ffab2-ddf2-4289-b544-f73e23a9f897.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --browser-present=none --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=37 --install-start-time-no-uac=267042200 --installer-brand-id=yandex --installer-partner-id=exp_firstscreen_2 --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --partner-package="C:\Users\Admin\AppData\Local\Temp\PartnerFile" --progress-window=131632 --source=lite --testids=1045949 --variations-update-path="C:\Users\Admin\AppData\Local\Temp\72188116-e663-43d8-918c-94903c8a2d91.tmp" --verbose-logging
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:2860
    - - C:\Users\Admin\AppData\Local\Temp\YB_7C2E7.tmp\setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\YB_7C2E7.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_7C2E7.tmp\BROWSER.PACKED.7Z" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\044ffab2-ddf2-4289-b544-f73e23a9f897.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --browser-present=none --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=37 --install-start-time-no-uac=267042200 --installer-brand-id=yandex --installer-partner-id=exp_firstscreen_2 --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --partner-package="C:\Users\Admin\AppData\Local\Temp\PartnerFile" --progress-window=131632 --source=lite --testids=1045949 --variations-update-path="C:\Users\Admin\AppData\Local\Temp\72188116-e663-43d8-918c-94903c8a2d91.tmp" --verbose-logging --verbose-logging --run-as-admin --target-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application" --child-setup-process --restart-as-admin-time=314435000
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Modifies registry class
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2940
      - C:\Users\Admin\AppData\Local\Temp\YB_7C2E7.tmp\setup.exe
        
        C:\Users\Admin\AppData\Local\Temp\YB_7C2E7.tmp\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=2dd7b5e4628752fb0b47757ed5724904 --annotation=main_process_pid=2940 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.7.0.2377 --initial-client-data=0x1b4,0x1b8,0x1bc,0x188,0x1c0,0x559d28,0x559d34,0x559d40
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2564
      - C:\Windows\TEMP\sdwra_2940_1067182932\service_update.exe
        
        "C:\Windows\TEMP\sdwra_2940_1067182932\service_update.exe" --setup
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:592
        
        C:\Program Files (x86)\Yandex\YandexBrowser\24.7.0.2377\service_update.exe
        
        "C:\Program Files (x86)\Yandex\YandexBrowser\24.7.0.2377\service_update.exe" --install
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1336
      - C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe
        
        C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe --silent
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:2076
      - C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
        
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Temp\clids.xml"
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:572
      - C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
        
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\source2940_1403695646\Browser-bin\clids_yandex.xml"
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1304

C:\Program Files (x86)\Yandex\YandexBrowser\24.7.0.2377\service_update.exe
"C:\Program Files (x86)\Yandex\YandexBrowser\24.7.0.2377\service_update.exe" --run-as-service
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
- Suspicious use of WriteProcessMemory
PID:1468
- C:\Program Files (x86)\Yandex\YandexBrowser\24.7.0.2377\service_update.exe
  "C:\Program Files (x86)\Yandex\YandexBrowser\24.7.0.2377\service_update.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=2dd7b5e4628752fb0b47757ed5724904 --annotation=main_process_pid=1468 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.7.0.2377 --initial-client-data=0x13c,0x140,0x144,0x110,0x148,0x14ad784,0x14ad790,0x14ad79c
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1624
- C:\Program Files (x86)\Yandex\YandexBrowser\24.7.0.2377\service_update.exe
  "C:\Program Files (x86)\Yandex\YandexBrowser\24.7.0.2377\service_update.exe" --update-scheduler
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2116
- - C:\Program Files (x86)\Yandex\YandexBrowser\24.7.0.2377\service_update.exe
    "C:\Program Files (x86)\Yandex\YandexBrowser\24.7.0.2377\service_update.exe" --update-background-scheduler
    3⤵
    - Executes dropped EXE
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    PID:1988

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --progress-window=131632 --install-start-time-no-uac=267042200
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Checks system information in the registry
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1360
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id= --annotation=main_process_pid=1360 --annotation=metrics_client_id=313e4175830842ae8764b4f45969f629 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.7.0.2377 --initial-client-data=0xf4,0xf8,0xfc,0xc8,0x100,0x73258a14,0x73258a20,0x73258a2c
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:1484
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=92F80175-3E67-4534-AA78-725182AD5B57 --brand-id=yandex --partner-id=exp_firstscreen_2 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --gpu-process-kind=sandboxed --field-trial-handle=1860,i,13249793842961695835,6318152976876678163,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=1856 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2524
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=92F80175-3E67-4534-AA78-725182AD5B57 --brand-id=yandex --partner-id=exp_firstscreen_2 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=disabled --gpu-process-kind=trampoline --field-trial-handle=1784,i,13249793842961695835,6318152976876678163,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2008 /prefetch:6
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:748
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=92F80175-3E67-4534-AA78-725182AD5B57 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Network Service" --field-trial-handle=2016,i,13249793842961695835,6318152976876678163,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2132 --brver=24.7.0.2377 /prefetch:3
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:1384
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=ru --service-sandbox-type=service --user-id=92F80175-3E67-4534-AA78-725182AD5B57 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Storage Service" --field-trial-handle=2352,i,13249793842961695835,6318152976876678163,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2428 --brver=24.7.0.2377 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2932
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=ru --service-sandbox-type=audio --user-id=92F80175-3E67-4534-AA78-725182AD5B57 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Audio Service" --field-trial-handle=2728,i,13249793842961695835,6318152976876678163,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2796 --brver=24.7.0.2377 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:1920
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=92F80175-3E67-4534-AA78-725182AD5B57 --brand-id=yandex --partner-id=exp_firstscreen_2 --extension-process --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --enable-ignition --allow-prefetch --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=2988,i,13249793842961695835,6318152976876678163,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2984 /prefetch:2
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:484
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=92F80175-3E67-4534-AA78-725182AD5B57 --brand-id=yandex --partner-id=exp_firstscreen_2 --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --enable-ignition --allow-prefetch --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3476,i,13249793842961695835,6318152976876678163,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3472 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:1696
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=92F80175-3E67-4534-AA78-725182AD5B57 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=3608,i,13249793842961695835,6318152976876678163,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3624 --brver=24.7.0.2377 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2936
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=92F80175-3E67-4534-AA78-725182AD5B57 --brand-id=yandex --partner-id=exp_firstscreen_2 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --gpu-process-kind=sandboxed --field-trial-handle=2000,i,13249793842961695835,6318152976876678163,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3684 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:1728
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=ru --service-sandbox-type=none --user-id=92F80175-3E67-4534-AA78-725182AD5B57 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Импорт профилей" --field-trial-handle=3656,i,13249793842961695835,6318152976876678163,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=1952 --brver=24.7.0.2377 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2788
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=92F80175-3E67-4534-AA78-725182AD5B57 --brand-id=yandex --partner-id=exp_firstscreen_2 --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --enable-ignition --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=1876,i,13249793842961695835,6318152976876678163,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=1884 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2576
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=92F80175-3E67-4534-AA78-725182AD5B57 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=3904,i,13249793842961695835,6318152976876678163,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=1952 --brver=24.7.0.2377 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2372
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=92F80175-3E67-4534-AA78-725182AD5B57 --brand-id=yandex --partner-id=exp_firstscreen_2 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --gpu-process-kind=sandboxed --field-trial-handle=3664,i,13249793842961695835,6318152976876678163,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3760 /prefetch:2
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1928
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=92F80175-3E67-4534-AA78-725182AD5B57 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=2176,i,13249793842961695835,6318152976876678163,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4536 --brver=24.7.0.2377 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2916
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=92F80175-3E67-4534-AA78-725182AD5B57 --brand-id=yandex --partner-id=exp_firstscreen_2 --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --ya-custo-process --enable-instaserp --enable-ignition --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4688,i,13249793842961695835,6318152976876678163,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4700 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:648
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=92F80175-3E67-4534-AA78-725182AD5B57 --brand-id=yandex --partner-id=exp_firstscreen_2 --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --ya-custo-process --enable-instaserp --enable-ignition --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=3484,i,13249793842961695835,6318152976876678163,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2156
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=92F80175-3E67-4534-AA78-725182AD5B57 --brand-id=yandex --partner-id=exp_firstscreen_2 --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --enable-ignition --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=3492,i,13249793842961695835,6318152976876678163,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3552 /prefetch:1
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2600
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=92F80175-3E67-4534-AA78-725182AD5B57 --brand-id=yandex --partner-id=exp_firstscreen_2 --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --enable-ignition --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5208,i,13249793842961695835,6318152976876678163,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:524
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=service --user-id=92F80175-3E67-4534-AA78-725182AD5B57 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Распаковщик файлов" --field-trial-handle=3480,i,13249793842961695835,6318152976876678163,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2100 --brver=24.7.0.2377 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2216
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=92F80175-3E67-4534-AA78-725182AD5B57 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=2128,i,13249793842961695835,6318152976876678163,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5488 --brver=24.7.0.2377 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3008
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=92F80175-3E67-4534-AA78-725182AD5B57 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=5476,i,13249793842961695835,6318152976876678163,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5588 --brver=24.7.0.2377 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2596
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=92F80175-3E67-4534-AA78-725182AD5B57 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=2108,i,13249793842961695835,6318152976876678163,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5816 --brver=24.7.0.2377 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2012
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=92F80175-3E67-4534-AA78-725182AD5B57 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=5736,i,13249793842961695835,6318152976876678163,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5740 --brver=24.7.0.2377 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1632
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=92F80175-3E67-4534-AA78-725182AD5B57 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=5840,i,13249793842961695835,6318152976876678163,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5908 --brver=24.7.0.2377 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2756
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=92F80175-3E67-4534-AA78-725182AD5B57 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=6204,i,13249793842961695835,6318152976876678163,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=6212 --brver=24.7.0.2377 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2760
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=92F80175-3E67-4534-AA78-725182AD5B57 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=5768,i,13249793842961695835,6318152976876678163,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=6236 --brver=24.7.0.2377 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2020
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=92F80175-3E67-4534-AA78-725182AD5B57 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=5776,i,13249793842961695835,6318152976876678163,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=6412 --brver=24.7.0.2377 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3132
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=92F80175-3E67-4534-AA78-725182AD5B57 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=5804,i,13249793842961695835,6318152976876678163,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=6568 --brver=24.7.0.2377 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3260
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=92F80175-3E67-4534-AA78-725182AD5B57 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=5724,i,13249793842961695835,6318152976876678163,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5452 --brver=24.7.0.2377 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3488
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=92F80175-3E67-4534-AA78-725182AD5B57 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=5444,i,13249793842961695835,6318152976876678163,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2972 --brver=24.7.0.2377 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3584
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=92F80175-3E67-4534-AA78-725182AD5B57 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=5584,i,13249793842961695835,6318152976876678163,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5716 --brver=24.7.0.2377 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3680
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=service --user-id=92F80175-3E67-4534-AA78-725182AD5B57 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Распаковщик файлов" --field-trial-handle=6316,i,13249793842961695835,6318152976876678163,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5184 --brver=24.7.0.2377 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1664

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --broupdater --broupdater-origin=auto --bits_job_guid={4D01872E-7430-4621-A70D-7B5E5D852549}
1⤵
- Executes dropped EXE
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
PID:3164
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" --url=https://crash-reports.browser.yandex.net/submit --annotation=install_date=1723603789 --annotation=last_update_date=1723603789 --annotation=launches_after_update=1 --annotation=machine_id=2dd7b5e4628752fb0b47757ed5724904 --annotation=main_process_pid=3164 --annotation=metrics_client_id=313e4175830842ae8764b4f45969f629 --annotation=micromode=broupdater --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.7.0.2377 --initial-client-data=0xf8,0xfc,0x100,0xcc,0x104,0x73258a14,0x73258a20,0x73258a2c
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3180
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=92F80175-3E67-4534-AA78-725182AD5B57 --brand-id=yandex --partner-id=exp_firstscreen_2 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --gpu-process-kind=sandboxed --field-trial-handle=1800,i,7250907837407248872,10788066089033390575,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=1796 /prefetch:2
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1480
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=92F80175-3E67-4534-AA78-725182AD5B57 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Network Service" --field-trial-handle=1828,i,7250907837407248872,10788066089033390575,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2020 --brver=24.7.0.2377 /prefetch:3
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3600

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --broupdater-stat-bits --broupdater-stat-name=install --bits_job_guid={F2AFEC01-FC09-40EE-9BD4-2FA0CA9A6737}
1⤵
- Executes dropped EXE
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
PID:3244
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" --url=https://crash-reports.browser.yandex.net/submit --annotation=install_date=1723603789 --annotation=last_update_date=1723603789 --annotation=launches_after_update=2 --annotation=machine_id=2dd7b5e4628752fb0b47757ed5724904 --annotation=main_process_pid=3244 --annotation=metrics_client_id=313e4175830842ae8764b4f45969f629 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.7.0.2377 --initial-client-data=0xf8,0xfc,0x100,0xcc,0x104,0x73258a14,0x73258a20,0x73258a2c
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3372
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=92F80175-3E67-4534-AA78-725182AD5B57 --brand-id=yandex --partner-id=exp_firstscreen_2 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --gpu-process-kind=sandboxed --field-trial-handle=1796,i,11886196295598334688,18227854293899669802,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=1792 /prefetch:2
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3956
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=92F80175-3E67-4534-AA78-725182AD5B57 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Network Service" --field-trial-handle=1972,i,11886196295598334688,18227854293899669802,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=1988 --brver=24.7.0.2377 /prefetch:3
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2112

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --broupdater-stat-bits --broupdater-stat-name=dayuse --bits_job_guid={329F2030-3873-4A37-9CC6-990F8A730B4B}
1⤵
- Executes dropped EXE
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
PID:1220
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" --url=https://crash-reports.browser.yandex.net/submit --annotation=install_date=1723603789 --annotation=last_update_date=1723603789 --annotation=launches_after_update=3 --annotation=machine_id=2dd7b5e4628752fb0b47757ed5724904 --annotation=main_process_pid=1220 --annotation=metrics_client_id=313e4175830842ae8764b4f45969f629 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.7.0.2377 --initial-client-data=0xf8,0xfc,0x100,0xcc,0x104,0x73258a14,0x73258a20,0x73258a2c
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2332
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=92F80175-3E67-4534-AA78-725182AD5B57 --brand-id=yandex --partner-id=exp_firstscreen_2 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --gpu-process-kind=sandboxed --field-trial-handle=1804,i,7587144673828927640,441059204067535030,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=1800 /prefetch:2
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3280
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=92F80175-3E67-4534-AA78-725182AD5B57 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Network Service" --field-trial-handle=1932,i,7587144673828927640,441059204067535030,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=1968 --brver=24.7.0.2377 /prefetch:3
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3612

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
1KB

MD5
c695097616bac5dcb4fac5a2057d2188

SHA1
78252ed32d95aab0cd3f95076bb18c294793d749

SHA256
fe5100862633a722bcdb60392b8ede4c34e99ba6ac8910141543d44891abcd36

SHA512
5a4d287791f097a6b396674780b6f33f15e1699adbd117cd8333f66f295b6b772580d1784742b14357fe11d93b00c43996a12eb7c417200c6c4e879dddaa17c7

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
1KB

MD5
a5984ae150e96fe79a9e7c6067b8f037

SHA1
4b647affe150d93264b73698cd43603f1b526ef7

SHA256
208858002467ef6b37ed7cb1ff7aff1909513d11988c476ad44c11a85c6cb8ed

SHA512
f15b9eaec5614bbfc4263fe0ab55ffecd23570417563afb22439c70a70cda7a4762cc1b679de1f094417a61cf1d345fd932b38395105d74714f111e238af5d08

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
2KB

MD5
94684fdaacde307faac7724f44281f52

SHA1
ee21490ca427912423a97bbbde3e35ec9102b483

SHA256
8c505e0aaeabace412cabf08f4b3d75d48225f68ed381b9de4c4cf3b78aaa442

SHA512
aa53515102001e0f9ddf30c80075ad22df011c303fdb3ed58762b0b42804314a030ea1be466d2eb28e57b7d8e12d3973f24ed9d9ddc1bcf7331a12e794815a2e

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
2KB

MD5
243a6622f117c3d4959d4e97c32ec4e5

SHA1
0d509b6c80a44c7bf53d86b52723fdfbcbc23291

SHA256
9edabd7d8f8905c61faf3c3432efb2b2f08dcb057a45b9adf3eb064660fb9488

SHA512
a1c586f26a9421fda62ff583d1ccc327ee110151cade1d71d7e091de891e7ea7da33d9b00be759134a10381aac1fa63eb52a2db9c2c7293229d92583ad68f79f

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
3KB

MD5
7f81cc94e113bfd55cbc3a4cd0c598a1

SHA1
7f14cc272041779a5da9fd5f52994c46895e2ea0

SHA256
0d117a1d9380d5bcf6f9275e8fd8c9f09a9bfee49946b929ec9cc766181be7dd

SHA512
9ec4f1b61aec7b3a7454fe694d11124098d6fa51cebaf8f5132e4ac4f245ad9255ee928ce5a71130ed61daae65d4dfd1ee199015b6d3cf8176b2b1b96600c198

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
3KB

MD5
e5ac3afd286f66d1fe8b49fb4019a5ae

SHA1
cd8bf7292a684610299c245b849dd5238447ffe6

SHA256
43832f3206d0a05e95ebe6f7600de71806e763c05ccd458f95d0d7a6515a49dd

SHA512
490b93a73fe8fa27b8285aa7b713f8ad85e7afb13a9402fb15d650f3c2a73ff4e9965c210f168657a7dc300b7b222ff4c6562574950ac9189f9cdfe67dc47f89

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
3KB

MD5
cb441a1337d9173762cad4fbd98635ee

SHA1
0cfd448bf0fca7d32038158960312db93281a2fe

SHA256
e8f8bfd36bfc27d8280af52b14dbfcfa93552815b5205026e9bad2e6c9b2dda4

SHA512
5f80cab353f4fbf6e84401a594f36dbdf0ef399b2e6f5a5e728b801ba59751a5d9dcd8e8ef65254737c4cf67d98f1876e88724b3f60874f404fbe8ab35088ad7

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
4KB

MD5
8477ca1e90fe495a20058026ebb1aae9

SHA1
8fd2ba13b711d6740032cb92e2891a9a02b60f68

SHA256
8f25e7c4951b4e0a143b8673b4b50622ae95536ed12c94ed12bf9fde84c035f7

SHA512
5ae40bcc657a164936f9bcc724be379fa379954292fcc845b9c54f98f30ccdc9ee96202eca4ab870fdd0c3ed8bfc3f86e83fc0405ffb4fc96b2a24d822eac5ae

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
4KB

MD5
3333dca68091a083ec54446ff06ada61

SHA1
7fad3cde5411983e2fa2be1755354073b14409ec

SHA256
955c88142e17bd1243708a1e6bdecde557320d641e40180c64bdcd114dbe836a

SHA512
0ee4b74097b35268ab888531e7758f6bdbf40dcdefec39822160d92da9af3871f7813bb847c00b3530a8bb0a014c7372f3e6c8eb697ccf4d003fc5411b7657a2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B

Filesize
1KB

MD5
d7bdc97dea33738db3732da28419ba7d

SHA1
862bdf086efacba8fb0ebe1bd7c9466cbfea680e

SHA256
c18f92a2c66d40b24c3790b64c42a6307753c44aca766e79f545bf2c7f294d88

SHA512
ba2a24fb24c2c077095fc8084899a6b0cc562f2380ba62630e8a7bb2dc0edbaca0d49fc5fe24fc4d60d38ef7d79a5ea68c2ee4c53ffcbe665cae71b87bcb556e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\349D186F1CB5682FA0194D4F3754EF36_329286CE101A90C7D927A9DF52224760

Filesize
1KB

MD5
c6fc3a0e74e537b1b3b7b9313ed90d5d

SHA1
b5b1acee7281aefa8da592f02249c67f14db7936

SHA256
49db6308eef1a16312032bcd019acc449b674521375a5c74d804427a0aee885a

SHA512
f5e885f8acc7cfd269a2acb9766470f284d5196589da85a143a38506f0cf467e6634a8d7e54fa4f818823117c1f4474364ae7a8002bbfd8b6efd13d4d648c5fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3

Filesize
1KB

MD5
d0f06843a60eb196059ded42f2f73ca2

SHA1
accc0d5c5c76d232d1fff04e89ae2132c74154d1

SHA256
73f56a9cf1251802bd8309aff7c16c13142b792f2ecf0e2b1807833a1aa4906d

SHA512
3b7368b0dd786ac96311d2a2a106055c110ae349f924297de941c1cf6fecfd46b4e149368dfeded454c2400ee1494a48e85ae25717b42404c737c5cfc0cf15db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B

Filesize
508B

MD5
f9d172baa3bda70621e93b66b95a9a7f

SHA1
4efc3a06147f5f3926f682496c5a6c331ab20470

SHA256
040b045504b25937fc743f2cc85ca9cc33174910abcc7f7a24359ce3c6584afa

SHA512
5fada9c44383b9f38776984420df688180e015589484c6ada722329c4174eae055c5a9c8143f835697392001c2669c9a2dc33f6c10484ef13fd74a9248c9d853

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\349D186F1CB5682FA0194D4F3754EF36_329286CE101A90C7D927A9DF52224760

Filesize
532B

MD5
e2333cf07aba76a0d9783891f9807b67

SHA1
e3be8d57a9ce8f370f1a03ece44a9636ec6c0639

SHA256
38a1c3482743abc914ac25f7c5ace2d36cdf946cb8ee1102a46705f0f9432942

SHA512
88471a48fad741a03f521867ec9d03c07b00252abe29a7af6ac166e9ca0ad6a72e41d12f1dce1b23fb4cf9e4d08b47960884ca64234ac617f6fa8b542d05b67e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e6510693b9db79459d7bcc436044fa1e

SHA1
d965e40feb0363a91af8897586b858d9aa5c55d8

SHA256
3e248ee4ec525c8e0c8f6124fe6b2959df3dcd5826ebb5486e3e6c4099019752

SHA512
6502ccf75a052bcbd87c24f66ee07a621a5b07b38ff251356dfa40bb0e8b31bbfd6cc01305e582ca52b4e2c7dd8863b383e9e0587af309636f88c6accccf7fcd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4f426654343ea6ccc1f7ca3ed6a5fd58

SHA1
b91868c4b1e93bc66bda8926a79e8e7f15d3c1a5

SHA256
e2f471d59ee92f50d01f2f9f66f1a3430bac3e9f6c0de9d5cde2b1064c6a1a4a

SHA512
30ff531fc9e38a64ad1069a0cbf021d17e0b26b85e59929b4c35fbb4429f7e846314e0278194aa0d83cbc9387a33def842743bf22d0410e34c9a77773a84e414

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6cc3ed00c29944240399e6c7c5d3af9f

SHA1
0031e1126a9f56126b6919e8cfd7d511431ce1ee

SHA256
5dcfc6c59bcf7827ac06838707026e782d290e1f52f1eda15cb0987e11407e87

SHA512
f5c28b57de8298b78c06d7cb8b83216222281c82f5704e362e99ab008a530305721d652e4da474591c0e1778313dbad4761e52113b6c8a9bf4607100abf2642f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9e1e9bf0fe20281f08494cb8b7c9cbf8

SHA1
4ea2c57461a2b1175a8fd1f3d82688d28f8819b2

SHA256
e1281a6e064a6da67232625f599c02d1cdee7546f99ffc55fb66136905fc5c83

SHA512
0bcb3556132e9ccfe213e31a5c56c902199828b69e45b9eeb59b4855fdf6a6883d1b303b5d6aa8bee58a97e53f075576ddf46b016c465aba711aabe6c5371c71

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3

Filesize
506B

MD5
5a509de09777b767922ca16e5fc5758a

SHA1
16a4d69fd797b9243871936bcb52bc9b56bf2d00

SHA256
26446e0138e27ebc8909e2df46436ce6adb289a1fe94801d6e17d181617326b8

SHA512
9ed2dec18b399d07998ad08bb610628c687e345eac8c0bd8ec4ee07a0d8001771056a1ae2326534121fd1e42269f9169a4da3a13a2841de84e9fe5a67659f20d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
56c1d44d440d653dfd186b08d902360f

SHA1
da8d0cc6bdc2d7ae7213d8a6f1569f2ac3a30481

SHA256
71f5686ed5de9e6920164e84b3a1204bb9bc68f698ec41a92c83894bb5243463

SHA512
746755dc1f963e4c2f065bdb93494d4e13e5d849fe2558e3cac77cbba9b4575d0c5062b77fc9589f016083df896dd79361c881d07e9dac8122b7eea1cc104735

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabC65E.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\PartnerFile

Filesize
625KB

MD5
04db6115c41f84f1f506511f6f1696bb

SHA1
e2b98932b2b24cafbfce2d38c6fcd19c24a16d8b

SHA256
280914b493708b07e50acb358fc85ec9b9d01c0801edee19475070fdd72b4858

SHA512
69557fb206b631b3a6381e5de1aba03b6e9ebf82f37cbadc8087cb13a9c74cc215a2ab7c0e4a4c4ca304b088243e412f3992627bf6aa7ea6f60302d16c9a5e82

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarC789.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\YB_7C2E7.tmp\BRAND_COMMON

Filesize
25.6MB

MD5
7a8d9274d00d0db6fa7a1910809677c3

SHA1
e32fdd7d50ae8e560a9846616aa2649f4b355a87

SHA256
5c4df86757545e4b6d328451e072de07cdd2692e404515cc3ef329722bafa333

SHA512
4b1f855adabecc5412d7ff60391d43b49bc794f2389ac55ae30729b338472c59e35254d7892a0ba22b115b39ce724da79f3cbad769cf5a6c73641adc375fab33

Download Submit
C:\Users\Admin\AppData\Local\Temp\YB_7C2E7.tmp\brand_yandex

Filesize
1.8MB

MD5
f083f2564e70f9b74a891dd292c5b377

SHA1
8012789f4b033aec6db707dac449d7398c70329b

SHA256
fc32a7224b24168dd5a1b2d058a21e3855a015957779b8f7ec5e9180b9129dfc

SHA512
204aa0566fd8f5c889d63acef1c2fc3a7c8659815b5e191ae514645b5160e52efd8266374a436c886ac37fb2de040bda3a54524e2da55f40f61fd2fffc1a13dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\distrib_info

Filesize
365B

MD5
c4bea3ddab864eef8186fa1fc909f5fb

SHA1
7221ff3d48f1f34cc2b65dffb8167a27d22b341e

SHA256
936adf6135cb279049cfce410a9e9a1c1c371db2fcba5524b9a2155d14ed6fe7

SHA512
3ea09386d7d0963843f3a01deb9e7863d94316e7bd2477d1ac779dbc76257d1eef153d421a7d465835ecfeb8ff0b0794aac89081a93a2afdd3defc54f02a2c8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
1KB

MD5
41ba93aacb25e47f412ab7ad4ecb21b3

SHA1
6011c540f582457e33364d34df27d46e13df08ab

SHA256
a76b64fd674e1e7c07f9826ffafaed2cfebfc970e80848fb76bc1d684498e816

SHA512
764c66077464f5df6e66c608416cf88fa3206299d65c6963fbbbe962ca2a9aa6549402bdd794c9ec6bcf1e3d88c517426d181a918df05bbe3a61a734720a9e5d

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
16KB

MD5
cbcf7f125f9832339d203bcf0fc5bdda

SHA1
1500216c00d134c56c40436635f79e762bb4f18f

SHA256
8541379224d9398768bb9ec3940a381495f7319ebb21bec937895e1998cc87c3

SHA512
ffa16719935d93179405209c481c761480a0f7a867f92fb1ef0284ec9c232fa4ab6bf73350014456cd7171632d0ff4978e7729b1c1d9178b2a12901b851a3f60

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
16KB

MD5
bb8a70162a1f34b44ce7c193c3c00aec

SHA1
865e04b6e835909bbc70b62500c951583750f95d

SHA256
f2c6b718a733351f83589e35ac1f522f846da800c6fc05b1f482e4e45cf6a1d4

SHA512
28fac372415ec1611716f0ffdce457ca734116e29b9aa5134c70953654f8b309118a0931e9a439c40ec1e4cdaece6a62b229a052cbffa0364a32ae4cd77f2dbe

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
9KB

MD5
0cdf06cca0c54ca76a01359b9b2472ef

SHA1
8c66dbc98e080c6ab0fef6b7f2a3b3b13cc3cda0

SHA256
2f4cd2823a9d518f0e1a71bbbb61a16ba40ff78892b6a31efe96988859ccfe13

SHA512
56059ec2d2b96ff5e36063a86f51589c0fe476c984196659b03edaf2bfc9351702a8e14e4b6a10246593ce5373de950d3b8f5780af12eca63c64d84ae7a587b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
38KB

MD5
4ea98546d8c7a35481008b414adfedba

SHA1
abb4aab0c907a385b66c7c419f17a255301fb78d

SHA256
0eb506bce53ff29756237825e90d175c1d1b685130f6d7dd9d051411e3192c2a

SHA512
9c4a48636c026a14e5f93c4b40a656d99929770112515e8c4bb449adf08a9cdabee597c1c67f8227613383f1cf8d39eea1060778ec048b86aa7c1f05bc6efaf9

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
39KB

MD5
1b38ed8d69d99c8748a3c090aa7e6371

SHA1
0fbf2b5fd17ac4164e68d92c7e7a091b50e039d1

SHA256
8f39f26f0d6ec8fd01b39f5d74e27fdd8dba40c04b2a55873e82a21cda7afed4

SHA512
e33f8c620b235e18961eaa78988a152f92a771d449613f248e3462725dfdcb13becaa4a604e32e374a4fa60cc39d48127f8b7b83b1542b1e74313080b84240c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\master_preferences

Filesize
171KB

MD5
ee9327c29c58b45712904479c7097b15

SHA1
331509a4b57be6c993d31306097f0bb71f06aa94

SHA256
3f4bddab2a3b47c14218339602f0ba28cc572716fc341644c41e249b22892027

SHA512
03d0f47000e23ded31908b02aea84422476f9369c30683948c24d960d6f3ed2fc7023326c5236d8a38bf9944c214d755e40066edf59e85b0e211f657eac7b6b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\yandex_browser_installer.log

Filesize
4KB

MD5
c98b73057f7ffca445193e39a6bb780a

SHA1
8f162f50fa88274504425f2166178b1af920da07

SHA256
bd195e3c1559215e8f7a800ae651841f8496bfc2d62065aee2770114bc664e33

SHA512
c13897cbd7d00789c38be6a00ac66789ffc71a806bce905a6a6bc275a5693cfa0661c99d94f3387c4cfa0d975c83a81a4bdb50b6a20aefeec0c8a6071e80cafa

Download Submit
C:\Users\Admin\AppData\Local\Temp\yandex_browser_updater.log

Filesize
5KB

MD5
22fe50bb378fc79d75d584f2417003fc

SHA1
7c7e27752f98ce121aafcd8849365e0198053771

SHA256
f9c5b2f04c56d52797a729f9901218f1016fd5f7ed03ab9829609de5e3e5b2c1

SHA512
202cb5ec70343cdc461883a7e77e0faf5066935d2184f880204e77612eb7b0ffced60e380a4e25265f583388f787671535b8314ae048371f391414f23df27d76

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe

Filesize
615KB

MD5
d4b0bded6271da86f4a828ecba3d17a1

SHA1
949f6e02c562516c71de35ab37cf5d63730a4b35

SHA256
c6efa0b140a51aff06cb4de813fba9be459f60532410720f8738c680ad426009

SHA512
6ade1f34df53a4e11e31cb772fef6b90cc687856d5d6b3bb5c66bb422e12e97a55d0dcf45c982e80d26bfbfd49eec50310e024a4b029c37ce187ff6bd57be7eb

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.lnk

Filesize
1KB

MD5
f1758d8609ae7e7cd8200427da159446

SHA1
01a8e6478675415f9615501dc84ad5cc30e1bfc2

SHA256
3bd2e0ac62ff22e5370dcefd7f03db80fb2f0a763238d0ca5f276b727485ea82

SHA512
0e70f0965d5bb4d4314496a138462f7115b57345c1f80ef728fa05e4d24a22c38395f6cb34fa867de1684b3323033b374ae1f75b1c010a2d1476e238457da1e9

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YaPin\yandex.website

Filesize
488B

MD5
2baf611b1b6876e6c393054aa8c46a0a

SHA1
3d26e532d5b37939b51884bfb53732070c4dca9a

SHA256
5f7570144541408b41c15373bb8870e7bde53ad3c5413e2f6000e6f0e449b853

SHA512
1a0dc02bdd53e1bd49b2a72b10828463f5c8bed8a17b8498eb4ae939a40dfd8bcaeba1feac1190f5595b4da245a7aa0e4507724ef9fb74172b29581e885cd563

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.7.0.2377\brand_config

Filesize
8KB

MD5
924527699d40ed02fe1fa0e08a0ded13

SHA1
08ace91f44c3be0fc4a3c5c8b39753ecf0027300

SHA256
dceffeac8cceb5baf51baafa8cfde44cf46a19a7404a034e9c9361eccccf3e7a

SHA512
a0b18fd79cabe379a60206cf32e47fda022a66f8326773576c0d721e0b78008a952a8954e9d57496d7fc54a78245f167ff99e1927d819099df4b583f0925ff13

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.7.0.2377\partner_config

Filesize
692B

MD5
9185398052cbef5fcc976f6eddd9f007

SHA1
7d7c34f327c779ecd2ac3fcb46d453f8544629e4

SHA256
733ad5ed35e0ff643ce2efe4a72cc4737d8b37c3618db17905640d0ed737733f

SHA512
22c44adda47566b9f81a1cb10a8cbbe902eba941cf5bb87b5f23c2a16f74c380f108e21f4d1430e48d11225c8e6d8ffee49f31079ae7798c61a430bc9af8f199

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\YandexDictionaries\ru.bdic

Filesize
4.5MB

MD5
ac3768f0462853d08df284e67c7c4ebd

SHA1
732581ac6f2e02246696817adc53d2e2e5d0dcb5

SHA256
af2bcc135f974aad505a8f55296117dbf4cbc095931e22f424698b181d273656

SHA512
27d558deffeeefe1198aebdf65a3fef0b0f3d6b6c4177d03ff32b0363f0a2fb1b7ff6454f45dd3254427cec9174b03181c50bc51dba212e6ab0114a6e72bcf96

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\install_state.json

Filesize
1KB

MD5
413cb26f5b6a1483f410a0607f7398aa

SHA1
1b6670f5b3a950d1627c7b5f996feacd77dccb9a

SHA256
a1d9b868ef3d5ec3625df55019fef4498ec10892f3642abf7caea8c2486c34ea

SHA512
0af27925dd5eb8d672672de63bcf5e385e4869caf912ccc5846e94bd2de82b2b5d73194534e08cc78f6bda1e4024718d39a9eff10bd69b0c012606c3ffd4013e

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.0.2377\resources\configs\all_zip

Filesize
629KB

MD5
5c285384f7bd8f4192d5157c6f9d4cc6

SHA1
35f87a289ba91fa95bdc42be78549ebebe6a913c

SHA256
88a8d46305a376a03593b2a700f24f25a46e649e4789ca4b9a385bc81d3223ac

SHA512
0439fe6c435762501c254278456bdf09b78c26ffccf1faf7ac16a34693ead0df9399542fe8585fd043400a5b246947be01629f9c30f46298ca7e39f5dbdb190d

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.0.2377\resources\wallpapers\sea_preview.jpg

Filesize
59KB

MD5
53ba159f3391558f90f88816c34eacc3

SHA1
0669f66168a43f35c2c6a686ce1415508318574d

SHA256
f60c331f1336b891a44aeff7cc3429c5c6014007028ad81cca53441c5c6b293e

SHA512
94c82f78df95061bcfa5a3c7b6b7bf0b9fb90e33ea3e034f4620836309fb915186da929b0c38aa3d835e60ea632fafd683623f44c41e72a879baf19de9561179

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.0.2377\resources\wallpapers\sea_static.jpg

Filesize
300KB

MD5
5e1d673daa7286af82eb4946047fe465

SHA1
02370e69f2a43562f367aa543e23c2750df3f001

SHA256
1605169330d8052d726500a2605da63b30613ac743a7fbfb04e503a4056c4e8a

SHA512
03f4abc1eb45a66ff3dcbb5618307867a85f7c5d941444c2c1e83163752d4863c5fc06a92831b88c66435e689cdfccdc226472be3fdef6d9cb921871156a0828

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad\settings.dat

Filesize
48B

MD5
72916f68c0519e939af60866763dcb04

SHA1
99eb26dd533698e0547ecd4fdfe8dea85d035d33

SHA256
af53fe4d1660cddc3ff8975dac4454713cb7eec48863840491e678b2e36f06f5

SHA512
4953b5f8d9b6712dbbc0dc322918111e4533b5570ab9e97b30c192e228c2c34e813900a9fdfbd6b48d5b946766f2447a7f17140b49eb4ba0bf52cfeea5f1a674

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\1e616b7e-ae02-4453-9f48-bc03f551408f.tmp

Filesize
160KB

MD5
54497ce2271deb0e673ec048b44da343

SHA1
5f886314234b7aa6a4da5efc937a9d63ed007727

SHA256
3dcf052bb8050fa32f28873bb665f63f457799cb9a92549fb2dbea94014f929b

SHA512
d0d77d763b1b12c1b9d7a9a3f2aee4640ed5fb10d828b7c3c2cb051504c2b7b6438309124b934b346a4152c0aca009883d6bda42dc997188b8ca2736ac3419c9

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\332d42a7-3319-4b10-b10f-a2101263861e.tmp

Filesize
37KB

MD5
43955e233be35f8ee58b001b344eda95

SHA1
2a808f8557a018b45ba1e1c7e8cd23b5f76dd5e9

SHA256
6cfef259221e708ea5ed6a5e6374c23510d6bad97f8c766daf3c8b109cfc409f

SHA512
bd99bb63079cc6e72a723d9d131f63251431c074a30e053cd298d1f3a2d3906e7df8ee0fe13572e9d7e31a52009b5ec436b6ec217a0b8ace6c08ce43c5b281ba

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
b1c1dd6a989f3217373d3067c000116b

SHA1
84bf2c2b2df11f22d6c046cb07e4f72923b646be

SHA256
26418effa17d3380909c843a0dc7fb39dd620eb92163c78bb9683dbb4f43099c

SHA512
1961bc291aa6ebe5b343cdcb3601badc4898269ba504708038678b5cfe59a675c98004e343f63debfbdfcc26102ee1a0425fde0744e3a521d05ad70895e7eeaf

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Extension Rules\000002.dbtmp

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Extension Rules\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6435a5322b2cc3f8d6f1659ccfbd992f

SHA1
b5749bca5cd0199117be93df3eea23bdfe9db681

SHA256
58eda34f239df0044fc398aac5ae457be52145e90db8c511e0ba18464f7a4b35

SHA512
cf1ae9ff8e28af644f430e5353b58843af292dd89b0fdab694f7e7478289f63e64a252cf9630bed03dba52708f994879edc217ab69660f2887416cfe7982aa83

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0b5f9700904fc06eedec7f3453997bc6

SHA1
3551b6fff089cc1875c13fa29e5e02952625f002

SHA256
3d1a7e3eef465ffc5f878ae196a39d600bdfa90e9bd8e6d54fdf2a0bcc3f7b46

SHA512
f04f01bda901ad462b775b1520f642fbfc3922f6c765b76446594d021632db54793fab75bd6bd8c1442543dc2c74b46713674a6d392242c088bfcd725fcebe0e

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

Filesize
10KB

MD5
8b9f0d95d9585791ccd5a09473e86a9a

SHA1
237909b230fd41bbf8fc7626f30bcce056cda0f0

SHA256
32101faae7bc5abafba8212afebd707511c9afd8f98fd13cd8cd8b9f6509be07

SHA512
280bfa15680f275704027e8a4d2b8b02f2bc061fc15ec73c76f64a58942c06768c920b61e13ad27083b8cdfdd9c329326734fd96419e18a1c63093f638020f86

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

Filesize
14KB

MD5
a7ea558cd07c6b8bf50102165e0898bc

SHA1
fd7e6ee93733ecc04150d0467258920a964c0a02

SHA256
ab3bd84c04826b904fbd368595dd19aed2f24b99c1fae7c3d753ff7a48593531

SHA512
a2cf2ce205ebf27d4d5f8d1da2a38c702ee2ef29cdde5044ce3ac2bb8913a83493d09a02f48c3dc67234a7902cfc9106bf4d72dbf1aadcd2ce52b1af28fbbb19

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

Filesize
7KB

MD5
92ba6e57d780446ea43eb1740de1c31a

SHA1
a2233f57403c689bac9ad42fc144e6cc9925b573

SHA256
501105b97ee3777fc98e31305252a9c2919958314390b792ddb2f5d96df74e28

SHA512
43adaab009bbea206835045d7ef05754c3b7dc2fb07bfdb08b4ab15389953b4360f8a8feb996f457faf4b7e804db5a57dd1f0a7241779a1e1bb77fa88f7c40c3

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Sync Data\LevelDB\CURRENT~RFf789c7e.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\3251112f-a7e7-4cc3-8b87-071beacbdf9f\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Wallpapers\store\picture-13368077393480800

Filesize
536KB

MD5
3bf3da7f6d26223edf5567ee9343cd57

SHA1
50b8deaf89c88e23ef59edbb972c233df53498a2

SHA256
2e6f376222299f8142ff330e457867bad3300b21d96daec53579bf011629b896

SHA512
fef8e951c6cf5cec82dbeafd306de3ad46fd0d90e3f41dcea2a6046c95ab1ae39bf8a6e4a696580246c11330d712d4e6e8757ba24bbf180eec1e98a4aec1583b

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Wallpapers\store\preview-13368077393480800

Filesize
5KB

MD5
9f6a43a5a7a5c4c7c7f9768249cbcb63

SHA1
36043c3244d9f76f27d2ff2d4c91c20b35e4452a

SHA256
add61971c87104187ae89e50cec62a196d6f8908315e85e76e16983539fba04b

SHA512
56d7bd72c8a380099309c36912513bcafbe1970830b000a1b89256aae20137c88e1e281f2455bb381ab120d682d6853d1ef05d8c57dd68a81a24b7a2a8d61387

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\bcadigmkecmhhknameopgaidphameinh\Icons\48.png

Filesize
2KB

MD5
7cf35c8c1a7bd815f6beea2ef9a5a258

SHA1
758f98bfed64e09e0cc52192827836f9e1252fd1

SHA256
67c320fa485a8094fc91cd3fcd59a7c75d2474e3046a7eb274b01863257fbe01

SHA512
0bbebde654c9f44cf56b74fc1a9525b62c88724ec80658efede3cbb370c3a6d4f3e78df459bbd0559a51838f4a172bdfcd370bd5477038309024b77cd69f2a15

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\cd6f2a4c-5c5f-4195-bc4c-e0785d100668.tmp

Filesize
10KB

MD5
def253c32c7d91eafeb421b0f578f776

SHA1
9ad816c330837279c7af4df7cffee5c745f2aa25

SHA256
0b0ff30e47cf70c751b5dadb13bf6b77a0d3f661839925052ff0e10ae2138e74

SHA512
936e36381027170b16e95f33590fac7c9f8be0dacf94296d0ab799da95e05b999fb3b091a89de994f45efd975b73f03b5c85f2aa5d4d6eda9beb667c3be9fc2e

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\d62e0d64-0592-44b9-b324-de098fc0fdca.tmp

Filesize
16KB

MD5
7ca00c235dbc2009cd7aab47cfd84506

SHA1
a5d71466336774daa1572f1c4268af9ecd314307

SHA256
5cc26ebbfc5f5e897deb409a75ee6672b19aa4d5b6e73302e55c99d0e75c6772

SHA512
bd0b30d2ebadbe69aedea69d55d981b5becbeca746db465ff3bc2dc6ade901444e1b432a04e545b36d098584ac2309f39eb7fe960eb8256604963ae19b336577

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\ShaderCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\ShaderCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\ShaderCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\b9a8f970-f2a2-45a3-ab59-e48cf7a3c194.tmp

Filesize
190KB

MD5
4ab63c355e0e2b3067f44f0edf4d5e48

SHA1
f8cc30d4bf5b899d3606d0932e44e85dfb40d229

SHA256
fbc748784caf9c900d85008128b22d2138786f715b5a0d77edb159d3085e874e

SHA512
9813c8ec3babc356b346ae5b67162b70249c64f0233884656a559873bbd00c3f9d3e8a263ec41dbf13697865a689a9bd27a668a2d2ddeac3794b83b4254b1a23

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\component_crx_cache\oimompecagnajdejgnnjijobebaeigek_1.2903aec9f77378fa19280af8ff89294fb9ce2caf8e0092c69e19973c0a9cc6fe

Filesize
13.5MB

MD5
5d9ad58399fbef9be94190d149c2f863

SHA1
45f3674f0425d58d9ffc5d9001ff6754f357543c

SHA256
2903aec9f77378fa19280af8ff89294fb9ce2caf8e0092c69e19973c0a9cc6fe

SHA512
9a9532cce2de086d5934235d21d27b8a0863ae902a81151a728364aebe044faef5e5805d64efe68d67a5a5aaf408f74954d08f10c6a011dc9ea82c629339d3b0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex.lnk

Filesize
2KB

MD5
249e6187f85df0cbec0184691e3f8e43

SHA1
57c230514794fbc0583de7aea119513a864d53be

SHA256
444754db354713e548ce7ebf847822a2bf774c90edb06bfb61897d901ee96352

SHA512
b61a5b49c6f6024f91704187307428b927b26c863c0530feb319aa148ac3bfe55069d98a6fb3359e7f848d8a6e25db21d960d83aa1e5ead993960b0f43e1866b

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
6885658df5d50a8bcdd7608a038bf9b1

SHA1
8a39a18d927056e787e2621cd2edf98b02d8af6d

SHA256
502b830bfe44fe641ddcce21f2f7f1d4579e4080e80045a5c9d6896f8cb9b75b

SHA512
aa41a4d29a067ac2c972d02e353d342256a72730a250f764ac50f181ecd648180fc3ce10d91aed875ac8197f5b32ae4c125b29a0d2f0c87f7c2de0b26f98658b

Download Submit
\Users\Admin\AppData\Local\Temp\YB_7C2E7.tmp\setup.exe

Filesize
3.9MB

MD5
45d7c6248699ab8ca045f830bf576f64

SHA1
6243247e62846d9ed7b1ce965346c3ff81491770

SHA256
5547a0d71d13be84add4cf520ced670ffde8650e5b8673d53b2ac0348baa369b

SHA512
00aa5f398ade9a9dbaa7cc1cf3dd46d5d3a53de7fd70a3f808592048a12c1d7c9ef89ecf6c3546cebcbeef5d4d734157637bc040f053b5981fded3bad8424bb8

Download Submit
\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

Filesize
3.7MB

MD5
ff6c0b6a7851835b63e8b689b6a0d71c

SHA1
568c3a89459be04cc1b6239fb10e589584e03b4c

SHA256
b4fe9d1546c5b44458edb09f782fc0213f4bca1f8a7cc9d35a3f831af62ab8cc

SHA512
06c3d38f6861522615dbb9d531fd33e0c876f5a37d5d9587adbbb49c9ad141aeea3f63b6d8e695ebd5ceade1996aa3495c1d7d123481b09e1ace5ea79f77fe56

Download Submit
\Windows\Temp\sdwra_2940_1067182932\service_update.exe

Filesize
2.3MB

MD5
925f13284952d4334bc79d9588b92260

SHA1
ebbc5ea0d00129d416ebf19be6457db4d07c93fa

SHA256
790312a9d5e29f3a4c35870e82d6d942a03a2d89e9a04f8695e62dbfb21b129f

SHA512
9c17d2dd9cbdd74473f39faa89262caab133bc7697d86e43de233f985bd572671b71c2d988ff073f6858c8bc306b0ce0fb44f95d75f0f15400e119bfc7fc64da

Download Submit
memory/1928-2597-0x00000000066D0000-0x0000000006CE5000-memory.dmp

Filesize
6.1MB

Download
memory/1928-2596-0x00000000066C0000-0x00000000066C1000-memory.dmp

Filesize
4KB

Download
memory/1928-2598-0x00000000066D0000-0x0000000006CE5000-memory.dmp

Filesize
6.1MB

Download
memory/1928-2599-0x00000000066D0000-0x0000000006CE5000-memory.dmp

Filesize
6.1MB

Download
memory/1928-2600-0x0000000006CF0000-0x0000000006CF1000-memory.dmp

Filesize
4KB

Download
memory/2020-3105-0x0000000002020000-0x0000000003020000-memory.dmp

Filesize
16.0MB

Download
memory/2524-1538-0x0000000000A80000-0x0000000000A81000-memory.dmp

Filesize
4KB

Download
memory/2940-1431-0x0000000000DA0000-0x0000000000DA2000-memory.dmp

Filesize
8KB

Download
memory/3008-3107-0x00000000021A0000-0x00000000031A0000-memory.dmp

Filesize
16.0MB

Download
memory/3260-3108-0x0000000001FF0000-0x0000000002FF0000-memory.dmp

Filesize
16.0MB

Download