761651b2148605bce4463c6e4f9e3f78692d7b13012a9e869cbd7afc5e2a433c

Analysis

max time kernel
149s
max time network
150s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
14/08/2024, 07:37

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

761651b2148605bce4463c6e4f9e3f78692d7b13012a9e869cbd7afc5e2a433c.exe
Size

10.4MB
MD5

0f5ab2036ad0c4be7772ecf773cf9331
SHA1

4d5d967f92414527aee0c685c3fbdabc1558c28c
SHA256

761651b2148605bce4463c6e4f9e3f78692d7b13012a9e869cbd7afc5e2a433c
SHA512

dfdd3c8871f6b92d020ca31749dc8815900d92c1e3407cc41cc1b875ac4ea35e31a4af91f9827cd64e8200903af1ae75a467bd45c0885b4e72fe95b98a71c0ec
SSDEEP

196608:gUZWC2SSJ7PbDdh0HtQba8z1sjzkAilU4I4:gUZB25J7PbDjOQba8psjzyz

Score

8^/10

discovery persistence spyware stealer

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 7 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Control Panel\International\Geo\Nation	browser.exe

Executes dropped EXE 61 IoCs

pid	Process
2272	ybAB9B.tmp
2796	setup.exe
2880	setup.exe
2704	setup.exe
1056	service_update.exe
2524	service_update.exe
2804	service_update.exe
1576	service_update.exe
1912	service_update.exe
736	service_update.exe
1472	Yandex.exe
996	clidmgr.exe
1952	clidmgr.exe
992	browser.exe
2340	browser.exe
2232	browser.exe
2104	browser.exe
2276	browser.exe
2656	browser.exe
2000	browser.exe
2472	browser.exe
2720	browser.exe
1760	browser.exe
2300	browser.exe
1948	browser.exe
2240	browser.exe
1916	browser.exe
2684	browser.exe
1120	browser.exe
1608	browser.exe
2020	browser.exe
3032	browser.exe
2028	browser.exe
2384	browser.exe
1976	browser.exe
2820	browser.exe
2768	browser.exe
2196	browser.exe
2028	browser.exe
1728	browser.exe
2476	browser.exe
1232	browser.exe
2464	browser.exe
1508	browser.exe
2164	browser.exe
1720	browser.exe
2968	browser.exe
1232	browser.exe
2476	browser.exe
2936	browser.exe
468	browser.exe
2624	browser.exe
936	browser.exe
2688	browser.exe
2132	browser.exe
1816	browser.exe
3012	browser.exe
2676	browser.exe
2688	browser.exe
2960	browser.exe
2808	browser.exe

Loads dropped DLL 64 IoCs

pid	Process
2084	761651b2148605bce4463c6e4f9e3f78692d7b13012a9e869cbd7afc5e2a433c.exe
2084	761651b2148605bce4463c6e4f9e3f78692d7b13012a9e869cbd7afc5e2a433c.exe
2084	761651b2148605bce4463c6e4f9e3f78692d7b13012a9e869cbd7afc5e2a433c.exe
1516	761651b2148605bce4463c6e4f9e3f78692d7b13012a9e869cbd7afc5e2a433c.exe
2272	ybAB9B.tmp
2796	setup.exe
2796	setup.exe
2880	setup.exe
2880	setup.exe
2880	setup.exe
1056	service_update.exe
1056	service_update.exe
2880	setup.exe
2880	setup.exe
1424	Process not Found
1424	Process not Found
1424	Process not Found
1424	Process not Found
2880	setup.exe
1424	Process not Found
1424	Process not Found
1424	Process not Found
1472	Yandex.exe
1424	Process not Found
1424	Process not Found
2880	setup.exe
2880	setup.exe
992	browser.exe
2340	browser.exe
992	browser.exe
2232	browser.exe
2104	browser.exe
2232	browser.exe
2104	browser.exe
2104	browser.exe
2104	browser.exe
2104	browser.exe
2276	browser.exe
2276	browser.exe
2656	browser.exe
2656	browser.exe
2000	browser.exe
2000	browser.exe
2472	browser.exe
2472	browser.exe
2720	browser.exe
2720	browser.exe
1760	browser.exe
1760	browser.exe
2300	browser.exe
2300	browser.exe
1948	browser.exe
1424	Process not Found
1424	Process not Found
1948	browser.exe
2240	browser.exe
2240	browser.exe
1916	browser.exe
1916	browser.exe
1916	browser.exe
1916	browser.exe
1916	browser.exe
1916	browser.exe
1916	browser.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Run\YandexBrowserAutoLaunch_45886AE68CD319C7351FF54A1DBD4B87 = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --shutdown-if-not-closed-by-system-restart"	browser.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks system information in the registry 2 TTPs 5 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	browser.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	browser.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	browser.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	browser.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	browser.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\system32\config\systemprofile\AppData\Roaming\Yandex\ui	service_update.exe

Drops file in Program Files directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1029\debug.log	service_update.exe
File created	C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1029\service_update.exe	service_update.exe
File opened for modification	C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1029\service_update.exe	service_update.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\Tasks\System update for Yandex Browser.job	service_update.exe
File created	C:\Windows\Tasks\Update for Yandex Browser.job	service_update.exe
File created	C:\Windows\Tasks\Repairing Yandex Browser update service.job	service_update.exe
File created	C:\Windows\Tasks\Обновление Браузера Яндекс.job	browser.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	761651b2148605bce4463c6e4f9e3f78692d7b13012a9e869cbd7afc5e2a433c.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	761651b2148605bce4463c6e4f9e3f78692d7b13012a9e869cbd7afc5e2a433c.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Yandex.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	clidmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	clidmgr.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	browser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	browser.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	browser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	browser.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	browser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	browser.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	browser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	browser.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	browser.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\Yandex\UICreated_SYSTEM = "1"	service_update.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\Yandex	service_update.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	service_update.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow	service_update.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\Yandex	service_update.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\YandexWEBP.QEUD6DCYY3JVTIRCUJR4TBA2R4\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\.pdf\OpenWithProgids\YandexPDF.QEUD6DCYY3JVTIRCUJR4TBA2R4	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\YandexGIF.QEUD6DCYY3JVTIRCUJR4TBA2R4\Application\ApplicationIcon = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,0"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\YandexJPEG.QEUD6DCYY3JVTIRCUJR4TBA2R4\shell\open\command	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\YandexPNG.QEUD6DCYY3JVTIRCUJR4TBA2R4\Application\ApplicationIcon = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,0"	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\.shtml	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\.xhtml\OpenWithProgids	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\SystemFileAssociations\.jpeg	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\YandexTXT.QEUD6DCYY3JVTIRCUJR4TBA2R4\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1"	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\YandexHTML.QEUD6DCYY3JVTIRCUJR4TBA2R4\shell\open	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\YandexTIFF.QEUD6DCYY3JVTIRCUJR4TBA2R4\shell	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\.xml\OpenWithProgids\YandexXML.QEUD6DCYY3JVTIRCUJR4TBA2R4	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\YandexTXT.QEUD6DCYY3JVTIRCUJR4TBA2R4\shell\open\command	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\YandexPDF.QEUD6DCYY3JVTIRCUJR4TBA2R4\Application	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\YandexPNG.QEUD6DCYY3JVTIRCUJR4TBA2R4\Application\AppUserModelId = "Yandex.QEUD6DCYY3JVTIRCUJR4TBA2R4"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\YandexTIFF.QEUD6DCYY3JVTIRCUJR4TBA2R4\Application\ApplicationName = "Yandex"	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\SystemFileAssociations\.tif	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\SystemFileAssociations\.tif\shell\image_search\Icon = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,0"	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\YandexPDF.QEUD6DCYY3JVTIRCUJR4TBA2R4\ = "Yandex Browser PDF Document"	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\.shtml\OpenWithProgids\YandexHTML.QEUD6DCYY3JVTIRCUJR4TBA2R4	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\.jpg	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\YandexCSS.QEUD6DCYY3JVTIRCUJR4TBA2R4	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\YandexFB2.QEUD6DCYY3JVTIRCUJR4TBA2R4	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\YandexSVG.QEUD6DCYY3JVTIRCUJR4TBA2R4\DefaultIcon	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\YandexCSS.QEUD6DCYY3JVTIRCUJR4TBA2R4\Application	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\YandexGIF.QEUD6DCYY3JVTIRCUJR4TBA2R4\Application\AppUserModelId = "Yandex.QEUD6DCYY3JVTIRCUJR4TBA2R4"	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\.xml\OpenWithProgids\YandexXML.QEUD6DCYY3JVTIRCUJR4TBA2R4	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\.jpg\OpenWithProgids\YandexJPEG.QEUD6DCYY3JVTIRCUJR4TBA2R4	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\.swf\OpenWithProgids	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\YandexFB2.QEUD6DCYY3JVTIRCUJR4TBA2R4\Application	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\YandexSVG.QEUD6DCYY3JVTIRCUJR4TBA2R4\shell\open	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\YandexCSS.QEUD6DCYY3JVTIRCUJR4TBA2R4\Application\AppUserModelId = "Yandex.QEUD6DCYY3JVTIRCUJR4TBA2R4"	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\YandexTXT.QEUD6DCYY3JVTIRCUJR4TBA2R4\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-120"	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\YandexBrowser.crx\shell\open	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\YandexJS.QEUD6DCYY3JVTIRCUJR4TBA2R4\Application\ApplicationName = "Yandex"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\YandexJPEG.QEUD6DCYY3JVTIRCUJR4TBA2R4\Application\ApplicationIcon = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,0"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\YandexXML.QEUD6DCYY3JVTIRCUJR4TBA2R4\DefaultIcon	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\YandexPDF.QEUD6DCYY3JVTIRCUJR4TBA2R4\Application\ApplicationDescription = "Яндекс\u00a0Браузер – это быстрая и\u00a0удобная программа для\u00a0работы в\u00a0интернете и\u00a0просмотра веб-страниц."	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\YandexGIF.QEUD6DCYY3JVTIRCUJR4TBA2R4\DefaultIcon	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\yabrowser\shell	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\YandexTIFF.QEUD6DCYY3JVTIRCUJR4TBA2R4\Application\ApplicationName = "Yandex"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\YandexCRX.QEUD6DCYY3JVTIRCUJR4TBA2R4\Application	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\YandexJS.QEUD6DCYY3JVTIRCUJR4TBA2R4\DefaultIcon	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\.epub	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\YandexPNG.QEUD6DCYY3JVTIRCUJR4TBA2R4\Application\ApplicationCompany = "Yandex"	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\YandexCRX.QEUD6DCYY3JVTIRCUJR4TBA2R4\Application\ApplicationDescription = "Яндекс\u00a0Браузер – это быстрая и\u00a0удобная программа для\u00a0работы в\u00a0интернете и\u00a0просмотра веб-страниц."	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\YandexHTML.QEUD6DCYY3JVTIRCUJR4TBA2R4\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1"	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\YandexJPEG.QEUD6DCYY3JVTIRCUJR4TBA2R4\DefaultIcon	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\yabrowser\URL Protocol	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\yabrowser\shell\ = "open"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\yabrowser\shell\open	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\http\shell	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\YandexTIFF.QEUD6DCYY3JVTIRCUJR4TBA2R4	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\YandexWEBM.QEUD6DCYY3JVTIRCUJR4TBA2R4\Application\ApplicationDescription = "Яндекс\u00a0Браузер – это быстрая и\u00a0удобная программа для\u00a0работы в\u00a0интернете и\u00a0просмотра веб-страниц."	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\https\URL Protocol	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\YandexCSS.QEUD6DCYY3JVTIRCUJR4TBA2R4\Application	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\YandexJPEG.QEUD6DCYY3JVTIRCUJR4TBA2R4\Application	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\YandexWEBM.QEUD6DCYY3JVTIRCUJR4TBA2R4\shell	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\YandexHTML.QEUD6DCYY3JVTIRCUJR4TBA2R4\shell	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\YandexFB2.QEUD6DCYY3JVTIRCUJR4TBA2R4\shell\open	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\YandexJS.QEUD6DCYY3JVTIRCUJR4TBA2R4\Application\ApplicationCompany = "Yandex"	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\.swf\OpenWithProgids	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\YandexGIF.QEUD6DCYY3JVTIRCUJR4TBA2R4\shell\open	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\YandexINFE.QEUD6DCYY3JVTIRCUJR4TBA2R4\shell	browser.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
2880	setup.exe
2880	setup.exe
992	browser.exe
992	browser.exe
992	browser.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	992	browser.exe
Token: SeShutdownPrivilege	992	browser.exe
Token: SeShutdownPrivilege	992	browser.exe
Token: SeShutdownPrivilege	992	browser.exe
Token: SeShutdownPrivilege	992	browser.exe
Token: SeShutdownPrivilege	992	browser.exe
Token: SeShutdownPrivilege	992	browser.exe
Token: SeShutdownPrivilege	992	browser.exe
Token: SeShutdownPrivilege	992	browser.exe
Token: SeShutdownPrivilege	992	browser.exe
Token: SeShutdownPrivilege	992	browser.exe
Token: SeShutdownPrivilege	992	browser.exe
Token: SeShutdownPrivilege	992	browser.exe
Token: SeShutdownPrivilege	992	browser.exe
Token: SeShutdownPrivilege	992	browser.exe
Token: SeShutdownPrivilege	992	browser.exe
Token: SeShutdownPrivilege	992	browser.exe
Token: SeShutdownPrivilege	992	browser.exe
Token: SeShutdownPrivilege	992	browser.exe
Token: SeShutdownPrivilege	992	browser.exe
Token: SeShutdownPrivilege	992	browser.exe
Token: SeShutdownPrivilege	992	browser.exe
Token: SeShutdownPrivilege	992	browser.exe
Token: SeShutdownPrivilege	992	browser.exe
Token: SeShutdownPrivilege	992	browser.exe
Token: SeShutdownPrivilege	992	browser.exe
Token: SeShutdownPrivilege	992	browser.exe
Token: SeShutdownPrivilege	992	browser.exe
Token: SeShutdownPrivilege	992	browser.exe
Token: SeShutdownPrivilege	992	browser.exe
Token: SeShutdownPrivilege	992	browser.exe
Token: SeShutdownPrivilege	992	browser.exe
Token: SeShutdownPrivilege	992	browser.exe
Token: SeShutdownPrivilege	992	browser.exe
Token: SeShutdownPrivilege	992	browser.exe
Token: SeShutdownPrivilege	992	browser.exe
Token: SeShutdownPrivilege	992	browser.exe
Token: SeShutdownPrivilege	992	browser.exe
Token: SeShutdownPrivilege	992	browser.exe
Token: SeShutdownPrivilege	992	browser.exe
Token: SeShutdownPrivilege	992	browser.exe
Token: SeShutdownPrivilege	992	browser.exe
Token: SeShutdownPrivilege	992	browser.exe
Token: SeShutdownPrivilege	992	browser.exe
Token: SeShutdownPrivilege	992	browser.exe
Token: SeShutdownPrivilege	992	browser.exe
Token: SeShutdownPrivilege	992	browser.exe
Token: SeShutdownPrivilege	992	browser.exe
Token: SeShutdownPrivilege	992	browser.exe
Token: SeShutdownPrivilege	992	browser.exe
Token: SeShutdownPrivilege	992	browser.exe
Token: SeShutdownPrivilege	992	browser.exe
Token: SeShutdownPrivilege	992	browser.exe
Token: SeShutdownPrivilege	992	browser.exe
Token: SeShutdownPrivilege	992	browser.exe
Token: SeShutdownPrivilege	992	browser.exe
Token: SeShutdownPrivilege	992	browser.exe
Token: SeShutdownPrivilege	992	browser.exe
Token: SeShutdownPrivilege	992	browser.exe
Token: SeShutdownPrivilege	992	browser.exe
Token: SeShutdownPrivilege	992	browser.exe
Token: SeShutdownPrivilege	992	browser.exe
Token: SeShutdownPrivilege	992	browser.exe
Token: SeShutdownPrivilege	992	browser.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2084	761651b2148605bce4463c6e4f9e3f78692d7b13012a9e869cbd7afc5e2a433c.exe
992	browser.exe
992	browser.exe
992	browser.exe
992	browser.exe
992	browser.exe
992	browser.exe
992	browser.exe
992	browser.exe
992	browser.exe
992	browser.exe
992	browser.exe
992	browser.exe
992	browser.exe
992	browser.exe
992	browser.exe
992	browser.exe
992	browser.exe
992	browser.exe
992	browser.exe
992	browser.exe
992	browser.exe
992	browser.exe
992	browser.exe
992	browser.exe
992	browser.exe
992	browser.exe
992	browser.exe
992	browser.exe
992	browser.exe
992	browser.exe
992	browser.exe
992	browser.exe
992	browser.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
992	browser.exe
992	browser.exe
992	browser.exe
992	browser.exe
992	browser.exe
992	browser.exe
992	browser.exe
992	browser.exe
992	browser.exe
992	browser.exe
992	browser.exe
992	browser.exe
992	browser.exe
992	browser.exe
992	browser.exe
992	browser.exe
992	browser.exe
992	browser.exe
992	browser.exe
992	browser.exe
992	browser.exe
992	browser.exe
992	browser.exe
992	browser.exe
992	browser.exe
992	browser.exe
992	browser.exe
992	browser.exe
992	browser.exe
992	browser.exe
992	browser.exe
992	browser.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2084	761651b2148605bce4463c6e4f9e3f78692d7b13012a9e869cbd7afc5e2a433c.exe
992	browser.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2084 wrote to memory of 1516	2084	761651b2148605bce4463c6e4f9e3f78692d7b13012a9e869cbd7afc5e2a433c.exe	30
PID 2084 wrote to memory of 1516	2084	761651b2148605bce4463c6e4f9e3f78692d7b13012a9e869cbd7afc5e2a433c.exe	30
PID 2084 wrote to memory of 1516	2084	761651b2148605bce4463c6e4f9e3f78692d7b13012a9e869cbd7afc5e2a433c.exe	30
PID 2084 wrote to memory of 1516	2084	761651b2148605bce4463c6e4f9e3f78692d7b13012a9e869cbd7afc5e2a433c.exe	30
PID 2084 wrote to memory of 1516	2084	761651b2148605bce4463c6e4f9e3f78692d7b13012a9e869cbd7afc5e2a433c.exe	30
PID 2084 wrote to memory of 1516	2084	761651b2148605bce4463c6e4f9e3f78692d7b13012a9e869cbd7afc5e2a433c.exe	30
PID 2084 wrote to memory of 1516	2084	761651b2148605bce4463c6e4f9e3f78692d7b13012a9e869cbd7afc5e2a433c.exe	30
PID 1516 wrote to memory of 2272	1516	761651b2148605bce4463c6e4f9e3f78692d7b13012a9e869cbd7afc5e2a433c.exe	33
PID 1516 wrote to memory of 2272	1516	761651b2148605bce4463c6e4f9e3f78692d7b13012a9e869cbd7afc5e2a433c.exe	33
PID 1516 wrote to memory of 2272	1516	761651b2148605bce4463c6e4f9e3f78692d7b13012a9e869cbd7afc5e2a433c.exe	33
PID 1516 wrote to memory of 2272	1516	761651b2148605bce4463c6e4f9e3f78692d7b13012a9e869cbd7afc5e2a433c.exe	33
PID 2272 wrote to memory of 2796	2272	ybAB9B.tmp	34
PID 2272 wrote to memory of 2796	2272	ybAB9B.tmp	34
PID 2272 wrote to memory of 2796	2272	ybAB9B.tmp	34
PID 2796 wrote to memory of 2880	2796	setup.exe	35
PID 2796 wrote to memory of 2880	2796	setup.exe	35
PID 2796 wrote to memory of 2880	2796	setup.exe	35
PID 2880 wrote to memory of 2704	2880	setup.exe	36
PID 2880 wrote to memory of 2704	2880	setup.exe	36
PID 2880 wrote to memory of 2704	2880	setup.exe	36
PID 2880 wrote to memory of 1056	2880	setup.exe	38
PID 2880 wrote to memory of 1056	2880	setup.exe	38
PID 2880 wrote to memory of 1056	2880	setup.exe	38
PID 1056 wrote to memory of 2524	1056	service_update.exe	39
PID 1056 wrote to memory of 2524	1056	service_update.exe	39
PID 1056 wrote to memory of 2524	1056	service_update.exe	39
PID 2804 wrote to memory of 1576	2804	service_update.exe	41
PID 2804 wrote to memory of 1576	2804	service_update.exe	41
PID 2804 wrote to memory of 1576	2804	service_update.exe	41
PID 2804 wrote to memory of 1912	2804	service_update.exe	42
PID 2804 wrote to memory of 1912	2804	service_update.exe	42
PID 2804 wrote to memory of 1912	2804	service_update.exe	42
PID 1912 wrote to memory of 736	1912	service_update.exe	43
PID 1912 wrote to memory of 736	1912	service_update.exe	43
PID 1912 wrote to memory of 736	1912	service_update.exe	43
PID 2880 wrote to memory of 1472	2880	setup.exe	45
PID 2880 wrote to memory of 1472	2880	setup.exe	45
PID 2880 wrote to memory of 1472	2880	setup.exe	45
PID 2880 wrote to memory of 1472	2880	setup.exe	45
PID 2880 wrote to memory of 996	2880	setup.exe	46
PID 2880 wrote to memory of 996	2880	setup.exe	46
PID 2880 wrote to memory of 996	2880	setup.exe	46
PID 2880 wrote to memory of 996	2880	setup.exe	46
PID 2880 wrote to memory of 1952	2880	setup.exe	48
PID 2880 wrote to memory of 1952	2880	setup.exe	48
PID 2880 wrote to memory of 1952	2880	setup.exe	48
PID 2880 wrote to memory of 1952	2880	setup.exe	48
PID 992 wrote to memory of 2340	992	browser.exe	51
PID 992 wrote to memory of 2340	992	browser.exe	51
PID 992 wrote to memory of 2340	992	browser.exe	51
PID 992 wrote to memory of 2104	992	browser.exe	52
PID 992 wrote to memory of 2104	992	browser.exe	52
PID 992 wrote to memory of 2104	992	browser.exe	52
PID 992 wrote to memory of 2104	992	browser.exe	52
PID 992 wrote to memory of 2104	992	browser.exe	52
PID 992 wrote to memory of 2104	992	browser.exe	52
PID 992 wrote to memory of 2104	992	browser.exe	52
PID 992 wrote to memory of 2104	992	browser.exe	52
PID 992 wrote to memory of 2104	992	browser.exe	52
PID 992 wrote to memory of 2104	992	browser.exe	52
PID 992 wrote to memory of 2104	992	browser.exe	52
PID 992 wrote to memory of 2104	992	browser.exe	52
PID 992 wrote to memory of 2104	992	browser.exe	52
PID 992 wrote to memory of 2104	992	browser.exe	52

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\761651b2148605bce4463c6e4f9e3f78692d7b13012a9e869cbd7afc5e2a433c.exe
"C:\Users\Admin\AppData\Local\Temp\761651b2148605bce4463c6e4f9e3f78692d7b13012a9e869cbd7afc5e2a433c.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2084
- C:\Users\Admin\AppData\Local\Temp\761651b2148605bce4463c6e4f9e3f78692d7b13012a9e869cbd7afc5e2a433c.exe
  "C:\Users\Admin\AppData\Local\Temp\761651b2148605bce4463c6e4f9e3f78692d7b13012a9e869cbd7afc5e2a433c.exe" --parent-installer-process-id=2084 --run-as-admin --setup-cmd-line="fake_browser_arc --abt-config-resource-file=\"C:\Users\Admin\AppData\Local\Temp\abt_config_resource\" --abt-update-path=\"C:\Users\Admin\AppData\Local\Temp\356b57bc-937e-437f-83c7-57684f26fcec.tmp\" --brand-name=yandex --browser-present=none --distr-info-file=\"C:\Users\Admin\AppData\Local\Temp\distrib_info\" --installer-brand-id=yandex --installer-partner-id=exp_firstscreen_2 --make-browser-default-after-import --progress-window=459160 --send-statistics --testids=1045949 --variations-update-path=\"C:\Users\Admin\AppData\Local\Temp\c624bbd8-e009-4d87-963b-f7801005eac6.tmp\" --verbose-logging"
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:1516
- - C:\Users\Admin\AppData\Local\Temp\ybAB9B.tmp
    "C:\Users\Admin\AppData\Local\Temp\ybAB9B.tmp" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\356b57bc-937e-437f-83c7-57684f26fcec.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --browser-present=none --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=42 --install-start-time-no-uac=235524400 --installer-brand-id=yandex --installer-partner-id=exp_firstscreen_2 --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --make-browser-default-after-import --partner-package="C:\Users\Admin\AppData\Local\Temp\PartnerFile" --progress-window=459160 --send-statistics --source=lite --testids=1045949 --variations-update-path="C:\Users\Admin\AppData\Local\Temp\c624bbd8-e009-4d87-963b-f7801005eac6.tmp" --verbose-logging
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2272
  - - C:\Users\Admin\AppData\Local\Temp\YB_6B957.tmp\setup.exe
      "C:\Users\Admin\AppData\Local\Temp\YB_6B957.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_6B957.tmp\BROWSER.PACKED.7Z" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\356b57bc-937e-437f-83c7-57684f26fcec.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --browser-present=none --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=42 --install-start-time-no-uac=235524400 --installer-brand-id=yandex --installer-partner-id=exp_firstscreen_2 --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --make-browser-default-after-import --partner-package="C:\Users\Admin\AppData\Local\Temp\PartnerFile" --progress-window=459160 --send-statistics --source=lite --testids=1045949 --variations-update-path="C:\Users\Admin\AppData\Local\Temp\c624bbd8-e009-4d87-963b-f7801005eac6.tmp" --verbose-logging
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:2796
    - - C:\Users\Admin\AppData\Local\Temp\YB_6B957.tmp\setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\YB_6B957.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_6B957.tmp\BROWSER.PACKED.7Z" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\356b57bc-937e-437f-83c7-57684f26fcec.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --browser-present=none --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=42 --install-start-time-no-uac=235524400 --installer-brand-id=yandex --installer-partner-id=exp_firstscreen_2 --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --make-browser-default-after-import --partner-package="C:\Users\Admin\AppData\Local\Temp\PartnerFile" --progress-window=459160 --send-statistics --source=lite --testids=1045949 --variations-update-path="C:\Users\Admin\AppData\Local\Temp\c624bbd8-e009-4d87-963b-f7801005eac6.tmp" --verbose-logging --verbose-logging --run-as-admin --target-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application" --child-setup-process --restart-as-admin-time=282496000
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2880
      - C:\Users\Admin\AppData\Local\Temp\YB_6B957.tmp\setup.exe
        
        C:\Users\Admin\AppData\Local\Temp\YB_6B957.tmp\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=45323b5b377897c846fc6c473cf984a9 --annotation=main_process_pid=2880 --annotation=plat=Win64 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.7.1.1029 --initial-client-data=0x158,0x15c,0x160,0x12c,0x164,0x1401ed728,0x1401ed734,0x1401ed740
        6⤵
        Executes dropped EXE
        
        PID:2704
      - C:\Windows\TEMP\sdwra_2880_2053142966\service_update.exe
        
        "C:\Windows\TEMP\sdwra_2880_2053142966\service_update.exe" --setup
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in Program Files directory
        Suspicious use of WriteProcessMemory
        
        PID:1056
        
        C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1029\service_update.exe
        
        "C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1029\service_update.exe" --install
        7⤵
        Executes dropped EXE
        
        PID:2524
      - C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe
        
        C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe --silent
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:1472
      - C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
        
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Temp\clids.xml"
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:996
      - C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
        
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\source2880_79035023\Browser-bin\clids_yandex.xml"
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1952

C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1029\service_update.exe
"C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1029\service_update.exe" --run-as-service
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Modifies data under HKEY_USERS
- Suspicious use of WriteProcessMemory
PID:2804
- C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1029\service_update.exe
  "C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1029\service_update.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=45323b5b377897c846fc6c473cf984a9 --annotation=main_process_pid=2804 --annotation=plat=Win64 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.7.1.1029 --initial-client-data=0x11c,0x120,0x124,0xf0,0x128,0x13fa28b00,0x13fa28b0c,0x13fa28b18
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1029\service_update.exe
  "C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1029\service_update.exe" --update-scheduler
  2⤵
  - Executes dropped EXE
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:1912
- - C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1029\service_update.exe
    "C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1029\service_update.exe" --update-background-scheduler
    3⤵
    - Executes dropped EXE
    - Drops file in Windows directory
    PID:736

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --progress-window=459160 --install-start-time-no-uac=235524400
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Checks system information in the registry
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:992
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id= --annotation=main_process_pid=992 --annotation=metrics_client_id=2ea04bd125064ea59d93c1c9c0f463b2 --annotation=plat=Win64 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.7.1.1029 --initial-client-data=0xd8,0xdc,0xe0,0xac,0xe4,0x7fef559cf90,0x7fef559cf9c,0x7fef559cfa8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2340
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=DE8CCEB6-CA24-4AC1-B39A-3369D6497542 --brand-id=yandex --partner-id=exp_firstscreen_2 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --gpu-process-kind=sandboxed --field-trial-handle=1812,i,7171673218334682544,13352959190376027167,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=1808 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2104
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=DE8CCEB6-CA24-4AC1-B39A-3369D6497542 --brand-id=yandex --partner-id=exp_firstscreen_2 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=disabled --gpu-process-kind=trampoline --field-trial-handle=1704,i,7171673218334682544,13352959190376027167,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=1912 /prefetch:6
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2232
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=DE8CCEB6-CA24-4AC1-B39A-3369D6497542 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Network Service" --field-trial-handle=2128,i,7171673218334682544,13352959190376027167,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2140 --brver=24.7.1.1029 /prefetch:3
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2276
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=ru --service-sandbox-type=service --user-id=DE8CCEB6-CA24-4AC1-B39A-3369D6497542 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Storage Service" --field-trial-handle=2296,i,7171673218334682544,13352959190376027167,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2308 --brver=24.7.1.1029 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2656
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=ru --service-sandbox-type=audio --user-id=DE8CCEB6-CA24-4AC1-B39A-3369D6497542 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Audio Service" --field-trial-handle=2820,i,7171673218334682544,13352959190376027167,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2832 --brver=24.7.1.1029 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2000
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=DE8CCEB6-CA24-4AC1-B39A-3369D6497542 --brand-id=yandex --partner-id=exp_firstscreen_2 --extension-process --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --enable-ignition --allow-prefetch --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3028,i,7171673218334682544,13352959190376027167,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3024 /prefetch:2
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2472
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=DE8CCEB6-CA24-4AC1-B39A-3369D6497542 --brand-id=yandex --partner-id=exp_firstscreen_2 --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --enable-ignition --allow-prefetch --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3360,i,7171673218334682544,13352959190376027167,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2720
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=DE8CCEB6-CA24-4AC1-B39A-3369D6497542 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=3680,i,7171673218334682544,13352959190376027167,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3624 --brver=24.7.1.1029 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1760
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=ru --service-sandbox-type=none --user-id=DE8CCEB6-CA24-4AC1-B39A-3369D6497542 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Импорт профилей" --field-trial-handle=3768,i,7171673218334682544,13352959190376027167,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3756 --brver=24.7.1.1029 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2300
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=DE8CCEB6-CA24-4AC1-B39A-3369D6497542 --brand-id=yandex --partner-id=exp_firstscreen_2 --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --enable-ignition --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3824,i,7171673218334682544,13352959190376027167,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3908 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1948
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=DE8CCEB6-CA24-4AC1-B39A-3369D6497542 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=4108,i,7171673218334682544,13352959190376027167,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4124 --brver=24.7.1.1029 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2240
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=DE8CCEB6-CA24-4AC1-B39A-3369D6497542 --brand-id=yandex --partner-id=exp_firstscreen_2 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --gpu-process-kind=sandboxed --field-trial-handle=3744,i,7171673218334682544,13352959190376027167,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=1944 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1916
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=DE8CCEB6-CA24-4AC1-B39A-3369D6497542 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=3436,i,7171673218334682544,13352959190376027167,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3440 --brver=24.7.1.1029 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=DE8CCEB6-CA24-4AC1-B39A-3369D6497542 --brand-id=yandex --partner-id=exp_firstscreen_2 --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --ya-custo-process --enable-instaserp --enable-ignition --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4736,i,7171673218334682544,13352959190376027167,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4732 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  PID:1120
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=DE8CCEB6-CA24-4AC1-B39A-3369D6497542 --brand-id=yandex --partner-id=exp_firstscreen_2 --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --ya-custo-process --enable-instaserp --enable-ignition --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5052,i,7171673218334682544,13352959190376027167,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  PID:1608
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=DE8CCEB6-CA24-4AC1-B39A-3369D6497542 --brand-id=yandex --partner-id=exp_firstscreen_2 --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --enable-ignition --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5176,i,7171673218334682544,13352959190376027167,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=DE8CCEB6-CA24-4AC1-B39A-3369D6497542 --brand-id=yandex --partner-id=exp_firstscreen_2 --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --enable-ignition --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5236,i,7171673218334682544,13352959190376027167,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  PID:3032
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=service --user-id=DE8CCEB6-CA24-4AC1-B39A-3369D6497542 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Распаковщик файлов" --field-trial-handle=5228,i,7171673218334682544,13352959190376027167,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5368 --brver=24.7.1.1029 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=DE8CCEB6-CA24-4AC1-B39A-3369D6497542 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=5456,i,7171673218334682544,13352959190376027167,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5448 --brver=24.7.1.1029 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=DE8CCEB6-CA24-4AC1-B39A-3369D6497542 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=5512,i,7171673218334682544,13352959190376027167,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5520 --brver=24.7.1.1029 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=DE8CCEB6-CA24-4AC1-B39A-3369D6497542 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=5528,i,7171673218334682544,13352959190376027167,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5432 --brver=24.7.1.1029 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=DE8CCEB6-CA24-4AC1-B39A-3369D6497542 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=5424,i,7171673218334682544,13352959190376027167,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5660 --brver=24.7.1.1029 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=DE8CCEB6-CA24-4AC1-B39A-3369D6497542 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=5376,i,7171673218334682544,13352959190376027167,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5636 --brver=24.7.1.1029 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=DE8CCEB6-CA24-4AC1-B39A-3369D6497542 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=5356,i,7171673218334682544,13352959190376027167,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5548 --brver=24.7.1.1029 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=DE8CCEB6-CA24-4AC1-B39A-3369D6497542 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=5404,i,7171673218334682544,13352959190376027167,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5900 --brver=24.7.1.1029 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=DE8CCEB6-CA24-4AC1-B39A-3369D6497542 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=5368,i,7171673218334682544,13352959190376027167,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=6088 --brver=24.7.1.1029 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=DE8CCEB6-CA24-4AC1-B39A-3369D6497542 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=6100,i,7171673218334682544,13352959190376027167,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5360 --brver=24.7.1.1029 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:1232
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=DE8CCEB6-CA24-4AC1-B39A-3369D6497542 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=6104,i,7171673218334682544,13352959190376027167,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=6324 --brver=24.7.1.1029 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=DE8CCEB6-CA24-4AC1-B39A-3369D6497542 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=6112,i,7171673218334682544,13352959190376027167,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=6476 --brver=24.7.1.1029 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=DE8CCEB6-CA24-4AC1-B39A-3369D6497542 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=6196,i,7171673218334682544,13352959190376027167,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=6200 --brver=24.7.1.1029 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=service --user-id=DE8CCEB6-CA24-4AC1-B39A-3369D6497542 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Распаковщик файлов" --field-trial-handle=2984,i,7171673218334682544,13352959190376027167,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=6420 --brver=24.7.1.1029 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=ru --service-sandbox-type=none --user-id=DE8CCEB6-CA24-4AC1-B39A-3369D6497542 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Утилиты Windows" --field-trial-handle=3040,i,7171673218334682544,13352959190376027167,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3116 --brver=24.7.1.1029 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=ru --service-sandbox-type=none --user-id=DE8CCEB6-CA24-4AC1-B39A-3369D6497542 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Утилиты Windows" --field-trial-handle=3068,i,7171673218334682544,13352959190376027167,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3112 --brver=24.7.1.1029 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=service --user-id=DE8CCEB6-CA24-4AC1-B39A-3369D6497542 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Распаковщик файлов" --field-trial-handle=1692,i,7171673218334682544,13352959190376027167,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4176 --brver=24.7.1.1029 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:2808

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --broupdater --broupdater-origin=auto --bits_job_guid={834E0B42-9199-44A7-BE8F-F8E309B87344}
1⤵
- Executes dropped EXE
- Checks system information in the registry
- Enumerates system info in registry
PID:2968
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" --url=https://crash-reports.browser.yandex.net/submit --annotation=install_date=1723621142 --annotation=last_update_date=1723621142 --annotation=launches_after_update=1 --annotation=machine_id=45323b5b377897c846fc6c473cf984a9 --annotation=main_process_pid=2968 --annotation=metrics_client_id=2ea04bd125064ea59d93c1c9c0f463b2 --annotation=micromode=broupdater --annotation=plat=Win64 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.7.1.1029 --initial-client-data=0xdc,0xe0,0xe4,0xb0,0xe8,0x7fef559cf90,0x7fef559cf9c,0x7fef559cfa8
  2⤵
  - Executes dropped EXE
  PID:1232
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=DE8CCEB6-CA24-4AC1-B39A-3369D6497542 --brand-id=yandex --partner-id=exp_firstscreen_2 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --gpu-process-kind=sandboxed --field-trial-handle=1784,i,4046579734226695699,9786915501188579169,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=1780 /prefetch:2
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=DE8CCEB6-CA24-4AC1-B39A-3369D6497542 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Network Service" --field-trial-handle=1976,i,4046579734226695699,9786915501188579169,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=1996 --brver=24.7.1.1029 /prefetch:3
  2⤵
  - Executes dropped EXE
  PID:2936

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --broupdater-stat-bits --broupdater-stat-name=install --bits_job_guid={621D359D-6F37-4912-BF15-72A35E6D5B18}
1⤵
- Executes dropped EXE
- Checks system information in the registry
- Enumerates system info in registry
PID:468
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" --url=https://crash-reports.browser.yandex.net/submit --annotation=install_date=1723621142 --annotation=last_update_date=1723621142 --annotation=launches_after_update=2 --annotation=machine_id=45323b5b377897c846fc6c473cf984a9 --annotation=main_process_pid=468 --annotation=metrics_client_id=2ea04bd125064ea59d93c1c9c0f463b2 --annotation=plat=Win64 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.7.1.1029 --initial-client-data=0xdc,0xe0,0xe4,0xb0,0xe8,0x7fef559cf90,0x7fef559cf9c,0x7fef559cfa8
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=DE8CCEB6-CA24-4AC1-B39A-3369D6497542 --brand-id=yandex --partner-id=exp_firstscreen_2 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --gpu-process-kind=sandboxed --field-trial-handle=1788,i,5578954940358633259,13989638577111285535,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=1784 /prefetch:2
  2⤵
  - Executes dropped EXE
  PID:936
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=DE8CCEB6-CA24-4AC1-B39A-3369D6497542 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Network Service" --field-trial-handle=1912,i,5578954940358633259,13989638577111285535,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=1960 --brver=24.7.1.1029 /prefetch:3
  2⤵
  - Executes dropped EXE
  PID:2688

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --broupdater-stat-bits --broupdater-stat-name=dayuse --bits_job_guid={E1C1325D-4612-48AF-A5B5-4899A6C7BCBC}
1⤵
- Executes dropped EXE
- Checks system information in the registry
- Enumerates system info in registry
PID:3012
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" --url=https://crash-reports.browser.yandex.net/submit --annotation=install_date=1723621142 --annotation=last_update_date=1723621142 --annotation=launches_after_update=3 --annotation=machine_id=45323b5b377897c846fc6c473cf984a9 --annotation=main_process_pid=3012 --annotation=metrics_client_id=2ea04bd125064ea59d93c1c9c0f463b2 --annotation=plat=Win64 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.7.1.1029 --initial-client-data=0xdc,0xe0,0xe4,0xb0,0xe8,0x7fef559cf90,0x7fef559cf9c,0x7fef559cfa8
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=DE8CCEB6-CA24-4AC1-B39A-3369D6497542 --brand-id=yandex --partner-id=exp_firstscreen_2 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --gpu-process-kind=sandboxed --field-trial-handle=1760,i,10247269160757611556,10219180997462860642,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=1756 /prefetch:2
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=DE8CCEB6-CA24-4AC1-B39A-3369D6497542 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Network Service" --field-trial-handle=1968,i,10247269160757611556,10219180997462860642,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=1992 --brver=24.7.1.1029 /prefetch:3
  2⤵
  - Executes dropped EXE
  PID:2960

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
714B

MD5
8457f66b17799feaa0e382a73445ccbd

SHA1
f8aab63bc3a8011fcb3136a25804e5069b22fa54

SHA256
f7969f7f5c7be95080ef4f2b23d5bd204bd4663aeea8794273461f43bc39ce04

SHA512
e336ba76e75b1c3b73b1c8ae634f8a2b2f5d40c58e51f110eff0c9ddb1f03c9bf6be0d2b7562d9822d930900c56f5370161d80dcac97042fc2dafc8c51f330d7

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
3KB

MD5
2a344da1c962d8550b29a96b27373b2e

SHA1
9fc4357cb7114f16cba01fcb7f6171b5794c7b78

SHA256
57919e86e410f8185dfff59cb421bd5e9ac741d299271e61c92af97893f59000

SHA512
49ce173dc051ec7675893b6abe8ce8d2c3f8ecd6af936adce0971a7fd113beb112f2d1e84e9077e03e35efa0ae2a1d362341c42aacb077de75d51359817ded53

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
3KB

MD5
33fbaf66fdd1d9ed84a7733f54461f8c

SHA1
122637c324116cac234c2018baba4f4d0becc117

SHA256
72a72f94c0da03003ad99dbec5620ad9afd2a4c51eb77ddadd87400740874cd7

SHA512
7a167f33cba3ae2ad180df2c5f81349a8958ee717a44fe102133f31958199a4da0c2ed2f56fa459590158e13e1d6a48177e2833afcc56559f93cea7fb71f6e9e

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
4KB

MD5
7b44c6d04c30e1b6825210476a0d2767

SHA1
68372304ec14fa45b3c094d42ab47f1e8d505b6b

SHA256
51993df4c0c79b537484cf507fb8821887542761f9f18921d1af3af0ece1ae26

SHA512
033f7e7d6a911c3a6726f5fd364936c4410e8f114a21d1e1235454f42e5f83f1dd7f4bf991ce3ea5eb5da903e58ba1db49b3b7ca9bffd458f5b1f5dc81c2f995

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
5KB

MD5
83796b458642cc7d0714977727da6798

SHA1
9b5ae721bb7b7ea924a569df57e3bd23dbebf57b

SHA256
dd89e8929eb798f40ad71f4294b8b4f26efcc3f57ef9718a74cc87a39c0eacd5

SHA512
70f3027b6768d37aeac5fd7a6d0a29da1c947c42ef23407f827b03ae3297c2c3b80d453e0330da3505015bf82be952484309b785dc325b0c5b8b483af187fa12

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
5KB

MD5
6fed24ae7764ba2a278a9049eeddad64

SHA1
4525ddfde496db59127fbf097e31d166314979fb

SHA256
bd7a5ea528cfb10652344f62bae63a662166643aff52b3474ff82dc092694365

SHA512
fe3b03ae4d3ecf0dcb44e61809472dac0c214342dac435c004bf16820b99ba3aa2c192dd121e789ad5ad7dea69a4557f3bac5513d47dd3a44be9ea3bf033af17

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
6KB

MD5
b15ae1e68fed9ec1ac61a181c6a95d3c

SHA1
6fa80a790db9bf3461c1b09f7212761510d68fbc

SHA256
a26f7639dc92ab0d6e637d62a18fdb1e70f9529f9a7a637ce6e08301aeeab6d4

SHA512
5c326c4b26d9b4e913baa1ccc2301cb871ca31c85a468ea360569a95b6689918ac90a9f3d042b5b9e8443580c32b885fb21df5d5b5dc1d08fd430272ab13cadc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B

Filesize
1KB

MD5
6f02ad603f7edf615fb82a32117a7616

SHA1
e06263cd46e8d8465961b2614b9a5b97748aecba

SHA256
6a7cd00156806d419ba0c38038e32906c6a59e5b8200fd02537982827232e6cb

SHA512
fc679710a4ec8a3a7f5c6db23af4ef1701da1b8a464748002b6425678d38da6764e8957ec3c849986e288b164418ca714f2eff24bb4a8aa32458a934b0158db2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\349D186F1CB5682FA0194D4F3754EF36_329286CE101A90C7D927A9DF52224760

Filesize
1KB

MD5
d60c317701100a9b00cb931c764a6c09

SHA1
5e6a7e91a1b97d7799336b4239f2822fa96031b8

SHA256
9b93ca72d4fddb2b169693776ac9137f730e8a42007e35d6d7e1565f7b8de0d3

SHA512
ae48b85918d2db8fbfb95be69a63bd0279efb78bf0e00ed81736a49cfcff117641e50da3fba74fdc25d92035f6524446b9020a15c80d88c664167b17a9011f31

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3

Filesize
1KB

MD5
64cc313aefeb432b92a1dbf5fffb88db

SHA1
9df72890485430646141e4ddce76dbf052b0e8a8

SHA256
50ce43cb8e1ebc4305e7523e9597734a6591ee237713b16049a2fc192597348c

SHA512
d1ef5c97f2539536446096cf7644821f8a6918d645d7fd2a2cb3a5c67654232292185df4dae8656e7d331c10768d48a41c343e40461d7febcdb1bcb8e3db7fde

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B

Filesize
508B

MD5
cd2d5942077dcb42509d19039d8f9251

SHA1
9774a9cbb2a5ad37734bfa578961f7ed231bf4f3

SHA256
e0b13082ae29671e55d33be8da352d537d0c0bea51229bc0dba19594e16ce725

SHA512
ad6fec349479316f29dc94f19339b202e55eda434e757f59330444bb0d3ded58380ee0eb3f35bdde7662bbbff359103a758c7cc5e4b29be53d4fbeb5a75f53d8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\349D186F1CB5682FA0194D4F3754EF36_329286CE101A90C7D927A9DF52224760

Filesize
532B

MD5
b412a7cf327f0c7288371c23da8bbcde

SHA1
32866c26c57d19e7ceca433c69fed3d45e18b2a1

SHA256
696fe3ca18c90116487cdcc8fce0c88657d2f1c4d5a778cc0219619ef2199625

SHA512
8800938994ec3d53c2be2e0ff4f08f1c79fd8052f208a24679bd0bdb02592b9278f3a248991ad361781e320180ebe135565de7c8c042250e7cad1bc9ed226502

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1e33b4fb4f15de4b109c690ed806ef62

SHA1
c5f414906b328b7cff82e7aaa1367263d917604f

SHA256
00a30d383be7a3ccb2c7e8827567ec97d42ce7f0a5219a0a7722d0373bc19cfc

SHA512
9f030190eae4ce80400ca5415f8d0c4d77d77bbea7f60be21fdce031c39c0e64286fd763a1ef9177c63a4e8b9edc6ebd2936249cb48b403ff19de40d927b88b1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
55421d8976a4a44231c7248d2be87c18

SHA1
dac7681bd0af610b3da264b61b373e810c6df3c4

SHA256
ab7b905fedcb551266b669484c035ebd25ca81eeb91f1b98b4f89ebba283eb63

SHA512
3a54f2b4d630ce9bfadff7b0a2f8e1f3da5d7be272e37c1c011fdeee73d4fe53173d8890c540004023c1ea3eab61092d612d9e93a2aa08a625ac5aaab0ab2017

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f09908b66b3178662211defad69a1da6

SHA1
77cf37aef122cbe06ea343c4e718acf155e163dc

SHA256
dbf25aec6a92c1666f416d8fc8147a51386e1f42e7c42648dd7f895b8646ae13

SHA512
347e747313f0e70b4c7bab2e524a7eae0559d6049dc0d8976009754818edfb1dc3d3e584d8135820ab504c916801144c84060e65426c7718754efaca2eea0868

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3

Filesize
506B

MD5
3a5c89a0944667d10b30d7bb44badf08

SHA1
1f11388e5cf3ca89c1a19983264b744362a355d6

SHA256
ad577071d83f14c5b627e028ab0d4a1abc74c8986f72afe0ab76db021d5fc726

SHA512
331df9bb80710f6b66fe44ead6f9149b8babb1210eb0a5d4bd2c2d60e783dc9dd304ff13da90fb3f35f6873634c95761c3089741a942a3a4100d1c2adf525ee1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab5979.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\PartnerFile

Filesize
646KB

MD5
f609e719d46e21530ee972ebfb083393

SHA1
e5c0b8f5ada4034bd34831ded6fe8d06f6a9941e

SHA256
80cbec2da26291caa67309c161c288b99d4cbca16970bc37311ae309a065235d

SHA512
aaa01d9c7b3b0547826c8099998f0df5b86dbbc1d3a26d8787cea8e0c9af69a12df2d295098b5df1d4d30a9c14b6a01bd4d645957e073f580b4fff01409adf3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar597C.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\YB_6B957.tmp\BRAND_COMMON

Filesize
25.6MB

MD5
b5774fca1d4a8cbb93f85209392ef872

SHA1
bf2e2bf3e890521ced14ff4c5b9414982aa742c6

SHA256
672daea93cad291c72487f7608bc91b7b61ca411ff84a3e8e8fffd21e65e2bdd

SHA512
b2066ba271901041c71285859a72e3f2d7de1f3fa30bd814107639d3d747f8d98b694e24966c1c028c9e1f8fbee79166aaf35418f51ad50f0d2749f675025e7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\YB_6B957.tmp\brand_yandex

Filesize
1.8MB

MD5
25c8fd0b8d4fa9db3c7102a222adb969

SHA1
a71385a34c5668df611647b03473d68bd7e845ba

SHA256
3a1008f5f71875bd3585fa76a19c8c66f97d9c521d4e5d6258de83c7a1be2fa6

SHA512
991e0f87404d6160d060f664a833ff3abb71fa9c76f35a57245cc34f91ef7313511a9b21e038f52c6e69321fd75b3c64463dd6a47b26879b3a9763d7f73b1aa5

Download Submit
C:\Users\Admin\AppData\Local\Temp\distrib_info

Filesize
368B

MD5
2b330d1a4c518faad91355da70593436

SHA1
46bab6f37c5fb832a560cf2a3dcc15820b4e8bab

SHA256
9b00f49f1b42e16d864d9f046c91b9a3c13b5b1df9aa40430f816b98f1c0e701

SHA512
9d6e9a4814cb991039aefb54d0e5728bc3e0df50fbfba90c7214e5d5e3b255e3bc13467f126d38c5fb318f4e1efca6622c8874909a8d596fb7a866ba7e37aef4

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
1KB

MD5
9b736381a81deddf1fe1fa2dd57e117b

SHA1
feb1b1234988e9088ef2bda4ec1a764871ca9498

SHA256
e624c6f97f6277790d66fd392ca1fd8ebf02cfc756741c187e42b2795c38ab9a

SHA512
67d0074100198a81adc9c845ef9b2457598284278c38af887c10b4f7c9952e6870b3e07d937c965c4ed0240bd037dc85510d3f022fddd0818b998e432471dc0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
16KB

MD5
b31adce4b9b5192834e2ab83dd788d95

SHA1
9994770694ffb4e91e251be239e9578dd7a8f1af

SHA256
ad5f762942e39b205caaba37f19e24a277f016b1d538786e7de1d6d1caf9d7b9

SHA512
6b4ac08f5f778d9ab2ec5e3d4dda0a65425c2acc9224afa4da99b649f4bd370a2d803bf0a8815404a8dcb034d10410a0331ac6a3a8e04ede4806e082e1e58e5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
16KB

MD5
1033f1dbd1e55604e0c65ae592be8a33

SHA1
eca4548abb4899f9d53eec6c2f21315753f8b4ec

SHA256
cfbad0e6fc31ac7bee53bec82689b6de81690a322c5ef3769080a32b7068f44e

SHA512
49be9c60a562964adbe5c85565b6330315b279e3f08141c9bef7910da60061c0b3a394c26a6cdd115ea5fb73ac6ecb7ab6ebc76fc6546bce18cc6acc3ceee320

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
9KB

MD5
a55325df70b5ca909d754ab176a9c7a7

SHA1
15edea3d9e1c0f64d5af09dcdaeeb29d1fa1de03

SHA256
2e6104529f9f484975b1cdc53c8180cf2a1f39de5a95fdf96c98eec879424ce0

SHA512
80845c2a2f7f268751868ee5c9434c7bc05676d0e0ee8af41d81f0574669dd1103a24e3b00e35ebea36e1fa65be7d1f591d2aff2dd85f5b8f62938b7214b264c

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
39KB

MD5
fb5799b915f63ba03e233d419a4ca8d7

SHA1
c1762b23cca4fef252986551c960b2bb0bc6ddd0

SHA256
d10e6e4e0416b9929efade54c29cc864cd8232ad8704f6c13841886963050403

SHA512
172f9f5dd8d24f3537d7a74698a503bf4bfe28ca6be95a4d7a1ed0b78b3d0b0eb39128d7cff58d863b59ed42720988e6a9705ff217f2d5c357d78d2381a586b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
39KB

MD5
08c0850534627dcca02597b086c410bc

SHA1
8fe499dc97c0301a0cbdf09762b1d0e9f6351a61

SHA256
6b5c10b4605aa82ef846651c7adf1b8c96e249cacf9f0b17e5416dfba24cede0

SHA512
81e8fccf2e4a6cdfc5ddc8139a904b072cfee7a31f2f76f6ae45b75d91b7aec2512150718af82fec6add5f727e6eb0c0eab0098b586eef63090be73f3d79511b

Download Submit
C:\Users\Admin\AppData\Local\Temp\master_preferences

Filesize
171KB

MD5
6dfb34c0dcac0b7afaca232bbd0a48ae

SHA1
49071399cbe6c79faa1c8e2b907711ad9fe8f28c

SHA256
b28f385ecd781fa31d0631c46f406a96458e2e4124411c7ad3805a90335e9bb7

SHA512
299a4ea5eba779ba5e7a8418d2676236bf750d51a7f2379a7c2825456139f53ebe1afa0da84c933c1c331fa22d6071ea5cbd2d18ec98f9a908762001889a049d

Download Submit
C:\Users\Admin\AppData\Local\Temp\yandex_browser_installer.log

Filesize
4KB

MD5
71551082fe49df6b2d22f9eda5b112e0

SHA1
9c2bb038b890a4419d31a257a831e49a812ff066

SHA256
6eac0b283a54a422a9ae06f89d52094e40b1d02108ca707f7fb35d8bd00ff1db

SHA512
5fdcbb1698e1db5848ae5cc8cda09087e672a4451ac02a8e0ba0774707282e614665377d83f75d185b8340f305807bd023a91f4f24ea901a1c7d85cccd3d9049

Download Submit
C:\Users\Admin\AppData\Local\Temp\yandex_browser_updater.log

Filesize
5KB

MD5
15d996b28b661a4ae5a1f9c0b678cd29

SHA1
aa7ed08920cbab190b4e2c711c93d3f6ce1a16c6

SHA256
2dde1764720eea73d36fb12b7e38bba35db4efbbb28add1aca4f9afbac4a7d9d

SHA512
5457e7335898875872fd190c6a8c5b2f03b4437643cd824b78089fbff222b472f546ea736d176fad721cc221032136b917a5169736c4f9cee85a5d4acf25c553

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe

Filesize
633KB

MD5
fa5ca1c4e0bdccbe8e5b7957f771ee89

SHA1
55e21fb6b2c96a33b65c2855745c8ac0f49e0d2b

SHA256
10e0ba6dd4e37827ab42f8c851097e2b96bb897c677d95a0ea4f870d670d5f2b

SHA512
a9e6148879e65208140ab270ef3f171dc21640420c072b7cb613dc94895f8943fd6b1526c830597b5ed5fc40889496ce1a8914ff918a68eb928b4a4e78250da5

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.lnk

Filesize
1KB

MD5
dc50628eba3835050c7e43e3b93e8d7b

SHA1
3aab401c707f3b53969be57f78b865466124d03d

SHA256
e1c0616ddcea87f2744aa2c3c8975ad1eafb772ee92d762073f94010d2dc4972

SHA512
44258f98cc07352d7fd2948ed00ec4bbd4a93cc099e119ccc6630f3bda596d6439cf553c94b74de90a2d6b97a5b2cb61bf63a132dd920885159443c178c2728f

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YaPin\yandex.website

Filesize
488B

MD5
2baf611b1b6876e6c393054aa8c46a0a

SHA1
3d26e532d5b37939b51884bfb53732070c4dca9a

SHA256
5f7570144541408b41c15373bb8870e7bde53ad3c5413e2f6000e6f0e449b853

SHA512
1a0dc02bdd53e1bd49b2a72b10828463f5c8bed8a17b8498eb4ae939a40dfd8bcaeba1feac1190f5595b4da245a7aa0e4507724ef9fb74172b29581e885cd563

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.7.1.1029\brand_config

Filesize
8KB

MD5
d4683d96f6bf40859ef88eddc5507f8d

SHA1
75c79036cb66c2f1a0716f6f2353911e283c5585

SHA256
a29b7c2ec97e48b5e56a7140c11722ff917566347487e1a1ffda74b141d332a8

SHA512
38ea8e7595c90861b399b0751eab1b560a5e444bc202d9d574fd7a6f8f0d32d415be6a7b2a3c08fb88e4f7a70dddb838cb8c8e4815fe4c44ac20c3f0ac4d1564

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.7.1.1029\partner_config

Filesize
692B

MD5
807c3202f4ee1c6e7c2c34e7ee224e6d

SHA1
0df6a74ea5677b26f52ac9b06643f47afb4015d6

SHA256
9fe5e97cd8eeafccf0ce63e997c8a5ff37998308dd7c57f1fe5b319b3c3b1ff1

SHA512
6467b26a30684252ec4a8c5fe39a614c68fec396204890f467522cf21cc38f6e1e3a66f8223cf0f0f33f75f2ba8564d2c75f4f6ac16530cd16743c4dfd28bde5

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\YandexDictionaries\ru.bdic

Filesize
4.5MB

MD5
ac3768f0462853d08df284e67c7c4ebd

SHA1
732581ac6f2e02246696817adc53d2e2e5d0dcb5

SHA256
af2bcc135f974aad505a8f55296117dbf4cbc095931e22f424698b181d273656

SHA512
27d558deffeeefe1198aebdf65a3fef0b0f3d6b6c4177d03ff32b0363f0a2fb1b7ff6454f45dd3254427cec9174b03181c50bc51dba212e6ab0114a6e72bcf96

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\install_state.json

Filesize
1KB

MD5
2e59800dc20926f4c8fae5cb69317539

SHA1
c631ca00adfdfb73c1aabe5093a21902d0117adc

SHA256
bbe11a5d8441288bd8a77156d45bf3a5172aa821cd47b814cd87347509a55cb7

SHA512
8ac6ffdd35e0868a777ba6014de74ba98084cb2a25d6312f0f1e13891bfaf49336c0c20f5ac796d25c8b3065939137a034a1f4eaff85379582969fb2bbadbdf7

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1029\resources\configs\all_zip

Filesize
650KB

MD5
849cc75f9772e37306aaf9980b7b33ba

SHA1
c784d80bfef09853850960a37b330f93427fda7d

SHA256
7dc09ee9fcb4ef4fdbb718fdcd7fa93982897ea812073defb234ad2df96475e9

SHA512
61a2d951a445dba6b72045c7675f19f4010a08a6fb217ee7239dd88186d81be0323243fb7921f57de33d76a485625dfe72dac844c7cc6b3922a5fd092b990c49

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1029\resources\wallpapers\sea_preview.jpg

Filesize
59KB

MD5
53ba159f3391558f90f88816c34eacc3

SHA1
0669f66168a43f35c2c6a686ce1415508318574d

SHA256
f60c331f1336b891a44aeff7cc3429c5c6014007028ad81cca53441c5c6b293e

SHA512
94c82f78df95061bcfa5a3c7b6b7bf0b9fb90e33ea3e034f4620836309fb915186da929b0c38aa3d835e60ea632fafd683623f44c41e72a879baf19de9561179

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1029\resources\wallpapers\sea_static.jpg

Filesize
300KB

MD5
5e1d673daa7286af82eb4946047fe465

SHA1
02370e69f2a43562f367aa543e23c2750df3f001

SHA256
1605169330d8052d726500a2605da63b30613ac743a7fbfb04e503a4056c4e8a

SHA512
03f4abc1eb45a66ff3dcbb5618307867a85f7c5d941444c2c1e83163752d4863c5fc06a92831b88c66435e689cdfccdc226472be3fdef6d9cb921871156a0828

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad\settings.dat

Filesize
48B

MD5
72872e9035573b21da299bbe62a7f4f4

SHA1
144162ca567683c3787b0d9566719ef5dd1c292c

SHA256
d816f5ee642c9ad1f08d1fc652edc1b4365b562728deeccddb9ec0b970e87f4e

SHA512
daa6835b32c3d5cb9ca89a554f6bdcb684502fd48d43020f9c952226fb57fec8b93e6c520405b2a92a5872f0c08ce4cd6e332588e90eb8c44c309d4371c4f84d

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\51857819-5ed8-4e1d-aa77-ec72799c96e1.tmp

Filesize
15KB

MD5
1bfacec2c35e0adf736001ca93e26cef

SHA1
17f2afb0900cb661d7646626293dcc7753882f1f

SHA256
d5166167121c643c977515b9fd698bd177fc6944c68b4a25a0a0a63f455dd451

SHA512
b5a7f578d6a37a4dbd14174c6dc04582e68f461718acbcefd506f2bb25ebc166ed71da98316855838063cdd828e43a004a8750458b2143561e132617e3e20f17

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Cache\Cache_Data\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Cache\Cache_Data\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Cache\Cache_Data\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
847137395103c9a7a4e119020f03281f

SHA1
4e4d75eb803e7bbf4b1a53be0136acec69754175

SHA256
5fe6cf9d6aa995a83a9a4ec0da3daac81a5279404443da0a751a0c9f14966fb7

SHA512
c17501f84495fab02a19da477e52353afb52c74064849ed077a023c366d4c04bd841a2d084a96d7b353a92f61a3f745ded07f67acd1b51f8e6150489d33a18b5

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
cf062163552afc916d37eba2cbfd2ce3

SHA1
20e9e0ed03c39cc07e8b0d2a743df5741867b972

SHA256
e7ee09cab8cf901928be0f3d1bcdd5961797bbb5c988c35d16ca9521d9498ed3

SHA512
6f8b471eb9b03f51304c9fd836210357140b8e3308bcaa93366d17783e3c7ae1186f127170ceaeeb3ba300c37427af89bb6b898c29cbcc2700525b2b9f617127

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3e38b40e0769cff80d42c030770a8210

SHA1
3c615fa65f985c6197768d38cd29a47889eabbf4

SHA256
8e8fd3618a2e3d0f32cd13df7310b5b04449e274146ef6b22054981e2c46f141

SHA512
a4fea1c47ea2b7284887d13cf9980a12c1feed81b10fbc248089d04d59069317d2635c80315952a93174b26773f50b31cd10b88dbd3c53886f3fde9cc56bf796

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
48088fa63cae3d9c7823806a80c0d8b1

SHA1
878958e8a404fcb48e44aa5e69f5ca854d7f8f29

SHA256
56dd3bac70c829ac42289f187c7f791dac2c250eea94f08f9d97253409b43e94

SHA512
964c81bb33c79670aa1ee8725a0251cf68e7577d11d1705a28fad3055967f36fae92300f2cb765a65176c4b581c606cc43378eb8ab4a15cdb0d8b1ccd4b0e48c

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4b6c4892b3b178587d71ae459b52657f

SHA1
4eca190b999ff2301643b0412c9bb6e8a3abb84b

SHA256
b6478eea271bb421d1d945565b8fb15033cc050d6fcac9f25d0d15f07b9cf637

SHA512
501d8788f45650aba1df57aaf88c4a8c4972b60cc5be183125f8e520641372eaccf7eb9fd1b52e522f11f45022dca75864f76ddc18538ef1171a0fdae2575e5b

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a85f32864a897c7dad5b968249ea9235

SHA1
645dad208b564da78f714195acddecf8b77d3fd1

SHA256
9e2e08ccd29b7ac01a050bd4172988abb4acf45599ffeb9987edf9c694bcd108

SHA512
3a917ab32d8a51923cea30e95cf910cc2caf785732866ba3d54d0d2662e03e81ce36d90b6088ac8535d1095fcdd0d30beb849c30e08a4dd18f81cde82c7efb23

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

Filesize
11KB

MD5
ed1a31b84baf291c23eecf087e0da004

SHA1
515aa40010eda5065fc74cded74517b4319def34

SHA256
a28a188abb934dffd46b4562a1da38767e94e166f9e9e01277f8d426dca5b251

SHA512
f532d7d0e97f3ddbf424df2e6a58bd18a702922eea2e460254fcd7ed8558937035476161fd59aec0f1d8c5cde50a9e646a7c1f7989fa7b6d994bb4b61fa4a50d

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

Filesize
14KB

MD5
a34e46834b47bd7c6c79a55e66d85f92

SHA1
8adfd8197ccd17441da1907a26961dd917f5f5c6

SHA256
fd8fe2f5e5b978de9d1303da1e2fc1de117ffde3cefd7a779ff498c7c2582e31

SHA512
e64612952092c57b9442c80cf451d62fa98c11e2675f400f1abbd68d104dd278325e986aae30fc53fee3f1d9bb609dfe8b8f9d1d3d6a9e651c2d12dbeb88c0df

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

Filesize
7KB

MD5
8d57ed75b107273bd76c481ad71dcc21

SHA1
3bf044badfcdae48b4400aa27808d21830ece7b6

SHA256
f54a4c2109d7e1b95b2857a8803f96e6f2a570c42cc9760555727e1b130c5ba0

SHA512
4c403ed94983a469849cc0d4cc631dc33f38483c725f69488b3ce6a2d954b528e4ff2613badb450877fac80344761595fb226d8f35d42a6bf6fab2d27bbe0570

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Site Characteristics Database\000002.dbtmp

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Site Characteristics Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Sync Data\LevelDB\CURRENT~RFf77b7bb.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\c3379659-699e-4605-a8e1-840ed02d83d1\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Wallpapers\store\picture-13368094744284000

Filesize
536KB

MD5
3bf3da7f6d26223edf5567ee9343cd57

SHA1
50b8deaf89c88e23ef59edbb972c233df53498a2

SHA256
2e6f376222299f8142ff330e457867bad3300b21d96daec53579bf011629b896

SHA512
fef8e951c6cf5cec82dbeafd306de3ad46fd0d90e3f41dcea2a6046c95ab1ae39bf8a6e4a696580246c11330d712d4e6e8757ba24bbf180eec1e98a4aec1583b

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Wallpapers\store\preview-13368094744284000

Filesize
5KB

MD5
9f6a43a5a7a5c4c7c7f9768249cbcb63

SHA1
36043c3244d9f76f27d2ff2d4c91c20b35e4452a

SHA256
add61971c87104187ae89e50cec62a196d6f8908315e85e76e16983539fba04b

SHA512
56d7bd72c8a380099309c36912513bcafbe1970830b000a1b89256aae20137c88e1e281f2455bb381ab120d682d6853d1ef05d8c57dd68a81a24b7a2a8d61387

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\bcadigmkecmhhknameopgaidphameinh\Icons\16.png

Filesize
699B

MD5
238b0e7dc06028db4b6aba8078740ffb

SHA1
5fd2309587993b371beabb7a9d039e0dba3006ba

SHA256
d159e510392f6da58c4d15cc098171d45c7b02a1362cbf7be7a2d47a1a10e7fc

SHA512
1dda4de21be647067c04dfc47174df39d0c6c1eeee3e9005211f908351b69d6a27ed268b5ec7480285fb203a95136a3a205f7bafb7eb5223a3dcbab0dadc0e5d

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\bcadigmkecmhhknameopgaidphameinh\Icons\48.png

Filesize
2KB

MD5
7cf35c8c1a7bd815f6beea2ef9a5a258

SHA1
758f98bfed64e09e0cc52192827836f9e1252fd1

SHA256
67c320fa485a8094fc91cd3fcd59a7c75d2474e3046a7eb274b01863257fbe01

SHA512
0bbebde654c9f44cf56b74fc1a9525b62c88724ec80658efede3cbb370c3a6d4f3e78df459bbd0559a51838f4a172bdfcd370bd5477038309024b77cd69f2a15

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\def9394f-80e6-4a24-9ef4-f7ad0cb7d170.tmp

Filesize
10KB

MD5
6f888c0c58a390f90a1367e682135c1b

SHA1
75fb04362d3e43998a2a8c8eae4c8ca05f26f4c7

SHA256
b43c42f78ec9c0eff62ef81597d37688476ad031a5b1fbbccfd1180ffea7cdc0

SHA512
26deaa7806fd44175fc7bece6895b7e3b62daaec9ebc37db8a1bbb12d4880bf1ff4854bcf7a68b0b2f89dca924c3a6aa04b32389f94bd15adb6cb158729f3704

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\e4759eb8-8d03-4983-b6ca-366e1b7d8364.tmp

Filesize
160KB

MD5
54497ce2271deb0e673ec048b44da343

SHA1
5f886314234b7aa6a4da5efc937a9d63ed007727

SHA256
3dcf052bb8050fa32f28873bb665f63f457799cb9a92549fb2dbea94014f929b

SHA512
d0d77d763b1b12c1b9d7a9a3f2aee4640ed5fb10d828b7c3c2cb051504c2b7b6438309124b934b346a4152c0aca009883d6bda42dc997188b8ca2736ac3419c9

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\f5774f46-3438-4d9b-8337-e48b0e9874ad.tmp

Filesize
38KB

MD5
783213d62a2a002d09ff0984e2f0c34d

SHA1
7a3f557bd29610900bd897337590c9cfac10ae06

SHA256
1c20cb506e0921e4c3a903085ab97e68bf8fca7fdc6c94700ab93bf349bf794e

SHA512
240f93301b76c28d6bce670fcb02e6f3dc66f7fa00490d07840ef201ef6f2a4da0c31b5da81aa25ff1dad6111f90db1a15f6413f7a56b8e8f687587d1c071e02

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\ae23685d-0895-4f99-af45-2e166a57c751.tmp

Filesize
190KB

MD5
d30ca531e23b0c79c37d0c9a7cb15b8e

SHA1
b58c6dd87d701e70b5aeae0c21fb27aba1cdd342

SHA256
1037cd68fc6846bf6fcf2f4a18367023aba01f5ebf3a32dbb7f1f4cf7bf7fcdb

SHA512
c68d08111f6058f22c60c4f4ed0964dbe7b9048b7a01260fdebe47ab8e25f94f0583ba77155b32ae63dcb504f96dba5b150fc9f7f360e8d88e3a0e0b8ca0a452

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\component_crx_cache\oimompecagnajdejgnnjijobebaeigek_1.d9a253514b6a010dfc1916c55246797e5773f13844ea3ec2d25078e845fef760

Filesize
13.7MB

MD5
17c227679ab0ed29eae2192843b1802f

SHA1
cc78820a5be29fd58da8ef97f756b5331db3c13e

SHA256
d9a253514b6a010dfc1916c55246797e5773f13844ea3ec2d25078e845fef760

SHA512
7e33288afd65948a5752323441c42fcc437d7c12d1eaf7a9b6ae1995784d0771e15637f23cc6bc958e40ea870414543d67a27b4c20331fde93d5b6dc6a59cbaf

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex.lnk

Filesize
2KB

MD5
cd20ef2323fa9c7b7c7a1ced2c389825

SHA1
ff289c4b2537c8fe15554f6f5e0ef301ac87e395

SHA256
92d7082eee5588ce400d43a7e1b23a18af816dd5bfb8fb274c8ace48325bfb94

SHA512
f97a9d5b0f6c068370debb389ba7dca6c736b9712bb1b52d968d99689914281723d752ba89d0c7baca4f0abca79698681dc6a30773afd0adb26a444edb31a3a7

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
64ec3c90032408b134cb66811c135fba

SHA1
74615522b7102745c9533b37459b0afc5c9f66ef

SHA256
14a50c7fce8530c1015d5f9664bee894e78c15435410e551a169e9351c4bfd0e

SHA512
5f8e035466278f44c34899217b4480db09f0d242e38f8c481b6fa4b9e6b733b12c366d0f4bda69a2fc07e90bd28b1a28f9a1a3df0b38f5374aee36f5e727dc5b

Download Submit
\Users\Admin\AppData\Local\Temp\YB_6B957.tmp\setup.exe

Filesize
4.9MB

MD5
cbe88b139c373792a8f9cfea1116e00f

SHA1
5c1058ba01b2a886aa8c342f865027967340ea27

SHA256
c53a5862ac68eafa66dd4ff5bc0d18636b88838017e8bdab64f4c7668a19a7ab

SHA512
59250d6c2dc8064131492a094e72d6c065bdae296ad02299608a66e7445860d1f22fc952a909c07667e63d18d798b0e16712efc2086413e395955b6c8d9fe296

Download Submit
\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

Filesize
4.4MB

MD5
3fc029221ef4d4760a8c3d09600da615

SHA1
bf1f892004e6d30193d087fc4dc6c438be9e5756

SHA256
f048d57f37a6f3bd850f9059c47606728110fbf5761551704b52d6e9637efdf6

SHA512
6b2dd02ca9fb843af14b46eb71bb6b310906e47d3313a1d865f160dd843138145302092ceb8d87a1b35a13b09dc662265dee3d7a1596bd35d9f2b7746da9e100

Download Submit
\Windows\Temp\sdwra_2880_2053142966\service_update.exe

Filesize
2.9MB

MD5
15886a3a4dfbbcd9e422e1f130e12f02

SHA1
9a79dd81b1d9201fa74ea568a604d41e653b3a11

SHA256
26f94ec35d9ce5816044fb58df265e10ea8cb53b96105427ea4bf6cb57ce485f

SHA512
a14c76b4e5042e264034849d05753ec387dfcbfbcd8015d58254e468dca269f9d5f0e4fb91c762b2eac57133692768447d3ed77c306b4b34e497a4b5764122ac

Download Submit
memory/1916-2470-0x000000000C270000-0x000000000C63D000-memory.dmp

Filesize
3.8MB

Download
memory/1916-2469-0x000000000C270000-0x000000000C63D000-memory.dmp

Filesize
3.8MB

Download
memory/1916-2471-0x000000000C270000-0x000000000C63D000-memory.dmp

Filesize
3.8MB

Download
memory/1916-2468-0x000000000C260000-0x000000000C261000-memory.dmp

Filesize
4KB

Download
memory/1916-2472-0x000000000C640000-0x000000000C641000-memory.dmp

Filesize
4KB

Download
memory/2232-1543-0x0000000077800000-0x0000000077801000-memory.dmp

Filesize
4KB

Download
memory/2232-1511-0x0000000000060000-0x0000000000061000-memory.dmp

Filesize
4KB

Download
memory/2880-1372-0x0000000001E30000-0x0000000001E40000-memory.dmp

Filesize
64KB

Download