33edb139f84bc332a7ccc4b996ac1e4f8e099314ce9b77ec5d8612eb26739008

Analysis

max time kernel
150s
max time network
150s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
18/08/2024, 07:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

33edb139f84bc332a7ccc4b996ac1e4f8e099314ce9b77ec5d8612eb26739008.exe
Size

10.4MB
MD5

8fca048e9250770dcf929d8104e6c7e7
SHA1

ea68a50e0b67baa86ce8fcb42f52889f6cc5e3a9
SHA256

33edb139f84bc332a7ccc4b996ac1e4f8e099314ce9b77ec5d8612eb26739008
SHA512

75574d1f9eae18038b3060bffccd37d2eac83cc2e65020aaada9b8d557a558ce2cd2dd50aa70c282c0e7cb9d34f07d09c7f0a867f7e542f7099a50aa41b43042
SSDEEP

196608:gUZWC2SSJ7PbDdh0HtQba8z1sjzkAilU4I4:gUZB25J7PbDjOQba8psjzyz

Score

8^/10

discovery persistence spyware stealer

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 8 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Control Panel\International\Geo\Nation	browser.exe

Executes dropped EXE 60 IoCs

pid	Process
2648	ybB04C.tmp
2612	setup.exe
840	setup.exe
916	setup.exe
3028	service_update.exe
2696	service_update.exe
3000	service_update.exe
2344	service_update.exe
2476	service_update.exe
1972	service_update.exe
2032	Yandex.exe
844	clidmgr.exe
1604	clidmgr.exe
2356	browser.exe
2404	browser.exe
2592	browser.exe
2932	browser.exe
2992	browser.exe
2972	browser.exe
1604	browser.exe
2260	browser.exe
1476	browser.exe
2264	browser.exe
1712	browser.exe
2132	browser.exe
2832	browser.exe
2160	browser.exe
2844	browser.exe
2244	browser.exe
1644	browser.exe
2324	browser.exe
2168	browser.exe
2424	browser.exe
2300	browser.exe
580	browser.exe
2336	browser.exe
1164	browser.exe
1212	browser.exe
3112	browser.exe
1876	browser.exe
2756	browser.exe
2804	browser.exe
3212	browser.exe
3608	browser.exe
3912	browser.exe
3124	browser.exe
2652	browser.exe
2152	browser.exe
3244	browser.exe
2336	browser.exe
3368	browser.exe
3796	browser.exe
3920	browser.exe
1936	browser.exe
2856	browser.exe
2424	browser.exe
3080	browser.exe
1664	browser.exe
3304	browser.exe
3996	browser.exe

Loads dropped DLL 64 IoCs

pid	Process
2568	33edb139f84bc332a7ccc4b996ac1e4f8e099314ce9b77ec5d8612eb26739008.exe
2568	33edb139f84bc332a7ccc4b996ac1e4f8e099314ce9b77ec5d8612eb26739008.exe
2568	33edb139f84bc332a7ccc4b996ac1e4f8e099314ce9b77ec5d8612eb26739008.exe
2716	33edb139f84bc332a7ccc4b996ac1e4f8e099314ce9b77ec5d8612eb26739008.exe
2648	ybB04C.tmp
2612	setup.exe
2612	setup.exe
2612	setup.exe
840	setup.exe
840	setup.exe
840	setup.exe
3028	service_update.exe
3028	service_update.exe
3028	service_update.exe
3028	service_update.exe
3028	service_update.exe
3000	service_update.exe
3000	service_update.exe
2476	service_update.exe
840	setup.exe
840	setup.exe
840	setup.exe
840	setup.exe
840	setup.exe
2032	Yandex.exe
840	setup.exe
840	setup.exe
840	setup.exe
2356	browser.exe
2404	browser.exe
2356	browser.exe
2592	browser.exe
2592	browser.exe
2932	browser.exe
2992	browser.exe
2992	browser.exe
2932	browser.exe
2972	browser.exe
2972	browser.exe
2932	browser.exe
2932	browser.exe
2932	browser.exe
1604	browser.exe
1604	browser.exe
2260	browser.exe
2260	browser.exe
1476	browser.exe
2264	browser.exe
2264	browser.exe
1476	browser.exe
1712	browser.exe
2132	browser.exe
1712	browser.exe
2132	browser.exe
2832	browser.exe
2832	browser.exe
2832	browser.exe
2832	browser.exe
2832	browser.exe
2832	browser.exe
2832	browser.exe
2832	browser.exe
2832	browser.exe
2832	browser.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Run\YandexBrowserAutoLaunch_45886AE68CD319C7351FF54A1DBD4B87 = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --shutdown-if-not-closed-by-system-restart"	browser.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks system information in the registry 2 TTPs 5 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	browser.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	browser.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	browser.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	browser.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	browser.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Yandex\ui	service_update.exe

Drops file in Program Files directory 3 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1030\service_update.exe	service_update.exe
File opened for modification	C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1030\service_update.exe	service_update.exe
File opened for modification	C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1030\debug.log	service_update.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\Tasks\System update for Yandex Browser.job	service_update.exe
File created	C:\Windows\Tasks\Update for Yandex Browser.job	service_update.exe
File created	C:\Windows\Tasks\Repairing Yandex Browser update service.job	service_update.exe
File created	C:\Windows\Tasks\Обновление Браузера Яндекс.job	browser.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 62 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	service_update.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	clidmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	service_update.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Yandex.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	clidmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	33edb139f84bc332a7ccc4b996ac1e4f8e099314ce9b77ec5d8612eb26739008.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	service_update.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	service_update.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	service_update.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	33edb139f84bc332a7ccc4b996ac1e4f8e099314ce9b77ec5d8612eb26739008.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	service_update.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ybB04C.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	browser.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	browser.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	browser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	browser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	browser.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	browser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	browser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	browser.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	browser.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow	service_update.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\Yandex	service_update.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\Yandex\UICreated_SYSTEM = "1"	service_update.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\Yandex	service_update.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	service_update.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\.css\OpenWithProgids\YandexCSS.U75NYLVNSBYAKTF4XN3GUJUBFI	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\yabrowser\shell	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\YandexSVG.U75NYLVNSBYAKTF4XN3GUJUBFI\ = "Yandex Browser SVG Document"	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\YandexHTML.U75NYLVNSBYAKTF4XN3GUJUBFI\Application\ApplicationIcon = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,0"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\YandexJPEG.U75NYLVNSBYAKTF4XN3GUJUBFI\ = "Yandex Browser JPEG Document"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\.webm\OpenWithProgids\YandexWEBM.U75NYLVNSBYAKTF4XN3GUJUBFI	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\.shtml\ = "YandexHTML.U75NYLVNSBYAKTF4XN3GUJUBFI"	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\http\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,0"	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\YandexBrowser.crx\Application\ApplicationDescription = "Яндекс\u00a0Браузер – это быстрая и\u00a0удобная программа для\u00a0работы в\u00a0интернете и\u00a0просмотра веб-страниц."	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\YandexXML.U75NYLVNSBYAKTF4XN3GUJUBFI\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\.infected\OpenWithProgids	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\.mhtml\OpenWithProgids	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\YandexCSS.U75NYLVNSBYAKTF4XN3GUJUBFI\shell\open\command	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\YandexFB2.U75NYLVNSBYAKTF4XN3GUJUBFI\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-122"	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\YandexSWF.U75NYLVNSBYAKTF4XN3GUJUBFI\ = "Yandex Browser SWF Document"	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\YandexFB2.U75NYLVNSBYAKTF4XN3GUJUBFI\shell\open\command	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\YandexJPEG.U75NYLVNSBYAKTF4XN3GUJUBFI\Application	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\YandexBrowser.crx\Application\ApplicationCompany = "Yandex"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\.infected\OpenWithProgids\YandexINFE.U75NYLVNSBYAKTF4XN3GUJUBFI	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\YandexJPEG.U75NYLVNSBYAKTF4XN3GUJUBFI\DefaultIcon	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\YandexSVG.U75NYLVNSBYAKTF4XN3GUJUBFI\Application	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\YandexJS.U75NYLVNSBYAKTF4XN3GUJUBFI\shell\open	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\YandexPNG.U75NYLVNSBYAKTF4XN3GUJUBFI\shell\open\command	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\http\shell	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\https\shell\open\ddeexec\	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\SystemFileAssociations\.jpg\shell\image_search	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\YandexWEBP.U75NYLVNSBYAKTF4XN3GUJUBFI	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\yabrowser\shell\ = "open"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\YandexFB2.U75NYLVNSBYAKTF4XN3GUJUBFI\Application\ApplicationIcon = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,0"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\YandexWEBP.U75NYLVNSBYAKTF4XN3GUJUBFI\shell\open	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\YandexGIF.U75NYLVNSBYAKTF4XN3GUJUBFI\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1"	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\.xhtml\OpenWithProgids\YandexHTML.U75NYLVNSBYAKTF4XN3GUJUBFI	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\yabrowser\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1"	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\yabrowser\shell\open\ddeexec\	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\.txt\OpenWithProgids\YandexTXT.U75NYLVNSBYAKTF4XN3GUJUBFI	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\YandexSVG.U75NYLVNSBYAKTF4XN3GUJUBFI\Application\ApplicationCompany = "Yandex"	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\YandexINFE.U75NYLVNSBYAKTF4XN3GUJUBFI\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-135"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\YandexWEBP.U75NYLVNSBYAKTF4XN3GUJUBFI\DefaultIcon	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\.infected\OpenWithProgids	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\YandexWEBP.U75NYLVNSBYAKTF4XN3GUJUBFI\Application\AppUserModelId = "Yandex.U75NYLVNSBYAKTF4XN3GUJUBFI"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\.svg\OpenWithProgids\YandexSVG.U75NYLVNSBYAKTF4XN3GUJUBFI	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\.txt	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\.webp\OpenWithProgids	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\YandexINFE.U75NYLVNSBYAKTF4XN3GUJUBFI\Application\ApplicationCompany = "Yandex"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\YandexTXT.U75NYLVNSBYAKTF4XN3GUJUBFI\shell	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\.txt\OpenWithProgids	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\YandexPDF.U75NYLVNSBYAKTF4XN3GUJUBFI\Application	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\YandexHTML.U75NYLVNSBYAKTF4XN3GUJUBFI\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\YandexINFE.U75NYLVNSBYAKTF4XN3GUJUBFI\Application	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\YandexJS.U75NYLVNSBYAKTF4XN3GUJUBFI	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\YandexJS.U75NYLVNSBYAKTF4XN3GUJUBFI\Application	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\YandexTIFF.U75NYLVNSBYAKTF4XN3GUJUBFI\DefaultIcon	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\YandexTXT.U75NYLVNSBYAKTF4XN3GUJUBFI\Application\ApplicationDescription = "Яндекс\u00a0Браузер – это быстрая и\u00a0удобная программа для\u00a0работы в\u00a0интернете и\u00a0просмотра веб-страниц."	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\YandexXML.U75NYLVNSBYAKTF4XN3GUJUBFI\Application	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\.crx\OpenWithProgids	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\.js	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\SystemFileAssociations\.bmp\shell\image_search\Icon = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,0"	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\YandexINFE.U75NYLVNSBYAKTF4XN3GUJUBFI\shell\open\command	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\YandexWEBM.U75NYLVNSBYAKTF4XN3GUJUBFI\shell\open	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\.png\OpenWithProgids	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\http\URL Protocol	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\SystemFileAssociations\.bmp	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\YandexXML.U75NYLVNSBYAKTF4XN3GUJUBFI\DefaultIcon	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\.webm	browser.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
840	setup.exe
840	setup.exe
2356	browser.exe
2356	browser.exe
2356	browser.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2356	browser.exe
Token: SeShutdownPrivilege	2356	browser.exe
Token: SeShutdownPrivilege	2356	browser.exe
Token: SeShutdownPrivilege	2356	browser.exe
Token: SeShutdownPrivilege	2356	browser.exe
Token: SeShutdownPrivilege	2356	browser.exe
Token: SeShutdownPrivilege	2356	browser.exe
Token: SeShutdownPrivilege	2356	browser.exe
Token: SeShutdownPrivilege	2356	browser.exe
Token: SeShutdownPrivilege	2356	browser.exe
Token: SeShutdownPrivilege	2356	browser.exe
Token: SeShutdownPrivilege	2356	browser.exe
Token: SeShutdownPrivilege	2356	browser.exe
Token: SeShutdownPrivilege	2356	browser.exe
Token: SeShutdownPrivilege	2356	browser.exe
Token: SeShutdownPrivilege	2356	browser.exe
Token: SeShutdownPrivilege	2356	browser.exe
Token: SeShutdownPrivilege	2356	browser.exe
Token: SeShutdownPrivilege	2356	browser.exe
Token: SeShutdownPrivilege	2356	browser.exe
Token: SeShutdownPrivilege	2356	browser.exe
Token: SeShutdownPrivilege	2356	browser.exe
Token: SeShutdownPrivilege	2356	browser.exe
Token: SeShutdownPrivilege	2356	browser.exe
Token: SeShutdownPrivilege	2356	browser.exe
Token: SeShutdownPrivilege	2356	browser.exe
Token: SeShutdownPrivilege	2356	browser.exe
Token: SeShutdownPrivilege	2356	browser.exe
Token: SeShutdownPrivilege	2356	browser.exe
Token: SeShutdownPrivilege	2356	browser.exe
Token: SeShutdownPrivilege	2356	browser.exe
Token: SeShutdownPrivilege	2356	browser.exe
Token: SeShutdownPrivilege	2356	browser.exe
Token: SeShutdownPrivilege	2356	browser.exe
Token: SeShutdownPrivilege	2356	browser.exe
Token: SeShutdownPrivilege	2356	browser.exe
Token: SeShutdownPrivilege	2356	browser.exe
Token: SeShutdownPrivilege	2356	browser.exe
Token: SeShutdownPrivilege	2356	browser.exe
Token: SeShutdownPrivilege	2356	browser.exe
Token: SeShutdownPrivilege	2356	browser.exe
Token: SeShutdownPrivilege	2356	browser.exe
Token: SeShutdownPrivilege	2356	browser.exe
Token: SeShutdownPrivilege	2356	browser.exe
Token: SeShutdownPrivilege	2356	browser.exe
Token: SeShutdownPrivilege	2356	browser.exe
Token: SeShutdownPrivilege	2356	browser.exe
Token: SeShutdownPrivilege	2356	browser.exe
Token: SeShutdownPrivilege	2356	browser.exe
Token: SeShutdownPrivilege	2356	browser.exe
Token: SeShutdownPrivilege	2356	browser.exe
Token: SeShutdownPrivilege	2356	browser.exe
Token: SeShutdownPrivilege	2356	browser.exe
Token: SeShutdownPrivilege	2356	browser.exe
Token: SeShutdownPrivilege	2356	browser.exe
Token: SeShutdownPrivilege	2356	browser.exe
Token: SeShutdownPrivilege	2356	browser.exe
Token: SeShutdownPrivilege	2356	browser.exe
Token: SeShutdownPrivilege	2356	browser.exe
Token: SeShutdownPrivilege	2356	browser.exe
Token: SeShutdownPrivilege	2356	browser.exe
Token: SeShutdownPrivilege	2356	browser.exe
Token: SeShutdownPrivilege	2356	browser.exe
Token: SeShutdownPrivilege	2356	browser.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
2568	33edb139f84bc332a7ccc4b996ac1e4f8e099314ce9b77ec5d8612eb26739008.exe
2356	browser.exe
2356	browser.exe
2356	browser.exe
2356	browser.exe
2356	browser.exe
2356	browser.exe
2356	browser.exe
2356	browser.exe
2356	browser.exe
2356	browser.exe
2356	browser.exe
2356	browser.exe
2356	browser.exe
2356	browser.exe
2356	browser.exe
2356	browser.exe
2356	browser.exe
2356	browser.exe
2356	browser.exe
2356	browser.exe
2356	browser.exe
2356	browser.exe
2356	browser.exe
2356	browser.exe
2356	browser.exe
2356	browser.exe
2356	browser.exe
2356	browser.exe
2356	browser.exe
2356	browser.exe
2356	browser.exe
2356	browser.exe
2356	browser.exe
2356	browser.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2356	browser.exe
2356	browser.exe
2356	browser.exe
2356	browser.exe
2356	browser.exe
2356	browser.exe
2356	browser.exe
2356	browser.exe
2356	browser.exe
2356	browser.exe
2356	browser.exe
2356	browser.exe
2356	browser.exe
2356	browser.exe
2356	browser.exe
2356	browser.exe
2356	browser.exe
2356	browser.exe
2356	browser.exe
2356	browser.exe
2356	browser.exe
2356	browser.exe
2356	browser.exe
2356	browser.exe
2356	browser.exe
2356	browser.exe
2356	browser.exe
2356	browser.exe
2356	browser.exe
2356	browser.exe
2356	browser.exe
2356	browser.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2568	33edb139f84bc332a7ccc4b996ac1e4f8e099314ce9b77ec5d8612eb26739008.exe
2356	browser.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2568 wrote to memory of 2716	2568	33edb139f84bc332a7ccc4b996ac1e4f8e099314ce9b77ec5d8612eb26739008.exe	30
PID 2568 wrote to memory of 2716	2568	33edb139f84bc332a7ccc4b996ac1e4f8e099314ce9b77ec5d8612eb26739008.exe	30
PID 2568 wrote to memory of 2716	2568	33edb139f84bc332a7ccc4b996ac1e4f8e099314ce9b77ec5d8612eb26739008.exe	30
PID 2568 wrote to memory of 2716	2568	33edb139f84bc332a7ccc4b996ac1e4f8e099314ce9b77ec5d8612eb26739008.exe	30
PID 2568 wrote to memory of 2716	2568	33edb139f84bc332a7ccc4b996ac1e4f8e099314ce9b77ec5d8612eb26739008.exe	30
PID 2568 wrote to memory of 2716	2568	33edb139f84bc332a7ccc4b996ac1e4f8e099314ce9b77ec5d8612eb26739008.exe	30
PID 2568 wrote to memory of 2716	2568	33edb139f84bc332a7ccc4b996ac1e4f8e099314ce9b77ec5d8612eb26739008.exe	30
PID 2716 wrote to memory of 2648	2716	33edb139f84bc332a7ccc4b996ac1e4f8e099314ce9b77ec5d8612eb26739008.exe	33
PID 2716 wrote to memory of 2648	2716	33edb139f84bc332a7ccc4b996ac1e4f8e099314ce9b77ec5d8612eb26739008.exe	33
PID 2716 wrote to memory of 2648	2716	33edb139f84bc332a7ccc4b996ac1e4f8e099314ce9b77ec5d8612eb26739008.exe	33
PID 2716 wrote to memory of 2648	2716	33edb139f84bc332a7ccc4b996ac1e4f8e099314ce9b77ec5d8612eb26739008.exe	33
PID 2716 wrote to memory of 2648	2716	33edb139f84bc332a7ccc4b996ac1e4f8e099314ce9b77ec5d8612eb26739008.exe	33
PID 2716 wrote to memory of 2648	2716	33edb139f84bc332a7ccc4b996ac1e4f8e099314ce9b77ec5d8612eb26739008.exe	33
PID 2716 wrote to memory of 2648	2716	33edb139f84bc332a7ccc4b996ac1e4f8e099314ce9b77ec5d8612eb26739008.exe	33
PID 2648 wrote to memory of 2612	2648	ybB04C.tmp	34
PID 2648 wrote to memory of 2612	2648	ybB04C.tmp	34
PID 2648 wrote to memory of 2612	2648	ybB04C.tmp	34
PID 2648 wrote to memory of 2612	2648	ybB04C.tmp	34
PID 2648 wrote to memory of 2612	2648	ybB04C.tmp	34
PID 2648 wrote to memory of 2612	2648	ybB04C.tmp	34
PID 2648 wrote to memory of 2612	2648	ybB04C.tmp	34
PID 2612 wrote to memory of 840	2612	setup.exe	35
PID 2612 wrote to memory of 840	2612	setup.exe	35
PID 2612 wrote to memory of 840	2612	setup.exe	35
PID 2612 wrote to memory of 840	2612	setup.exe	35
PID 2612 wrote to memory of 840	2612	setup.exe	35
PID 2612 wrote to memory of 840	2612	setup.exe	35
PID 2612 wrote to memory of 840	2612	setup.exe	35
PID 840 wrote to memory of 916	840	setup.exe	36
PID 840 wrote to memory of 916	840	setup.exe	36
PID 840 wrote to memory of 916	840	setup.exe	36
PID 840 wrote to memory of 916	840	setup.exe	36
PID 840 wrote to memory of 916	840	setup.exe	36
PID 840 wrote to memory of 916	840	setup.exe	36
PID 840 wrote to memory of 916	840	setup.exe	36
PID 840 wrote to memory of 3028	840	setup.exe	38
PID 840 wrote to memory of 3028	840	setup.exe	38
PID 840 wrote to memory of 3028	840	setup.exe	38
PID 840 wrote to memory of 3028	840	setup.exe	38
PID 840 wrote to memory of 3028	840	setup.exe	38
PID 840 wrote to memory of 3028	840	setup.exe	38
PID 840 wrote to memory of 3028	840	setup.exe	38
PID 3028 wrote to memory of 2696	3028	service_update.exe	39
PID 3028 wrote to memory of 2696	3028	service_update.exe	39
PID 3028 wrote to memory of 2696	3028	service_update.exe	39
PID 3028 wrote to memory of 2696	3028	service_update.exe	39
PID 3028 wrote to memory of 2696	3028	service_update.exe	39
PID 3028 wrote to memory of 2696	3028	service_update.exe	39
PID 3028 wrote to memory of 2696	3028	service_update.exe	39
PID 3000 wrote to memory of 2344	3000	service_update.exe	41
PID 3000 wrote to memory of 2344	3000	service_update.exe	41
PID 3000 wrote to memory of 2344	3000	service_update.exe	41
PID 3000 wrote to memory of 2344	3000	service_update.exe	41
PID 3000 wrote to memory of 2344	3000	service_update.exe	41
PID 3000 wrote to memory of 2344	3000	service_update.exe	41
PID 3000 wrote to memory of 2344	3000	service_update.exe	41
PID 3000 wrote to memory of 2476	3000	service_update.exe	42
PID 3000 wrote to memory of 2476	3000	service_update.exe	42
PID 3000 wrote to memory of 2476	3000	service_update.exe	42
PID 3000 wrote to memory of 2476	3000	service_update.exe	42
PID 3000 wrote to memory of 2476	3000	service_update.exe	42
PID 3000 wrote to memory of 2476	3000	service_update.exe	42
PID 3000 wrote to memory of 2476	3000	service_update.exe	42
PID 2476 wrote to memory of 1972	2476	service_update.exe	43

C:\Users\Admin\AppData\Local\Temp\33edb139f84bc332a7ccc4b996ac1e4f8e099314ce9b77ec5d8612eb26739008.exe
"C:\Users\Admin\AppData\Local\Temp\33edb139f84bc332a7ccc4b996ac1e4f8e099314ce9b77ec5d8612eb26739008.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2568
- C:\Users\Admin\AppData\Local\Temp\33edb139f84bc332a7ccc4b996ac1e4f8e099314ce9b77ec5d8612eb26739008.exe
  "C:\Users\Admin\AppData\Local\Temp\33edb139f84bc332a7ccc4b996ac1e4f8e099314ce9b77ec5d8612eb26739008.exe" --parent-installer-process-id=2568 --run-as-admin --setup-cmd-line="fake_browser_arc --abt-config-resource-file=\"C:\Users\Admin\AppData\Local\Temp\abt_config_resource\" --abt-update-path=\"C:\Users\Admin\AppData\Local\Temp\601267e9-5fe7-4d52-9164-4861417f331c.tmp\" --brand-name=yandex --browser-present=none --distr-info-file=\"C:\Users\Admin\AppData\Local\Temp\distrib_info\" --installer-brand-id=yandex --installer-partner-id=exp_firstscreen_2 --make-browser-default-after-import --progress-window=459284 --send-statistics --testids=1045949 --variations-update-path=\"C:\Users\Admin\AppData\Local\Temp\77f48f27-7c86-4f9a-8e53-801c8e4dc9e5.tmp\" --verbose-logging"
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2716
- - C:\Users\Admin\AppData\Local\Temp\ybB04C.tmp
    "C:\Users\Admin\AppData\Local\Temp\ybB04C.tmp" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\601267e9-5fe7-4d52-9164-4861417f331c.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --browser-present=none --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=57 --install-start-time-no-uac=236765000 --installer-brand-id=yandex --installer-partner-id=exp_firstscreen_2 --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --make-browser-default-after-import --partner-package="C:\Users\Admin\AppData\Local\Temp\PartnerFile" --progress-window=459284 --send-statistics --source=lite --testids=1045949 --variations-update-path="C:\Users\Admin\AppData\Local\Temp\77f48f27-7c86-4f9a-8e53-801c8e4dc9e5.tmp" --verbose-logging
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:2648
  - - C:\Users\Admin\AppData\Local\Temp\YB_1E577.tmp\setup.exe
      "C:\Users\Admin\AppData\Local\Temp\YB_1E577.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_1E577.tmp\BROWSER.PACKED.7Z" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\601267e9-5fe7-4d52-9164-4861417f331c.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --browser-present=none --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=57 --install-start-time-no-uac=236765000 --installer-brand-id=yandex --installer-partner-id=exp_firstscreen_2 --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --make-browser-default-after-import --partner-package="C:\Users\Admin\AppData\Local\Temp\PartnerFile" --progress-window=459284 --send-statistics --source=lite --testids=1045949 --variations-update-path="C:\Users\Admin\AppData\Local\Temp\77f48f27-7c86-4f9a-8e53-801c8e4dc9e5.tmp" --verbose-logging
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:2612
    - - C:\Users\Admin\AppData\Local\Temp\YB_1E577.tmp\setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\YB_1E577.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_1E577.tmp\BROWSER.PACKED.7Z" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\601267e9-5fe7-4d52-9164-4861417f331c.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --browser-present=none --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=57 --install-start-time-no-uac=236765000 --installer-brand-id=yandex --installer-partner-id=exp_firstscreen_2 --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --make-browser-default-after-import --partner-package="C:\Users\Admin\AppData\Local\Temp\PartnerFile" --progress-window=459284 --send-statistics --source=lite --testids=1045949 --variations-update-path="C:\Users\Admin\AppData\Local\Temp\77f48f27-7c86-4f9a-8e53-801c8e4dc9e5.tmp" --verbose-logging --verbose-logging --run-as-admin --target-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application" --child-setup-process --restart-as-admin-time=298634600
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Modifies registry class
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:840
      - C:\Users\Admin\AppData\Local\Temp\YB_1E577.tmp\setup.exe
        
        C:\Users\Admin\AppData\Local\Temp\YB_1E577.tmp\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=2dd7b5e4628752fb0b47757ed5724904 --annotation=main_process_pid=840 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.7.1.1030 --initial-client-data=0x1b0,0x1b4,0x1b8,0x184,0x1bc,0xc69d28,0xc69d34,0xc69d40
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:916
      - C:\Windows\TEMP\sdwra_840_2051206545\service_update.exe
        
        "C:\Windows\TEMP\sdwra_840_2051206545\service_update.exe" --setup
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:3028
        
        C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1030\service_update.exe
        
        "C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1030\service_update.exe" --install
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2696
      - C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe
        
        C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe --silent
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:2032
      - C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
        
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Temp\clids.xml"
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:844
      - C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
        
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\source840_1810836449\Browser-bin\clids_yandex.xml"
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1604

C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1030\service_update.exe
"C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1030\service_update.exe" --run-as-service
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
- Suspicious use of WriteProcessMemory
PID:3000
- C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1030\service_update.exe
  "C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1030\service_update.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=2dd7b5e4628752fb0b47757ed5724904 --annotation=main_process_pid=3000 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.7.1.1030 --initial-client-data=0x13c,0x140,0x144,0x110,0x148,0xbed784,0xbed790,0xbed79c
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2344
- C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1030\service_update.exe
  "C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1030\service_update.exe" --update-scheduler
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2476
- - C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1030\service_update.exe
    "C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1030\service_update.exe" --update-background-scheduler
    3⤵
    - Executes dropped EXE
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    PID:1972

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --progress-window=459284 --install-start-time-no-uac=236765000
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Checks system information in the registry
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2356
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id= --annotation=main_process_pid=2356 --annotation=metrics_client_id=8ba0d7ef9f284ccdbc8844da52fb8525 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.7.1.1030 --initial-client-data=0xf4,0xf8,0xfc,0xc8,0x100,0x73749a14,0x73749a20,0x73749a2c
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2404
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=69619A0E-7C34-4368-97C3-17B337608BB8 --brand-id=yandex --partner-id=exp_firstscreen_2 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --gpu-process-kind=sandboxed --field-trial-handle=1892,i,10675545951012782726,15232983940542533756,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=1888 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2932
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=69619A0E-7C34-4368-97C3-17B337608BB8 --brand-id=yandex --partner-id=exp_firstscreen_2 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=disabled --gpu-process-kind=trampoline --field-trial-handle=1596,i,10675545951012782726,15232983940542533756,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=1900 /prefetch:6
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2592
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=69619A0E-7C34-4368-97C3-17B337608BB8 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Network Service" --field-trial-handle=1864,i,10675545951012782726,15232983940542533756,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2044 --brver=24.7.1.1030 /prefetch:3
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2992
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=ru --service-sandbox-type=service --user-id=69619A0E-7C34-4368-97C3-17B337608BB8 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Storage Service" --field-trial-handle=2296,i,10675545951012782726,15232983940542533756,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2372 --brver=24.7.1.1030 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:1604
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=ru --service-sandbox-type=audio --user-id=69619A0E-7C34-4368-97C3-17B337608BB8 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Audio Service" --field-trial-handle=2768,i,10675545951012782726,15232983940542533756,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2776 --brver=24.7.1.1030 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2972
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=69619A0E-7C34-4368-97C3-17B337608BB8 --brand-id=yandex --partner-id=exp_firstscreen_2 --extension-process --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --enable-ignition --allow-prefetch --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=2972,i,10675545951012782726,15232983940542533756,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2968 /prefetch:2
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2260
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=69619A0E-7C34-4368-97C3-17B337608BB8 --brand-id=yandex --partner-id=exp_firstscreen_2 --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --enable-ignition --allow-prefetch --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3380,i,10675545951012782726,15232983940542533756,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:1476
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=69619A0E-7C34-4368-97C3-17B337608BB8 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=3548,i,10675545951012782726,15232983940542533756,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3520 --brver=24.7.1.1030 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2264
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=69619A0E-7C34-4368-97C3-17B337608BB8 --brand-id=yandex --partner-id=exp_firstscreen_2 --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --enable-ignition --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3720,i,10675545951012782726,15232983940542533756,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3724 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:1712
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=69619A0E-7C34-4368-97C3-17B337608BB8 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=3864,i,10675545951012782726,15232983940542533756,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3860 --brver=24.7.1.1030 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2132
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=69619A0E-7C34-4368-97C3-17B337608BB8 --brand-id=yandex --partner-id=exp_firstscreen_2 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --gpu-process-kind=sandboxed --field-trial-handle=1924,i,10675545951012782726,15232983940542533756,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3944 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2832
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=69619A0E-7C34-4368-97C3-17B337608BB8 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=4496,i,10675545951012782726,15232983940542533756,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4484 --brver=24.7.1.1030 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2160
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=69619A0E-7C34-4368-97C3-17B337608BB8 --brand-id=yandex --partner-id=exp_firstscreen_2 --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --ya-custo-process --enable-instaserp --enable-ignition --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4404,i,10675545951012782726,15232983940542533756,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4408 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2844
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=69619A0E-7C34-4368-97C3-17B337608BB8 --brand-id=yandex --partner-id=exp_firstscreen_2 --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --ya-custo-process --enable-instaserp --enable-ignition --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4876,i,10675545951012782726,15232983940542533756,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4872 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2244
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=69619A0E-7C34-4368-97C3-17B337608BB8 --brand-id=yandex --partner-id=exp_firstscreen_2 --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --enable-ignition --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5040,i,10675545951012782726,15232983940542533756,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1644
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=service --user-id=69619A0E-7C34-4368-97C3-17B337608BB8 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Распаковщик файлов" --field-trial-handle=5200,i,10675545951012782726,15232983940542533756,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5212 --brver=24.7.1.1030 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2324
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=69619A0E-7C34-4368-97C3-17B337608BB8 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=5224,i,10675545951012782726,15232983940542533756,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5296 --brver=24.7.1.1030 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2168
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=69619A0E-7C34-4368-97C3-17B337608BB8 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=5052,i,10675545951012782726,15232983940542533756,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5036 --brver=24.7.1.1030 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2424
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=69619A0E-7C34-4368-97C3-17B337608BB8 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=5152,i,10675545951012782726,15232983940542533756,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5272 --brver=24.7.1.1030 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2300
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=69619A0E-7C34-4368-97C3-17B337608BB8 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=5268,i,10675545951012782726,15232983940542533756,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5324 --brver=24.7.1.1030 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:580
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=69619A0E-7C34-4368-97C3-17B337608BB8 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=5188,i,10675545951012782726,15232983940542533756,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5272 --brver=24.7.1.1030 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2336
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=69619A0E-7C34-4368-97C3-17B337608BB8 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=5368,i,10675545951012782726,15232983940542533756,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5220 --brver=24.7.1.1030 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1876
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=69619A0E-7C34-4368-97C3-17B337608BB8 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=5332,i,10675545951012782726,15232983940542533756,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5308 --brver=24.7.1.1030 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1164
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=69619A0E-7C34-4368-97C3-17B337608BB8 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=5328,i,10675545951012782726,15232983940542533756,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5584 --brver=24.7.1.1030 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2756
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=69619A0E-7C34-4368-97C3-17B337608BB8 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=5340,i,10675545951012782726,15232983940542533756,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5732 --brver=24.7.1.1030 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1212
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=69619A0E-7C34-4368-97C3-17B337608BB8 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=5232,i,10675545951012782726,15232983940542533756,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5348 --brver=24.7.1.1030 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2804
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=69619A0E-7C34-4368-97C3-17B337608BB8 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=5304,i,10675545951012782726,15232983940542533756,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5968 --brver=24.7.1.1030 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3112
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=69619A0E-7C34-4368-97C3-17B337608BB8 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=5384,i,10675545951012782726,15232983940542533756,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5392 --brver=24.7.1.1030 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3212
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=69619A0E-7C34-4368-97C3-17B337608BB8 --brand-id=yandex --partner-id=exp_firstscreen_2 --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --enable-ignition --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=5692,i,10675545951012782726,15232983940542533756,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3608
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=service --user-id=69619A0E-7C34-4368-97C3-17B337608BB8 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Распаковщик файлов" --field-trial-handle=2060,i,10675545951012782726,15232983940542533756,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=1972 --brver=24.7.1.1030 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3912
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=ru --service-sandbox-type=none --user-id=69619A0E-7C34-4368-97C3-17B337608BB8 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Утилиты Windows" --field-trial-handle=2984,i,10675545951012782726,15232983940542533756,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3060 --brver=24.7.1.1030 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1936
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=ru --service-sandbox-type=none --user-id=69619A0E-7C34-4368-97C3-17B337608BB8 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Утилиты Windows" --field-trial-handle=3924,i,10675545951012782726,15232983940542533756,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3036 --brver=24.7.1.1030 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2856
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=service --user-id=69619A0E-7C34-4368-97C3-17B337608BB8 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Распаковщик файлов" --field-trial-handle=2544,i,10675545951012782726,15232983940542533756,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2556 --brver=24.7.1.1030 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3996

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --broupdater --broupdater-origin=auto --bits_job_guid={710E870E-3CF3-4EDD-9B9D-6EB16B09D5C1}
1⤵
- Executes dropped EXE
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
PID:3124
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" --url=https://crash-reports.browser.yandex.net/submit --annotation=install_date=1723964708 --annotation=last_update_date=1723964708 --annotation=launches_after_update=1 --annotation=machine_id=2dd7b5e4628752fb0b47757ed5724904 --annotation=main_process_pid=3124 --annotation=metrics_client_id=8ba0d7ef9f284ccdbc8844da52fb8525 --annotation=micromode=broupdater --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.7.1.1030 --initial-client-data=0xf8,0xfc,0x100,0xcc,0x104,0x73749a14,0x73749a20,0x73749a2c
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2652
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=69619A0E-7C34-4368-97C3-17B337608BB8 --brand-id=yandex --partner-id=exp_firstscreen_2 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --gpu-process-kind=sandboxed --field-trial-handle=1772,i,18018006457874887836,2309011964924572290,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=1844 /prefetch:2
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2152
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=69619A0E-7C34-4368-97C3-17B337608BB8 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Network Service" --field-trial-handle=1952,i,18018006457874887836,2309011964924572290,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=1964 --brver=24.7.1.1030 /prefetch:3
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3244

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --broupdater-stat-bits --broupdater-stat-name=install --bits_job_guid={EDC97D7E-F179-406A-ACC8-032A102EDFC5}
1⤵
- Executes dropped EXE
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
PID:2336
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" --url=https://crash-reports.browser.yandex.net/submit --annotation=install_date=1723964708 --annotation=last_update_date=1723964708 --annotation=launches_after_update=2 --annotation=machine_id=2dd7b5e4628752fb0b47757ed5724904 --annotation=main_process_pid=2336 --annotation=metrics_client_id=8ba0d7ef9f284ccdbc8844da52fb8525 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.7.1.1030 --initial-client-data=0xf8,0xfc,0x100,0xcc,0x104,0x73749a14,0x73749a20,0x73749a2c
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3368
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=69619A0E-7C34-4368-97C3-17B337608BB8 --brand-id=yandex --partner-id=exp_firstscreen_2 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --gpu-process-kind=sandboxed --field-trial-handle=1716,i,5283541253915127802,3921040000096714241,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=1712 /prefetch:2
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3796
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=69619A0E-7C34-4368-97C3-17B337608BB8 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Network Service" --field-trial-handle=1996,i,5283541253915127802,3921040000096714241,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2012 --brver=24.7.1.1030 /prefetch:3
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3920

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --broupdater-stat-bits --broupdater-stat-name=dayuse --bits_job_guid={9F55FC9D-BDD4-447C-AE21-E68B19A0FD78}
1⤵
- Executes dropped EXE
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
PID:2424
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" --url=https://crash-reports.browser.yandex.net/submit --annotation=install_date=1723964708 --annotation=last_update_date=1723964708 --annotation=launches_after_update=3 --annotation=machine_id=2dd7b5e4628752fb0b47757ed5724904 --annotation=main_process_pid=2424 --annotation=metrics_client_id=8ba0d7ef9f284ccdbc8844da52fb8525 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.7.1.1030 --initial-client-data=0xf8,0xfc,0x100,0xcc,0x104,0x73749a14,0x73749a20,0x73749a2c
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3080
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=69619A0E-7C34-4368-97C3-17B337608BB8 --brand-id=yandex --partner-id=exp_firstscreen_2 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --gpu-process-kind=sandboxed --field-trial-handle=1816,i,13413215429844302132,894751271275725071,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=1812 /prefetch:2
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1664
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=69619A0E-7C34-4368-97C3-17B337608BB8 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Network Service" --field-trial-handle=1944,i,13413215429844302132,894751271275725071,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=1960 --brver=24.7.1.1030 /prefetch:3
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3304

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
710B

MD5
de68108daf6d1843bdc4a8d9da4f2db7

SHA1
a550eef16996b7bc31dc43b07ed65514d39bb87a

SHA256
12f1283fb8e295ba7adfe8c237b6caca565785dbe603a490dd9ae3e84cae6f74

SHA512
f5741ebb11760ed61d425dbf5f9815d389d5efa70b3f610e453b31af7cbc68221db549ce37aaef10fd80d3695c383665489f9d6ea48134fbd08c3e08e9f8403b

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
2KB

MD5
0d03e8a509a3294925781e109e9f7920

SHA1
da6835d419fceb003097e5c78ffef9556907435c

SHA256
88d200118475f683634f38ce376eca30689be78f08f16d43ec17e4cf06ab60b5

SHA512
b3995ee4e0700bfe91b96ff0f580b9b2c9e275d082194d64a35f62de92c9a6a3c9f9a2cbce037030e388b5bb9470ee47ae35f62a06ac4056e4c8e1c24facba91

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
2KB

MD5
c5e10af2b9af274a6b592aef536b3550

SHA1
3538ebd445862f64f63e2c725889a65b16cf854c

SHA256
dafd3bb052ad685f2ae36f869a34d4451a435fc19aff2942098614d53323b9ec

SHA512
5c7e834608c5c96b204d4a7e9080c7914248d83bfdc0ef0a38054db55f4ff597d769fa8a1779bd382310f2750f91c0487cf4bdd74e1473387dd04780e2548e10

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
3KB

MD5
8d175083ce00e63b033442a696020d9f

SHA1
18487106c0db7c95116aeb69d716f19c6d0f5b92

SHA256
3ca72b4d564b1fe3ec23654f6c3a7d4761204cc3feef006b83c9d8df961d82f9

SHA512
4b27798397eb3c2ac2dd8833ebb9c9b562c49aee3b011d56c18fae0809aefaf46d5145170db29c064ac2e029fdfe84e39fc314f71411c144d67db193da200a88

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
3KB

MD5
23ba562b625de468875fd1803bb36998

SHA1
eb18e4df8ea2ba3570fc790097a6af0453cefbf9

SHA256
5da694ad640798e2df91faeb36ca48c7cd86d913399c605f7b51df3cae56833d

SHA512
e6851da54c80bc6ee43f841133dad762d0ffc22eb15783f4311b358babf4a7804bed27ad7209422590f654b24d3ddba2eccafdb921be907e6f1d7ab24a5892b5

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
4KB

MD5
34561dadedc1900615565d7af6174cb8

SHA1
ebf50eee7e2e5358a3f71d3c125239fe7ddadfac

SHA256
acc7db10077239dfa1c4970c55eb35c4defeecb5690aae6608ffb9062df22b23

SHA512
7a1685ba12f9ffed0e4c959b24109f3e507bb7e22fcc7077a428bf045bcb6bdbd4f8f1cb27956a608492a255b727f73ab961a5c0dff67d3fa867b92822f6a192

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
5KB

MD5
fc4a7cec527c54fdea89ef9ab9d24b25

SHA1
188b60cdd1bd8e20236c6257710bedc153bcce16

SHA256
345e54aa36dd6178e676b0cbf22e420049b5823e95971813e75ca2be667702dd

SHA512
7c7d3510f909f52af193cdfb1170bd9c4f12fd3b098a431078949368f9f67bc838cdd11dad3358316795e5c21de1c50b5fa6d952ac3ec8e40e15c4cec59b2d5c

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
5KB

MD5
bdceeb8c9786541e401aca06e75da406

SHA1
76c093f3464776c5835c5a50d7a7bd2b684fea8b

SHA256
aebbe919fbb4811d47cd603a651d24c036d7fd37aada2f66697f271a6dbe50af

SHA512
2c37a70939d0ced647d620d4dcb367004299019cf7e6a39b046713bb2b84461202f4b3de46ee3eac0494f140483618c40371ef5c56e25739488487ba6275085c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B

Filesize
1KB

MD5
d220228b4a4e93627b6e46a7d346ca33

SHA1
ee0e30f079d2a8248339e3765ba51f890a0fa2ea

SHA256
992eb154a0a71485904af973d33a4ddfb6933956b1a2c02d23e23460fdf8ad17

SHA512
52b90f8b3d64ca5c2f8c7972e0861f9738e1c14afe0caf6922656d1b2beae5c84b2da50fa34765e91ade86777ff9eb0795aa4968ab66bba15bec5f610b3b7e60

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\349D186F1CB5682FA0194D4F3754EF36_329286CE101A90C7D927A9DF52224760

Filesize
1KB

MD5
3673fa3f0c6da9106174c93d43f689b9

SHA1
3e29e2a00d0daa5697b991b36cc26891f62f0225

SHA256
31f7cd720ecedc35fd18f7a61f92a3e35d69453d2c31f989147e0e2ae408d3e5

SHA512
49551adb8650661e205c6f7b8181a6a5ab2908ab4c278877c92323db3d9771c1100e9e7c36ca9280f7741036efcf3058d51d4180501593474395726a27a12842

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3

Filesize
1KB

MD5
3e7684a6ccc92881e76761485c65919c

SHA1
338bf0d166014e56499f588617d2f8c23966cee9

SHA256
dfcef663086fe341f2f2ad25eb02d24be256d35c84249e2ee2d113270ca9a70b

SHA512
77bcbe714f8fc56df4a877b2231bc6c9d1455fd1d78b497ee31247c237c0af67adf243fde19f45ffd8d28245889d57ea9dce7dfe0b60561d1c11bc82be261320

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B

Filesize
508B

MD5
9687d5ddb8bf617a1126919f97d3f6f3

SHA1
941f976dc5516743553a3aa253fdaa15f1e607b0

SHA256
58dbe111e002c8282aa7282dcd2364fe6cf0c52b428b0a327f9de29880c53bcd

SHA512
f19da5f660664ebbc44bcd94d8cf4b25c4ec00d387a69e01810b3411248e63571f64de6c2f6300ca099ffcedc466379c47f49b8a74f0025dafa9108cdb48cdb3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\349D186F1CB5682FA0194D4F3754EF36_329286CE101A90C7D927A9DF52224760

Filesize
532B

MD5
b9c38143f4d2925eb56febd8c648b5ae

SHA1
9971b9a942a29aa7dfee4fa0f693a07de463f8a4

SHA256
773b2eb5acf0160520eeec53fed35e2d8a5845b7ca9d122a5c3e65473b285ef2

SHA512
4c7fbf8069bc922f0dd439171483c66b08cefd680b1ce662c16e05c4b04af132257d2e5a84d3fddc7e687ce3f89ac2d6ede6aa05d7d2c49a7186ed8060b4c3c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5dfead9a383e813f5ef6240de69743c5

SHA1
8292bbf177fc4400b5f4448558da9926979c1082

SHA256
f25e7208e150b6a61378bfb6d25655fcdd08d359152bb04dfa43720a86a044c9

SHA512
b91256831231fa8721387095b19f004e119f1c4196371e47c8cb62f61953dd878c1e72f74a0fbb020a714fa1d9e7460cf53f5e614c3d1ce6b1650e150d42dd5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2c8989669c2b5eb6f370e9f83fffb479

SHA1
6df0690792d50a91744daf8cbc8b4e04eff486b2

SHA256
9264210fbd74a3ed177ad75682ec18e16a4d7fe51131b6399139a7440b7444ed

SHA512
1938466ab13d940c7b384e6392f77fb5afc527ce227420c5ed2b7168ffaf538adb919ded9b92c1c5a5987d31f83b6e03a874974cbc874790aa3ebe602f7dd239

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c7b5014aa0a5de8847affd35c5c02409

SHA1
a0790a0948e8004c5cd3f59218274f8942784a5f

SHA256
9d855d32af1d36fb16b7f3e23bf336b6a1f68e64cdf90cdb8d4b498b4a0152a2

SHA512
ac74c9bf2ebb22e2356a29188b86655f38109f5ea7008b86fe3041a00dacf7c33482cd5438c7ca6bb8b684c9a4a494b242448d603186238d31eff2514fd345db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2c2231d920143ceba3aa9047084f9653

SHA1
00de382f04bc1b8ce15d17792021e9f92c70d64b

SHA256
963b5c7bae5a056f3c008ca2b49fa61f10c2f1a2c7b1a39237a1045465c7c7b9

SHA512
99bf8ef4f39e4c0ed067756c644d5926a998dcb00585ce91db480fba98044448a3cbf94e161d6495708c0f3c1f05d344538eae461603ad5756343a6b9d2de612

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3

Filesize
506B

MD5
6dfcf0bfcfa03f338b193541c6f216d9

SHA1
ee386ad74e3cd7b6a046bdd7fc563b6f39d9132a

SHA256
12aca21e8c72215b6f628e60888d2b6bbeba8d6e6f814b8a54d94f893c053973

SHA512
62ef79d32bf3100a021e1ec6072e34678fb8a79b10a3664984d06999744303d4861c6fa56e59fa81504fc81956e52bee1dc15626148b65d147e46e940047fb01

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
026de7a1cdfc2b9eaeb3305ec0fab376

SHA1
fd6c1108ba7fa846b4f33f3db903437896fe5c81

SHA256
4f61d834abf8350be3041ae119f6d4eac635c3206a8f47c26af95c9a1e085ffa

SHA512
59ee0637155d3b934027638d3781b1b2bdf08aa15ded74b1f5cd39fb8bd287b008c91ec7c9fda034312398753bb3bd408652961d997cf7c69982ade7b526570e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab97C0.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\PartnerFile

Filesize
646KB

MD5
f609e719d46e21530ee972ebfb083393

SHA1
e5c0b8f5ada4034bd34831ded6fe8d06f6a9941e

SHA256
80cbec2da26291caa67309c161c288b99d4cbca16970bc37311ae309a065235d

SHA512
aaa01d9c7b3b0547826c8099998f0df5b86dbbc1d3a26d8787cea8e0c9af69a12df2d295098b5df1d4d30a9c14b6a01bd4d645957e073f580b4fff01409adf3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar987E.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\YB_1E577.tmp\BRAND_COMMON

Filesize
25.6MB

MD5
029f648eff2e627f79e67f4cbe600a4c

SHA1
daccf3b56f8381fbc46209a1083ff6fcd7e019b0

SHA256
60a386409430fdb330edaaded4fd611ef3598c9263521f516caa58e4b0cebcc6

SHA512
c7160587ed0c7c5331c483f5959c50b8582c07545183f789f928ba6c6565743a102f8afbbd645a074f25c218ce95c21e6b2d73ef9d182ba084aef52bb33a14c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\YB_1E577.tmp\brand_yandex

Filesize
1.8MB

MD5
15875781db4aa2cfc22342277bfd0fde

SHA1
33dab1129fe59a74ca3cf619eb658dc091369b68

SHA256
d68b20b086b29afef9cdd016b8b042b7a5e2ee5fdbcc6f2e99715933143ff1e9

SHA512
fee63f0b80c8d624dcbba5f8ad0cea17a9d6e030ee16f8b76df13d7c8419129c6ce6e1379b046a4406504d312943752fe513728092931cd193fde639aeefb732

Download Submit
C:\Users\Admin\AppData\Local\Temp\distrib_info

Filesize
362B

MD5
8a7ff64cc76ebbd63b6a34b5b5d091c1

SHA1
f9ba7ab07b41e9a1295be7960440d5c9f2acc8d4

SHA256
b763c05e817b80fe15f158ce9f6d2b6bb6ad3252e48de781700a0b15a190b013

SHA512
915d1c1ee2b0c0a080244e2808ebbb8a478c63a52b535b0726db48ffd042d8688e9bf236330f2eebbe85b47a69a884f1da2d630c8dc434a4a1beafa4326a63c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
16KB

MD5
2d190f1513048cc3e1bbaea2749e8bfa

SHA1
498fae181f101beecd18e98ad0e7ce7ef6af4326

SHA256
2509ab41b248d05ba7bb6d67ee5f694f844c0bf3fe66e3143b6df0fa76828c6a

SHA512
eddc056807164339c55c49dc26767979042df6a3e347ff5fe1ac3e17e0ab6268558d7018f1037f585ede9866e2a9754525c5d12b708a6554b84985f0b774d321

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
9KB

MD5
46e1713c5f5c2ef29cc0a7f978915db4

SHA1
1dea5c8f0fd8b52e1fea848991a941e2a38027d5

SHA256
f034105d21e4fad3fb4cd13132c1b679edbe66a253f78fe5580b9032be0b250e

SHA512
508a6f4c7529f8a16d81ff63884e87403ea539f988955dfe62021f6a2f5d0c57c62bf9e8c4c454aa1b7a50380c41843e0a5b45a2e8c1305d21d16f0a84899bd0

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
16KB

MD5
94834b18e3202d86aac74a0d730974c3

SHA1
1bdb0c0b2cd53b93a0fe4acb2541c98336e67930

SHA256
61dfcacfc16df70b8a703f06794f84405293e8592de9dba8a68a0dd44c381caa

SHA512
7f0caa59562904d86ce8178c5e3a6682a02f1938d5580dde5a9197be00a7ded282929320041952aef19c13610bad5111ac247e660edd459cc77467f7f59ed08b

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
40KB

MD5
4ae01095d45e01c74ebe7d69a84bc51b

SHA1
41bf7f479b86a13a0a2d63ab444aaea7a4bbaf45

SHA256
0a49487015fa71f34ad0a5ed5d3250ffa231d6109c86acb36c9b21ce9bef102f

SHA512
8791457518fddfce3ba6180a365c15cd90bbe824cc824d458f3bceec30613dbd84bd3bc0c9bcb62f4650a0a72ac778bdc13acdd8eb24785f598a6a279c429353

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
40KB

MD5
6a665e7c6737bcfa18732217e7ec0cf7

SHA1
8c601ee9a886292ed903ebf1eafe13a9e973a7f0

SHA256
dffd9569e3547659c999eae1b25d794699c257981236c7ac0c26e77ff6ee015e

SHA512
ff48bfca999fa8ca46f55d26bde9c6e534b1ca25581337036a4ca65196184a02048c90eed5bb912221d835951f4b2faf73738b9b670ba9eab9086c66a1af05f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\master_preferences

Filesize
171KB

MD5
6dfb34c0dcac0b7afaca232bbd0a48ae

SHA1
49071399cbe6c79faa1c8e2b907711ad9fe8f28c

SHA256
b28f385ecd781fa31d0631c46f406a96458e2e4124411c7ad3805a90335e9bb7

SHA512
299a4ea5eba779ba5e7a8418d2676236bf750d51a7f2379a7c2825456139f53ebe1afa0da84c933c1c331fa22d6071ea5cbd2d18ec98f9a908762001889a049d

Download Submit
C:\Users\Admin\AppData\Local\Temp\yandex_browser_installer.log

Filesize
4KB

MD5
ef6167487506ebd8bd9e2c423d09962e

SHA1
2deb73b1b4243eb701677a2e808879e8854600d6

SHA256
ea4cedb39a2735dfb32dc3da47c583b93c7f7dfc317fd0a47e7b0447fd2bf20b

SHA512
ddddc7194c130a19f4d523dc245def5dee86f6c5ad993124b60e1d38e8321d9c78f4bc9dd9156eed590e78c60fce10fd3baa2c794852d29c84a9ab229ad01041

Download Submit
C:\Users\Admin\AppData\Local\Temp\yandex_browser_updater.log

Filesize
5KB

MD5
110de24c94504e3a4c6eb0058ed364a9

SHA1
89891861866715bbb494a469de561933c9da93b8

SHA256
778adb3109f08eda5dbacf1a7cc9922c57a12f827395a05ed8b9a6eb306911cc

SHA512
b8fac7b2cc8e6382363e27fbaedb8494c94f92aa1cb34652fcc72fc5aecebe8d3a46cb81f9a20e8ab6d4f3b37145601237828d5777a372d1cdeea5381bb68054

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe

Filesize
615KB

MD5
7eac404e89b37ba4aa20d441ee8f1f90

SHA1
544600812448c45e880ddab40b03e28a413ff3c6

SHA256
615561923960480b0a4951a758be36cfd859199205a2adc13d5940b8bde44de9

SHA512
eb29037fd9b5465cb70dac2478a7b42ee3287f5c539016ee3badd95fa3977565899e6a5eecd731c8e0ad315e22a079a0d610b4b5d5e918d4c7255c3a5b6e1bf6

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.lnk

Filesize
1KB

MD5
6c08427a001c0db09d5eee596d2f6747

SHA1
4dc1308e565b8723d3bc2890f458b80b2233ddeb

SHA256
d9c9b20aff4e474b1dde74612ddc5dd9c29dacfa091f8e5c01e92236597cdfd7

SHA512
8ed567814b14de3f7787de436a07fa998ede53aa9f02b8cafb891b756bfa359dcc1f4f34a16d641c34d0552495c5e8fc634d816b32f965a5df392c547948fecd

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YaPin\yandex.website

Filesize
488B

MD5
2baf611b1b6876e6c393054aa8c46a0a

SHA1
3d26e532d5b37939b51884bfb53732070c4dca9a

SHA256
5f7570144541408b41c15373bb8870e7bde53ad3c5413e2f6000e6f0e449b853

SHA512
1a0dc02bdd53e1bd49b2a72b10828463f5c8bed8a17b8498eb4ae939a40dfd8bcaeba1feac1190f5595b4da245a7aa0e4507724ef9fb74172b29581e885cd563

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.7.1.1030\brand_config

Filesize
8KB

MD5
c64949ff239a0a9beb4114a1b27e0d81

SHA1
94983a5b27544b3b5f8c7c265816feb7c248b835

SHA256
4d944422a8ad8e97d23f0a1d17acce76115831a6bf5e1e7466da919104d4ba92

SHA512
2e50c4888012373ccbd7d81d936e322a2131e4f66e5f6e8fcb869b7c85eff23c463510550a4b0f895ba6df6a7b00db5ddc153fcca5cc04c820485e427ab85ebd

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.7.1.1030\partner_config

Filesize
692B

MD5
807c3202f4ee1c6e7c2c34e7ee224e6d

SHA1
0df6a74ea5677b26f52ac9b06643f47afb4015d6

SHA256
9fe5e97cd8eeafccf0ce63e997c8a5ff37998308dd7c57f1fe5b319b3c3b1ff1

SHA512
6467b26a30684252ec4a8c5fe39a614c68fec396204890f467522cf21cc38f6e1e3a66f8223cf0f0f33f75f2ba8564d2c75f4f6ac16530cd16743c4dfd28bde5

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\Temp\chrome_Unpacker_BeginUnzipping2356_951984209\manifest.json

Filesize
984B

MD5
0359d5b66d73a97ce5dc9f89ed84c458

SHA1
ce17e52eaac909dd63d16d93410de675d3e6ec0d

SHA256
beeab2f8d3833839399dde15ce9085c17b304445577d21333e883d6db6d0b755

SHA512
8fd94a098a4ab5c0fcd48c2cef2bb03328dd4d25c899bf5ed1ca561347d74a8aab8a214ba2d3180a86df72c52eb26987a44631d0ecd9edc84976c28d6c9dc16a

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\YandexDictionaries\ru.bdic

Filesize
4.5MB

MD5
ac3768f0462853d08df284e67c7c4ebd

SHA1
732581ac6f2e02246696817adc53d2e2e5d0dcb5

SHA256
af2bcc135f974aad505a8f55296117dbf4cbc095931e22f424698b181d273656

SHA512
27d558deffeeefe1198aebdf65a3fef0b0f3d6b6c4177d03ff32b0363f0a2fb1b7ff6454f45dd3254427cec9174b03181c50bc51dba212e6ab0114a6e72bcf96

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

Filesize
3.8MB

MD5
c93e65a71b9f191f2e64fb5fc1d99441

SHA1
c527616d8bf2b30b37ed89a3fb7d1da68e8a72ee

SHA256
fa5ec822987d5eabceaf880839e34736fa1b4c0e5085e96fc1cd1588b9084066

SHA512
77628258bde4603ba9e35dc70fc5d065cff09da166a08169d7f91d8eec3a0d2501d72fe54885cf96bf3bbdd037bd10816f411b6a3ca3ba10b9cb20cbeca21e3f

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\install_state.json

Filesize
1KB

MD5
f77ab1719f290380fe1481d7629044db

SHA1
6d662635641b3ddcf39abaee7c3e3e93d6c6dcb0

SHA256
89f0b0a54e08c5e082efd2368a01fe2023088ed38f84e96ad4624696c156716d

SHA512
87aa9f8aab201da9a7edbab658c141871a1129ab448978194ada741921d0203fc2daa02e2ff3b099fca44a152593541e033542d70a6f1fe25220937fea4fa7fe

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1030\resources\configs\all_zip

Filesize
650KB

MD5
849cc75f9772e37306aaf9980b7b33ba

SHA1
c784d80bfef09853850960a37b330f93427fda7d

SHA256
7dc09ee9fcb4ef4fdbb718fdcd7fa93982897ea812073defb234ad2df96475e9

SHA512
61a2d951a445dba6b72045c7675f19f4010a08a6fb217ee7239dd88186d81be0323243fb7921f57de33d76a485625dfe72dac844c7cc6b3922a5fd092b990c49

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1030\resources\wallpapers\sea_preview.jpg

Filesize
59KB

MD5
53ba159f3391558f90f88816c34eacc3

SHA1
0669f66168a43f35c2c6a686ce1415508318574d

SHA256
f60c331f1336b891a44aeff7cc3429c5c6014007028ad81cca53441c5c6b293e

SHA512
94c82f78df95061bcfa5a3c7b6b7bf0b9fb90e33ea3e034f4620836309fb915186da929b0c38aa3d835e60ea632fafd683623f44c41e72a879baf19de9561179

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1030\resources\wallpapers\sea_static.jpg

Filesize
300KB

MD5
5e1d673daa7286af82eb4946047fe465

SHA1
02370e69f2a43562f367aa543e23c2750df3f001

SHA256
1605169330d8052d726500a2605da63b30613ac743a7fbfb04e503a4056c4e8a

SHA512
03f4abc1eb45a66ff3dcbb5618307867a85f7c5d941444c2c1e83163752d4863c5fc06a92831b88c66435e689cdfccdc226472be3fdef6d9cb921871156a0828

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\172b805b-6e84-4ed3-8028-ae221d1bddc4.tmp

Filesize
191KB

MD5
1589d61ac70e7faa46f3029221421c43

SHA1
cffc19824ba944253827b06dfc8210050aac1334

SHA256
12ead2e0793016a80b833e10d388f367576d139f131aad3929a9cf668da3ad3a

SHA512
db0f301d9b9b9cb034f5ec72c525536dd558f7fde16d9bf520877ae888ffb9d1cbe608d540feb354df57f483588ca51513cdb0c32a3340f10ddc460e61a085ce

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad\settings.dat

Filesize
48B

MD5
c707a4e4297a19a51aeb3dd98676fbce

SHA1
deedd28605f4a4a0016577dc51ede4e2c481d040

SHA256
13c7b2c63abc2129c46f4057e85d7fe72635631d1c70fbd0fd32f724b9a5d4a6

SHA512
ec8a229fa483ce2c5bed396b3f3f7ac76e9bda28cbf58e73ecf6c22a1419b22ab9e22cb02fd073463b51c1a5e008110f61f89733dde2e21509ce725b22d2dbbf

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\1cf98ca6-9c39-4975-b6f5-9d61a5d7c706.tmp

Filesize
15KB

MD5
d644bc4e84bc382790ef4d9721aaf135

SHA1
e322f3cad5c43e432a1eb10c886abd019e361e49

SHA256
4807ce3d717ad0280bd3517512a59c49a01e0eea893b0c5764e9a30bdb969af8

SHA512
bdc74fb453b7faec40f7c802e754ab6939c6d5c447a0f1ed244a1a4e0a54237032258aa2bc0d8bb8cf4e47f7ab38e2fb8668844031b0c1eacc2eaae25a18efe8

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\3e884ec7-713b-4331-92ee-c7bfcd1c89ae.tmp

Filesize
10KB

MD5
b54312eb0d10ecd00da9342faaa342d6

SHA1
3d9a00604cf3655b52a5b791fe7a94c06db94da1

SHA256
3ab2ff97cd1a938e3b7778adf516b554a902f397baec2ff180cc0efc5e761d51

SHA512
b174cd9dc0015858cde521b46cc8347b759b0029475a70ea164b40ae50dfb74ae3801af69264583fa6d85152ff7cf9ddef0948b45073e8ca5377b04e70fdd91c

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Cache\Cache_Data\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\DawnGraphiteCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\DawnGraphiteCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Extension Rules\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8545afec70f70f4c0c7565748ce0a05d

SHA1
71c2b2069e19c8b5efc5649ca3ffa09a6e1be75c

SHA256
091f58830cb01bbc7cef28cbbb4b5f9cdc99aa9e058a1379d1ef5e9900f5e338

SHA512
8b2833e0d5cc3291d0cfbd6adbad9f111b3418e29a28650ef49861b396099a0f808b22d2542d4b14be448924b8e29717d2b8e699efef6a5c05cd97c003ba6b63

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2b3f5586d7dedde449e9ca714dedc36d

SHA1
9ad2f90219e8b6cd6f295c7e8c28f039bd4a4097

SHA256
9410b0219274b27e997df0e1f8a5c2f0b2787127b04a006446750527cd73a41a

SHA512
a92739b406f197aa098747dbb980f69fdcdd9ffaa4e353dc1086007ff9eef8437ac5df8b18540ffe18522befa666326511dc74f085fd0353cd63c5ab03f9a4f5

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6c9cb0e4cf1868cfc7c831010f643bec

SHA1
daca1d2b16460fbe908c67dacf0be48706d91ef2

SHA256
a1248ebc61ad7f0da8f04ce81afe0a4d889080d2b550d323cb2db82de12758cc

SHA512
c1336201510cf18ee976285b0d6664b3fcc9fc195b794ce75cfd66dd2cc7486c23365ef6ebc35342bf246b010a6a6732758c7955509b5c6827d5dd8eec8f843d

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

Filesize
7KB

MD5
77dafab9375dc0bf80511d0c1e6637a7

SHA1
a00db9883bc1b1043c1021781fc55ce396f14031

SHA256
16405ec8325fb970fa9c1983fd80e7bdf1ae2b4fdea6aa6004a07257d8be8533

SHA512
d8683d96fd5c356c40242f88edeb1d616c9b4d07cf992c72e994e296d7b6164e20cab135eb7c41ff986f8574b57ac51b75246a4ddbf6ebd92e6f0c2af49dab2b

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

Filesize
10KB

MD5
f572f21afb1d7a254bed7f114185590c

SHA1
7ef002f7279e4429d0786820877494b990716d4a

SHA256
c07b8934634ee861aa419505443a236e80ad5dc4204458b150bbf2580bada808

SHA512
565c180438e0b20577beba1d747b939f2a7e3598d76e8134923776013918c0256de1b2805c5d84c4ee864ee7839a3cd7bb59bc34a3547ab33cbb69a9723db5ec

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Site Characteristics Database\000002.dbtmp

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Sync Data\LevelDB\CURRENT~RFf77fd52.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\53decd1e-29b4-4b50-ba61-8de68a3332b3\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Wallpapers\store\picture-13368438309898200

Filesize
536KB

MD5
3bf3da7f6d26223edf5567ee9343cd57

SHA1
50b8deaf89c88e23ef59edbb972c233df53498a2

SHA256
2e6f376222299f8142ff330e457867bad3300b21d96daec53579bf011629b896

SHA512
fef8e951c6cf5cec82dbeafd306de3ad46fd0d90e3f41dcea2a6046c95ab1ae39bf8a6e4a696580246c11330d712d4e6e8757ba24bbf180eec1e98a4aec1583b

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Wallpapers\store\preview-13368438309898200

Filesize
5KB

MD5
9f6a43a5a7a5c4c7c7f9768249cbcb63

SHA1
36043c3244d9f76f27d2ff2d4c91c20b35e4452a

SHA256
add61971c87104187ae89e50cec62a196d6f8908315e85e76e16983539fba04b

SHA512
56d7bd72c8a380099309c36912513bcafbe1970830b000a1b89256aae20137c88e1e281f2455bb381ab120d682d6853d1ef05d8c57dd68a81a24b7a2a8d61387

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\bcadigmkecmhhknameopgaidphameinh\Icons\16.png

Filesize
699B

MD5
238b0e7dc06028db4b6aba8078740ffb

SHA1
5fd2309587993b371beabb7a9d039e0dba3006ba

SHA256
d159e510392f6da58c4d15cc098171d45c7b02a1362cbf7be7a2d47a1a10e7fc

SHA512
1dda4de21be647067c04dfc47174df39d0c6c1eeee3e9005211f908351b69d6a27ed268b5ec7480285fb203a95136a3a205f7bafb7eb5223a3dcbab0dadc0e5d

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\bcadigmkecmhhknameopgaidphameinh\Icons\48.png

Filesize
2KB

MD5
7cf35c8c1a7bd815f6beea2ef9a5a258

SHA1
758f98bfed64e09e0cc52192827836f9e1252fd1

SHA256
67c320fa485a8094fc91cd3fcd59a7c75d2474e3046a7eb274b01863257fbe01

SHA512
0bbebde654c9f44cf56b74fc1a9525b62c88724ec80658efede3cbb370c3a6d4f3e78df459bbd0559a51838f4a172bdfcd370bd5477038309024b77cd69f2a15

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\e88c9d4b-7c61-47d1-a791-4843a4ecf464.tmp

Filesize
38KB

MD5
4ae2a57c057ca6cca72e5c5d514dbdd1

SHA1
47ddad88d8a7dbbaa75b60f29d87f13de304ee71

SHA256
e92a58e520acb6c0639b960946c763e2cfbd5fdb24dcb80e45ee64c39eebbb72

SHA512
a5d007069555bcc91acd18f6296d065f4bdbd3a3a7773b95f175609944ec99c7b015075ae16ccbc608093816eb4c00c92038119937cb0b0fef0feceba95fc064

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\fa55bdb1-f03b-4a65-ae7a-76df4b87ab5c.tmp

Filesize
160KB

MD5
54497ce2271deb0e673ec048b44da343

SHA1
5f886314234b7aa6a4da5efc937a9d63ed007727

SHA256
3dcf052bb8050fa32f28873bb665f63f457799cb9a92549fb2dbea94014f929b

SHA512
d0d77d763b1b12c1b9d7a9a3f2aee4640ed5fb10d828b7c3c2cb051504c2b7b6438309124b934b346a4152c0aca009883d6bda42dc997188b8ca2736ac3419c9

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\component_crx_cache\oimompecagnajdejgnnjijobebaeigek_1.2903aec9f77378fa19280af8ff89294fb9ce2caf8e0092c69e19973c0a9cc6fe

Filesize
13.5MB

MD5
5d9ad58399fbef9be94190d149c2f863

SHA1
45f3674f0425d58d9ffc5d9001ff6754f357543c

SHA256
2903aec9f77378fa19280af8ff89294fb9ce2caf8e0092c69e19973c0a9cc6fe

SHA512
9a9532cce2de086d5934235d21d27b8a0863ae902a81151a728364aebe044faef5e5805d64efe68d67a5a5aaf408f74954d08f10c6a011dc9ea82c629339d3b0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex.lnk

Filesize
2KB

MD5
2d576390f321539942e9e0748eb1c67e

SHA1
15079da4007ab2c4ad0b7a1104b6ff94ec83ab09

SHA256
2fcbcecedb9fb6ccd04028e4ee91ad5746c9941df766361ddb7c72f6807b73bd

SHA512
0c44ba7a22e6b86eaf6b23ad5cf4fed7f17f6c22a91fc1ab2ecdb00f8cb9506b1f0ada768062dd9369cc6f709672913fe6ae404eeda62272115411a26e261c3c

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
cea6f5ff23c3b01686f2ca5930af9df6

SHA1
4b6cef34ef905fb20c297591eff8563b9cf74a7d

SHA256
33ba9d8973c4d91296e351bb78fe345256c7b1b762c361ab0f9b974f68a62604

SHA512
43fa025d547803f433aef5abf1b6c7cebfe68fad3f4566961e4ea3650dd6032c89290e8efd6785b3115a4332ad6f89e72fff2412605e7a137c09144a9280eb7b

Download Submit
\Users\Admin\AppData\Local\Temp\YB_1E577.tmp\setup.exe

Filesize
3.9MB

MD5
e3e9c5e3744543d4e8ee0d048c0d2644

SHA1
f9fa67357d8358520d0ff0d2efaf359d2a683324

SHA256
42b10a2ba3570330ab5f7ce9b7c6348771fff576c857c6e24b3647ab01ece760

SHA512
dacd65df09c9d1949486f477a0c88e1665a338d044a7271e089722b181b8ff8f4a868aa190beda318e44b0205211c7652dc13498a9da0615b893317b4747e211

Download Submit
\Windows\Temp\sdwra_840_2051206545\service_update.exe

Filesize
2.3MB

MD5
e48068b2bbd922a2038b1954a52c6eab

SHA1
f1c18c37e26003969adb8e0d271a6797a92e194c

SHA256
da3bcf9de331db50c62cbcee5147653c7c2f87fa31df1463c5828bab4da7d555

SHA512
c612f98d2203adc83fff9b23013b0a7b0a16f253a33094b0ee9542b4e40ec4b3dd8471c14669a5c7a89124918e0466e918e31ae8609cea86c5abdc01dcde179a

Download Submit
memory/840-1439-0x00000000008B0000-0x00000000008B2000-memory.dmp

Filesize
8KB

Download
memory/2336-2932-0x0000000001B20000-0x0000000002B20000-memory.dmp

Filesize
16.0MB

Download
memory/2356-1544-0x0000000002850000-0x0000000003850000-memory.dmp

Filesize
16.0MB

Download
memory/2592-1595-0x0000000000E40000-0x0000000000E41000-memory.dmp

Filesize
4KB

Download
memory/2832-2502-0x0000000006C40000-0x0000000006C41000-memory.dmp

Filesize
4KB

Download
memory/2832-2503-0x0000000006C50000-0x0000000007265000-memory.dmp

Filesize
6.1MB

Download
memory/2832-2504-0x0000000006C50000-0x0000000007265000-memory.dmp

Filesize
6.1MB

Download
memory/2832-2505-0x0000000006C50000-0x0000000007265000-memory.dmp

Filesize
6.1MB

Download
memory/2832-2506-0x0000000007270000-0x0000000007271000-memory.dmp

Filesize
4KB

Download
memory/3124-3088-0x0000000002B20000-0x0000000003B20000-memory.dmp

Filesize
16.0MB

Download